cmd/construct: add HTTP test server

Closes #4

.dockerignore

@@ -0,0 +1,2 @@
+/bin
+/.git

Dockerfile

@@ -0,0 +1,13 @@
+FROM xena/go-mini:1.9.2
+
+ENV CGO_ENABLED=0
+ENV PATH=$PATH:/root/go/bin
+
+RUN apk add --no-cache git protobuf \
+ && go download
+
+COPY . /root/go/src/git.xeserv.us/xena/route
+
+RUN cd /root/go/src/git.xeserv.us/xena/route \
+&& go run ./cmd/mage/main.go -v tools generate build \
+&& rm -rf /root/go/pkg /root/go/bin

Gopkg.lock

@@ -0,0 +1,997 @@
+# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
+
+
+[[projects]]
+  branch = "master"
+  name = "github.com/ThomasRooney/gexpect"
+  packages = ["."]
+  revision = "5482f03509440585d13d8f648989e05903001842"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/Xe/eclier"
+  packages = ["."]
+  revision = "3cde6c5f47044f4875c4b7fe6b12e4e6000608ea"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/Xe/gluanetrc"
+  packages = ["."]
+  revision = "af26c7928995089c19896bcc5d0f8ba48a7930a9"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/Xe/gopreload"
+  packages = ["."]
+  revision = "a00a8beb369cafd88bb7b32f31fc4ff3219c3565"
+
+[[projects]]
+  name = "github.com/Xe/ln"
+  packages = [
+    ".",
+    "ex"
+  ]
+  revision = "466e05b2ef3e48ce08a367b6aaac09ee29a124e5"
+  version = "v0.1"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/Xe/uuid"
+  packages = ["."]
+  revision = "62b230097e9c9534ca2074782b25d738c4b68964"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/Xe/x"
+  packages = [
+    "tools/glue/libs/gluaexpect",
+    "tools/glue/libs/gluasimplebox"
+  ]
+  revision = "860ea0dedb8beb93b60717510eabca2ef5ffe150"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/aclements/go-moremath"
+  packages = ["mathx"]
+  revision = "033754ab1fee508c9f98f2785eec2365964e0b05"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/aead/chacha20"
+  packages = [
+    ".",
+    "chacha"
+  ]
+  revision = "8d6ce0550041f9d97e7f15ec27ed489f8bbbb0fb"
+
+[[projects]]
+  name = "github.com/agext/levenshtein"
+  packages = ["."]
+  revision = "5f10fee965225ac1eecdc234c09daf5cd9e7f7b6"
+  version = "v1.2.1"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/ailncode/gluaxmlpath"
+  packages = ["."]
+  revision = "6ce478ecb4a60c4fc8929838e0b21b7fb7ca7440"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/alecthomas/template"
+  packages = [
+    ".",
+    "parse"
+  ]
+  revision = "a0175ee3bccc567396460bf5acd36800cb10c49c"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/alecthomas/units"
+  packages = ["."]
+  revision = "2efee857e7cfd4f3d0138cc3cbb1b4966962b93a"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/apparentlymart/go-cidr"
+  packages = ["cidr"]
+  revision = "2bd8b58cf4275aeb086ade613de226773e29e853"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/apparentlymart/go-textseg"
+  packages = ["textseg"]
+  revision = "b836f5c4d331d1945a2fead7188db25432d73b69"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/armon/go-radix"
+  packages = ["."]
+  revision = "1fca145dffbcaa8fe914309b1ec0cfc67500fe61"
+
+[[projects]]
+  name = "github.com/asdine/storm"
+  packages = [
+    ".",
+    "codec",
+    "codec/json",
+    "index",
+    "internal",
+    "q"
+  ]
+  revision = "68fc73b635f890fe7ba2f3b15ce80c85b28a744f"
+  version = "v2.0.2"
+
+[[projects]]
+  name = "github.com/aws/aws-sdk-go"
+  packages = [
+    "aws",
+    "aws/awserr",
+    "aws/awsutil",
+    "aws/client",
+    "aws/client/metadata",
+    "aws/corehandlers",
+    "aws/credentials",
+    "aws/credentials/ec2rolecreds",
+    "aws/credentials/endpointcreds",
+    "aws/credentials/stscreds",
+    "aws/defaults",
+    "aws/ec2metadata",
+    "aws/endpoints",
+    "aws/request",
+    "aws/session",
+    "aws/signer/v4",
+    "internal/shareddefaults",
+    "private/protocol",
+    "private/protocol/query",
+    "private/protocol/query/queryutil",
+    "private/protocol/rest",
+    "private/protocol/restxml",
+    "private/protocol/xml/xmlutil",
+    "service/s3",
+    "service/sts"
+  ]
+  revision = "9ed0c8de252f04ac45a65358377103d5a1aa2d92"
+  version = "v1.12.66"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/bgentry/go-netrc"
+  packages = ["netrc"]
+  revision = "9fd32a8b3d3d3f9d43c341bfe098430e07609480"
+
+[[projects]]
+  name = "github.com/bgentry/speakeasy"
+  packages = ["."]
+  revision = "4aabc24848ce5fd31929f7d1e4ea74d3709c14cd"
+  version = "v0.1.0"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/bifurcation/mint"
+  packages = [
+    ".",
+    "syntax"
+  ]
+  revision = "350f685c15fb6b89af795dafe64fad68950948e0"
+
+[[projects]]
+  name = "github.com/blang/semver"
+  packages = ["."]
+  revision = "2ee87856327ba09384cabd113bc6b5d174e9ec0f"
+  version = "v3.5.1"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/brandur/simplebox"
+  packages = ["."]
+  revision = "84e9865bb03ad38c464043bf5382ce8c68ca5f0c"
+
+[[projects]]
+  name = "github.com/caarlos0/env"
+  packages = ["."]
+  revision = "7cd7992b3bc86f920394f8de92c13900da1a46b7"
+  version = "v3.2.0"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/cjoudrey/gluahttp"
+  packages = ["."]
+  revision = "b4bfe0c50fea948dcbf3966e120996d6607bbd89"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/cjoudrey/gluaurl"
+  packages = ["."]
+  revision = "31cbb9bef199454415879f2e6d609d1136d60cad"
+
+[[projects]]
+  name = "github.com/coreos/bbolt"
+  packages = ["."]
+  revision = "583e8937c61f1af6513608ccc75c97b6abdf4ff9"
+  version = "v1.3.0"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/dgryski/go-failure"
+  packages = ["."]
+  revision = "4963dbd58fd03ebc6672b18f9237a9045e6ef479"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/dgryski/go-onlinestats"
+  packages = ["."]
+  revision = "1c7d1946876822b4a3a4b11b598e3aad1d05265e"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/dickeyxxx/netrc"
+  packages = ["."]
+  revision = "3acf1b3de25d89c7688c63bb45f6b07f566555ec"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/facebookgo/flagenv"
+  packages = ["."]
+  revision = "fcd59fca7456889be7f2ad4515b7612fd6acef31"
+
+[[projects]]
+  name = "github.com/gchaincl/dotsql"
+  packages = ["."]
+  revision = "5487b6a5fc12870425fc14d9e05a3fabddd91d7e"
+  version = "v0.1.0"
+
+[[projects]]
+  name = "github.com/go-ini/ini"
+  packages = ["."]
+  revision = "32e4c1e6bc4e7d0d8451aa6b75200d19e37a536a"
+  version = "v1.32.0"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/go-serve/bindatafs"
+  packages = ["."]
+  revision = "1f30d36183f010db5e83986b3554c1a1d9f32d47"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/golang/protobuf"
+  packages = [
+    "jsonpb",
+    "proto",
+    "ptypes",
+    "ptypes/any",
+    "ptypes/duration",
+    "ptypes/struct",
+    "ptypes/timestamp"
+  ]
+  revision = "1e59b77b52bf8e4b449a57e6f79f21226d571845"
+
+[[projects]]
+  name = "github.com/google/gops"
+  packages = [
+    "agent",
+    "internal",
+    "signal"
+  ]
+  revision = "57e77c5c37da1f4e1af49f9d1fe760f146c1579e"
+  version = "v0.3.2"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/errwrap"
+  packages = ["."]
+  revision = "7554cd9344cec97297fa6649b055a8c98c2a1e55"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/go-cleanhttp"
+  packages = ["."]
+  revision = "d5fe4b57a186c716b0e00b8c301cbd9b4182694d"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/go-getter"
+  packages = [
+    ".",
+    "helper/url"
+  ]
+  revision = "961f56d2e93379b7d9c578e998d09257509a6f97"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/go-hclog"
+  packages = ["."]
+  revision = "ca137eb4b4389c9bc6f1a6d887f056bf16c00510"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/go-multierror"
+  packages = ["."]
+  revision = "b7773ae218740a7be65057fc60b366a49b538a44"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/go-plugin"
+  packages = ["."]
+  revision = "1fc09c47b843b73705f51ffb0520e3ac1bfecf99"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/go-uuid"
+  packages = ["."]
+  revision = "64130c7a86d732268a38cb04cfbaf0cc987fda98"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/go-version"
+  packages = ["."]
+  revision = "4fe82ae3040f80a03d04d2cccb5606a626b8e1ee"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/golang-lru"
+  packages = [
+    ".",
+    "simplelru"
+  ]
+  revision = "0a025b7e63adc15a622f29b0b2c4c3848243bbf6"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/hcl"
+  packages = [
+    ".",
+    "hcl/ast",
+    "hcl/parser",
+    "hcl/scanner",
+    "hcl/strconv",
+    "hcl/token",
+    "json/parser",
+    "json/scanner",
+    "json/token"
+  ]
+  revision = "23c074d0eceb2b8a5bfdbb271ab780cde70f05a8"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/hcl2"
+  packages = [
+    "gohcl",
+    "hcl",
+    "hcl/hclsyntax",
+    "hcl/json",
+    "hcldec",
+    "hclparse"
+  ]
+  revision = "613331e829930a2321c1de7227c9483d9c76c3f4"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/hil"
+  packages = [
+    ".",
+    "ast",
+    "parser",
+    "scanner"
+  ]
+  revision = "fa9f258a92500514cc8e9c67020487709df92432"
+
+[[projects]]
+  name = "github.com/hashicorp/terraform"
+  packages = [
+    "config",
+    "config/configschema",
+    "config/hcl2shim",
+    "config/module",
+    "dag",
+    "flatmap",
+    "helper/hashcode",
+    "helper/hilmapstructure",
+    "helper/schema",
+    "moduledeps",
+    "plugin",
+    "plugin/discovery",
+    "registry",
+    "registry/regsrc",
+    "registry/response",
+    "svchost",
+    "svchost/auth",
+    "svchost/disco",
+    "terraform",
+    "tfdiags",
+    "version"
+  ]
+  revision = "a6008b8a48a749c7c167453b9cf55ffd572b9a5d"
+  version = "v0.11.2"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/yamux"
+  packages = ["."]
+  revision = "683f49123a33db61abfb241b7ac5e4af4dc54d55"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/howeyc/gopass"
+  packages = ["."]
+  revision = "bf9dde6d0d2c004a008c27aaee91170c786f6db8"
+
+[[projects]]
+  name = "github.com/jmespath/go-jmespath"
+  packages = ["."]
+  revision = "0b12d6b5"
+
+[[projects]]
+  name = "github.com/joho/godotenv"
+  packages = [
+    ".",
+    "autoload"
+  ]
+  revision = "a79fa1e548e2c689c241d10173efd51e5d689d5b"
+  version = "v1.2.0"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/jtolds/qod"
+  packages = ["."]
+  revision = "3abb44dfc7ba8b5cdfdb634786f57e78c7004e1c"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kardianos/osext"
+  packages = ["."]
+  revision = "ae77be60afb1dcacde03767a8c37337fad28ac14"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kballard/go-shellquote"
+  packages = ["."]
+  revision = "cd60e84ee657ff3dc51de0b4f55dd299a3e136f2"
+
+[[projects]]
+  name = "github.com/klauspost/cpuid"
+  packages = ["."]
+  revision = "ae7887de9fa5d2db4eaa8174a7eff2c1ac00f2da"
+  version = "v1.1"
+
+[[projects]]
+  name = "github.com/klauspost/reedsolomon"
+  packages = ["."]
+  revision = "6bb6130ff6a76a904c1841707d65603aec9cc288"
+  version = "v1.6"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluaenv"
+  packages = ["."]
+  revision = "2888db6bbe38923d59c42e443895875cc8ce0820"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluafs"
+  packages = ["."]
+  revision = "01391ed2d7ab89dc80157605b073403f960aa223"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluaquestion"
+  packages = ["."]
+  revision = "311437c29ba54d027ad2af383661725ae2bfdcdc"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluassh"
+  packages = ["."]
+  revision = "2a7bd48d7568de8230c87ac1ef4a4c481e45814d"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluatemplate"
+  packages = ["."]
+  revision = "d9e2c9d6b00f069a9da377a9ac529c827c1c7d71"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluayaml"
+  packages = ["."]
+  revision = "6fe413d49d73d785510ecf1529991ab0573e96c7"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kr/fs"
+  packages = ["."]
+  revision = "2788f0dbd16903de03cb8186e5c7d97b69ad387b"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kr/pretty"
+  packages = ["."]
+  revision = "cfb55aafdaf3ec08f0db22699ab822c50091b1c4"
+
+[[projects]]
+  name = "github.com/kr/pty"
+  packages = ["."]
+  revision = "282ce0e5322c82529687d609ee670fac7c7d917c"
+  version = "v1.1.1"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kr/text"
+  packages = ["."]
+  revision = "7cafcd837844e784b526369c9bce262804aebc60"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/lib/pq"
+  packages = [
+    ".",
+    "oid"
+  ]
+  revision = "27ea5d92de30060e7121ddd543fe14e9a327e0cc"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/lucas-clemente/aes12"
+  packages = ["."]
+  revision = "cd47fb39b79f867c6e4e5cd39cf7abd799f71670"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/lucas-clemente/fnv128a"
+  packages = ["."]
+  revision = "393af48d391698c6ae4219566bfbdfef67269997"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/lucas-clemente/quic-go"
+  packages = [
+    ".",
+    "ackhandler",
+    "congestion",
+    "h2quic",
+    "internal/crypto",
+    "internal/flowcontrol",
+    "internal/handshake",
+    "internal/protocol",
+    "internal/utils",
+    "internal/wire",
+    "qerr"
+  ]
+  revision = "15bcc2579f7dab14c84f438741f2b535cf474df9"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/lucas-clemente/quic-go-certificates"
+  packages = ["."]
+  revision = "d2f86524cced5186554df90d92529757d22c1cb6"
+
+[[projects]]
+  name = "github.com/magefile/mage"
+  packages = [
+    "build",
+    "mage",
+    "mg",
+    "parse",
+    "parse/srcimporter",
+    "sh",
+    "types"
+  ]
+  revision = "ab3ca2f6f85577d7ec82e0a6df721147a2e737f9"
+  version = "v2.0.1"
+
+[[projects]]
+  name = "github.com/mattes/migrate"
+  packages = [
+    ".",
+    "database",
+    "database/postgres",
+    "source",
+    "source/go-bindata"
+  ]
+  revision = "035c07716cd373d88456ec4d701402df52584cb4"
+  version = "v3.0.1"
+
+[[projects]]
+  name = "github.com/mattn/go-isatty"
+  packages = ["."]
+  revision = "0360b2af4f38e8d38c7fce2a9f4e702702d73a39"
+  version = "v0.0.3"
+
+[[projects]]
+  name = "github.com/mattn/go-runewidth"
+  packages = ["."]
+  revision = "9e777a8366cce605130a531d2cd6363d07ad7317"
+  version = "v0.0.2"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/mitchellh/cli"
+  packages = ["."]
+  revision = "518dc677a1e1222682f4e7db06721942cb8e9e4c"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/mitchellh/copystructure"
+  packages = ["."]
+  revision = "d23ffcb85de31694d6ccaa23ccb4a03e55c1303f"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/mitchellh/go-homedir"
+  packages = ["."]
+  revision = "b8bc1bf767474819792c23f32d8286a45736f1c6"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/mitchellh/go-testing-interface"
+  packages = ["."]
+  revision = "a61a99592b77c9ba629d254a693acffaeb4b7e28"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/mitchellh/go-wordwrap"
+  packages = ["."]
+  revision = "ad45545899c7b13c020ea92b2072220eefad42b8"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/mitchellh/hashstructure"
+  packages = ["."]
+  revision = "2bca23e0e452137f789efbc8610126fd8b94f73b"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/mitchellh/mapstructure"
+  packages = ["."]
+  revision = "b4575eea38cca1123ec2dc90c26529b5c5acfcff"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/mitchellh/reflectwalk"
+  packages = ["."]
+  revision = "63d60e9d0dbc60cf9164e6510889b0db6683d98c"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/mtneug/pkg"
+  packages = ["ulid"]
+  revision = "b270c2c35fc775243f87c58cf3f6969c5d9369d6"
+
+[[projects]]
+  name = "github.com/oklog/run"
+  packages = ["."]
+  revision = "4dadeb3030eda0273a12382bb2348ffc7c9d1a39"
+  version = "v1.0.0"
+
+[[projects]]
+  name = "github.com/oklog/ulid"
+  packages = ["."]
+  revision = "d311cb43c92434ec4072dfbbda3400741d0a6337"
+  version = "v0.3.0"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/olekukonko/tablewriter"
+  packages = ["."]
+  revision = "96aac992fc8b1a4c83841a6c3e7178d20d989625"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/otm/gluaflag"
+  packages = ["."]
+  revision = "078088de689148194436293886e8e39809167332"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/otm/gluash"
+  packages = ["."]
+  revision = "e145c563986f0b91f740a758a84bca46c163aec7"
+
+[[projects]]
+  name = "github.com/pkg/errors"
+  packages = ["."]
+  revision = "645ef00459ed84a119197bfb8d8205042c6df63d"
+  version = "v0.8.0"
+
+[[projects]]
+  name = "github.com/pkg/sftp"
+  packages = ["."]
+  revision = "f6a9258a0f570c3a76681b897b6ded57cb0dfa88"
+  version = "1.2.0"
+
+[[projects]]
+  name = "github.com/posener/complete"
+  packages = [
+    ".",
+    "cmd",
+    "cmd/install",
+    "match"
+  ]
+  revision = "dc2bc5a81accba8782bebea28628224643a8286a"
+  version = "v1.1"
+
+[[projects]]
+  name = "github.com/satori/go.uuid"
+  packages = ["."]
+  revision = "f58768cc1a7a7e77a3bd49e98cdd21419399b6a3"
+  version = "v1.2.0"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/streamrail/concurrent-map"
+  packages = ["."]
+  revision = "8bf1e9bacbf65b10c81d0f4314cf2b1ebef728b5"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/templexxx/cpufeat"
+  packages = ["."]
+  revision = "3794dfbfb04749f896b521032f69383f24c3687e"
+
+[[projects]]
+  name = "github.com/templexxx/xor"
+  packages = ["."]
+  revision = "0af8e873c554da75f37f2049cdffda804533d44c"
+  version = "0.1.2"
+
+[[projects]]
+  name = "github.com/tjfoc/gmsm"
+  packages = ["sm4"]
+  revision = "98aa888b79d8de04afe0fccf45ed10594efc858b"
+  version = "v1.1"
+
+[[projects]]
+  name = "github.com/twitchtv/twirp"
+  packages = [
+    ".",
+    "ctxsetters",
+    "internal/contextkeys"
+  ]
+  revision = "db96cdf354e8dc053e5ee5fe890bb0a7f18123ab"
+  version = "v5.0.0"
+
+[[projects]]
+  name = "github.com/ulikunitz/xz"
+  packages = [
+    ".",
+    "internal/hash",
+    "internal/xlog",
+    "lzma"
+  ]
+  revision = "0c6b41e72360850ca4f98dc341fd999726ea007f"
+  version = "v0.5.4"
+
+[[projects]]
+  name = "github.com/xtaci/kcp-go"
+  packages = ["."]
+  revision = "86eebd5cadb519b7c9306082c7eb3bcee2c49a7b"
+  version = "v3.23"
+
+[[projects]]
+  name = "github.com/xtaci/smux"
+  packages = ["."]
+  revision = "ebec7ef2574b42a7088cd7751176483e0a27d458"
+  version = "v1.0.6"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/yookoala/realpath"
+  packages = ["."]
+  revision = "d19ef9c409d9817c1e685775e53d361b03eabbc8"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/yuin/gluamapper"
+  packages = ["."]
+  revision = "d836955830e75240d46ce9f0e6d148d94f2e1d3a"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/yuin/gluare"
+  packages = ["."]
+  revision = "d7c94f1a80ede93a621ed100866e6d4745ca8c22"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/yuin/gopher-lua"
+  packages = [
+    ".",
+    "ast",
+    "parse",
+    "pm"
+  ]
+  revision = "7d7bc8747e3f614c5c587729a341fe7d8903cdb8"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/zclconf/go-cty"
+  packages = [
+    "cty",
+    "cty/convert",
+    "cty/function",
+    "cty/function/stdlib",
+    "cty/gocty",
+    "cty/json",
+    "cty/set"
+  ]
+  revision = "709e4033eeb037dc543dbc2048065dfb814ce316"
+
+[[projects]]
+  name = "go.uber.org/atomic"
+  packages = ["."]
+  revision = "8474b86a5a6f79c443ce4b2992817ff32cf208b8"
+  version = "v1.3.1"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/crypto"
+  packages = [
+    "acme",
+    "acme/autocert",
+    "bcrypt",
+    "blowfish",
+    "cast5",
+    "curve25519",
+    "ed25519",
+    "ed25519/internal/edwards25519",
+    "hkdf",
+    "internal/chacha20",
+    "nacl/secretbox",
+    "openpgp",
+    "openpgp/armor",
+    "openpgp/elgamal",
+    "openpgp/errors",
+    "openpgp/packet",
+    "openpgp/s2k",
+    "pbkdf2",
+    "poly1305",
+    "salsa20",
+    "salsa20/salsa",
+    "ssh",
+    "ssh/agent",
+    "ssh/terminal",
+    "tea",
+    "twofish",
+    "xtea"
+  ]
+  revision = "a6600008915114d9c087fad9f03d75087b1a74df"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/net"
+  packages = [
+    "bpf",
+    "context",
+    "html",
+    "html/atom",
+    "http2",
+    "http2/hpack",
+    "idna",
+    "internal/iana",
+    "internal/socket",
+    "internal/timeseries",
+    "ipv4",
+    "lex/httplex",
+    "trace"
+  ]
+  revision = "5ccada7d0a7ba9aeb5d3aca8d3501b4c2a509fec"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/sys"
+  packages = [
+    "unix",
+    "windows"
+  ]
+  revision = "2c42eef0765b9837fbdab12011af7830f55f88f0"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/text"
+  packages = [
+    "collate",
+    "collate/build",
+    "internal/colltab",
+    "internal/gen",
+    "internal/tag",
+    "internal/triegen",
+    "internal/ucd",
+    "language",
+    "secure/bidirule",
+    "transform",
+    "unicode/bidi",
+    "unicode/cldr",
+    "unicode/norm",
+    "unicode/rangetable"
+  ]
+  revision = "e19ae1496984b1c655b8044a65c0300a3c878dd3"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/tools"
+  packages = [
+    "godoc/vfs",
+    "godoc/vfs/httpfs"
+  ]
+  revision = "99037e3760ed7d9c772c980caee42b17779b80ce"
+
+[[projects]]
+  branch = "master"
+  name = "google.golang.org/genproto"
+  packages = ["googleapis/rpc/status"]
+  revision = "a8101f21cf983e773d0c1133ebc5424792003214"
+
+[[projects]]
+  name = "google.golang.org/grpc"
+  packages = [
+    ".",
+    "balancer",
+    "balancer/base",
+    "balancer/roundrobin",
+    "codes",
+    "connectivity",
+    "credentials",
+    "encoding",
+    "grpclb/grpc_lb_v1/messages",
+    "grpclog",
+    "health",
+    "health/grpc_health_v1",
+    "internal",
+    "keepalive",
+    "metadata",
+    "naming",
+    "peer",
+    "resolver",
+    "resolver/dns",
+    "resolver/passthrough",
+    "stats",
+    "status",
+    "tap",
+    "transport"
+  ]
+  revision = "6b51017f791ae1cfbec89c52efdf444b13b550ef"
+  version = "v1.9.2"
+
+[[projects]]
+  name = "gopkg.in/alecthomas/kingpin.v2"
+  packages = ["."]
+  revision = "947dcec5ba9c011838740e680966fd7087a71d0d"
+  version = "v2.2.6"
+
+[[projects]]
+  branch = "v2"
+  name = "gopkg.in/xmlpath.v2"
+  packages = ["."]
+  revision = "860cbeca3ebcc600db0b213c0e83ad6ce91f5739"
+
+[[projects]]
+  branch = "v2"
+  name = "gopkg.in/yaml.v2"
+  packages = ["."]
+  revision = "d670f9405373e636a5a2765eea47fac0c9bc91a4"
+
+[[projects]]
+  branch = "master"
+  name = "layeh.com/asar"
+  packages = ["."]
+  revision = "0ec214a4ae0d21fa761591e8cb8f0bbf162ef3e5"
+
+[[projects]]
+  branch = "master"
+  name = "layeh.com/gopher-json"
+  packages = ["."]
+  revision = "1aab82196e3b418b56866938f28b6a693f2c6b18"
+
+[[projects]]
+  name = "layeh.com/gopher-luar"
+  packages = ["."]
+  revision = "7b2b96926970546e504881ee7364c1127508eb4e"
+  version = "v1.0.2"
+
+[solve-meta]
+  analyzer-name = "dep"
+  analyzer-version = 1
+  inputs-digest = "d000c14171581755a2ee37649cb969d019d9c197928028a87e83e3ec729421aa"
+  solver-name = "gps-cdcl"
+  solver-version = 1

Gopkg.toml

@@ -0,0 +1,140 @@
+# Gopkg.toml example
+#
+# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
+# for detailed Gopkg.toml documentation.
+#
+# required = ["github.com/user/thing/cmd/thing"]
+# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
+#
+# [[constraint]]
+#   name = "github.com/user/project"
+#   version = "1.0.0"
+#
+# [[constraint]]
+#   name = "github.com/user/project2"
+#   branch = "dev"
+#   source = "github.com/myfork/project2"
+#
+# [[override]]
+#  name = "github.com/x/y"
+#  version = "2.4.0"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/Xe/eclier"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/Xe/gopreload"
+
+[[constraint]]
+  name = "github.com/Xe/ln"
+  version = "0.1.0"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/Xe/uuid"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/Xe/x"
+
+[[constraint]]
+  name = "github.com/asdine/storm"
+  version = "2.0.2"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/brandur/simplebox"
+
+[[constraint]]
+  name = "github.com/caarlos0/env"
+  version = "3.2.0"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/dgryski/go-failure"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/dickeyxxx/netrc"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/facebookgo/flagenv"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/golang/protobuf"
+
+[[constraint]]
+  name = "github.com/google/gops"
+  version = "0.3.2"
+
+[[constraint]]
+  name = "github.com/hashicorp/terraform"
+  version = "0.11.2"
+
+[[constraint]]
+  name = "github.com/joho/godotenv"
+  version = "1.2.0"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/jtolds/qod"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/kr/pretty"
+
+[[constraint]]
+  name = "github.com/lucas-clemente/quic-go"
+  branch = "master"
+
+[[constraint]]
+  name = "github.com/magefile/mage"
+  version = "2.0.1"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/mtneug/pkg"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/olekukonko/tablewriter"
+
+[[constraint]]
+  name = "github.com/pkg/errors"
+  version = "0.8.0"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/streamrail/concurrent-map"
+
+[[constraint]]
+  name = "github.com/xtaci/kcp-go"
+  version = "3.23.0"
+
+[[constraint]]
+  name = "github.com/xtaci/smux"
+  version = "1.0.6"
+
+[[constraint]]
+  name = "go.uber.org/atomic"
+  version = "1.3.1"
+
+[[constraint]]
+  branch = "master"
+  name = "golang.org/x/crypto"
+
+[[constraint]]
+  branch = "master"
+  name = "golang.org/x/net"
+
+[[constraint]]
+  name = "google.golang.org/grpc"
+  version = "1.9.2"
+
+[[constraint]]
+  name = "gopkg.in/alecthomas/kingpin.v2"
+  version = "2.2.6"

README.md

@@ -1,10 +1,52 @@
-route
-=====
+# Route
 
-A simple cluster-friendly load balancer for singleton microservices.
+Route is a load balancer that has backends connect to the load balancer instead
+of the load balancer connecting to backends. This model allows networks to be
+vastly simplified, no longer having to bring in consul or another consensus layer,
+no more configuration generation or rehashing nginx on each deploy.
 
-TODO
-----
+## About
 
-- [ ] Store stuff into RethinkDB
-- [ ] Add Let's Encrypt support in addition to a free tor hidden service with every domain routed
+Project Stability: Alpha (don't use this in production yet)
+
+This project is a passion project, as such excuse the atypical setup for everything.
+If you have ideas on how to improve things, please open an issue, comment on existing
+issues or hit me up in a private message somewhere. I want route to be the easiest
+possible way to host services of all sizes.
+
+### Constraints
+
+Constraints I am putting on myself right now:
+- Use Go as much as possible and where it makes sense use other tools
+- Create solutions using experience from the "old way" of doing things to categorically eliminate problems
+- Make solutions as robust and fault-tolerant wherever possible as soon as possible
+- Don't waste resources if you don't have to
+- Always clean things up eventually
+- If you have to fail, fail loudly
+- Don't be too clever
+- It's ${CURRENT_YEAR}, only allow TLS connections except where absolutely required
+
+## Build
+
+Route uses [mage](http://magefile.org) for building it and its dependencies. For
+convenience, a copy of mage is vendored as `./cmd/mage/main.go`. You can install
+this to your machine if you want.
+
+```console
+$ go run ./cmd/mage/main.go tools
+$ go run ./cmd/mage/main.go build
+```
+
+## Quickstart
+
+See [quickstart docs](https://git.xeserv.us/xena/route/src/master/doc/quickstart.md).
+
+## Support
+
+Please [contact me](https://christine.website/contact) to get support with this
+project.
+
+## Donations
+
+Throw me a [ko-fi](https://ko-fi.com/christinedodrill) or contact me for other
+donations.

build.sh

@@ -1,24 +0,0 @@
-#!/bin/sh
-
-set -e
-set -x
-
-dir="$(mktemp -d)"
-plugdir="$dir/plugins"
-githash="$(git rev-parse HEAD)"
-wd="$(pwd)"
-libc="glibc"
-
-[[ -f "/lib/libc.musl-x86_64.so.1" ]] && libc="musl"
-
-export GOBIN="$dir/bin"
-go build git.xeserv.us/xena/route/cmd/...
-go install git.xeserv.us/xena/route/cmd/...
-
-go build -buildmode plugin -o $plugdir/autohttpagent.so git.xeserv.us/xena/route/plugins/autohttpagent
-
-cd $dir
-tar czf "$wd/route-$libc-$githash.tgz" *
-cd $wd
-
-rm -rf $dir

cmd/construct/builtin.go

@@ -0,0 +1,69 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"runtime"
+
+	"github.com/kr/pretty"
+	"go.uber.org/atomic"
+)
+
+var (
+	hits *atomic.Int64
+)
+
+func init() {
+	hits = atomic.NewInt64(0)
+}
+
+func demoServerHandler(msg string) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprintln(w, "Route is go!")
+		fmt.Fprintf(w, "%s\n", pretty.Sprintf("%s", r.Header))
+		hn, _ := os.Hostname()
+		fmt.Fprintf(w, "message: %s\n", msg)
+		fmt.Fprintf(w, "Served by %s running %s\n", hn, runtime.GOOS)
+		fmt.Fprintf(w, "Hit count: %d", hits.Inc())
+
+		ip := r.Header.Get("X-Remote-Ip")
+		if ip != "" {
+			log.Printf("Hit from %s: %s", ip, r.RequestURI)
+		}
+	})
+}
+
+func demoServer(ctx context.Context, args []string) error {
+	fs := flag.NewFlagSet("server", flag.ContinueOnError)
+
+	addr := fs.String("addr", ":9090", "http address to listen on")
+	msg := fs.String("msg", "now here's a little lesson in trickery...", "custom message to add to each page render")
+
+	err := fs.Parse(args)
+	if err != nil {
+		return err
+	}
+
+	hs := &http.Server{
+		Addr:    *addr,
+		Handler: demoServerHandler(*msg),
+	}
+
+	go hs.ListenAndServe()
+
+	log.Printf("listening on %s", *addr)
+
+	for {
+		select {
+		case <-ctx.Done():
+			sctx := context.Background()
+			hs.Shutdown(sctx)
+
+			return nil
+		}
+	}
+}

cmd/construct/main.go

@@ -0,0 +1,124 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"log"
+	"net/http"
+	"os"
+	"path/filepath"
+
+	"git.xeserv.us/xena/route/internal/gluaroute"
+	edata "git.xeserv.us/xena/route/proto/eclier"
+	"github.com/Xe/eclier"
+	"github.com/Xe/gluanetrc"
+	"github.com/Xe/x/tools/glue/libs/gluaexpect"
+	"github.com/Xe/x/tools/glue/libs/gluasimplebox"
+	"github.com/ailncode/gluaxmlpath"
+	"github.com/cjoudrey/gluahttp"
+	"github.com/cjoudrey/gluaurl"
+	"github.com/go-serve/bindatafs"
+	"github.com/kohkimakimoto/gluaenv"
+	"github.com/kohkimakimoto/gluafs"
+	"github.com/kohkimakimoto/gluaquestion"
+	"github.com/kohkimakimoto/gluassh"
+	"github.com/kohkimakimoto/gluatemplate"
+	"github.com/kohkimakimoto/gluayaml"
+	homedir "github.com/mitchellh/go-homedir"
+	"github.com/otm/gluaflag"
+	"github.com/otm/gluash"
+	"github.com/yuin/gluare"
+	lua "github.com/yuin/gopher-lua"
+	"golang.org/x/tools/godoc/vfs/httpfs"
+	json "layeh.com/gopher-json"
+)
+
+var hDir string
+var cfgHome *string
+var netrcFile *string
+var defaultServer *string
+
+func init() {
+	dir, err := homedir.Dir()
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	hDir = dir
+
+	cfgHome = flag.String("home", filepath.Join(hDir, ".construct"), "construct's home directory")
+	netrcFile = flag.String("netrc", filepath.Join(hDir, ".netrc"), "location of netrc file to use for authentication")
+	defaultServer = flag.String("default-server", "https://api.route.xeserv.us:7268", "api server to connect to")
+
+	log.SetFlags(log.LstdFlags | log.Llongfile)
+}
+
+func main() {
+	flag.Parse()
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	pluginLoc := filepath.Join(*cfgHome, "plugins")
+	scriptsLoc := filepath.Join(*cfgHome, "local", "scripts")
+
+	os.MkdirAll(pluginLoc, 0755)
+	os.MkdirAll(scriptsLoc, 0755)
+
+	if _, err := os.Stat(*netrcFile); err != nil {
+		log.Printf("creating netrc file...")
+		fout, err := os.Create(*netrcFile)
+		if err != nil {
+			log.Fatal(err)
+		}
+		fout.Close()
+	}
+
+	efs := bindatafs.New("core://", edata.Asset, edata.AssetDir, edata.AssetInfo)
+
+	opts := []eclier.RouterOption{
+		eclier.WithGluaCreationHook(preload),
+		eclier.WithScriptHome(scriptsLoc),
+		eclier.WithFilesystem("/bindata:core/", httpfs.New(efs)),
+	}
+
+	err := filepath.Walk(pluginLoc, func(path string, info os.FileInfo, err error) error {
+		if info.IsDir() {
+			opts = append(opts, eclier.WithScriptHome(info.Name()))
+		}
+
+		return nil
+	})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	r, err := eclier.NewRouter(opts...)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	r.AddCommand(eclier.NewBuiltinCommand("server", "spawns a http server for testing", "[-addr host:port|-msg \"some message\"]", demoServer))
+
+	r.Run(ctx, flag.Args())
+}
+
+func preload(L *lua.LState) {
+	L.PreloadModule("re", gluare.Loader)
+	L.PreloadModule("sh", gluash.Loader)
+	L.PreloadModule("fs", gluafs.Loader)
+	L.PreloadModule("env", gluaenv.Loader)
+	L.PreloadModule("yaml", gluayaml.Loader)
+	L.PreloadModule("question", gluaquestion.Loader)
+	L.PreloadModule("ssh", gluassh.Loader)
+	L.PreloadModule("http", gluahttp.NewHttpModule(&http.Client{}).Loader)
+	L.PreloadModule("flag", gluaflag.Loader)
+	L.PreloadModule("template", gluatemplate.Loader)
+	L.PreloadModule("url", gluaurl.Loader)
+	gluaexpect.Preload(L)
+	gluasimplebox.Preload(L)
+	gluaxmlpath.Preload(L)
+	json.Preload(L)
+	gluanetrc.Preload(L)
+	gluaroute.Preload(L)
+}

cmd/mage/main.go

@@ -0,0 +1,9 @@
+package main
+
+import (
+	"os"
+
+	"github.com/magefile/mage/mage"
+)
+
+func main() { os.Exit(mage.Main()) }

