[WIP] Set up the super admin API skeleton#5554
Closed
carmenlau wants to merge 11 commits intoauthgear:mainfrom
Closed
[WIP] Set up the super admin API skeleton#5554carmenlau wants to merge 11 commits intoauthgear:mainfrom
carmenlau wants to merge 11 commits intoauthgear:mainfrom
Conversation
Add PORTAL_SUPERADMIN_LISTEN_ADDR and PORTAL_SUPERADMIN_INTERNAL_LISTEN_ADDR configuration fields with defaults to :3005 and :13005 respectively. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Create the GraphQL schema layer with: - schema.go: Initialize GraphQL schema with query and mutation - query.go: Define Query object with __typename field - mutation.go: Define Mutation object with __typename field - context.go: Define GraphQL context for request-scoped data - deps.go: Wire dependency injection set Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Create the HTTP transport layer with: - graphql.go: Configure GraphQL route at /api/graphql with GET and POST methods - handler_graphql.go: Implement HTTP handler for GraphQL queries - deps.go: Wire dependency injection set Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Create CSP middleware that: - Sets strict Content-Security-Policy header - Disallows inline scripts and objects - Restricts frame ancestors - Supports only self and strict-dynamic scripts Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Combine dependency injection sets from: - portal deps (base dependencies) - clock (for SessionInfoMiddleware) - globaldb (for health check) - globalredis (for health check) - graphql (GraphQL layer) - transport (HTTP transport layer) Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Create wire injector functions to build: - newPanicMiddleware: Panic recovery middleware - newBodyLimitMiddleware: Request body size limiting - newOtelMiddleware: OpenTelemetry tracing - newSentryMiddleware: Error capture and reporting - newSessionInfoMiddleware: Session validation via Authgear - newHealthzHandler: Health check endpoint - newGraphQLHandler: GraphQL query handler Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Assemble the complete HTTP routing and middleware stack: - Health check endpoint (/healthz) - GraphQL endpoint (/api/graphql) with full middleware chain: 1. OTel tracing 2. Panic recovery 3. Body size limiting 4. Sentry error capture 5. Session validation (via Authgear) 6. Security headers (CSP, X-Frame-Options, etc.) 7. Cache-Control: no-store 8. Content-Type validation Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Auto-generated wire_gen.go file via: wire gen ./pkg/portal/superadmin/... Generates all dependency injection provider functions and wires together the complete dependency graph for the superadmin package. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Add optional superadmin server startup controlled by command-line arguments: cmd/portal/server/server.go: - Import superadmin package - Add PortalMode and SuperadminMode flags to Controller struct - Update Start() method to conditionally create server specs based on flags - If PortalMode: start portal on :3003 with internal pprof on :13003 - If SuperadminMode: start superadmin on :3005 with internal pprof on :13005 cmd/portal/cmd/cmdstart/start.go: - Parse command arguments: "portal" or "superadmin" - Default to PortalMode if no args (backward compatible) - Set only SuperadminMode=true if "superadmin" arg provided Usage: ./authgear-portal start # Starts portal (default) ./authgear-portal start portal # Explicit portal mode ./authgear-portal start superadmin # Starts superadmin only Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
tung2744
reviewed
Mar 11, 2026
tung2744
reviewed
Mar 11, 2026
|
|
||
| import "net/http" | ||
|
|
||
| func SuperadminCSPMiddleware(next http.Handler) http.Handler { |
Contributor
There was a problem hiding this comment.
Reuse CSP middleware of portal?
Or what is the reason we need separated CSP Middleware?
tung2744
reviewed
Mar 11, 2026
|
|
||
| import "github.com/authgear/authgear-server/pkg/util/httproute" | ||
|
|
||
| func ConfigureGraphQLRoute(route httproute.Route) []httproute.Route { |
Contributor
There was a problem hiding this comment.
We also need to update nginx.conf. Define a path routing to the super admin port.
Contributor
Author
|
The plan has changed, I'll open a another PR for the server setup. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
ref DEV-3422
WIP: