feat: support internal agent auth token and update agent server API path

2026-01-31 17:42:05 +08:00 · 2026-01-31 17:42:05 +08:00 · 3b8195fd08
commit 3b8195fd08
parent ccb0bada22
2 changed files with 23 additions and 3 deletions
--- a/api/api.go
+++ b/api/api.go
@ -261,8 +261,6 @@ func RegisterRoutes(r *gin.Engine, opts ...Option) {
 	authProtected.POST("/mfa/disable", h.disableMFA)
 	authProtected.GET("/mfa/status", h.mfaStatus)

-	authProtected.GET("/agent/nodes", h.listAgentNodes)
-
 	authProtected.POST("/password/reset", h.requestPasswordReset)
 	authProtected.POST("/password/reset/confirm", h.confirmPasswordReset)

@ -279,6 +277,13 @@ func RegisterRoutes(r *gin.Engine, opts ...Option) {
 	authProtected.POST("/admin/users/:userId/role", h.updateUserRole)
 	authProtected.DELETE("/admin/users/:userId/role", h.resetUserRole)

+	// Agent User routes - /api/agent/nodes
+	agentUser := r.Group("/api/agent")
+	if h.tokenService != nil {
+		agentUser.Use(h.tokenService.AuthMiddleware())
+	}
+	agentUser.GET("/nodes", h.listAgentNodes)
+
 	registerAdminRoutes(authProtected, h)
 }

--- a/cmd/accountsvc/main.go
+++ b/cmd/accountsvc/main.go
@ -191,6 +191,20 @@ func runServer(ctx context.Context, cfg *config.Config, logger *slog.Logger) err
 		if err != nil {
 			return err
 		}
+	} else if token := os.Getenv("INTERNAL_SERVICE_TOKEN"); token != "" {
+		// Fallback: if no credentials configured but we have an internal token,
+		// register a default internal agent.
+		agentRegistry, err = agentserver.NewRegistry(agentserver.Config{
+			Credentials: []agentserver.Credential{{
+				ID:     "internal-agent",
+				Name:   "Internal Agent",
+				Token:  token,
+				Groups: []string{"internal"},
+			}},
+		})
+		if err != nil {
+			return err
+		}
 	}

 	var stopXraySync func(context.Context) error
@ -510,7 +524,8 @@ func registerAgentAPIRoutes(r *gin.Engine, registry *agentserver.Registry, sourc
 	if registry == nil {
 		return
 	}
-	group := r.Group("/api/agent/v1")
+	// Use /api/agent-server/v1 to avoid conflict with /api/agent prefix used by admin/user API
+	group := r.Group("/api/agent-server/v1")
 	group.Use(agentAuthMiddleware(registry))
 	group.GET("/users", agentListUsersHandler(source))
 	group.POST("/status", agentReportStatusHandler(registry, logger))