Home Explore Help
Register Sign In
xbase
/
raft
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 7241d088e2
Branches Tags
raft
/
server.go

server.go 36 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307 
  1. package raft
    2. 

  2. 

  3. import (
    4. 

  4. 	"encoding/json"
    5. 

  5. 	"errors"
    6. 

  6. 	"fmt"
    7. 

  7. 	"io"
    8. 

  8. 	"net"
    9. 

  9. 	"net/http"
    10. 

  10. 	"sort"
    11. 

  11. 	"strings"
    12. 

  12. 	"sync"
    13. 

  13. 	"time"
    14. 

  14. 

  15. 	"igit.com/xbase/raft/db"
    16. 

  16. )
    17. 

  17. 

  18. // KVServer wraps Raft to provide a distributed key-value store
    19. 

  19. type KVServer struct {
    20. 

  20. 	Raft       *Raft
    21. 

  21. 	DB         *db.Engine
    22. 

  22. 	CLI        *CLI
    23. 

  23. 	AuthManager *AuthManager
    24. 

  24. 	Watcher    *WebHookWatcher
    25. 

  25. 	httpServer *http.Server
    26. 

  26. 	stopCh     chan struct{}
    27. 

  27. 	wg         sync.WaitGroup
    28. 

  28. 	stopOnce   sync.Once
    29. 

  29. 	// leavingNodes tracks nodes that are currently being removed
    30. 

  30. 	// to prevent auto-rejoin/discovery logic from interfering
    31. 

  31. 	leavingNodes sync.Map
    32. 

  32. 	
    33. 

  33. 	// Pending requests for synchronous operations (Read-Your-Writes)
    34. 

  34. 	pendingRequests map[uint64]chan error
    35. 

  35. 	pendingMu       sync.Mutex
    36. 

  36. }
    37. 

  37. 

  38. // NewKVServer creates a new KV server
    39. 

  39. func NewKVServer(config *Config) (*KVServer, error) {
    40. 

  40. 	// Initialize DB Engine
    41. 

  41. 	// Use a subdirectory for DB to avoid conflict with Raft logs if they share DataDir
    42. 

  42. 	dbPath := config.DataDir + "/kv_engine"
    43. 

  43. 	engine, err := db.NewEngine(dbPath)
    44. 

  44. 	if err != nil {
    45. 

  45. 		return nil, fmt.Errorf("failed to create db engine: %w", err)
    46. 

  46. 	}
    47. 

  47. 

  48. 	// Initialize LastAppliedIndex from DB to prevent re-applying entries
    49. 

  49. 	config.LastAppliedIndex = engine.GetLastAppliedIndex()
    50. 

  50. 

  51. 	// Create stop channel early for use in callbacks
    52. 

  52. 	stopCh := make(chan struct{})
    53. 

  53. 

  54. 	// Configure snapshot provider
    55. 

  55. 	config.SnapshotProvider = func(minIncludeIndex uint64) ([]byte, error) {
    56. 

  56. 		// Wait for DB to catch up to the requested index
    57. 

  57. 		// This is critical for data integrity during compaction
    58. 

  58. 		for engine.GetLastAppliedIndex() < minIncludeIndex {
    59. 

  59. 			select {
    60. 

  60. 			case <-stopCh:
    61. 

  61. 				return nil, fmt.Errorf("server stopping")
    62. 

  62. 			default:
    63. 

  63. 				time.Sleep(10 * time.Millisecond)
    64. 

  64. 			}
    65. 

  65. 		}
    66. 

  66. 

  67. 		// Force sync to disk to ensure data durability before compaction
    68. 

  68. 		// This prevents data loss if Raft logs are compacted but DB data is only in OS cache
    69. 

  69. 		if err := engine.Sync(); err != nil {
    70. 

  70. 			return nil, fmt.Errorf("failed to sync engine before snapshot: %w", err)
    71. 

  71. 		}
    72. 

  72. 

  73. 		return engine.Snapshot()
    74. 

  74. 	}
    75. 

  75. 

  76. 	// Configure get handler for remote reads
    77. 

  77. 	config.GetHandler = func(key string) (string, bool) {
    78. 

  78. 		return engine.Get(key)
    79. 

  79. 	}
    80. 

  80. 

  81. 	applyCh := make(chan ApplyMsg, 1000) // Increase buffer for async processing
    82. 

  82. 	transport := NewTCPTransport(config.ListenAddr, 10, config.Logger)
    83. 

  83. 

  84. 	// Initialize WebHookWatcher
    85. 

  85. 	// 5 workers, 3 retries
    86. 

  86. 	watcher := NewWebHookWatcher(5, 3, config.Logger)
    87. 

  87. 

  88. 	r, err := NewRaft(config, transport, applyCh)
    89. 

  89. 	if err != nil {
    90. 

  90. 		engine.Close()
    91. 

  91. 		return nil, err
    92. 

  92. 	}
    93. 

  93. 

  94. 	s := &KVServer{
    95. 

  95. 		Raft:            r,
    96. 

  96. 		DB:              engine,
    97. 

  97. 		CLI:             nil,
    98. 

  98. 		AuthManager:     nil, // initialized below
    99. 

  99. 		Watcher:         watcher,
    100. 

  100. 		stopCh:          stopCh,
    101. 

  101. 		pendingRequests: make(map[uint64]chan error),
    102. 

  102. 	}
    103. 

  103. 

  104. 	// Initialize AuthManager
    105. 

  105. 	s.AuthManager = NewAuthManager(s)
    106. 

  106. 	// Load Auth Data from DB (if any)
    107. 

  107. 	if err := s.AuthManager.LoadFromDB(); err != nil {
    108. 

  108. 		s.Raft.config.Logger.Warn("Failed to load auth data from DB: %v", err)
    109. 

  109. 	}
    110. 

  110. 

  111. 	// Initialize CLI
    112. 

  112. 	s.CLI = NewCLI(s)
    113. 

  113. 

  114. 	// Start applying entries
    115. 

  115. 	go s.runApplyLoop(applyCh)
    116. 

  116. 

  117. 	// Start background maintenance loop
    118. 

  118. 	s.wg.Add(1)
    119. 

  119. 	go s.maintenanceLoop()
    120. 

  120. 

  121. 	return s, nil
    122. 

  122. }
    123. 

  123. 

  124. func (s *KVServer) Start() error {
    125. 

  125. 	// Start CLI if enabled
    126. 

  126. 	if s.Raft.config.EnableCLI {
    127. 

  127. 		go s.CLI.Start()
    128. 

  128. 	}
    129. 

  129. 

  130. 	// Start HTTP Server if configured
    131. 

  131. 	if s.Raft.config.HTTPAddr != "" {
    132. 

  132. 		if err := s.startHTTPServer(s.Raft.config.HTTPAddr); err != nil {
    133. 

  133. 			s.Raft.config.Logger.Warn("Failed to start HTTP server: %v", err)
    134. 

  134. 		}
    135. 

  135. 	}
    136. 

  136. 	
    137. 

  137. 	// Start TCP Server (Hardcoded offset +10 for demo or config?)
    138. 

  138. 	// User didn't add TCPPort to config, so let's derive it or just fix it.
    139. 

  139. 	// For demo, if ListenAddr is 127.0.0.1:9001, we try 9011.
    140. 

  140. 	host, port, _ := net.SplitHostPort(s.Raft.config.ListenAddr)
    141. 

  141. 	if port == "9001" {
    142. 

  142. 		tcpAddr := fmt.Sprintf("%s:%s", host, "9011")
    143. 

  143. 		if err := s.StartTCPServer(tcpAddr); err != nil {
    144. 

  144. 			s.Raft.config.Logger.Warn("Failed to start TCP server: %v", err)
    145. 

  145. 		}
    146. 

  146. 	} else if port == "9002" {
    147. 

  147. 		tcpAddr := fmt.Sprintf("%s:%s", host, "9012")
    148. 

  148. 		s.StartTCPServer(tcpAddr)
    149. 

  149. 	} else {
    150. 

  150. 		// Fallback or ignore for other nodes in demo
    151. 

  151. 	}
    152. 

  152. 

  153. 	return s.Raft.Start()
    154. 

  154. }
    155. 

  155. 

  156. func (s *KVServer) Stop() error {
    157. 

  157. 	var err error
    158. 

  158. 	s.stopOnce.Do(func() {
    159. 

  159. 		// Stop maintenance loop
    160. 

  160. 		if s.stopCh != nil {
    161. 

  161. 			close(s.stopCh)
    162. 

  162. 			s.wg.Wait()
    163. 

  163. 		}
    164. 

  164. 		// Stop Watcher
    165. 

  165. 		if s.Watcher != nil {
    166. 

  166. 			s.Watcher.Stop()
    167. 

  167. 		}
    168. 