cmd/route-cli/.gitignore

@@ -0,0 +1 @@
+route-cli

cmd/route-cli/main.go

@@ -0,0 +1,347 @@
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"path/filepath"
+	"runtime"
+
+	"go.uber.org/atomic"
+
+	"git.xeserv.us/xena/route/internal/database"
+	"git.xeserv.us/xena/route/internal/routecrypto"
+	proto "git.xeserv.us/xena/route/proto"
+	"git.xeserv.us/xena/route/proto/route"
+	"github.com/Xe/ln"
+	"github.com/Xe/uuid"
+	"github.com/dickeyxxx/netrc"
+	"github.com/kr/pretty"
+	"github.com/olekukonko/tablewriter"
+	"gopkg.in/alecthomas/kingpin.v2"
+)
+
+var allScopes = []string{
+	"token:get", "token:getall", "token:put", "token:delete", "token:deactivate",
+	"route:get", "route:getall", "route:put", "route:delete",
+	"connect",
+	"backend:list", "backend:kill",
+	"admin",
+}
+
+var whoami string
+
+func userHomeDir() string {
+	if runtime.GOOS == "windows" {
+		home := os.Getenv("HOMEDRIVE") + os.Getenv("HOMEPATH")
+		if home == "" {
+			home = os.Getenv("USERPROFILE")
+		}
+		return home
+	}
+	return os.Getenv("HOME")
+}
+
+var (
+	app        = kingpin.New("route", "An interface to routed")
+	grpcServer = app.Flag("routed-addr", "routed grpc address").Default("127.0.0.1:7268").String()
+	netrcPath  = app.Flag("netrc", "netrc path").Default(filepath.Join(userHomeDir(), ".netrc")).String()
+
+	generateKey = app.Command("generate-key", "generate SSL cert crypto key")
+
+	backends = app.Command("backend", "backend management")
+
+	backendList       = backends.Command("list", "list connected backends")
+	backendListDomain = backendList.Flag("domain", "if set, match backends against this domain name").String()
+	backendListUser   = backendList.Flag("user", "if set, match backends against this username").String()
+
+	backendKill   = backends.Command("kill", "forcibly disconnect a given backend")
+	backendKillID = backendKill.Flag("id", "the ID of the backend to remove").Required().String()
+
+	routes = app.Command("route", "route management")
+
+	routesCreate       = routes.Command("create", "create a new route")
+	routesCreateDomain = routesCreate.Flag("domain", "domain for the route (if not given one will be generated for you)").String()
+
+	routesInspect   = routes.Command("inspect", "inspect one route")
+	routesInspectID = routesInspect.Flag("id", "ID of the route to inspect").Required().String()
+
+	routesList = routes.Command("list", "list all routes owned by you")
+
+	routesRm   = routes.Command("rm", "remove a route")
+	routesRmID = routesRm.Flag("id", "route ID to remove").Required().String()
+
+	testServer     = app.Command("test-server", "spawn a simple HTTP test server on a TCP address")
+	testServerAddr = testServer.Flag("addr", "TCP address").Default(":9090").String()
+
+	token = app.Command("token", "token management")
+
+	tokenCreate       = token.Command("create", "create a new token")
+	tokenCreateScopes = tokenCreate.Flag("scope", "token scopes").Default(allScopes...).Strings()
+
+	tokenGenerate             = token.Command("generate-root", "generate a root token")
+	tokenGenerateKey          = tokenGenerate.Flag("key", "token crypto key").Required().String()
+	tokenGenerateScopes       = tokenGenerate.Flag("scopes", "token scopes").Default(allScopes...).Strings()
+	tokenGenerateUsername     = tokenGenerate.Flag("username", "token username").Required().String()
+	tokenGenerateDatabasePath = tokenGenerate.Flag("db", "database file to add the root token to").Required().String()
+
+	tokenInspect   = token.Command("inspect", "inspect a token")
+	tokenInspectID = tokenInspect.Flag("token-id", "token id").Required().String()
+
+	tokenList            = token.Command("list", "list all tokens belonging to you")
+	tokenListDeactivated = tokenList.Flag("deactivated", "list deactivated tokens?").Default("false").Bool()
+
+	tokenRm     = token.Command("rm", "remove a token")
+	tokenRmHard = tokenRm.Flag("hard", "hard-delete the token instead of deactivating it").Default("false").Bool()
+	tokenRmID   = tokenRm.Flag("id", "token id").Required().String()
+)
+
+var (
+	hits *atomic.Int64
+)
+
+func init() {
+	hits = atomic.NewInt64(0)
+}
+
+func handle(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprintln(w, "Route is go!")
+	fmt.Fprintf(w, "%s\n", pretty.Sprintf("%s", r.Header))
+	hn, _ := os.Hostname()
+	fmt.Fprintf(w, "Served by %s running %s\n", hn, runtime.GOOS)
+	fmt.Fprintf(w, "Hit count: %d", hits.Inc())
+
+	ip := r.Header.Get("X-Remote-Ip")
+	if ip != "" {
+		log.Printf("Hit from %s: %s", ip, r.RequestURI)
+	}
+}
+
+func main() {
+	cmdline := kingpin.MustParse(app.Parse(os.Args[1:]))
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+retry_netrc:
+	n, err := netrc.Parse(*netrcPath)
+	if err != nil {
+		_, err := os.Stat(*netrcPath)
+		if err == os.ErrNotExist {
+			fout, err := os.Create(*netrcPath)
+			if err != nil {
+				ln.FatalErr(ctx, err, ln.Action("creating netrc"), ln.F{"path": *netrcPath})
+			}
+			fout.Close()
+			goto retry_netrc
+		}
+	}
+	_ = n
+
+	switch cmdline {
+	case "test-server":
+		http.HandleFunc("/", handle)
+
+		ln.FatalErr(ctx, http.ListenAndServe(*testServerAddr, nil), ln.Action("test server listenAndServe"))
+
+		return
+
+	case "generate-key":
+		key, err := routecrypto.GenerateKey()
+		if err != nil {
+			ln.FatalErr(ctx, err, ln.Action("generating encryption key"))
+		}
+
+		fmt.Println("Your key is:", routecrypto.ShowKey(key))
+
+		return
+
+	case "token generate-root":
+		key, err := routecrypto.ParseKey(*tokenGenerateKey)
+		if err != nil {
+			ln.FatalErr(ctx, err, ln.Action("parsing encryption key"))
+		}
+		db, err := database.NewBoltStorage(*tokenGenerateDatabasePath, key)
+		if err != nil {
+			ln.FatalErr(ctx, err, ln.Action("opening routed database"))
+		}
+
+		tBody := uuid.New()
+
+		tok := database.Token{
+			Body:   uuid.New(),
+			Owner:  *tokenGenerateUsername,
+			Scopes: *tokenGenerateScopes,
+		}
+
+		_, err = db.Tokens().Put(context.Background(), tok)
+		if err != nil {
+			ln.FatalErr(ctx, err, ln.Action("add newly created token to database"))
+		}
+		defer db.Close()
+
+		fmt.Println("Your token is:", tBody)
+
+		n.AddMachine(*grpcServer, *tokenGenerateUsername, tBody)
+		err = n.Save()
+		if err != nil {
+			ln.FatalErr(ctx, err, ln.Action("add machine to netrc"))
+		}
+
+		return
+	}
+
+	m := n.Machine(*grpcServer)
+
+	cl := route.New("https://"+*grpcServer, m.Get("password"), &http.Client{})
+
+	switch cmdline {
+	case "route create":
+		rt, err := cl.Routes.Put(ctx, &proto.Route{Host: *routesCreateDomain})
+		if err != nil {
+			ln.FatalErr(ctx, err, ln.Action("create new route"))
+		}
+
+		fmt.Printf("created route for domain %s, id: %s\n", rt.Host, rt.Id)
+
+		return
+
+	case "route inspect":
+		r, err := cl.Routes.Get(context.Background(), &proto.GetRouteRequest{
+			Id: *routesInspectID,
+		})
+		if err != nil {
+			ln.FatalErr(ctx, err, ln.Action("get single route"), ln.F{"domain": *routesCreateDomain})
+		}
+
+		json.NewEncoder(os.Stdout).Encode(r)
+		fmt.Println()
+
+		return
+
+	case "route list":
+		rts, err := cl.Routes.GetAll(context.Background(), &proto.Nil{})
+		if err != nil {
+			ln.FatalErr(ctx, err, ln.Action("get all routes"))
+		}
+
+		table := tablewriter.NewWriter(os.Stdout)
+		table.SetHeader([]string{"ID", "Host"})
+
+		for _, r := range rts.Routes {
+			table.Append([]string{r.Id, r.Host})
+		}
+
+		table.Render()
+
+		return
+
+	case "route rm":
+		_, err := cl.Routes.Delete(context.Background(), &proto.Route{Id: *routesRmID})
+		if err != nil {
+			ln.FatalErr(ctx, err, ln.Action("remove single route"), ln.F{"id": *routesRmID})
+		}
+
+		return
+
+	case "backend list":
+		bkds, err := cl.Backends.List(context.Background(), &proto.BackendSelector{
+			Domain: *backendListDomain,
+			User:   *backendListUser,
+		})
+		if err != nil {
+			ln.FatalErr(ctx, err, ln.Action("list backends"))
+		}
+
+		table := tablewriter.NewWriter(os.Stdout)
+		table.SetHeader([]string{"ID", "Proto", "User", "Domain", "Failure Chance", "Host"})
+
+		for _, bknd := range bkds.Backends {
+			table.Append([]string{bknd.Id, bknd.Proto, bknd.User, bknd.Domain, fmt.Sprint(bknd.Phi), bknd.Host})
+		}
+
+		table.Render()
+
+		return
+
+	case "backend kill":
+		_, err := cl.Backends.Kill(context.Background(), &proto.BackendID{Id: *backendKillID})
+		if err != nil {
+			ln.FatalErr(ctx, err, ln.Action("attempt to kill backend"), ln.F{"backend_id": *backendKillID})
+		}
+
+		fmt.Println("killed backend " + *backendKillID)
+
+		return
+
+	case "token list":
+		lis, err := cl.Tokens.GetAll(ctx, &proto.Nil{})
+		if err != nil {
+			ln.FatalErr(ctx, err, ln.Action("get all tokens"))
+		}
+
+		table := tablewriter.NewWriter(os.Stdout)
+		table.SetHeader([]string{"ID", "Active", "Scopes"})
+
+		for _, tkn := range lis.Tokens {
+			table.Append([]string{tkn.Id, fmt.Sprint(tkn.Active), fmt.Sprint(tkn.Scopes)})
+		}
+
+		table.Render()
+
+		return
+
+	case "token create":
+		scps := *tokenCreateScopes
+		tkn := &proto.Token{
+			Scopes: scps,
+		}
+
+		ftkn, err := cl.Tokens.Put(ctx, tkn)
+		if err != nil {
+			ln.FatalErr(ctx, err, ln.Action("put token to server"))
+		}
+
+		fmt.Printf("Your token is: %s\n", ftkn.Body)
+		fmt.Printf("It has permission for the following scopes: %v\n", ftkn.Scopes)
+
+		return
+
+	case "token inspect":
+		tkn, err := cl.Tokens.Get(ctx, &proto.GetTokenRequest{Id: *tokenInspectID})
+		if err != nil {
+			ln.FatalErr(ctx, err, ln.Action("fetch token from server"), ln.F{"token_id": *tokenInspectID})
+		}
+
+		json.NewEncoder(os.Stdout).Encode(tkn)
+
+		return
+
+	case "token rm":
+		tkn, err := cl.Tokens.Get(ctx, &proto.GetTokenRequest{Id: *tokenRmID})
+		if err != nil {
+			ln.FatalErr(ctx, err, ln.Action("fetch token from server"), ln.F{"token_id": *tokenRmID})
+		}
+
+		var action ln.Fer
+		if *tokenRmHard {
+			_, err = cl.Tokens.Delete(ctx, tkn)
+			action = ln.Action("actually delete token")
+		} else {
+			_, err = cl.Tokens.Deactivate(ctx, tkn)
+			action = ln.Action("deactivate token")
+		}
+
+		if err != nil {
+			ln.FatalErr(ctx, err, ln.F{"token_id": *tokenRmID}, action)
+		}
+
+		fmt.Printf("token with id %s and body %s removed.\n", tkn.Id, tkn.Body)
+
+		return
+	}
+
+	ln.Fatal(ctx, ln.Action("not implemented"), ln.F{"command": cmdline})
+}

cmd/route-httpagent/.gitignore

@@ -1 +1 @@
-route-httpagent
+route-httpagent

cmd/route-httpagent/main.go

@@ -1,23 +1,27 @@
 package main
 
 import (
+	"context"
 	"crypto/tls"
 	"flag"
-	"os"
+	"time"
 
-	"git.xeserv.us/xena/route/lib/tun2"
+	"git.xeserv.us/xena/route/internal/tun2"
 	"github.com/Xe/ln"
+	"github.com/facebookgo/flagenv"
+	_ "github.com/joho/godotenv"
 )
 
 var (
-	token      = flag.String("token", "", "Service identifier token")
-	domain     = flag.String("domain", "", "Domain to ID as")
-	backend    = flag.String("backend", "http://127.0.0.1:9090", "backend TCP/HTTP server")
-	serverAddr = flag.String("server", "127.0.0.1:9234", "frontend server")
-	connMethod = flag.String("method", "tcp", "tcp or kcp connections?")
+	token      = flag.String("token", "", "authentication token used to authenticate with routed")
+	domain     = flag.String("domain", "", "domain to use when authenticating with routed")
+	backend    = flag.String("backend", "http://127.0.0.1:9090", "backend TCP/HTTP server route-httpagent should relay traffic to/from")
+	serverAddr = flag.String("server", "127.0.0.1:9234", "the address that routed is listening on for backend connections")
+	connMethod = flag.String("method", "tcp", "the connection method used to talk to routed (MUST be either 'tcp' or 'kcp')")
 )
 
 func main() {
+	flagenv.Parse()
 	flag.Parse()
 
 	cfg := &tun2.ClientConfig{
@@ -30,11 +34,13 @@ func main() {
 	}
 
 	client, _ := tun2.NewClient(cfg)
-	err := client.Connect()
-	if err != nil {
-		ln.Error(err, ln.F{
-			"action": "client_running",
-		})
-		os.Exit(1)
+
+	for {
+		err := client.Connect(context.Background())
+		if err != nil {
+			ln.Error(context.Background(), err, ln.Action("client connection failed"))
+		}
+
+		time.Sleep(2 * time.Second)
 	}
 }

cmd/route-runmigrations/main.go

@@ -0,0 +1,43 @@
+package main
+
+import (
+	"log"
+
+	"git.xeserv.us/xena/route/internal/database/dmigrations"
+	"github.com/caarlos0/env"
+	"github.com/mattes/migrate"
+	_ "github.com/mattes/migrate/database/postgres"
+	bindata "github.com/mattes/migrate/source/go-bindata"
+)
+
+type config struct {
+	DatabaseURL string `env:"DATABASE_URL,required"`
+}
+
+func main() {
+	var cfg config
+	err := env.Parse(&cfg)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	s := bindata.Resource(dmigrations.AssetNames(),
+		func(name string) ([]byte, error) {
+			return dmigrations.Asset(name)
+		})
+
+	d, err := bindata.WithInstance(s)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	m, err := migrate.NewWithSourceInstance("go-bindata", d, cfg.DatabaseURL)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	err = m.Up()
+	if err != nil {
+		log.Fatal(err)
+	}
+}

cmd/route/.gitignore

@@ -1 +0,0 @@
-route

cmd/route/gops.go

@@ -1,13 +0,0 @@
-package main
-
-import (
-	"log"
-
-	"github.com/google/gops/agent"
-)
-
-func init() {
-	if err := agent.Listen(nil); err != nil {
-		log.Fatal(err)
-	}
-}

cmd/route/main.go

@@ -1,228 +0,0 @@
-package main
-
-import (
-	"context"
-	"crypto/tls"
-	"encoding/json"
-	"fmt"
-	"log"
-	"net/http"
-	"os"
-	"path/filepath"
-	"runtime"
-
-	"go.uber.org/atomic"
-
-	"git.xeserv.us/xena/route/internal/database"
-	"git.xeserv.us/xena/route/internal/routecrypto"
-	proto "git.xeserv.us/xena/route/proto"
-	"github.com/Xe/ln"
-	"github.com/Xe/uuid"
-	jwtcreds "github.com/Xe/x/tools/svc/credentials/jwt"
-	"github.com/dickeyxxx/netrc"
-	"github.com/kr/pretty"
-	"github.com/olekukonko/tablewriter"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials"
-	"gopkg.in/alecthomas/kingpin.v2"
-)
-
-var allScopes = []string{
-	"token:get", "token:getall", "token:put", "token:delete", "token:deactivate",
-	"route:get", "route:getall", "route:put", "route:delete",
-	"connect",
-}
-
-var whoami string
-
-func userHomeDir() string {
-	if runtime.GOOS == "windows" {
-		home := os.Getenv("HOMEDRIVE") + os.Getenv("HOMEPATH")
-		if home == "" {
-			home = os.Getenv("USERPROFILE")
-		}
-		return home
-	}
-	return os.Getenv("HOME")
-}
-
-var (
-	app        = kingpin.New("route", "An interface to routed")
-	grpcServer = app.Flag("routed-addr", "routed grpc address").Default("127.0.0.1:7268").String()
-	netrcPath  = app.Flag("netrc", "netrc path").Default(filepath.Join(userHomeDir(), ".netrc")).String()
-
-	generateKey = app.Command("generate-key", "generate SSL cert crypto key")
-
-	routes = app.Command("route", "route management")
-
-	routesCreate       = routes.Command("create", "create a new route")
-	routesCreateDomain = routesCreate.Flag("domain", "domain for the route (if not given one will be generated for you)").String()
-
-	routesInspect       = routes.Command("inspect", "inspect one route")
-	routesInspectDomain = routesInspect.Flag("domain", "domain to inspect").Required().String()
-
-	routesList = routes.Command("list", "list all routes owned by you")
-
-	routesRm   = routes.Command("rm", "remove a route")
-	routesRmID = routesRm.Flag("id", "route ID to remove").Required().String()
-
-	testServer     = app.Command("test-server", "spawn a simple HTTP test server on a TCP address")
-	testServerAddr = testServer.Flag("addr", "TCP address").Default(":9090").String()
-
-	token = app.Command("token", "token management")
-
-	tokenCreate       = token.Command("create", "create a new token")
-	tokenCreateScopes = tokenCreate.Flag("scope", "token scopes").Default(allScopes...).Strings()
-
-	tokenGenerate             = token.Command("generate-root", "generate a root token")
-	tokenGenerateKey          = tokenGenerate.Flag("key", "token crypto key").Required().String()
-	tokenGenerateScopes       = tokenGenerate.Flag("scopes", "token scopes").Default(allScopes...).Strings()
-	tokenGenerateUsername     = tokenGenerate.Flag("username", "token username").Required().String()
-	tokenGenerateDatabasePath = tokenGenerate.Flag("db", "database file to add the root token to").Required().String()
-
-	tokenInspect   = token.Command("inspect", "inspect a token")
-	tokenInspectID = tokenInspect.Arg("token-id", "token id").Required().String()
-
-	tokenList            = token.Command("list", "list all tokens belonging to you")
-	tokenListDeactivated = tokenList.Flag("deactivated", "list deactivated tokens?").Default("false").Bool()
-
-	tokenRm     = token.Command("rm", "remove a token")
-	tokenRmHard = tokenRm.Flag("hard", "hard-delete the token instead of deactivating it").Default("false").Bool()
-	tokenRmID   = tokenRm.Flag("id", "token id").Required().String()
-)
-
-var (
-	hits *atomic.Int64
-)
-
-func init() {
-	hits = atomic.NewInt64(0)
-}
-
-func handle(w http.ResponseWriter, r *http.Request) {
-	fmt.Fprintln(w, "Route is go!")
-	fmt.Fprintf(w, "%s\n", pretty.Sprintf("%s", r.Header))
-	hn, _ := os.Hostname()
-	fmt.Fprintf(w, "Served by %s running %s\n", hn, runtime.GOOS)
-	fmt.Fprintf(w, "Hit count: %d", hits.Inc())
-
-	ip := r.Header.Get("X-Remote-Ip")
-	if ip != "" {
-		log.Printf("Hit from %s: %s", ip, r.RequestURI)
-	}
-}
-
-func main() {
-	cmdline := kingpin.MustParse(app.Parse(os.Args[1:]))
-
-	n, err := netrc.Parse(*netrcPath)
-	if err != nil {
-		ln.Fatal(ln.F{"err": err, "action": "netrc.Parse"})
-	}
-	_ = n
-
-	switch cmdline {
-	case "test-server":
-		http.HandleFunc("/", handle)
-
-		ln.Fatal(ln.F{"err": http.ListenAndServe(*testServerAddr, nil), "action": "test_server"})
-
-	case "generate-key":
-		key, err := routecrypto.GenerateKey()
-		if err != nil {
-			ln.Fatal(ln.F{"err": err, "action": "routecrypto.GenerateKey"})
-		}
-
-		fmt.Println("Your key is:", routecrypto.ShowKey(key))
-	case "token generate-root":
-		key, err := routecrypto.ParseKey(*tokenGenerateKey)
-		if err != nil {
-			ln.Fatal(ln.F{"err": err, "action": "routecrypto.ParseKey"})
-		}
-		db, err := database.NewBoltStorage(*tokenGenerateDatabasePath, key)
-		if err != nil {
-			ln.Fatal(ln.F{"err": err, "action": "database.NewBoltStorage"})
-		}
-
-		tBody := uuid.New()
-
-		_, err = db.PutToken(context.Background(), tBody, *tokenGenerateUsername, *tokenGenerateScopes)
-		if err != nil {
-			ln.Fatal(ln.F{"err": err, "action": "db.PutToken"})
-		}
-		defer db.Close()
-
-		fmt.Println("Your token is:", tBody)
-
-		n.AddMachine(*grpcServer, *tokenGenerateUsername, tBody)
-		err = n.Save()
-		if err != nil {
-			ln.Fatal(ln.F{"err": err, "action": "n.Save"})
-		}
-
-		return
-	}
-
-	m := n.Machine(*grpcServer)
-
-	connCreds := credentials.NewTLS(&tls.Config{
-		InsecureSkipVerify: true,
-	})
-	creds := jwtcreds.NewFromToken(m.Get("password"))
-	conn, err := grpc.Dial(*grpcServer,
-		grpc.WithTransportCredentials(connCreds),
-		grpc.WithPerRPCCredentials(creds))
-	if err != nil {
-		ln.Fatal(ln.F{"err": err, "action": "grpc.Dial"})
-	}
-
-	rc := proto.NewRoutesClient(conn)
-	tc := proto.NewTokensClient(conn)
-
-	_ = rc
-	_ = tc
-
-	switch cmdline {
-	case "route create":
-		idr, err := rc.Put(context.Background(), &proto.Route{Host: *routesCreateDomain})
-		if err != nil {
-			ln.Fatal(ln.F{"err": err, "action": "rc.Put"})
-		}
-
-		fmt.Println(idr.Id)
-
-	case "route inspect":
-		r, err := rc.Get(context.Background(), &proto.GetRouteRequest{
-			Host: *routesCreateDomain,
-		})
-		if err != nil {
-			ln.Fatal(ln.F{"err": err, "action": "rc.Get"})
-		}
-
-		json.NewEncoder(os.Stdout).Encode(r)
-		fmt.Println()
-
-		return
-
-	case "route list":
-		rts, err := rc.GetAll(context.Background(), &proto.Nil{})
-		if err != nil {
-			ln.Fatal(ln.F{"err": err, "action": "rc.GetAll"})
-		}
-
-		table := tablewriter.NewWriter(os.Stdout)
-		table.SetHeader([]string{"ID", "Host"})
-
-		for _, r := range rts.Routes {
-			table.Append([]string{r.Id, r.Host})
-		}
-
-		return
-
-	case "route rm":
-		_, err := rc.Delete(context.Background(), &proto.Route{Id: *routesRmID})
-		if err != nil {
-			ln.Fatal(ln.F{"err": err, "action": "rc.Delete"})
-		}
-	}
-}

cmd/routed/backend.go

@@ -0,0 +1,72 @@
+package main
+
+import (
+	"git.xeserv.us/xena/route/internal/tun2"
+	proto "git.xeserv.us/xena/route/proto"
+	"github.com/Xe/ln"
+	"golang.org/x/net/context"
+)
+
+// Backend implements proto.BackendsServer for gRPC.
+type Backend struct {
+	*Server
+}
+
+// List returns a list of backends given filtering parameters.
+func (b *Backend) List(ctx context.Context, sel *proto.BackendSelector) (*proto.BackendList, error) {
+	clitok, err := b.getAuth(ctx, "backend list", "backend:list")
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "authentication for backend list"})
+	}
+
+	bl := map[string]tun2.Backend{}
+
+	switch {
+	case sel.Domain != "":
+		for _, bk := range b.ts.GetBackendsForDomain(sel.Domain) {
+			bl[bk.ID] = bk
+		}
+	case sel.User != "":
+		for _, bk := range b.ts.GetBackendsForUser(sel.User) {
+			bl[bk.ID] = bk
+		}
+	default:
+		for _, bk := range b.ts.GetAllBackends() {
+			bl[bk.ID] = bk
+		}
+	}
+
+	resp := &proto.BackendList{
+		Bs: sel,
+	}
+
+	for _, bk := range bl {
+		resp.Backends = append(resp.Backends, &proto.Backend{
+			Id:     bk.ID,
+			Proto:  bk.Proto,
+			User:   bk.User,
+			Domain: bk.Domain,
+			Phi:    bk.Phi,
+			Host:   bk.Host,
+			Usable: bk.Usable,
+		})
+	}
+
+	return resp, nil
+}
+
+// Kill removes a backend's connection by ID.
+func (b *Backend) Kill(ctx context.Context, bid *proto.BackendID) (*proto.Nil, error) {
+	clitok, err := b.getAuth(ctx, "backend list", "backend:list")
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "authentication for backend list"})
+	}
+
+	if err := b.ts.KillBackend(bid.Id); err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "killing backend", "backend_id": bid.Id})
+	}
+
+	ln.Log(ctx, clitok, ln.Action("backend killed"), ln.F{"backend_id": bid.Id})
+
+	return &proto.Nil{}, nil
+}

cmd/routed/common.go

@@ -0,0 +1,149 @@
+package main
+
+import (
+	"context"
+	"errors"
+	"net/http"
+	"time"
+
+	"git.xeserv.us/xena/route/internal/database"
+	"git.xeserv.us/xena/route/internal/middleware"
+	"github.com/Xe/ln"
+	"github.com/twitchtv/twirp"
+	"golang.org/x/net/trace"
+)
+
+// errors
+var (
+	ErrNotAuthorized = errors.New("server: not authorized")
+)
+
+func (s *Server) makeTwirpHooks() *twirp.ServerHooks {
+	hooks := &twirp.ServerHooks{}
+
+	hooks.RequestRouted = func(ctx context.Context) (context.Context, error) {
+		ctx = withStartTime(ctx)
+
+		method, ok := twirp.MethodName(ctx)
+		if !ok {
+			return ctx, nil
+		}
+
+		pkg, ok := twirp.PackageName(ctx)
+		if !ok {
+			return ctx, nil
+		}
+
+		svc, ok := twirp.ServiceName(ctx)
+		if !ok {
+			return ctx, nil
+		}
+
+		ctx = ln.WithF(ctx, ln.F{
+			"twirp_method":  method,
+			"twirp_package": pkg,
+			"twirp_service": svc,
+		})
+
+		hdr, ok := middleware.GetHeaders(ctx)
+		if !ok {
+			return ctx, errors.New("can't get request headers")
+		}
+
+		req, _ := http.NewRequest("GET", "/", nil)
+		req.Header = hdr
+
+		ck, err := req.Cookie("routed")
+		if err != nil {
+			return ctx, err
+		}
+
+		tok := ck.Value
+
+		t, err := s.db.Tokens().Get(ctx, tok)
+		if err != nil {
+			return ctx, err
+		}
+
+		ctx = withAuthToken(ctx, t)
+		ctx = ln.WithF(ctx, t.F())
+
+		return ctx, nil
+	}
+
+	hooks.ResponseSent = func(ctx context.Context) {
+		f := ln.F{}
+		now := time.Now()
+		t, ok := getStartTime(ctx)
+		if ok {
+			f["response_time"] = now.Sub(t)
+		}
+
+		ln.Log(ctx, f, ln.Action("response sent"))
+	}
+
+	hooks.Error = func(ctx context.Context, e twirp.Error) context.Context {
+		f := ln.F{}
+
+		for k, v := range e.MetaMap() {
+			f["twirp_meta_"+k] = v
+		}
+
+		ln.Error(ctx, e, f, ln.Action("twirp error"), ln.F{
+			"twirp_error_code": e.Code(),
+			"twirp_error_msg":  e.Msg(),
+		})
+
+		tr, ok := trace.FromContext(ctx)
+		if !ok {
+			return ctx
+		}
+
+		tr.SetError()
+
+		return ctx
+	}
+
+	return hooks
+}
+
+func (s *Server) getAuth(ctx context.Context, operation, scope string) (database.Token, error) {
+	t, ok := getAuthToken(ctx)
+	if !ok {
+		return database.Token{}, errors.New("no auth token in context")
+	}
+
+	ok = false
+	for _, sc := range t.Scopes {
+		// the "admin" scope is implicitly allowed for everything.
+		if sc == "admin" {
+			ok = true
+			break
+		}
+
+		if sc == scope {
+			ok = true
+		}
+	}
+
+	if !ok {
+		return database.Token{}, ErrNotAuthorized
+	}
+
+	ln.WithF(ctx, ln.F{"operation": operation})
+
+	return t, nil
+}
+
+func handleError(ctx context.Context, clitok database.Token, err error, f ln.F) error {
+	tr, ok := trace.FromContext(ctx)
+	if !ok {
+		goto skip
+	}
+	tr.SetError()
+
+skip:
+	ln.Error(ctx, err, f, clitok)
+
+	return err
+}

cmd/routed/ctx.go

@@ -0,0 +1,41 @@
+package main
+
+import (
+	"context"
+	"time"
+
+	"git.xeserv.us/xena/route/internal/database"
+)
+
+type ctxKey int
+
+const (
+	startTimeKey ctxKey = iota
+	tokenKey
+)
+
+func withStartTime(ctx context.Context) context.Context {
+	return context.WithValue(ctx, startTimeKey, time.Now())
+}
+
+func getStartTime(ctx context.Context) (time.Time, bool) {
+	t, ok := ctx.Value(startTimeKey).(time.Time)
+	if !ok {
+		return time.Time{}, false
+	}
+
+	return t, true
+}
+
+func withAuthToken(ctx context.Context, token database.Token) context.Context {
+	return context.WithValue(ctx, tokenKey, token)
+}
+
+func getAuthToken(ctx context.Context) (database.Token, bool) {
+	t, ok := ctx.Value(tokenKey).(database.Token)
+	if !ok {
+		return database.Token{}, false
+	}
+
+	return t, true
+}

cmd/routed/main.go

@@ -1,20 +1,25 @@
 package main
 
 import (
+	"context"
 	"crypto/tls"
 	"flag"
-	"log"
+	"fmt"
 	"math/rand"
 	"net"
 	"net/http"
+	"os"
+	"os/signal"
 	"time"
 
+	_ "git.xeserv.us/xena/route/internal"
+	"git.xeserv.us/xena/route/internal/middleware"
 	"git.xeserv.us/xena/route/internal/routecrypto"
-	"git.xeserv.us/xena/route/internal/server"
 	"github.com/Xe/ln"
 	"github.com/caarlos0/env"
 	"github.com/facebookgo/flagenv"
 	_ "github.com/joho/godotenv/autoload"
+	"github.com/lucas-clemente/quic-go/h2quic"
 )
 
 var (
@@ -26,44 +31,156 @@ func main() {
 	flagenv.Parse()
 	rand.Seed(time.Now().Unix())
 
-	certKey, _ := routecrypto.ParseKey(*sslCertKey)
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
 
-	scfg := server.Config{}
-	err := env.Parse(&scfg)
+	certKey, err := routecrypto.ParseKey(*sslCertKey)
 	if err != nil {
-		ln.Fatal(ln.F{"err": err, "action": "env.Parse()"})
+		ln.FatalErr(ctx, err, ln.Action("parse cert key"))
+	}
+
+	scfg := Config{}
+	err = env.Parse(&scfg)
+	if err != nil {
+		ln.FatalErr(ctx, err, ln.Action("parsing environment for config"))
 	}
 	scfg.CertKey = certKey
 
-	s, err := server.New(scfg)
+	s, err := New(scfg)
 	if err != nil {
-		log.Fatal(err)
+		ln.FatalErr(ctx, err, ln.Action("create server instance"))
 	}
 
-	go setupTLS(s, scfg)
+	go setupQuic(ctx, s, scfg)
+	go setupTLS(ctx, s, scfg)
+	go setupHTTP(ctx, s, scfg)
 
+	ch := make(chan os.Signal, 2)
+
+	go func() {
+		val := <-ch
+
+		ln.Log(ctx, ln.F{"signal": val.String()}, ln.Action("signal recieved"))
+		cancel()
+	}()
+
+	signal.Notify(ch, os.Interrupt)
+
+	<-ctx.Done()
+
+	fmt.Printf("%s is now waiting for final shutdown, press ^C again to kill it now\n", os.Args[0])
+	time.Sleep(30 * time.Second)
+}
+
+func setupHTTP(ctx context.Context, s *Server, scfg Config) {
+	f := ln.F{
+		"kind": "http",
+		"addr": scfg.WebAddr,
+	}
+
+	// listen on HTTP listener
 	l, err := net.Listen("tcp", scfg.WebAddr)
 	if err != nil {
-		log.Fatal(err)
+		ln.FatalErr(ctx, err, f, ln.Action("listening on HTTP port"))
 	}
 	defer l.Close()
 
 	hs := &http.Server{
-		Handler: s,
+		Handler: s.Manager.HTTPHandler(http.HandlerFunc(insecureRedirect)),
 		Addr:    scfg.WebAddr,
 	}
 
-	hs.Serve(l)
+	go ln.FatalErr(ctx, hs.Serve(l))
+	ln.Log(ctx, f, ln.Action("http server listen"))
+
+	for {
+		select {
+		case <-ctx.Done():
+			ln.Log(ctx, f, ln.Action("shutdown signal recieved"))
+			hs.SetKeepAlivesEnabled(false)
+
+			ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+			defer cancel()
+			hs.Shutdown(ctx)
+
+			ln.Log(ctx, f, ln.Action("shutdown complete"))
+			return
+		}
+	}
 }
 
-func setupTLS(s *server.Server, scfg server.Config) {
+func setupQuic(ctx context.Context, s *Server, scfg Config) {
+	f := ln.F{
+		"kind": "quic",
+		"addr": scfg.QuicAddr,
+	}
+
+	qs := &h2quic.Server{
+		Server: &http.Server{
+			Handler: middleware.Trace("http-quic")(s),
+			Addr:    scfg.QuicAddr,
+			TLSConfig: &tls.Config{
+				GetCertificate: s.GetCertificate,
+			},
+
+			IdleTimeout:       5 * time.Minute,
+			ReadHeaderTimeout: time.Second,
+		},
+	}
+
+	s.QuicServer = qs
+
+	go ln.FatalErr(context.Background(), qs.ListenAndServe())
+	ln.Log(ctx, f, ln.Action("http server listen"))
+
+	for {
+		select {
+		case <-ctx.Done():
+			ln.Log(ctx, f, ln.Action("shutdown signal recieved"))
+			qs.SetKeepAlivesEnabled(false)
+
+			ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+			defer cancel()
+			qs.Shutdown(ctx)
+
+			ln.Log(ctx, f, ln.Action("shutdown complete"))
+			return
+		}
+	}
+}
+
+func setupTLS(ctx context.Context, s *Server, scfg Config) {
+	f := ln.F{
+		"kind": "https",
+		"addr": scfg.SSLAddr,
+	}
+
 	hs := &http.Server{
-		Handler: s,
+		Handler: middleware.Trace("https")(s),
 		Addr:    scfg.SSLAddr,
 		TLSConfig: &tls.Config{
 			GetCertificate: s.GetCertificate,
 		},
+
+		IdleTimeout:       5 * time.Minute,
+		ReadHeaderTimeout: time.Second,
 	}
 
-	hs.ListenAndServeTLS("", "")
+	go ln.FatalErr(context.Background(), hs.ListenAndServeTLS("", ""))
+	ln.Log(ctx, f, ln.Action("http server listen"))
+
+	for {
+		select {
+		case <-ctx.Done():
+			ln.Log(ctx, f, ln.Action("shutdown signal recieved"))
+			hs.SetKeepAlivesEnabled(false)
+
+			ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+			defer cancel()
+			hs.Shutdown(ctx)
+
+			ln.Log(ctx, f, ln.Action("shutdown complete"))
+			return
+		}
+	}
 }

cmd/routed/route.go

@@ -1,7 +1,8 @@
-package server
+package main
 
 import (
-	"git.xeserv.us/xena/route/lib/elfs"
+	"git.xeserv.us/xena/route/internal/database"
+	"git.xeserv.us/xena/route/internal/elfs"
 	proto "git.xeserv.us/xena/route/proto"
 	"github.com/Xe/ln"
 	"golang.org/x/net/context"
@@ -14,21 +15,19 @@ type Route struct {
 
 // interface assertions
 var (
-	_ proto.RoutesServer = &Route{}
+	_ proto.Routes = &Route{}
 )
 
 // Get fetches a route from the database.
 func (r *Route) Get(ctx context.Context, req *proto.GetRouteRequest) (*proto.Route, error) {
-	clitok, err := r.getAuth(ctx, "route:get")
+	clitok, err := r.getAuth(ctx, "get single route", "route:get")
 	if err != nil {
 		return nil, handleError(ctx, clitok, err, ln.F{"action": "Route.Get_getAuth"})
 	}
 
-	val, err := r.db.GetRoute(ctx, req.Host)
+	val, err := r.db.Routes().Get(ctx, req.Id)
 	if err != nil {
-		ln.Error(err, ln.F{"action": "Route.Get"})
-
-		return nil, err
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "get single route from database", "id": req.Id})
 	}
 
 	if val.Creator != clitok.Owner {
@@ -40,16 +39,14 @@ func (r *Route) Get(ctx context.Context, req *proto.GetRouteRequest) (*proto.Rou
 
 // GetAll fetches all of the routes that you own.
 func (r *Route) GetAll(ctx context.Context, req *proto.Nil) (*proto.GetAllRoutesResponse, error) {
-	clitok, err := r.getAuth(ctx, "route:getall")
+	clitok, err := r.getAuth(ctx, "get all routes for user", "route:getall")
 	if err != nil {
 		return nil, handleError(ctx, clitok, err, ln.F{"action": "Route.GetAll_getAuth"})
 	}
 
-	routes, err := r.db.GetAllRoutes(ctx, clitok.Owner)
+	routes, err := r.db.Routes().GetAll(ctx, clitok.Owner)
 	if err != nil {
-		ln.Error(err, ln.F{"action": "Route.GetAll"})
-
-		return nil, err
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "get all routes for user from database"})
 	}
 
 	result := []*proto.Route{}
@@ -64,8 +61,8 @@ func (r *Route) GetAll(ctx context.Context, req *proto.Nil) (*proto.GetAllRoutes
 	}, nil
 }
 
-func (r *Route) Put(ctx context.Context, rt *proto.Route) (*proto.IDResponse, error) {
-	clitok, err := r.getAuth(ctx, "route:put")
+func (r *Route) Put(ctx context.Context, rt *proto.Route) (*proto.Route, error) {
+	clitok, err := r.getAuth(ctx, "put new route", "route:put")
 	if err != nil {
 		return nil, handleError(ctx, clitok, err, ln.F{"action": "Route.Put_getAuth"})
 	}
@@ -74,45 +71,46 @@ func (r *Route) Put(ctx context.Context, rt *proto.Route) (*proto.IDResponse, er
 		rt.Host = elfs.MakeName() + r.cfg.DomainSuffix
 	}
 
-	drt, err := r.db.PutRoute(ctx, rt.Host, clitok.Owner)
-	if err != nil {
-		ln.Error(err, ln.F{"action": "Route.Put"})
-
-		return nil, err
+	rr := database.Route{
+		ID:       rt.Id,
+		Hostname: rt.Host,
+		Creator:  clitok.Owner,
 	}
 
-	ln.Log(drt.F(), ln.F{"action": "Route.Put_success"})
+	drt, err := r.db.Routes().Put(ctx, rr)
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "put route to database"})
+	}
 
-	return &proto.IDResponse{
-		Id: drt.ID,
-	}, nil
+	ln.Log(ctx, drt, ln.Action("put route to database"))
+
+	return drt.AsProto(), nil
 }
 
-func (r *Route) Delete(ctx context.Context, rt *proto.Route) (*proto.IDResponse, error) {
-	clitok, err := r.getAuth(ctx, "route:delete")
+func (r *Route) Delete(ctx context.Context, rt *proto.Route) (*proto.Nil, error) {
+	clitok, err := r.getAuth(ctx, "delete single route", "route:delete")
 	if err != nil {
 		return nil, handleError(ctx, clitok, err, ln.F{"action": "Route.Delete_getAuth"})
 	}
 
-	drt, err := r.db.GetRoute(ctx, rt.Host)
+	drt, err := r.db.Routes().Get(ctx, rt.Host)
 	if err != nil {
-		ln.Error(err, ln.F{"action": "Route.Delete_getRoute_verify"})
-
-		return nil, err
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "fetch route from database", "host": rt.Host})
 	}
 
 	if drt.Creator != clitok.Owner {
-		return nil, handleError(ctx, clitok, ErrNotAuthorized, ln.F{"action": "Route.Delete_not_authorized"})
+		return nil, handleError(ctx, clitok, ErrNotAuthorized, ln.F{"action": "user not authorized to delete this route", "host": rt.Host})
 	}
 
-	err = r.db.DeleteRoute(ctx, rt.Id)
+	_, err = r.db.Routes().Delete(ctx, database.Route{ID: rt.Id})
 	f := drt.F()
-	f["action"] = "Route.Delete_db.DeleteRoute"
+	f["action"] = "delete route from database"
 	if err != nil {
 		handleError(ctx, clitok, ErrNotAuthorized, f)
 	}
 
-	ln.Log(f, drt.F())
+	f["action"] = "deleted route from database"
+	ln.Log(ctx, f, drt)
 
-	return &proto.IDResponse{Id: rt.Id}, nil
+	return &proto.Nil{}, nil
 }

cmd/routed/server.go

@@ -0,0 +1,237 @@
+package main
+
+import (
+	"crypto/tls"
+	"errors"
+	"net"
+	"net/http"
+	"net/http/httputil"
+	"time"
+
+	"git.xeserv.us/xena/route/internal/database"
+	"git.xeserv.us/xena/route/internal/middleware"
+	"git.xeserv.us/xena/route/internal/tun2"
+	proto "git.xeserv.us/xena/route/proto"
+	"github.com/Xe/ln"
+	"github.com/lucas-clemente/quic-go/h2quic"
+	"github.com/mtneug/pkg/ulid"
+	kcp "github.com/xtaci/kcp-go"
+	"golang.org/x/crypto/acme/autocert"
+	"golang.org/x/net/context"
+)
+
+// RPC constants
+const (
+	RPCPort uint16 = 39453
+)
+
+// Server is the main server type.
+type Server struct {
+	cfg *Config
+	db  database.Storage
+	ts  *tun2.Server
+
+	QuicServer *h2quic.Server
+
+	*autocert.Manager
+}
+
+// Config configures Server
+type Config struct {
+	BoltDBPath string `env:"BOLTDB_PATH,required"`
+
+	WebAddr        string `env:"WEB_ADDR,required"`
+	SSLAddr        string `env:"SSL_ADDR,required"`
+	QuicAddr       string `env:"QUIC_ADDR,required"`
+	BackendTCPAddr string `env:"BACKEND_TCP_ADDR,required"`
+	BackendKCPAddr string `env:"BACKEND_KCP_ADDR,required"`
+	GRPCAddr       string `env:"GRPC_ADDR,required"`
+
+	DomainSuffix string `env:"DOMAIN_SUFFIX,required"`
+	ACMEEmail    string `env:"ACME_EMAIL,required"`
+	CertKey      *[32]byte
+}
+
+// listenTCP configures a listener for TCP+TLS agent connections.
+func (s *Server) listenTCP(ctx context.Context, addr string, tcfg *tls.Config) {
+	l, err := tls.Listen("tcp", addr, tcfg)
+	if err != nil {
+		panic(err)
+	}
+
+	ln.Log(ctx, ln.Action("tcp+tls listening"), ln.F{"addr": l.Addr()})
+
+	for {
+		conn, err := l.Accept()
+		if err != nil {
+			ln.Error(ctx, err, ln.Action("accept backend client socket"))
+		}
+
+		ln.Log(ctx, ln.F{
+			"action":  "new backend client",
+			"addr":    conn.RemoteAddr(),
+			"network": conn.RemoteAddr().Network(),
+		})
+
+		go s.ts.HandleConn(conn, false)
+	}
+}
+
+// listenKCP configures a listener for KCP+TLS agent connections.
+func (s *Server) listenKCP(ctx context.Context, addr string, tcfg *tls.Config) {
+	l, err := kcp.Listen(addr)
+	if err != nil {
+		panic(err)
+	}
+
+	ln.Log(ctx, ln.Action("kcp+tls listening"), ln.F{"addr": l.Addr()})
+
+	for {
+		conn, err := l.Accept()
+		if err != nil {
+			ln.Error(ctx, err, ln.F{"kind": "kcp", "addr": l.Addr().String()})
+		}
+
+		ln.Log(ctx, ln.F{
+			"action":  "new_client",
+			"network": conn.RemoteAddr().Network(),
+			"addr":    conn.RemoteAddr(),
+		})
+
+		tc := tls.Server(conn, tcfg)
+
+		go s.ts.HandleConn(tc, true)
+	}
+}
+
+// New creates a new Server
+func New(cfg Config) (*Server, error) {
+	if cfg.CertKey == nil {
+		return nil, errors.New("no cert decryption key, can't do anything")
+	}
+
+	db, err := database.NewBoltStorage(cfg.BoltDBPath, cfg.CertKey)
+	if err != nil {
+		return nil, err
+	}
+
+	m := &autocert.Manager{
+		Prompt:     autocert.AcceptTOS,
+		Cache:      database.Cache(db),
+		HostPolicy: nil,
+		Email:      cfg.ACMEEmail,
+	}
+
+	tcfg := &tun2.ServerConfig{
+		Storage: &storageWrapper{
+			Storage: db,
+		},
+	}
+
+	ts, err := tun2.NewServer(tcfg)
+	if err != nil {
+		return nil, err
+	}
+
+	s := &Server{
+		cfg: &cfg,
+		db:  db,
+		ts:  ts,
+
+		Manager: m,
+	}
+
+	tc := &tls.Config{
+		GetCertificate: m.GetCertificate,
+	}
+
+	go s.listenKCP(context.Background(), cfg.BackendKCPAddr, tc)
+	go s.listenTCP(context.Background(), cfg.BackendTCPAddr, tc)
+
+	withHandler := func(disc string, h http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			h.ServeHTTP(w, r.WithContext(ln.WithF(r.Context(), ln.F{"disc": disc})))
+		})
+	}
+
+	bhdr := proto.NewBackendsServer(&Backend{Server: s}, s.makeTwirpHooks())
+	rhdr := proto.NewRoutesServer(&Route{Server: s}, s.makeTwirpHooks())
+	thdr := proto.NewTokensServer(&Token{Server: s}, s.makeTwirpHooks())
+	mux := http.NewServeMux()
+
+	mux.Handle(proto.BackendsPathPrefix, withHandler("backends", bhdr))
+	mux.Handle(proto.RoutesPathPrefix, withHandler("routes", rhdr))
+	mux.Handle(proto.TokensPathPrefix, withHandler("tokens", thdr))
+
+	hs := &http.Server{
+		TLSConfig: tc,
+		Addr:      cfg.GRPCAddr,
+		Handler:   middleware.SaveHeaders(middleware.Trace("twirp-https")(mux)),
+	}
+
+	ln.Log(context.Background(), ln.F{
+		"kind":     "api",
+		"backends": proto.BackendsPathPrefix,
+		"routes":   proto.RoutesPathPrefix,
+		"tokens":   proto.TokensPathPrefix,
+		"addr":     cfg.GRPCAddr,
+	})
+	go hs.ListenAndServeTLS("", "")
+
+	return s, nil
+}
+
+// Director removes headers that are typically stripped off at request ingress.
+func (s *Server) Director(r *http.Request) {
+	r.Header.Del("X-Forwarded-For")
+	r.Header.Del("X-Client-Ip")
+}
+
+// ServeHTTP proxies traffic to a remote backend based on the request meta-information.
+func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if r.Header.Get("X-Tor2web") != "" {
+		http.Error(w, "tor2web proxy use is not allowed", 400)
+		return
+	}
+
+	host, _, err := net.SplitHostPort(r.RemoteAddr)
+	if err != nil {
+		http.Error(w, err.Error(), 500)
+		return
+	}
+	r.Header.Set("X-Remote-Ip", host)
+	r.Header.Set("X-Request-Ingress", time.Now().Format(time.RFC3339))
+
+	rid := ulid.New().String()
+	r.Header.Set("X-Request-Id", rid)
+	w.Header().Set("X-Request-Id", rid)
+	s.QuicServer.SetQuicHeaders(w.Header())
+
+	// http://www.gnuterrypratchett.com/
+	w.Header().Set("X-Clacks-Overhead", "GNU Ashlynn")
+
+	rp := &httputil.ReverseProxy{
+		Director:      s.Director,
+		Transport:     s.ts,
+		FlushInterval: 1 * time.Second,
+	}
+
+	rp.ServeHTTP(w, r)
+}
+
+// insecureRedirect redirects a client to https if they connect over plain HTTP.
+func insecureRedirect(w http.ResponseWriter, r *http.Request) {
+	switch r.Method {
+	case http.MethodPatch, http.MethodPut, http.MethodPost:
+		http.Error(w, "use https", http.StatusNotAcceptable)
+		ln.Log(r.Context(), ln.Action("cannot redirect (wrong method)"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})
+		return
+	}
+
+	r.URL.Host = r.Host
+	r.URL.Scheme = "https"
+
+	ln.Log(r.Context(), ln.Action("redirecting insecure HTTP to HTTPS"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})
+
+	http.Redirect(w, r, r.URL.String(), http.StatusPermanentRedirect)
+}

cmd/routed/server_test.go

@@ -0,0 +1,29 @@
+package main
+
+import (
+	"net/http"
+	"testing"
+)
+
+func TestDirector(t *testing.T) {
+	s := &Server{}
+
+	req, err := http.NewRequest("GET", "https://cetacean.club/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	req.Header.Add("X-Forwarded-For", "Rick-James")
+	req.Header.Add("X-Client-Ip", "56.32.51.84")
+
+	s.Director(req)
+
+	for _, header := range []string{"X-Forwarded-For", "X-Client-Ip"} {
+		t.Run(header, func(t *testing.T) {
+			val := req.Header.Get(header)
+			if val != "" {
+				t.Fatalf("expected header %q to have no value, got: %v", header, val)
+			}
+		})
+	}
+}

cmd/routed/storage.go

@@ -1,10 +1,10 @@
-package server
+package main
 
 import (
 	"context"
 
