phase 4: connectrpc on the gateway authenticated edge

Replace the native-gRPC server bootstrap with a single `connectrpc.com/connect` HTTP/h2c listener. Connect-Go natively serves Connect, gRPC, and gRPC-Web on the same port, so browsers can now reach the authenticated surface without giving up the gRPC framing native and desktop clients may use later. The decorator stack (envelope → session → payload-hash → signature → freshness/replay → rate-limit → routing/push) is reused unchanged behind a small Connect → gRPC adapter and a `grpc.ServerStream` shim around `*connect.ServerStream`. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-07 11:49:28 +02:00
parent 39b7b2ef29
commit 118f7c17a2
30 changed files with 1009 additions and 772 deletions
@@ -0,0 +1,138 @@
+// Code generated by protoc-gen-connect-go. DO NOT EDIT.
+//
+// Source: galaxy/gateway/v1/edge_gateway.proto
+
+package gatewayv1connect
+
+import (
+	connect "connectrpc.com/connect"
+	context "context"
+	errors "errors"
+	v1 "galaxy/gateway/proto/galaxy/gateway/v1"
+	http "net/http"
+	strings "strings"
+)
+
+// This is a compile-time assertion to ensure that this generated file and the connect package are
+// compatible. If you get a compiler error that this constant is not defined, this code was
+// generated with a version of connect newer than the one compiled into your binary. You can fix the
+// problem by either regenerating this code with an older version of connect or updating the connect
+// version compiled into your binary.
+const _ = connect.IsAtLeastVersion1_13_0
+
+const (
+	// EdgeGatewayName is the fully-qualified name of the EdgeGateway service.
+	EdgeGatewayName = "galaxy.gateway.v1.EdgeGateway"
+)
+
+// These constants are the fully-qualified names of the RPCs defined in this package. They're
+// exposed at runtime as Spec.Procedure and as the final two segments of the HTTP route.
+//
+// Note that these are different from the fully-qualified method names used by
+// google.golang.org/protobuf/reflect/protoreflect. To convert from these constants to
+// reflection-formatted method names, remove the leading slash and convert the remaining slash to a
+// period.
+const (
+	// EdgeGatewayExecuteCommandProcedure is the fully-qualified name of the EdgeGateway's
+	// ExecuteCommand RPC.
+	EdgeGatewayExecuteCommandProcedure = "/galaxy.gateway.v1.EdgeGateway/ExecuteCommand"
+	// EdgeGatewaySubscribeEventsProcedure is the fully-qualified name of the EdgeGateway's
+	// SubscribeEvents RPC.
+	EdgeGatewaySubscribeEventsProcedure = "/galaxy.gateway.v1.EdgeGateway/SubscribeEvents"
+)
+
+// EdgeGatewayClient is a client for the galaxy.gateway.v1.EdgeGateway service.
+type EdgeGatewayClient interface {
+	ExecuteCommand(context.Context, *connect.Request[v1.ExecuteCommandRequest]) (*connect.Response[v1.ExecuteCommandResponse], error)
+	SubscribeEvents(context.Context, *connect.Request[v1.SubscribeEventsRequest]) (*connect.ServerStreamForClient[v1.GatewayEvent], error)
+}
+
+// NewEdgeGatewayClient constructs a client for the galaxy.gateway.v1.EdgeGateway service. By
+// default, it uses the Connect protocol with the binary Protobuf Codec, asks for gzipped responses,
+// and sends uncompressed requests. To use the gRPC or gRPC-Web protocols, supply the
+// connect.WithGRPC() or connect.WithGRPCWeb() options.
+//
+// The URL supplied here should be the base URL for the Connect or gRPC server (for example,
+// http://api.acme.com or https://acme.com/grpc).
+func NewEdgeGatewayClient(httpClient connect.HTTPClient, baseURL string, opts ...connect.ClientOption) EdgeGatewayClient {
+	baseURL = strings.TrimRight(baseURL, "/")
+	edgeGatewayMethods := v1.File_galaxy_gateway_v1_edge_gateway_proto.Services().ByName("EdgeGateway").Methods()
+	return &edgeGatewayClient{
+		executeCommand: connect.NewClient[v1.ExecuteCommandRequest, v1.ExecuteCommandResponse](
+			httpClient,
+			baseURL+EdgeGatewayExecuteCommandProcedure,
+			connect.WithSchema(edgeGatewayMethods.ByName("ExecuteCommand")),
+			connect.WithClientOptions(opts...),
+		),
+		subscribeEvents: connect.NewClient[v1.SubscribeEventsRequest, v1.GatewayEvent](
+			httpClient,
+			baseURL+EdgeGatewaySubscribeEventsProcedure,
+			connect.WithSchema(edgeGatewayMethods.ByName("SubscribeEvents")),
+			connect.WithClientOptions(opts...),
+		),
+	}
+}
+
+// edgeGatewayClient implements EdgeGatewayClient.
