Stage 10: admin console & dictionary ops (complaint review, hot-reload, broadcasts)
Server-rendered admin console in the backend at /_gm (internal/adminconsole), fronted on the gateway's public listener by Basic-Auth + a verbatim reverse proxy (mounted on the edge mux below the h2c wrap). A same-origin check guards its POSTs; no operator identity is tracked. This supersedes the Stage 6 gateway-fronts- /api/v1/admin model: GATEWAY_ADMIN_ADDR and the backend /api/v1/admin ping are dropped and gateway/internal/admin is repurposed to the verbatim proxy. - Complaints: migration 00008 (+ jetgen) adds disposition/resolution_note/ resolved_at/applied_in_version + the deferred status CHECK; resolution feeds a query-derived pending dictionary-change pipeline (marked applied after a reload). - Dictionary hot-reload: per-version subdir BACKEND_DICT_DIR/<version>/ via the new Registry.LoadAvailable; engine.OpenWithVersions restores resident versions on restart. Partially addresses TODO-2. - Broadcasts: a backend Telegram-connector client (internal/connector, BACKEND_CONNECTOR_ADDR) for SendToUser / SendToGameChannel (discharges the Stage 9 forward-note). - Admin reads: account.ListAccounts/CountAccounts/Identities and game.ListGames/CountGames/GameByID/ListComplaints/GetComplaint/CountComplaints/ ResolveComplaint/DictionaryChanges/MarkChangesApplied. - Tests: adminconsole render, engine reload, same-origin guard, gateway verbatim proxy + h2c console mount, inttest complaint pipeline + list/count + /_gm console. - Docs: PLAN (Stage 10 done + refinements + TODO-2), ARCHITECTURE §1/§5/§6/§12/§13, FUNCTIONAL (+_ru), TESTING, backend/gateway READMEs.
This commit is contained in:
Ilia Denisov
+7
-8
@@ -5,9 +5,9 @@ terminates the client's **Connect-RPC + FlatBuffers** traffic over HTTP/2
|
||||
cleartext (`h2c`), authenticates the originating credential, mints/resolves a
|
||||
thin opaque session, rate-limits, injects `X-User-ID` when forwarding to the
|
||||
backend over REST/JSON, and bridges the backend's gRPC push stream to each
|
||||
client's in-app live channel. It also fronts the backend admin API behind HTTP
|
||||
Basic-Auth. See [`../docs/ARCHITECTURE.md`](../docs/ARCHITECTURE.md) §2, §3, §10,
|
||||
§12.
|
||||
client's in-app live channel. It also serves the backend's admin console at `/_gm`
|
||||
on its public listener behind HTTP Basic-Auth. See
|
||||
[`../docs/ARCHITECTURE.md`](../docs/ARCHITECTURE.md) §2, §3, §10, §12.
|
||||
|
||||
## Package layout
|
||||
|
||||
@@ -23,7 +23,7 @@ internal/connector/ # gRPC client to the Telegram connector (initData valida
|
||||
internal/push/ # live-event fan-out hub (per-user client streams)
|
||||
internal/transcode/ # FlatBuffers<->REST bridge + message_type registry
|
||||
internal/connectsrv/ # the Connect Gateway service over h2c
|
||||
internal/admin/ # Basic-Auth reverse proxy to the backend admin API
|
||||
internal/admin/ # Basic-Auth reverse proxy mounting the backend admin console at /_gm (verbatim)
|
||||
```
|
||||
|
||||
The FlatBuffers payloads and the backend push proto are the shared wire
|
||||
@@ -58,14 +58,13 @@ identical transcode pattern (`transcode_social.go`).