  168. 		// Stop HTTP Server
    169. 

  169. 		if s.httpServer != nil {
    170. 

  170. 			s.httpServer.Close()
    171. 

  171. 		}
    172. 

  172. 		// Stop Raft first
    173. 

  173. 		if errRaft := s.Raft.Stop(); errRaft != nil {
    174. 

  174. 			err = errRaft
    175. 

  175. 		}
    176. 

  176. 		// Close DB
    177. 

  177. 		if s.DB != nil {
    178. 

  178. 			if errDB := s.DB.Close(); errDB != nil {
    179. 

  179. 				// Combine errors if both fail
    180. 

  180. 				if err != nil {
    181. 

  181. 					err = fmt.Errorf("raft stop error: %v, db close error: %v", err, errDB)
    182. 

  182. 				} else {
    183. 

  183. 					err = errDB
    184. 

  184. 				}
    185. 

  185. 			}
    186. 

  186. 		}
    187. 

  187. 	})
    188. 

  188. 	return err
    189. 

  189. }
    190. 

  190. 

  191. func (s *KVServer) runApplyLoop(applyCh chan ApplyMsg) {
    192. 

  192. 	for msg := range applyCh {
    193. 

  193. 		if msg.CommandValid {
    194. 

  194. 			// Optimization: Skip if already applied
    195. 

  195. 			// We check this here to avoid unmarshalling and locking DB for known duplicates
    196. 

  196. 			if msg.CommandIndex <= s.DB.GetLastAppliedIndex() {
    197. 

  197. 				// Even if duplicate, we might have someone waiting for it if they just proposed it
    198. 

  198. 				// but this is unlikely for duplicates.
    199. 

  199. 				// However, notify waiters just in case.
    200. 

  200. 				s.notifyPending(msg.CommandIndex, nil)
    201. 

  201. 				continue
    202. 

  202. 			}
    203. 

  203. 

  204. 			var cmd KVCommand
    205. 

  205. 			if err := json.Unmarshal(msg.Command, &cmd); err != nil {
    206. 

  206. 				s.Raft.config.Logger.Error("Failed to unmarshal command: %v", err)
    207. 

  207. 				s.notifyPending(msg.CommandIndex, err)
    208. 

  208. 				continue
    209. 

  209. 			}
    210. 

  210. 

  211. 			var err error
    212. 

  212. 			switch cmd.Type {
    213. 

  213. 			case KVSet:
    214. 

  214. 				// Update Auth Cache for system keys
    215. 

  215. 				// This includes AuthLockPrefix now
    216. 

  216. 				if strings.HasPrefix(cmd.Key, SystemKeyPrefix) {
    217. 

  217. 					s.AuthManager.UpdateCache(cmd.Key, cmd.Value, false)
    218. 

  218. 				}
    219. 

  219. 				
    220. 

  220. 				err = s.DB.Set(cmd.Key, cmd.Value, msg.CommandIndex)
    221. 

  221. 				if err == nil {
    222. 

  222. 					s.Watcher.Notify(cmd.Key, cmd.Value, KVSet)
    223. 

  223. 				}
    224. 

  224. 			case KVDel:
    225. 

  225. 				// Update Auth Cache for system keys
    226. 

  226. 				if strings.HasPrefix(cmd.Key, SystemKeyPrefix) {
    227. 

  227. 					s.AuthManager.UpdateCache(cmd.Key, "", true)
    228. 

  228. 				}
    229. 

  229. 

  230. 				err = s.DB.Delete(cmd.Key, msg.CommandIndex)
    231. 

  231. 				if err == nil {
    232. 

  232. 					s.Watcher.Notify(cmd.Key, "", KVDel)
    233. 

  233. 				}
    234. 

  234. 			default:
    235. 

  235. 				s.Raft.config.Logger.Error("Unknown command type: %d", cmd.Type)
    236. 

  236. 			}
    237. 

  237. 

  238. 			if err != nil {
    239. 

  239. 				s.Raft.config.Logger.Error("DB Apply failed: %v", err)
    240. 

  240. 			}
    241. 

  241. 			
    242. 

  242. 			// Notify anyone waiting for this index
    243. 

  243. 			s.notifyPending(msg.CommandIndex, err)
    244. 

  244. 

  245. 		} else if msg.SnapshotValid {
    246. 

  246. 			if err := s.DB.Restore(msg.Snapshot); err != nil {
    247. 

  247. 				s.Raft.config.Logger.Error("DB Restore failed: %v", err)
    248. 

  248. 			}
    249. 

  249. 		}
    250. 

  250. 	}
    251. 

  251. }
    252. 

  252. 

  253. // notifyPending notifies any waiting requests for the given index
    254. 

  254. func (s *KVServer) notifyPending(index uint64, err error) {
    255. 

  255. 	s.pendingMu.Lock()
    256. 

  256. 	defer s.pendingMu.Unlock()
    257. 

  257. 	
    258. 

  258. 	if ch, ok := s.pendingRequests[index]; ok {
    259. 

  259. 		// Non-blocking send in case listener is gone (buffered channel recommended)
    260. 

  260. 		select {
    261. 

  261. 		case ch <- err:
    262. 

  262. 		default:
    263. 

  263. 		}
    264. 

  264. 		close(ch)
    265. 

  265. 		delete(s.pendingRequests, index)
    266. 

  266. 	}
    267. 

  267. }
    268. 

  268. 

  269. // SetAuthenticatedAsync sets a key-value pair asynchronously with permission check
    270. 

  270. func (s *KVServer) SetAuthenticatedAsync(key, value, token string) error {
    271. 

  271. 	if err := s.AuthManager.CheckPermission(token, key, ActionWrite, value); err != nil {
    272. 

  272. 		return err
    273. 

  273. 	}
    274. 

  274. 	return s.Set(key, value)
    275. 

  275. }
    276. 

  276. 

  277. // SetAuthenticated sets a key-value pair with permission check
    278. 

  278. func (s *KVServer) SetAuthenticated(key, value, token string) error {
    279. 

  279. 	if err := s.AuthManager.CheckPermission(token, key, ActionWrite, value); err != nil {
    280. 

  280. 		return err
    281. 

  281. 	}
    282. 

  282. 	// Use SetSync for consistency in CLI/API
    283. 

  283. 	return s.SetSync(key, value)
    284. 

  284. }
    285. 

  285. 

  286. // DelAuthenticated deletes a key with permission check
    287. 

  287. func (s *KVServer) DelAuthenticated(key, token string) error {
    288. 

  288. 	if err := s.AuthManager.CheckPermission(token, key, ActionWrite, ""); err != nil {
    289. 

  289. 		return err
    290. 

  290. 	}
    291. 

  291. 	// Use SetSync (via Del which should be updated or create DelSync)
    292. 

  292. 	// For simplicity, we implement DelSync logic here or update Del to be sync?
    293. 

  293. 	// Let's implement DelSync
    294. 

  294. 	return s.DelSync(key)
    295. 

  295. }
    296. 

  296. 

  297. // Set sets a key-value pair (Async - eventually consistent)
    298. 

  298. func (s *KVServer) Set(key, value string) error {
    299. 

  299. 	cmd := KVCommand{
    300. 

  300. 		Type:  KVSet,
    301. 

  301. 		Key:   key,
    302. 

  302. 		Value: value,
    303. 

  303. 	}
    304. 

  304. 	data, err := json.Marshal(cmd)
    305. 

  305. 	if err != nil {
    306. 

  306. 		return err
    307. 

  307. 	}
    308. 

  308. 

  309. 	_, _, err = s.Raft.ProposeWithForward(data)
    310. 

  310. 	return err
    311. 

  311. }
    312. 

  312. 

  313. // SetSync sets a key-value pair and waits for it to be applied (Read-Your-Writes)
    314. 

  314. func (s *KVServer) SetSync(key, value string) error {
    315. 

  315. 	cmd := KVCommand{
    316. 

  316. 		Type:  KVSet,
    317. 

  317. 		Key:   key,
    318. 

  318. 		Value: value,
    319. 

  319. 	}
    320. 

  320. 	data, err := json.Marshal(cmd)
    321. 

  321. 	if err != nil {
    322. 

  322. 		return err
    323. 

  323. 	}
    324. 

  324. 

  325. 	index, _, err := s.Raft.ProposeWithForward(data)
    326. 

  326. 	if err != nil {
    327. 

  327. 		return err
    328. 

  328. 	}
    329. 

  329. 

  330. 	// Wait for application
    331. 

  331. 	ch := make(chan error, 1)
    332. 

  332. 	s.pendingMu.Lock()
    333. 

  333. 	s.pendingRequests[index] = ch
    334. 

  334. 	s.pendingMu.Unlock()
    335. 

  335. 

  336. 	select {
    337. 

