feat: Implement basic API server with mTLS for leader join endpoint

2025-05-16 22:18:58 -04:00
parent 800e4f72f2
commit 9e63518308
4 changed files with 412 additions and 0 deletions
--- a/internal/api/server.go
+++ b/internal/api/server.go
@ -0,0 +1,84 @@
+package api
+
+import (
+	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"net/http"
+	"os"
+	"time"
+)
+
+// Server represents the API server for KAT
+type Server struct {
+	httpServer *http.Server
+	router     *Router
+	certFile   string
+	keyFile    string
+	caFile     string
+}
+
+// NewServer creates a new API server instance
+func NewServer(addr string, certFile, keyFile, caFile string) (*Server, error) {
+	router := NewRouter()
+	
+	server := &Server{
+		router:   router,
+		certFile: certFile,
+		keyFile:  keyFile,
+		caFile:   caFile,
+	}
+
+	// Create the HTTP server with TLS config
+	server.httpServer = &http.Server{
+		Addr:         addr,
+		Handler:      router,
+		ReadTimeout:  30 * time.Second,
+		WriteTimeout: 30 * time.Second,
+		IdleTimeout:  120 * time.Second,
+	}
+
+	return server, nil
+}
+
+// Start begins listening for requests
+func (s *Server) Start() error {
+	// Load server certificate and key
+	cert, err := tls.LoadX509KeyPair(s.certFile, s.keyFile)
+	if err != nil {
+		return fmt.Errorf("failed to load server certificate and key: %w", err)
+	}
+
+	// Load CA certificate for client verification
+	caCert, err := os.ReadFile(s.caFile)
+	if err != nil {
+		return fmt.Errorf("failed to read CA certificate: %w", err)
+	}
+
+	caCertPool := x509.NewCertPool()
+	if !caCertPool.AppendCertsFromPEM(caCert) {
+		return fmt.Errorf("failed to append CA certificate to pool")
+	}
+
+	// Configure TLS
+	s.httpServer.TLSConfig = &tls.Config{
+		Certificates: []tls.Certificate{cert},
+		ClientAuth:   tls.RequireAndVerifyClientCert,
+		ClientCAs:    caCertPool,
+		MinVersion:   tls.VersionTLS12,
+	}
+
+	// Start the server
+	return s.httpServer.ListenAndServeTLS("", "")
+}
+
+// Stop gracefully shuts down the server
+func (s *Server) Stop(ctx context.Context) error {
+	return s.httpServer.Shutdown(ctx)
+}
+
+// RegisterJoinHandler registers the handler for agent join requests
+func (s *Server) RegisterJoinHandler(handler http.HandlerFunc) {
+	s.router.HandleFunc("POST", "/internal/v1alpha1/join", handler)
+}