 	"git.xeserv.us/xena/route/internal/database"
-	"git.xeserv.us/xena/route/lib/tun2"
+	"git.xeserv.us/xena/route/internal/tun2"
 )
 
 type storageWrapper struct {
@@ -16,7 +16,7 @@ var (
 )
 
 func (s *storageWrapper) HasToken(token string) (string, []string, error) {
-	t, err := s.Storage.GetToken(context.Background(), token)
+	t, err := s.Storage.Tokens().GetBody(context.Background(), token)
 	if err != nil {
 		return "", nil, err
 	}
@@ -25,7 +25,7 @@ func (s *storageWrapper) HasToken(token string) (string, []string, error) {
 }
 
 func (s *storageWrapper) HasRoute(domain string) (string, error) {
-	r, err := s.Storage.GetRoute(context.Background(), domain)
+	r, err := s.Storage.Routes().GetHost(context.Background(), domain)
 	if err != nil {
 		return "", err
 	}

cmd/routed/token.go

@@ -1,6 +1,9 @@
-package server
+package main
 
 import (
+	"errors"
+
+	"git.xeserv.us/xena/route/internal/database"
 	proto "git.xeserv.us/xena/route/proto"
 	"github.com/Xe/ln"
 	"github.com/Xe/uuid"
@@ -16,20 +19,20 @@ type Token struct {
 
 // interface assertions
 var (
-	_ proto.TokensServer = &Token{}
+	_ proto.Tokens = &Token{}
 )
 
 func (t *Token) Get(ctx context.Context, req *proto.GetTokenRequest) (*proto.Token, error) {
-	clitok, err := t.getAuth(ctx, "token:get")
+	clitok, err := t.getAuth(ctx, "get single token", "token:get")
 	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "Token.Get_getAuth"})
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "not authorized"})
 	}
 
 	if req.Id == "" {
 		return nil, status.Errorf(codes.InvalidArgument, "must specify ID")
 	}
 
-	dbt, err := t.db.GetTokenID(ctx, req.Id)
+	dbt, err := t.db.Tokens().Get(ctx, req.Id)
 	if err != nil {
 		return nil, err
 	}
@@ -42,12 +45,12 @@ func (t *Token) Get(ctx context.Context, req *proto.GetTokenRequest) (*proto.Tok
 }
 
 func (t *Token) GetAll(ctx context.Context, req *proto.Nil) (*proto.TokenSet, error) {
-	clitok, err := t.getAuth(ctx, "token:getall")
+	clitok, err := t.getAuth(ctx, "get all tokens", "token:getall")
 	if err != nil {
 		return nil, handleError(ctx, clitok, err, ln.F{"action": "Token.GetAll_getAuth"})
 	}
 
-	toks, err := t.db.GetTokensForOwner(ctx, clitok.Owner)
+	toks, err := t.db.Tokens().GetAll(ctx, clitok.Owner)
 	if err != nil {
 		return nil, handleError(ctx, clitok, err, ln.F{"action": "Token.GetAll_db.GetTokensForOwner"})
 	}
@@ -64,43 +67,43 @@ func (t *Token) GetAll(ctx context.Context, req *proto.Nil) (*proto.TokenSet, er
 }
 
 func (t *Token) Put(ctx context.Context, tok *proto.Token) (*proto.Token, error) {
-	clitok, err := t.getAuth(ctx, "token:put")
+	clitok, err := t.getAuth(ctx, "put new token", "token:put")
 	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "Token.Put_getAuth"})
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "not authorized"})
 	}
 
-	dbt, err := t.db.PutToken(ctx, uuid.New(), clitok.Owner, tok.Scopes)
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "Token.Put_db.PutToken"})
+	dtok := database.Token{
+		ID:     uuid.New(),
+		Owner:  clitok.Owner,
+		Scopes: tok.Scopes,
 	}
 
+	dbt, err := t.db.Tokens().Put(ctx, dtok)
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "put token into database", "scopes": tok.Scopes})
+	}
+
+	ln.Log(ctx, dbt, ln.Action("new token created"))
+
 	return dbt.AsProto(), nil
 }
 
 func (t *Token) Delete(ctx context.Context, tok *proto.Token) (*proto.Nil, error) {
-	clitok, err := t.getAuth(ctx, "token:delete")
+	clitok, err := t.getAuth(ctx, "delete single token", "token:delete")
 	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "Token.Delete_getAuth"})
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "not authorized"})
 	}
 
-	err = t.db.DeleteToken(ctx, tok.Id)
+	_, err = t.db.Tokens().Delete(ctx, tok.Id)
 	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "Token.Delete_db.DeleteToken"})
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "delete token from database", "token_id": tok.Id})
 	}
 
+	ln.Log(ctx, clitok, ln.Action("token deleted"), ln.F{"token_id": tok.Id})
+
 	return &proto.Nil{}, nil
 }
 
 func (t *Token) Deactivate(ctx context.Context, tok *proto.Token) (*proto.Nil, error) {
-	clitok, err := t.getAuth(ctx, "token:deactivate")
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "Token.Deactivate_getAuth"})
-	}
-
-	err = t.db.DeactivateToken(ctx, tok.Id)
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "Token.Deactivate_db.DeactivateToken"})
-	}
-
-	return &proto.Nil{}, nil
+	return nil, errors.New("not implemented")
 }

cmd/terraform-provider-route/main.go

@@ -0,0 +1,54 @@
+package main
+
+import (
+	"log"
+	"net/http"
+
+	"git.xeserv.us/xena/route/proto/route"
+	"github.com/hashicorp/terraform/helper/schema"
+	"github.com/hashicorp/terraform/plugin"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func main() {
+	plugin.Serve(&plugin.ServeOpts{
+		ProviderFunc: provider,
+	})
+}
+
+// provider returns a terraform.ResourceProvider.
+func provider() terraform.ResourceProvider {
+	return &schema.Provider{
+		Schema: map[string]*schema.Schema{
+			"token": &schema.Schema{
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("ROUTE_TOKEN", nil),
+			},
+			"host": &schema.Schema{
+				Type:        schema.TypeString,
+				Optional:    false,
+				Required:    true,
+				DefaultFunc: schema.EnvDefaultFunc("ROUTE_HOST", nil),
+			},
+		},
+
+		ResourcesMap: map[string]*schema.Resource{
+			"route_route": routeResource(),
+			"route_token": tokenResource(),
+		},
+
+		ConfigureFunc: providerConfigure,
+	}
+}
+
+func providerConfigure(d *schema.ResourceData) (interface{}, error) {
+	token := d.Get("token").(string)
+	host := d.Get("host").(string)
+
+	log.Printf("[INFO] Initializing route client connecting to %s", host)
+
+	cl := route.New(host, token, &http.Client{})
+
+	return cl, nil
+}

cmd/terraform-provider-route/route.go

@@ -0,0 +1,91 @@
+package main
+
+import (
+	"context"
+	"log"
+
+	proto "git.xeserv.us/xena/route/proto"
+	"git.xeserv.us/xena/route/proto/route"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func routeResource() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceRouteCreate,
+		Read:   resourceRouteRead,
+		Delete: resourceRouteDelete,
+		Exists: resourceRouteExists,
+
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"host": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+		},
+	}
+}
+
+func resourceRouteCreate(d *schema.ResourceData, meta interface{}) error {
+	cli := meta.(*route.Client)
+
+	rt, err := cli.Routes.Put(context.Background(), &proto.Route{
+		Host: d.Get("host").(string),
+	})
+
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[INFO] created route for host %s with ID %s", rt.Host, rt.Id)
+
+	return nil
+}
+
+func resourceRouteDelete(d *schema.ResourceData, meta interface{}) error {
+	cli := meta.(*route.Client)
+
+	rt, err := cli.Routes.Get(context.Background(), &proto.GetRouteRequest{Id: d.Id()})
+	if err != nil {
+		return err
+	}
+
+	_, err = cli.Routes.Delete(context.Background(), rt)
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[INFO] deleted route for host %s with ID %s", rt.Host, rt.Id)
+
+	return nil
+}
+
+func resourceRouteExists(d *schema.ResourceData, meta interface{}) (bool, error) {
+	cli := meta.(*route.Client)
+
+	_, err := cli.Routes.Get(context.Background(), &proto.GetRouteRequest{Id: d.Id()})
+	if err != nil {
+		return false, err
+	}
+
+	return true, nil
+}
+
+func resourceRouteRead(d *schema.ResourceData, meta interface{}) error {
+	cli := meta.(*route.Client)
+
+	rt, err := cli.Routes.Get(context.Background(), &proto.GetRouteRequest{Id: d.Id()})
+	if err != nil {
+		return err
+	}
+
+	d.SetId(rt.Id)
+	d.Set("host", rt.Host)
+	d.Set("creator", rt.Creator)
+
+	return nil
+}

cmd/terraform-provider-route/token.go

@@ -0,0 +1,99 @@
+package main
+
+import (
+	"context"
+	"log"
+
+	proto "git.xeserv.us/xena/route/proto"
+	"git.xeserv.us/xena/route/proto/route"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func tokenResource() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTokenCreate,
+		Read:   resourceTokenRead,
+		Delete: resourceTokenDelete,
+		Exists: resourceTokenExists,
+
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"scopes": {
+				Type:     schema.TypeList,
+				Required: true,
+				ForceNew: true,
+			},
+		},
+	}
+}
+
+func resourceTokenCreate(d *schema.ResourceData, meta interface{}) error {
+	cli := meta.(*route.Client)
+
+	var scps []string
+
+	for _, val := range d.Get("scopes").([]interface{}) {
+		sc, ok := val.(string)
+		if !ok {
+			log.Printf("[INFO] can't decode %#v", sc)
+			continue
+		}
+
+		scps = append(scps, sc)
+	}
+
+	tok, err := cli.Tokens.Put(context.Background(), &proto.Token{Scopes: scps})
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[INFO] created token with scopes %v and ID %s", tok.Scopes, tok.Id)
+
+	return nil
+}
+
+func resourceTokenDelete(d *schema.ResourceData, meta interface{}) error {
+	cli := meta.(*route.Client)
+
+	tok, err := cli.Tokens.Get(context.Background(), &proto.GetTokenRequest{Id: d.Id()})
+	if err != nil {
+		return err
+	}
+
+	_, err = cli.Tokens.Deactivate(context.Background(), tok)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func resourceTokenExists(d *schema.ResourceData, meta interface{}) (bool, error) {
+	cli := meta.(*route.Client)
+
+	_, err := cli.Tokens.Get(context.Background(), &proto.GetTokenRequest{Id: d.Id()})
+	if err != nil {
+		return false, err
+	}
+
+	return true, nil
+}
+
+func resourceTokenRead(d *schema.ResourceData, meta interface{}) error {
+	cli := meta.(*route.Client)
+
+	tok, err := cli.Tokens.Get(context.Background(), &proto.GetTokenRequest{Id: d.Id()})
+	if err != nil {
+		return err
+	}
+
+	d.SetId(tok.Id)
+	d.Set("body", tok.Body)
+	d.Set("active", tok.Active)
+	d.Set("scopes", tok.Scopes)
+
+	return nil
+}

doc/CODE_OF_CONDUCT.md

@@ -0,0 +1,31 @@
+# Code of Conduct
+
+These things are notoriously difficult to write and can be kind of long-winded and
+end up policing people's private lives. This is unteneble and this minimal code of 
+conduct is aimed to categorically avoid those issues.
+
+## Community Goal
+
+The goal of this community is to create improvements and make route and its 
+associated tools, resources and utilities the best they can possibly be in order to
+make route as easy, stable and reliable as possible such that it can meet almost
+any common workload you throw at it.
+
+## Act in good faith
+
+Humans make mistakes. Mistakes will be fixed after they are made (in some way or 
+another). Don't fault people for making mistakes if they are acting in good faith.
+
+## Don't make everywhere fight club
+
+People have private lives outside of this project. If something happens that isn't
+relevant to the project outside of the context of it, it is best to not make the
+project involved with it.
+
+Additionally, don't weaponize the statements in this document. It never ends well.
+
+## BDFL
+
+Christine Dodrill is the BDFL in case of all disputes that can't be solved normally.
+The decision process will either be based on their opinion, random chance, or 
+redefining things so that both options can be done if possible.

doc/man/route-httpagent.1

@@ -0,0 +1,131 @@
+.Dd December 14, 2017
+.Dt ROUTE-HTTPAGENT 1 URM
+
+
+.Sh NAME
+.Nm route-httpagent
+.Nd agent to communicate between
+.Xr routed 1
+and a HTTP backend of your choice.
+
+
+.Sh SYNOPSIS
+.Nm
+.Op Fl backend Ar BACKEND
+.Op Fl domain Ar DOMAIN
+.Op Fl method Ar METHOD
+.Op Fl server Ar SERVER
+.Op Fl token Ar TOKEN
+
+
+.Sh DESCRIPTION
+.Nm
+communicates with
+.Xr routed 1
+to relay traffic from it and the TCP/HTTP backend of your choice.
+
+.Bl -tag -width "routed" -offset -indent -compact
+
+.It Fl backend Ar BACKEND
+Specifies the backend TCP/HTTP server
+.Nm
+should relay traffic to/from. This is specified in URI (RFC 3986) format. If this is not specified, the default value will be http://127.0.0.1:9090.
+
+.It Fl domain Ar DOMAIN
+Specifies the domain
+.Nm
+should use when authenticating with
+.Xr routed 1 .
+This must be set or
+.Nm
+will fail to launch.
+
+.It Fl method Ar METHOD
+Specifies the connection method that
+.Nm
+should use to relay traffic with
+.Xr routed 1 .
+This MUST be set to either "tcp" or "kcp". If this is not set, the default is "tcp".
+
+.It Fl server Ar SERVER
+Specifies the TCP/UDP host+port that
+.Xr routed 1
+is configured to accept agent connections from. See the manpage for
+.Xr routed 1
+for more information on how to configure this. This must be set by the user.
+
+.It Fl token Ar TOKEN
+Specifies the authentication token used to authenticate with
+.Xr routed 1
+when setting up an agent connection. This must be set by the user.
+
+
+.Sh ENVIRONMENT
+
+All of the above command line flags can be set as environment variables. Ex: -method becomes METHOD
+
+For convenience,
+.Nm
+will load key->value pairs from .env in its current working directory when it starts up. A reference for the environment variables
+.Nm
+reads follows:
+
+.Bl -tag -width "routed" -offset indent -compact
+
+.It Ev BACKEND
+Supplies the value for -backend
+
+.It Ev DOMAIN
+Supplies the value for -domain
+
+.It Ev METHOD
+Supplies the value for -method
+
+.It Ev SERVER
+supplies the value for -server
+
+.It Ev TOKEN
+supplies the value for -token
+
+.El
+
+
+.Sh IMPLEMENTATION NOTES
+
+In order for
+.Nm
+to route traffic, a route must be set up using
+.Xr route-cli 1 .
+Please see its manpage for more information on how to do this.
+
+This relies on an instance of
+.Xr routed 1
+to be running and reachable via either TCP or UDP.
+
+
+.Sh EXAMPLES
+
+route-httpagent -backend http://127.0.0.1:9090 -domain wusg-strugzi-wu.routed.xeserv.us -method tcp -server connect.routed.xeserv.us -token <secret_omitted> 
+
+route-httpagent -domain wusg-strugzi-wu.routed.xeserv.us -method tcp -server connect.routed.xeserv.us -token <secret_omitted>
+
+
+.Sh DIAGNOSTICS
+
+.Ex -std routed
+
+
+.Sh SEE ALSO
+
+.Bl -bullet
+
+.It
+.Xr route-cli 1
+
+.It
+.Xr routed 1
+
+.It
+https://tools.ietf.org/html/rfc3986
+
+.El

doc/man/routed.1

@@ -0,0 +1,129 @@
+.Dd December 12, 2017
+.Dt ROUTED 1 URM
+
+
+.Sh NAME
+.Nm routed
+.Nd TLS termination and reverse reverse proxying daemon.
+
+
+.Sh SYNOPSIS
+.Nm
+
+
+.Sh ENVIRONMENT
+
+.Bl -tag -width "routed" -offset indent -compact
+
+.It Ev BOLTDB_PATH
+Specifies the path to the boltdb database
+.Nm
+stores all of its relevant data in.
+
+.It Ev WEB_ADDR
+Specifies the host+port that
+.Nm
+will listen on for unsecured HTTP traffic. This will only forward traffic to HTTPS.
+
+.It Ev SSL_ADDR
+Specifies the host+port that
+.Nm
+will listen on for secure (TLS) traffic. This should have port 443 if you want Let's Encrypt to work (you probably want Let's Encrypt to work).
+
+.It Ev QUIC_ADDR
+Specifies the host+port that
+.Nm
+will listen on for secure (TLS) QUIC traffic. For more information see https://datatracker.ietf.org/wg/quic/about/. This should also be port 443, but is not essential for Let's Encrypt to work.
+
+.It Ev BACKEND_TCP_ADDR
+Specifies the host+port that
+.Nm
+will listen on for secure (TLS) TCP connections from backends. Any client that is successfully able to authenticate with
+.Nm
+on this port will relay HTTP traffic from to and from end users.
+
+.It Ev BACKEND_KCP_ADDR
+Specifies the host+port that
+.Nm
+will listen on for secure (TLS) KCP (reliable-UDP) connections from backends. Any client that is successfully able to authenticate with
+.Nm
+on this port will relay HTTP traffic from to and from end users.
+
+For more information about KCP, see https://github.com/xtaci/kcp-go
+
+.It Ev GRPC_ADDR
+Specifies the host+post that
+.Nm
+will listen on for secure (TLS) TCP gRPC connections from clients wishing to control
+.Nm
+configuration. Authentication is enforced and requires the use of an API token generated by the API call route.Tokens.Put.
+
+.It Ev DOMAIN_SUFFIX
+Specifies the domain suffix that
+.Nm
+will use when automatically generating a domain name for a newly created route. Please set this to something that has a wildcard DNS record pointing to your instances of routed.
+
+.It Ev ACME_EMAIL
+Specifies the email address that
+.Nm
+will use when creating a new account with Let's Encrypt. This assumes you have read (and agree to) the Let's Encrypt terms of service found here: https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf.
+
+.It Ev SSL_CERT_KEY
+Specifies the encryption key that
+.Nm
+will use when encrypting and decrypting SSL certificates when loading them from and saving them to the database. This can be created with
+.Xr route-cli 1 .
+
+.El
+
+
+.Sh IMPLEMENTATION NOTES
+
+In order for
+.Nm
+to route traffic, a route must be set up using
+.Xr route-cli 1 .
+Please see its manpage for more information on how to do this.
+
+.Nm
+exposes debugging and introspection information on a randomly generated port every time it starts up. The message will look something like:
+
+2017/12/13 02:06:56 manhole: Now listening on http://127.0.0.1:39245
+
+Expose this using
+.Xr route-httpagent 1
+or similar tools.
+
+.Nm
+can be managed using terraform. See
+.Xr terraform-provider-route 1
+for more information.
+
+
+.Sh EXAMPLES
+
+routed
+
+
+.Sh DIAGNOSTICS
+
+.Ex -std routed
+
+
+.Sh SEE ALSO
+
+.Bl -bullet
+
+.It
+https://datatracker.ietf.org/wg/quic/about/
+
+.It
+https://github.com/xtaci/kcp-go
+
+.It 
+https://grpc.io/
+
+.It
+https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf
+
+.El

doc/quickstart.md

@@ -0,0 +1,209 @@
+Getting Started
+===============
+
+## Configuration
+
+```shell
+# base configuration
+BOLTDB_PATH=/routed/route.db
+WEB_ADDR=:80
+SSL_ADDR=:443
+BACKEND_TCP_ADDR=:8757
+BACKEND_KCP_ADDR=:8804
+GRPC_ADDR=:7268
+DOMAIN_SUFFIX=
+ACME_EMAIL=
+SSL_CERT_KEY=
+```
+
+Fill out the missing parts of this and save it as `.env` somewhere.
+
+### `DOMAIN_SUFFIX`
+
+type: string
+
+When a domain is not supplied for a newly created route, domains will be a random
+string prepended to this setting. Set up a wildcard DNS entry for this prefix pointed
+to the server running routed.
+
+Example: `.route.xeserv.us`
+
+### `ACME_EMAIL`
+
+type: string, email address
+
+This email address will be used to establish an account with Let's Encrypt. By
+using the ACME support route has you agree to follow all of the Let's Encrypt
+terms and conditions [here][letoc].
+
+### `SSL_CERT_KEY`
+
+type: string, encryption key
+
+This will be used to encrypt and decrypt all SSL certificates on the disk.
+New keys can be generated by running `route generate-key`.
+
+## Node Setup
+
+The target node must have a direct route from the internet to TCP ports
+`80`, `443`, `7268`, and `8757` and UDP port `8804`. In order they are used
+for:
+
+| kind | port | usage |
+|:-- |:-- |:-- |
+| tcp | `80` | plain http traffic to backends |
+| tcp | `443` | https (and http/2) traffic to backends |
+| tcp | `7268` | grpc interface for management |
+| tcp | `8757` | backend connections |
+| udp | `8804` | backend connections |
+
+### Docker Volume Creation
+
+```console
+$ docker volume create routed
+```
+
+### Initial Setup
+
+```console
+$ docker run --rm -it -v routed:/routed xena/route:latest sh
+(ctr)$ cd /routed
+(ctr)$ route-cli token generate-root --key=<ssl cert key from above> --username=<username> --db=./route.db
+Your token is e73831bc-f40a-4cd4-84a6-b6b1e4529fa2
+(ctr)$ exit
+```
+
+Save this username and token as they will be very important.
+
+### Persistent setup with runit
+
+- Create a folder in `/etc/system` named `routed`
+  `# mkdir -p /etc/system/routed`
+- Copy the `.env` file created above into `etc/system/routed`
+- Create a file named `run` with the following contents:
+
+```sh
+#!/bin/sh
+
+routeVer='latest'
+
+docker rm -f routed
+sleep 2
+docker run --net host --name routed --rm -it --env-file .env -v routed:/routed -e BOLTDB_PATH=/routed/route.db xena/route:$routeVer
+```
+
+```console
+# chmod +X /etc/system/routed/run
+```
+
+### Usage
+
+Change the definition of this variable as is needed for your setup. For now this must
+be publicly facing but later versions of `route` will not require this. Set this in
+a variable named `ROUTED_GRPC_ADDR`:
+
+```console
+$ export ROUTED_GRPC_ADDR=h.routed.xeserv.us:7268
+```
+
+Similarly, point this to the TCP backend connections port:
+
+```console
+$ export ROUTED_TCP_BACKEND_ADDR=h.routed.xeserv.us:8757
+```
+
+Next, open `~/.netrc` in your favorite editor and add the following to the end of it:
+
+```
+machine h.routed.xeserv.us:7268
+  login usename
+  password token
+```
+
+#### Create a route
+
+```
+$ route-cli --routed-addr=$ROUTED_GRPC_ADDR route create --help
+‹master*!+1› »»»» ./route route create --help                         0|12:57:46
+usage: route route create [<flags>]
+
+create a new route
+
+Flags:
+  --help                        Show context-sensitive help (also try
+                                --help-long and --help-man).
+  --routed-addr="127.0.0.1:7268"
+                                routed grpc address
+  --netrc="/Users/xena/.netrc"  netrc path
+  --domain=DOMAIN               domain for the route (if not given one will be
+                                generated for you)
+
+$ route-cli --routed-addr=$ROUTED_GRPC_ADDR route create
+86d50f43-221d-4a57-99c9-8056dea0f12c
+$ route-cli --routed-addr=$ROUTED_GRPC_ADDR route list
++--------------------------------------|--------------------------------+
+|                  ID                  |              HOST              |
++--------------------------------------|--------------------------------+
+| 86d50f43-221d-4a57-99c9-8056dea0f12c | wfall-hu-crow.routed.xeserv.us |
++--------------------------------------|--------------------------------+
+$ curl -v https://wfall-hu-crow.routed.xeserv.us
+> GET / HTTP/2
+> Host: wfall-hu-crow.routed.xeserv.us
+> User-Agent: curl/7.54.0
+> Accept: */*
+>
+* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
+< HTTP/2 502
+< accept: */*
+< content-type: text/html; charset=utf-8
+< user-agent: curl/7.54.0
+< x-clacks-overhead: GNU Ashlynn
+< x-forwarded-for: 24.17.183.23
+< x-remote-ip: 24.17.183.23
+< x-request-id: 01BVA69BJJKNSX05W4NS0PHECY
+< x-request-ingress: 2017-09-30T22:05:21+02:00
+< content-length: 228
+< date: Sat, 30 Sep 2017 20:05:21 GMT
+<
+* Connection #0 to host wfall-hu-crow.routed.xeserv.us left intact
+<html><head><title>no backends connected</title></head><body><h1>no backends connected</h1><p>Please ensure a backend is running for wfall-hu-crow.routed.xeserv.us. This is request ID 01BVA69BJJKNSX05W4NS0PHECY.</p></body></html>
+```
+
+#### Connect a backend
+
+In another terminal window:
+```console
+$ route-cli test-server 
+```
+
+In yet another terminal window:
+```conosle
+$ route-httpagent -token=<token from above> -domain=<domain from above> -server=$ROUTED_TCP_BACKEND_ADDR 
+```
+
+Now to your main terminal window:
+```console
+$ curl -v https://wfall-hu-crow.routed.xeserv.us
+> GET / HTTP/2
+> Host: wfall-hu-crow.route.xeserv.us
+> User-Agent: curl/7.54.0
+> Accept: */*
+>
+* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
+< HTTP/2 200
+< content-type: text/plain; charset=utf-8
+< date: Sat, 30 Sep 2017 20:15:59 GMT
+< x-clacks-overhead: GNU Ashlynn
+< x-request-id: 01BVA6WT90M20ZH6NVSKYT68SS
+< content-length: 298
+<
+Route is go!
+map[X-Forwarded-For:[24.17.183.23, 193.164.132.229] X-Request-Id:[01BVA6WT90M20ZH6NVSKYT68SS] Accept-Encoding:[gzip] User-Agent:[curl/7.54.0] Accept:[*/*] X-Remote-Ip:[24.17.183.23] X-Request-Ingress:[2017-09-30T22:15:59+02:00]]
+Served by cadance-3.local running darwin
+* Connection #0 to host wfall-hu-crow.routed.xeserv.us left intact
+Hit count: 1617
+```
+
+---
+
+[letoc]: https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf

doc/setup.md

@@ -0,0 +1,19 @@
+# Setup
+
+## Common
+
+- create `.env` file
+- create database and initial token
+
+## Alpine Linux
+
+- add xeserv alpine repo + keys
+- install routed
+- set up an init script
+
+## Docker
+
+- create service
+- put `.env` in the service
+- start routed with --net=host
+

doc/theory.md

@@ -0,0 +1,61 @@
+# Theory of route
+
+## Why does this project exist?
+
+HTTP load balancing is harder than it needs to be. Existing projects assume
+there is a direct line-of-fire from the load balancer to the underlying services.
+This is NOT always true. Containerization has lead to a lot of hacks such as
+overlay networks to offer this direct line-of-fire so that the load balancer
+can make a direct TCP connection to the underlying services.
+
+Route exists to invert this problem.
+
+In most networks, it is true that it is a lot easier to guarantee the backends
+have a direct line-of-fire to the load balancer, not the other way around.
+Why not just make a connection to the load balancer and re-use it for HTTP
+traffic?
+
+Route allows you to simplify your network architecture by removing the
+requirement that all backend services need a direct TCP line-of-fire to the
+load balancer. Route allows you to host HTTP services behind NAT. Route
+allows you to throw out overlay networks and return to a simpler cluster layout.
+
+## How does route work?
+
+Route has several basic nouns, they are:
+
+- route
+- backend
+- balancer
+- agent
+
+They are inter-related like this:
+
+```graphviz
+digraph G {
+    balancer -> agent
+    agent -> balancer
+    agent -> backend
+    backend -> agent
+
+    user -> balancer
+    balancer -> user
+}
+```
+
+### route
+
+A route is a combination of HTTP domain and path (currently unsupported, so
+assume `/`). An example route would be `cloudsdale.cf/`. This maps to the
+location users get.
+
+### backend
+
+A backend is the underlying service being proxied to by route. An example backend
+is Apache, Nginx or anything else that serves compliant HTTP/1.1 traffic.
+
+### balancer
+
+A balancer is an instance of `cmd/routed` running on some server somewhere.
+Balancers accept both agent and HTTP connections, proxying requests from the HTTP
+connections to agent connections and back.

internal/database/boltdb.go

@@ -29,6 +29,22 @@ var (
 type BoltDBStorage struct {
 	db *storm.DB
 	sb *simplebox.SimpleBox
+
+	cs *boltCertificateStorage
+	rs *boltRouteStorage
+	ts *boltTokenStorage
+}
+
+type boltCertificateStorage struct {
+	*BoltDBStorage
+}
+
+type boltRouteStorage struct {
+	*BoltDBStorage
+}
+
+type boltTokenStorage struct {
+	*BoltDBStorage
 }
 
 // NewBoltStorage creates a new Storage instance backed by BoltDB + Storm.
@@ -43,20 +59,47 @@ func NewBoltStorage(path string, key *[32]byte) (Storage, error) {
 		sb: simplebox.NewFromSecretKey(key),
 	}
 
-	return Storage(b), nil
+	b.cs = &boltCertificateStorage{b}
+	b.rs = &boltRouteStorage{b}
+	b.ts = &boltTokenStorage{b}
+
+	return b, nil
 }
 
+// Certs gets the certificate storage interface.
+func (b *BoltDBStorage) Certs() Certs { return b.cs }
+
+// Routes gets the route storage interface.
+func (b *BoltDBStorage) Routes() Routes { return b.rs }
+
+// Tokens gets the token storage interface.
+func (b *BoltDBStorage) Tokens() Tokens { return b.ts }
+
+// Close cleans up resources for this Storage.
+func (b *BoltDBStorage) Close() error { return b.db.Close() }
+
 // interface compliance
 var (
 	_ Storage = &BoltDBStorage{}
+	_ Certs   = &boltCertificateStorage{}
+	_ Routes  = &boltRouteStorage{}
+	_ Tokens  = &boltTokenStorage{}
 )
 
-// GetRoute gets a single route out of the database.
-func (b *BoltDBStorage) GetRoute(ctx context.Context, host string) (Route, error) {
+func (b *boltRouteStorage) Get(ctx context.Context, id string) (Route, error) {
+	return b.getRouteBy(ctx, "ID", id)
+}
+
+func (b *boltRouteStorage) GetHost(ctx context.Context, id string) (Route, error) {
+	return b.getRouteBy(ctx, "Hostname", id)
+}
+
+// getRouteBy gets a single route out of the database by a given field data.
+func (b *boltRouteStorage) getRouteBy(ctx context.Context, match, val string) (Route, error) {
 	r := Route{}
-	err := b.db.One("Hostname", host, &r)
+	err := b.db.One(match, val, &r)
 	if err != nil {
-		ln.Error(err, ln.F{"err": err, "action": "route_get_route"})
+		ln.Error(ctx, err, ln.Action("get route"), ln.F{"match": match, "val": val})
 
 		switch err {
 		case storm.ErrNotFound:
@@ -71,19 +114,17 @@ func (b *BoltDBStorage) GetRoute(ctx context.Context, host string) (Route, error
 	return r, nil
 }
 
-// GetAllRoutes gets all routes out of the database for a given user by username.
-func (b *BoltDBStorage) GetAllRoutes(ctx context.Context, user string) ([]Route, error) {
+// GetAll gets all routes out of the database for a given user by username.
+func (b *boltRouteStorage) GetAll(ctx context.Context, user string) ([]Route, error) {
 	rs := []Route{}
 	err := b.db.All(&rs)
 	return rs, err
 }
 
-// PutRoute creates a new route in the database.
-func (b *BoltDBStorage) PutRoute(ctx context.Context, domain, creator string) (Route, error) {
-	r := Route{
-		ID:       uuid.New(),
-		Creator:  creator,
-		Hostname: domain,
+// Put creates a new route in the database.
+func (b *boltRouteStorage) Put(ctx context.Context, r Route) (Route, error) {
+	if r.ID == "" {
+		r.ID = uuid.New()
 	}
 
 	err := b.db.Save(&r)
@@ -92,31 +133,35 @@ func (b *BoltDBStorage) PutRoute(ctx context.Context, domain, creator string) (R
 	}
 	defer b.db.Commit()
 
+	ln.Log(ctx, r, ln.Action("new route created in database"))
+
 	return r, err
 }
 
-// DeleteRoute removes a route from the database.
-func (b *BoltDBStorage) DeleteRoute(ctx context.Context, id string) error {
+// Delete removes a route from the database.
+func (b *boltRouteStorage) Delete(ctx context.Context, inp Route) (Route, error) {
 	r := Route{}
-	err := b.db.One("ID", id, &r)
+	err := b.db.One("ID", inp.ID, &r)
 	if err != nil {
-		return err
+		return r, err
 	}
 	defer b.db.Commit()
 
-	return b.db.DeleteStruct(&r)
+	ln.Log(ctx, r, ln.Action("route deleted from database"))
+
+	return r, b.db.DeleteStruct(&r)
 }
 
-// GetToken fetches a token from the database. This is mainly used in validation
+// GetBody fetches a token from the database. This is mainly used in validation
 // of tokens.
-func (b *BoltDBStorage) GetToken(ctx context.Context, token string) (Token, error) {
+func (b *boltTokenStorage) GetBody(ctx context.Context, token string) (Token, error) {
 	t := Token{}
 	err := b.db.One("Body", token, &t)
 	return t, err
 }
 
-// GetTokenID fetches a token by a given token ID.
-func (b *BoltDBStorage) GetTokenID(ctx context.Context, id string) (Token, error) {
+// Get fetches a token by a given token ID.
+func (b *boltTokenStorage) Get(ctx context.Context, id string) (Token, error) {
 	t := Token{}
 	err := b.db.One("ID", id, &t)
 	if err != nil {
@@ -131,23 +176,20 @@ func (b *BoltDBStorage) GetTokenID(ctx context.Context, id string) (Token, error
 	return t, nil
 }
 
-// GetTokensForOwner fetches all of the tokens owned by a given owner.
-func (b *BoltDBStorage) GetTokensForOwner(ctx context.Context, owner string) ([]Token, error) {
+// GetAll fetches all of the tokens owned by a given owner.
+func (b *boltTokenStorage) GetAll(ctx context.Context, owner string) ([]Token, error) {
 	ts := []Token{}
 	err := b.db.Find("Owner", owner, &ts)
 	return ts, err
 }
 
-// PutToken adds a new token to the database.
-func (b *BoltDBStorage) PutToken(ctx context.Context, token, owner string, scopes []string) (Token, error) {
-	t := Token{
-		ID:     uuid.New(),
-		Body:   token,
-		Owner:  owner,
-		Scopes: scopes,
-
-		CreatedAt: time.Now(),
-		Active:    true,
+// Put adds a new token to the database.
+func (b *boltTokenStorage) Put(ctx context.Context, t Token) (Token, error) {
+	if t.ID == "" {
+		t.ID = uuid.New()
+		t.CreatedAt = time.Now()
+		t.Active = true
+		t.Body = uuid.New()
 	}
 
 	err := b.db.Save(&t)
@@ -156,37 +198,58 @@ func (b *BoltDBStorage) PutToken(ctx context.Context, token, owner string, scope
 	}
 	defer b.db.Commit()
 
+	ln.Log(ctx, t, ln.Action("new token put into database"))
+
 	return t, nil
 }
 
-// DeleteToken removes a token from the database.
-func (b *BoltDBStorage) DeleteToken(ctx context.Context, id string) error {
+// Delete removes a token from the database.
+func (b *boltTokenStorage) Delete(ctx context.Context, id string) (Token, error) {
 	t := Token{}
 	err := b.db.One("ID", id, &t)
 	if err != nil {
-		return err
+		return t, err
 	}
 
-	return b.db.DeleteStruct(&t)
+	ln.Log(ctx, t, ln.Action("token deleted from database"))
+
+	return t, b.db.DeleteStruct(&t)
 }
 
-// DeactivateToken de-activates a token in the database. This should be used
-// instead of deletion in many cases.
-func (b *BoltDBStorage) DeactivateToken(ctx context.Context, id string) error {
-	t := Token{}
-	err := b.db.One("ID", id, &t)
+// DeleteExpired deletes all expired tokens.
+func (b *boltTokenStorage) DeleteExpired(ctx context.Context) error {
+	return errors.New("not implemented")
+}
+
+// GetAll fetches all certificates and returns their DECRYPTED BODIES to the caller.
+// This is intended for usage in migration tools only.
+func (b *boltCertificateStorage) GetAll(ctx context.Context) ([]CachedCert, error) {
+	var cc []CachedCert
+	err := b.db.All(&cc)
 	if err != nil {
-		return err
+		return nil, err
 	}
-	defer b.db.Commit()
 
-	t.Active = false
+	var result []CachedCert
 
-	return b.db.Save(&t)
+	for _, c := range cc {
+		r := CachedCert{
+			Key: c.Key,
+		}
+
+		r.Body, err = b.sb.Decrypt(c.Body)
+		if err != nil {
+			return nil, err
+		}
+
+		result = append(result, r)
+	}
+
+	return result, nil
 }
 
-// GetCert fetches a TLS certificate from the database.
-func (b *BoltDBStorage) GetCert(ctx context.Context, key string) ([]byte, error) {
+// Get fetches a TLS certificate from the database.
+func (b *boltCertificateStorage) Get(ctx context.Context, key string) ([]byte, error) {
 	cc := CachedCert{}
 	err := b.db.One("Key", key, &cc)
 	if err != nil {
@@ -195,43 +258,38 @@ func (b *BoltDBStorage) GetCert(ctx context.Context, key string) ([]byte, error)
 
 	var body []byte
 
-	switch cc.CryptoLevel {
-	case CryptoLevelNone:
-		body = cc.Body
-	case CryptoLevelSecretbox:
-		if b.sb == nil {
-			return nil, ErrCantDecryptCert
-		}
+	if b.sb == nil {
+		return nil, ErrCantDecryptCert
+	}
 
-		body, err = b.sb.Decrypt(cc.Body)
-		if err != nil {
-			return nil, err
-		}
+	body, err = b.sb.Decrypt(cc.Body)
+	if err != nil {
+		return nil, err
 	}
 
 	return body, nil
 }
 
-// PutCert adds a new TLS certificate to the database.
-func (b *BoltDBStorage) PutCert(ctx context.Context, key string, data []byte) error {
+// Put adds a new TLS certificate to the database.
+func (b *boltCertificateStorage) Put(ctx context.Context, key string, data []byte) error {
 	cc := CachedCert{
-		Key:         key,
-		CryptoLevel: CryptoLevelNone,
-		Body:        data,
+		Key:  key,
+		Body: data,
 	}
 
 	if b.sb != nil {
-		cc.CryptoLevel = CryptoLevelSecretbox
 		cc.Body = b.sb.Encrypt(data)
 	}
 
 	defer b.db.Commit()
 
+	ln.Log(ctx, ln.Action("certificate saved to database"), ln.F{"domain": key})
+
 	return b.db.Save(&cc)
 }
 
-// DeleteCert removes a certificate from the database.
-func (b *BoltDBStorage) DeleteCert(ct context.Context, key string) error {
+// Delete removes a certificate from the database.
+func (b *boltCertificateStorage) Delete(ctx context.Context, key string) error {
 	cc := CachedCert{}
 	err := b.db.One("Key", key, &cc)
 	if err != nil {
@@ -240,10 +298,7 @@ func (b *BoltDBStorage) DeleteCert(ct context.Context, key string) error {
 
 	defer b.db.Commit()
 