  337. 	case applyErr := <-ch:
    338. 

  338. 		return applyErr
    339. 

  339. 	case <-time.After(5 * time.Second):
    340. 

  340. 		s.pendingMu.Lock()
    341. 

  341. 		delete(s.pendingRequests, index)
    342. 

  342. 		s.pendingMu.Unlock()
    343. 

  343. 		return fmt.Errorf("timeout waiting for apply")
    344. 

  344. 	}
    345. 

  345. }
    346. 

  346. 

  347. // Del deletes a key (Async)
    348. 

  348. func (s *KVServer) Del(key string) error {
    349. 

  349. 	cmd := KVCommand{
    350. 

  350. 		Type: KVDel,
    351. 

  351. 		Key:  key,
    352. 

  352. 	}
    353. 

  353. 	data, err := json.Marshal(cmd)
    354. 

  354. 	if err != nil {
    355. 

  355. 		return err
    356. 

  356. 	}
    357. 

  357. 

  358. 	_, _, err = s.Raft.ProposeWithForward(data)
    359. 

  359. 	return err
    360. 

  360. }
    361. 

  361. 

  362. // DelSync deletes a key and waits for it to be applied
    363. 

  363. func (s *KVServer) DelSync(key string) error {
    364. 

  364. 	cmd := KVCommand{
    365. 

  365. 		Type: KVDel,
    366. 

  366. 		Key:  key,
    367. 

  367. 	}
    368. 

  368. 	data, err := json.Marshal(cmd)
    369. 

  369. 	if err != nil {
    370. 

  370. 		return err
    371. 

  371. 	}
    372. 

  372. 

  373. 	index, _, err := s.Raft.ProposeWithForward(data)
    374. 

  374. 	if err != nil {
    375. 

  375. 		return err
    376. 

  376. 	}
    377. 

  377. 

  378. 	// Wait for application
    379. 

  379. 	ch := make(chan error, 1)
    380. 

  380. 	s.pendingMu.Lock()
    381. 

  381. 	s.pendingRequests[index] = ch
    382. 

  382. 	s.pendingMu.Unlock()
    383. 

  383. 

  384. 	select {
    385. 

  385. 	case applyErr := <-ch:
    386. 

  386. 		return applyErr
    387. 

  387. 	case <-time.After(5 * time.Second):
    388. 

  388. 		s.pendingMu.Lock()
    389. 

  389. 		delete(s.pendingRequests, index)
    390. 

  390. 		s.pendingMu.Unlock()
    391. 

  391. 		return fmt.Errorf("timeout waiting for apply")
    392. 

  392. 	}
    393. 

  393. }
    394. 

  394. 

  395. // GetAuthenticated gets a value with permission check (local read)
    396. 

  396. func (s *KVServer) GetAuthenticated(key, token string) (string, bool, error) {
    397. 

  397. 	if err := s.AuthManager.CheckPermission(token, key, ActionRead, ""); err != nil {
    398. 

  398. 		return "", false, err
    399. 

  399. 	}
    400. 

  400. 	val, ok := s.Get(key)
    401. 

  401. 	return val, ok, nil
    402. 

  402. }
    403. 

  403. 

  404. // Get gets a value (local read, can be stale)
    405. 

  405. // For linearizable reads, use GetLinear instead
    406. 

  406. func (s *KVServer) Get(key string) (string, bool) {
    407. 

  407. 	return s.DB.Get(key)
    408. 

  408. }
    409. 

  409. 

  410. // GetLinearAuthenticated gets a value with linearizable consistency and permission check
    411. 

  411. func (s *KVServer) GetLinearAuthenticated(key, token string) (string, bool, error) {
    412. 

  412. 	if err := s.AuthManager.CheckPermission(token, key, ActionRead, ""); err != nil {
    413. 

  413. 		return "", false, err
    414. 

  414. 	}
    415. 

  415. 	return s.GetLinear(key)
    416. 

  416. }
    417. 

  417. 

  418. // Logout invalidates the current session
    419. 

  419. func (s *KVServer) Logout(token string) error {
    420. 

  420. 	return s.AuthManager.Logout(token)
    421. 

  421. }
    422. 

  422. 

  423. // GetSessionInfo returns the session details
    424. 

  424. func (s *KVServer) GetSessionInfo(token string) (*Session, error) {
    425. 

  425. 	return s.AuthManager.GetSession(token)
    426. 

  426. }
    427. 

  427. 

  428. // IsAdmin checks if the token belongs to a user with admin privileges
    429. 

  429. // defined as having "admin" action on "*" key pattern
    430. 

  430. func (s *KVServer) IsAdmin(token string) bool {
    431. 

  431. 	if !s.AuthManager.IsEnabled() {
    432. 

  432. 		return true // If auth disabled, everyone is admin (or handled by caller)
    433. 

  433. 	}
    434. 

  434. 	
    435. 

  435. 	// Check internal system token
    436. 

  436. 	if token == "SYSTEM_INTERNAL" {
    437. 

  437. 		return true
    438. 

  438. 	}
    439. 

  439. 

  440. 	return s.AuthManager.CheckPermission(token, "*", ActionAdmin, "") == nil
    441. 

  441. }
    442. 

  442. 

  443. // IsRoot checks if the token belongs to the root user
    444. 

  444. // Deprecated: Use IsAdmin instead
    445. 

  445. func (s *KVServer) IsRoot(token string) bool {
    446. 

  446. 	sess, err := s.AuthManager.GetSession(token)
    447. 

  447. 	if err != nil {
    448. 

  448. 		return false
    449. 

  449. 	}
    450. 

  450. 	return sess.Username == "root"
    451. 

  451. }
    452. 

  452. 

  453. // CreateUser creates a new user (Delegated Admin)
    454. 

  454. func (s *KVServer) CreateUser(username, password string, roles []string, token string) error {
    455. 

  455. 	if s.AuthManager.IsEnabled() {
    456. 

  456. 		// 1. Permission check: Must have write permission on system.user.<username>
    457. 

  457. 		// This enables delegated administration (e.g., dept_admin can create users in their scope)
    458. 

  458. 		// Or if global admin
    459. 

  459. 		targetKey := AuthUserPrefix + username
    460. 

  460. 		if err := s.AuthManager.CheckPermission(token, targetKey, ActionWrite, ""); err != nil {
    461. 

  461. 			// Fallback to global admin check for backward compatibility or clearer error
    462. 

  462. 			if !s.IsAdmin(token) {
    463. 

  463. 				return fmt.Errorf("permission denied: cannot create user '%s'", username)
    464. 

  464. 			}
    465. 

  465. 		}
    466. 

  466. 		
    467. 

  467. 		// 2. Verify Delegation: Can I assign these roles?
    468. 

  468. 		// To assign a role, I must have ALL permissions that the role contains.
    469. 

  469. 		for _, roleName := range roles {
    470. 

  470. 			// Let's implement a helper in AuthManager to get Role Effective Permissions
    471. 

  471. 			rolePerms, err := s.AuthManager.GetRoleEffectivePermissions(roleName)
    472. 

  472. 			if err != nil {
    473. 

  473. 				return err
    474. 

  474. 			}
    475. 

  475. 			
    476. 

  476. 			if !s.AuthManager.IsSubset(token, rolePerms) {
    477. 

  477. 				return fmt.Errorf("permission denied: cannot assign role '%s' (exceeds your permissions)", roleName)
    478. 

  478. 			}
    479. 

  479. 		}
    480. 

  480. 	}
    481. 

  481. 	// Use RegisterUserSync
    482. 

  482. 	return s.AuthManager.RegisterUser(username, password, roles)
    483. 

  483. }
    484. 

  484. 

  485. // DeleteUser deletes a user (Delegated Admin)
    486. 

  486. func (s *KVServer) DeleteUser(username string, token string) error {
    487. 

  487. 	if s.AuthManager.IsEnabled() {
    488. 

  488. 		// 1. Permission Check: Must have write permission on system.user.<username>
    489. 

  489. 		targetKey := AuthUserPrefix + username
    490. 

  490. 		if err := s.AuthManager.CheckPermission(token, targetKey, ActionWrite, ""); err != nil {
    491. 

  491. 			if !s.IsAdmin(token) {
    492. 

  492. 				return fmt.Errorf("permission denied: cannot delete user '%s'", username)
    493. 

  493. 			}
    494. 

  494. 		}
    495. 

  495. 

  496. 		// 2. Verify Delegation: Can I delete this user?
    497. 

  497. 		// I can only delete a user if I *could* have created them (i.e. I dominate their permissions).
    498. 

  498. 		targetUser, err := s.AuthManager.GetUser(username)
    499. 

  499. 		if err != nil {
    500. 

  500. 			return err
    501. 

  501. 		}
    502. 

  502. 		
    503. 

