jim800121chen
c63886a194
對齊 ADR-017 v1.2:模型庫下載走 visionA 簽 MC delegated token → Client 直連 FAA。
B2 — MC download token client(internal/fileaccess):
- DownloadTokenIssuer: GetServiceToken(打 MC /oauth/token,client_credentials +
scope files:download.delegate,含 token cache)+ IssueDownloadToken(打 MC Issue 簽 fdt_)
- secret / service token / fdt token 三層全程用 hashShort 遮罩不 log
- FileAccessConfig + VISIONA_FILE_ACCESS_* env + main.go wire(Enabled() 才接)
B1 — object_key 斷層:
- model.Model 加 FAAObjectKey(json:"-" 不揭露前端)
- PromoteToModels 寫入(用 promote response TargetObjectKey = models/{userID}/{jobID}.nef)
- 三方對映天然一致(visionA Issue / FAA path / MC validate)
- 第一階段框死只 Source=converted 類 model,上傳類 download 回 501
download endpoint:
- GET /api/models/:id/download(owner-only)→ {download_url, token, expires_at}
- 前端帶 Authorization: Bearer 直連 FAA(不經 visionA、不經 AWS)
- 401/403/404/501/502 分明,502 對外 mask 不洩漏 MC 內部狀態
測試: 13 + 8 unit test(mock MC + fake issuer,httptest 驗真 HTTP);go build/vet/test 全綠。
Reviewer: 0 Critical / 0 Major / 3 Minor / 4 Suggestion,通過。
技術債(正式上線前): 第一階段 PoC 共用 FAA service client,MC 規範禁止 client 混用
usage、secret 不共用,須 MC 配發 visionA 專屬 usage=file_api client。
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
46 lines
946 B
Plaintext
46 lines
946 B
Plaintext
# ---- Go 標準 -------------------------------------------------------------
|
||
# Binaries
|
||
*.exe
|
||
*.exe~
|
||
*.dll
|
||
*.so
|
||
*.dylib
|
||
|
||
# Test binary / coverage
|
||
*.test
|
||
*.out
|
||
coverage.txt
|
||
coverage.html
|
||
|
||
# Go workspace(本專案不使用 multi-module workspace)
|
||
go.work
|
||
go.work.sum
|
||
|
||
# ---- Build 產物 ----------------------------------------------------------
|
||
bin/
|
||
dist/
|
||
build/
|
||
# go build 產生的 api-server 二進位(根目錄錨定,避免誤排除其他同名路徑)
|
||
/api-server
|
||
|
||
# ---- 環境變數 / 密鑰 -----------------------------------------------------
|
||
.env
|
||
.env.local
|
||
.env.*.local
|
||
|
||
# ---- IDE / Editor -------------------------------------------------------
|
||
.vscode/
|
||
.idea/
|
||
*.swp
|
||
*.swo
|
||
*~
|
||
|
||
# ---- OS ------------------------------------------------------------------
|
||
.DS_Store
|
||
Thumbs.db
|
||
|
||
# ---- 本機開發資料 --------------------------------------------------------
|
||
# 雛形 LocalFS storage backend 的預設根目錄
|
||
data/
|
||
tmp/
|