Skip to main content

Module login

Module login 

Source
Expand description

REST-like Operator session resource (POST/GET/DELETE /v1/operators + WS upgrade). REST-like Operator session resource.

Provides the POST/GET/DELETE /v1/operators + WS /v1/operators/:sid/ws route family — the sole WS Operator session route. session.rs / protocol.rs are unchanged by this module.

§Login flow

POST /v1/operators { roles?: ["main-ai"] }
  → 409 if any role already owns a live entry (roles alias exclusivity,
    v1.md §Auth session flow)
  → { sid: "op-<uuid>", token: "<10-hex>", roles: [...] }

WS /v1/operators/:sid/ws
  Authorization: Bearer <token>   (mandatory — no empty-string default)
  → 401 missing/empty Bearer, 404 unknown sid, 401 token mismatch
  → registers a `WSOperatorSession` into the engine's 3 registries
    (senior_bridge / spawn_hook / operator) + role aliases, same pattern
    as `handler::handle_socket`. Reconnect (same sid, matching token)
    reuses the existing `WSOperatorSession` via `replace_tx`.

DELETE /v1/operators/:sid   (Bearer required)
  → unregisters the 3 registries + role aliases + `operator_sessions`
    entry + releases `roles_to_sid` ownership.

GET /v1/operators/:sid   (Bearer required)
  → { sid, roles, connected }

OperatorSessionEntry is the login-flow record (AppState.operator_sessions), distinct from mlua_swarm::OperatorSession (the engine-side attach/session-token record) and from WSOperatorSession (the 3-trait WS session, session.rs) — this module owns the mapping sid → (token, roles, Option<WSOperatorSession>) that the login flow is built on.

Structs§

OperatorSessionEntry
Login-flow record for a minted Operator session. Held in AppState.operator_sessions, keyed by sid. ws_session starts None (login only mints sid+token) and is set on first successful WS connect; on reconnect the same WSOperatorSession is reused (replace_tx) rather than re-registered.
OperatorsCreateReq
Body for POST /v1/operators.
OperatorsCreateResp
Response for POST /v1/operators.
OperatorsInfoResp
Response for GET /v1/operators/:sid.

Functions§

operators_create
POST /v1/operators. Mints sid (op-<uuid>) + a 10-hex-char token (mlua_swarm::types::secure_hex(5) — OS-RNG hex, unguessable across calls and restarts, which is the point: this token is the sole bearer secret on the short-handle path). When roles is non-empty, checks AppState.roles_to_sid for conflicts under a single lock (check + insert atomic w.r.t. concurrent mints) and returns 409 CONFLICT with the conflicting role names on collision. Empty roles never conflicts (= no exclusivity is claimed).
operators_delete
DELETE /v1/operators/:sid. Bearer mandatory. 404 on unknown sid, 401 on token mismatch. Drops the 3 engine registries + role aliases + ws_operator_factory bindings + operator_sessions entry, and releases this sid’s ownership in roles_to_sid (re-opening the role names for a future mint).
operators_info
GET /v1/operators/:sid. Bearer mandatory. 404 on unknown sid, 401 on token mismatch. connected reflects whether ws_session is currently Some (= a WS is live, not merely that the session was ever connected).
operators_ws_connect
GET /v1/operators/:sid/ws (WS upgrade). Bearer mandatory. 404 on unknown sid, 401 on token mismatch. On successful upgrade, registers (or reuses, on reconnect) a WSOperatorSession under sid — same 3-registry pattern as handler::handle_socket, plus role-alias registration for every role minted alongside this sid.