  503. 		if !s.AuthManager.IsSubset(token, targetUser.EffectivePermissions) {
    504. 

  504. 			return fmt.Errorf("permission denied: cannot delete user '%s' (has permissions exceeding yours)", username)
    505. 

  505. 		}
    506. 

  506. 	}
    507. 

  507. 	
    508. 

  508. 	// Check if user exists
    509. 

  509. 	if _, err := s.AuthManager.GetUser(username); err != nil {
    510. 

  510. 		return err
    511. 

  511. 	}
    512. 

  512. 	if username == "root" {
    513. 

  513. 		return fmt.Errorf("cannot delete root user")
    514. 

  514. 	}
    515. 

  515. 	// Use DelSync
    516. 

  516. 	return s.DelSync(AuthUserPrefix + username)
    517. 

  517. }
    518. 

  518. 

  519. // UpdateUser updates generic user fields (Delegated Admin)
    520. 

  520. func (s *KVServer) UpdateUser(user User, token string) error {
    521. 

  521. 	if s.AuthManager.IsEnabled() {
    522. 

  522. 		// 1. Permission Check
    523. 

  523. 		targetKey := AuthUserPrefix + user.Username
    524. 

  524. 		if err := s.AuthManager.CheckPermission(token, targetKey, ActionWrite, ""); err != nil {
    525. 

  525. 			if !s.IsAdmin(token) {
    526. 

  526. 				return fmt.Errorf("permission denied: cannot modify user '%s'", user.Username)
    527. 

  527. 			}
    528. 

  528. 		}
    529. 

  529. 		
    530. 

  530. 		// 2. Check if I can modify this user (Target Check)
    531. 

  531. 		oldUser, err := s.AuthManager.GetUser(user.Username)
    532. 

  532. 		if err != nil {
    533. 

  533. 			return err
    534. 

  534. 		}
    535. 

  535. 		if !s.AuthManager.IsSubset(token, oldUser.EffectivePermissions) {
    536. 

  536. 			return fmt.Errorf("permission denied: cannot modify user '%s' (has permissions exceeding yours)", user.Username)
    537. 

  537. 		}
    538. 

  538. 		
    539. 

  539. 		// 3. Check if the NEW state is valid (Delegation Check)
    540. 

  540. 		for _, roleName := range user.Roles {
    541. 

  541. 			rolePerms, err := s.AuthManager.GetRoleEffectivePermissions(roleName)
    542. 

  542. 			if err != nil {
    543. 

  543. 				return err
    544. 

  544. 			}
    545. 

  545. 			if !s.AuthManager.IsSubset(token, rolePerms) {
    546. 

  546. 				return fmt.Errorf("permission denied: cannot assign role '%s'", roleName)
    547. 

  547. 			}
    548. 

  548. 		}
    549. 

  549. 		// Also check specific AllowPermissions if updated
    550. 

  550. 		if !s.AuthManager.IsSubset(token, user.AllowPermissions) {
    551. 

  551. 			return fmt.Errorf("permission denied: cannot assign specific permissions")
    552. 

  552. 		}
    553. 

  553. 	}
    554. 

  554. 	
    555. 

  555. 	// Check if user exists
    556. 

  556. 	if _, err := s.AuthManager.GetUser(user.Username); err != nil {
    557. 

  557. 		return err
    558. 

  558. 	}
    559. 

  559. 	return s.AuthManager.UpdateUser(user)
    560. 

  560. }
    561. 

  561. 

  562. // ChangeUserPassword changes a user's password (Admin or Self)
    563. 

  563. func (s *KVServer) ChangeUserPassword(username, newPassword string, token string) error {
    564. 

  564. 	if s.AuthManager.IsEnabled() {
    565. 

  565. 		session, err := s.AuthManager.GetSession(token)
    566. 

  566. 		if err != nil {
    567. 

  567. 			return err
    568. 

  568. 		}
    569. 

  569. 		
    570. 

  570. 		// Allow if Self
    571. 

  571. 		if session.Username == username {
    572. 

  572. 			// OK
    573. 

  573. 		} else {
    574. 

  574. 			// Or has write permission on target user
    575. 

  575. 			targetKey := AuthUserPrefix + username
    576. 

  576. 			if err := s.AuthManager.CheckPermission(token, targetKey, ActionWrite, ""); err != nil {
    577. 

  577. 				if !s.IsAdmin(token) {
    578. 

  578. 					return fmt.Errorf("permission denied")
    579. 

  579. 				}
    580. 

  580. 			}
    581. 

  581. 		}
    582. 

  582. 	}
    583. 

  583. 	// Use ChangePassword (which should use SetSync)
    584. 

  584. 	return s.AuthManager.ChangePassword(username, newPassword)
    585. 

  585. }
    586. 

  586. 

  587. // SetUserMFA updates a user's MFA settings (Admin or Self)
    588. 

  588. func (s *KVServer) SetUserMFA(username string, secret string, enabled bool, token string) error {
    589. 

  589. 	if s.AuthManager.IsEnabled() {
    590. 

  590. 		session, err := s.AuthManager.GetSession(token)
    591. 

  591. 		if err != nil {
    592. 

  592. 			return err
    593. 

  593. 		}
    594. 

  594. 

  595. 		// Allow if Self
    596. 

  596. 		if session.Username == username {
    597. 

  597. 			// OK
    598. 

  598. 		} else {
    599. 

  599. 			// Or has write permission on target user
    600. 

  600. 			targetKey := AuthUserPrefix + username
    601. 

  601. 			if err := s.AuthManager.CheckPermission(token, targetKey, ActionWrite, ""); err != nil {
    602. 

  602. 				if !s.IsAdmin(token) {
    603. 

  603. 					return fmt.Errorf("permission denied: cannot modify user '%s'", username)
    604. 

  604. 				}
    605. 

  605. 			}
    606. 

  606. 		}
    607. 

  607. 	}
    608. 

  608. 

  609. 	user, err := s.AuthManager.GetUser(username)
    610. 

  610. 	if err != nil {
    611. 

  611. 		return err
    612. 

  612. 	}
    613. 

  613. 

  614. 	// Create a copy to modify
    615. 

  615. 	newUser := *user
    616. 

  616. 	newUser.MFASecret = secret
    617. 

  617. 	newUser.MFAEnabled = enabled
    618. 

  618. 	
    619. 

  619. 	// Use underlying UpdateUser (which syncs to Raft)
    620. 

  620. 	return s.AuthManager.UpdateUser(newUser)
    621. 

  621. }
    622. 

  622. 

  623. // Role Management Helpers
    624. 

  624. 

  625. // CreateRole creates a new role (Delegated Admin)
    626. 

  626. func (s *KVServer) CreateRole(name string, token string) error {
    627. 

  627. 	if s.AuthManager.IsEnabled() {
    628. 

  628. 		// Permission Check: Write on system.role.<name>
    629. 

  629. 		targetKey := AuthRolePrefix + name
    630. 

  630. 		if err := s.AuthManager.CheckPermission(token, targetKey, ActionWrite, ""); err != nil {
    631. 

  631. 			if !s.IsAdmin(token) {
    632. 

  632. 				return fmt.Errorf("permission denied: cannot create role '%s'", name)
    633. 

  633. 			}
    634. 

  634. 		}
    635. 

  635. 	}
    636. 

  636. 	// Creating an empty role is safe? 
    637. 

  637. 	// Yes, permissions are added later.
    638. 

  638. 	return s.AuthManager.CreateRole(name)
    639. 

  639. }
    640. 

  640. 

  641. // DeleteRole deletes a role (Delegated Admin)
    642. 

  642. func (s *KVServer) DeleteRole(name string, token string) error {
    643. 

  643. 	if s.AuthManager.IsEnabled() {
    644. 

  644. 		// Permission Check
    645. 

  645. 		targetKey := AuthRolePrefix + name
    646. 

  646. 		if err := s.AuthManager.CheckPermission(token, targetKey, ActionWrite, ""); err != nil {
    647. 

  647. 			if !s.IsAdmin(token) {
    648. 

  648. 				return fmt.Errorf("permission denied: cannot delete role '%s'", name)
    649. 

  649. 			}
    650. 

  650. 		}
    651. 

  651. 

  652. 		// Verify: Can I delete this role?
    653. 

  653. 		// I must dominate the role's permissions.
    654. 

  654. 		rolePerms, err := s.AuthManager.GetRoleEffectivePermissions(name)
    655. 

  655. 		if err != nil {
    656. 

  656. 			return err
    657. 

  657. 		}
    658. 

  658. 		if !s.AuthManager.IsSubset(token, rolePerms) {
    659. 

  659. 			return fmt.Errorf("permission denied: cannot delete role '%s' (exceeds your permissions)", name)
    660. 

  660. 		}
    661. 

  661. 	}
    662. 

