scrabble-game

developer/scrabble-game

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ilia Denisov	8878711cf3	R3: gateway edge hardening — body cap, h2c sizing, rate-limit observability - GATEWAY_MAX_BODY_BYTES (1 MiB): connect WithReadMaxBytes + http.MaxBytesReader on the public mux; explicit http2.Server MaxConcurrentStreams/IdleTimeout and an http.Server ReadHeaderTimeout (R2 report follow-up). - gateway_rate_limited_total{class} counter, Debug per rejection, a rejection tracker drained every 30 s into a Warn summary per key and a report POST to /api/v1/internal/ratelimit/report (feeds the admin view + auto-flag). - The dead AdminPerMinute/AdminBurst policy now guards the /_gm mount (429), ahead of its Basic-Auth. - resolve() logs the cause of infra session-resolve failures at Warn (the transient unauthenticated dips from the R2 run); unknown tokens stay silent.	2026-06-10 01:58:48 +02:00
Ilia Denisov	dcd8de8b00	Stage 12: observability & performance (OTel/OTLP, domain metrics, guest GC) Tests · Go / test (push) Successful in 11s Details Tests · Integration / integration (push) Successful in 12s Details Tests · Go / test (pull_request) Successful in 10s Details Tests · Integration / integration (pull_request) Successful in 11s Details - pkg/telemetry: shared OTel provider bootstrap (none/stdout/otlp + W3C propagators + Go runtime metrics); backend/internal/telemetry becomes a thin facade keeping its gin middleware. - Telemetry parity: gateway and the Telegram connector gain telemetry runtimes and config (GATEWAY_/TELEGRAM_ SERVICE_NAME + OTEL_*); otelgrpc instruments the backend push server, the gateway's backend+connector clients and the connector server. Default exporter stays none (collector/dashboards are Stage 14). - Operational metrics (variant attribute on game-scoped ones): game_replay_duration, game_move_validate_duration, games_started_total, games_abandoned_total, game_cache_active, chat_messages_total{kind}, gateway edge_request_duration. Wired via the SetMetrics setter pattern (default no-op meter). - TODO-3: account.GuestReaper deletes guests with no game seat past BACKEND_GUEST_RETENTION (default 30d, swept every BACKEND_GUEST_REAP_INTERVAL). - Tests: pkg/telemetry exporter selection; game/social/edge metric recording via a manual reader; config (otlp accepted, guest knobs); inttest guest reaper. - Docs: PLAN.md re-scopes Stage 12 and adds Stage 13 (alphabet-on-wire) + Stage 14 (CI/deploy) with the agreed dictionary-versioning resolution; ARCHITECTURE 11/13, TESTING, the three READMEs and FUNCTIONAL(+ru) updated.	2026-06-04 14:22:15 +02:00
Ilia Denisov	408da3f201	Stage 6: gateway edge (Connect/FlatBuffers over h2c, platform/email/guest auth, sessions, rate-limit, admin passthrough, live push bridge) Tests · Go / test (push) Successful in 8s Details Tests · Integration / integration (push) Successful in 11s Details Tests · Go / test (pull_request) Successful in 6s Details Tests · Integration / integration (pull_request) Successful in 10s Details New public ingress and the first network edge. Framework + a vertical slice of operations end-to-end; remaining ops reuse the same transcode pattern in Stage 7. Contracts (new module scrabble/pkg): - push.proto (backend->gateway gRPC server-stream) + scrabble.fbs (FlatBuffers edge payloads), committed generated Go; buf/flatc Makefiles (dev-time codegen). Backend: - REST handlers on the /api/v1 groups: internal session endpoints (telegram/guest/email login -> mint, resolve, revoke) and the user slice (profile, submit_play, state, lobby enqueue/poll, chat). - internal/notify in-process Publisher hub + internal/pushgrpc gRPC server (BACKEND_GRPC_ADDR) streaming your_turn/opponent_moved/chat/nudge/match_found; emission in game.commit, social, matchmaker. - migration 00005 accounts.is_guest; guests are durable rows excluded from stats; ProvisionGuest; email-as-login (RequestLoginCode/LoginWithCode). Gateway (new module scrabble/gateway): - Connect Gateway service over h2c (Execute + Subscribe), FlatBuffers<->JSON transcode registry, Telegram initData HMAC validator (seam), session cache, token-bucket rate limiter (3 classes), push fan-out hub, backend REST + push gRPC client, admin Basic-Auth reverse proxy. go.work: use ./pkg, ./gateway + replace scrabble/pkg. CI: gateway/, pkg/ path filters; unit build/vet/test span all three modules. Docs (PLAN, ARCHITECTURE, FUNCTIONAL+ru, TESTING, READMEs) updated; gateway/pkg unit tests + guest/email-login integration tests.	2026-06-02 22:38:24 +02:00

