Will Anderson
93096ea5b6
Go HTTP server with five handlers:
GET / -> 200 {env, status, soul}
GET /health -> 200 {ok:true}
POST /api/share -> 410 not_available_in_sandbox
GET /said -> 410 not_available_in_sandbox
GET /share/* -> 410 not_available_in_sandbox
any other -> 404 not_found
Distroless final image. Cross-compiled on host (Apple Silicon QEMU + Go
crashes with lfstack.push when go build runs inside an emulated linux/amd64
container). Pushed to us-central1-docker.pkg.dev/neuron-785695/neuron-sandbox/sandbox:initial.
Replaced when the real soul build pipeline lands.
79 lines
2.2 KiB
Go
79 lines
2.2 KiB
Go
// sandbox-stub: 4-route placeholder for sandbox.neurontechnologies.ai.
|
|
//
|
|
// Replaces nothing in prod. Lives behind Cloudflare Access locked to
|
|
// email_domain == neurontechnologies.ai. Returns 410 Gone on the public
|
|
// share/artifact paths so the lockdown surface is explicit even before the
|
|
// real soul wires up.
|
|
//
|
|
// Routes:
|
|
// GET / -> 200 {"env":"sandbox","status":"ready","soul":"not_loaded"}
|
|
// GET /health -> 200 {"ok":true}
|
|
// POST /api/share -> 410 {"error":"not_available_in_sandbox"}
|
|
// GET /said -> 410 {"error":"not_available_in_sandbox"}
|
|
// GET /share/* -> 410 {"error":"not_available_in_sandbox"}
|
|
// * -> 404 {"error":"not_found"}
|
|
//
|
|
// Note: we use /health (not /healthz) because Cloud Run's frontend reserves
|
|
// /healthz and intercepts it before the request reaches the container.
|
|
package main
|
|
|
|
import (
|
|
"encoding/json"
|
|
"log"
|
|
"net/http"
|
|
"os"
|
|
"strings"
|
|
)
|
|
|
|
func writeJSON(w http.ResponseWriter, status int, body any) {
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.Header().Set("X-Sandbox", "true")
|
|
w.WriteHeader(status)
|
|
_ = json.NewEncoder(w).Encode(body)
|
|
}
|
|
|
|
func gone(w http.ResponseWriter, _ *http.Request) {
|
|
writeJSON(w, http.StatusGone, map[string]string{"error": "not_available_in_sandbox"})
|
|
}
|
|
|
|
func main() {
|
|
mux := http.NewServeMux()
|
|
|
|
mux.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) {
|
|
writeJSON(w, http.StatusOK, map[string]bool{"ok": true})
|
|
})
|
|
|
|
mux.HandleFunc("/api/share", gone)
|
|
mux.HandleFunc("/said", gone)
|
|
|
|
mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
|
|
// Lockdown: any /share/... path is also gone.
|
|
if strings.HasPrefix(r.URL.Path, "/share/") || r.URL.Path == "/share" {
|
|
gone(w, r)
|
|
return
|
|
}
|
|
|
|
if r.URL.Path == "/" {
|
|
writeJSON(w, http.StatusOK, map[string]string{
|
|
"env": "sandbox",
|
|
"status": "ready",
|
|
"soul": "not_loaded",
|
|
})
|
|
return
|
|
}
|
|
|
|
writeJSON(w, http.StatusNotFound, map[string]string{"error": "not_found"})
|
|
})
|
|
|
|
port := os.Getenv("PORT")
|
|
if port == "" {
|
|
port = "8080"
|
|
}
|
|
|
|
addr := ":" + port
|
|
log.Printf("sandbox-stub listening on %s", addr)
|
|
if err := http.ListenAndServe(addr, mux); err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
}
|