  662. 	return s.AuthManager.DeleteRole(name)
    663. 

  663. }
    664. 

  664. 

  665. // UpdateRole updates a role (Delegated Admin)
    666. 

  666. func (s *KVServer) UpdateRole(role Role, token string) error {
    667. 

  667. 	if s.AuthManager.IsEnabled() {
    668. 

  668. 		// Permission Check
    669. 

  669. 		targetKey := AuthRolePrefix + role.Name
    670. 

  670. 		if err := s.AuthManager.CheckPermission(token, targetKey, ActionWrite, ""); err != nil {
    671. 

  671. 			if !s.IsAdmin(token) {
    672. 

  672. 				return fmt.Errorf("permission denied: cannot modify role '%s'", role.Name)
    673. 

  673. 			}
    674. 

  674. 		}
    675. 

  675. 		
    676. 

  676. 		// 1. Check Old State (Can I modify it?)
    677. 

  677. 		oldPerms, err := s.AuthManager.GetRoleEffectivePermissions(role.Name)
    678. 

  678. 		if err != nil {
    679. 

  679. 			return err
    680. 

  680. 		}
    681. 

  681. 		if !s.AuthManager.IsSubset(token, oldPerms) {
    682. 

  682. 			return fmt.Errorf("permission denied: cannot modify role '%s' (current permissions exceed yours)", role.Name)
    683. 

  683. 		}
    684. 

  684. 		
    685. 

  685. 		// 2. Check New State (Can I assign these new permissions?)
    686. 

  686. 		// Check Parents
    687. 

  687. 		for _, p := range role.ParentRoles {
    688. 

  688. 			pPerms, err := s.AuthManager.GetRoleEffectivePermissions(p)
    689. 

  689. 			if err != nil {
    690. 

  690. 				return err
    691. 

  691. 			}
    692. 

  692. 			if !s.AuthManager.IsSubset(token, pPerms) {
    693. 

  693. 				return fmt.Errorf("permission denied: cannot inherit from role '%s'", p)
    694. 

  694. 			}
    695. 

  695. 		}
    696. 

  696. 		// Check Permissions
    697. 

  697. 		if !s.AuthManager.IsSubset(token, role.Permissions) {
    698. 

  698. 			return fmt.Errorf("permission denied: cannot assign specified permissions")
    699. 

  699. 		}
    700. 

  700. 	}
    701. 

  701. 	return s.AuthManager.UpdateRole(role)
    702. 

  702. }
    703. 

  703. 

  704. // ListUsers lists all users (Admin only)
    705. 

  705. func (s *KVServer) ListUsers(token string) ([]*User, error) {
    706. 

  706. 	if s.AuthManager.IsEnabled() {
    707. 

  707. 		// Check for general read permission on users
    708. 

  708. 		// Ideally checking system.user.*
    709. 

  709. 		if err := s.AuthManager.CheckPermission(token, AuthUserPrefix + "*", ActionRead, ""); err != nil {
    710. 

  710. 			if !s.IsAdmin(token) {
    711. 

  711. 				return nil, fmt.Errorf("permission denied: admin access required")
    712. 

  712. 			}
    713. 

  713. 		}
    714. 

  714. 	}
    715. 

  715. 	return s.AuthManager.ListUsers(), nil
    716. 

  716. }
    717. 

  717. 

  718. // ListRoles lists all roles (Admin only)
    719. 

  719. func (s *KVServer) ListRoles(token string) ([]*Role, error) {
    720. 

  720. 	if s.AuthManager.IsEnabled() {
    721. 

  721. 		// Check for general read permission on roles
    722. 

  722. 		if err := s.AuthManager.CheckPermission(token, AuthRolePrefix + "*", ActionRead, ""); err != nil {
    723. 

  723. 			if !s.IsAdmin(token) {
    724. 

  724. 				return nil, fmt.Errorf("permission denied: admin access required")
    725. 

  725. 			}
    726. 

  726. 		}
    727. 

  727. 	}
    728. 

  728. 	return s.AuthManager.ListRoles(), nil
    729. 

  729. }
    730. 

  730. 

  731. // SearchAuthenticated searches keys with permission checks
    732. 

  732. func (s *KVServer) SearchAuthenticated(pattern string, limit, offset int, token string) ([]db.QueryResult, error) {
    733. 

  733. 	// Optimization: If user has full access (*), delegate to DB with limit/offset
    734. 

  734. 	if s.AuthManager.HasFullAccess(token) {
    735. 

  735. 		sql := fmt.Sprintf("key like \"%s\" LIMIT %d OFFSET %d", pattern, limit, offset)
    736. 

  736. 		return s.DB.Query(sql)
    737. 

  737. 	}
    738. 

  738. 

  739. 	// Slow path: Fetch all potential matches and filter
    740. 

  740. 	// We construct a SQL query that retrieves CANDIDATES.
    741. 

  741. 	// We cannot safely apply LIMIT/OFFSET in SQL because we might filter out some results.
    742. 

  742. 	// So we must fetch ALL matches.
    743. 

  743. 	// WARNING: This can be slow and memory intensive.
    744. 

  744. 	
    745. 

  745. 	// If pattern is wildcard, we might fetch everything.
    746. 

  746. 	sql := fmt.Sprintf("key like \"%s\"", pattern)
    747. 

  747. 	results, err := s.DB.Query(sql)
    748. 

  748. 	if err != nil {
    749. 

  749. 		return nil, err
    750. 

  750. 	}
    751. 

  751. 

  752. 	filtered := make([]db.QueryResult, 0, len(results))
    753. 

  753. 	
    754. 

  754. 	// Apply Filtering
    755. 

  755. 	for _, r := range results {
    756. 

  756. 		if err := s.AuthManager.CheckPermission(token, r.Key, ActionRead, ""); err == nil {
    757. 

  757. 			filtered = append(filtered, r)
    758. 

  758. 		}
    759. 

  759. 	}
    760. 

  760. 

  761. 	// Apply Pagination on Filtered Results
    762. 

  762. 	if offset > len(filtered) {
    763. 

  763. 		return []db.QueryResult{}, nil
    764. 

  764. 	}
    765. 

  765. 	
    766. 

  766. 	start := offset
    767. 

  767. 	end := offset + limit
    768. 

  768. 	if end > len(filtered) {
    769. 

  769. 		end = len(filtered)
    770. 

  770. 	}
    771. 

  771. 	
    772. 

  772. 	return filtered[start:end], nil
    773. 

  773. }
    774. 

  774. 

  775. // CountAuthenticated counts keys with permission checks
    776. 

  776. func (s *KVServer) CountAuthenticated(pattern string, token string) (int, error) {
    777. 

  777. 	// Optimization: If user has full access
    778. 

  778. 	if s.AuthManager.HasFullAccess(token) {
    779. 

  779. 		sql := ""
    780. 

  780. 		if pattern == "*" {
    781. 

  781. 			sql = "*"
    782. 

  782. 		} else {
    783. 

  783. 			sql = fmt.Sprintf("key like \"%s\"", pattern)
    784. 

  784. 		}
    785. 

  785. 		return s.DB.Count(sql)
    786. 

  786. 	}
    787. 

  787. 

  788. 	// Slow path: Iterate and check
    789. 

  789. 	// We use DB.Query to get keys (Query returns values too, which is wasteful but DB engine doesn't expose keys-only Query yet)
    790. 

  790. 	// Actually, we can access s.DB.Index.WalkPrefix if we want to be faster and avoid value read, 
    791. 

  791. 	// but s.DB.Index is inside 'db' package. We can access it if it's exported.
    792. 

  792. 	// 'db' package exports 'Engine' and 'FlatIndex'.
    793. 

  793. 	// So s.DB.Index IS accessible.
    794. 

  794. 	
    795. 

  795. 	count := 0
    796. 

  796. 	
    797. 

  797. 	// Determine prefix from pattern
    798. 

  798. 	prefix := ""
    799. 

  799. 	if strings.HasSuffix(pattern, "*") {
    800. 

  800. 		prefix = strings.TrimSuffix(pattern, "*")
    801. 

  801. 	} else if pattern == "*" {
    802. 

  802. 		prefix = ""
    803. 

  803. 	} else {
    804. 

  804. 		// Exact match check
    805. 

  805. 		if err := s.AuthManager.CheckPermission(token, pattern, ActionRead, ""); err == nil {
    806. 

  806. 			// Check if exists
    807. 

  807. 			if _, ok := s.DB.Get(pattern); ok {
    808. 

  808. 				return 1, nil
    809. 

  809. 			}
    810. 

  810. 			return 0, nil
    811. 

  811. 		}
    812. 

  812. 		return 0, nil // No perm or not found
    813. 

  813. 	}
    814. 

  814. 

  815. 	// Walk
    816. 