+	ln.Log(ctx, ln.F{"domain": key}, ln.Action("certificate deleted from database"))
+
 	return b.db.DeleteStruct(&cc)
 }
-
-// Close ...
-func (b *BoltDBStorage) Close() error {
-	return b.db.Close()
-}

internal/database/cert.go

@@ -1,22 +1,58 @@
 package database
 
-// CryptoLevel indicates what form of cryptography the certificate is stored
-// with.
-type CryptoLevel int
-
-// Crypto levels / strategies defined
-const (
-	// NOTE: this is defined for debugging / testing usage only
-	CryptoLevelNone CryptoLevel = iota
-
-	// Use the global set of secretbox keys
-	CryptoLevelSecretbox
+import (
+	"github.com/asdine/storm"
+	"golang.org/x/crypto/acme/autocert"
+	"golang.org/x/net/context"
 )
 
+// Certs is the set of API calls needed to manage certificate resources.
+//
+// Database backends should implement this interface, they will not need
+// to implement certificate decryption, as that will be handled in the layer
+// above this DAO.
+type Certs interface {
+	autocert.Cache
+
+	GetAll(ctx context.Context) ([]CachedCert, error)
+}
+
 // CachedCert is an individual cached certificate in the database.
 type CachedCert struct {
-	Key         string `storm:"id"`
-	CryptoLevel CryptoLevel
-	// PEM-encoded bytes with the above crypto level as a filter.
-	Body []byte
+	Key string `storm:"id"`
+
+	// Encrypted data
+	Body []byte // above as a byte slice
+}
+
+type storageManager struct {
+	Storage
+}
+
+func (s *storageManager) Get(ctx context.Context, key string) ([]byte, error) {
+	data, err := s.Certs().Get(ctx, key)
+	if err != nil {
+		if err == storm.ErrNotFound {
+			return nil, autocert.ErrCacheMiss
+		}
+
+		return nil, err
+	}
+
+	return data, nil
+}
+
+func (s *storageManager) Put(ctx context.Context, key string, data []byte) error {
+	return s.Certs().Put(ctx, key, data)
+}
+
+func (s *storageManager) Delete(ctx context.Context, key string) error {
+	return s.Certs().Delete(ctx, key)
+}
+
+// Cache creates an autocert.Cache from a Storage instance.
+func Cache(s Storage) autocert.Cache {
+	return autocert.Cache(&storageManager{
+		Storage: s,
+	})
 }

internal/database/cert_test.go

@@ -0,0 +1,65 @@
+package database
+
+import (
+	"context"
+	"os"
+	"testing"
+
+	"github.com/Xe/uuid"
+)
+
+const (
+	cryptoKey    = `I7EzBRcoFtbW6RuqKdFjxYTHC_bpQLPJO3zyS2R-sf8=`
+	certNameBase = "cert."
+	certValue    = "hunter2"
+)
+
+func testCerts(ctx context.Context, t *testing.T, c Certs) {
+	cn := certNameBase + uuid.New()
+
+	t.Run("put", func(t *testing.T) {
+		data := certValue + uuid.New()
+
+		err := c.Put(ctx, cn, []byte(data))
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		data2, err := c.Get(ctx, cn)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if data != string(data2) {
+			t.Fatalf("expected data to be %q, got %q", data, string(data2))
+		}
+	})
+
+	t.Run("get", func(t *testing.T) {
+		_, err := c.Get(ctx, cn)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	t.Run("delete", func(t *testing.T) {
+		err := c.Delete(ctx, cn)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		_, err = c.Get(ctx, cn)
+		if err == nil {
+			t.Fatal("able to fetch a deleted item")
+		}
+	})
+}
+
+func TestBoltDBCertStorage(t *testing.T) {
+	st, p, ctx, cancel := newTestBoltStorage(t)
+	defer os.RemoveAll(p)
+	defer st.Close()
+	defer cancel()
+
+	testCerts(ctx, t, st.Certs())
+}

internal/database/common_test.go

@@ -0,0 +1,43 @@
+package database
+
+import (
+	"testing"
+
+	"git.xeserv.us/xena/route/internal/routecrypto"
+	"github.com/Xe/uuid"
+	"golang.org/x/net/context"
+)
+
+func newTestBoltStorage(t *testing.T) (Storage, string, context.Context, context.CancelFunc) {
+	k, err := routecrypto.ParseKey(cryptoKey)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	p := uuid.New()
+
+	st, err := NewBoltStorage(p, k)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+
+	return st, p, ctx, cancel
+}
+
+func newTestPostgresStorage(t *testing.T, url string) (Storage, context.Context, context.CancelFunc) {
+	k, err := routecrypto.ParseKey(cryptoKey)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	st, err := NewPostgresStorage(url, k)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+
+	return st, ctx, cancel
+}

internal/database/dmigrations/bindata.go

@@ -0,0 +1,373 @@
+// Code generated by go-bindata.
+// sources:
+// 1513981282_certificates.down.sql
+// 1513981282_certificates.up.sql
+// 1513981599_routes.down.sql
+// 1513981599_routes.up.sql
+// 1513982254_tokens.down.sql
+// 1513982254_tokens.up.sql
+// postgres.sql
+// DO NOT EDIT!
+
+package dmigrations
+
+import (
+	"bytes"
+	"compress/gzip"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+)
+
+func bindataRead(data []byte, name string) ([]byte, error) {
+	gz, err := gzip.NewReader(bytes.NewBuffer(data))
+	if err != nil {
+		return nil, fmt.Errorf("Read %q: %v", name, err)
+	}
+
+	var buf bytes.Buffer
+	_, err = io.Copy(&buf, gz)
+	clErr := gz.Close()
+
+	if err != nil {
+		return nil, fmt.Errorf("Read %q: %v", name, err)
+	}
+	if clErr != nil {
+		return nil, err
+	}
+
+	return buf.Bytes(), nil
+}
+
+type asset struct {
+	bytes []byte
+	info  os.FileInfo
+}
+
+type bindataFileInfo struct {
+	name    string
+	size    int64
+	mode    os.FileMode
+	modTime time.Time
+}
+
+func (fi bindataFileInfo) Name() string {
+	return fi.name
+}
+func (fi bindataFileInfo) Size() int64 {
+	return fi.size
+}
+func (fi bindataFileInfo) Mode() os.FileMode {
+	return fi.mode
+}
+func (fi bindataFileInfo) ModTime() time.Time {
+	return fi.modTime
+}
+func (fi bindataFileInfo) IsDir() bool {
+	return false
+}
+func (fi bindataFileInfo) Sys() interface{} {
+	return nil
+}
+
+var __1513981282_certificatesDownSql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x72\x09\xf2\x0f\x50\xf0\xf4\x73\x71\x8d\x50\x70\x4e\x2d\x2a\xc9\x4c\xcb\x4c\x4e\x2c\x49\x2d\x8e\x4f\xc9\xcf\x4d\xcc\xcc\xb3\xe6\x02\xcb\x87\x38\x3a\xf9\xb8\xa2\xc8\x5b\x73\x01\x02\x00\x00\xff\xff\xb8\xef\x1e\x9f\x39\x00\x00\x00")
+
+func _1513981282_certificatesDownSqlBytes() ([]byte, error) {
+	return bindataRead(
+		__1513981282_certificatesDownSql,
+		"1513981282_certificates.down.sql",
+	)
+}
+
+func _1513981282_certificatesDownSql() (*asset, error) {
+	bytes, err := _1513981282_certificatesDownSqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "1513981282_certificates.down.sql", size: 57, mode: os.FileMode(420), modTime: time.Unix(1516564385, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var __1513981282_certificatesUpSql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x8c\x90\x31\x4f\xc3\x30\x10\x85\x77\xff\x8a\xa7\x4e\x89\x04\x03\x48\xb0\x74\x72\x93\xab\xb0\x48\xec\x92\xd8\x90\x4e\x91\x95\x18\xe4\xa1\x2d\x4a\x9c\xfe\x7e\x44\x1a\x02\x61\x40\x78\xf3\xe9\x7b\xf7\x9d\x5e\x52\x10\xd7\x04\xaa\x34\xc9\x52\x28\x09\xb1\x85\x54\x1a\x54\x89\x52\x97\x58\x0d\x83\x6f\xaf\x4f\x7d\xff\xbe\x5a\x33\x36\xc1\x9a\x6f\x32\xfa\x05\x26\xae\x0b\xfe\xd5\x37\x36\xb8\x9e\x01\x11\x7c\x8b\xaf\x67\x8c\x48\xe7\xcf\xae\x10\x39\x2f\xf6\x78\xa4\x3d\x52\xda\x72\x93\x69\x7c\x4a\xea\x37\x77\x74\x9d\x0d\xae\x3e\xdf\x1c\x9a\x28\x66\xc0\x15\xda\xd3\xc1\xfa\xe3\x98\x7b\xe6\x45\xf2\xc0\x8b\xe8\xf6\xee\x3e\x1e\xc5\xd2\x64\xd9\x05\xb2\xc1\x4e\xcb\x35\x55\x7a\x36\x2d\xa0\xa6\x73\x36\xb8\xb6\xb6\x01\x5a\xe4\x54\x6a\x9e\xef\x7e\x42\xf3\x2d\x52\xbd\x4c\x72\xd7\xfa\x29\xf1\xef\x88\x6d\x82\x3f\xbb\xd1\xbe\x51\x2a\x23\x2e\x97\xa7\xcc\x91\xd0\x0d\x8e\x01\xf1\x77\xa9\x46\x8a\x27\x43\x10\x32\xa5\xea\x8f\x6e\xeb\xa9\x12\x25\x17\x63\x44\x97\x79\xbc\x66\x1f\x01\x00\x00\xff\xff\xcf\x95\x0a\x45\xd2\x01\x00\x00")
+
+func _1513981282_certificatesUpSqlBytes() ([]byte, error) {
+	return bindataRead(
+		__1513981282_certificatesUpSql,
+		"1513981282_certificates.up.sql",
+	)
+}
+
+func _1513981282_certificatesUpSql() (*asset, error) {
+	bytes, err := _1513981282_certificatesUpSqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "1513981282_certificates.up.sql", size: 466, mode: os.FileMode(420), modTime: time.Unix(1516564385, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var __1513981599_routesDownSql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x72\x09\xf2\x0f\x50\x08\x71\x74\xf2\x71\x55\x08\xca\x2f\x2d\x49\x2d\xb6\xe6\x02\x04\x00\x00\xff\xff\xf9\xea\x76\x2b\x13\x00\x00\x00")
+
+func _1513981599_routesDownSqlBytes() ([]byte, error) {
+	return bindataRead(
+		__1513981599_routesDownSql,
+		"1513981599_routes.down.sql",
+	)
+}
+
+func _1513981599_routesDownSql() (*asset, error) {
+	bytes, err := _1513981599_routesDownSqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "1513981599_routes.down.sql", size: 19, mode: os.FileMode(420), modTime: time.Unix(1516564385, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var __1513981599_routesUpSql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x8c\x90\x3f\x6f\x83\x30\x14\xc4\x77\x7f\x8a\x53\x26\x90\xda\xa1\xa9\xda\x25\x93\x13\x5e\x54\xab\x60\x52\x63\xb7\x64\x42\x08\xac\x96\x21\x50\x81\xc9\xe7\xaf\xa0\x40\xff\x0e\xf1\xe6\xa7\xdf\xdd\x7b\x77\x3b\x45\x5c\x13\x28\xd5\x24\x13\x11\x4b\x88\x3d\x64\xac\x41\xa9\x48\x74\x82\x55\xdf\x57\xe5\x75\xd3\x75\xef\xab\x0d\x63\x13\xac\xf9\x36\xa4\x5f\xa0\x6a\x7a\x67\x3b\x06\x78\xa8\x4a\xcc\xcf\x18\x11\x2c\x9f\x83\x12\x11\x57\x47\x3c\xd2\x11\x01\xed\xb9\x09\x35\x06\xfb\xec\xd5\xd6\xb6\xcd\x9d\xcd\xce\x37\xa7\xc2\xf3\x19\x70\x85\xa2\xb5\xb9\x6b\xda\x41\xf7\xcc\xd5\xee\x81\x2b\xef\x76\xed\x63\x5c\x29\x4d\x18\x8e\xd0\x5b\xd3\xb9\x3a\x3f\xd9\x6f\xd0\xfa\xee\xde\xff\x09\x8d\x4e\xb6\xcc\x72\x07\x2d\x22\x4a\x34\x8f\x0e\x83\xed\x0c\x2d\xb7\xc8\xf8\x65\x5a\x6e\xcb\x6a\x52\x5c\x2c\xc9\x0b\x57\x9d\xed\x98\x73\x1b\xc7\x21\x71\xf9\x19\xfa\x8f\xc4\xb5\xbd\x65\x80\xff\x55\xa7\x91\xe2\xc9\x10\x84\x0c\x28\xfd\xb7\xd5\x6c\xc9\xd9\xd4\xd3\x08\xde\x3c\xf3\x37\xec\x23\x00\x00\xff\xff\x28\x30\xd1\x48\xc4\x01\x00\x00")
+
+func _1513981599_routesUpSqlBytes() ([]byte, error) {
+	return bindataRead(
+		__1513981599_routesUpSql,
+		"1513981599_routes.up.sql",
+	)
+}
+
+func _1513981599_routesUpSql() (*asset, error) {
+	bytes, err := _1513981599_routesUpSqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "1513981599_routes.up.sql", size: 452, mode: os.FileMode(420), modTime: time.Unix(1516564385, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var __1513982254_tokensDownSql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x72\x09\xf2\x0f\x50\xf0\xf4\x73\x71\x8d\x50\x08\xc9\xcf\x4e\xcd\x2b\x8e\x4f\xca\x4f\xa9\xb4\xe6\xe2\x02\x4b\x84\x38\x3a\xf9\xb8\x42\x25\xac\xb9\x00\x01\x00\x00\xff\xff\x35\x06\x52\x0d\x2c\x00\x00\x00")
+
+func _1513982254_tokensDownSqlBytes() ([]byte, error) {
+	return bindataRead(
+		__1513982254_tokensDownSql,
+		"1513982254_tokens.down.sql",
+	)
+}
+
+func _1513982254_tokensDownSql() (*asset, error) {
+	bytes, err := _1513982254_tokensDownSqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "1513982254_tokens.down.sql", size: 44, mode: os.FileMode(420), modTime: time.Unix(1516564385, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var __1513982254_tokensUpSql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x74\x90\x4f\x4b\xc3\x40\x10\xc5\xef\xfb\x29\x86\x9e\x12\xd0\x83\x15\xbd\xf4\xb4\x6d\xa7\xb8\x98\x6e\x6a\x32\xab\x29\x22\x21\x26\x83\x04\xb1\x1b\xb2\x49\xd1\x6f\x2f\x5d\x62\x6c\xfd\xb3\xb7\x07\xbf\xfd\xbd\xe1\x2d\x12\x94\x84\x80\x19\xa1\x4e\x55\xac\x41\xad\x40\xc7\x04\x98\xa9\x94\x52\x98\xf4\x7d\x5d\x9d\x5b\xe7\x9a\xc9\x4c\x88\x01\x26\x39\x8f\xf0\x07\x48\xf6\x95\x77\x4e\x00\x04\x50\x57\xf0\xf5\x8c\x51\xcb\x31\x6c\x12\xb5\x96\xc9\x16\x6e\x71\x0b\x4b\x5c\x49\x13\x11\x1c\xf4\xf9\x0b\xef\xb8\x2d\x3a\xce\xf7\x17\x6f\x65\x10\x0a\x80\x33\x78\xb6\xd5\xc7\xf0\xef\x5e\x26\x8b\x1b\x99\x04\xd3\xab\xeb\xd0\x57\x6a\x13\x45\x1e\x2a\x5b\x2e\x3a\xdb\x1e\x43\x97\xd3\x10\x4e\x21\x57\xda\x86\x9d\x37\x11\x66\xf4\xf8\x34\x68\x7f\x9b\xb8\xca\x8b\x0e\x48\xad\x31\x25\xb9\xde\x1c\x43\xe3\xc1\x3a\x7e\x18\x2e\xe4\xf7\xa6\x6e\xd9\xfd\xfb\xc5\x43\x45\xd9\xd5\x7b\xf6\x7d\xf3\x38\x8e\x50\xea\xd3\xf2\xd1\xdb\xb5\x3d\x0b\x80\xf0\x7b\x65\xa3\xd5\x9d\x41\x50\x7a\x89\xd9\x9f\x63\xe7\x7e\x23\xbb\x1b\x22\x04\x87\x1c\xce\xc4\x67\x00\x00\x00\xff\xff\x43\x54\xbb\x34\xd3\x01\x00\x00")
+
+func _1513982254_tokensUpSqlBytes() ([]byte, error) {
+	return bindataRead(
+		__1513982254_tokensUpSql,
+		"1513982254_tokens.up.sql",
+	)
+}
+
+func _1513982254_tokensUpSql() (*asset, error) {
+	bytes, err := _1513982254_tokensUpSqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "1513982254_tokens.up.sql", size: 467, mode: os.FileMode(420), modTime: time.Unix(1516564385, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _postgresSql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xb4\x94\x4f\x8b\xea\x30\x14\xc5\xf7\xfd\x14\x77\x67\x85\x66\xf1\x56\x0f\xde\xe3\x21\xa2\x79\x4c\xa1\x2a\xd4\xce\xcc\x52\x62\x73\x9d\x09\x53\x1b\x49\xa2\x8c\xdf\x7e\x48\x5b\x35\xd1\xfa\x87\xa1\x03\x5d\x94\x40\xce\xf9\xdd\x73\x4f\x4b\x08\x94\x6c\x8d\x7f\x40\x94\x1a\x95\x21\x39\x2a\x23\x56\x22\x67\x06\x83\x78\x3a\xa7\x69\x06\xf1\x34\x9b\xc1\xe8\x74\xae\x43\x2e\xd7\x4c\x94\x11\x70\x66\x58\x1f\x5e\x86\xc9\x33\x9d\x43\x38\x88\x60\xd0\xff\x1b\x04\x47\xc9\x95\x28\x39\x91\x25\x7a\xa2\x73\x9a\xd0\x51\x06\x82\x47\xe0\xca\x44\x90\x2b\x64\x06\xf9\x82\x99\x08\x90\x8b\xc3\x2b\xcb\x8d\xd8\x21\xfc\x4f\x67\x13\x0f\x02\x5e\x9f\x68\x4a\x1b\x0d\xf8\x07\x03\x48\xe2\x49\x9c\xc1\x2f\x07\x40\xe1\x5a\xee\xf0\x02\x61\x4c\x13\x9a\xd1\xef\x49\xbe\xa1\x21\xac\x28\x5c\x3d\xdd\xd9\x4c\x8e\x4f\xb3\x0e\x25\xb7\x67\x8b\x48\xed\x89\x0e\x2b\x65\xa9\x22\x78\x97\xda\xd8\x2b\x67\x7b\x68\x5b\x43\x25\x46\x96\x7b\x22\xb8\x8b\x7c\x21\xf5\x10\x77\xcd\xd1\x44\x26\xf8\x95\xb8\x2e\xbd\xad\x49\xc7\xee\x87\x9b\xb7\x18\xec\xce\x2a\x06\x4d\x56\x52\x91\xad\x46\xd5\x31\x45\x23\x61\x21\x1c\x73\x8e\x05\x1a\x3c\x45\xe0\x95\xaf\x2d\xc3\xe1\x74\x7c\xbb\x81\x4d\x33\x8c\xfc\xc0\xd2\x6b\x46\x66\x4f\x74\xb8\x94\x7c\xef\x0c\xa4\x73\xb9\x41\x1d\x01\x7e\x6e\x84\x42\xbd\x60\xc6\x6f\x4a\xfd\xf4\xcf\x2a\x6e\x79\x6b\x07\x27\xa4\x2b\xca\x5e\x50\x47\x17\x3f\xa9\x9a\xed\x5e\x5b\x3c\x67\x5b\x16\xeb\xf8\x13\x04\x56\xe7\xce\x07\x5e\x31\xb4\x97\xa5\x2b\x8a\xf6\xc6\x38\x3f\xad\x7a\x03\x6e\x63\x1e\xcb\xb1\x91\xa8\x21\x78\x33\xca\x75\x9d\x13\x2c\x10\x10\xa5\x41\xb5\x63\x05\xf4\x7e\x03\x67\x7b\xdd\x0b\xbe\x02\x00\x00\xff\xff\x49\x2d\x7b\x8a\x23\x06\x00\x00")
+
+func postgresSqlBytes() ([]byte, error) {
+	return bindataRead(
+		_postgresSql,
+		"postgres.sql",
+	)
+}
+
+func postgresSql() (*asset, error) {
+	bytes, err := postgresSqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "postgres.sql", size: 1571, mode: os.FileMode(420), modTime: time.Unix(1516571679, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+// Asset loads and returns the asset for the given name.
+// It returns an error if the asset could not be found or
+// could not be loaded.
+func Asset(name string) ([]byte, error) {
+	cannonicalName := strings.Replace(name, "\\", "/", -1)
+	if f, ok := _bindata[cannonicalName]; ok {
+		a, err := f()
+		if err != nil {
+			return nil, fmt.Errorf("Asset %s can't read by error: %v", name, err)
+		}
+		return a.bytes, nil
+	}
+	return nil, fmt.Errorf("Asset %s not found", name)
+}
+
+// MustAsset is like Asset but panics when Asset would return an error.
+// It simplifies safe initialization of global variables.
+func MustAsset(name string) []byte {
+	a, err := Asset(name)
+	if err != nil {
+		panic("asset: Asset(" + name + "): " + err.Error())
+	}
+
+	return a
+}
+
+// AssetInfo loads and returns the asset info for the given name.
+// It returns an error if the asset could not be found or
+// could not be loaded.
+func AssetInfo(name string) (os.FileInfo, error) {
+	cannonicalName := strings.Replace(name, "\\", "/", -1)
+	if f, ok := _bindata[cannonicalName]; ok {
+		a, err := f()
+		if err != nil {
+			return nil, fmt.Errorf("AssetInfo %s can't read by error: %v", name, err)
+		}
+		return a.info, nil
+	}
+	return nil, fmt.Errorf("AssetInfo %s not found", name)
+}
+
+// AssetNames returns the names of the assets.
+func AssetNames() []string {
+	names := make([]string, 0, len(_bindata))
+	for name := range _bindata {
+		names = append(names, name)
+	}
+	return names
+}
+
+// _bindata is a table, holding each asset generator, mapped to its name.
+var _bindata = map[string]func() (*asset, error){
+	"1513981282_certificates.down.sql": _1513981282_certificatesDownSql,
+	"1513981282_certificates.up.sql": _1513981282_certificatesUpSql,
+	"1513981599_routes.down.sql": _1513981599_routesDownSql,
+	"1513981599_routes.up.sql": _1513981599_routesUpSql,
+	"1513982254_tokens.down.sql": _1513982254_tokensDownSql,
+	"1513982254_tokens.up.sql": _1513982254_tokensUpSql,
+	"postgres.sql": postgresSql,
+}
+
+// AssetDir returns the file names below a certain
+// directory embedded in the file by go-bindata.
+// For example if you run go-bindata on data/... and data contains the
+// following hierarchy:
+//     data/
+//       foo.txt
+//       img/
+//         a.png
+//         b.png
+// then AssetDir("data") would return []string{"foo.txt", "img"}
+// AssetDir("data/img") would return []string{"a.png", "b.png"}
+// AssetDir("foo.txt") and AssetDir("notexist") would return an error
+// AssetDir("") will return []string{"data"}.
+func AssetDir(name string) ([]string, error) {
+	node := _bintree
+	if len(name) != 0 {
+		cannonicalName := strings.Replace(name, "\\", "/", -1)
+		pathList := strings.Split(cannonicalName, "/")
+		for _, p := range pathList {
+			node = node.Children[p]
+			if node == nil {
+				return nil, fmt.Errorf("Asset %s not found", name)
+			}
+		}
+	}
+	if node.Func != nil {
+		return nil, fmt.Errorf("Asset %s not found", name)
+	}
+	rv := make([]string, 0, len(node.Children))
+	for childName := range node.Children {
+		rv = append(rv, childName)
+	}
+	return rv, nil
+}
+
+type bintree struct {
+	Func     func() (*asset, error)
+	Children map[string]*bintree
+}
+var _bintree = &bintree{nil, map[string]*bintree{
+	"1513981282_certificates.down.sql": &bintree{_1513981282_certificatesDownSql, map[string]*bintree{}},
+	"1513981282_certificates.up.sql": &bintree{_1513981282_certificatesUpSql, map[string]*bintree{}},
+	"1513981599_routes.down.sql": &bintree{_1513981599_routesDownSql, map[string]*bintree{}},
+	"1513981599_routes.up.sql": &bintree{_1513981599_routesUpSql, map[string]*bintree{}},
+	"1513982254_tokens.down.sql": &bintree{_1513982254_tokensDownSql, map[string]*bintree{}},
+	"1513982254_tokens.up.sql": &bintree{_1513982254_tokensUpSql, map[string]*bintree{}},
+	"postgres.sql": &bintree{postgresSql, map[string]*bintree{}},
+}}
+
+// RestoreAsset restores an asset under the given directory
+func RestoreAsset(dir, name string) error {
+	data, err := Asset(name)
+	if err != nil {
+		return err
+	}
+	info, err := AssetInfo(name)
+	if err != nil {
+		return err
+	}
+	err = os.MkdirAll(_filePath(dir, filepath.Dir(name)), os.FileMode(0755))
+	if err != nil {
+		return err
+	}
+	err = ioutil.WriteFile(_filePath(dir, name), data, info.Mode())
+	if err != nil {
+		return err
+	}
+	err = os.Chtimes(_filePath(dir, name), info.ModTime(), info.ModTime())
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// RestoreAssets restores an asset under the given directory recursively
+func RestoreAssets(dir, name string) error {
+	children, err := AssetDir(name)
+	// File
+	if err != nil {
+		return RestoreAsset(dir, name)
+	}
+	// Dir
+	for _, child := range children {
+		err = RestoreAssets(dir, filepath.Join(name, child))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func _filePath(dir, name string) string {
+	cannonicalName := strings.Replace(name, "\\", "/", -1)
+	return filepath.Join(append([]string{dir}, strings.Split(cannonicalName, "/")...)...)
+}
+

internal/database/migrations/1513981282_certificates.down.sql

@@ -0,0 +1,2 @@
+DROP INDEX Certificates_domain;
+DROP TABLE Certificates;

internal/database/migrations/1513981282_certificates.up.sql

@@ -0,0 +1,12 @@
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+CREATE TABLE IF NOT EXISTS Certificates
+  ( id         UUID         PRIMARY KEY DEFAULT uuid_generate_v1mc()
+  , domain     VARCHAR(256) NOT NULL
+  , data       TEXT         NOT NULL
+  , created_at TIMESTAMP    NOT NULL DEFAULT NOW()
+  , edited_at  TIMESTAMP    NOT NULL DEFAULT NOW()
+  , active     BOOLEAN      NOT NULL DEFAULT true
+  );
+
+CREATE UNIQUE INDEX IF NOT EXISTS Certificates_domain ON Certificates (domain);

internal/database/migrations/1513981599_routes.down.sql

@@ -0,0 +1 @@
+DROP TABLE Routes;

internal/database/migrations/1513981599_routes.up.sql

@@ -0,0 +1,12 @@
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+CREATE TABLE IF NOT EXISTS Routes
+  ( id         UUID         PRIMARY KEY DEFAULT uuid_generate_v1mc()
+  , creator    VARCHAR(32)  NOT NULL
+  , hostname   VARCHAR(256) NOT NULL
+  , created_at TIMESTAMP    NOT NULL DEFAULT NOW()
+  , edited_at  TIMESTAMP    NOT NULL DEFAULT NOW()
+  , active     BOOLEAN      NOT NULL DEFAULT true
+  );
+
+CREATE UNIQUE INDEX IF NOT EXISTS Routes_hostname on Routes (hostname);

internal/database/migrations/1513982254_tokens.down.sql

@@ -0,0 +1,3 @@
+DROP INDEX Tokens_body;
+
+DROP TABLE Tokens;

internal/database/migrations/1513982254_tokens.up.sql

@@ -0,0 +1,13 @@
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+CREATE TABLE IF NOT EXISTS Tokens
+  ( id         UUID         PRIMARY KEY DEFAULT uuid_generate_v1mc()
+  , body       VARCHAR(256) NOT NULL
+  , creator    VARCHAR(32)  NOT NULL
+  , scopes     TEXT[]       NOT NULL
+  , created_at TIMESTAMP    NOT NULL DEFAULT NOW()
+  , expires_at TIMESTAMP    NOT NULL
+  , active     BOOLEAN      NOT NULL DEFAULT true
+  );
+
+CREATE UNIQUE INDEX IF NOT EXISTS Tokens_body on Tokens (body);

internal/database/migrations/postgres.sql

@@ -0,0 +1,42 @@
+-- name: insert-certificate
+INSERT INTO Certificates(domain, data) VALUES ($1, $2);
+
+-- name: find-one-certificate
+SELECT id, domain, data, created_at, edited_at, active FROM Certificates WHERE domain = $1 LIMIT 1;
+
+-- name: remove-one-certificate
+DELETE FROM Certificates WHERE domain = $1 LIMIT 1;
+
+-- name: get-all-certificates
+SELECT id, domain, data, created_at, edited_at, active FROM Certificates;
+
+-- name: insert-route
+INSERT INTO Routes(creator, hostname) VALUES ($1, $2);
+
+-- name: find-one-route-by-id
+SELECT id, creator, hostname, created_at, edited_at, active FROM Routes WHERE id = $1 LIMIT 1;
+
+-- name: find-one-route-by-host
+SELECT id, creator, hostname, created_at, edited_at, active FROM Routes WHERE hostname = $1 LIMIT 1;
+
+-- name: find-all-routes-for-user
+SELECT id, creator, hostname, created_at, edited_at, active FROM Routes WHERE creator = $1;
+
+-- name: delete-one-route
+DELETE FROM Routes WHERE id = $1 AND domain = $2 LIMIT 1;
+
+-- name: insert-token
+INSERT INTO Tokens(body, creator, scopes, expires_at) VALUES ($1, $2, $3, $4);
+
+-- name: get-one-token
+SELECT id, body, creator, scopes, created_at, expires_at, active FROM Tokens WHERE id = $1 LIMIT 1;
+
+-- name: get-one-token-by-body
+SELECT id, body, creator, scopes, created_at, expires_at, active FROM Tokens WHERE body = $1 LIMIT 1;
+
+-- name: get-all-tokens-for-user
+SELECT id, body, creator, scopes, created_at, expires_at, active FROM Tokens WHERE creator = $1;
+
+-- name: remove-one-token
+DELETE FROM Tokens WHERE id = $1 LIMIT 1;
+

internal/database/postgres.go

@@ -0,0 +1,178 @@
+// +build ignore
+
+package database
+
+import (
+	"bytes"
+	"database/sql"
+	"log"
+
+	"git.xeserv.us/xena/route/internal/database/dmigrations"
+	"github.com/Xe/uuid"
+	"github.com/brandur/simplebox"
+	"github.com/gchaincl/dotsql"
+	_ "github.com/lib/pq"
+	"golang.org/x/net/context"
+)
+
+type PostgresStorage struct {
+	ds *dotsql.DotSql
+	db *sql.DB
+	sb *simplebox.SimpleBox
+
+	//cs *postgresCertificateStorage
+	rs *postgresRouteStorage
+	//ts *postgresTokenStorage
+}
+
+type postgresCertificateStorage struct {
+	*PostgresStorage
+}
+
+type postgresRouteStorage struct {
+	*PostgresStorage
+}
+
+type postgresTokenStorage struct {
+	*PostgresStorage
+}
+
+// NewPostgresStorage creates a new Storage instance backed by postgres at the
+// given URL.
+func NewPostgresStorage(url string, key *[32]byte) (Storage, error) {
+	db, err := sql.Open("postgres", url)
+	if err != nil {
+		return nil, err
+	}
+
+	data, err := dmigrations.Asset("postgres.sql")
+	if err != nil {
+		return nil, err
+	}
+
+	buf := bytes.NewBuffer(data)
+
+	ds, err := dotsql.Load(buf)
+	if err != nil {
+		return nil, err
+	}
+
+	for k := range ds.QueryMap() {
+		log.Printf("preparing %s", k)
+		stmt, err := ds.Prepare(db, k)
+		if err != nil {
+			db.Close()
+			return nil, err
+		}
+		defer stmt.Close()
+	}
+
+	p := &PostgresStorage{
+		db: db,
+		ds: ds,
+		sb: simplebox.NewFromSecretKey(key),
+	}
+
+	//p.cs = &postgresCertificateStorage{p}
+	p.rs = &postgresRouteStorage{p}
+	//p.ts = &postgresTokenStorage{p}
+
+	return p, nil
+}
+
+// Certs gets the certificate storage interface.
+func (p *PostgresStorage) Certs() Certs { return nil }
+
+// Routes gets the route storage interface.
+func (p *PostgresStorage) Routes() Routes { return p.rs }
+
+// Tokens gets the token storage interface.
+func (p *PostgresStorage) Tokens() Tokens { return nil }
+
+// Close cleans up resources for this Storage.
+func (p *PostgresStorage) Close() error { return p.db.Close() }
+
+// interface compliance
+var (
+	_ Storage = &PostgresStorage{}
+	//_ Certs   = &postgresCertificateStorage{}
+	_ Routes = &postgresRouteStorage{}
+	//_ Tokens  = &postgresTokenStorage{}
+)
+
+func (p *postgresRouteStorage) getRouteInner(ctx context.Context, arg string, kind string) (Route, error) {
+	r, err := p.ds.QueryRow(p.db, kind, arg)
+	if err != nil {
+		return Route{}, err
+	}
+
+	rt := Route{}
+
+	err = (&rt).Scan(r)
+	if err != nil {
+		return Route{}, err
+	}
+
+	return rt, nil
+}
+
+func (p *postgresRouteStorage) Get(ctx context.Context, id string) (Route, error) {
+	return p.getRouteInner(ctx, id, "find-one-route-by-id")
+}
+
+func (p *postgresRouteStorage) GetHost(ctx context.Context, host string) (Route, error) {
+	return p.getRouteInner(ctx, host, "find-one-route-by-host")
+}
+
+func (p *postgresRouteStorage) GetAll(ctx context.Context, user string) ([]Route, error) {
+	var result []Route
+
+	rows, err := p.ds.Query(p.db, "find-all-routes-for-user", user)
+	if err != nil {
+		return nil, err
+	}
+
+	defer rows.Close()
+	for rows.Next() {
+		rt := &Route{}
+
+		if err := rt.Scan(rows); err != nil {
+			return nil, err
+		}
+
+		result = append(result, *rt)
+	}
+
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+
+	return result, nil
+}
+
+func (p *postgresRouteStorage) Put(ctx context.Context, r Route) (Route, error) {
+	if r.ID == "" {
+		r.ID = uuid.New()
+	}
+
+	_, err := p.ds.Exec(p.db, "insert-route", r.ID, r.Hostname)
+	if err != nil {
+		return Route{}, err
+	}
+
+	return p.Get(ctx, r.ID)
+}
+
+func (p *postgresRouteStorage) Delete(ctx context.Context, r Route) (Route, error) {
+	rt, err := p.Get(ctx, r.ID)
+	if err != nil {
+		return Route{}, err
+	}
+
+	_, err = p.ds.Exec(p.db, "delete-one-route", rt.ID, rt.Hostname)
+	if err != nil {
+		return Route{}, err
+	}
+
+	return rt, nil
+}

internal/database/route.go

@@ -1,15 +1,36 @@
 package database
 
 import (
+	"io"
+	"time"
+
 	proto "git.xeserv.us/xena/route/proto"
 	"github.com/Xe/ln"
+	"golang.org/x/net/context"
 )
 
+// Routes is the set of API calls needed to manage Route resources.
+//
+// Database backends should implement this interface.
+type Routes interface {
+	io.Closer
+
+	Get(ctx context.Context, id string) (Route, error)
+	GetHost(ctx context.Context, host string) (Route, error)
+	GetAll(ctx context.Context, user string) ([]Route, error)
+	Put(ctx context.Context, r Route) (Route, error)
+	Delete(ctx context.Context, r Route) (Route, error)
+}
+
 // Route is a single HTTP route.
 type Route struct {
 	ID       string `storm:"id"`
 	Creator  string
 	Hostname string `storm:"unique"`
+
+	CreatedAt time.Time
+	EditedAt  time.Time
+	Active    bool
 }
 
 // F https://godoc.org/github.com/Xe/ln#F
@@ -21,7 +42,11 @@ func (r Route) F() ln.F {
 	}
 }
 
-// AsProto converts this into the protobuf.
+func (r *Route) Scan(row Scanner) error {
+	return row.Scan(&r.ID, &r.Creator, &r.Hostname, &r.CreatedAt, &r.EditedAt, &r.Active)
+}
+
+// AsProto converts this into a protobuf Route.
 func (r Route) AsProto() *proto.Route {
 	return &proto.Route{
 		Id:      r.ID,

internal/database/route_test.go

@@ -0,0 +1,85 @@
+package database
+
+import (
+	"os"
+	"testing"
+
+	"github.com/Xe/uuid"
+	"golang.org/x/net/context"
+)
+
+const (
+	creator  = "shachi"
+	hostBase = "shachi.loves."
+)
+
+func testRoutes(ctx context.Context, t *testing.T, r Routes) {
+	hostname := hostBase + uuid.New()
+	id := uuid.New()
+
+	t.Run("put", func(t *testing.T) {
+		rt := Route{
+			ID:       id,
+			Creator:  creator,
+			Hostname: hostname,
+		}
+
+		_, err := r.Put(ctx, rt)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	t.Run("get", func(t *testing.T) {
+		_, err := r.Get(ctx, id)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	t.Run("getHost", func(t *testing.T) {
+		_, err := r.GetHost(ctx, hostname)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	t.Run("getAll", func(t *testing.T) {
+		res, err := r.GetAll(ctx, creator)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(res) == 0 {
+			t.Fatal("didn't get any routes back for shachi")
+		}
+	})
+
+	t.Run("delete", func(t *testing.T) {
+		_, err := r.Delete(ctx, Route{ID: id})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		_, err = r.Get(ctx, id)
+		if err == nil {
+			t.Fatal("able to fetch a deleted item")
+		}
+	})
+}
+
+func TestBoltDBRouteStorage(t *testing.T) {
+	st, p, ctx, cancel := newTestBoltStorage(t)
+	defer os.RemoveAll(p)
+	defer st.Close()
+	defer cancel()
+
+	testRoutes(ctx, t, st.Routes())
+}
+
+func TestPostgresRouteStorage(t *testing.T) {
+	st, ctx, cancel := newTestPostgresStorage(t, os.Getenv("DATABASE_URL"))
+	defer st.Close()
+	defer cancel()
+
+	testRoutes(ctx, t, st.Routes())
+}

internal/database/storage.go

@@ -1,63 +1,14 @@
 package database
 
-import (
-	"github.com/asdine/storm"
-	"golang.org/x/crypto/acme/autocert"
-	"golang.org/x/net/context"
-)
-
 // Storage is the parent interface for the database backends of route.
 type Storage interface {
-	// routes
-	GetRoute(ctx context.Context, host string) (Route, error)
-	GetAllRoutes(ctx context.Context, user string) ([]Route, error)
-	PutRoute(ctx context.Context, domain, kind string) (Route, error)
-	DeleteRoute(ctx context.Context, id string) error
-
-	// tokens
-	GetToken(ctx context.Context, token string) (Token, error)
-	GetTokenID(ctx context.Context, id string) (Token, error)
-	GetTokensForOwner(ctx context.Context, owner string) ([]Token, error)
-	PutToken(ctx context.Context, token, owner string, scopes []string) (Token, error)
-	DeleteToken(ctx context.Context, id string) error
-	DeactivateToken(ctx context.Context, id string) error
-
-	// certificates
-	GetCert(ctx context.Context, key string) ([]byte, error)
-	PutCert(ctx context.Context, key string, data []byte) error
-	DeleteCert(ctx context.Context, key string) error
+	Certs() Certs
+	Routes() Routes
+	Tokens() Tokens
 
 	Close() error
 }
 
-type storageManager struct {
-	Storage
-}
-
-func (s *storageManager) Get(ctx context.Context, key string) ([]byte, error) {
-	data, err := s.GetCert(ctx, key)
-	if err != nil {
-		if err == storm.ErrNotFound {
-			return nil, autocert.ErrCacheMiss
-		} else {
-			return nil, err
-		}
-	}
-
-	return data, nil
-}
-
-func (s *storageManager) Put(ctx context.Context, key string, data []byte) error {
-	return s.PutCert(ctx, key, data)
-}
-
-func (s *storageManager) Delete(ctx context.Context, key string) error {
-	return s.DeleteCert(ctx, key)
-}
-
-// Cache creates an autocert.Cache from a Storage instance.
-func Cache(s Storage) autocert.Cache {
-	return autocert.Cache(&storageManager{
-		Storage: s,
-	})
+type Scanner interface {
+	Scan(...interface{}) error
 }

internal/database/token.go

@@ -1,11 +1,28 @@
 package database
 
-import "time"
 import (
+	"io"
+	"time"
+
 	proto "git.xeserv.us/xena/route/proto"
 	"github.com/Xe/ln"
+	"golang.org/x/net/context"
 )
 
+// Tokens is the set of API calls needed to manage Token resources.
+//
+// Database backends should implement this interface.
+type Tokens interface {
+	io.Closer
+
+	Get(ctx context.Context, id string) (Token, error)
+	GetBody(ctx context.Context, body string) (Token, error)
+	GetAll(ctx context.Context, user string) ([]Token, error)
+	Put(ctx context.Context, t Token) (Token, error)
+	Delete(ctx context.Context, id string) (Token, error)
+	DeleteExpired(ctx context.Context) error
+}
+
 // Token is a single authorization token.
 type Token struct {
 	ID     string `storm:"id"`
@@ -14,19 +31,27 @@ type Token struct {
 	Scopes []string
 
 	CreatedAt time.Time `json:"created_at"`
+	ExpiresAt time.Time `json:"expires_at"`
 	Active    bool      `json:"active"`
 }
 
 // F https://godoc.org/github.com/Xe/ln#F
 func (t Token) F() ln.F {
-	return ln.F{
-		"token-id":     t.ID,
-		"token-owner":  t.Owner,
-		"token-active": t.Active,
+	f := ln.F{
+		"token-id":         t.ID,
+		"token-owner":      t.Owner,
+		"token-active":     t.Active,
+		"token-created-at": t.CreatedAt.String(),
 	}
+
+	if !t.ExpiresAt.IsZero() {
+		f["token-expires-at"] = t.ExpiresAt.String()
+	}
+
+	return f
 }
 
