feat: support internal agent auth token and update agent server API path

This commit is contained in:
Haitao Pan 2026-01-31 17:42:05 +08:00
parent ccb0bada22
commit 3b8195fd08
2 changed files with 23 additions and 3 deletions

View File

@ -261,8 +261,6 @@ func RegisterRoutes(r *gin.Engine, opts ...Option) {
authProtected.POST("/mfa/disable", h.disableMFA)
authProtected.GET("/mfa/status", h.mfaStatus)
authProtected.GET("/agent/nodes", h.listAgentNodes)
authProtected.POST("/password/reset", h.requestPasswordReset)
authProtected.POST("/password/reset/confirm", h.confirmPasswordReset)
@ -279,6 +277,13 @@ func RegisterRoutes(r *gin.Engine, opts ...Option) {
authProtected.POST("/admin/users/:userId/role", h.updateUserRole)
authProtected.DELETE("/admin/users/:userId/role", h.resetUserRole)
// Agent User routes - /api/agent/nodes
agentUser := r.Group("/api/agent")
if h.tokenService != nil {
agentUser.Use(h.tokenService.AuthMiddleware())
}
agentUser.GET("/nodes", h.listAgentNodes)
registerAdminRoutes(authProtected, h)
}

View File

@ -191,6 +191,20 @@ func runServer(ctx context.Context, cfg *config.Config, logger *slog.Logger) err
if err != nil {
return err
}
} else if token := os.Getenv("INTERNAL_SERVICE_TOKEN"); token != "" {
// Fallback: if no credentials configured but we have an internal token,
// register a default internal agent.
agentRegistry, err = agentserver.NewRegistry(agentserver.Config{
Credentials: []agentserver.Credential{{
ID: "internal-agent",
Name: "Internal Agent",
Token: token,
Groups: []string{"internal"},
}},
})
if err != nil {
return err
}
}
var stopXraySync func(context.Context) error
@ -510,7 +524,8 @@ func registerAgentAPIRoutes(r *gin.Engine, registry *agentserver.Registry, sourc
if registry == nil {
return
}
group := r.Group("/api/agent/v1")
// Use /api/agent-server/v1 to avoid conflict with /api/agent prefix used by admin/user API
group := r.Group("/api/agent-server/v1")
group.Use(agentAuthMiddleware(registry))
group.GET("/users", agentListUsersHandler(source))
group.POST("/status", agentReportStatusHandler(registry, logger))