fix/check implementation #6

New issue

Closed

opened 2026-03-23 09:53:51 +00:00 by despiegk · 3 comments

despiegk commented 2026-03-23 09:53:51 +00:00

Owner

Copy link

We are working on a proxy server, but please check if the following is okay. So the proxy server accepts HTTP, HTTPS, supports Let's Encrypt, OAuth, and can also do self-signed certificates. We can bind the server on an IP address, IPv6 or IPv4, even on a socket. That's for the incoming because it's a proxy, right? Then for managing this server, that's our typical socket mechanism on a UDS Unix socket.

Check all of that and then set up the system and make sure it all works well.

make sure that attaching to an interface (one or more), can be done at runtime over the openrpc interface

make sure openrpc spec and implementation is aligned

use following skills

/hero_proc_service_selfstart

/hero_crates_best_practices_check

We are working on a proxy server, but please check if the following is okay. So the proxy server accepts HTTP, HTTPS, supports Let's Encrypt, OAuth, and can also do self-signed certificates. We can bind the server on an IP address, IPv6 or IPv4, even on a socket. That's for the incoming because it's a proxy, right? Then for managing this server, that's our typical socket mechanism on a UDS Unix socket. Check all of that and then set up the system and make sure it all works well. make sure that attaching to an interface (one or more), can be done at runtime over the openrpc interface make sure openrpc spec and implementation is aligned use following skills /hero_proc_service_selfstart /hero_crates_best_practices_check

despiegk commented 2026-03-23 09:59:01 +00:00

Author

Owner

Copy link

Implementation Spec for Issue #6

Objective

Audit and fix the hero_proxy_server so that all described capabilities (HTTP, HTTPS, Let's Encrypt, OAuth, self-signed certs, IPv4/IPv6, socket binding, runtime interface attachment via OpenRPC) are correctly implemented, the OpenRPC spec and its Rust implementation are fully aligned, and the --start/--stop lifecycle follows hero_proc best practices.

Current State Assessment

What Works: HTTP/HTTPS listeners, UDS management socket, proxy routing, TLS (self-signed + ACME), OAuth, DNS CRUD, SQLite DB, hero_proc lifecycle, Admin UI, OpenRPC spec (27 methods).

What Is Missing / Misaligned:

ID	Issue
M1	No runtime listener/interface management via OpenRPC — bind addresses/ports are hardcoded constants
M2	OpenRPC spec vs implementation response key mismatches (see table below)
M3	Generated SDK client expects spec keys but server sends different ones
M4	No IPv6 support — only binds to 0.0.0.0
M5	No listeners DB table or OpenRPC methods for listener management
M6	dns.status returns only enabled, missing listening and address

Response Key Mismatches:

Method	Spec says	Server returns
tls.set / tls.check	{"domain": TlsDomain}	{"tls": TlsDomain}
*.remove methods	{"removed": bool}	{"deleted": bool}
dns.status	{enabled, listening, address}	{enabled} only
settings.list	{"settings": [{key,value},...]}	{"settings": {key: value}}

Implementation Plan

Step 1: Fix OpenRPC response key mismatches in main.rs

Fix all response keys to match the OpenRPC spec (deleted→removed, tls→domain).

Step 2: Fix settings.list and dns.status responses

Change settings.list to return array of {key, value} objects. Add listening and address fields to dns.status.

Step 3: Add listeners table and CRUD to db.rs

New Listener struct, CREATE TABLE listeners, CRUD methods, seed default listeners.

Step 4: Add listener management to AppState and runtime spawning

Add active_listeners to AppState, refactor hardcoded spawning to DB-driven, spawn_listener() / shutdown_listener() functions.

Step 5: Add listener.* OpenRPC methods

Add listener.list, listener.add, listener.remove, listener.status to spec and handler.

Step 6: Regenerate SDK client and update admin UI

Update generated client, add Listeners tab to admin dashboard.

Step 7: Add tests

Unit tests for listener CRUD, response key correctness, settings.list format, dns.status fields.