-// AsProto ...
+// AsProto converts this into a protobuf Token.
 func (t Token) AsProto() *proto.Token {
 	return &proto.Token{
 		Id:     t.ID,

internal/database/token_test.go

@@ -0,0 +1,74 @@
+package database
+
+import (
+	"os"
+	"testing"
+
+	"golang.org/x/net/context"
+)
+
+func testTokens(ctx context.Context, t *testing.T, tk Tokens) {
+	var (
+		tokenID   string
+		tokenBody string
+	)
+
+	t.Run("put", func(t *testing.T) {
+		tok := Token{
+			Owner: creator,
+		}
+
+		tok2, err := tk.Put(ctx, tok)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		tokenID = tok2.ID
+		tokenBody = tok2.Body
+	})
+
+	t.Run("get", func(t *testing.T) {
+		_, err := tk.Get(ctx, tokenID)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	t.Run("getBody", func(t *testing.T) {
+		_, err := tk.GetBody(ctx, tokenBody)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	t.Run("getAll", func(t *testing.T) {
+		lis, err := tk.GetAll(ctx, creator)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(lis) == 0 {
+			t.Fatal("expected results but got none")
+		}
+	})
+
+	t.Run("delete", func(t *testing.T) {
+		_, err := tk.Delete(ctx, tokenID)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		_, err = tk.Get(ctx, tokenID)
+		if err == nil {
+			t.Fatal("can fetch a deleted resource")
+		}
+	})
+}
+
+func TestBoltDBTokenStorage(t *testing.T) {
+	st, p, ctx, cancel := newTestBoltStorage(t)
+	defer os.RemoveAll(p)
+	defer st.Close()
+	defer cancel()
+
+	testTokens(ctx, t, st.Tokens())
+}

internal/elfs/elfs_test.go

@@ -0,0 +1,10 @@
+package elfs
+
+import "testing"
+
+func TestMakeName(t *testing.T) {
+	n := MakeName()
+	if len(n) == 0 {
+		t.Fatalf("MakeName had a zero output")
+	}
+}

internal/gluaroute/route.go

@@ -0,0 +1,49 @@
+package gluaroute
+
+import (
+	"net/http"
+
+	"git.xeserv.us/xena/route/proto"
+	"git.xeserv.us/xena/route/proto/route"
+	lua "github.com/yuin/gopher-lua"
+	luar "layeh.com/gopher-luar"
+)
+
+var exports = map[string]lua.LGFunction{
+	"new": newClient,
+}
+
+func newClient(L *lua.LState) int {
+	routedURL := L.ToString(1)
+	token := L.ToString(2)
+
+	L.Push(luar.New(L, route.New(routedURL, token, &http.Client{})))
+
+	return 1
+}
+
+type client struct {
+	*route.Client
+}
+
+type backends struct {
+	proto.Backends
+}
+
+type routes struct {
+	proto.Routes
+}
+
+type tokens struct {
+	proto.Tokens
+}
+
+func Preload(L *lua.LState) {
+	L.PreloadModule("svc", Loader)
+}
+
+func Loader(L *lua.LState) int {
+	mod := L.SetFuncs(L.NewTable(), exports)
+	L.Push(mod)
+	return 1
+}

internal/gops.go

@@ -1,4 +1,4 @@
-package main
+package internal
 
 import (
 	"log"

internal/init.go

@@ -0,0 +1,11 @@
+// Package internal contains autoloading packages and tools.
+package internal
+
+import (
+	"github.com/Xe/ln"
+	"github.com/Xe/ln/ex"
+)
+
+func init() {
+	ln.DefaultLogger.Filters = append(ln.DefaultLogger.Filters, ex.NewGoTraceLogger())
+}

internal/manhole.go

@@ -0,0 +1,30 @@
+package internal
+
+import (
+	"log"
+	"net"
+	"net/http"
+	"net/rpc"
+
+	// Add HTTP pprof routes
+	_ "net/http/pprof"
+
+	// Add tracing routes
+	_ "golang.org/x/net/trace"
+
+	// Expvar routes
+	_ "expvar"
+)
+
+func init() {
+	l, err := net.Listen("tcp", "127.0.0.1:0")
+	if err != nil {
+		log.Printf("manhole: cannot bind to 127.0.0.1:0: %v", err)
+		return
+	}
+
+	log.Printf("manhole: Now listening on http://%s", l.Addr())
+
+	rpc.HandleHTTP()
+	go http.Serve(l, nil)
+}

internal/middleware/headers.go

@@ -0,0 +1,35 @@
+package middleware
+
+import (
+	"context"
+	"net/http"
+)
+
+type headerKey int
+
+const hdrKey headerKey = iota
+
+// GetHeaders fetches http headers from the request context.
+func GetHeaders(ctx context.Context) (http.Header, bool) {
+	h, ok := ctx.Value(hdrKey).(http.Header)
+	if !ok {
+		return http.Header{}, false
+	}
+
+	return h, true
+}
+
+// SaveHeaders adds the needed values to the request context for twirp services.
+func SaveHeaders(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ctx := r.Context()
+
+		if ctx == nil {
+			panic("context is nil")
+		}
+
+		ctx = context.WithValue(ctx, hdrKey, r.Header)
+
+		next.ServeHTTP(w, r.WithContext(ctx))
+	})
+}

internal/middleware/trace.go

@@ -0,0 +1,44 @@
+package middleware
+
+import (
+	"context"
+	"net/http"
+	"path/filepath"
+	"time"
+
+	"github.com/Xe/ln"
+	"golang.org/x/net/trace"
+)
+
+// Trace adds go stdlib tracing to this http handler.
+func Trace(family string) func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			sp := trace.New(filepath.Base(family), r.Host+r.RequestURI)
+			defer sp.Finish()
+			ctx, cancel := context.WithTimeout(r.Context(), 30*time.Second)
+			defer cancel()
+
+			ctx = trace.NewContext(ctx, sp)
+			f := ln.F{
+				"family":      family,
+				"method":      r.Method,
+				"path":        r.URL.Path,
+				"remote_addr": r.RemoteAddr,
+				"user_agent":  r.UserAgent(),
+			}
+			ctx = ln.WithF(ctx, f)
+
+			next.ServeHTTP(w, r.WithContext(ctx))
+
+			ws, ok := w.(interface {
+				Status() int
+			})
+			if ok {
+				f["status"] = ws.Status()
+			}
+
+			ln.Log(ctx, f)
+		})
+	}
+}

internal/middleware/trace_test.go

@@ -0,0 +1,33 @@
+package middleware
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestTrace(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	var executed bool
+	var handler http.Handler = Trace(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		executed = true
+		w.WriteHeader(http.StatusOK)
+	}))
+
+	req, err := http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Fatalf("error when creating request: %v", err)
+	}
+	req = req.WithContext(ctx)
+
+	rw := httptest.NewRecorder()
+
+	handler.ServeHTTP(rw, req)
+
+	if !executed {
+		t.Fatal("middleware Trace doesn't pass through to underlying handler")
+	}
+}

internal/routecrypto/rsa_test.go

@@ -0,0 +1,41 @@
+package routecrypto
+
+import "testing"
+
+var (
+	rsaPrivKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC6C94euSI3GAbszcTVvuBI4ejM/fugqe/uUyXz2bUIGemkADBh
+OOkNWXFi/gnYylHRrFKOH06wxhzZWpsBMacmwx6tD7a7nKktcw7HsVFL8is0PPnp
+syhWfW+DF6vMDZxkgI3iKrr9/WY/3/qUg7ga17s1JXb3SmQ2sMDTh5I6DQIET4Bo
+LwKBgCBG2EmsLiVPCXwN+Mk8IGck7BHKhVpcm955VDDiuKNMuFK4F9ak3tbsKOza
+UDC+JhqhB1U7/J8zABM+qVqHBwse1sJMZUEXPuGbIuw4vmEHFA+scAuwkpmRx4gA
+/Ghi9eWr1rDlrRFMEF5vs18GObY7Z07GxTx/nZPx7FZ+6FqZAkEA24zob4NMKGUj
+efHggZ4DFiIGDEbfbRS6a/w7VicJwI41pwhbGj7KCPZEwXYhnXR3H9UXSrowsm14
+D0Wbsw4gRwJBANjvAbFVBAW8TWxLCgKx7uyHehygEBl5NY2in/8QHMjJpE7fQX5U
+qutOL68A6+8P0lrtoz4VJZSnAxwkaifM8QsCQA37iRRm+Qd64OetQrHj+FhiZlrJ
+LAT0CUWmADJ5KYX49B2lfNXDrXOsUG9sZ4tHKRGDt51KC/0KjMgq9BGx41MCQF0y
+FxOL0s2EtXz/33V4QA9twe9xUBDY4CMts4Eyq3xlscbBBe4IjwrcKuntJ3POkGPS
+Xotb9TDONmrANIqlmbECQCD8Uo0bgt8kR5bShqkbW1e5qVNz5w4+tM7Uh+oQMIGB
+bC3xLJD4u2NPTwTdqKxxkeicFMKpuiGvX200M/CcoVc=
+-----END RSA PRIVATE KEY-----`)
+)
+
+func TestRSA(t *testing.T) {
+	pk, err := PemToRSAPrivateKey(rsaPrivKey)
+	if err != nil {
+		t.Fatalf("can't parse key: %v", err)
+	}
+
+	pkd := RSAPrivateKeyToPem(pk)
+
+	pk2, err := PemToRSAPrivateKey(pkd)
+	if err != nil {
+		t.Fatalf("can't parse key: %v", err)
+	}
+
+	pkd2 := RSAPrivateKeyToPem(pk2)
+
+	if string(pkd) != string(pkd2) {
+		t.Fatalf("functions are not 1:1")
+	}
+}

internal/routecrypto/secretbox_test.go

@@ -0,0 +1,40 @@
+package routecrypto
+
+import "testing"
+
+func TestSecretBox(t *testing.T) {
+	var (
+		key *[32]byte
+		sk  string
+	)
+
+	t.Run("generate key", func(t *testing.T) {
+		var err error
+		key, err = GenerateKey()
+		if err != nil {
+			t.Fatalf("can't generate key: %v", err)
+		}
+	})
+
+	if key == nil {
+		t.Fatal("can't continue")
+	}
+
+	t.Run("show key", func(t *testing.T) {
+		sk = ShowKey(key)
+		if len(sk) == 0 {
+			t.Fatal("expected output to be a nonzero length string")
+		}
+	})
+
+	t.Run("read key", func(t *testing.T) {
+		readKey, err := ParseKey(sk)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if *key != *readKey {
+			t.Fatal("key did not parse out correctly")
+		}
+	})
+}

internal/server/common.go

@@ -1,55 +0,0 @@
-package server
-
-import (
-	"context"
-	"errors"
-
-	"git.xeserv.us/xena/route/internal/database"
-	"github.com/Xe/ln"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/metadata"
-)
-
-// errors
-var (
-	ErrNotAuthorized = errors.New("server: not authorized")
-)
-
-func (s *Server) getAuth(ctx context.Context, scope string) (database.Token, error) {
-	var err error
-
-	md, ok := metadata.FromContext(ctx)
-	if !ok {
-		return database.Token{}, grpc.Errorf(codes.Unauthenticated, "valid token required.")
-	}
-
-	jwtToken, ok := md["authorization"]
-	if !ok {
-		return database.Token{}, grpc.Errorf(codes.Unauthenticated, "valid token required.")
-	}
-	val := jwtToken[0]
-
-	t, err := s.db.GetToken(ctx, val)
-	if err != nil {
-		return database.Token{}, grpc.Errorf(codes.Unauthenticated, "valid token required.")
-	}
-
-	ok = false
-	for _, sc := range t.Scopes {
-		if sc == scope {
-			ok = true
-		}
-	}
-	if !ok {
-		return database.Token{}, grpc.Errorf(codes.Unauthenticated, "invalid scope.")
-	}
-
-	return t, nil
-}
-
-func handleError(ctx context.Context, clitok database.Token, err error, f ln.F) error {
-	ln.Error(err, f, clitok.F())
-
-	return err
-}

internal/server/server.go

@@ -1,147 +0,0 @@
-package server
-
-import (
-	"crypto/tls"
-	"errors"
-	"net"
-	"net/http"
-	"net/http/httputil"
-	"time"
-
-	"git.xeserv.us/xena/route/internal/database"
-	"git.xeserv.us/xena/route/lib/tun2"
-	proto "git.xeserv.us/xena/route/proto"
-	"github.com/mtneug/pkg/ulid"
-	"github.com/oxtoacart/bpool"
-	"golang.org/x/crypto/acme/autocert"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials"
-)
-
-// RPC constants
-const (
-	RPCPort uint16 = 39453
-)
-
-// Server is the main server type
-type Server struct {
-	cfg *Config
-	db  database.Storage
-	ts  *tun2.Server
-
-	*autocert.Manager
-}
-
-// Config configures Server
-type Config struct {
-	BoltDBPath string `env:"BOLTDB_PATH,required"`
-
-	WebAddr        string `env:"WEB_ADDR,required"`
-	SSLAddr        string `env:"SSL_ADDR,required"`
-	BackendTCPAddr string `env:"BACKEND_TCP_ADDR,required"`
-	BackendKCPAddr string `env:"BACKEND_KCP_ADDR,required"`
-	GRPCAddr       string `env:"GRPC_ADDR,required"`
-
-	DomainSuffix string `env:"DOMAIN_SUFFIX,required"`
-	ACMEEmail    string `env:"ACME_EMAIL,required"`
-	CertKey      *[32]byte
-}
-
-// New creates a new Server
-func New(cfg Config) (*Server, error) {
-	if cfg.CertKey == nil {
-		return nil, errors.New("no cert decryption key, can't do anything")
-	}
-
-	db, err := database.NewBoltStorage(cfg.BoltDBPath, cfg.CertKey)
-	if err != nil {
-		return nil, err
-	}
-
-	m := &autocert.Manager{
-		Prompt:     autocert.AcceptTOS,
-		Cache:      database.Cache(db),
-		HostPolicy: nil,
-		Email:      cfg.ACMEEmail,
-	}
-
-	tcfg := &tun2.ServerConfig{
-		TCPAddr: cfg.BackendTCPAddr,
-		KCPAddr: cfg.BackendKCPAddr,
-		TLSConfig: &tls.Config{
-			GetCertificate: m.GetCertificate,
-		},
-		Storage: &storageWrapper{
-			Storage: db,
-		},
-	}
-
-	ts, err := tun2.NewServer(tcfg)
-	if err != nil {
-		return nil, err
-	}
-	s := &Server{
-		cfg: &cfg,
-		db:  db,
-		ts:  ts,
-
-		Manager: m,
-	}
-
-	s.ts = ts
-	go ts.ListenAndServe()
-
-	gs := grpc.NewServer(grpc.Creds(credentials.NewTLS(&tls.Config{
-		GetCertificate:     m.GetCertificate,
-		InsecureSkipVerify: true,
-	})))
-
-	proto.RegisterRoutesServer(gs, &Route{Server: s})
-	proto.RegisterTokensServer(gs, &Token{Server: s})
-
-	l, err := net.Listen("tcp", cfg.GRPCAddr)
-	if err != nil {
-		return nil, err
-	}
-
-	go gs.Serve(l)
-
-	return s, nil
-}
-
-// Director removes headers that are typically stripped off at request ingress.
-func (s *Server) Director(r *http.Request) {
-	r.Header.Del("X-Forwarded-For")
-	r.Header.Del("X-Client-Ip")
-}
-
-func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	if r.Header.Get("X-Tor2web") != "" {
-		http.Error(w, "tor2web proxy use is not allowed", 400)
-		return
-	}
-
-	host, _, err := net.SplitHostPort(r.RemoteAddr)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-	r.Header.Set("X-Remote-Ip", host)
-	r.Header.Set("X-Request-Ingress", time.Now().Format(time.RFC3339))
-
-	rid := ulid.New().String()
-	r.Header.Set("X-Request-Id", rid)
-	w.Header().Set("X-Request-Id", rid)
-
-	// http://www.gnuterrypratchett.com/
-	w.Header().Set("X-Clacks-Overhead", "GNU Ashlynn")
-
-	rp := &httputil.ReverseProxy{
-		Director:      s.Director,
-		Transport:     s.ts,
-		FlushInterval: 1 * time.Second,
-		BufferPool:    bpool.NewBytePool(256, 4096),
-	}
-
-	rp.ServeHTTP(w, r)
-}

internal/tun2/backend.go

@@ -0,0 +1,83 @@
+package tun2
+
+import "time"
+
+// Backend is the public state of an individual Connection.
+type Backend struct {
+	ID     string
+	Proto  string
+	User   string
+	Domain string
+	Phi    float32
+	Host   string
+	Usable bool
+}
+
+type backendMatcher func(*Connection) bool
+
+func (s *Server) getBackendsForMatcher(bm backendMatcher) []Backend {
+	s.connlock.Lock()
+	defer s.connlock.Unlock()
+
+	var result []Backend
+
+	for _, c := range s.conns {
+		if !bm(c) {
+			continue
+		}
+
+		protocol := "tcp"
+		if c.isKCP {
+			protocol = "kcp"
+		}
+
+		result = append(result, Backend{
+			ID:     c.id,
+			Proto:  protocol,
+			User:   c.user,
+			Domain: c.domain,
+			Phi:    float32(c.detector.Phi(time.Now())),
+			Host:   c.conn.RemoteAddr().String(),
+			Usable: c.usable,
+		})
+	}
+
+	return result
+}
+
+// KillBackend forcibly disconnects a given backend but doesn't offer a way to
+// "ban" it from reconnecting.
+func (s *Server) KillBackend(id string) error {
+	s.connlock.Lock()
+	defer s.connlock.Unlock()
+
+	for _, c := range s.conns {
+		if c.id == id {
+			c.cancel()
+			return nil
+		}
+	}
+
+	return ErrNoSuchBackend
+}
+
+// GetBackendsForDomain fetches all backends connected to this server associated
+// to a single public domain name.
+func (s *Server) GetBackendsForDomain(domain string) []Backend {
+	return s.getBackendsForMatcher(func(c *Connection) bool {
+		return c.domain == domain
+	})
+}
+
+// GetBackendsForUser fetches all backends connected to this server owned by a
+// given user by username.
+func (s *Server) GetBackendsForUser(uname string) []Backend {
+	return s.getBackendsForMatcher(func(c *Connection) bool {
+		return c.user == uname
+	})
+}
+
+// GetAllBackends fetches every backend connected to this server.
+func (s *Server) GetAllBackends() []Backend {
+	return s.getBackendsForMatcher(func(*Connection) bool { return true })
+}

internal/tun2/client.go

@@ -1,6 +1,7 @@
 package tun2
 
 import (
+	"context"
 	"crypto/tls"
 	"encoding/json"
 	"errors"
@@ -14,10 +15,14 @@ import (
 	"github.com/xtaci/smux"
 )
 
+// Client connects to a remote tun2 server and sets up authentication before routing
+// individual HTTP requests to discrete streams that are reverse proxied to the eventual
+// backend.
 type Client struct {
 	cfg *ClientConfig
 }
 
+// ClientConfig configures client with settings that the user provides.
 type ClientConfig struct {
 	TLSConfig  *tls.Config
 	ConnType   string
@@ -25,8 +30,12 @@ type ClientConfig struct {
 	Token      string
 	Domain     string
 	BackendURL string
+
+	// internal use only
+	forceTCPClear bool
 }
 
+// NewClient constructs an instance of Client with a given ClientConfig.
 func NewClient(cfg *ClientConfig) (*Client, error) {
 	if cfg == nil {
 		return nil, errors.New("tun2: client config needed")
@@ -39,7 +48,12 @@ func NewClient(cfg *ClientConfig) (*Client, error) {
 	return c, nil
 }
 
-func (c *Client) Connect() error {
+// Connect dials the remote server and negotiates a client session with its
+// configured server address. This will then continuously proxy incoming HTTP
+// requests to the backend HTTP server.
+//
+// This is a blocking function.
+func (c *Client) Connect(ctx context.Context) error {
 	return c.connect(c.cfg.ServerAddr)
 }
 
@@ -57,7 +71,12 @@ func (c *Client) connect(serverAddr string) error {
 
 	switch c.cfg.ConnType {
 	case "tcp":
-		conn, err = tls.Dial("tcp", serverAddr, c.cfg.TLSConfig)
+		if c.cfg.forceTCPClear {
+			conn, err = net.Dial("tcp", serverAddr)
+		} else {
+			conn, err = tls.Dial("tcp", serverAddr, c.cfg.TLSConfig)
+		}
+
 		if err != nil {
 			return err
 		}
@@ -117,15 +136,12 @@ func (c *Client) connect(serverAddr string) error {
 	return nil
 }
 
+// smuxListener wraps a smux session as a net.Listener.
 type smuxListener struct {
 	conn    net.Conn
 	session *smux.Session
 }
 
-var (
-	_ net.Listener = &smuxListener{} // interface check
-)
-
 func (sl *smuxListener) Accept() (net.Conn, error) {
 	return sl.session.AcceptStream()
 }

internal/tun2/client_test.go

@@ -0,0 +1,21 @@
+package tun2
+
+import (
+	"net"
+	"testing"
+)
+
+func TestNewClientNullConfig(t *testing.T) {
+	_, err := NewClient(nil)
+	if err == nil {
+		t.Fatalf("expected NewClient(nil) to fail, got non-failure")
+	}
+}
+
+func TestSmuxListenerIsNetListener(t *testing.T) {
+	var sl interface{} = &smuxListener{}
+	_, ok := sl.(net.Listener)
+	if !ok {
+		t.Fatalf("smuxListener does not implement net.Listener")
+	}
+}

internal/tun2/connection.go

@@ -3,6 +3,7 @@ package tun2
 import (
 	"bufio"
 	"context"
+	"expvar"
 	"net"
 	"net/http"
 	"time"
@@ -24,9 +25,17 @@ type Connection struct {
 	controlStream *smux.Stream
 	user          string
 	domain        string
-	cancel        context.CancelFunc
+	cf            context.CancelFunc
 	detector      *failure.Detector
 	Auth          *Auth
+	usable        bool
+
+	counter *expvar.Int
+}
+
+func (c *Connection) cancel() {
+	c.cf()
+	c.usable = false
 }
 
 // F logs key->value pairs as an ln.Fer
@@ -44,15 +53,18 @@ func (c *Connection) F() ln.F {
 // Ping ends a "ping" to the client. If the client doesn't respond or the connection
 // dies, then the connection needs to be cleaned up.
 func (c *Connection) Ping() error {
+	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
+	defer cancel()
+
 	req, err := http.NewRequest("GET", "http://backend/health", nil)
 	if err != nil {
 		panic(err)
 	}
+	req = req.WithContext(ctx)
 
 	_, err = c.RoundTrip(req)
 	if err != nil {
-		ln.Error(err, c.F(), ln.F{"action": "ping_roundtrip"})
-		defer c.cancel()
+		ln.Error(ctx, err, c, ln.Action("pinging the backend"))
 		return err
 	}
 
@@ -62,16 +74,20 @@ func (c *Connection) Ping() error {
 }
 
 // OpenStream creates a new stream (connection) to the backend server.
-func (c *Connection) OpenStream() (net.Conn, error) {
+func (c *Connection) OpenStream(ctx context.Context) (net.Conn, error) {
+	if !c.usable {
+		return nil, ErrNoSuchBackend
+	}
+
 	err := c.conn.SetDeadline(time.Now().Add(time.Second))
 	if err != nil {
-		ln.Error(err, c.F())
+		ln.Error(ctx, err, c)
 		return nil, err
 	}
 
 	stream, err := c.session.OpenStream()
 	if err != nil {
-		ln.Error(err, c.F())
+		ln.Error(ctx, err, c)
 		return nil, err
 	}
 
@@ -108,11 +124,15 @@ var (
 // RoundTrip forwards a HTTP request to the remote backend and then returns the
 // response, if any.
 func (c *Connection) RoundTrip(req *http.Request) (*http.Response, error) {
-	stream, err := c.OpenStream()
+	stream, err := c.OpenStream(req.Context())
 	if err != nil {
 		return nil, errors.Wrap(err, ErrCantOpenSessionStream.Error())
 	}
-	defer stream.Close()
+
+	go func() {
+		<-req.Context().Done()
+		stream.Close()
+	}()
 
 	err = req.Write(stream)
 	if err != nil {
@@ -126,5 +146,7 @@ func (c *Connection) RoundTrip(req *http.Request) (*http.Response, error) {
 		return nil, errors.Wrap(err, ErrCantReadResponse.Error())
 	}
 
+	c.counter.Add(1)
+
 	return resp, nil
 }

internal/tun2/server.go

@@ -0,0 +1,467 @@
+package tun2
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"expvar"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"math/rand"
+	"net"
+	"net/http"
+	"os"
+	"sync"
+	"time"
+
+	"github.com/Xe/ln"
+	failure "github.com/dgryski/go-failure"
+	"github.com/mtneug/pkg/ulid"
+	cmap "github.com/streamrail/concurrent-map"
+	"github.com/xtaci/smux"
+)
+
+// Error values
+var (
+	ErrNoSuchBackend             = errors.New("tun2: there is no such backend")
+	ErrAuthMismatch              = errors.New("tun2: authenication doesn't match database records")
+	ErrCantRemoveWhatDoesntExist = errors.New("tun2: this connection does not exist, cannot remove it")
+)
+
+// gen502Page creates the page that is shown when a backend is not connected to a given route.
+func gen502Page(req *http.Request) *http.Response {
+	template := `<html><head><title>no backends connected</title></head><body><h1>no backends connected</h1><p>Please ensure a backend is running for ${HOST}. This is request ID ${REQ_ID}.</p></body></html>`
+
+	resbody := []byte(os.Expand(template, func(in string) string {
+		switch in {
+		case "HOST":
+			return req.Host
+		case "REQ_ID":
+			return req.Header.Get("X-Request-Id")
+		}
+
+		return "<unknown>"
+	}))
+	reshdr := req.Header
+	reshdr.Set("Content-Type", "text/html; charset=utf-8")
+
+	resp := &http.Response{
+		Status:     fmt.Sprintf("%d Bad Gateway", http.StatusBadGateway),
+		StatusCode: http.StatusBadGateway,
+		Body:       ioutil.NopCloser(bytes.NewBuffer(resbody)),
+
+		Proto:         req.Proto,
+		ProtoMajor:    req.ProtoMajor,
+		ProtoMinor:    req.ProtoMinor,
+		Header:        reshdr,
+		ContentLength: int64(len(resbody)),
+		Close:         true,
+		Request:       req,
+	}
+
+	return resp
+}
+
+// ServerConfig ...
+type ServerConfig struct {
+	SmuxConf *smux.Config
+	Storage  Storage
+}
+
+// Storage is the minimal subset of features that tun2's Server needs out of a
+// persistence layer.
+type Storage interface {
+	HasToken(token string) (user string, scopes []string, err error)
+	HasRoute(domain string) (user string, err error)
+}
+
+// Server routes frontend HTTP traffic to backend TCP traffic.
+type Server struct {
+	cfg    *ServerConfig
+	ctx    context.Context
+	cancel context.CancelFunc
+
+	connlock sync.Mutex
+	conns    map[net.Conn]*Connection
+
+	domains cmap.ConcurrentMap
+}
+
+// NewServer creates a new Server instance with a given config, acquiring all
+// relevant resources.
+func NewServer(cfg *ServerConfig) (*Server, error) {
+	if cfg == nil {
+		return nil, errors.New("tun2: config must be specified")
+	}
+
+	if cfg.SmuxConf == nil {
+		cfg.SmuxConf = smux.DefaultConfig()
+
+		cfg.SmuxConf.KeepAliveInterval = time.Second
+		cfg.SmuxConf.KeepAliveTimeout = 15 * time.Second
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+
+	server := &Server{
+		cfg: cfg,
+
+		conns:   map[net.Conn]*Connection{},
+		domains: cmap.New(),
+		ctx:     ctx,
+		cancel:  cancel,
+	}
+
+	go server.phiDetectionLoop(ctx)
+
+	return server, nil
+}
+
+// Close stops the background tasks for this Server.
+func (s *Server) Close() {
+	s.cancel()
+}
+
+// Wait blocks until the server context is cancelled.
+func (s *Server) Wait() {
+	for {
+		select {
+		case <-s.ctx.Done():
+			return
+		}
+	}
+}
+
+// Listen passes this Server a given net.Listener to accept backend connections.
+func (s *Server) Listen(l net.Listener, isKCP bool) {
+	ctx := s.ctx
+
+	f := ln.F{
+		"listener_addr":    l.Addr(),
+		"listener_network": l.Addr().Network(),
+	}
+
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		default:
+		}
+
+		conn, err := l.Accept()
+		if err != nil {
+			ln.Error(ctx, err, f, ln.Action("accept connection"))
+			continue
+		}
+
+		ln.Log(ctx, f, ln.Action("new backend client connected"), ln.F{
+			"conn_addr":    conn.RemoteAddr(),
+			"conn_network": conn.RemoteAddr().Network(),
+		})
+
+		go s.HandleConn(conn, isKCP)
+	}
+}
+
+// phiDetectionLoop is an infinite loop that will run the [phi accrual failure detector]
+// for each of the backends connected to the Server. This is fairly experimental and
+// may be removed.
+//
+// [phi accrual failure detector]: https://dspace.jaist.ac.jp/dspace/handle/10119/4784
+func (s *Server) phiDetectionLoop(ctx context.Context) {
+	t := time.NewTicker(5 * time.Second)
+	defer t.Stop()
+
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		case <-t.C:
+			now := time.Now()
+
+			s.connlock.Lock()
+			for _, c := range s.conns {
+				failureChance := c.detector.Phi(now)
+				const thresh = 0.9 // the threshold for phi failure detection causing logs
+
+				if failureChance > thresh {
+					ln.Log(ctx, c, ln.Action("phi failure detection"), ln.F{
+						"value":     failureChance,
+						"threshold": thresh,
+					})
+				}
+			}
+			s.connlock.Unlock()
+		}
+	}
+}
+
+// backendAuthv1 runs a simple backend authentication check. It expects the
+// client to write a json-encoded instance of Auth. This is then checked
+// for token validity and domain matching.
+//
+// This returns the user that was authenticated and the domain they identified
+// with.
+func (s *Server) backendAuthv1(ctx context.Context, st io.Reader) (string, *Auth, error) {
+	f := ln.F{
+		"action":               "backend authentication",
+		"backend_auth_version": 1,
+	}
+
+	f["stage"] = "json decoding"
+
+	d := json.NewDecoder(st)
+	var auth Auth
+	err := d.Decode(&auth)
+	if err != nil {
+		ln.Error(ctx, err, f)
+		return "", nil, err
+	}
+
+	f["auth_domain"] = auth.Domain
+	f["stage"] = "checking domain"
+
+	routeUser, err := s.cfg.Storage.HasRoute(auth.Domain)
+	if err != nil {
+		ln.Error(ctx, err, f)
+		return "", nil, err
+	}
+
+	f["route_user"] = routeUser
+	f["stage"] = "checking token"
+
+	tokenUser, scopes, err := s.cfg.Storage.HasToken(auth.Token)
+	if err != nil {
+		ln.Error(ctx, err, f)
+		return "", nil, err
+	}
+
+	f["token_user"] = tokenUser
+	f["stage"] = "checking token scopes"
+
+	ok := false
+	for _, sc := range scopes {
+		if sc == "connect" {
+			ok = true
+			break
+		}
+	}
+
+	if !ok {
+		ln.Error(ctx, ErrAuthMismatch, f)
+		return "", nil, ErrAuthMismatch
+	}
+
+	f["stage"] = "user verification"
+
+	if routeUser != tokenUser {
+		ln.Error(ctx, ErrAuthMismatch, f)
+		return "", nil, ErrAuthMismatch
+	}
+
+	return routeUser, &auth, nil
+}
+
+// HandleConn starts up the needed mechanisms to relay HTTP traffic to/from
+// the currently connected backend.
+func (s *Server) HandleConn(c net.Conn, isKCP bool) {
+	defer c.Close()
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	f := ln.F{
+		"local":  c.LocalAddr().String(),
+		"remote": c.RemoteAddr().String(),
+	}
+
+	session, err := smux.Server(c, s.cfg.SmuxConf)
+	if err != nil {
+		ln.Error(ctx, err, f, ln.Action("establish server side of smux"))
+
+		return
+	}
+	defer session.Close()
+
+	controlStream, err := session.OpenStream()
+	if err != nil {
+		ln.Error(ctx, err, f, ln.Action("opening control stream"))
+
+		return
+	}
+	defer controlStream.Close()
+
+	user, auth, err := s.backendAuthv1(ctx, controlStream)
+	if err != nil {
+		return
+	}
+
+	connection := &Connection{
+		id:       ulid.New().String(),
+		conn:     c,
+		isKCP:    isKCP,
+		session:  session,
+		user:     user,
+		domain:   auth.Domain,
+		cf:       cancel,
+		detector: failure.New(15, 1),
+		Auth:     auth,
+	}
+	connection.counter = expvar.NewInt("http.backend." + connection.id + ".hits")
+
+	defer func() {
+		if r := recover(); r != nil {
+			ln.Log(ctx, connection, ln.F{"action": "connection handler panic", "err": r})
+		}
+	}()
+
+	ln.Log(ctx, connection, ln.Action("backend successfully connected"))
+
+	s.addConn(ctx, connection)
+
+	connection.usable = true // XXX set this to true once health checks pass?
+
+	ticker := time.NewTicker(5 * time.Second)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-ticker.C:
+			err := connection.Ping()
+			if err != nil {
+				connection.cancel()
+			}
+		// case <-s.ctx.Done():
+		// 	ln.Log(ctx, connection, ln.Action("server context finished"))
+		// 	s.removeConn(ctx, connection)
+		// 	connection.Close()
+
+		// 	return
+		case <-ctx.Done():
+			ln.Log(ctx, connection, ln.Action("client context finished"))
+			s.removeConn(ctx, connection)
+			connection.Close()
+
+			return
+		}
+	}
+}
+
+// addConn adds a connection to the pool of backend connections.
+func (s *Server) addConn(ctx context.Context, connection *Connection) {
+	s.connlock.Lock()
+	s.conns[connection.conn] = connection
+	s.connlock.Unlock()
+
+	var conns []*Connection
+
+	val, ok := s.domains.Get(connection.domain)
+	if ok {
+		conns, ok = val.([]*Connection)
+		if !ok {
+			conns = nil
+
+			s.domains.Remove(connection.domain)
+		}
+	}
+
+	conns = append(conns, connection)
+
+	s.domains.Set(connection.domain, conns)
+}
+
+// removeConn removes a connection from pool of backend connections.
+func (s *Server) removeConn(ctx context.Context, connection *Connection) {
+	s.connlock.Lock()
+	delete(s.conns, connection.conn)
+	s.connlock.Unlock()
+
+	auth := connection.Auth
+
+	var conns []*Connection
+
+	val, ok := s.domains.Get(auth.Domain)
+	if ok {
+		conns, ok = val.([]*Connection)
+		if !ok {
+			ln.Error(ctx, ErrCantRemoveWhatDoesntExist, connection, ln.Action("looking up for disconnect removal"))
+
+			return
+		}
+	}
+
+	for i, cntn := range conns {
+		if cntn.id == connection.id {
+			conns[i] = conns[len(conns)-1]
+			conns = conns[:len(conns)-1]
+		}
+	}
+
+	if len(conns) != 0 {
+		s.domains.Set(auth.Domain, conns)
+	} else {
+		s.domains.Remove(auth.Domain)
+	}
+}
+
+// RoundTrip sends a HTTP request to a backend and then returns its response.
+func (s *Server) RoundTrip(req *http.Request) (*http.Response, error) {
+	var conns []*Connection
+	ctx := req.Context()
+
+	f := ln.F{
+		"req_remote":         req.RemoteAddr,
+		"req_host":           req.Host,
+		"req_uri":            req.RequestURI,
+		"req_method":         req.Method,
+		"req_content_length": req.ContentLength,
+	}
+
+	val, ok := s.domains.Get(req.Host)
+	if ok {
+		conns, ok = val.([]*Connection)
+		if !ok {
+			ln.Error(ctx, ErrNoSuchBackend, f, ln.Action("no backend available"))
+
+			return gen502Page(req), nil
+		}
+	}
+
+	var goodConns []*Connection
+	for _, conn := range conns {
+		if conn.usable {
+			goodConns = append(goodConns, conn)
+		}
+	}
+
+	if len(goodConns) == 0 {
+		ln.Error(ctx, ErrNoSuchBackend, f, ln.Action("no good backends available"))
+
+		return gen502Page(req), nil
+	}
+
+	c := goodConns[rand.Intn(len(goodConns))]
+
+	resp, err := c.RoundTrip(req)
+	if err != nil {
+		ln.Error(ctx, err, c, f, ln.Action("connection roundtrip"))
+
+		defer c.cancel()
+		return nil, err
+	}
+
+	ln.Log(ctx, c, ln.Action("http traffic"), f, ln.F{
+		"resp_status_code":    resp.StatusCode,
+		"resp_content_length": resp.ContentLength,
+	})
+
+	return resp, nil
+}
+
+// Auth is the authentication info the client passes to the server.
+type Auth struct {
+	Token  string `json:"token"`
+	Domain string `json:"domain"`
+}

internal/tun2/server_test.go

@@ -0,0 +1,330 @@
+package tun2
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/Xe/uuid"
+)
+
+// testing constants
+const (
+	user           = "shachi"
+	token          = "orcaz r kewl"
+	noPermToken    = "aw heck"
+	otherUserToken = "even more heck"
+	domain         = "cetacean.club"
+)
+
+func TestNewServerNullConfig(t *testing.T) {
+	_, err := NewServer(nil)
+	if err == nil {
+		t.Fatalf("expected NewServer(nil) to fail, got non-failure")
+	}
+}
+
+func TestGen502Page(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	req, err := http.NewRequest("GET", "http://cetacean.club", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	substring := uuid.New()
+
+	req = req.WithContext(ctx)
+	req.Header.Add("X-Request-Id", substring)
+	req.Host = "cetacean.club"
+
+	resp := gen502Page(req)
+	if resp == nil {
+		t.Fatalf("expected response to be non-nil")
+	}
+
+	if resp.Body != nil {
+		defer resp.Body.Close()
+		data, err := ioutil.ReadAll(resp.Body)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if !strings.Contains(string(data), substring) {
+			fmt.Println(string(data))
+			t.Fatalf("502 page did not contain needed substring %q", substring)
+		}
+	}
+}
+
+func TestBackendAuthV1(t *testing.T) {
+	st := MockStorage()
+
+	s, err := NewServer(&ServerConfig{
+		Storage: st,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer s.Close()
+
+	st.AddRoute(domain, user)
+	st.AddToken(token, user, []string{"connect"})
+	st.AddToken(noPermToken, user, nil)
+	st.AddToken(otherUserToken, "cadey", []string{"connect"})
+
+	cases := []struct {
+		name    string
+		auth    Auth
+		wantErr bool
+	}{
+		{
+			name: "basic everything should work",
+			auth: Auth{
+				Token:  token,
+				Domain: domain,
+			},
+			wantErr: false,
+		},
+		{
+			name: "invalid domain",
+			auth: Auth{
+				Token:  token,
+				Domain: "aw.heck",
+			},
+			wantErr: true,
+		},
+		{
+			name: "invalid token",
+			auth: Auth{
+				Token:  "asdfwtweg",
+				Domain: domain,
+			},
+			wantErr: true,
+		},
+		{
+			name: "invalid token scopes",
+			auth: Auth{
+				Token:  noPermToken,
+				Domain: domain,
+			},
+			wantErr: true,
+		},
+		{
+			name: "user token doesn't match domain owner",
+			auth: Auth{
+				Token:  otherUserToken,
+				Domain: domain,
+			},
+			wantErr: true,
+		},
+	}
+
+	for _, cs := range cases {
+		t.Run(cs.name, func(t *testing.T) {
+			ctx, cancel := context.WithCancel(context.Background())
+			defer cancel()
+
+			data, err := json.Marshal(cs.auth)
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			_, _, err = s.backendAuthv1(ctx, bytes.NewBuffer(data))
+
+			if cs.wantErr && err == nil {
+				t.Fatalf("auth did not err as expected")
+			}
+
+			if !cs.wantErr && err != nil {
+				t.Fatalf("unexpected auth err: %v", err)
+			}
+		})
+	}
+}
+
+func TestBackendRouting(t *testing.T) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	st := MockStorage()
+
+	st.AddRoute(domain, user)
+	st.AddToken(token, user, []string{"connect"})
+
+	s, err := NewServer(&ServerConfig{
+		Storage: st,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer s.Close()
+
+	l, err := net.Listen("tcp", "127.0.0.1:0")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer l.Close()
+
+	go s.Listen(l, false)
+
+	cases := []struct {
+		name           string
+		wantStatusCode int
+		handler        http.HandlerFunc
+	}{
+		{
+			name:           "200 everything's okay",
+			wantStatusCode: http.StatusOK,
+			handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				http.Error(w, "HTTP 200, everything is okay :)", http.StatusOK)
+			}),
+		},
+		{
+			name:           "500 internal error",
+			wantStatusCode: http.StatusInternalServerError,
+			handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				http.Error(w, "HTTP 500, the world is on fire", http.StatusInternalServerError)
+			}),
+		},
+	}
+
+	for _, cs := range cases {
+		t.Run(cs.name, func(t *testing.T) {
+			ts := httptest.NewServer(cs.handler)
+			defer ts.Close()
+
+			cc := &ClientConfig{
+				ConnType:   "tcp",
+				ServerAddr: l.Addr().String(),
+				Token:      token,
+				BackendURL: ts.URL,
+				Domain:     domain,
+
+				forceTCPClear: true,
+			}
+
+			c, err := NewClient(cc)
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			go c.Connect(ctx) // TODO: fix the client library so this ends up actually getting cleaned up
+
+			time.Sleep(125 * time.Millisecond)
+
+			req, err := http.NewRequest("GET", "http://cetacean.club/", nil)
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			resp, err := s.RoundTrip(req)
+			if err != nil {
+				t.Fatalf("error in doing round trip: %v", err)
+			}
+
+			if cs.wantStatusCode != resp.StatusCode {
+				resp.Write(os.Stdout)
+				t.Fatalf("got status %d instead of %d", resp.StatusCode, cs.wantStatusCode)
+			}
+		})
+	}
+}
+
+func setupTestServer() (*Server, *mockStorage, net.Listener, error) {
+	st := MockStorage()
+
+	st.AddRoute(domain, user)
+	st.AddToken(token, user, []string{"connect"})
+
+	s, err := NewServer(&ServerConfig{
+		Storage: st,
+	})
+	if err != nil {
+		return nil, nil, nil, err
+	}
+	defer s.Close()
+
+	l, err := net.Listen("tcp", "127.0.0.1:0")
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	go s.Listen(l, false)
+
+	return s, st, l, nil
+}
+
+func BenchmarkHTTP200(b *testing.B) {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	s, _, l, err := setupTestServer()
+	if err != nil {
+		b.Fatal(err)
+	}
+	defer s.Close()
+	defer l.Close()
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}))
+	defer ts.Close()
+
+	cc := &ClientConfig{
+		ConnType:   "tcp",
+		ServerAddr: l.Addr().String(),
+		Token:      token,
+		BackendURL: ts.URL,
+		Domain:     domain,
+
+		forceTCPClear: true,
+	}
+
+	c, err := NewClient(cc)
+	if err != nil {
+		b.Fatal(err)
+	}
+
+	go c.Connect(ctx) // TODO: fix the client library so this ends up actually getting cleaned up
+
+	for {
+		r := s.GetBackendsForDomain(domain)
+		if len(r) == 0 {
+			time.Sleep(125 * time.Millisecond)
+			continue
+		}
+
+		break
+	}
+
+	req, err := http.NewRequest("GET", "http://cetacean.club/", nil)
+	if err != nil {
+		b.Fatal(err)
+	}
+
+	_, err = s.RoundTrip(req)
+	if err != nil {
+		b.Fatalf("got error on initial request exchange: %v", err)
+	}
+
+	for n := 0; n < b.N; n++ {
+		resp, err := s.RoundTrip(req)
+		if err != nil {
+			b.Fatalf("got error on %d: %v", n, err)
+		}
+
+		if resp.StatusCode != http.StatusOK {
+			b.Fail()
+			b.Logf("got %d instead of 200", resp.StatusCode)
+		}
+	}
+}