|
||||
|
||||
| Variable | Default | Notes |
|
||||
| --- | --- | --- |
|
||||
| `GATEWAY_HTTP_ADDR` | `:8081` | public Connect/h2c listener |
|
||||
| `GATEWAY_ADMIN_ADDR` | `:8082` | admin proxy listener (enabled only with creds) |
|
||||
| `GATEWAY_HTTP_ADDR` | `:8081` | public Connect/h2c listener (also serves the admin console at `/_gm`) |
|
||||
| `GATEWAY_LOG_LEVEL` | `info` | zap level |
|
||||
| `GATEWAY_BACKEND_HTTP_URL` | `http://localhost:8080` | backend REST base URL |
|
||||
| `GATEWAY_BACKEND_GRPC_ADDR` | `localhost:9090` | backend push gRPC address |
|
||||
| `GATEWAY_BACKEND_TIMEOUT` | `5s` | per backend REST call |
|
||||
| `GATEWAY_ADMIN_USER` / `GATEWAY_ADMIN_PASSWORD` | unset | enable + guard the admin proxy |
|
||||
| `GATEWAY_TELEGRAM_BOT_TOKEN` | unset | enable the Telegram auth path |
|
||||
| `GATEWAY_ADMIN_USER` / `GATEWAY_ADMIN_PASSWORD` | unset | enable + guard the admin console at `/_gm` |
|
||||
| `GATEWAY_CONNECTOR_ADDR` | unset | Telegram connector gRPC address (enables initData validation + out-of-app push) |
|
||||
| `GATEWAY_SESSION_TTL` | `10m` | cached session lifetime |
|
||||
| `GATEWAY_SESSION_CACHE_MAX` | `50000` | cached session cap |
|
||||
| `GATEWAY_PUSH_HEARTBEAT_INTERVAL` | `15s` | live-stream keep-alive |
|
||||
|
||||
+25
-21
@@ -2,8 +2,8 @@
|
||||
// the client's Connect-RPC/FlatBuffers traffic over h2c, validates platform /
|
||||
// email / guest credentials and mints opaque sessions, rate-limits, injects
|
||||
// X-User-ID when forwarding to the backend over REST, and bridges the backend's
|
||||
// gRPC push stream to each client's in-app live channel. It also fronts the
|
||||
// backend admin API behind HTTP Basic-Auth.
|
||||
// gRPC push stream to each client's in-app live channel. It also serves the
|
||||
// backend's admin console at /_gm on the public listener behind HTTP Basic-Auth.
|
||||
package main
|
||||
|
||||
import (
|
||||
@@ -57,8 +57,8 @@ func main() {
|
||||
}
|
||||
}
|
||||
|
||||
// run wires the gateway dependencies and serves the public (and optional admin)
|
||||
// listeners until the context is cancelled.
|
||||
// run wires the gateway dependencies and serves the public listener (which also
|
||||
// fronts the admin console at /_gm) until the context is cancelled.
|
||||
func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
||||
ctx, cancel := context.WithCancel(ctx)
|
||||
defer cancel()
|
||||
@@ -86,15 +86,29 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
||||
logger.Warn("telegram disabled (GATEWAY_CONNECTOR_ADDR unset)")
|
||||
}
|
||||
|
||||
// The admin console (backend /_gm) is fronted on the public listener behind
|
||||
// Basic-Auth, enabled when both credentials are set; it is mounted on the edge
|
||||
// mux so the Connect h2c handler stays the top-level handler.