Acceptance Criteria

• All response keys match OpenRPC spec
• listener.list/add/remove/status methods work at runtime
• IPv4 and IPv6 binding supported
• Default listeners seeded on first run
• SDK client regenerated
• Admin UI has Listeners tab
• cargo check and cargo test pass

Notes

• Breaking change for SDK consumers (response keys fixed) — acceptable at v0.1.0
• IPv6 dual-stack: binding [::] accepts both IPv4 and IPv6
• TLS for runtime listeners coupled to tls_domains table
• Ports < 1024 require elevated privileges — handle EACCES gracefully

## Implementation Spec for Issue #6 ### Objective Audit and fix the hero_proxy_server so that all described capabilities (HTTP, HTTPS, Let's Encrypt, OAuth, self-signed certs, IPv4/IPv6, socket binding, runtime interface attachment via OpenRPC) are correctly implemented, the OpenRPC spec and its Rust implementation are fully aligned, and the `--start`/`--stop` lifecycle follows hero_proc best practices. ### Current State Assessment **What Works:** HTTP/HTTPS listeners, UDS management socket, proxy routing, TLS (self-signed + ACME), OAuth, DNS CRUD, SQLite DB, hero_proc lifecycle, Admin UI, OpenRPC spec (27 methods). **What Is Missing / Misaligned:** | ID | Issue | |----|-------| | M1 | No runtime listener/interface management via OpenRPC — bind addresses/ports are hardcoded constants | | M2 | OpenRPC spec vs implementation response key mismatches (see table below) | | M3 | Generated SDK client expects spec keys but server sends different ones | | M4 | No IPv6 support — only binds to `0.0.0.0` | | M5 | No `listeners` DB table or OpenRPC methods for listener management | | M6 | `dns.status` returns only `enabled`, missing `listening` and `address` | **Response Key Mismatches:** | Method | Spec says | Server returns | |--------|-----------|----------------| | `tls.set` / `tls.check` | `{"domain": TlsDomain}` | `{"tls": TlsDomain}` | | `*.remove` methods | `{"removed": bool}` | `{"deleted": bool}` | | `dns.status` | `{enabled, listening, address}` | `{enabled}` only | | `settings.list` | `{"settings": [{key,value},...]}` | `{"settings": {key: value}}` | ### Implementation Plan #### Step 1: Fix OpenRPC response key mismatches in main.rs Fix all response keys to match the OpenRPC spec (`deleted`→`removed`, `tls`→`domain`). #### Step 2: Fix settings.list and dns.status responses Change `settings.list` to return array of `{key, value}` objects. Add `listening` and `address` fields to `dns.status`. #### Step 3: Add listeners table and CRUD to db.rs New `Listener` struct, `CREATE TABLE listeners`, CRUD methods, seed default listeners. #### Step 4: Add listener management to AppState and runtime spawning Add `active_listeners` to `AppState`, refactor hardcoded spawning to DB-driven, `spawn_listener()` / `shutdown_listener()` functions. #### Step 5: Add listener.* OpenRPC methods Add `listener.list`, `listener.add`, `listener.remove`, `listener.status` to spec and handler. #### Step 6: Regenerate SDK client and update admin UI Update generated client, add Listeners tab to admin dashboard. #### Step 7: Add tests Unit tests for listener CRUD, response key correctness, settings.list format, dns.status fields. ### Acceptance Criteria - [ ] All response keys match OpenRPC spec - [ ] `listener.list/add/remove/status` methods work at runtime - [ ] IPv4 and IPv6 binding supported - [ ] Default listeners seeded on first run - [ ] SDK client regenerated - [ ] Admin UI has Listeners tab - [ ] `cargo check` and `cargo test` pass ### Notes - Breaking change for SDK consumers (response keys fixed) — acceptable at v0.1.0 - IPv6 dual-stack: binding `[::]` accepts both IPv4 and IPv6 - TLS for runtime listeners coupled to `tls_domains` table - Ports < 1024 require elevated privileges — handle `EACCES` gracefully

despiegk commented 2026-03-23 10:19:32 +00:00

Author

Owner

Copy link

Implementation Complete

Test Results

• weblib: 39 unit + 6 integration + 15 doc-tests = all pass
• hero_proxy_server: 8 unit tests = all pass
• hero_proxy_sdk: 1 doc-test = pass
• hero_proxy_examples: integration tests require running hero_proc (environment-dependent, not code bugs)
• cargo check: clean (no errors)

Changes Made

1. Fixed OpenRPC spec/implementation alignment

• tls.set / tls.check: response key tls → domain
• All *.remove methods: response key deleted → removed
• settings.list: flat map → array of {key, value} objects
• dns.status: added missing listening and address fields

2. Added runtime listener management

• New listeners SQLite table with CRUD operations
• New Listener struct in db.rs
• Default listeners seeded on first run (HTTP 0.0.0.0:9997, HTTPS 0.0.0.0:9996)
• ListenerHandle struct with shutdown channel for runtime control
• active_listeners field in AppState
• spawn_listener() function supporting HTTP, HTTPS (selfsigned + letsencrypt)
• IPv4 and IPv6 address support

3. Added listener.* OpenRPC methods

• listener.list — list all configured listeners
• listener.add — add and optionally start a new listener
• listener.remove — stop and remove a listener
• listener.status — show active/inactive status
• Listener component schema added to openrpc.json