  816. 	// Note: WalkPrefix locks the DB Index (Read Lock).
    817. 

  817. 	// Calling CheckPermission inside might involve some logic but it is memory-only and usually fast.
    818. 

  818. 	// However, if CheckPermission takes time, we hold DB lock.
    819. 

  819. 	s.DB.Index.WalkPrefix(prefix, func(key string, entry db.IndexEntry) bool {
    820. 

  820. 		// Check pattern match first (WalkPrefix is just prefix, pattern might be more complex like "user.*.name")
    821. 

  821. 		if !db.WildcardMatch(key, pattern) {
    822. 

  822. 			return true
    823. 

  823. 		}
    824. 

  824. 		
    825. 

  825. 		if err := s.AuthManager.CheckPermission(token, key, ActionRead, ""); err == nil {
    826. 

  826. 			count++
    827. 

  827. 		}
    828. 

  828. 		return true
    829. 

  829. 	})
    830. 

  830. 

  831. 	return count, nil
    832. 

  832. }
    833. 

  833. 

  834. // GetLinear gets a value with linearizable consistency
    835. 

  835. // This ensures the read sees all writes committed before the read started
    836. 

  836. func (s *KVServer) GetLinear(key string) (string, bool, error) {
    837. 

  837. 	// First, ensure we have up-to-date data via ReadIndex
    838. 

  838. 	_, err := s.Raft.ReadIndex()
    839. 

  839. 	if err != nil {
    840. 

  840. 		// If we're not leader, try forwarding
    841. 

  841. 		if errors.Is(err, ErrNotLeader) {
    842. 

  842. 			return s.forwardGet(key)
    843. 

  843. 		}
    844. 

  844. 		return "", false, err
    845. 

  845. 	}
    846. 

  846. 

  847. 	val, ok := s.DB.Get(key)
    848. 

  848. 	return val, ok, nil
    849. 

  849. }
    850. 

  850. 

  851. // forwardGet forwards a get request to the leader
    852. 

  852. func (s *KVServer) forwardGet(key string) (string, bool, error) {
    853. 

  853. 	return s.Raft.ForwardGet(key)
    854. 

  854. }
    855. 

  855. 

  856. // Join joins an existing cluster
    857. 

  857. func (s *KVServer) Join(nodeID, addr string) error {
    858. 

  858. 	return s.Raft.AddNodeWithForward(nodeID, addr)
    859. 

  859. }
    860. 

  860. 

  861. // Leave leaves the cluster
    862. 

  862. func (s *KVServer) Leave(nodeID string) error {
    863. 

  863. 	// Mark node as leaving to prevent auto-rejoin
    864. 

  864. 	s.leavingNodes.Store(nodeID, time.Now())
    865. 

  865. 	
    866. 

  866. 	// Auto-expire the leaving flag after a while
    867. 

  867. 	go func() {
    868. 

  868. 		time.Sleep(30 * time.Second)
    869. 

  869. 		s.leavingNodes.Delete(nodeID)
    870. 

  870. 	}()
    871. 

  871. 

  872. 	// Remove from RaftNode discovery key first to prevent auto-rejoin
    873. 

  873. 	if err := s.removeNodeFromDiscovery(nodeID); err != nil {
    874. 

  874. 		s.Raft.config.Logger.Warn("Failed to remove node from discovery key: %v", err)
    875. 

  875. 		// Continue anyway, as the main goal is to leave the cluster
    876. 

  876. 	}
    877. 

  877. 	return s.Raft.RemoveNodeWithForward(nodeID)
    878. 

  878. }
    879. 

  879. 

  880. // removeNodeFromDiscovery removes a node from the RaftNode key to prevent auto-rejoin
    881. 

  881. func (s *KVServer) removeNodeFromDiscovery(targetID string) error {
    882. 

  882. 	val, ok := s.Get("RaftNode")
    883. 

  883. 	if !ok || val == "" {
    884. 

  884. 		return nil
    885. 

  885. 	}
    886. 

  886. 

  887. 	parts := strings.Split(val, ";")
    888. 

  888. 	var newParts []string
    889. 

  889. 	changed := false
    890. 

  890. 

  891. 	for _, part := range parts {
    892. 

  892. 		if part == "" {
    893. 

  893. 			continue
    894. 

  894. 		}
    895. 

  895. 		kv := strings.SplitN(part, "=", 2)
    896. 

  896. 		if len(kv) == 2 {
    897. 

  897. 			if kv[0] == targetID {
    898. 

  898. 				changed = true
    899. 

  899. 				continue // Skip this node
    900. 

  900. 			}
    901. 

  901. 			newParts = append(newParts, part)
    902. 

  902. 		}
    903. 

  903. 	}
    904. 

  904. 

  905. 	if changed {
    906. 

  906. 		newVal := strings.Join(newParts, ";")
    907. 

  907. 		return s.Set("RaftNode", newVal)
    908. 

  908. 	}
    909. 

  909. 	return nil
    910. 

  910. }
    911. 

  911. 

  912. // WaitForLeader waits until a leader is elected
    913. 

  913. func (s *KVServer) WaitForLeader(timeout time.Duration) error {
    914. 

  914. 	deadline := time.Now().Add(timeout)
    915. 

  915. 	for time.Now().Before(deadline) {
    916. 

  916. 		leader := s.Raft.GetLeaderID()
    917. 

  917. 		if leader != "" {
    918. 

  918. 			return nil
    919. 

  919. 		}
    920. 

  920. 		time.Sleep(100 * time.Millisecond)
    921. 

  921. 	}
    922. 

  922. 	return fmt.Errorf("timeout waiting for leader")
    923. 

  923. }
    924. 

  924. 

  925. // HealthCheck returns the health status of this server
    926. 

  926. func (s *KVServer) HealthCheck() HealthStatus {
    927. 

  927. 	return s.Raft.HealthCheck()
    928. 

  928. }
    929. 

  929. 

  930. // GetStats returns runtime statistics
    931. 

  931. func (s *KVServer) GetStats() Stats {
    932. 

  932. 	return s.Raft.GetStats()
    933. 

  933. }
    934. 

  934. 

  935. // GetMetrics returns runtime metrics
    936. 

  936. func (s *KVServer) GetMetrics() Metrics {
    937. 

  937. 	return s.Raft.GetMetrics()
    938. 

  938. }
    939. 

  939. 

  940. // TransferLeadership transfers leadership to the specified node
    941. 

  941. func (s *KVServer) TransferLeadership(targetID string) error {
    942. 

  942. 	return s.Raft.TransferLeadership(targetID)
    943. 

  943. }
    944. 

  944. 

  945. // GetClusterNodes returns current cluster membership
    946. 

  946. func (s *KVServer) GetClusterNodes() map[string]string {
    947. 

  947. 	return s.Raft.GetClusterNodes()
    948. 

  948. }
    949. 

  949. 

  950. // IsLeader returns true if this node is the leader
    951. 

  951. func (s *KVServer) IsLeader() bool {
    952. 

  952. 	_, isLeader := s.Raft.GetState()
    953. 

  953. 	return isLeader
    954. 

  954. }
    955. 

  955. 

  956. // GetLeaderID returns the current leader ID
    957. 

  957. func (s *KVServer) GetLeaderID() string {
    958. 

  958. 	return s.Raft.GetLeaderID()
    959. 

  959. }
    960. 

  960. 

  961. // GetLogSize returns the raft log size
    962. 

  962. func (s *KVServer) GetLogSize() int64 {
    963. 

  963. 	return s.Raft.log.GetLogSize()
    964. 

  964. }
    965. 

  965. 

  966. // GetDBSize returns the db size
    967. 

  967. func (s *KVServer) GetDBSize() int64 {
    968. 

  968. 	return s.DB.GetDBSize()
    969. 

  969. }
    970. 

  970. 

  971. // WatchURL registers a webhook url for a key
    972. 

  972. func (s *KVServer) WatchURL(key, url string) {
    973. 

  973. 	s.Watcher.Subscribe(key, url)
    974. 

  974. }
    975. 

  975. 

  976. // UnwatchURL removes a webhook url for a key
    977. 

  977. func (s *KVServer) UnwatchURL(key, url string) {
    978. 

  978. 	s.Watcher.Unsubscribe(key, url)
    979. 

  979. }
    980. 

  980. 

  981. // WatchAll registers a watcher for all keys
    982. 

  982. func (s *KVServer) WatchAll(handler WatchHandler) {
    983. 

  983. 	// s.FSM.WatchAll(handler)
    984. 

  984. 	// TODO: Implement Watcher for DB
    985. 

  985. }
    986. 

  986. 

  987. // Watch registers a watcher for a key
    988. 

  988. func (s *KVServer) Watch(key string, handler WatchHandler) {
    989. 

  989. 	// s.FSM.Watch(key, handler)
    990. 