|
||||
var adminProxy http.Handler
|
||||
if cfg.AdminEnabled() {
|
||||
adminProxy, err = admin.NewProxy(cfg.BackendHTTPURL, cfg.AdminUser, cfg.AdminPassword, logger)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
} else {
|
||||
logger.Info("admin console disabled (set GATEWAY_ADMIN_USER and GATEWAY_ADMIN_PASSWORD)")
|
||||
}
|
||||
|
||||
registry := transcode.NewRegistry(backend, validator)
|
||||
edge := connectsrv.NewServer(connectsrv.Deps{
|
||||
Registry: registry,
|
||||
Sessions: sessions,
|
||||
Limiter: limiter,
|
||||
Hub: hub,
|
||||
RateLimit: cfg.RateLimit,
|
||||
Heartbeat: cfg.PushHeartbeatInterval,
|
||||
Logger: logger,
|
||||
Registry: registry,
|
||||
Sessions: sessions,
|
||||
Limiter: limiter,
|
||||
Hub: hub,
|
||||
RateLimit: cfg.RateLimit,
|
||||
Heartbeat: cfg.PushHeartbeatInterval,
|
||||
Logger: logger,
|
||||
AdminProxy: adminProxy,
|
||||
})
|
||||
|
||||
// Bridge the backend push stream into the fan-out hub (and the out-of-app
|
||||
@@ -104,16 +118,6 @@ func run(ctx context.Context, cfg config.Config, logger *zap.Logger) error {
|
||||
public := &http.Server{Addr: cfg.HTTPAddr, Handler: edge.HTTPHandler()}
|
||||
servers := []*namedServer{{name: "public", srv: public}}
|
||||
|
||||
if cfg.AdminEnabled() {
|
||||
proxy, err := admin.NewProxy(cfg.BackendHTTPURL, cfg.AdminUser, cfg.AdminPassword, logger)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
servers = append(servers, &namedServer{name: "admin", srv: &http.Server{Addr: cfg.AdminAddr, Handler: proxy}})
|
||||
} else {
|
||||
logger.Info("admin proxy disabled (set GATEWAY_ADMIN_USER and GATEWAY_ADMIN_PASSWORD)")
|
||||
}
|
||||
|
||||
logger.Info("gateway starting",
|
||||
zap.String("http_addr", cfg.HTTPAddr),
|
||||
zap.String("backend_http", cfg.BackendHTTPURL),
|
||||
|
||||
@@ -1,8 +1,11 @@
|
||||
// Package admin is the gateway's admin surface: HTTP Basic-Auth in front of a
|
||||
// reverse proxy to the backend admin API (docs/ARCHITECTURE.md §12). The gateway
|
||||
// validates the operator credential and forwards authenticated requests to
|
||||
// backend /api/v1/admin/*; the backend trusts the gateway on this segment. The
|
||||
// admin API itself is filled in Stage 10.
|
||||
// Package admin is the gateway's admin edge: HTTP Basic-Auth in front of a reverse
|
||||
// proxy that forwards the operator's browser to the backend's server-rendered admin
|
||||
// console under /_gm. The proxy is mounted at /_gm/ on the gateway's public listener
|
||||
// (below the h2c wrap, see internal/connectsrv) and forwards verbatim — an inbound
|
||||
// /_gm/<rest> reaches <backendURL>/_gm/<rest>, preserving the inbound Host so the
|
||||
// backend's same-origin check sees the public origin. The backend trusts the gateway
|
||||
// on this segment and adds the console's same-origin CSRF guard
|
||||
// (docs/ARCHITECTURE.md §12).
|
||||
package admin
|
||||
|
||||
import (
|
||||
@@ -11,17 +14,14 @@ import (
|
||||
"net/http"
|
||||
"net/http/httputil"
|
||||
"net/url"
|
||||
"strings"
|
||||
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
// backendAdminPrefix is where the backend mounts its admin API.
|
||||
const backendAdminPrefix = "/api/v1/admin"
|
||||
|
||||
// NewProxy returns a handler that checks Basic-Auth against user/password and
|
||||
// reverse-proxies the request to the backend admin API, mapping an inbound
|
||||
// /admin/<rest> path to <backendURL>/api/v1/admin/<rest>.
|
||||
// reverse-proxies the request verbatim to the backend: the inbound path is
|
||||
// preserved, so /_gm/<rest> reaches <backendURL>/_gm/<rest>. It is mounted at /_gm/
|
||||
// on the gateway's public listener.
|
||||
func NewProxy(backendURL, user, password string, log *zap.Logger) (http.Handler, error) {
|
||||
target, err := url.Parse(backendURL)
|
||||
if err != nil {
|
||||
@@ -32,10 +32,8 @@ func NewProxy(backendURL, user, password string, log *zap.Logger) (http.Handler,
|
||||
}
|
||||
proxy := &httputil.ReverseProxy{
|
||||
Rewrite: func(pr *httputil.ProxyRequest) {
|
||||
pr.SetURL(target)
|
||||
rel := strings.TrimPrefix(pr.In.URL.Path, "/admin")
|
||||
pr.Out.URL.Path = backendAdminPrefix + rel
|
||||
pr.Out.Host = pr.In.Host
|
||||
pr.SetURL(target) // backend scheme+host; the inbound /_gm path is preserved
|
||||
pr.Out.Host = pr.In.Host // keep the public Host for the backend same-origin check
|
||||
},
|
||||
ErrorHandler: func(w http.ResponseWriter, r *http.Request, err error) {
|
||||
log.Warn("admin proxy upstream error", zap.String("path", r.URL.Path), zap.Error(err))
|
||||
|
||||
@@ -9,27 +9,28 @@ import (
|
||||
"scrabble/gateway/internal/admin"
|
||||
)
|
||||
|
||||
func newAdmin(t *testing.T) (*httptest.Server, func()) {
|
||||
// newAdmin fronts a fake backend with the admin proxy. The fake backend records the
|
||||
// path it receives so a test can assert the proxy forwards /_gm verbatim.
