chore: grpc + mtls working

backend/cmd/main.go

@@ -2,15 +2,22 @@ package main
 
 import (
 	"context"
+	"crypto/tls"
+	"crypto/x509"
 	"log"
+	"net"
 	"os"
 
 	"gitea.d3m0k1d.ru/d3m0k1d/HellreigN/backend/docs"
 	"gitea.d3m0k1d.ru/d3m0k1d/HellreigN/backend/internal/config"
+	"gitea.d3m0k1d.ru/d3m0k1d/HellreigN/backend/internal/grpcsrv/commander"
 	"gitea.d3m0k1d.ru/d3m0k1d/HellreigN/backend/internal/handlers"
 	"gitea.d3m0k1d.ru/d3m0k1d/HellreigN/backend/internal/repository"
 	"gitea.d3m0k1d.ru/d3m0k1d/HellreigN/backend/internal/storage"
+	"gitea.d3m0k1d.ru/d3m0k1d/HellreigN/proto/proto"
 	"github.com/gin-gonic/gin"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
 	swaggerFiles "github.com/swaggo/files"
 	ginSwagger "github.com/swaggo/gin-swagger"
 )
@@ -39,17 +46,24 @@ func main() {
 	h := handlers.New(db)
 	agents := handlers.AgentsGroup{Handlers: h}
 	auth := handlers.AuthGroup{Handlers: h}
+	agentReg := handlers.NewAgentRegistrationGroup(h)
+
+	// Initialize registration tokens table
+	if err := h.Repo.InitRegistrationTokens(); err != nil {
+		log.Printf("Warning: failed to initialize registration tokens table: %v", err)
+	}
 
 	// Create admin user from config if not exists
 	if cfg.Admin.Admin_login != "" && cfg.Admin.Admin_password != "" {
 		if !h.Repo.ExistsByLogin(cfg.Admin.Admin_login) {
 			_, err := h.Repo.CreateToken(repository.TokenCreate{
-				Name:            cfg.Admin.Admin_name,
-				LastName:        cfg.Admin.Admin_last_name,
-				Login:           cfg.Admin.Admin_login,
-				Password:        cfg.Admin.Admin_password,
-				PermissionView:  true,
-				PermissionAdmin: true,
+				Name:             cfg.Admin.Admin_name,
+				LastName:         cfg.Admin.Admin_last_name,
+				Login:            cfg.Admin.Admin_login,
+				Password:         cfg.Admin.Admin_password,
+				PermissionView:   true,
+				PermissionManage: true,
+				PermissionAdmin:  true,
 			})
 			if err != nil {
 				log.Printf("Warning: failed to create admin user: %v", err)
@@ -93,6 +107,17 @@ func main() {
 			agentsGroup.GET("", agents.List)
 		}
 
+		// Agent registration
+		agentRegGroup := v1.Group("/agents")
+		{
+			agentRegGroup.POST("/register", agentReg.Register)
+		}
+		agentRegTokenGroup := v1.Group("/agents")
+		agentRegTokenGroup.Use(auth.AuthMiddleware(), handlers.RequireManageAgent())
+		{
+			agentRegTokenGroup.POST("/register-token", agentReg.CreateRegistrationToken)
+		}
+
 		// Logs (requires view permission)
 		logsGroup := v1.Group("/logs")
 		logsGroup.Use(auth.AuthMiddleware(), handlers.RequireView())
@@ -126,5 +151,58 @@ func main() {
 		}
 	}
 
+	// Start gRPC server with mTLS in background
+	grpcPort := os.Getenv("GRPC_PORT")
+	if grpcPort == "" {
+		grpcPort = "9001"
+	}
+
+	certDir := os.Getenv("SSL_CERT_DIR")
+	if certDir == "" {
+		certDir = "/var/lib/hellreign/ssl"
+	}
+
+	certFile := certDir + "/server.crt"
+	keyFile := certDir + "/server.key"
+	caFile := certDir + "/ca.crt"
+
+	// Load server cert
+	cert, err := tls.LoadX509KeyPair(certFile, keyFile)
+	if err != nil {
+		log.Fatalf("Failed to load server cert: %v", err)
+	}
+
+	// Load CA cert for client verification
+	caCert, err := os.ReadFile(caFile)
+	if err != nil {
+		log.Fatalf("Failed to load CA cert: %v", err)
+	}
+	caCertPool := x509.NewCertPool()
+	caCertPool.AppendCertsFromPEM(caCert)
+
+	tlsConfig := &tls.Config{
+		Certificates: []tls.Certificate{cert},
+		ClientCAs:    caCertPool,
+		ClientAuth:   tls.RequireAndVerifyClientCert,
+		MinVersion:   tls.VersionTLS12,
+	}
+
+	grpcServer := grpc.NewServer(grpc.Creds(credentials.NewTLS(tlsConfig)))
+	cmdr := commander.New()
+	proto.RegisterCommanderServer(grpcServer, cmdr)
+
+	lis, err := net.Listen("tcp", ":"+grpcPort)
+	if err != nil {
+		log.Fatalf("Failed to listen on gRPC port %s: %v", grpcPort, err)
+	}
+
+	go func() {
+		log.Printf("gRPC server starting on port %s with mTLS", grpcPort)
+		if err := grpcServer.Serve(lis); err != nil {
+			log.Fatalf("gRPC server error: %v", err)
+		}
+	}()
+	defer grpcServer.GracefulStop()
+
 	log.Fatal(router.Run(":8080"))
 }