  990. 	// TODO: Implement Watcher for DB
    991. 

  991. }
    992. 

  992. 

  993. // Unwatch removes watchers for a key
    994. 

  994. func (s *KVServer) Unwatch(key string) {
    995. 

  995. 	// s.FSM.Unwatch(key)
    996. 

  996. 	// TODO: Implement Watcher for DB
    997. 

  997. }
    998. 

  998. 

  999. func (s *KVServer) maintenanceLoop() {
    1000. 

  1000. 	defer s.wg.Done()
    1001. 

  1001. 	// Check every 1 second for faster reaction
    1002. 

  1002. 	ticker := time.NewTicker(1 * time.Second)
    1003. 

  1003. 	defer ticker.Stop()
    1004. 

  1004. 

  1005. 	for {
    1006. 

  1006. 		select {
    1007. 

  1007. 		case <-s.stopCh:
    1008. 

  1008. 			return
    1009. 

  1009. 		case <-ticker.C:
    1010. 

  1010. 			s.updateNodeInfo()
    1011. 

  1011. 			s.checkConnections()
    1012. 

  1012. 		}
    1013. 

  1013. 	}
    1014. 

  1014. }
    1015. 

  1015. 

  1016. func (s *KVServer) updateNodeInfo() {
    1017. 

  1017. 	// 1. Ensure "CreateNode/<NodeID>" is set to self address
    1018. 

  1018. 	// We do this via Propose (Set) so it's replicated
    1019. 

  1019. 	myID := s.Raft.config.NodeID
    1020. 

  1020. 	myAddr := s.Raft.config.ListenAddr
    1021. 

  1021. 	key := fmt.Sprintf("CreateNode/%s", myID)
    1022. 

  1022. 

  1023. 	// Check if we need to update (avoid spamming logs/proposals)
    1024. 

  1024. 	val, exists := s.Get(key)
    1025. 

  1025. 	if !exists || val != myAddr {
    1026. 

  1026. 		// Run in goroutine to avoid blocking
    1027. 

  1027. 		go func() {
    1028. 

  1028. 			if err := s.Set(key, myAddr); err != nil {
    1029. 

  1029. 				s.Raft.config.Logger.Debug("Failed to update node info: %v", err)
    1030. 

  1030. 			}
    1031. 

  1031. 		}()
    1032. 

  1032. 	}
    1033. 

  1033. 

  1034. 	// 2. Only leader updates RaftNode aggregation
    1035. 

  1035. 	if s.IsLeader() {
    1036. 

  1036. 		// Read current RaftNode to preserve history
    1037. 

  1037. 		currentVal, _ := s.Get("RaftNode")
    1038. 

  1038. 		
    1039. 

  1039. 		knownNodes := make(map[string]string)
    1040. 

  1040. 		if currentVal != "" {
    1041. 

  1041. 			parts := strings.Split(currentVal, ";")
    1042. 

  1042. 			for _, part := range parts {
    1043. 

  1043. 				if part == "" { continue }
    1044. 

  1044. 				kv := strings.SplitN(part, "=", 2)
    1045. 

  1045. 				if len(kv) == 2 {
    1046. 

  1046. 					knownNodes[kv[0]] = kv[1]
    1047. 

  1047. 				}
    1048. 

  1048. 			}
    1049. 

  1049. 		}
    1050. 

  1050. 

  1051. 		// Merge current cluster nodes
    1052. 

  1052. 		changed := false
    1053. 

  1053. 		currentCluster := s.GetClusterNodes()
    1054. 

  1054. 		for id, addr := range currentCluster {
    1055. 

  1055. 			// Skip nodes that are marked as leaving
    1056. 

  1056. 			if _, leaving := s.leavingNodes.Load(id); leaving {
    1057. 

  1057. 				continue
    1058. 

  1058. 			}
    1059. 

  1059. 

  1060. 			if knownNodes[id] != addr {
    1061. 

  1061. 				knownNodes[id] = addr
    1062. 

  1062. 				changed = true
    1063. 

  1063. 			}
    1064. 

  1064. 		}
    1065. 

  1065. 

  1066. 		// If changed, update RaftNode
    1067. 

  1067. 		if changed {
    1068. 

  1068. 			var peers []string
    1069. 

  1069. 			for id, addr := range knownNodes {
    1070. 

  1070. 				peers = append(peers, fmt.Sprintf("%s=%s", id, addr))
    1071. 

  1071. 			}
    1072. 

  1072. 			sort.Strings(peers)
    1073. 

  1073. 			newVal := strings.Join(peers, ";")
    1074. 

  1074. 

  1075. 			// Check again if we need to write to avoid loops if Get returned stale
    1076. 

  1076. 			if newVal != currentVal {
    1077. 

  1077. 				go func(k, v string) {
    1078. 

  1078. 					if err := s.Set(k, v); err != nil {
    1079. 

  1079. 						s.Raft.config.Logger.Warn("Failed to update RaftNode key: %v", err)
    1080. 

  1080. 					}
    1081. 

  1081. 				}("RaftNode", newVal)
    1082. 

  1082. 			}
    1083. 

  1083. 		}
    1084. 

  1084. 	}
    1085. 

  1085. }
    1086. 

  1086. 

  1087. func (s *KVServer) checkConnections() {
    1088. 

  1088. 	if !s.IsLeader() {
    1089. 

  1089. 		return
    1090. 

  1090. 	}
    1091. 

  1091. 

  1092. 	// Read RaftNode key to find potential members that are missing
    1093. 

  1093. 	val, ok := s.Get("RaftNode")
    1094. 

  1094. 	if !ok || val == "" {
    1095. 

  1095. 		return
    1096. 

  1096. 	}
    1097. 

  1097. 

  1098. 	// Parse saved nodes
    1099. 

  1099. 	savedParts := strings.Split(val, ";")
    1100. 

  1100. 	currentNodes := s.GetClusterNodes()
    1101. 

  1101. 

  1102. 	// Invert currentNodes for address check
    1103. 

  1103. 	currentAddrs := make(map[string]bool)
    1104. 

  1104. 	for _, addr := range currentNodes {
    1105. 

  1105. 		currentAddrs[addr] = true
    1106. 

  1106. 	}
    1107. 

  1107. 

  1108. 	for _, part := range savedParts {
    1109. 

  1109. 		if part == "" {
    1110. 

  1110. 			continue
    1111. 

  1111. 		}
    1112. 

  1112. 		// Expect id=addr
    1113. 

  1113. 		kv := strings.SplitN(part, "=", 2)
    1114. 

  1114. 		if len(kv) != 2 {
    1115. 

  1115. 			continue
    1116. 

  1116. 		}
    1117. 

  1117. 		id, addr := kv[0], kv[1]
    1118. 

  1118. 

  1119. 		// Skip invalid addresses
    1120. 

  1120. 		if strings.HasPrefix(addr, ".") || !strings.Contains(addr, ":") {
    1121. 

  1121. 			continue
    1122. 

  1122. 		}
    1123. 

  1123. 

  1124. 		if !currentAddrs[addr] {
    1125. 

  1125. 			// Skip nodes that are marked as leaving
    1126. 

  1126. 			if _, leaving := s.leavingNodes.Load(id); leaving {
    1127. 

  1127. 				continue
    1128. 

  1128. 			}
    1129. 

  1129. 

  1130. 			// Found a node that was previously in the cluster but is now missing
    1131. 

  1131. 			// Try to add it back
    1132. 

  1132. 			// We use AddNodeWithForward which handles non-blocking internally somewhat,
    1133. 

  1133. 			// but we should run this in goroutine to not block the loop
    1134. 

  1134. 			go func(nodeID, nodeAddr string) {
    1135. 

  1135. 				// Try to add node
    1136. 

  1136. 				s.Raft.config.Logger.Info("Auto-rejoining node found in RaftNode: %s (%s)", nodeID, nodeAddr)
    1137. 

  1137. 				if err := s.Join(nodeID, nodeAddr); err != nil {
    1138. 

  1138. 					s.Raft.config.Logger.Debug("Failed to auto-rejoin node %s: %v", nodeID, err)
    1139. 

  1139. 				}
    1140. 

  1140. 			}(id, addr)
    1141. 

  1141. 		}
    1142. 

  1142. 	}
    1143. 

  1143. }
    1144. 

  1144. 

  1145. // startHTTPServer starts the HTTP API server
    1146. 

  1146. func (s *KVServer) startHTTPServer(addr string) error {
    1147. 

  1147. 	mux := http.NewServeMux()
    1148. 

  1148. 

  1149. 	// KV API
    1150. 

  1150. 	mux.HandleFunc("/kv", func(w http.ResponseWriter, r *http.Request) {
    1151. 

  1151. 		token := r.Header.Get("X-Raft-Token")
    1152. 