|
||||
func newAdmin(t *testing.T) (front *httptest.Server, gotPath *string, cleanup func()) {
|
||||
t.Helper()
|
||||
var path string
|
||||
backend := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if r.URL.Path != "/api/v1/admin/ping" {
|
||||
t.Errorf("backend path = %q, want /api/v1/admin/ping", r.URL.Path)
|
||||
}
|
||||
_, _ = w.Write([]byte("pong"))
|
||||
path = r.URL.Path
|
||||
_, _ = w.Write([]byte("console"))
|
||||
}))
|
||||
proxy, err := admin.NewProxy(backend.URL, "ops", "secret", nil)
|
||||
if err != nil {
|
||||
t.Fatalf("new proxy: %v", err)
|
||||
}
|
||||
front := httptest.NewServer(proxy)
|
||||
return front, func() { front.Close(); backend.Close() }
|
||||
front = httptest.NewServer(proxy)
|
||||
return front, &path, func() { front.Close(); backend.Close() }
|
||||
}
|
||||
|
||||
func TestAdminRejectsMissingCredentials(t *testing.T) {
|
||||
front, cleanup := newAdmin(t)
|
||||
front, _, cleanup := newAdmin(t)
|
||||
defer cleanup()
|
||||
|
||||
resp, err := http.Get(front.URL + "/admin/ping")
|
||||
resp, err := http.Get(front.URL + "/_gm/")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@@ -37,13 +38,16 @@ func TestAdminRejectsMissingCredentials(t *testing.T) {
|
||||
if resp.StatusCode != http.StatusUnauthorized {
|
||||
t.Fatalf("status = %d, want 401", resp.StatusCode)
|
||||
}
|
||||
if resp.Header.Get("WWW-Authenticate") == "" {
|
||||
t.Error("missing WWW-Authenticate challenge")
|
||||
}
|
||||
}
|
||||
|
||||
func TestAdminProxiesWithCredentials(t *testing.T) {
|
||||
front, cleanup := newAdmin(t)
|
||||
func TestAdminProxiesVerbatimWithCredentials(t *testing.T) {
|
||||
front, gotPath, cleanup := newAdmin(t)
|
||||
defer cleanup()
|
||||
|
||||
req, _ := http.NewRequest(http.MethodGet, front.URL+"/admin/ping", nil)
|
||||
req, _ := http.NewRequest(http.MethodGet, front.URL+"/_gm/complaints", nil)
|
||||
req.SetBasicAuth("ops", "secret")
|
||||
resp, err := http.DefaultClient.Do(req)
|
||||
if err != nil {
|
||||
@@ -51,16 +55,19 @@ func TestAdminProxiesWithCredentials(t *testing.T) {
|
||||
}
|
||||
defer func() { _ = resp.Body.Close() }()
|
||||
body, _ := io.ReadAll(resp.Body)
|
||||
if resp.StatusCode != http.StatusOK || string(body) != "pong" {
|
||||
t.Fatalf("status = %d body = %q, want 200 pong", resp.StatusCode, body)
|
||||
if resp.StatusCode != http.StatusOK || string(body) != "console" {
|
||||
t.Fatalf("status = %d body = %q, want 200 console", resp.StatusCode, body)
|
||||
}
|
||||
if *gotPath != "/_gm/complaints" {
|
||||
t.Errorf("backend path = %q, want /_gm/complaints (verbatim)", *gotPath)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAdminRejectsWrongPassword(t *testing.T) {
|
||||
front, cleanup := newAdmin(t)
|
||||
front, _, cleanup := newAdmin(t)
|
||||
defer cleanup()
|
||||
|
||||
req, _ := http.NewRequest(http.MethodGet, front.URL+"/admin/ping", nil)
|
||||
req, _ := http.NewRequest(http.MethodGet, front.URL+"/_gm/", nil)
|
||||
req.SetBasicAuth("ops", "wrong")
|
||||
resp, err := http.DefaultClient.Do(req)
|
||||
if err != nil {
|
||||
|
||||
@@ -11,11 +11,9 @@ import (
|
||||
|
||||
// Config holds the gateway's runtime configuration.