+type edgeGatewayClient struct {
+	executeCommand  *connect.Client[v1.ExecuteCommandRequest, v1.ExecuteCommandResponse]
+	subscribeEvents *connect.Client[v1.SubscribeEventsRequest, v1.GatewayEvent]
+}
+
+// ExecuteCommand calls galaxy.gateway.v1.EdgeGateway.ExecuteCommand.
+func (c *edgeGatewayClient) ExecuteCommand(ctx context.Context, req *connect.Request[v1.ExecuteCommandRequest]) (*connect.Response[v1.ExecuteCommandResponse], error) {
+	return c.executeCommand.CallUnary(ctx, req)
+}
+
+// SubscribeEvents calls galaxy.gateway.v1.EdgeGateway.SubscribeEvents.
+func (c *edgeGatewayClient) SubscribeEvents(ctx context.Context, req *connect.Request[v1.SubscribeEventsRequest]) (*connect.ServerStreamForClient[v1.GatewayEvent], error) {
+	return c.subscribeEvents.CallServerStream(ctx, req)
+}
+
+// EdgeGatewayHandler is an implementation of the galaxy.gateway.v1.EdgeGateway service.
+type EdgeGatewayHandler interface {
+	ExecuteCommand(context.Context, *connect.Request[v1.ExecuteCommandRequest]) (*connect.Response[v1.ExecuteCommandResponse], error)
+	SubscribeEvents(context.Context, *connect.Request[v1.SubscribeEventsRequest], *connect.ServerStream[v1.GatewayEvent]) error
+}
+
+// NewEdgeGatewayHandler builds an HTTP handler from the service implementation. It returns the path
+// on which to mount the handler and the handler itself.
+//
+// By default, handlers support the Connect, gRPC, and gRPC-Web protocols with the binary Protobuf
+// and JSON codecs. They also support gzip compression.
+func NewEdgeGatewayHandler(svc EdgeGatewayHandler, opts ...connect.HandlerOption) (string, http.Handler) {
+	edgeGatewayMethods := v1.File_galaxy_gateway_v1_edge_gateway_proto.Services().ByName("EdgeGateway").Methods()
+	edgeGatewayExecuteCommandHandler := connect.NewUnaryHandler(
+		EdgeGatewayExecuteCommandProcedure,
+		svc.ExecuteCommand,
+		connect.WithSchema(edgeGatewayMethods.ByName("ExecuteCommand")),
+		connect.WithHandlerOptions(opts...),
+	)
+	edgeGatewaySubscribeEventsHandler := connect.NewServerStreamHandler(
+		EdgeGatewaySubscribeEventsProcedure,
+		svc.SubscribeEvents,
+		connect.WithSchema(edgeGatewayMethods.ByName("SubscribeEvents")),
+		connect.WithHandlerOptions(opts...),
+	)
+	return "/galaxy.gateway.v1.EdgeGateway/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch r.URL.Path {
+		case EdgeGatewayExecuteCommandProcedure:
+			edgeGatewayExecuteCommandHandler.ServeHTTP(w, r)
+		case EdgeGatewaySubscribeEventsProcedure:
+			edgeGatewaySubscribeEventsHandler.ServeHTTP(w, r)
+		default:
+			http.NotFound(w, r)
+		}
+	})
+}
+
+// UnimplementedEdgeGatewayHandler returns CodeUnimplemented from all methods.
+type UnimplementedEdgeGatewayHandler struct{}
+
+func (UnimplementedEdgeGatewayHandler) ExecuteCommand(context.Context, *connect.Request[v1.ExecuteCommandRequest]) (*connect.Response[v1.ExecuteCommandResponse], error) {
+	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("galaxy.gateway.v1.EdgeGateway.ExecuteCommand is not implemented"))
+}
+
+func (UnimplementedEdgeGatewayHandler) SubscribeEvents(context.Context, *connect.Request[v1.SubscribeEventsRequest], *connect.ServerStream[v1.GatewayEvent]) error {
+	return connect.NewError(connect.CodeUnimplemented, errors.New("galaxy.gateway.v1.EdgeGateway.SubscribeEvents is not implemented"))
+}