internal/tun2/storage_test.go

@@ -0,0 +1,99 @@
+package tun2
+
+import (
+	"errors"
+	"sync"
+	"testing"
+)
+
+func MockStorage() *mockStorage {
+	return &mockStorage{
+		tokens:  make(map[string]mockToken),
+		domains: make(map[string]string),
+	}
+}
+
+type mockToken struct {
+	user   string
+	scopes []string
+}
+
+// mockStorage is a simple mock of the Storage interface suitable for testing.
+type mockStorage struct {
+	sync.Mutex
+	tokens  map[string]mockToken
+	domains map[string]string
+}
+
+func (ms *mockStorage) AddToken(token, user string, scopes []string) {
+	ms.Lock()
+	defer ms.Unlock()
+
+	ms.tokens[token] = mockToken{user: user, scopes: scopes}
+}
+
+func (ms *mockStorage) AddRoute(domain, user string) {
+	ms.Lock()
+	defer ms.Unlock()
+
+	ms.domains[domain] = user
+}
+
+func (ms *mockStorage) HasToken(token string) (string, []string, error) {
+	ms.Lock()
+	defer ms.Unlock()
+
+	tok, ok := ms.tokens[token]
+	if !ok {
+		return "", nil, errors.New("no such token")
+	}
+
+	return tok.user, tok.scopes, nil
+}
+
+func (ms *mockStorage) HasRoute(domain string) (string, error) {
+	ms.Lock()
+	defer ms.Unlock()
+
+	user, ok := ms.domains[domain]
+	if !ok {
+		return "", errors.New("no such route")
+	}
+
+	return user, nil
+}
+
+func TestMockStorage(t *testing.T) {
+	ms := MockStorage()
+
+	t.Run("token", func(t *testing.T) {
+		ms.AddToken(token, user, []string{"connect"})
+
+		us, sc, err := ms.HasToken(token)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if us != user {
+			t.Fatalf("username was %q, expected %q", us, user)
+		}
+
+		if sc[0] != "connect" {
+			t.Fatalf("token expected to only have one scope, connect")
+		}
+	})
+
+	t.Run("domain", func(t *testing.T) {
+		ms.AddRoute(domain, user)
+
+		us, err := ms.HasRoute(domain)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if us != user {
+			t.Fatalf("username was %q, expected %q", us, user)
+		}
+	})
+
+}

lib/tun2/server.go

@@ -1,421 +0,0 @@
-package tun2
-
-import (
-	"context"
-	"crypto/tls"
-	"encoding/json"
-	"errors"
-	"math/rand"
-	"net"
-	"net/http"
-	"sync"
-	"time"
-
-	"github.com/Xe/ln"
-	failure "github.com/dgryski/go-failure"
-	"github.com/mtneug/pkg/ulid"
-	cmap "github.com/streamrail/concurrent-map"
-	kcp "github.com/xtaci/kcp-go"
-	"github.com/xtaci/smux"
-)
-
-// Error values
-var (
-	ErrNoSuchBackend             = errors.New("tun2: there is no such backend")
-	ErrAuthMismatch              = errors.New("tun2: authenication doesn't match database records")
-	ErrCantRemoveWhatDoesntExist = errors.New("tun2: this connection does not exist, cannot remove it")
-)
-
-// ServerConfig ...
-type ServerConfig struct {
-	TCPAddr   string
-	KCPAddr   string
-	TLSConfig *tls.Config
-
-	SmuxConf *smux.Config
-	Storage  Storage
-}
-
-// Storage is the minimal subset of features that tun2's Server needs out of a
-// persistence layer.
-type Storage interface {
-	HasToken(token string) (user string, scopes []string, err error)
-	HasRoute(domain string) (user string, err error)
-}
-
-// Server routes frontend HTTP traffic to backend TCP traffic.
-type Server struct {
-	cfg *ServerConfig
-
-	connlock sync.Mutex
-	conns    map[net.Conn]*Connection
-
-	domains cmap.ConcurrentMap
-}
-
-// NewServer creates a new Server instance with a given config, acquiring all
-// relevant resources.
-func NewServer(cfg *ServerConfig) (*Server, error) {
-	if cfg == nil {
-		return nil, errors.New("tun2: config must be specified")
-	}
-
-	if cfg.SmuxConf == nil {
-		cfg.SmuxConf = smux.DefaultConfig()
-	}
-
-	cfg.SmuxConf.KeepAliveInterval = time.Second
-	cfg.SmuxConf.KeepAliveTimeout = 15 * time.Second
-
-	server := &Server{
-		cfg: cfg,
-
-		conns:   map[net.Conn]*Connection{},
-		domains: cmap.New(),
-	}
-
-	return server, nil
-}
-
-// ListenAndServe starts the backend TCP/KCP listeners and relays backend
-// traffic to and from them.
-func (s *Server) ListenAndServe() error {
-	ln.Log(ln.F{
-		"action": "listen_and_serve_called",
-	})
-
-	if s.cfg.TCPAddr != "" {
-		go func() {
-			l, err := tls.Listen("tcp", s.cfg.TCPAddr, s.cfg.TLSConfig)
-			if err != nil {
-				panic(err)
-			}
-
-			ln.Log(ln.F{
-				"action": "tcp+tls_listening",
-				"addr":   l.Addr(),
-			})
-
-			for {
-				conn, err := l.Accept()
-				if err != nil {
-					ln.Error(err, ln.F{"kind": "tcp", "addr": l.Addr().String()})
-					continue
-				}
-
-				ln.Log(ln.F{
-					"action": "new_client",
-					"kcp":    false,
-					"addr":   conn.RemoteAddr(),
-				})
-
-				go s.HandleConn(conn, false)
-			}
-		}()
-	}
-
-	if s.cfg.KCPAddr != "" {
-		go func() {
-			l, err := kcp.Listen(s.cfg.KCPAddr)
-			if err != nil {
-				panic(err)
-			}
-
-			ln.Log(ln.F{
-				"action": "kcp+tls_listening",
-				"addr":   l.Addr(),
-			})
-
-			for {
-				conn, err := l.Accept()
-				if err != nil {
-					ln.Error(err, ln.F{"kind": "kcp", "addr": l.Addr().String()})
-				}
-
-				ln.Log(ln.F{
-					"action": "new_client",
-					"kcp":    true,
-					"addr":   conn.RemoteAddr(),
-				})
-
-				tc := tls.Server(conn, s.cfg.TLSConfig)
-
-				go s.HandleConn(tc, true)
-			}
-		}()
-	}
-
-	// XXX experimental, might get rid of this inside this process
-	go func() {
-		for {
-			time.Sleep(time.Second)
-
-			now := time.Now()
-
-			s.connlock.Lock()
-			for _, c := range s.conns {
-				failureChance := c.detector.Phi(now)
-
-				if failureChance != 0 {
-					ln.Log(c.F(), ln.F{
-						"action": "phi_failure_detection",
-						"value":  failureChance,
-					})
-				}
-			}
-			s.connlock.Unlock()
-		}
-	}()
-
-	return nil
-}
-
-// HandleConn starts up the needed mechanisms to relay HTTP traffic to/from
-// the currently connected backend.
-func (s *Server) HandleConn(c net.Conn, isKCP bool) {
-	// XXX TODO clean this up it's really ugly.
-	defer c.Close()
-
-	ctx, cancel := context.WithCancel(context.Background())
-	defer cancel()
-
-	session, err := smux.Server(c, s.cfg.SmuxConf)
-	if err != nil {
-		ln.Error(err, ln.F{
-			"action": "session_failure",
-			"local":  c.LocalAddr().String(),
-			"remote": c.RemoteAddr().String(),
-		})
-
-		c.Close()
-
-		return
-	}
-	defer session.Close()
-
-	controlStream, err := session.OpenStream()
-	if err != nil {
-		ln.Error(err, ln.F{
-			"action": "control_stream_failure",
-			"local":  c.LocalAddr().String(),
-			"remote": c.RemoteAddr().String(),
-		})
-
-		return
-	}
-	defer controlStream.Close()
-
-	csd := json.NewDecoder(controlStream)
-	auth := &Auth{}
-	err = csd.Decode(auth)
-	if err != nil {
-		ln.Error(err, ln.F{
-			"action": "control_stream_auth_decoding_failure",
-			"local":  c.LocalAddr().String(),
-			"remote": c.RemoteAddr().String(),
-		})
-
-		return
-	}
-
-	routeUser, err := s.cfg.Storage.HasRoute(auth.Domain)
-	if err != nil {
-		ln.Error(err, ln.F{
-			"action": "nosuch_domain",
-			"local":  c.LocalAddr().String(),
-			"remote": c.RemoteAddr().String(),
-		})
-
-		return
-	}
-
-	tokenUser, scopes, err := s.cfg.Storage.HasToken(auth.Token)
-	if err != nil {
-		ln.Error(err, ln.F{
-			"action": "nosuch_token",
-			"local":  c.LocalAddr().String(),
-			"remote": c.RemoteAddr().String(),
-		})
-
-		return
-	}
-
-	ok := false
-	for _, sc := range scopes {
-		if sc == "connect" {
-			ok = true
-			break
-		}
-	}
-
-	if !ok {
-		ln.Error(ErrAuthMismatch, ln.F{
-			"action": "token_not_authorized",
-			"local":  c.LocalAddr().String(),
-			"remote": c.RemoteAddr().String(),
-		})
-	}
-
-	if routeUser != tokenUser {
-		ln.Error(ErrAuthMismatch, ln.F{
-			"action": "auth_mismatch",
-			"local":  c.LocalAddr().String(),
-			"remote": c.RemoteAddr().String(),
-		})
-
-		return
-	}
-
-	connection := &Connection{
-		id:       ulid.New().String(),
-		conn:     c,
-		isKCP:    isKCP,
-		session:  session,
-		user:     tokenUser,
-		domain:   auth.Domain,
-		cancel:   cancel,
-		detector: failure.New(15, 1),
-		Auth:     auth,
-	}
-
-	ln.Log(ln.F{
-		"action": "backend_connected",
-	}, connection.F())
-
-	s.connlock.Lock()
-	s.conns[c] = connection
-	s.connlock.Unlock()
-
-	var conns []*Connection
-
-	val, ok := s.domains.Get(auth.Domain)
-	if ok {
-		conns, ok = val.([]*Connection)
-		if !ok {
-			conns = nil
-
-			s.domains.Remove(auth.Domain)
-		}
-	}
-
-	conns = append(conns, connection)
-
-	s.domains.Set(auth.Domain, conns)
-
-	ticker := time.NewTicker(5 * time.Second)
-	defer ticker.Stop()
-
-	for {
-		select {
-		case <-ticker.C:
-			err := connection.Ping()
-			if err != nil {
-				cancel()
-			}
-		case <-ctx.Done():
-			s.RemoveConn(connection)
-			connection.Close()
-
-			return
-		}
-	}
-}
-
-// RemoveConn removes a connection.
-func (s *Server) RemoveConn(connection *Connection) {
-	s.connlock.Lock()
-	delete(s.conns, connection.conn)
-	s.connlock.Unlock()
-
-	auth := connection.Auth
-
-	var conns []*Connection
-
-	val, ok := s.domains.Get(auth.Domain)
-	if ok {
-		conns, ok = val.([]*Connection)
-		if !ok {
-			ln.Error(ErrCantRemoveWhatDoesntExist, connection.F(), ln.F{
-				"action": "looking_up_for_disconnect_removal",
-			})
-			return
-		}
-	}
-
-	for i, cntn := range conns {
-		if cntn.id == connection.id {
-			conns[i] = conns[len(conns)-1]
-			conns = conns[:len(conns)-1]
-		}
-	}
-
-	if len(conns) != 0 {
-		s.domains.Set(auth.Domain, conns)
-	} else {
-		s.domains.Remove(auth.Domain)
-	}
-
-	ln.Log(connection.F(), ln.F{
-		"action": "client_disconnecting",
-	})
-}
-
-// RoundTrip sends a HTTP request to a backend and then returns its response.
-func (s *Server) RoundTrip(req *http.Request) (*http.Response, error) {
-	var conns []*Connection
-
-	val, ok := s.domains.Get(req.Host)
-	if ok {
-		conns, ok = val.([]*Connection)
-		if !ok {
-			ln.Error(ErrNoSuchBackend, ln.F{
-				"action": "no_backend_connected",
-				"remote": req.RemoteAddr,
-				"host":   req.Host,
-				"uri":    req.RequestURI,
-			})
-
-			return nil, ErrNoSuchBackend
-		}
-	}
-
-	if len(conns) == 0 {
-		ln.Error(ErrNoSuchBackend, ln.F{
-			"action": "no_backend_connected",
-			"remote": req.RemoteAddr,
-			"host":   req.Host,
-			"uri":    req.RequestURI,
-		})
-
-		return nil, ErrNoSuchBackend
-	}
-
-	c := conns[rand.Intn(len(conns))]
-
-	resp, err := c.RoundTrip(req)
-	if err != nil {
-		ln.Error(err, c.F(), ln.F{
-			"action": "connection_roundtrip",
-		})
-
-		defer c.cancel()
-		return nil, err
-	}
-
-	ln.Log(c.F(), ln.F{
-		"action":      "http_traffic",
-		"remote_addr": req.RemoteAddr,
-		"host":        req.Host,
-		"uri":         req.RequestURI,
-	})
-
-	return resp, nil
-}
-
-// Auth is the authentication info the client passes to the server.
-type Auth struct {
-	Token  string `json:"token"`
-	Domain string `json:"domain"`
-}
-
-const defaultUser = "Cadey"

mage.go

@@ -4,72 +4,103 @@ package main
 
 import (
 	"context"
-	"log"
+	"fmt"
+	"io/ioutil"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"runtime"
 
 	"github.com/jtolds/qod"
+	"github.com/magefile/mage/mg"
+	"github.com/olekukonko/tablewriter"
 )
 
 var wd string
+var arches []string
+var bins []string
+var tools []string
 
 func init() {
 	lwd, err := os.Getwd()
 	qod.ANE(err)
 
 	wd = lwd
+
+	arches = []string{"amd64", "ppc64", "386", "arm", "arm64"}
+	bins = []string{"route-httpagent", "route-cli", "routed", "terraform-provider-route", "construct"}
+	tools = []string{
+		"github.com/golang/dep/cmd/dep",
+		"github.com/golang/protobuf/protoc-gen-go",
+		"github.com/twitchtv/twirp/protoc-gen-twirp",
+		"github.com/Xe/twirp-codegens/cmd/protoc-gen-twirp_eclier",
+		"github.com/jteeuwen/go-bindata/go-bindata",
+	}
 }
 
 const pkgBase = "git.xeserv.us/xena/route/"
 
-func shouldWork(ctx context.Context, env []string, dir string, cmdName string, args ...string) {
-	loc, err := exec.LookPath(cmdName)
-	qod.ANE(err)
-
-	cmd := exec.CommandContext(ctx, loc, args...)
-	cmd.Dir = dir
-	cmd.Env = append(env, os.Environ()...)
-
-	cmd.Stdout = os.Stdout
-	cmd.Stderr = os.Stderr
-
-	log.Printf("starting process, env: %v, pwd: %s, cmd: %s, args: %v", env, dir, loc, args)
-	err = cmd.Run()
-	qod.ANE(err)
-}
-
-func goBuild(ctx context.Context, env []string, dir string, pkgname string) {
-	shouldWork(ctx, env, dir, "go", "build", pkgBase+pkgname)
-}
-
-func goBuildPlugin(ctx context.Context, dir, pkgname, fname string) {
-	if runtime.GOOS != "linux" {
-		qod.Printlnf("plugins don't work on non-linux machines yet :(")
-		return
-	}
-
-	shouldWork(ctx, nil, dir, "go", "build", "-buildmode=plugin", "-o=fname", pkgBase+pkgname)
-}
-
-// Build builds the binaries for route and routed.
-func Build() {
+func buildBins(goos, goarch string) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
 	d := filepath.Join(wd, "./bin")
 
-	for _, goos := range []string{"linux", "darwin", "windows"} {
+	os.MkdirAll(filepath.Join(d, goos, goarch), 0777)
 
-		os.Mkdir(filepath.Join(d, goos), 0777)
-		for _, pkg := range []string{"route-httpagent", "route", "routed"} {
-			goBuild(ctx, append(os.Environ(), "GOOS="+goos), filepath.Join(d, goos), "cmd/"+pkg)
-			qod.Printlnf("built binary for %s for os %s", pkg, goos)
-		}
+	for _, pkg := range bins {
+		env := []string{"GOOS=" + goos, "GOARCH=" + goarch}
+		goBuild(ctx, env, filepath.Join(d, goos, goarch), "cmd/"+pkg)
+		goInstall(ctx, env, "cmd/"+pkg)
+
+		qod.Printlnf("built binary for %s for %s/%s", pkg, goos, goarch)
 	}
 }
 
+// Dep reruns `dep`.
+func Dep() {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	shouldWork(ctx, nil, wd, "dep", "ensure", "-update")
+	shouldWork(ctx, nil, wd, "dep", "prune")
+}
+
+// Docker builds docker images
+func Docker() {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	ver, err := gitTag()
+	qod.ANE(err)
+
+	shouldWork(ctx, nil, wd, "docker", "build", "-t", "xena/route-core", ".")
+	shouldWork(ctx, nil, wd+"/run", "docker", "build", "-t", "xena/routed:"+ver, "-f", "Dockerfile.routed", ".")
+	shouldWork(ctx, nil, wd+"/run", "docker", "build", "-t", "xena/route-httpagent:"+ver, "-f", "Dockerfile.agent", ".")
+}
+
+// Linux builds binaries for linux
+func Linux() {
+	for _, arch := range arches {
+		buildBins("linux", arch)
+	}
+	Plugin()
+}
+
+// Windows builds binaries for windows
+func Windows() {
+	buildBins("windows", "amd64")
+}
+
+// Darwin builds binaries for darwin
+func Darwin() {
+	buildBins("darwin", "amd64")
+}
+
+// Build builds the binaries for route and routed.
+func Build() {
+	buildBins(runtime.GOOS, runtime.GOARCH)
+}
+
 // Plugin builds all of the plugins for programs wanting to augment themselves with route.
 func Plugin() {
 	ctx, cancel := context.WithCancel(context.Background())
@@ -77,3 +108,91 @@ func Plugin() {
 
 	goBuildPlugin(ctx, filepath.Join(wd, "./bin/linux"), "plugins/autohttpagent", "autohttpagent.so")
 }
+
+// Package builds all binaries for all platforms and assembles a package of
+// documentation, useful tools and all route components.
+func Package() {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	os.RemoveAll("./bin/darwin")
+	os.RemoveAll("./bin/linux")
+	os.RemoveAll("./bin/windows")
+
+	mg.Deps(Linux, Windows, Darwin)
+
+	ver, err := gitTag()
+	qod.ANE(err)
+
+	for _, arch := range arches {
+		for _, osname := range []string{"linux", "windows", "darwin"} {
+			if arch != "amd64" && osname != "linux" {
+				continue
+			}
+
+			dir, err := ioutil.TempDir("", "route-package-"+osname+"-"+arch)
+			qod.ANE(err)
+			qod.Printlnf("%s", dir)
+
+			for _, file := range []string{"route-cli", "route-httpagent", "routed"} {
+				if osname == "windows" {
+					file = file + ".exe"
+				}
+				shouldWork(ctx, nil, filepath.Join(wd, "bin", osname, arch), "cp", "-rf", file, dir)
+			}
+
+			shouldWork(ctx, nil, wd, "cp", "-rf", "doc", dir)
+			shouldWork(ctx, nil, wd, "cp", "-rf", "README.md", dir)
+			shouldWork(ctx, nil, wd, "cp", "-rf", "LICENSE", dir)
+			shouldWork(ctx, nil, wd, "cp", "-rf", "Gopkg.lock", dir)
+
+			shouldWork(ctx, nil, dir, "tar", "czf", filepath.Join(wd, "bin", fmt.Sprintf("route-%s-%s-%s.tar.gz", ver, osname, arch)), ".")
+		}
+	}
+}
+
+// Version is the version as git reports.
+func Version() {
+	ver, err := gitTag()
+	qod.ANE(err)
+	qod.Printlnf("route-%s", ver)
+}
+
+// Test runs all of the functional and unit tests for the project.
+func Test() {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	shouldWork(ctx, nil, wd, "go", "test", "-v", "./...")
+}
+
+// Tools installs all of the needed tools for the project.
+func Tools(ctx context.Context) {
+	for _, t := range tools {
+		shouldWork(ctx, nil, wd, "go", "get", "-v", "-u", t)
+	}
+}
+
+// Generate runs code generators and the like.
+func Generate(ctx context.Context) {
+	dir := filepath.Join(wd, "proto")
+
+	shouldWork(ctx, nil, dir, "sh", "./regen.sh")
+	shouldWork(ctx, nil, filepath.Join(dir, "eclier"), "go-bindata", "-pkg", "edata", "-ignore", "bindata.go", ".")
+}
+
+// Vars shows the various variables that this magefile uses.
+func Vars() {
+	table := tablewriter.NewWriter(os.Stdout)
+
+	table.SetHeader([]string{"key", "value"})
+
+	table.Append([]string{"arches", fmt.Sprint(arches)})
+	table.Append([]string{"bins", fmt.Sprint(bins)})
+	table.Append([]string{"goarch", runtime.GOARCH})
+	table.Append([]string{"goos", runtime.GOOS})
+	table.Append([]string{"tools", fmt.Sprint(tools)})
+	table.Append([]string{"wd", wd})
+
+	table.Render()
+}

mage_helpers.go

@@ -0,0 +1,107 @@
+// +build mage
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
+
+	"github.com/jtolds/qod"
+	"github.com/kr/fs"
+	"github.com/pkg/errors"
+	"layeh.com/asar"
+)
+
+func output(cmd string, args ...string) (string, error) {
+	c := exec.Command(cmd, args...)
+	c.Env = os.Environ()
+	c.Stderr = os.Stderr
+	b, err := c.Output()
+	if err != nil {
+		return "", errors.Wrapf(err, `failed to run %v %q`, cmd, args)
+	}
+	return string(b), nil
+}
+
+func gitTag() (string, error) {
+	s, err := output("git", "describe", "--tags")
+	if err != nil {
+		ee, ok := errors.Cause(err).(*exec.ExitError)
+		if ok && ee.Exited() {
+			// probably no git tag
+			return "dev", nil
+		}
+		return "", err
+	}
+
+	return strings.TrimSuffix(s, "\n"), nil
+}
+
+func shouldWork(ctx context.Context, env []string, dir string, cmdName string, args ...string) {
+	loc, err := exec.LookPath(cmdName)
+	qod.ANE(err)
+
+	cmd := exec.CommandContext(ctx, loc, args...)
+	cmd.Dir = dir
+	cmd.Env = append(env, os.Environ()...)
+
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+
+	log.Printf("starting process, env: %v, pwd: %s, cmd: %s, args: %v", env, dir, loc, args)
+	err = cmd.Run()
+	qod.ANE(err)
+}
+
+func goBuild(ctx context.Context, env []string, dir string, pkgname string) {
+	shouldWork(ctx, env, dir, "go", "build", "-v", pkgBase+pkgname)
+}
+
+func goInstall(ctx context.Context, env []string, pkgname string) {
+	shouldWork(ctx, nil, wd, "go", "install", pkgBase+pkgname)
+}
+
+func goBuildPlugin(ctx context.Context, dir, pkgname, fname string) {
+	if runtime.GOOS != "linux" {
+		qod.Printlnf("plugins don't work on non-linux machines yet :(")
+		return
+	}
+
+	shouldWork(ctx, nil, dir, "go", "build", "-v", "-buildmode=plugin", "-o="+fname, pkgBase+pkgname)
+	qod.Printlnf("built %s for %s", fname, runtime.GOOS)
+}
+
+func asarPack(dir string) (*asar.Entry, error) {
+	b := &asar.Builder{}
+
+	w := fs.Walk(dir)
+	for w.Step() {
+		if err := w.Err(); err != nil {
+			fmt.Printf("walk error: %v\n", err)
+			continue
+		}
+
+		p := w.Path()
+		st := w.Stat()
+
+		if st.IsDir() {
+			w.SkipDir()
+		}
+
+		fin, err := os.Open(p)
+		if err != nil {
+			return nil, err
+		}
+		defer fin.Close()
+
+		b.Add(filepath.Base(p), fin, st.Size(), asar.FlagNone)
+	}
+
+	return b.Root(), nil
+}

plugins/autohttpagent/main.go

@@ -1,12 +1,15 @@
+// +build linux
+
 package main
 
 import (
+	"context"
 	"crypto/tls"
 	"log"
 	"os"
 	"time"
 
-	"git.xeserv.us/xena/route/lib/tun2"
+	"git.xeserv.us/xena/route/internal/tun2"
 	"github.com/Xe/ln"
 )
 
@@ -29,8 +32,11 @@ func mustEnv(key string, def string) string {
 	return val
 }
 
-func doHttpAgent() {
+func doHTTPAgent() {
 	go func() {
+		ctx, cancel := context.WithCancel(context.Background())
+		defer cancel()
+
 		cfg := &tun2.ClientConfig{
 			TLSConfig:  &tls.Config{},
 			ConnType:   connMethod,
@@ -41,19 +47,17 @@ func doHttpAgent() {
 		}
 
 		client, _ := tun2.NewClient(cfg)
-		err := client.Connect()
+		err := client.Connect(ctx)
 		if err != nil {
-			ln.Error(err, ln.F{
-				"action": "client_running",
-			})
+			ln.Error(ctx, err, ln.Action("client connection error, restarting"))
 
 			time.Sleep(5 * time.Second)
 
-			doHttpAgent()
+			doHTTPAgent()
 		}
 	}()
 }
 
 func init() {
-	doHttpAgent()
+	doHTTPAgent()
 }

plugins/autohttpagent/main_test.go

@@ -0,0 +1,3 @@
+package main
+
+func main() {}

proto/client/.#client.go

@@ -1 +0,0 @@
-xena@greedo.xeserv.us.17867:1486865539

proto/client/doc.go

@@ -1,2 +0,0 @@
-// Package client is a higer level convenience wrapper around the RPC layer for route.
-package client