  1152. 		
    1153. 

  1153. 		switch r.Method {
    1154. 

  1154. 		case http.MethodGet:
    1155. 

  1155. 			key := r.URL.Query().Get("key")
    1156. 

  1156. 			if key == "" {
    1157. 

  1157. 				http.Error(w, "missing key", http.StatusBadRequest)
    1158. 

  1158. 				return
    1159. 

  1159. 			}
    1160. 

  1160. 			// Use Authenticated method
    1161. 

  1161. 			val, found, err := s.GetLinearAuthenticated(key, token)
    1162. 

  1162. 			if err != nil {
    1163. 

  1163. 				// Distinguish auth error vs raft error?
    1164. 

  1164. 				if strings.Contains(err.Error(), "permission") || strings.Contains(err.Error(), "unauthorized") {
    1165. 

  1165. 					http.Error(w, err.Error(), http.StatusForbidden)
    1166. 

  1166. 				} else {
    1167. 

  1167. 					http.Error(w, err.Error(), http.StatusInternalServerError)
    1168. 

  1168. 				}
    1169. 

  1169. 				return
    1170. 

  1170. 			}
    1171. 

  1171. 			if !found {
    1172. 

  1172. 				http.Error(w, "not found", http.StatusNotFound)
    1173. 

  1173. 				return
    1174. 

  1174. 			}
    1175. 

  1175. 			w.Write([]byte(val))
    1176. 

  1176. 

  1177. 		case http.MethodPost:
    1178. 

  1178. 			body, _ := io.ReadAll(r.Body)
    1179. 

  1179. 			var req struct {
    1180. 

  1180. 				Key   string `json:"key"`
    1181. 

  1181. 				Value string `json:"value"`
    1182. 

  1182. 			}
    1183. 

  1183. 			if err := json.Unmarshal(body, &req); err != nil {
    1184. 

  1184. 				http.Error(w, "invalid json", http.StatusBadRequest)
    1185. 

  1185. 				return
    1186. 

  1186. 			}
    1187. 

  1187. 			if err := s.SetAuthenticated(req.Key, req.Value, token); err != nil {
    1188. 

  1188. 				if strings.Contains(err.Error(), "permission") || strings.Contains(err.Error(), "unauthorized") {
    1189. 

  1189. 					http.Error(w, err.Error(), http.StatusForbidden)
    1190. 

  1190. 				} else {
    1191. 

  1191. 					http.Error(w, err.Error(), http.StatusInternalServerError)
    1192. 

  1192. 				}
    1193. 

  1193. 				return
    1194. 

  1194. 			}
    1195. 

  1195. 			w.WriteHeader(http.StatusOK)
    1196. 

  1196. 

  1197. 		case http.MethodDelete:
    1198. 

  1198. 			key := r.URL.Query().Get("key")
    1199. 

  1199. 			if key == "" {
    1200. 

  1200. 				http.Error(w, "missing key", http.StatusBadRequest)
    1201. 

  1201. 				return
    1202. 

  1202. 			}
    1203. 

  1203. 			if err := s.DelAuthenticated(key, token); err != nil {
    1204. 

  1204. 				if strings.Contains(err.Error(), "permission") || strings.Contains(err.Error(), "unauthorized") {
    1205. 

  1205. 					http.Error(w, err.Error(), http.StatusForbidden)
    1206. 

  1206. 				} else {
    1207. 

  1207. 					http.Error(w, err.Error(), http.StatusInternalServerError)
    1208. 

  1208. 				}
    1209. 

  1209. 				return
    1210. 

  1210. 			}
    1211. 

  1211. 			w.WriteHeader(http.StatusOK)
    1212. 

  1212. 		
    1213. 

  1213. 		default:
    1214. 

  1214. 			http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
    1215. 

  1215. 		}
    1216. 

  1216. 	})
    1217. 

  1217. 

  1218. 	// Auth API
    1219. 

  1219. 	mux.HandleFunc("/auth/login", func(w http.ResponseWriter, r *http.Request) {
    1220. 

  1220. 		if r.Method != http.MethodPost {
    1221. 

  1221. 			http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
    1222. 

  1222. 			return
    1223. 

  1223. 		}
    1224. 

  1224. 		var req struct {
    1225. 

  1225. 			Username string `json:"username"`
    1226. 

  1226. 			Password string `json:"password"`
    1227. 

  1227. 			Code     string `json:"code"`
    1228. 

  1228. 		}
    1229. 

  1229. 		body, _ := io.ReadAll(r.Body)
    1230. 

  1230. 		if err := json.Unmarshal(body, &req); err != nil {
    1231. 

  1231. 			http.Error(w, "invalid json", http.StatusBadRequest)
    1232. 

  1232. 			return
    1233. 

  1233. 		}
    1234. 

  1234. 		
    1235. 

  1235. 		ip := r.RemoteAddr
    1236. 

  1236. 		if host, _, err := net.SplitHostPort(r.RemoteAddr); err == nil {
    1237. 

  1237. 			ip = host
    1238. 

  1238. 		}
    1239. 

  1239. 		
    1240. 

  1240. 		token, err := s.AuthManager.Login(req.Username, req.Password, req.Code, ip)
    1241. 

  1241. 		if err != nil {
    1242. 

  1242. 			http.Error(w, err.Error(), http.StatusUnauthorized)
    1243. 

  1243. 			return
    1244. 

  1244. 		}
    1245. 

  1245. 		
    1246. 

  1246. 		resp := struct {
    1247. 

  1247. 			Token string `json:"token"`
    1248. 

  1248. 		}{Token: token}
    1249. 

  1249. 		
    1250. 

  1250. 		json.NewEncoder(w).Encode(resp)
    1251. 

  1251. 	})
    1252. 

  1252. 

  1253. 	// Watcher API
    1254. 

  1254. 	mux.HandleFunc("/watch", func(w http.ResponseWriter, r *http.Request) {
    1255. 

  1255. 		if r.Method != http.MethodPost {
    1256. 

  1256. 			http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
    1257. 

  1257. 			return
    1258. 

  1258. 		}
    1259. 

  1259. 		body, _ := io.ReadAll(r.Body)
    1260. 

  1260. 		var req struct {
    1261. 

  1261. 			Key string `json:"key"`
    1262. 

  1262. 			URL string `json:"url"`
    1263. 

  1263. 		}
    1264. 

  1264. 		if err := json.Unmarshal(body, &req); err != nil {
    1265. 

  1265. 			http.Error(w, "invalid json", http.StatusBadRequest)
    1266. 

  1266. 			return
    1267. 

  1267. 		}
    1268. 

  1268. 		if req.Key == "" || req.URL == "" {
    1269. 

  1269. 			http.Error(w, "missing key or url", http.StatusBadRequest)
    1270. 

  1270. 			return
    1271. 

  1271. 		}
    1272. 

  1272. 		s.WatchURL(req.Key, req.URL)
    1273. 

  1273. 		w.WriteHeader(http.StatusOK)
    1274. 

  1274. 	})
    1275. 

  1275. 

  1276. 	mux.HandleFunc("/unwatch", func(w http.ResponseWriter, r *http.Request) {
    1277. 

  1277. 		if r.Method != http.MethodPost {
    1278. 

  1278. 			http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
    1279. 

  1279. 			return
    1280. 

  1280. 		}
    1281. 

  1281. 		body, _ := io.ReadAll(r.Body)
    1282. 

  1282. 		var req struct {
    1283. 

  1283. 			Key string `json:"key"`
    1284. 

  1284. 			URL string `json:"url"`
    1285. 

  1285. 		}
    1286. 

  1286. 		if err := json.Unmarshal(body, &req); err != nil {
    1287. 

  1287. 			http.Error(w, "invalid json", http.StatusBadRequest)
    1288. 

  1288. 			return
    1289. 

  1289. 		}
    1290. 

  1290. 		s.UnwatchURL(req.Key, req.URL)
    1291. 

  1291. 		w.WriteHeader(http.StatusOK)
    1292. 

  1292. 	})
    1293. 

  1293. 

  1294. 	s.httpServer = &http.Server{
    1295. 

  1295. 		Addr:    addr,
    1296. 

  1296. 		Handler: mux,
    1297. 

  1297. 	}
    1298. 

  1298. 

  1299. 	go func() {
    1300. 

  1300. 		s.Raft.config.Logger.Info("HTTP API server listening on %s", addr)
    1301. 

  1301. 		if err := s.httpServer.ListenAndServe(); err != nil && err != http.ErrServerClosed {
    1302. 

  1302. 			s.Raft.config.Logger.Error("HTTP server failed: %v", err)
    1303. 

  1303. 		}
    1304. 

  1304. 	}()
    1305. 

  1305. 

  1306. 	return nil
    1307. 

  1307. }
    1308.