4. Updated SDK client

• Added Listener types and 4 client methods
• Fixed SettingsListOutput to use Vec
• Added SettingsEntry struct

5. Updated admin UI

• New Listeners tab with table display
• Add Listener modal with protocol/TLS mode selection
• Remove listener action
• Active status indicator

6. Fixed ancillary issues

• Fixed example files to use correct SDK types
• Fixed weblib doc-tests (crate name references)
• Fixed integration test type access patterns

Files Modified

• crates/hero_proxy_server/src/main.rs
• crates/hero_proxy_server/src/db.rs
• crates/hero_proxy_server/src/proxy.rs
• crates/hero_proxy_server/openrpc.json
• crates/hero_proxy_server/openrpc.client.generated.rs
• crates/hero_proxy_ui/static/admin.html
• crates/hero_proxy_examples/examples/health.rs
• crates/hero_proxy_examples/examples/list_services.rs
• crates/hero_proxy_examples/tests/integration.rs
• crates/weblib/tests/integration.rs
• crates/weblib/src/*.rs (doc-test fixes)

## Implementation Complete ### Test Results - **weblib**: 39 unit + 6 integration + 15 doc-tests = all pass - **hero_proxy_server**: 8 unit tests = all pass - **hero_proxy_sdk**: 1 doc-test = pass - **hero_proxy_examples**: integration tests require running hero_proc (environment-dependent, not code bugs) - **cargo check**: clean (no errors) ### Changes Made #### 1. Fixed OpenRPC spec/implementation alignment - `tls.set` / `tls.check`: response key `tls` → `domain` - All `*.remove` methods: response key `deleted` → `removed` - `settings.list`: flat map → array of `{key, value}` objects - `dns.status`: added missing `listening` and `address` fields #### 2. Added runtime listener management - New `listeners` SQLite table with CRUD operations - New `Listener` struct in db.rs - Default listeners seeded on first run (HTTP 0.0.0.0:9997, HTTPS 0.0.0.0:9996) - `ListenerHandle` struct with shutdown channel for runtime control - `active_listeners` field in AppState - `spawn_listener()` function supporting HTTP, HTTPS (selfsigned + letsencrypt) - IPv4 and IPv6 address support #### 3. Added listener.* OpenRPC methods - `listener.list` — list all configured listeners - `listener.add` — add and optionally start a new listener - `listener.remove` — stop and remove a listener - `listener.status` — show active/inactive status - Listener component schema added to openrpc.json #### 4. Updated SDK client - Added Listener types and 4 client methods - Fixed SettingsListOutput to use Vec<SettingsEntry> - Added SettingsEntry struct #### 5. Updated admin UI - New Listeners tab with table display - Add Listener modal with protocol/TLS mode selection - Remove listener action - Active status indicator #### 6. Fixed ancillary issues - Fixed example files to use correct SDK types - Fixed weblib doc-tests (crate name references) - Fixed integration test type access patterns ### Files Modified - `crates/hero_proxy_server/src/main.rs` - `crates/hero_proxy_server/src/db.rs` - `crates/hero_proxy_server/src/proxy.rs` - `crates/hero_proxy_server/openrpc.json` - `crates/hero_proxy_server/openrpc.client.generated.rs` - `crates/hero_proxy_ui/static/admin.html` - `crates/hero_proxy_examples/examples/health.rs` - `crates/hero_proxy_examples/examples/list_services.rs` - `crates/hero_proxy_examples/tests/integration.rs` - `crates/weblib/tests/integration.rs` - `crates/weblib/src/*.rs` (doc-test fixes)

despiegk commented 2026-03-23 10:20:32 +00:00

Author

Owner

Copy link

Implementation committed: b100394

Browse: b100394

Implementation committed: `b100394` Browse: https://forge.ourworld.tf/lhumina_code/hero_proxy/commit/b100394

despiegk referenced this issue from a commit 2026-03-23 19:55:11 +00:00

feat(proxy): add runtime listener management and fix OpenRPC alignment

timur referenced this issue 2026-03-26 11:24:56 +00:00

[Phase 1] Auth gateway: OSIS migration, secp256k1 signature auth, OAuth enforcement, identity injection #8

despiegk closed this issue 2026-04-05 15:58:54 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

development

main

v0.1.1

v0.1.0

Labels

Clear labels   

prio_critical

  

prio_low

  

type_bug

  

type_contact

  

type_issue

  

type_lead

  

type_question

  

type_story

  

type_task

No labels

prio_critical

prio_low

type_bug

type_contact

type_issue

type_lead

type_question

type_story

type_task

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

lhumina_code/hero_proxy#6

No description provided.