proto/eclier/bindata.go

@@ -0,0 +1,465 @@
+// Code generated by go-bindata.
+// sources:
+// route_twirp_eclier_backends_kill.lua
+// route_twirp_eclier_backends_list.lua
+// route_twirp_eclier_routes_delete.lua
+// route_twirp_eclier_routes_get.lua
+// route_twirp_eclier_routes_get_all.lua
+// route_twirp_eclier_routes_put.lua
+// route_twirp_eclier_tokens_deactivate.lua
+// route_twirp_eclier_tokens_delete.lua
+// route_twirp_eclier_tokens_get.lua
+// route_twirp_eclier_tokens_get_all.lua
+// route_twirp_eclier_tokens_put.lua
+// DO NOT EDIT!
+
+package edata
+
+import (
+	"bytes"
+	"compress/gzip"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+)
+
+func bindataRead(data []byte, name string) ([]byte, error) {
+	gz, err := gzip.NewReader(bytes.NewBuffer(data))
+	if err != nil {
+		return nil, fmt.Errorf("Read %q: %v", name, err)
+	}
+
+	var buf bytes.Buffer
+	_, err = io.Copy(&buf, gz)
+	clErr := gz.Close()
+
+	if err != nil {
+		return nil, fmt.Errorf("Read %q: %v", name, err)
+	}
+	if clErr != nil {
+		return nil, err
+	}
+
+	return buf.Bytes(), nil
+}
+
+type asset struct {
+	bytes []byte
+	info  os.FileInfo
+}
+
+type bindataFileInfo struct {
+	name    string
+	size    int64
+	mode    os.FileMode
+	modTime time.Time
+}
+
+func (fi bindataFileInfo) Name() string {
+	return fi.name
+}
+func (fi bindataFileInfo) Size() int64 {
+	return fi.size
+}
+func (fi bindataFileInfo) Mode() os.FileMode {
+	return fi.mode
+}
+func (fi bindataFileInfo) ModTime() time.Time {
+	return fi.modTime
+}
+func (fi bindataFileInfo) IsDir() bool {
+	return false
+}
+func (fi bindataFileInfo) Sys() interface{} {
+	return nil
+}
+
+var _route_twirp_eclier_backends_killLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x5c\x52\x4d\x6b\xdc\x30\x10\xbd\xeb\x57\x3c\x74\xb2\x21\x36\xdb\x43\x2f\x0b\xbe\xb4\xc9\x21\x50\x1a\x28\xe9\xa9\x84\xa2\x95\xc7\xb6\x58\xaf\xe4\xce\x48\x4e\xfa\xef\x8b\xe4\xec\x47\x73\x30\x58\x7a\xef\xcd\x7b\x33\xa3\xa6\xc1\xd7\xd0\x13\x46\xf2\xc4\x26\x52\x8f\xc3\x5f\x2c\x1c\x62\xb0\xcd\x48\xbe\x89\xaf\x8e\x97\xdf\x64\x67\x47\x8c\xf5\x73\xbb\x6b\x77\xf7\x4f\xf8\xfe\xf4\x8c\x87\xfb\xc7\x67\xd5\x34\x90\x90\xd8\xd2\x1e\x1c\x52\xa4\xb6\x48\x95\x12\xcb\x6e\x89\xed\x4a\x7c\x40\x07\x7d\x30\xf6\x48\xbe\x97\xfd\xd1\xcd\xb3\x3e\xa3\x13\xcd\x4b\x46\x1f\xde\xc8\xa6\x48\x82\x13\xc5\x29\xf4\xc8\x24\x04\x0f\x21\x5e\x9d\x25\x9c\xd5\x18\x02\xa3\x04\xc2\x62\xec\xd1\x8c\x84\x37\xca\xa4\x36\x49\xbb\xd9\x9f\xa9\x17\x0f\x93\xe2\x14\x38\xbb\x9c\x8c\x9d\x9c\xa7\xe6\xd2\xa9\xbe\x49\x29\x2e\xf8\x4c\xda\x3a\xbc\x20\x49\xb2\x49\x07\xad\x95\x9a\x83\x35\x33\x86\xd9\x8c\xe8\xc0\xf4\x27\x39\x26\xe8\x7c\xd6\xef\x98\xac\xf6\x16\x92\xd5\x5e\x65\x82\xae\x68\x5b\x4f\xaf\x55\xad\xf2\xe0\xf2\x71\xeb\xe9\xcb\x96\xfa\xb1\x57\x83\xec\x25\xb2\xf3\x63\xa5\x5d\xaf\xef\xa0\xf3\xb7\x9a\x39\x51\x21\x9e\x48\x4a\x22\xc3\x23\x5c\xaf\x6b\xf5\x31\xe8\x20\xfb\xf2\x9b\x2d\x86\xe4\x6d\xcc\x7d\x71\xf2\x95\xe1\xb1\x56\x80\x1b\xb2\xf6\xd7\xa7\x17\x74\x1d\x74\x93\x37\xa0\x11\xf8\xbf\xcb\xf7\xdb\x38\x91\x57\x00\xb0\xb0\xf3\xb1\xba\x56\xae\xcb\x2d\x53\x4c\x9c\x09\xe4\x7b\xa5\x50\x2a\xec\x5e\xd0\xe1\x66\xf5\x0a\xb8\x4e\x4d\xb6\x78\x8b\x61\xa1\x2d\xce\x05\x66\x92\xfc\x10\x64\xb5\x65\x3c\x66\x71\x3f\x7f\x7c\xbb\x43\x0c\x47\xf2\xf5\xfe\xbc\xd3\xaa\x2e\xcf\xa7\x2a\xc5\x6a\xa5\xb2\xf1\xbf\x00\x00\x00\xff\xff\x9b\x1b\x96\x37\xbf\x02\x00\x00")
+
+func route_twirp_eclier_backends_killLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_backends_killLua,
+		"route_twirp_eclier_backends_kill.lua",
+	)
+}
+
+func route_twirp_eclier_backends_killLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_backends_killLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_backends_kill.lua", size: 703, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_backends_listLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x7c\x52\xc1\x6e\xdb\x3a\x10\xbc\xf3\x2b\x06\x3c\x59\x40\x24\xe4\x1d\xde\x45\x80\x2e\x6d\x72\x28\x50\x34\x40\x9b\x9e\x9a\xa0\xa0\xa9\x95\x4c\x44\x26\xd5\x5d\x52\x49\xff\xbe\x20\x65\xd9\x6e\x81\xf6\x60\xc0\xdc\x99\xd9\x9d\x5d\x4d\x5d\xe3\x7d\xe8\x09\x23\x79\x62\x13\xa9\xc7\xfe\x27\x66\x0e\x31\xd8\x7a\x24\x5f\xc7\x57\xc7\xf3\x77\xb2\x93\x23\xc6\xf2\x7f\x73\xdb\xdc\xde\x3d\xe0\xd3\xc3\x23\xee\xef\x3e\x3c\xaa\xba\x86\x84\xc4\x96\x5a\x70\x48\x91\x9a\x22\x55\x4a\x2c\xbb\x39\x36\x0b\xf1\x1e\x1d\xf4\xde\xd8\x17\xf2\xbd\xb4\x93\x93\xa8\x37\xf4\x40\xd3\x9c\xd1\xfb\x37\xb2\x29\x92\xe0\x48\xf1\x10\x7a\x64\x12\x82\x87\x10\x2f\xce\x12\x36\x35\x86\xc0\x28\x86\x30\x1b\xfb\x62\x46\xc2\x1b\x65\x52\x93\xa4\x59\xc7\x6f\xd4\xf3\x0c\x93\xe2\x21\x70\x9e\x72\x34\xf6\xe0\x3c\xd5\xe7\x4d\xf5\x95\x4b\x71\xc1\x67\xd2\xba\xe1\x19\x49\x92\x87\x74\xd0\x5a\xa9\x29\x58\x33\x61\x98\xcc\x88\x0e\x4c\x3f\x92\x63\x82\xce\x6f\x7d\xc2\x64\xb1\xd7\x90\x2c\xf6\x22\x13\x74\x45\xdb\x78\x7a\xdd\x55\x2a\x1f\x2e\x3f\xd7\x9d\xde\xad\xae\xbf\xd0\x44\x36\x06\x56\x83\xb4\x12\xd9\xf9\x71\xa7\xfb\x70\x34\xce\xeb\x1b\xe8\xfc\x5b\xcc\x94\xa8\x48\x8e\x24\xc5\x9b\xe1\x11\x27\x4e\x75\xad\x4b\x42\xfc\x6f\x55\x61\x54\xea\xcf\x55\x07\x69\xcb\xdf\x6c\x72\x48\xde\xc6\x7c\x19\x4e\x7e\x67\x78\xac\x14\xe0\x86\xac\xfe\xf6\xdf\x33\xba\x0e\xba\xce\xdf\x50\x23\xf0\x6f\xc5\x53\x35\x1e\xc8\x2b\x00\x98\xd9\xf9\xb8\xbb\x74\xae\x4a\x95\x29\x26\xce\x04\xf2\xbd\x52\x28\x1d\x6e\x9f\xd1\xe1\x2a\x3c\x0a\xb8\xdc\x5d\x56\x7b\xb3\x61\xa1\xd5\xce\x19\x66\x92\x1c\x25\x59\x6c\x39\xb0\x99\xdd\xd7\xcf\x1f\x6f\x10\xc3\x0b\xf9\xaa\xdd\x52\xb1\xab\x4a\x00\x77\xa5\x59\x51\xaf\xce\xf4\x5e\xda\xa7\xf8\x14\x35\x9a\x06\x31\x9c\x6e\x98\x7b\x36\x7b\x29\x6e\x37\xde\x96\xe3\xbf\xb1\x4f\x78\x55\xa9\xbc\xd4\xaf\x00\x00\x00\xff\xff\x5b\x4a\x7f\xf6\x5d\x03\x00\x00")
+
+func route_twirp_eclier_backends_listLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_backends_listLua,
+		"route_twirp_eclier_backends_list.lua",
+	)
+}
+
+func route_twirp_eclier_backends_listLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_backends_listLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_backends_list.lua", size: 861, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_routes_deleteLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x7c\x52\x4f\x6b\xdc\x3e\x10\xbd\xeb\x53\x3c\x74\xb2\x21\x36\xfb\x3b\xfc\x2e\x06\x9f\x9a\x1c\x0a\xa5\x81\x90\x9e\x4a\x28\x8a\x3c\xb6\x45\xbc\x92\x3b\x23\x39\xe9\xb7\x2f\x92\x37\xbb\x9b\x1e\x72\x30\x58\xf3\xde\x9b\x79\xf3\xa7\x69\xf0\x25\x0c\x84\x89\x3c\xb1\x89\x34\xe0\xf9\x0f\x56\x0e\x31\xd8\x66\x22\xdf\xc4\x57\xc7\xeb\x2f\xb2\x8b\x23\xc6\xf6\x7f\x7b\x68\x0f\xb7\xf7\xf8\x7e\xff\x88\xbb\xdb\xaf\x8f\xaa\x69\x20\x21\xb1\xa5\x0e\x1c\x52\xa4\xb6\x48\x95\x12\xcb\x6e\x8d\xed\x46\xfc\x8c\x1e\xba\x60\xd2\x0d\xb4\x50\x24\xfd\x8e\xce\xb4\xac\x19\xbd\x7b\x23\x9b\x71\x1c\x29\xce\x61\xc0\x4e\x43\xf0\x10\xe2\xcd\x59\xda\x73\x0b\xc6\xc0\x28\x86\xb0\x1a\xfb\x62\x26\xc2\x1b\x65\x4a\x9b\xa4\xdd\xcb\xef\xc4\x73\x05\x93\xe2\x1c\x38\xd7\x38\x1a\x3b\x3b\x4f\xcd\xb9\x4f\x7d\xe5\x51\x5c\xf0\x99\xb4\xf7\x77\x46\x92\xe4\x12\x3d\xb4\x56\x6a\x09\xd6\x2c\x18\x17\x33\xa1\x07\xd3\xef\xe4\x98\xa0\xf3\x5b\x9f\x30\xd9\xec\x35\x24\x9b\xbd\xc8\x04\x7d\xd1\xb6\x9e\x5e\xab\x5a\xe5\xb1\xe5\xe7\xde\xd1\x43\xf6\xac\x46\xe9\x24\xb2\xf3\x53\xa5\xdd\xa0\x6f\xa0\xf3\xb7\x99\x25\x51\x21\x1d\x49\x8a\x1b\xc3\x13\xdc\xa0\xeb\x6b\xbe\x65\x32\x31\xf0\xe7\xa2\x77\xd2\x07\xe5\x1c\x24\x7e\x2e\x2b\x8c\x5a\xfd\x3b\x92\x51\xba\xf2\x9b\x9b\x19\x93\xb7\x31\x4f\x90\x93\xaf\x0c\x4f\xb5\x02\xdc\x98\xd5\x3f\xff\x7b\x42\xdf\x43\x37\x79\xd3\x1a\x81\x3f\x04\x4f\xd1\x38\x93\x57\x00\xb0\xb2\xf3\xb1\xba\x64\xae\x4b\x94\x29\x26\xce\x04\xf2\x83\x52\x28\x19\x0e\x4f\xe8\x71\x75\x62\x0a\xb8\xec\x47\x76\x7b\xab\x61\xa1\xdd\xce\x19\x66\x92\x7c\x70\xb2\xd9\xb2\x08\xb3\xba\x1f\x0f\xdf\x6e\x10\xc3\x0b\xf9\xba\xdb\x6f\xa7\xaa\x4f\x67\x5a\x95\x64\xb5\x52\xb9\xf0\xdf\x00\x00\x00\xff\xff\x75\x1a\x14\x61\x27\x03\x00\x00")
+
+func route_twirp_eclier_routes_deleteLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_routes_deleteLua,
+		"route_twirp_eclier_routes_delete.lua",
+	)
+}
+
+func route_twirp_eclier_routes_deleteLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_routes_deleteLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_routes_delete.lua", size: 807, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_routes_getLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x84\x52\x4d\x6b\xdc\x30\x10\xbd\xeb\x57\x3c\x74\x5a\x43\x6c\xd2\x43\x2f\x06\x9f\x9a\x50\x0a\xa5\x81\x90\x9e\x9a\x50\x14\x79\x6c\x8b\x38\x92\x33\x92\x9c\xf4\xdf\x97\x91\xdd\xdd\x6d\x21\xf4\xb0\xb0\x9a\xf7\x31\x6f\xc6\x53\xd7\xf8\x14\x7a\xc2\x48\x9e\xd8\x24\xea\xf1\xf8\x0b\x0b\x87\x14\x6c\x3d\x92\xaf\xd3\xab\xe3\xe5\x27\xd9\xd9\x11\x63\xfd\xd8\x5c\x36\x97\x57\x37\xf8\x76\x73\x87\xeb\xab\x2f\x77\xaa\xae\x11\x43\x66\x4b\x2d\x38\xe4\x44\x4d\x91\x2a\x15\x2d\xbb\x25\x35\x2b\xf1\x23\x3a\xe8\x82\xc5\x76\xa4\xa4\xff\x40\x13\xcd\x8b\x40\xd7\x6f\x64\x05\xc4\x33\xa5\x29\xf4\x18\x29\x21\x78\x44\xe2\xd5\x59\xda\x5c\x23\x86\xc0\x28\x51\xb0\x18\xfb\x64\x46\xc2\x1b\x09\xa5\xc9\xb1\xd9\x1a\x6f\xc4\xa3\xbd\xc9\x69\x0a\x2c\x0d\x9e\x8d\x9d\x9c\xa7\xfa\x38\xa1\x3e\x4b\x17\x5d\xf0\x42\xda\x26\x3b\x22\x39\x4a\x8b\x0e\x5a\x2b\x35\x07\x6b\x66\x0c\xb3\x19\xd1\x81\xe9\x25\x3b\x26\x68\x79\xeb\x1d\x8b\xab\x3d\x87\xe2\x6a\x4f\xb2\x88\xae\x68\x1b\x4f\xaf\x87\x4a\xc9\xc2\xe4\xb9\x4d\xf4\x99\xd2\xad\xc4\xbe\xa5\x97\x4c\x31\xa9\x21\xb6\x31\xb1\xf3\xe3\x41\x67\x9f\x23\xf5\xfa\x02\x5a\x7e\xab\x99\x33\x15\xc9\x33\xc5\x92\xcd\xf0\x88\x9d\x53\x9d\xeb\xdc\x7f\x34\x4e\xf8\xff\x8e\x39\xc4\xb6\xfc\x95\x80\x43\xf6\x36\xc9\x56\x38\xfb\x83\xe1\xb1\x52\x80\x1b\x44\xfb\xe3\xc3\x03\xba\x0e\xba\x96\x4f\xa7\x11\xf8\xaf\xe2\x5e\x4d\x13\x79\x05\x00\x0b\x3b\x9f\x0e\x27\xe7\xaa\x54\x99\x52\x66\x21\x90\xef\x95\x42\x71\xb8\x7c\x40\x87\xb3\x83\x51\xc0\x69\xe7\x71\x8b\xb7\x18\x8e\xb4\xc5\x39\xc2\x4c\x51\x2e\x28\xae\xb6\x2c\xd7\x2c\xee\xfb\xed\xd7\x0b\xa4\xf0\x44\xbe\x6a\xb7\x7b\x38\x54\x72\x74\x87\xe2\x54\xa4\x5b\x2c\xed\xfa\xf6\x3e\xdd\x27\x8d\xa6\x41\x0a\xfb\xf2\xc4\xb0\x71\x7d\x89\xba\xf3\x2c\x93\x49\x81\xdf\x23\xef\xf0\xb9\x62\x0a\x31\xbd\x47\x17\xac\xaa\x94\xcc\xfe\x3b\x00\x00\xff\xff\x07\xd9\x95\x3a\x78\x03\x00\x00")
+
+func route_twirp_eclier_routes_getLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_routes_getLua,
+		"route_twirp_eclier_routes_get.lua",
+	)
+}
+
+func route_twirp_eclier_routes_getLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_routes_getLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_routes_get.lua", size: 888, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_routes_get_allLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x5c\x52\x4d\x6f\xdd\x20\x10\xbc\xf3\x2b\x46\x9c\x6c\xa9\xb6\x5e\x0f\xbd\x3c\xc9\xa7\x26\x87\x4a\x55\x22\x55\xe9\xa9\x89\x22\xc2\x5b\xdb\x28\x0e\xb8\xcb\xe2\xa4\xff\xbe\x02\xde\x57\x7b\x83\x9d\xd9\xd9\x19\x96\xae\xc3\xd7\x70\x20\x4c\xe4\x89\x8d\xd0\x01\x2f\x7f\xb0\x72\x90\x60\xbb\x89\x7c\x27\xef\x8e\xd7\x67\xb2\x8b\x23\xc6\xf6\xa5\xdf\xf5\xbb\x9b\x7b\xdc\xdd\x3f\xe0\xf6\xe6\xdb\x83\xea\x3a\xc4\x90\xd8\xd2\x1e\x1c\x92\x50\x5f\x5a\x95\x8a\x96\xdd\x2a\xfd\x46\xfc\x82\x01\xba\x60\x71\x3f\x91\x3c\x9b\x65\xd1\x27\x78\xa6\x65\xcd\xf0\xed\x07\xd9\x4c\xc0\x1b\xc9\x1c\x0e\x38\xf2\x10\x3c\x22\xf1\xe6\x2c\x55\xf5\x88\x31\x30\x8a\x25\xac\xc6\xbe\x9a\x89\xf0\x41\x99\xd2\xa7\xd8\x57\x03\x95\x78\x1e\x61\x92\xcc\x81\xf3\x90\x37\x63\x67\xe7\xa9\x3b\x27\xd5\x57\x2e\xa3\x0b\x3e\x93\x6a\xc2\x33\x92\x62\x1e\x31\x40\x6b\xa5\x96\x60\xcd\x82\x71\x31\x13\x06\x30\xfd\x4e\x8e\x09\x3a\xdf\xf5\x11\x8b\x9b\xbd\x86\xe2\x66\x2f\x6d\x11\x43\xe9\xed\x3d\xbd\x37\xad\xca\x0f\x97\xaf\x35\xd1\x9d\x5b\xd4\xff\x23\xc7\xb8\x2f\xc7\x4c\x1e\x93\xb7\x92\x1d\x72\xf2\x8d\xe1\xa9\x55\x80\x1b\x61\x78\xfa\xf5\xf9\x09\xc3\x00\xdd\xe5\xa7\xd4\x08\xfc\x4f\xf1\x58\x95\x99\xbc\x02\x80\x95\x9d\x97\xe6\xa2\xdc\x96\x2a\x93\x24\xce\x04\xf2\x07\xa5\x50\x14\x76\x4f\x18\x70\xb5\x44\x05\x5c\xf2\xc7\x6a\x6f\x35\x1c\xa9\xda\x39\xc3\x4c\x31\x6f\x34\x6e\xb6\x04\x35\xab\xfb\xf9\xe3\xfb\x27\x48\x78\x25\xdf\xee\xeb\x6e\x9a\xf6\xf4\x11\x9a\xa2\x56\xda\xab\xb5\xd3\x47\x79\x94\x47\xd1\xe8\x7b\x48\x88\xc2\xce\x4f\x4d\x16\x3e\xee\xb6\x6d\x55\x76\xfa\x37\x00\x00\xff\xff\xd4\xa1\xe0\x99\xba\x02\x00\x00")
+
+func route_twirp_eclier_routes_get_allLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_routes_get_allLua,
+		"route_twirp_eclier_routes_get_all.lua",
+	)
+}
+
+func route_twirp_eclier_routes_get_allLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_routes_get_allLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_routes_get_all.lua", size: 698, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_routes_putLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x7c\x52\xcd\x6a\xdc\x3c\x14\xdd\xeb\x29\x0e\x5a\x8d\x21\x36\xf9\x16\xdf\xc6\xe0\x55\x93\x45\xa1\x34\x10\xd2\x55\x13\x8a\x22\x5f\xdb\x22\x8e\xe4\x5e\x49\x4e\xfa\xf6\xe5\xca\xce\xcc\xa4\x90\x2c\x0c\x96\xce\x8f\xce\xfd\xa9\x6b\x7c\x09\x3d\x61\x24\x4f\x6c\x12\xf5\x78\xfc\x83\x85\x43\x0a\xb6\x1e\xc9\xd7\xe9\xc5\xf1\xf2\x8b\xec\xec\x88\xb1\xfe\xdf\x5c\x36\x97\x57\x37\xf8\x7e\x73\x87\xeb\xab\xaf\x77\xaa\xae\x11\x43\x66\x4b\x2d\x38\xe4\x44\x4d\x91\x2a\x15\x2d\xbb\x25\x35\x2b\xf1\x23\x3a\xe8\x82\xc5\x76\xc9\x49\xbf\x41\x13\xcd\x8b\x40\xd7\xaf\x64\x05\xc4\x33\xa5\x29\xf4\x58\x72\x42\xf0\x88\xc4\xab\xb3\xb4\xb9\x46\x0c\x81\x51\xa2\x60\x31\xf6\xc9\x8c\x84\x57\x12\x4a\x93\x63\xb3\x3d\xbc\x11\x8f\xf6\x26\xa7\x29\xb0\x3c\xf0\x6c\xec\xe4\x3c\xd5\xc7\x0a\xf5\x59\xba\xe8\x82\x17\xd2\x56\xd9\x11\xc9\x51\x9e\xe8\xa0\xb5\x52\x73\xb0\x66\xc6\x30\x9b\x11\x1d\x98\x7e\x67\xc7\x04\x2d\x67\xbd\x63\x71\xb5\xe7\x50\x5c\xed\x49\x16\xd1\x15\x6d\xe3\xe9\xe5\x50\x29\x69\x98\x1c\xb7\x8a\x6e\x25\xb3\x1a\x62\x1b\x13\x3b\x3f\x1e\xf4\x14\x62\xd2\x17\xd0\xf2\xad\x66\xce\x54\x68\xcf\x14\x4b\x1e\xc3\x23\x0a\xa3\x3a\xd7\xb8\xfe\x73\x85\xeb\xdf\xf3\x2d\x93\x49\x81\x3f\x17\xbd\x91\x2a\xf5\x6f\x4b\x86\xd8\x96\x5f\x29\x66\xc8\xde\x26\xe9\x20\x67\x7f\x30\x3c\x56\x0a\x70\x83\x18\xfc\xfc\xef\x01\x5d\x07\x5d\xcb\x98\x35\x02\xbf\xbb\xdc\x6f\xd3\x44\x5e\x01\xc0\xc2\xce\xa7\xc3\xc9\xb9\x2a\xb7\x4c\x29\xb3\x10\xc8\xf7\x4a\xa1\x38\x5c\x3e\xa0\xc3\xd9\x72\x29\xe0\x34\x9f\xb8\xc5\x5b\x0c\x47\xda\xe2\x1c\x61\xa6\x28\xdb\x16\x57\x5b\x06\x61\x16\xf7\xe3\xf6\xdb\x05\x52\x78\x22\x5f\xb5\xdb\xee\x1c\x2a\x59\xd0\x43\x71\x2a\xd2\x2d\x96\x76\x7d\x7b\x9f\xee\x93\x46\xd3\x20\x85\xbd\x8d\x62\xd8\xb8\xbe\x44\xdd\x79\x7b\xcf\x3e\x22\xef\xf0\xb9\x42\x86\xf9\x11\x5d\xb0\xaa\x52\x52\xfb\xdf\x00\x00\x00\xff\xff\x86\x08\x46\x8f\xa4\x03\x00\x00")
+
+func route_twirp_eclier_routes_putLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_routes_putLua,
+		"route_twirp_eclier_routes_put.lua",
+	)
+}
+
+func route_twirp_eclier_routes_putLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_routes_putLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_routes_put.lua", size: 932, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_tokens_deactivateLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x7c\x92\x41\x6f\xdb\x30\x0c\x85\xef\xfa\x15\x0f\x3a\xd9\x40\x6c\x64\x87\x5d\x02\xf8\xb4\xf6\x30\x60\x58\x81\x21\x3b\x0d\xc5\xa0\xc8\xb4\x23\xd4\x91\x3c\x52\x72\xdb\x7f\x3f\x48\xce\x92\x74\x40\x7b\xb3\xc9\xef\x91\x8f\x14\x9b\x06\x5f\x42\x4f\x18\xc9\x13\x9b\x48\x3d\x0e\xaf\x98\x39\xc4\x60\x9b\x91\x7c\x13\x9f\x1d\xcf\xbf\xc9\x4e\x8e\x18\xcb\xe7\x76\xdb\x6e\xef\x1e\xf0\xfd\x61\x8f\xfb\xbb\xaf\x7b\xd5\x34\x90\x90\xd8\xd2\x0e\x1c\x52\xa4\xb6\x48\x95\x12\xcb\x6e\x8e\xed\x42\x7c\x40\x07\x1d\xc3\x13\x79\xd9\xf5\x64\x6c\x74\x8b\x89\xa4\xff\x11\x47\x9a\xe6\x4c\xdc\xbf\x90\x4d\x91\x04\x27\x8a\xc7\xd0\xe3\x8a\x22\x78\x08\xf1\xe2\x2c\x61\xad\x83\x21\x30\x8a\x31\xcc\xc6\x3e\x99\x91\xf0\x42\x19\x69\x93\xb4\xab\x8d\x15\xbc\x74\x31\x29\x1e\x03\xe7\x3e\x27\x63\x8f\xce\x53\x73\x99\x57\xdf\x78\x15\x17\x7c\x86\xd6\x39\x2f\x99\x24\xb9\x45\x07\xad\x95\x9a\x82\x35\x13\x86\xc9\x8c\xe8\xc0\xf4\x27\x39\x26\xe8\xfc\xaf\xcf\x39\x59\xec\x6d\x4a\x16\x7b\x95\x09\xba\xa2\x6d\x3d\x3d\x57\xb5\xca\xeb\xcb\xbf\xeb\x44\xfb\xec\x59\x0d\xb2\x3b\x84\x30\x55\xba\xcc\x4f\x7a\x83\xc1\x4c\x42\x1b\xe8\xc5\x4c\x89\x0a\x79\x22\x29\x96\x0c\x8f\x38\x63\x75\x16\x4a\x64\xe7\xc7\x4a\xbb\x5e\x6f\xa0\xf5\xbb\x1a\xd7\xbf\xe5\x0f\xa1\x7f\xfd\x58\x51\x88\x1b\x8d\x54\x5a\x6c\x98\x49\xde\x97\x9c\xf3\xb5\xfa\x7f\x8d\x83\xec\xca\x67\x5e\xc0\x90\xbc\x8d\x79\xeb\x9c\x7c\x65\x78\xac\x15\xe0\x86\xac\xff\xf5\xe9\x11\x5d\x07\xdd\xe4\x0b\xd1\x08\xfc\x26\x78\x8e\xc6\x23\x79\x05\x00\x33\x3b\x1f\xab\x6b\xe5\xba\x44\x99\x62\xe2\x0c\x90\xef\x95\x42\xa9\xb0\x7d\x44\x87\x9b\xf3\x54\xc0\xf5\x4d\x65\xb5\x37\x1b\x16\x5a\xed\x5c\xd2\x4c\x92\x0f\x55\x16\x5b\x1e\xcf\xcc\xee\xe7\x8f\x6f\x9b\xf5\x22\xeb\xdd\x7a\x6f\x55\x7d\x73\xe2\x55\x29\x58\x2b\x95\x9b\xff\x0d\x00\x00\xff\xff\x41\x42\x7e\x72\x67\x03\x00\x00")
+
+func route_twirp_eclier_tokens_deactivateLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_tokens_deactivateLua,
+		"route_twirp_eclier_tokens_deactivate.lua",
+	)
+}
+
+func route_twirp_eclier_tokens_deactivateLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_tokens_deactivateLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_tokens_deactivate.lua", size: 871, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_tokens_deleteLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x7c\x52\xc1\x6a\xdc\x30\x10\xbd\xeb\x2b\x1e\x3a\xd9\x10\x9b\xed\xa1\x97\x05\x9f\x9a\x1c\x0a\xa5\x81\xb2\x3d\x95\x50\xb4\xf2\xd8\x2b\xe2\x95\xdc\x19\xc9\x49\xfe\xbe\x48\xde\xee\xba\x85\xf4\x60\xb0\xf4\xde\x9b\x79\x33\x7a\x4d\x83\x4f\xa1\x27\x8c\xe4\x89\x4d\xa4\x1e\xc7\x37\xcc\x1c\x62\xb0\xcd\x48\xbe\x89\x2f\x8e\xe7\x9f\x64\x27\x47\x8c\xe5\x63\xbb\x6b\x77\xf7\x8f\xf8\xfa\x78\xc0\xc3\xfd\xe7\x83\x6a\x1a\x48\x48\x6c\x69\x0f\x0e\x29\x52\x5b\xa4\x4a\x89\x65\x37\xc7\x76\x21\x3e\xa2\x83\x8e\xe1\x99\xbc\xec\x7b\x9a\x28\x92\xfe\x83\x9e\x68\x9a\x33\xfa\xf0\x4a\x36\x45\x12\x9c\x29\x9e\x42\x8f\x95\x86\xe0\x21\xc4\x8b\xb3\x84\x55\x8f\x21\x30\x8a\x21\xcc\xc6\x3e\x9b\x91\xf0\x4a\x99\xd2\x26\x69\xd7\xf6\x2b\xf1\xda\xc1\xa4\x78\x0a\x9c\x7b\x9c\x8d\x3d\x39\x4f\xcd\x75\x4e\xbd\xf1\x28\x2e\xf8\x4c\x5a\xe7\xbb\x22\x49\x72\x8b\x0e\x5a\x2b\x35\x05\x6b\x26\x0c\x93\x19\xd1\x81\xe9\x57\x72\x4c\xd0\xf9\xac\x2f\x98\x2c\x76\x0b\xc9\x62\x6f\x32\x41\x57\xb4\xad\xa7\x97\xaa\x56\x79\x6d\xf9\xb8\x4e\x74\xc8\x9e\xd5\x20\x7b\x89\xec\xfc\x58\x69\xd7\xeb\x3b\xe8\xfc\x2d\x66\x4a\x54\x48\x67\x92\xe2\xc6\xf0\x08\xd7\xeb\x7a\xcb\x3f\x86\xfe\xed\xff\x8a\xc2\xd8\x68\xa4\xd2\x62\xc3\x4c\xf2\xbe\xe4\x82\x17\xd1\x31\x84\xa9\xd2\xc6\x46\xb7\x90\xbe\xc3\x60\x26\xa1\x77\x85\x17\x5a\xad\xfe\x5d\xe3\x20\xfb\xf2\x9b\x17\x30\x24\x6f\x63\xde\x3a\x27\x5f\x19\x1e\x6b\x05\xb8\x21\xeb\x7f\x7c\x78\x42\xd7\x41\x37\x39\x1d\x1a\x81\xff\xba\xbc\xdc\xc6\x13\x79\x05\x00\x33\x3b\x1f\xab\x5b\xe5\xba\xdc\x32\xc5\xc4\x99\x40\xbe\x57\x0a\xa5\xc2\xee\x09\x1d\x36\xb1\x54\xc0\xed\x4d\x65\xb5\x37\x1b\x16\x5a\xed\x5c\x61\x26\xc9\x21\x95\xc5\x96\xc7\x33\xb3\xfb\xfe\xed\xcb\xdd\x9a\xc8\x7a\xbf\xe6\xad\xaa\x2f\xd1\xae\x4a\xb1\x5a\xa9\xdc\xf8\x77\x00\x00\x00\xff\xff\x50\xe4\x70\xe6\x5b\x03\x00\x00")
+
+func route_twirp_eclier_tokens_deleteLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_tokens_deleteLua,
+		"route_twirp_eclier_tokens_delete.lua",
+	)
+}
+
+func route_twirp_eclier_tokens_deleteLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_tokens_deleteLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_tokens_delete.lua", size: 859, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_tokens_getLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x7c\x92\x41\x6b\xdc\x3e\x10\xc5\xef\xfa\x14\x0f\x9d\x6c\x88\x4d\xfe\x87\xff\xc5\xe0\x53\x13\x4a\xa1\x34\x10\xb6\xa7\x26\x14\xad\x3c\xf6\x8a\x78\x25\x67\x24\x39\xc9\xb7\x2f\x92\xb6\xbb\x6e\x61\x7b\x58\x58\xe9\xfd\xde\xe8\xcd\x78\x9a\x06\x9f\xdc\x40\x98\xc8\x12\xab\x40\x03\xf6\x1f\x58\xd8\x05\xa7\x9b\x89\x6c\x13\xde\x0c\x2f\x3f\x49\xcf\x86\x18\xeb\xff\xed\x6d\x7b\x7b\xf7\x80\x6f\x0f\x3b\xdc\xdf\x7d\xd9\x89\xa6\x81\x77\x91\x35\x75\x60\x17\x03\xb5\xd9\x2a\x84\xd7\x6c\x96\xd0\xae\xc4\x7b\xf4\x90\xc1\xbd\x90\xf5\xdd\x44\x41\xfe\x96\x0e\x34\x2f\x49\xba\x7f\x27\x1d\x03\x79\x1c\x29\x1c\xdc\x80\x89\x02\x9c\x85\x27\x5e\x8d\x26\x14\x27\x46\xc7\xc8\x51\xb0\x28\xfd\xa2\x26\xc2\x3b\x25\xa4\x8d\xbe\x2d\x0f\x17\xf0\x5c\x5e\xc5\x70\x70\x9c\x1e\x38\x2a\x7d\x30\x96\x9a\x73\x87\x72\x93\xce\x1b\x67\x13\x54\x3a\x3b\x2b\xd1\xa7\x27\x7a\x48\x29\xc4\xec\xb4\x9a\x31\xce\x6a\x42\x0f\xa6\xd7\x68\x98\x20\xd3\x59\x9e\x34\xbf\xea\xad\xe4\x57\x7d\xb1\x79\xf4\xd9\xdb\x5a\x7a\xab\x6a\x91\x06\x96\x8e\xa5\xa3\xcf\x14\x76\x29\xf6\x23\xbd\x46\xf2\x41\x8c\xbe\xf3\x81\x8d\x9d\x2a\x69\x06\x79\x03\x99\x7e\xab\x9a\x23\x65\xfc\x48\x3e\xe7\x52\x3c\xc1\x0c\xb2\xde\xf2\xb9\xfd\x7f\x5b\x0a\x52\x8b\xbf\x9b\x1c\x7d\x97\xff\xa6\x78\x63\xb4\x3a\xa4\x99\x70\xb4\x95\xe2\xa9\x16\x80\x19\x93\xfd\xc7\x7f\xcf\xe8\x7b\xc8\x26\x7d\x38\x09\xc7\x7f\x5c\x9e\x6e\xc3\x81\xac\x00\x80\x85\x8d\x0d\xd5\xa5\x72\x9d\x6f\x99\x42\xe4\x04\x90\x1d\x84\x40\xae\x70\xfb\x8c\x1e\x9b\x75\x11\xc0\x65\xe2\xbe\xc4\x5b\x14\x7b\x2a\x71\xce\x32\x93\x4f\xfb\xe3\x57\x9d\x47\xab\x16\xf3\xfd\xf1\xeb\x4d\x69\xb2\xee\xca\x36\x54\x75\x5a\xb9\x2a\x57\xca\xd6\x12\x4b\x9a\xa1\x7b\x0a\x4f\x41\xa2\x6d\x11\xdc\x69\x84\xa9\x60\x6b\x86\x1c\xf5\xc4\xed\xdd\xf0\x71\x8d\x4c\xda\x96\xf5\xda\x2d\xe4\xaf\xd1\x45\xdd\xf2\x4a\x07\xb3\xd2\x35\xbe\xa8\x75\x2d\xd2\xa4\x7e\x05\x00\x00\xff\xff\x6f\x53\x96\xcd\xa4\x03\x00\x00")
+
+func route_twirp_eclier_tokens_getLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_tokens_getLua,
+		"route_twirp_eclier_tokens_get.lua",
+	)
+}
+
+func route_twirp_eclier_tokens_getLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_tokens_getLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_tokens_get.lua", size: 932, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_tokens_get_allLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x5c\x52\x4d\x6f\xdd\x20\x10\xbc\xf3\x2b\x46\x9c\x6c\xa9\xb6\x5e\x0f\xbd\x3c\xc9\xa7\x26\x87\x4a\x55\x22\x55\xe9\xa9\x89\x22\xc2\x5b\xdb\x28\x0e\xb8\xcb\xe2\xa4\xff\xbe\x02\xde\x57\x7b\x83\x9d\xd9\xdd\x19\x86\xae\xc3\xd7\x70\x20\x4c\xe4\x89\x8d\xd0\x01\x2f\x7f\xb0\x72\x90\x60\xbb\x89\x7c\x27\xef\x8e\xd7\x67\xb2\x8b\x23\xc6\xf6\xa5\xdf\xf5\xbb\x9b\x7b\xdc\xdd\x3f\xe0\xf6\xe6\xdb\x83\xea\x3a\xc4\x90\xd8\xd2\x1e\x1c\x92\x50\x5f\x5a\x95\x8a\x96\xdd\x2a\xfd\x46\xfc\x82\x01\x5a\xc2\x2b\xf9\xb8\x9f\x48\x9e\xcd\xb2\xe8\x13\x3c\xd3\xb2\x66\xf8\xf6\x83\x6c\x12\x8a\x78\x23\x99\xc3\x01\x47\x1e\x82\x47\x24\xde\x9c\x25\xd4\x09\x18\x03\xa3\x48\xc2\x6a\xec\xab\x99\x08\x1f\x94\x29\x7d\x8a\x7d\x15\x50\x89\xe7\x15\x26\xc9\x1c\x38\x2f\x79\x33\x76\x76\x9e\xba\xb3\x53\x7d\xa5\x32\xba\xe0\x33\xa9\x3a\x3c\x23\x29\xe6\x15\x03\xb4\x56\x6a\x09\xd6\x2c\x18\x17\x33\x61\x00\xd3\xef\xe4\x98\xa0\xf3\x5d\x1f\xb1\xb8\xd9\x6b\x28\x6e\xf6\xd2\x16\x31\x94\xde\xde\xd3\x7b\xd3\xaa\xfc\x70\xf9\x5a\x1d\xdd\xb9\x45\xfd\xbf\x72\x8c\xfb\x72\xcc\xe4\x31\x79\x2b\x59\x21\x27\xdf\x18\x9e\x5a\x05\xb8\x11\x86\xa7\x5f\x9f\x9f\x30\x0c\xd0\x5d\x7e\x4a\x8d\xc0\xff\x14\x8f\x55\x99\xc9\x2b\x00\x58\xd9\x79\x69\x2e\x93\xdb\x52\x65\x92\xc4\x99\x40\xfe\xa0\x14\xca\x84\xdd\x13\x06\x5c\x85\xa8\x80\x8b\xff\x58\xe5\xad\x86\x23\x55\x39\x67\x98\x29\xe6\x44\xe3\x66\x8b\x51\xb3\xba\x9f\x3f\xbe\x7f\xaa\xe9\xb5\xfb\x9a\x4d\xd3\x9e\x3e\x42\x53\xa6\x95\xf6\x2a\xed\xf4\x51\x1e\xe5\x51\x34\xfa\x1e\x12\xa2\xb0\xf3\x53\x93\x07\x1f\xb3\x6d\x5b\x95\x95\xfe\x0d\x00\x00\xff\xff\xe9\x8f\x90\xdc\xba\x02\x00\x00")
+
+func route_twirp_eclier_tokens_get_allLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_tokens_get_allLua,
+		"route_twirp_eclier_tokens_get_all.lua",
+	)
+}
+
+func route_twirp_eclier_tokens_get_allLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_tokens_get_allLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_tokens_get_all.lua", size: 698, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_tokens_putLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x7c\x92\x41\x6b\xdc\x30\x10\x85\xef\xfa\x15\x0f\x9d\x6c\x88\x4d\x7a\xe8\xc5\xe0\x53\x93\x43\xa1\x34\x50\xd2\x53\x13\x8a\x56\x1e\x7b\x45\xbc\x92\xab\x91\x9c\xe4\xdf\x17\x49\xee\xae\x5b\xd8\x1e\x16\xd6\x7a\xdf\x1b\x3d\xcd\x4c\xd3\xe0\x93\x1b\x08\x13\x59\xf2\x2a\xd0\x80\xc3\x3b\x16\xef\x82\xd3\xcd\x44\xb6\x09\xaf\xc6\x2f\x3f\x49\xcf\x86\x3c\xd6\x8f\xed\x6d\x7b\x7b\xf7\x80\xaf\x0f\x8f\xb8\xbf\xfb\xfc\x28\x9a\x06\xec\xa2\xd7\xd4\xc1\xbb\x18\xa8\xcd\x56\x21\x58\x7b\xb3\x84\x76\x25\x7f\x40\x0f\x19\xdc\x0b\x59\xee\x96\x18\xe4\x1f\xe9\x48\xf3\x92\xa4\xfb\x37\xd2\x31\x10\xe3\x44\xe1\xe8\x06\x2c\x31\xc0\x59\x30\xf9\xd5\x68\x42\x71\x62\x74\x1e\x39\x0a\x16\xa5\x5f\xd4\x44\x78\xa3\x84\xb4\x91\xdb\x72\x71\x01\xcf\xe5\x55\x0c\x47\xe7\xd3\x05\x27\xa5\x8f\xc6\x52\x73\x7e\xa1\xdc\xa5\x63\xe3\x6c\x82\xca\xcb\xce\x4a\xe4\x74\x45\x0f\x29\x85\x98\x9d\x56\x33\xc6\x59\x4d\xe8\xe1\xe9\x57\x34\x9e\x20\xd3\xb7\xdc\x34\x5e\xf5\x5e\xe2\x55\x5f\x6c\x8c\x3e\x7b\x5b\x4b\xaf\x55\x2d\x52\xc3\xd2\x67\x79\xd1\x63\xca\x2c\x46\xee\x38\x78\x63\xa7\x4a\x9a\x41\xde\x40\xa6\xdf\xaa\xe6\x48\x19\x3a\x11\xe7\x34\xca\x4f\x30\x83\xac\xf7\xfc\xc1\x0d\xef\xff\x77\x64\x62\xe7\xe1\x4a\xb2\x76\x0b\xf1\x75\xcb\xa6\x67\xd3\xc1\xb9\xb9\x92\x4a\x07\xb3\x92\xbc\xc1\xa8\x66\xa6\xab\xc6\x0d\xab\xc5\xbf\x6d\x1c\xb9\xcb\x7f\x53\x03\xc6\x68\x75\x48\x5d\xf7\xd1\x56\xca\x4f\xb5\x00\xcc\x98\xfc\x3f\x3e\x3c\xa3\xef\x21\x9b\xb4\x1a\x12\xce\xff\x75\xb8\x9d\x86\x23\x59\x01\x00\x8b\x37\x36\x54\x97\xca\x75\x3e\xf5\x14\xa2\x4f\x00\xd9\x41\x08\xe4\x0a\xb7\xcf\xe8\xb1\x5b\x48\x01\x5c\x66\xca\x25\xde\xa2\x3c\x53\x89\x73\x96\x3d\x71\xda\x50\x5e\x75\x1e\x9e\x5a\xcc\xf7\x6f\x5f\x6e\xca\x46\xd6\x5d\xd9\xb7\xaa\x4e\x4b\x5d\xe5\x4a\xd9\x5a\x62\x49\x33\x74\x4f\xe1\x29\x48\xb4\x2d\x82\xdb\xc6\x95\x0a\xb6\x66\xc8\x51\x37\x2e\x8d\xe7\x1a\x99\xb4\x3d\x5b\xe6\x72\x8d\x2e\xea\x9e\x2f\xe3\xb8\xc6\x17\xb5\xae\x45\xea\xd4\xef\x00\x00\x00\xff\xff\x38\x3f\xda\x56\x06\x04\x00\x00")
+
+func route_twirp_eclier_tokens_putLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_tokens_putLua,
+		"route_twirp_eclier_tokens_put.lua",
+	)
+}
+
+func route_twirp_eclier_tokens_putLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_tokens_putLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_tokens_put.lua", size: 1030, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+// Asset loads and returns the asset for the given name.
+// It returns an error if the asset could not be found or
+// could not be loaded.
+func Asset(name string) ([]byte, error) {
+	cannonicalName := strings.Replace(name, "\\", "/", -1)
+	if f, ok := _bindata[cannonicalName]; ok {
+		a, err := f()
+		if err != nil {
+			return nil, fmt.Errorf("Asset %s can't read by error: %v", name, err)
+		}
+		return a.bytes, nil
+	}
+	return nil, fmt.Errorf("Asset %s not found", name)
+}
+
+// MustAsset is like Asset but panics when Asset would return an error.
+// It simplifies safe initialization of global variables.
+func MustAsset(name string) []byte {
+	a, err := Asset(name)
+	if err != nil {
+		panic("asset: Asset(" + name + "): " + err.Error())
+	}
+
+	return a
+}
+
+// AssetInfo loads and returns the asset info for the given name.
+// It returns an error if the asset could not be found or
+// could not be loaded.
+func AssetInfo(name string) (os.FileInfo, error) {
+	cannonicalName := strings.Replace(name, "\\", "/", -1)
+	if f, ok := _bindata[cannonicalName]; ok {
+		a, err := f()
+		if err != nil {
+			return nil, fmt.Errorf("AssetInfo %s can't read by error: %v", name, err)
+		}
+		return a.info, nil
+	}
+	return nil, fmt.Errorf("AssetInfo %s not found", name)
+}
+
+// AssetNames returns the names of the assets.
+func AssetNames() []string {
+	names := make([]string, 0, len(_bindata))
+	for name := range _bindata {
+		names = append(names, name)
+	}
+	return names
+}
+
+// _bindata is a table, holding each asset generator, mapped to its name.
+var _bindata = map[string]func() (*asset, error){
+	"route_twirp_eclier_backends_kill.lua": route_twirp_eclier_backends_killLua,
+	"route_twirp_eclier_backends_list.lua": route_twirp_eclier_backends_listLua,
+	"route_twirp_eclier_routes_delete.lua": route_twirp_eclier_routes_deleteLua,
+	"route_twirp_eclier_routes_get.lua": route_twirp_eclier_routes_getLua,
+	"route_twirp_eclier_routes_get_all.lua": route_twirp_eclier_routes_get_allLua,
+	"route_twirp_eclier_routes_put.lua": route_twirp_eclier_routes_putLua,
+	"route_twirp_eclier_tokens_deactivate.lua": route_twirp_eclier_tokens_deactivateLua,
+	"route_twirp_eclier_tokens_delete.lua": route_twirp_eclier_tokens_deleteLua,
+	"route_twirp_eclier_tokens_get.lua": route_twirp_eclier_tokens_getLua,
+	"route_twirp_eclier_tokens_get_all.lua": route_twirp_eclier_tokens_get_allLua,
+	"route_twirp_eclier_tokens_put.lua": route_twirp_eclier_tokens_putLua,
+}
+
+// AssetDir returns the file names below a certain
+// directory embedded in the file by go-bindata.
+// For example if you run go-bindata on data/... and data contains the
+// following hierarchy:
+//     data/
+//       foo.txt
+//       img/
+//         a.png
+//         b.png
+// then AssetDir("data") would return []string{"foo.txt", "img"}
+// AssetDir("data/img") would return []string{"a.png", "b.png"}
+// AssetDir("foo.txt") and AssetDir("notexist") would return an error
+// AssetDir("") will return []string{"data"}.
+func AssetDir(name string) ([]string, error) {
+	node := _bintree
+	if len(name) != 0 {
+		cannonicalName := strings.Replace(name, "\\", "/", -1)
+		pathList := strings.Split(cannonicalName, "/")
+		for _, p := range pathList {
+			node = node.Children[p]
+			if node == nil {
+				return nil, fmt.Errorf("Asset %s not found", name)
+			}
+		}
+	}
+	if node.Func != nil {
+		return nil, fmt.Errorf("Asset %s not found", name)
+	}
+	rv := make([]string, 0, len(node.Children))
+	for childName := range node.Children {
+		rv = append(rv, childName)
+	}
+	return rv, nil
+}
+
+type bintree struct {
+	Func     func() (*asset, error)
+	Children map[string]*bintree
+}
+var _bintree = &bintree{nil, map[string]*bintree{
+	"route_twirp_eclier_backends_kill.lua": &bintree{route_twirp_eclier_backends_killLua, map[string]*bintree{}},
+	"route_twirp_eclier_backends_list.lua": &bintree{route_twirp_eclier_backends_listLua, map[string]*bintree{}},
+	"route_twirp_eclier_routes_delete.lua": &bintree{route_twirp_eclier_routes_deleteLua, map[string]*bintree{}},
+	"route_twirp_eclier_routes_get.lua": &bintree{route_twirp_eclier_routes_getLua, map[string]*bintree{}},
+	"route_twirp_eclier_routes_get_all.lua": &bintree{route_twirp_eclier_routes_get_allLua, map[string]*bintree{}},
+	"route_twirp_eclier_routes_put.lua": &bintree{route_twirp_eclier_routes_putLua, map[string]*bintree{}},
+	"route_twirp_eclier_tokens_deactivate.lua": &bintree{route_twirp_eclier_tokens_deactivateLua, map[string]*bintree{}},
+	"route_twirp_eclier_tokens_delete.lua": &bintree{route_twirp_eclier_tokens_deleteLua, map[string]*bintree{}},
+	"route_twirp_eclier_tokens_get.lua": &bintree{route_twirp_eclier_tokens_getLua, map[string]*bintree{}},
+	"route_twirp_eclier_tokens_get_all.lua": &bintree{route_twirp_eclier_tokens_get_allLua, map[string]*bintree{}},
+	"route_twirp_eclier_tokens_put.lua": &bintree{route_twirp_eclier_tokens_putLua, map[string]*bintree{}},
+}}
+
+// RestoreAsset restores an asset under the given directory
+func RestoreAsset(dir, name string) error {
+	data, err := Asset(name)
+	if err != nil {
+		return err
+	}
+	info, err := AssetInfo(name)
+	if err != nil {
+		return err
+	}
+	err = os.MkdirAll(_filePath(dir, filepath.Dir(name)), os.FileMode(0755))
+	if err != nil {
+		return err
+	}
+	err = ioutil.WriteFile(_filePath(dir, name), data, info.Mode())
+	if err != nil {
+		return err
+	}
+	err = os.Chtimes(_filePath(dir, name), info.ModTime(), info.ModTime())
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// RestoreAssets restores an asset under the given directory recursively
+func RestoreAssets(dir, name string) error {
+	children, err := AssetDir(name)
+	// File
+	if err != nil {
+		return RestoreAsset(dir, name)
+	}
+	// Dir
+	for _, child := range children {
+		err = RestoreAssets(dir, filepath.Join(name, child))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func _filePath(dir, name string) string {
+	cannonicalName := strings.Replace(name, "\\", "/", -1)
+	return filepath.Join(append([]string{dir}, strings.Split(cannonicalName, "/")...)...)
+}
+

proto/eclier/route_twirp_eclier_backends_kill.lua

@@ -0,0 +1,31 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "backends:kill"
+script.help = "Executes method kill on service backends for twirp package xeserv.us.route.backends"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for BackendId
+fs:string("id", "", "value for message arg id")
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):backends():kill(flags)
+
+end

proto/eclier/route_twirp_eclier_backends_list.lua

@@ -0,0 +1,34 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "backends:list"
+script.help = "Executes method list on service backends for twirp package xeserv.us.route.backends"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for BackendSelector
+fs:string("domain", "", "value for message arg domain")
+fs:string("user", "", "value for message arg user")
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):backends():list(flags)
+
+  print("bs:\t\t" .. tostring(resp.bs))
+  print("backends:\t\t" .. tostring(resp.backends))
+end

proto/eclier/route_twirp_eclier_routes_delete.lua

@@ -0,0 +1,33 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "routes:delete"
+script.help = "Executes method delete on service routes for twirp package xeserv.us.route.routes"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for Route
+fs:string("id", "", "value for message arg id")
+fs:string("creator", "", "value for message arg creator")
+fs:string("host", "", "value for message arg host")
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):routes():delete(flags)
+
+end

proto/eclier/route_twirp_eclier_routes_get.lua

@@ -0,0 +1,35 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "routes:get"
+script.help = "Executes method get on service routes for twirp package xeserv.us.route.routes"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for GetRouteRequest
+fs:string("unused", "", "value for message arg unused")
+fs:string("id", "", "value for message arg id")
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):routes():get(flags)
+
+  print("id:\t\t" .. tostring(resp.id))
+  print("creator:\t\t" .. tostring(resp.creator))
+  print("host:\t\t" .. tostring(resp.host))
+end

proto/eclier/route_twirp_eclier_routes_get_all.lua

@@ -0,0 +1,31 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "routes:get_all"
+script.help = "Executes method get_all on service routes for twirp package xeserv.us.route.routes"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for Nil
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):routes():get_all(flags)
+
+  print("routes:\t\t" .. tostring(resp.routes))
+end

proto/eclier/route_twirp_eclier_routes_put.lua

@@ -0,0 +1,36 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "routes:put"
+script.help = "Executes method put on service routes for twirp package xeserv.us.route.routes"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for Route
+fs:string("host", "", "value for message arg host")
+fs:string("id", "", "value for message arg id")
+fs:string("creator", "", "value for message arg creator")
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):routes():put(flags)
+
+  print("id:\t\t" .. tostring(resp.id))
+  print("creator:\t\t" .. tostring(resp.creator))
+  print("host:\t\t" .. tostring(resp.host))
+end

proto/eclier/route_twirp_eclier_tokens_deactivate.lua

@@ -0,0 +1,34 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "tokens:deactivate"
+script.help = "Executes method deactivate on service tokens for twirp package xeserv.us.route.tokens"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for Token
+fs:bool("active", false, "value for message arg active")
+fs:string("id", "", "value for message arg id")
+fs:string("body", "", "value for message arg body")
+fs:strings("scopes", "value for message arg scopes")
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):tokens():deactivate(flags)
+
+end

proto/eclier/route_twirp_eclier_tokens_delete.lua

@@ -0,0 +1,34 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "tokens:delete"
+script.help = "Executes method delete on service tokens for twirp package xeserv.us.route.tokens"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for Token
+fs:string("id", "", "value for message arg id")
+fs:string("body", "", "value for message arg body")
+fs:strings("scopes", "value for message arg scopes")
+fs:bool("active", false, "value for message arg active")
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):tokens():delete(flags)
+
+end

proto/eclier/route_twirp_eclier_tokens_get.lua

@@ -0,0 +1,36 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "tokens:get"
+script.help = "Executes method get on service tokens for twirp package xeserv.us.route.tokens"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for GetTokenRequest
+fs:string("id", "", "value for message arg id")
+fs:string("token", "", "value for message arg token")
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):tokens():get(flags)
+
+  print("id:\t\t" .. tostring(resp.id))
+  print("body:\t\t" .. tostring(resp.body))
+  print("scopes:\t\t" .. tostring(resp.scopes))
+  print("active:\t\t" .. tostring(resp.active))
+end

proto/eclier/route_twirp_eclier_tokens_get_all.lua

@@ -0,0 +1,31 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "tokens:get_all"
+script.help = "Executes method get_all on service tokens for twirp package xeserv.us.route.tokens"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for Nil
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):tokens():get_all(flags)
+
+  print("tokens:\t\t" .. tostring(resp.tokens))
+end

proto/eclier/route_twirp_eclier_tokens_put.lua

@@ -0,0 +1,38 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "tokens:put"
+script.help = "Executes method put on service tokens for twirp package xeserv.us.route.tokens"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for Token
+fs:string("id", "", "value for message arg id")
+fs:string("body", "", "value for message arg body")
+fs:strings("scopes", "value for message arg scopes")
+fs:bool("active", false, "value for message arg active")
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):tokens():put(flags)
+
+  print("id:\t\t" .. tostring(resp.id))
+  print("body:\t\t" .. tostring(resp.body))
+  print("scopes:\t\t" .. tostring(resp.scopes))
+  print("active:\t\t" .. tostring(resp.active))
+end

proto/regen.sh

@@ -1,19 +1,7 @@
 #!/bin/bash
 
-protoc -I/usr/local/include -I. \
-  -I$GOPATH/src \
-  -I$GOPATH/src/github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis \
-  --go_out=Mgoogle/api/annotations.proto=github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis/google/api,plugins=grpc:. \
-  route.proto
-
- protoc -I/usr/local/include -I. \
-  -I$GOPATH/src \
-  -I$GOPATH/src/github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis \
-  --grpc-gateway_out=logtostderr=true:. \
-  route.proto
-
-protoc -I/usr/local/include -I. \
-  -I$GOPATH/src \
-  -I$GOPATH/src/github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis \
-  --swagger_out=logtostderr=true:. \
+protoc -I. \
+  --go_out=:. \
+  --twirp_out=. \
+  --twirp_eclier_out=./eclier \
   route.proto

proto/route.pb.go

@@ -1,9 +1,8 @@
-// Code generated by protoc-gen-go.
+// Code generated by protoc-gen-go. DO NOT EDIT.
 // source: route.proto
-// DO NOT EDIT!
 