|
||||
type Config struct {
|
||||
// HTTPAddr is the public Connect/h2c listener address (host:port).
|
||||
// HTTPAddr is the public Connect/h2c listener address (host:port). It also
|
||||
// serves the admin console at /_gm when admin credentials are configured.
|
||||
HTTPAddr string
|
||||
// AdminAddr is the admin reverse-proxy listener address. Admin is enabled only
|
||||
// when AdminUser and AdminPassword are also set.
|
||||
AdminAddr string
|
||||
// LogLevel is the zap log level: "debug", "info", "warn" or "error".
|
||||
LogLevel string
|
||||
// BackendHTTPURL is the base URL of the backend REST API (gateway -> backend).
|
||||
@@ -59,7 +57,6 @@ type RateLimitConfig struct {
|
||||
// Defaults applied when the corresponding environment variable is unset.
|
||||
const (
|
||||
defaultHTTPAddr = ":8081"
|
||||
defaultAdminAddr = ":8082"
|
||||
defaultLogLevel = "info"
|
||||
defaultBackendHTTPURL = "http://localhost:8080"
|
||||
defaultBackendGRPCAddr = "localhost:9090"
|
||||
@@ -85,7 +82,6 @@ func Load() (Config, error) {
|
||||
var err error
|
||||
c := Config{
|
||||
HTTPAddr: envOr("GATEWAY_HTTP_ADDR", defaultHTTPAddr),
|
||||
AdminAddr: envOr("GATEWAY_ADMIN_ADDR", defaultAdminAddr),
|
||||
LogLevel: envOr("GATEWAY_LOG_LEVEL", defaultLogLevel),
|
||||
BackendHTTPURL: envOr("GATEWAY_BACKEND_HTTP_URL", defaultBackendHTTPURL),
|
||||
BackendGRPCAddr: envOr("GATEWAY_BACKEND_GRPC_ADDR", defaultBackendGRPCAddr),
|
||||
@@ -113,10 +109,10 @@ func Load() (Config, error) {
|
||||
return c, nil
|
||||
}
|
||||
|
||||
// AdminEnabled reports whether the admin proxy should be served (an address and
|
||||
// both Basic-Auth credentials are configured).
|
||||
// AdminEnabled reports whether the admin console proxy should be mounted (both
|
||||
// Basic-Auth credentials are configured).
|
||||
func (c Config) AdminEnabled() bool {
|
||||
return c.AdminAddr != "" && c.AdminUser != "" && c.AdminPassword != ""
|
||||
return c.AdminUser != "" && c.AdminPassword != ""
|
||||
}
|
||||
|
||||
// validate reports whether the configuration values are acceptable.
|
||||
|
||||
@@ -0,0 +1,45 @@
|
||||
package connectsrv_test
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
|
||||
"scrabble/gateway/internal/connectsrv"
|
||||
)
|
||||
|
||||
// TestHTTPHandlerMountsAdminConsole verifies the admin proxy is reachable at /_gm/
|
||||
// through the h2c-wrapped edge mux when configured.
|
||||
func TestHTTPHandlerMountsAdminConsole(t *testing.T) {
|
||||
stub := http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
|
||||
w.WriteHeader(http.StatusTeapot)
|
||||
})
|
||||
srv := connectsrv.NewServer(connectsrv.Deps{AdminProxy: stub})
|
||||
front := httptest.NewServer(srv.HTTPHandler())
|
||||
defer front.Close()
|
||||
|
||||
resp, err := http.Get(front.URL + "/_gm/")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
defer func() { _ = resp.Body.Close() }()
|
||||
if resp.StatusCode != http.StatusTeapot {
|
||||
t.Fatalf("/_gm status = %d, want 418 (routed to the admin proxy)", resp.StatusCode)
|
||||
}
|
||||
}
|
||||
|
||||
// TestHTTPHandlerNoAdminConsole verifies /_gm is not served when no proxy is set.