Author

SHA1

Message

Date

Ilia Denisov

8878711cf3

R3: gateway edge hardening — body cap, h2c sizing, rate-limit observability

- GATEWAY_MAX_BODY_BYTES (1 MiB): connect WithReadMaxBytes + http.MaxBytesReader
  on the public mux; explicit http2.Server MaxConcurrentStreams/IdleTimeout and
  an http.Server ReadHeaderTimeout (R2 report follow-up).
- gateway_rate_limited_total{class} counter, Debug per rejection, a rejection
  tracker drained every 30 s into a Warn summary per key and a report POST to
  /api/v1/internal/ratelimit/report (feeds the admin view + auto-flag).
- The dead AdminPerMinute/AdminBurst policy now guards the /_gm mount (429),
  ahead of its Basic-Auth.
- resolve() logs the cause of infra session-resolve failures at Warn (the
  transient unauthenticated dips from the R2 run); unknown tokens stay silent.

2026-06-10 01:58:48 +02:00

Ilia Denisov

dcd8de8b00

Stage 12: observability & performance (OTel/OTLP, domain metrics, guest GC)

Tests · Go / test (push) Successful in 11s

Details

Tests · Integration / integration (push) Successful in 12s

Details

Tests · Go / test (pull_request) Successful in 10s

Details

Tests · Integration / integration (pull_request) Successful in 11s

Details

- pkg/telemetry: shared OTel provider bootstrap (none/stdout/otlp + W3C
  propagators + Go runtime metrics); backend/internal/telemetry becomes a thin
  facade keeping its gin middleware.
- Telemetry parity: gateway and the Telegram connector gain telemetry runtimes
  and config (GATEWAY_/TELEGRAM_ SERVICE_NAME + OTEL_*); otelgrpc instruments the
  backend push server, the gateway's backend+connector clients and the connector
  server. Default exporter stays none (collector/dashboards are Stage 14).
- Operational metrics (variant attribute on game-scoped ones): game_replay_duration,
  game_move_validate_duration, games_started_total, games_abandoned_total,
  game_cache_active, chat_messages_total{kind}, gateway edge_request_duration.
  Wired via the SetMetrics setter pattern (default no-op meter).
- TODO-3: account.GuestReaper deletes guests with no game seat past
  BACKEND_GUEST_RETENTION (default 30d, swept every BACKEND_GUEST_REAP_INTERVAL).
- Tests: pkg/telemetry exporter selection; game/social/edge metric recording via
  a manual reader; config (otlp accepted, guest knobs); inttest guest reaper.
- Docs: PLAN.md re-scopes Stage 12 and adds Stage 13 (alphabet-on-wire) + Stage 14
  (CI/deploy) with the agreed dictionary-versioning resolution; ARCHITECTURE 11/13,
  TESTING, the three READMEs and FUNCTIONAL(+ru) updated.

2026-06-04 14:22:15 +02:00

Ilia Denisov

408da3f201

Stage 6: gateway edge (Connect/FlatBuffers over h2c, platform/email/guest auth, sessions, rate-limit, admin passthrough, live push bridge)

Tests · Go / test (push) Successful in 8s

Details

Tests · Integration / integration (push) Successful in 11s

Details

Tests · Go / test (pull_request) Successful in 6s

Details

Tests · Integration / integration (pull_request) Successful in 10s

Details

New public ingress and the first network edge. Framework + a vertical slice of
operations end-to-end; remaining ops reuse the same transcode pattern in Stage 7.

Contracts (new module scrabble/pkg):
- push.proto (backend->gateway gRPC server-stream) + scrabble.fbs (FlatBuffers
  edge payloads), committed generated Go; buf/flatc Makefiles (dev-time codegen).

Backend:
- REST handlers on the /api/v1 groups: internal session endpoints
  (telegram/guest/email login -> mint, resolve, revoke) and the user slice
  (profile, submit_play, state, lobby enqueue/poll, chat).
- internal/notify in-process Publisher hub + internal/pushgrpc gRPC server
  (BACKEND_GRPC_ADDR) streaming your_turn/opponent_moved/chat/nudge/match_found;
  emission in game.commit, social, matchmaker.
- migration 00005 accounts.is_guest; guests are durable rows excluded from stats;
  ProvisionGuest; email-as-login (RequestLoginCode/LoginWithCode).

Gateway (new module scrabble/gateway):
- Connect Gateway service over h2c (Execute + Subscribe), FlatBuffers<->JSON
  transcode registry, Telegram initData HMAC validator (seam), session cache,
  token-bucket rate limiter (3 classes), push fan-out hub, backend REST + push
  gRPC client, admin Basic-Auth reverse proxy.

go.work: use ./pkg, ./gateway + replace scrabble/pkg. CI: gateway/**, pkg/**
path filters; unit build/vet/test span all three modules. Docs (PLAN,
ARCHITECTURE, FUNCTIONAL+ru, TESTING, READMEs) updated; gateway/pkg unit tests +
guest/email-login integration tests.

2026-06-02 22:38:24 +02:00

3 Commits