selfrelease
8db9d33694
- A.1 备案对接: BindFiling/QueryFiling 关联网标号+备案号 - A.2 监管上报: DailyRegulatoryReport 日报 - B.1 号段管理: ListSegments + /admin/segments - C.1/C.2 全国统计按省聚合 + 跨省协同(单一可信源天然联动) - F.2 全国监管大屏: NationalStats(按省/类目/状态) - B(遗留) 监管大屏BFF: internal/bff + cmd/console-bff, 密钥仅存后端浏览器只用会话令牌 - G 真实链合约源码: contracts/tcs_registry/registry.go (ChainMaker Go) - 新增9个API+BFF服务; 5项新测试; 端到端BFF验证 - D/E(压测/等保/HSM)/F.1(标准)/真实链部署 标注需外部环境
43 lines
1.3 KiB
Go
43 lines
1.3 KiB
Go
package main
|
||
|
||
import (
|
||
"log"
|
||
"os"
|
||
|
||
"github.com/gin-gonic/gin"
|
||
"github.com/tcs-iptv/tcs/internal/bff"
|
||
"github.com/tcs-iptv/tcs/internal/httpx"
|
||
)
|
||
|
||
// 监管控制台 BFF(三期 B):浏览器只拿会话令牌,密钥仅存后端。
|
||
func main() {
|
||
apiBase := getenv("TCS_API_BASE", "http://localhost:8080")
|
||
addr := getenv("TCS_BFF_ADDR", ":8090")
|
||
|
||
b := bff.New(apiBase)
|
||
// 凭证从环境/Vault 加载(此处示例;生产严禁硬编码)
|
||
b.SetCred("regulator", getenv("TCS_AK_REGULATOR", "ak-regulator"), getenv("TCS_SK_REGULATOR", "sk-regulator"))
|
||
b.SetCred("reviewer", getenv("TCS_AK_REVIEWER", "ak-reviewer"), getenv("TCS_SK_REVIEWER", "sk-reviewer"))
|
||
// 控制台用户(生产接 SSO/LDAP + MFA)
|
||
b.AddUser("admin", getenv("TCS_ADMIN_PASS", "admin123"), "regulator")
|
||
b.AddUser("reviewer", getenv("TCS_REVIEWER_PASS", "review123"), "reviewer")
|
||
|
||
r := gin.Default()
|
||
httpx.Health(r, "console-bff")
|
||
r.POST("/bff/login", b.Login)
|
||
authed := r.Group("/bff", b.AuthMiddleware())
|
||
authed.Any("/api/*path", b.Proxy) // 浏览器 → BFF → (HMAC) → api-svc
|
||
|
||
log.Printf("console-bff listening on %s (proxy → %s)", addr, apiBase)
|
||
if err := r.Run(addr); err != nil {
|
||
log.Fatalf("console-bff failed: %v", err)
|
||
}
|
||
}
|
||
|
||
func getenv(k, def string) string {
|
||
if v := os.Getenv(k); v != "" {
|
||
return v
|
||
}
|
||
return def
|
||
}
|