diff --git a/README.md b/README.md index c445902..1686d20 100644 --- a/README.md +++ b/README.md @@ -58,15 +58,15 @@ `ecosystem.config.js` includes a unified PM2 app named `relay-gateway` (code in `BOTS/SHARED/relay_gateway/`). It fronts **both** bots: -- proxies read-only queries: `/api/sqb/*` → SREBOT's internal API (`:6000`); +- proxies read-only queries: `/api/sre/*` → SREBOT's internal API (`:6000`); `/api/tss/*` → the TSS HTTP API (`:6100`) or `501` until it is deployed -- streams replay envelopes over `/ws/sqb` and `/ws/tss` +- streams replay envelopes over `/ws/sre` and `/ws/tss` - authenticates every request/socket against per-person keys at three levels - (`all`/`sqb`/`tss`) stored in `$STORAGE_VOL_PATH/relay_keys.json` + (`all`/`sre`/`tss`) stored in `$STORAGE_VOL_PATH/relay_keys.json` (SHA-256-hashed tokens, hot-reloaded on change) Outbox/state files live under the shared storage volume (`STORAGE_VOL_PATH`): -`external_bridge_outbox.jsonl` (sqb) and `tss_bridge_outbox.jsonl` (tss). +`external_bridge_outbox.jsonl` (sre) and `tss_bridge_outbox.jsonl` (tss). Useful commands: @@ -76,7 +76,7 @@ pm2 start ecosystem.config.js --only relay-gateway pm2 logs relay-gateway # manage downstream keys (run from BOTS/SHARED with the shared venv): -python -m relay_gateway.manage_keys --file "$STORAGE_VOL_PATH/relay_keys.json" add --name cn-axbot --level sqb +python -m relay_gateway.manage_keys --file "$STORAGE_VOL_PATH/relay_keys.json" add --name cn-axbot --level sre python -m relay_gateway.manage_keys --file "$STORAGE_VOL_PATH/relay_keys.json" list python -m relay_gateway.manage_keys --file "$STORAGE_VOL_PATH/relay_keys.json" revoke --name cn-axbot ``` diff --git a/ecosystem.config.js b/ecosystem.config.js index 8ba96ff..f542ff5 100644 --- a/ecosystem.config.js +++ b/ecosystem.config.js @@ -72,7 +72,7 @@ module.exports = { }, // Unified relay gateway fronting SREBOT (sqb) and TSSBOT (tss): - // - Proxies read-only API queries (/api/sqb/* -> SREBOT :6000; /api/tss/* -> TSS API or 501) + // - Proxies read-only API queries (/api/sre/* -> SREBOT :6000; /api/tss/* -> TSS API or 501) // - Streams replay envelopes over /ws/sqb and /ws/tss // - Per-key auth (all/sqb/tss) via $STORAGE_VOL_PATH/relay_keys.json // Lives in BOTS/SHARED/relay_gateway; loads SREBOT/.env for shared config. diff --git a/server.js b/server.js index 8526e7a..41e28e9 100644 --- a/server.js +++ b/server.js @@ -88,6 +88,12 @@ function requireAdminBearer(req, res, next) { app.use('/api', requireApiBearer); +// Rewrite /api/sre/* → /api/* so the gateway can forward channel-prefixed paths. +app.use('/api/sre', (req, res, next) => { + req.url = req.url.replace('/api/sre', '/api'); + next(); +}); + // Readiness gate: heavy aggregation endpoints sit behind this so cold-start // requests don't pile up on the read connection while the DB is still opening // indexes and the vehicle-list cache is warming. Resolves when boot work