|
||||
func TestHTTPHandlerNoAdminConsole(t *testing.T) {
|
||||
srv := connectsrv.NewServer(connectsrv.Deps{})
|
||||
front := httptest.NewServer(srv.HTTPHandler())
|
||||
defer front.Close()
|
||||
|
||||
resp, err := http.Get(front.URL + "/_gm/")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
defer func() { _ = resp.Body.Close() }()
|
||||
if resp.StatusCode != http.StatusNotFound {
|
||||
t.Fatalf("/_gm status = %d, want 404 (no admin proxy)", resp.StatusCode)
|
||||
}
|
||||
}
|
||||
@@ -32,12 +32,13 @@ const heartbeatKind = "heartbeat"
|
||||
|
||||
// Server implements edgev1connect.GatewayHandler.
|
||||
type Server struct {
|
||||
registry *transcode.Registry
|
||||
sessions *session.Cache
|
||||
limiter *ratelimit.Limiter
|
||||
hub *push.Hub
|
||||
heartbeat time.Duration
|
||||
log *zap.Logger
|
||||
registry *transcode.Registry
|
||||
sessions *session.Cache
|
||||
limiter *ratelimit.Limiter
|
||||
hub *push.Hub
|
||||
heartbeat time.Duration
|
||||
log *zap.Logger
|
||||
adminProxy http.Handler
|
||||
|
||||
publicPolicy ratelimit.Policy
|
||||
userPolicy ratelimit.Policy
|
||||
@@ -46,13 +47,14 @@ type Server struct {
|
||||
|
||||
// Deps carries the Server's dependencies.
|
||||
type Deps struct {
|
||||
Registry *transcode.Registry
|
||||
Sessions *session.Cache
|
||||
Limiter *ratelimit.Limiter
|
||||
Hub *push.Hub
|
||||
RateLimit config.RateLimitConfig
|
||||
Heartbeat time.Duration
|
||||
Logger *zap.Logger
|
||||
Registry *transcode.Registry
|
||||
Sessions *session.Cache
|
||||
Limiter *ratelimit.Limiter
|
||||
Hub *push.Hub
|
||||
RateLimit config.RateLimitConfig
|
||||
Heartbeat time.Duration
|
||||
Logger *zap.Logger
|
||||
AdminProxy http.Handler
|
||||
}
|
||||
|
||||
// NewServer constructs the edge service.
|
||||
@@ -68,6 +70,7 @@ func NewServer(d Deps) *Server {
|
||||
hub: d.Hub,
|
||||
heartbeat: d.Heartbeat,
|
||||
log: log,
|
||||
adminProxy: d.AdminProxy,
|
||||
publicPolicy: ratelimit.PerMinute(d.RateLimit.PublicPerMinute, d.RateLimit.PublicBurst),
|
||||
userPolicy: ratelimit.PerMinute(d.RateLimit.UserPerMinute, d.RateLimit.UserBurst),
|
||||
emailPolicy: ratelimit.Per(d.RateLimit.EmailPer10Min, 10*time.Minute, d.RateLimit.EmailBurst),
|
||||
@@ -79,6 +82,12 @@ func (s *Server) HTTPHandler() http.Handler {
|
||||
mux := http.NewServeMux()
|
||||
path, h := edgev1connect.NewGatewayHandler(s)
|
||||
mux.Handle(path, h)
|
||||
if s.adminProxy != nil {
|
||||
// The admin console (backend /_gm) is served on the public listener behind
|
||||
// the proxy's Basic-Auth, mounted below the h2c wrap so the Connect edge keeps
|
||||
// working over h2c (docs/ARCHITECTURE.md §12).
|
||||
mux.Handle("/_gm/", s.adminProxy)
|
||||
}
|
||||
return h2c.NewHandler(mux, &http2.Server{})
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user