holy meow (#1357)
This commit is contained in:
@@ -58,15 +58,15 @@
|
||||
`ecosystem.config.js` includes a unified PM2 app named `relay-gateway`
|
||||
(code in `BOTS/SHARED/relay_gateway/`). It fronts **both** bots:
|
||||
|
||||
- proxies read-only queries: `/api/sqb/*` → SREBOT's internal API (`:6000`);
|
||||
- proxies read-only queries: `/api/sre/*` → SREBOT's internal API (`:6000`);
|
||||
`/api/tss/*` → the TSS HTTP API (`:6100`) or `501` until it is deployed
|
||||
- streams replay envelopes over `/ws/sqb` and `/ws/tss`
|
||||
- streams replay envelopes over `/ws/sre` and `/ws/tss`
|
||||
- authenticates every request/socket against per-person keys at three levels
|
||||
(`all`/`sqb`/`tss`) stored in `$STORAGE_VOL_PATH/relay_keys.json`
|
||||
(`all`/`sre`/`tss`) stored in `$STORAGE_VOL_PATH/relay_keys.json`
|
||||
(SHA-256-hashed tokens, hot-reloaded on change)
|
||||
|
||||
Outbox/state files live under the shared storage volume (`STORAGE_VOL_PATH`):
|
||||
`external_bridge_outbox.jsonl` (sqb) and `tss_bridge_outbox.jsonl` (tss).
|
||||
`external_bridge_outbox.jsonl` (sre) and `tss_bridge_outbox.jsonl` (tss).
|
||||
|
||||
Useful commands:
|
||||
|
||||
@@ -76,7 +76,7 @@ pm2 start ecosystem.config.js --only relay-gateway
|
||||
pm2 logs relay-gateway
|
||||
|
||||
# manage downstream keys (run from BOTS/SHARED with the shared venv):
|
||||
python -m relay_gateway.manage_keys --file "$STORAGE_VOL_PATH/relay_keys.json" add --name cn-axbot --level sqb
|
||||
python -m relay_gateway.manage_keys --file "$STORAGE_VOL_PATH/relay_keys.json" add --name cn-axbot --level sre
|
||||
python -m relay_gateway.manage_keys --file "$STORAGE_VOL_PATH/relay_keys.json" list
|
||||
python -m relay_gateway.manage_keys --file "$STORAGE_VOL_PATH/relay_keys.json" revoke --name cn-axbot
|
||||
```
|
||||
|
||||
+1
-1
@@ -72,7 +72,7 @@ module.exports = {
|
||||
},
|
||||
|
||||
// Unified relay gateway fronting SREBOT (sqb) and TSSBOT (tss):
|
||||
// - Proxies read-only API queries (/api/sqb/* -> SREBOT :6000; /api/tss/* -> TSS API or 501)
|
||||
// - Proxies read-only API queries (/api/sre/* -> SREBOT :6000; /api/tss/* -> TSS API or 501)
|
||||
// - Streams replay envelopes over /ws/sqb and /ws/tss
|
||||
// - Per-key auth (all/sqb/tss) via $STORAGE_VOL_PATH/relay_keys.json
|
||||
// Lives in BOTS/SHARED/relay_gateway; loads SREBOT/.env for shared config.
|
||||
|
||||
@@ -88,6 +88,12 @@ function requireAdminBearer(req, res, next) {
|
||||
|
||||
app.use('/api', requireApiBearer);
|
||||
|
||||
// Rewrite /api/sre/* → /api/* so the gateway can forward channel-prefixed paths.
|
||||
app.use('/api/sre', (req, res, next) => {
|
||||
req.url = req.url.replace('/api/sre', '/api');
|
||||
next();
|
||||
});
|
||||
|
||||
// Readiness gate: heavy aggregation endpoints sit behind this so cold-start
|
||||
// requests don't pile up on the read connection while the DB is still opening
|
||||
// indexes and the vehicle-list cache is warming. Resolves when boot work
|
||||
|
||||
Reference in New Issue
Block a user