Phase 0 scaffold: arcadia-cloud Phoenix service
API-only Phoenix 1.8 project for cloud-ops, inventory, billing, and provisioning sagas. Validates arcadia JWTs via shared Guardian secret (verify-only; arcadia-app remains the issuer). Deps beyond default Phoenix: guardian, cors_plug, oban, req. Postgres on local port 5433 per arcadia stack convention. Endpoint runs on :4005. Endpoints: - GET /api/health — public, returns service identifier - GET /api/v1/inventory — auth-gated, returns empty list (phase 0 stub) Oban configured with the queues phase 1+ will need: provisioning / cloud_sync_fast|full|slow / cloud_billing / metering. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
32
lib/arcadia_cloud/application.ex
Normal file
32
lib/arcadia_cloud/application.ex
Normal file
@@ -0,0 +1,32 @@
|
||||
defmodule ArcadiaCloud.Application do
|
||||
# See https://hexdocs.pm/elixir/Application.html
|
||||
# for more information on OTP Applications
|
||||
@moduledoc false
|
||||
|
||||
use Application
|
||||
|
||||
@impl true
|
||||
def start(_type, _args) do
|
||||
children = [
|
||||
ArcadiaCloudWeb.Telemetry,
|
||||
ArcadiaCloud.Repo,
|
||||
{DNSCluster, query: Application.get_env(:arcadia_cloud, :dns_cluster_query) || :ignore},
|
||||
{Phoenix.PubSub, name: ArcadiaCloud.PubSub},
|
||||
{Oban, Application.fetch_env!(:arcadia_cloud, Oban)},
|
||||
ArcadiaCloudWeb.Endpoint
|
||||
]
|
||||
|
||||
# See https://hexdocs.pm/elixir/Supervisor.html
|
||||
# for other strategies and supported options
|
||||
opts = [strategy: :one_for_one, name: ArcadiaCloud.Supervisor]
|
||||
Supervisor.start_link(children, opts)
|
||||
end
|
||||
|
||||
# Tell Phoenix to update the endpoint configuration
|
||||
# whenever the application is updated.
|
||||
@impl true
|
||||
def config_change(changed, _new, removed) do
|
||||
ArcadiaCloudWeb.Endpoint.config_change(changed, removed)
|
||||
:ok
|
||||
end
|
||||
end
|
||||
63
lib/arcadia_cloud/guardian.ex
Normal file
63
lib/arcadia_cloud/guardian.ex
Normal file
@@ -0,0 +1,63 @@
|
||||
defmodule ArcadiaCloud.Guardian do
|
||||
@moduledoc """
|
||||
Verify-only Guardian implementation.
|
||||
|
||||
arcadia-cloud never issues tokens — that is arcadia-app's job. We only
|
||||
decode and verify tokens minted by `Arcadia.Guardian`, then expose the
|
||||
claims as a lightweight identity struct.
|
||||
|
||||
Token contract (set by arcadia-app):
|
||||
sub => "<user_id>:<tenant_id>"
|
||||
tenant_id => UUID string
|
||||
tenant_slug => string
|
||||
email => string
|
||||
roles => [string]
|
||||
"""
|
||||
|
||||
use Guardian, otp_app: :arcadia_cloud
|
||||
|
||||
def subject_for_token(%{"sub" => sub}, _claims) when is_binary(sub), do: {:ok, sub}
|
||||
def subject_for_token(_resource, _claims), do: {:error, :not_token_issuer}
|
||||
|
||||
def resource_from_claims(claims) when is_map(claims) do
|
||||
{user_id, tenant_id_from_sub} = parse_subject(claims["sub"])
|
||||
|
||||
{:ok,
|
||||
%{
|
||||
user_id: user_id,
|
||||
tenant_id: claims["tenant_id"] || tenant_id_from_sub,
|
||||
tenant_slug: claims["tenant_slug"],
|
||||
email: claims["email"],
|
||||
roles: claims["roles"] || []
|
||||
}}
|
||||
end
|
||||
|
||||
def resource_from_claims(_), do: {:error, :invalid_claims}
|
||||
|
||||
@doc """
|
||||
Dev/test helper: mint a JWT using the local secret. Production tokens
|
||||
are minted by arcadia-app.
|
||||
"""
|
||||
def mint_dev_token(claims_overrides \\ %{}) do
|
||||
defaults = %{
|
||||
"sub" => "user-dev:tenant-dev",
|
||||
"tenant_id" => "tenant-dev",
|
||||
"tenant_slug" => "dev",
|
||||
"email" => "dev@example.com",
|
||||
"roles" => ["platform_admin"]
|
||||
}
|
||||
|
||||
claims = Map.merge(defaults, claims_overrides)
|
||||
{:ok, token, _claims} = encode_and_sign(claims, claims, token_type: :access)
|
||||
{:ok, token}
|
||||
end
|
||||
|
||||
defp parse_subject(nil), do: {nil, nil}
|
||||
|
||||
defp parse_subject(subject) when is_binary(subject) do
|
||||
case String.split(subject, ":", parts: 2) do
|
||||
[user_id, tenant_id] -> {user_id, tenant_id}
|
||||
[user_id] -> {user_id, nil}
|
||||
end
|
||||
end
|
||||
end
|
||||
5
lib/arcadia_cloud/repo.ex
Normal file
5
lib/arcadia_cloud/repo.ex
Normal file
@@ -0,0 +1,5 @@
|
||||
defmodule ArcadiaCloud.Repo do
|
||||
use Ecto.Repo,
|
||||
otp_app: :arcadia_cloud,
|
||||
adapter: Ecto.Adapters.Postgres
|
||||
end
|
||||
Reference in New Issue
Block a user