 /*
-Package route is a generated protocol buffer package.
+Package proto is a generated protocol buffer package.
 
 It is generated from these files:
 	route.proto
@@ -13,25 +12,22 @@ It has these top-level messages:
 	GetRouteRequest
 	Route
 	GetAllRoutesResponse
-	IDResponse
 	Token
 	TokenSet
 	GetTokenRequest
+	Backend
+	BackendList
+	BackendSelector
+	BackendID
 */
-package route
+package proto
 
-import proto "github.com/golang/protobuf/proto"
+import proto1 "github.com/golang/protobuf/proto"
 import fmt "fmt"
 import math "math"
-import _ "github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis/google/api"
-
-import (
-	context "golang.org/x/net/context"
-	grpc "google.golang.org/grpc"
-)
 
 // Reference imports to suppress errors if they are not otherwise used.
-var _ = proto.Marshal
+var _ = proto1.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
@@ -39,32 +35,44 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto1.ProtoPackageIsVersion2 // please upgrade the proto package
 
+// Nil represents nothing.
 type Nil struct {
 }
 
 func (m *Nil) Reset()                    { *m = Nil{} }
-func (m *Nil) String() string            { return proto.CompactTextString(m) }
+func (m *Nil) String() string            { return proto1.CompactTextString(m) }
 func (*Nil) ProtoMessage()               {}
 func (*Nil) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} }
 
+// GetRouteRequest specifies the host or id of the route that the user wants
+// to fetch.
 type GetRouteRequest struct {
-	Host string `protobuf:"bytes,1,opt,name=host" json:"host,omitempty"`
+	Unused string `protobuf:"bytes,1,opt,name=unused" json:"unused,omitempty"`
+	Id     string `protobuf:"bytes,2,opt,name=id" json:"id,omitempty"`
 }
 
 func (m *GetRouteRequest) Reset()                    { *m = GetRouteRequest{} }
-func (m *GetRouteRequest) String() string            { return proto.CompactTextString(m) }
+func (m *GetRouteRequest) String() string            { return proto1.CompactTextString(m) }
 func (*GetRouteRequest) ProtoMessage()               {}
 func (*GetRouteRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{1} }
 
-func (m *GetRouteRequest) GetHost() string {
+func (m *GetRouteRequest) GetUnused() string {
 	if m != nil {
-		return m.Host
+		return m.Unused
 	}
 	return ""
 }
 
+func (m *GetRouteRequest) GetId() string {
+	if m != nil {
+		return m.Id
+	}
+	return ""
+}
+
+// Route is a single HTTP route.
 type Route struct {
 	Id      string `protobuf:"bytes,1,opt,name=id" json:"id,omitempty"`
 	Creator string `protobuf:"bytes,2,opt,name=creator" json:"creator,omitempty"`
@@ -72,7 +80,7 @@ type Route struct {
 }
 
 func (m *Route) Reset()                    { *m = Route{} }
-func (m *Route) String() string            { return proto.CompactTextString(m) }
+func (m *Route) String() string            { return proto1.CompactTextString(m) }
 func (*Route) ProtoMessage()               {}
 func (*Route) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{2} }
 
@@ -97,12 +105,13 @@ func (m *Route) GetHost() string {
 	return ""
 }
 
+// GetAllRoutesResponse encapsulates a list of routes.
 type GetAllRoutesResponse struct {
 	Routes []*Route `protobuf:"bytes,1,rep,name=routes" json:"routes,omitempty"`
 }
 
 func (m *GetAllRoutesResponse) Reset()                    { *m = GetAllRoutesResponse{} }
-func (m *GetAllRoutesResponse) String() string            { return proto.CompactTextString(m) }
+func (m *GetAllRoutesResponse) String() string            { return proto1.CompactTextString(m) }
 func (*GetAllRoutesResponse) ProtoMessage()               {}
 func (*GetAllRoutesResponse) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{3} }
 
@@ -113,22 +122,8 @@ func (m *GetAllRoutesResponse) GetRoutes() []*Route {
 	return nil
 }
 
-type IDResponse struct {
-	Id string `protobuf:"bytes,1,opt,name=id" json:"id,omitempty"`
-}
-
-func (m *IDResponse) Reset()                    { *m = IDResponse{} }
-func (m *IDResponse) String() string            { return proto.CompactTextString(m) }
-func (*IDResponse) ProtoMessage()               {}
-func (*IDResponse) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{4} }
-
-func (m *IDResponse) GetId() string {
-	if m != nil {
-		return m.Id
-	}
-	return ""
-}
-
+// Token is an individual authentication token. Id and Body will usually be
+// unique ID's or other cryptographic identifiers.
 type Token struct {
 	Id     string   `protobuf:"bytes,1,opt,name=id" json:"id,omitempty"`
 	Body   string   `protobuf:"bytes,2,opt,name=body" json:"body,omitempty"`
@@ -137,9 +132,9 @@ type Token struct {
 }
 
 func (m *Token) Reset()                    { *m = Token{} }
-func (m *Token) String() string            { return proto.CompactTextString(m) }
+func (m *Token) String() string            { return proto1.CompactTextString(m) }
 func (*Token) ProtoMessage()               {}
-func (*Token) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{5} }
+func (*Token) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{4} }
 
 func (m *Token) GetId() string {
 	if m != nil {
@@ -169,14 +164,15 @@ func (m *Token) GetActive() bool {
 	return false
 }
 
+// Tokenset encapsulates a list of tokens.
 type TokenSet struct {
 	Tokens []*Token `protobuf:"bytes,1,rep,name=tokens" json:"tokens,omitempty"`
 }
 
 func (m *TokenSet) Reset()                    { *m = TokenSet{} }
-func (m *TokenSet) String() string            { return proto.CompactTextString(m) }
+func (m *TokenSet) String() string            { return proto1.CompactTextString(m) }
 func (*TokenSet) ProtoMessage()               {}
-func (*TokenSet) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{6} }
+func (*TokenSet) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{5} }
 
 func (m *TokenSet) GetTokens() []*Token {
 	if m != nil {
@@ -191,9 +187,9 @@ type GetTokenRequest struct {
 }
 
 func (m *GetTokenRequest) Reset()                    { *m = GetTokenRequest{} }
-func (m *GetTokenRequest) String() string            { return proto.CompactTextString(m) }
+func (m *GetTokenRequest) String() string            { return proto1.CompactTextString(m) }
 func (*GetTokenRequest) ProtoMessage()               {}
-func (*GetTokenRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{7} }
+func (*GetTokenRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{6} }
 
 func (m *GetTokenRequest) GetToken() string {
 	if m != nil {
@@ -209,417 +205,187 @@ func (m *GetTokenRequest) GetId() string {
 	return ""
 }
 
+type Backend struct {
+	Id     string  `protobuf:"bytes,1,opt,name=id" json:"id,omitempty"`
+	Proto  string  `protobuf:"bytes,2,opt,name=proto" json:"proto,omitempty"`
+	User   string  `protobuf:"bytes,3,opt,name=user" json:"user,omitempty"`
+	Domain string  `protobuf:"bytes,4,opt,name=domain" json:"domain,omitempty"`
+	Phi    float32 `protobuf:"fixed32,5,opt,name=phi" json:"phi,omitempty"`
+	Host   string  `protobuf:"bytes,6,opt,name=host" json:"host,omitempty"`
+	Usable bool    `protobuf:"varint,7,opt,name=usable" json:"usable,omitempty"`
+}
+
+func (m *Backend) Reset()                    { *m = Backend{} }
+func (m *Backend) String() string            { return proto1.CompactTextString(m) }
+func (*Backend) ProtoMessage()               {}
+func (*Backend) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{7} }
+
+func (m *Backend) GetId() string {
+	if m != nil {
+		return m.Id
+	}
+	return ""
+}
+
+func (m *Backend) GetProto() string {
+	if m != nil {
+		return m.Proto
+	}
+	return ""
+}
+
+func (m *Backend) GetUser() string {
+	if m != nil {
+		return m.User
+	}
+	return ""
+}
+
+func (m *Backend) GetDomain() string {
+	if m != nil {
+		return m.Domain
+	}
+	return ""
+}
+
+func (m *Backend) GetPhi() float32 {
+	if m != nil {
+		return m.Phi
+	}
+	return 0
+}
+
+func (m *Backend) GetHost() string {
+	if m != nil {
+		return m.Host
+	}
+	return ""
+}
+
+func (m *Backend) GetUsable() bool {
+	if m != nil {
+		return m.Usable
+	}
+	return false
+}
+
+type BackendList struct {
+	Bs       *BackendSelector `protobuf:"bytes,1,opt,name=bs" json:"bs,omitempty"`
+	Backends []*Backend       `protobuf:"bytes,2,rep,name=backends" json:"backends,omitempty"`
+}
+
+func (m *BackendList) Reset()                    { *m = BackendList{} }
+func (m *BackendList) String() string            { return proto1.CompactTextString(m) }
+func (*BackendList) ProtoMessage()               {}
+func (*BackendList) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{8} }
+
+func (m *BackendList) GetBs() *BackendSelector {
+	if m != nil {
+		return m.Bs
+	}
+	return nil
+}
+
+func (m *BackendList) GetBackends() []*Backend {
+	if m != nil {
+		return m.Backends
+	}
+	return nil
+}
+
+type BackendSelector struct {
+	Domain string `protobuf:"bytes,1,opt,name=domain" json:"domain,omitempty"`
+	User   string `protobuf:"bytes,2,opt,name=user" json:"user,omitempty"`
+}
+
+func (m *BackendSelector) Reset()                    { *m = BackendSelector{} }
+func (m *BackendSelector) String() string            { return proto1.CompactTextString(m) }
+func (*BackendSelector) ProtoMessage()               {}
+func (*BackendSelector) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{9} }
+
+func (m *BackendSelector) GetDomain() string {
+	if m != nil {
+		return m.Domain
+	}
+	return ""
+}
+
+func (m *BackendSelector) GetUser() string {
+	if m != nil {
+		return m.User
+	}
+	return ""
+}
+
+type BackendID struct {
+	Id string `protobuf:"bytes,1,opt,name=id" json:"id,omitempty"`
+}
+
+func (m *BackendID) Reset()                    { *m = BackendID{} }
+func (m *BackendID) String() string            { return proto1.CompactTextString(m) }
+func (*BackendID) ProtoMessage()               {}
+func (*BackendID) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{10} }
+
+func (m *BackendID) GetId() string {
+	if m != nil {
+		return m.Id
+	}
+	return ""
+}
+
 func init() {
-	proto.RegisterType((*Nil)(nil), "route.Nil")
-	proto.RegisterType((*GetRouteRequest)(nil), "route.GetRouteRequest")
-	proto.RegisterType((*Route)(nil), "route.Route")
-	proto.RegisterType((*GetAllRoutesResponse)(nil), "route.GetAllRoutesResponse")
-	proto.RegisterType((*IDResponse)(nil), "route.IDResponse")
-	proto.RegisterType((*Token)(nil), "route.Token")
-	proto.RegisterType((*TokenSet)(nil), "route.TokenSet")
-	proto.RegisterType((*GetTokenRequest)(nil), "route.GetTokenRequest")
+	proto1.RegisterType((*Nil)(nil), "xeserv.us.route.Nil")
+	proto1.RegisterType((*GetRouteRequest)(nil), "xeserv.us.route.GetRouteRequest")
+	proto1.RegisterType((*Route)(nil), "xeserv.us.route.Route")
+	proto1.RegisterType((*GetAllRoutesResponse)(nil), "xeserv.us.route.GetAllRoutesResponse")
+	proto1.RegisterType((*Token)(nil), "xeserv.us.route.Token")
+	proto1.RegisterType((*TokenSet)(nil), "xeserv.us.route.TokenSet")
+	proto1.RegisterType((*GetTokenRequest)(nil), "xeserv.us.route.GetTokenRequest")
+	proto1.RegisterType((*Backend)(nil), "xeserv.us.route.Backend")
+	proto1.RegisterType((*BackendList)(nil), "xeserv.us.route.BackendList")
+	proto1.RegisterType((*BackendSelector)(nil), "xeserv.us.route.BackendSelector")
+	proto1.RegisterType((*BackendID)(nil), "xeserv.us.route.BackendID")
 }
 
-// Reference imports to suppress errors if they are not otherwise used.
-var _ context.Context
-var _ grpc.ClientConn
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the grpc package it is being compiled against.
-const _ = grpc.SupportPackageIsVersion4
-
-// Client API for Routes service
-
-type RoutesClient interface {
-	Get(ctx context.Context, in *GetRouteRequest, opts ...grpc.CallOption) (*Route, error)
-	GetAll(ctx context.Context, in *Nil, opts ...grpc.CallOption) (*GetAllRoutesResponse, error)
-	Put(ctx context.Context, in *Route, opts ...grpc.CallOption) (*IDResponse, error)
-	Delete(ctx context.Context, in *Route, opts ...grpc.CallOption) (*IDResponse, error)
-}
-
-type routesClient struct {
-	cc *grpc.ClientConn
-}
-
-func NewRoutesClient(cc *grpc.ClientConn) RoutesClient {
-	return &routesClient{cc}
-}
-
-func (c *routesClient) Get(ctx context.Context, in *GetRouteRequest, opts ...grpc.CallOption) (*Route, error) {
-	out := new(Route)
-	err := grpc.Invoke(ctx, "/route.Routes/Get", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *routesClient) GetAll(ctx context.Context, in *Nil, opts ...grpc.CallOption) (*GetAllRoutesResponse, error) {
-	out := new(GetAllRoutesResponse)
-	err := grpc.Invoke(ctx, "/route.Routes/GetAll", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *routesClient) Put(ctx context.Context, in *Route, opts ...grpc.CallOption) (*IDResponse, error) {
-	out := new(IDResponse)
-	err := grpc.Invoke(ctx, "/route.Routes/Put", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *routesClient) Delete(ctx context.Context, in *Route, opts ...grpc.CallOption) (*IDResponse, error) {
-	out := new(IDResponse)
-	err := grpc.Invoke(ctx, "/route.Routes/Delete", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-// Server API for Routes service
-
-type RoutesServer interface {
-	Get(context.Context, *GetRouteRequest) (*Route, error)
-	GetAll(context.Context, *Nil) (*GetAllRoutesResponse, error)
-	Put(context.Context, *Route) (*IDResponse, error)
-	Delete(context.Context, *Route) (*IDResponse, error)
-}
-
-func RegisterRoutesServer(s *grpc.Server, srv RoutesServer) {
-	s.RegisterService(&_Routes_serviceDesc, srv)
-}
-
-func _Routes_Get_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetRouteRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(RoutesServer).Get(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Routes/Get",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(RoutesServer).Get(ctx, req.(*GetRouteRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _Routes_GetAll_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Nil)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(RoutesServer).GetAll(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Routes/GetAll",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(RoutesServer).GetAll(ctx, req.(*Nil))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _Routes_Put_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Route)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(RoutesServer).Put(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Routes/Put",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(RoutesServer).Put(ctx, req.(*Route))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _Routes_Delete_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Route)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(RoutesServer).Delete(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Routes/Delete",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(RoutesServer).Delete(ctx, req.(*Route))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-var _Routes_serviceDesc = grpc.ServiceDesc{
-	ServiceName: "route.Routes",
-	HandlerType: (*RoutesServer)(nil),
-	Methods: []grpc.MethodDesc{
-		{
-			MethodName: "Get",
-			Handler:    _Routes_Get_Handler,
-		},
-		{
-			MethodName: "GetAll",
-			Handler:    _Routes_GetAll_Handler,
-		},
-		{
-			MethodName: "Put",
-			Handler:    _Routes_Put_Handler,
-		},
-		{
-			MethodName: "Delete",
-			Handler:    _Routes_Delete_Handler,
-		},
-	},
-	Streams:  []grpc.StreamDesc{},
-	Metadata: "route.proto",
-}
-
-// Client API for Tokens service
-
-type TokensClient interface {
-	Get(ctx context.Context, in *GetTokenRequest, opts ...grpc.CallOption) (*Token, error)
-	GetAll(ctx context.Context, in *Nil, opts ...grpc.CallOption) (*TokenSet, error)
-	Put(ctx context.Context, in *Token, opts ...grpc.CallOption) (*Token, error)
-	Delete(ctx context.Context, in *Token, opts ...grpc.CallOption) (*Nil, error)
-	Deactivate(ctx context.Context, in *Token, opts ...grpc.CallOption) (*Nil, error)
-}
-
-type tokensClient struct {
-	cc *grpc.ClientConn
-}
-
-func NewTokensClient(cc *grpc.ClientConn) TokensClient {
-	return &tokensClient{cc}
-}
-
-func (c *tokensClient) Get(ctx context.Context, in *GetTokenRequest, opts ...grpc.CallOption) (*Token, error) {
-	out := new(Token)
-	err := grpc.Invoke(ctx, "/route.Tokens/Get", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *tokensClient) GetAll(ctx context.Context, in *Nil, opts ...grpc.CallOption) (*TokenSet, error) {
-	out := new(TokenSet)
-	err := grpc.Invoke(ctx, "/route.Tokens/GetAll", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *tokensClient) Put(ctx context.Context, in *Token, opts ...grpc.CallOption) (*Token, error) {
-	out := new(Token)
-	err := grpc.Invoke(ctx, "/route.Tokens/Put", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *tokensClient) Delete(ctx context.Context, in *Token, opts ...grpc.CallOption) (*Nil, error) {
-	out := new(Nil)
-	err := grpc.Invoke(ctx, "/route.Tokens/Delete", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *tokensClient) Deactivate(ctx context.Context, in *Token, opts ...grpc.CallOption) (*Nil, error) {
-	out := new(Nil)
-	err := grpc.Invoke(ctx, "/route.Tokens/Deactivate", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-// Server API for Tokens service
-
-type TokensServer interface {
-	Get(context.Context, *GetTokenRequest) (*Token, error)
-	GetAll(context.Context, *Nil) (*TokenSet, error)
-	Put(context.Context, *Token) (*Token, error)
-	Delete(context.Context, *Token) (*Nil, error)
-	Deactivate(context.Context, *Token) (*Nil, error)
-}
-
-func RegisterTokensServer(s *grpc.Server, srv TokensServer) {
-	s.RegisterService(&_Tokens_serviceDesc, srv)
-}
-
-func _Tokens_Get_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetTokenRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(TokensServer).Get(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Tokens/Get",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(TokensServer).Get(ctx, req.(*GetTokenRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _Tokens_GetAll_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Nil)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(TokensServer).GetAll(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Tokens/GetAll",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(TokensServer).GetAll(ctx, req.(*Nil))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _Tokens_Put_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Token)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(TokensServer).Put(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Tokens/Put",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(TokensServer).Put(ctx, req.(*Token))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _Tokens_Delete_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Token)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(TokensServer).Delete(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Tokens/Delete",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(TokensServer).Delete(ctx, req.(*Token))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _Tokens_Deactivate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Token)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(TokensServer).Deactivate(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Tokens/Deactivate",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(TokensServer).Deactivate(ctx, req.(*Token))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-var _Tokens_serviceDesc = grpc.ServiceDesc{
-	ServiceName: "route.Tokens",
-	HandlerType: (*TokensServer)(nil),
-	Methods: []grpc.MethodDesc{
-		{
-			MethodName: "Get",
-			Handler:    _Tokens_Get_Handler,
-		},
-		{
-			MethodName: "GetAll",
-			Handler:    _Tokens_GetAll_Handler,
-		},
-		{
-			MethodName: "Put",
-			Handler:    _Tokens_Put_Handler,
-		},
-		{
-			MethodName: "Delete",
-			Handler:    _Tokens_Delete_Handler,
-		},
-		{
-			MethodName: "Deactivate",
-			Handler:    _Tokens_Deactivate_Handler,
-		},
-	},
-	Streams:  []grpc.StreamDesc{},
-	Metadata: "route.proto",
-}
-
-func init() { proto.RegisterFile("route.proto", fileDescriptor0) }
+func init() { proto1.RegisterFile("route.proto", fileDescriptor0) }
 
 var fileDescriptor0 = []byte{
-	// 487 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x84, 0x93, 0xcf, 0x6e, 0xd3, 0x40,
-	0x10, 0xc6, 0x15, 0x3b, 0x36, 0xed, 0xb4, 0x6a, 0xe9, 0x50, 0x82, 0x31, 0x45, 0x8a, 0x56, 0x20,
-	0x45, 0x3d, 0xd4, 0x10, 0x04, 0x08, 0xc4, 0x05, 0x91, 0x10, 0x71, 0xa9, 0x90, 0xcb, 0x8d, 0x93,
-	0x9b, 0x8c, 0x8a, 0x85, 0xe5, 0x0d, 0xde, 0x4d, 0x24, 0x84, 0xb8, 0xf0, 0x0a, 0x9c, 0x78, 0x19,
-	0x5e, 0x82, 0x57, 0xe0, 0x41, 0x90, 0x67, 0xd7, 0x89, 0xff, 0x20, 0xb8, 0xed, 0xec, 0xee, 0xf7,
-	0xed, 0x37, 0xbf, 0xb1, 0x61, 0xaf, 0x90, 0x2b, 0x4d, 0x67, 0xcb, 0x42, 0x6a, 0x89, 0x1e, 0x17,
-	0xe1, 0xc9, 0x95, 0x94, 0x57, 0x19, 0x45, 0xc9, 0x32, 0x8d, 0x92, 0x3c, 0x97, 0x3a, 0xd1, 0xa9,
-	0xcc, 0x95, 0xb9, 0x24, 0x3c, 0x70, 0xcf, 0xd3, 0x4c, 0xdc, 0x87, 0xc3, 0x19, 0xe9, 0xb8, 0x14,
-	0xc4, 0xf4, 0x69, 0x45, 0x4a, 0x23, 0x42, 0xff, 0x83, 0x54, 0x3a, 0xe8, 0x0d, 0x7b, 0xa3, 0xdd,
-	0x98, 0xd7, 0x62, 0x0a, 0x1e, 0xdf, 0xc1, 0x03, 0x70, 0xd2, 0x85, 0x3d, 0x72, 0xd2, 0x05, 0x06,
-	0x70, 0x6d, 0x5e, 0x50, 0xa2, 0x65, 0x11, 0x38, 0xbc, 0x59, 0x95, 0x1b, 0x1b, 0xb7, 0x66, 0xf3,
-	0x02, 0x8e, 0x67, 0xa4, 0x5f, 0x66, 0x19, 0x9b, 0xa9, 0x98, 0xd4, 0x52, 0xe6, 0x8a, 0xf0, 0x1e,
-	0xf8, 0x9c, 0x59, 0x05, 0xbd, 0xa1, 0x3b, 0xda, 0x1b, 0xef, 0x9f, 0x99, 0x7e, 0x4c, 0x2e, 0x7b,
-	0x26, 0x4e, 0x00, 0xde, 0x4c, 0x36, 0x9a, 0x56, 0x12, 0xf1, 0x1e, 0xbc, 0x77, 0xf2, 0x23, 0xe5,
-	0x9d, 0x88, 0x08, 0xfd, 0x4b, 0xb9, 0xf8, 0x6c, 0xf3, 0xf1, 0x1a, 0x07, 0xe0, 0xab, 0xb9, 0x5c,
-	0x92, 0x0a, 0xdc, 0xa1, 0x3b, 0xda, 0x8d, 0x6d, 0x55, 0xee, 0x27, 0x73, 0x9d, 0xae, 0x29, 0xe8,
-	0x0f, 0x7b, 0xa3, 0x9d, 0xd8, 0x56, 0xe2, 0x01, 0xec, 0xb0, 0xf9, 0x05, 0xe9, 0x32, 0xac, 0x2e,
-	0xd7, 0xed, 0xb0, 0x7c, 0x21, 0xb6, 0x67, 0xe2, 0x29, 0x83, 0x35, 0x7b, 0x16, 0xec, 0x31, 0x78,
-	0x7c, 0x68, 0xb3, 0x99, 0xc2, 0xc6, 0x75, 0xaa, 0xb8, 0xe3, 0x1f, 0x0e, 0xf8, 0x06, 0x0f, 0xbe,
-	0x06, 0x77, 0x46, 0x1a, 0x07, 0xf6, 0x81, 0xd6, 0xa0, 0xc2, 0x06, 0x25, 0x71, 0xfb, 0xdb, 0xaf,
-	0xdf, 0xdf, 0x9d, 0x1b, 0x78, 0x14, 0xad, 0x1f, 0x46, 0x86, 0x58, 0xf4, 0xa5, 0xa4, 0xfe, 0x15,
-	0xa7, 0xe0, 0x1b, 0xec, 0x08, 0x56, 0x72, 0x9e, 0x66, 0xe1, 0x9d, 0xad, 0x6d, 0x67, 0x22, 0x02,
-	0xd9, 0x6d, 0x1f, 0x61, 0xeb, 0x86, 0xcf, 0xc1, 0x7d, 0xbb, 0xd2, 0xd8, 0x78, 0x36, 0x3c, 0xb2,
-	0xd5, 0x76, 0x32, 0x95, 0x56, 0xd4, 0xb5, 0x13, 0xf0, 0x27, 0x94, 0x91, 0xa6, 0xff, 0xcb, 0x6d,
-	0x23, 0xa7, 0xdd, 0x46, 0xc6, 0x3f, 0x1d, 0xf0, 0x19, 0xa9, 0xc2, 0x57, 0x1d, 0x36, 0x75, 0xd6,
-	0x61, 0x63, 0x28, 0x62, 0xc0, 0x96, 0xd7, 0xf1, 0xa0, 0xb4, 0x34, 0x03, 0x8a, 0x64, 0x4e, 0xf8,
-	0xec, 0xaf, 0x60, 0x0e, 0xeb, 0xda, 0x0b, 0xd2, 0x4d, 0x18, 0x46, 0x8e, 0x8f, 0x9b, 0x30, 0xf8,
-	0x6e, 0xeb, 0xd5, 0x06, 0x07, 0x2b, 0x7b, 0xd2, 0xe1, 0x60, 0x94, 0xb5, 0xf7, 0x2b, 0xdd, 0x69,
-	0x5d, 0x37, 0x05, 0x98, 0x10, 0x7f, 0x8c, 0xc9, 0x3f, 0xb5, 0x77, 0x59, 0x7b, 0x4b, 0xdc, 0xac,
-	0x75, 0xba, 0xd8, 0x08, 0x2f, 0x7d, 0xfe, 0xf9, 0x1f, 0xfd, 0x09, 0x00, 0x00, 0xff, 0xff, 0xd3,
-	0x68, 0x6e, 0x4f, 0x30, 0x04, 0x00, 0x00,
+	// 579 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x54, 0xc1, 0x6e, 0xd3, 0x40,
+	0x10, 0x8d, 0xed, 0xd8, 0x49, 0x27, 0x12, 0x41, 0xa3, 0xa8, 0x32, 0x81, 0x83, 0xb5, 0x12, 0x52,
+	0x4e, 0x16, 0x0a, 0x48, 0x85, 0x02, 0x87, 0x56, 0x81, 0x50, 0x81, 0x2a, 0xe4, 0x70, 0x82, 0x93,
+	0x1d, 0x8f, 0x54, 0xab, 0x26, 0x0e, 0xde, 0x75, 0x05, 0x5f, 0xc0, 0x95, 0x2b, 0x9f, 0xc2, 0xdf,
+	0x21, 0xcf, 0x6e, 0xda, 0x12, 0xc7, 0xa9, 0x38, 0x65, 0x66, 0xf6, 0xcd, 0xfa, 0xbd, 0xb7, 0x33,
+	0x81, 0x41, 0x59, 0x54, 0x8a, 0xc2, 0x75, 0x59, 0xa8, 0x02, 0x87, 0xdf, 0x49, 0x52, 0x79, 0x15,
+	0x56, 0x32, 0xe4, 0xb2, 0x70, 0xc1, 0x39, 0xcf, 0x72, 0xf1, 0x02, 0x86, 0x73, 0x52, 0x51, 0x5d,
+	0x8a, 0xe8, 0x5b, 0x45, 0x52, 0xe1, 0x21, 0x78, 0xd5, 0xaa, 0x92, 0x94, 0xfa, 0x56, 0x60, 0x4d,
+	0x0e, 0x22, 0x93, 0xe1, 0x3d, 0xb0, 0xb3, 0xd4, 0xb7, 0xb9, 0x66, 0x67, 0xa9, 0x78, 0x03, 0x2e,
+	0xf7, 0x99, 0x03, 0x6b, 0x73, 0x80, 0x3e, 0xf4, 0x96, 0x25, 0xc5, 0xaa, 0x28, 0x0d, 0x7a, 0x93,
+	0x22, 0x42, 0xf7, 0xa2, 0x90, 0xca, 0x77, 0xb8, 0xcc, 0xb1, 0x78, 0x0b, 0xa3, 0x39, 0xa9, 0x93,
+	0x3c, 0xe7, 0xcb, 0x64, 0x44, 0x72, 0x5d, 0xac, 0x24, 0x61, 0x08, 0x1e, 0x33, 0x95, 0xbe, 0x15,
+	0x38, 0x93, 0xc1, 0xf4, 0x30, 0xdc, 0x92, 0x10, 0x6a, 0xd6, 0x06, 0x25, 0xbe, 0x80, 0xfb, 0xa9,
+	0xb8, 0xa4, 0x55, 0x83, 0x0e, 0x42, 0x37, 0x29, 0xd2, 0x1f, 0x86, 0x0b, 0xc7, 0xb5, 0x46, 0xb9,
+	0x2c, 0xd6, 0x24, 0x7d, 0x27, 0x70, 0x6a, 0x8d, 0x3a, 0xab, 0xeb, 0xf1, 0x52, 0x65, 0x57, 0xe4,
+	0x77, 0x03, 0x6b, 0xd2, 0x8f, 0x4c, 0x26, 0x8e, 0xa1, 0xcf, 0x97, 0x2f, 0x48, 0xd5, 0xc4, 0x54,
+	0x1d, 0xb7, 0x13, 0x63, 0x68, 0x64, 0x50, 0xe2, 0x88, 0x2d, 0xd6, 0x35, 0x63, 0xf1, 0x08, 0x5c,
+	0x3e, 0x34, 0x2c, 0x75, 0xd2, 0x30, 0xf8, 0xb7, 0x05, 0xbd, 0xd3, 0x78, 0x79, 0x49, 0xab, 0xb4,
+	0x21, 0x6a, 0x04, 0x2e, 0x3f, 0xac, 0x81, 0xeb, 0xa4, 0x96, 0x5a, 0x49, 0x2a, 0x37, 0xfe, 0xd6,
+	0x71, 0x2d, 0x29, 0x2d, 0xbe, 0xc6, 0xd9, 0x8a, 0x25, 0x1d, 0x44, 0x26, 0xc3, 0xfb, 0xe0, 0xac,
+	0x2f, 0x32, 0xdf, 0x0d, 0xac, 0x89, 0x1d, 0xd5, 0xe1, 0xf5, 0xeb, 0x78, 0x37, 0xaf, 0xc3, 0xc3,
+	0x20, 0xe3, 0x24, 0x27, 0xbf, 0xa7, 0x0d, 0xd1, 0x99, 0xa8, 0x60, 0x60, 0xa8, 0x7d, 0xc8, 0xa4,
+	0xc2, 0x27, 0x60, 0x27, 0x92, 0xe9, 0x0d, 0xa6, 0x41, 0xc3, 0x0f, 0x83, 0x5c, 0x50, 0x4e, 0x4b,
+	0x55, 0x94, 0x91, 0x9d, 0x48, 0x7c, 0x06, 0xfd, 0x44, 0x97, 0xa5, 0x6f, 0xb3, 0x8f, 0x7e, 0x5b,
+	0x5f, 0x74, 0x8d, 0x14, 0xaf, 0x61, 0xb8, 0x75, 0xd9, 0x2d, 0x7d, 0xd6, 0x3f, 0xfa, 0x36, 0x5e,
+	0xd8, 0x37, 0x5e, 0x88, 0x87, 0x70, 0x60, 0xda, 0xcf, 0x66, 0xdb, 0x96, 0x4e, 0x7f, 0xda, 0xe0,
+	0xe9, 0x19, 0xc4, 0x13, 0x70, 0xe6, 0xa4, 0xb0, 0xa9, 0x64, 0x6b, 0x57, 0xc6, 0x2d, 0x43, 0x29,
+	0x3a, 0x38, 0x07, 0x4f, 0x8f, 0x35, 0x8e, 0x1a, 0x98, 0xf3, 0x2c, 0x1f, 0x3f, 0xde, 0x75, 0x77,
+	0x63, 0x0b, 0x44, 0x07, 0x8f, 0xc0, 0xf9, 0x58, 0x29, 0x6c, 0xf9, 0xd2, 0x1e, 0x06, 0xcf, 0xc1,
+	0x9b, 0x51, 0x4e, 0x8a, 0x5a, 0x7b, 0x77, 0x32, 0x13, 0x9d, 0xe9, 0x1f, 0x1b, 0x3c, 0x9e, 0xd7,
+	0xfd, 0x4e, 0xdc, 0x1e, 0xe9, 0x71, 0xcb, 0x16, 0x88, 0x0e, 0xbe, 0xbc, 0xc3, 0x89, 0x07, 0xbb,
+	0x3b, 0x17, 0xa4, 0xf6, 0xa9, 0x67, 0xcc, 0x9e, 0xaf, 0xee, 0x53, 0xaf, 0x7b, 0x5b, 0xd4, 0xe3,
+	0x2b, 0x80, 0x19, 0xf1, 0xde, 0xc7, 0xff, 0xdf, 0x3d, 0xfd, 0x65, 0x41, 0xdf, 0xcc, 0x98, 0xc4,
+	0x77, 0xd0, 0xe5, 0xf5, 0xb8, 0x73, 0x25, 0xc6, 0x8f, 0xda, 0x10, 0x75, 0xbf, 0xe8, 0xe0, 0x31,
+	0x74, 0xdf, 0x67, 0x79, 0x8e, 0xe3, 0x36, 0xdc, 0xd9, 0xac, 0x8d, 0xd2, 0x69, 0xef, 0xb3, 0xfe,
+	0x7b, 0x48, 0x3c, 0xfe, 0x79, 0xfa, 0x37, 0x00, 0x00, 0xff, 0xff, 0x0e, 0x50, 0x5f, 0x13, 0x1a,
+	0x06, 0x00, 0x00,
 }

proto/route.pb.gw.go

@@ -1,555 +0,0 @@
-// Code generated by protoc-gen-grpc-gateway
-// source: route.proto
-// DO NOT EDIT!
-
-/*
-Package route is a reverse proxy.
-
-It translates gRPC into RESTful JSON APIs.
-*/
-package route
-
-import (
-	"io"
-	"net/http"
-
-	"github.com/golang/protobuf/proto"
-	"github.com/grpc-ecosystem/grpc-gateway/runtime"
-	"github.com/grpc-ecosystem/grpc-gateway/utilities"
-	"golang.org/x/net/context"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/grpclog"
-)
-
-var _ codes.Code
-var _ io.Reader
-var _ = runtime.String
-var _ = utilities.NewDoubleArray
-
-func request_Routes_Get_0(ctx context.Context, marshaler runtime.Marshaler, client RoutesClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq GetRouteRequest
-	var metadata runtime.ServerMetadata
-
-	var (
-		val string
-		ok  bool
-		err error
-		_   = err
-	)
-
-	val, ok = pathParams["host"]
-	if !ok {
-		return nil, metadata, grpc.Errorf(codes.InvalidArgument, "missing parameter %s", "host")
-	}
-
-	protoReq.Host, err = runtime.String(val)
-
-	if err != nil {
-		return nil, metadata, err
-	}
-
-	msg, err := client.Get(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
-	return msg, metadata, err
-
-}
-
-func request_Routes_GetAll_0(ctx context.Context, marshaler runtime.Marshaler, client RoutesClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq Nil
-	var metadata runtime.ServerMetadata
-
-	msg, err := client.GetAll(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
-	return msg, metadata, err
-
-}
-
-var (
-	filter_Routes_Put_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)}
-)
-
-func request_Routes_Put_0(ctx context.Context, marshaler runtime.Marshaler, client RoutesClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq Route
-	var metadata runtime.ServerMetadata
-
-	if err := runtime.PopulateQueryParameters(&protoReq, req.URL.Query(), filter_Routes_Put_0); err != nil {
-		return nil, metadata, grpc.Errorf(codes.InvalidArgument, "%v", err)
-	}
-
-	msg, err := client.Put(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
-	return msg, metadata, err
-
-}
-
-var (
-	filter_Routes_Delete_0 = &utilities.DoubleArray{Encoding: map[string]int{"host": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}}
-)
-
-func request_Routes_Delete_0(ctx context.Context, marshaler runtime.Marshaler, client RoutesClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq Route
-	var metadata runtime.ServerMetadata
-
-	var (
-		val string
-		ok  bool
-		err error
-		_   = err
-	)
-
-	val, ok = pathParams["host"]
-	if !ok {
-		return nil, metadata, grpc.Errorf(codes.InvalidArgument, "missing parameter %s", "host")
-	}
-
-	protoReq.Host, err = runtime.String(val)
-
-	if err != nil {
-		return nil, metadata, err
-	}
-
-	if err := runtime.PopulateQueryParameters(&protoReq, req.URL.Query(), filter_Routes_Delete_0); err != nil {
-		return nil, metadata, grpc.Errorf(codes.InvalidArgument, "%v", err)
-	}
-
-	msg, err := client.Delete(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
-	return msg, metadata, err
-
-}
-
-var (
-	filter_Tokens_Get_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)}
-)
-
-func request_Tokens_Get_0(ctx context.Context, marshaler runtime.Marshaler, client TokensClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq GetTokenRequest
-	var metadata runtime.ServerMetadata
-
-	if err := runtime.PopulateQueryParameters(&protoReq, req.URL.Query(), filter_Tokens_Get_0); err != nil {
-		return nil, metadata, grpc.Errorf(codes.InvalidArgument, "%v", err)
-	}
-
-	msg, err := client.Get(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
-	return msg, metadata, err
-
-}
-
-func request_Tokens_GetAll_0(ctx context.Context, marshaler runtime.Marshaler, client TokensClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq Nil
-	var metadata runtime.ServerMetadata
-
-	msg, err := client.GetAll(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
-	return msg, metadata, err
-
-}
-
-var (
-	filter_Tokens_Put_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)}
-)
-
-func request_Tokens_Put_0(ctx context.Context, marshaler runtime.Marshaler, client TokensClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq Token
-	var metadata runtime.ServerMetadata
-
-	if err := runtime.PopulateQueryParameters(&protoReq, req.URL.Query(), filter_Tokens_Put_0); err != nil {
-		return nil, metadata, grpc.Errorf(codes.InvalidArgument, "%v", err)
-	}
-
-	msg, err := client.Put(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
-	return msg, metadata, err
-
-}
-
-var (
-	filter_Tokens_Delete_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)}
-)
-
-func request_Tokens_Delete_0(ctx context.Context, marshaler runtime.Marshaler, client TokensClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq Token
-	var metadata runtime.ServerMetadata
-
-	if err := runtime.PopulateQueryParameters(&protoReq, req.URL.Query(), filter_Tokens_Delete_0); err != nil {
-		return nil, metadata, grpc.Errorf(codes.InvalidArgument, "%v", err)
-	}
-
-	msg, err := client.Delete(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
-	return msg, metadata, err
-
-}
-
-var (
-	filter_Tokens_Deactivate_0 = &utilities.DoubleArray{Encoding: map[string]int{}, Base: []int(nil), Check: []int(nil)}
-)
-
-func request_Tokens_Deactivate_0(ctx context.Context, marshaler runtime.Marshaler, client TokensClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq Token
-	var metadata runtime.ServerMetadata
-
-	if err := runtime.PopulateQueryParameters(&protoReq, req.URL.Query(), filter_Tokens_Deactivate_0); err != nil {
-		return nil, metadata, grpc.Errorf(codes.InvalidArgument, "%v", err)
-	}
-
-	msg, err := client.Deactivate(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
-	return msg, metadata, err
-
-}
-
-// RegisterRoutesHandlerFromEndpoint is same as RegisterRoutesHandler but
-// automatically dials to "endpoint" and closes the connection when "ctx" gets done.
-func RegisterRoutesHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error) {
-	conn, err := grpc.Dial(endpoint, opts...)
-	if err != nil {
-		return err
-	}
-	defer func() {
-		if err != nil {
-			if cerr := conn.Close(); cerr != nil {
-				grpclog.Printf("Failed to close conn to %s: %v", endpoint, cerr)
-			}
-			return
-		}
-		go func() {
-			<-ctx.Done()
-			if cerr := conn.Close(); cerr != nil {
-				grpclog.Printf("Failed to close conn to %s: %v", endpoint, cerr)
-			}
-		}()
-	}()
-
-	return RegisterRoutesHandler(ctx, mux, conn)
-}
-
-// RegisterRoutesHandler registers the http handlers for service Routes to "mux".
-// The handlers forward requests to the grpc endpoint over "conn".
-func RegisterRoutesHandler(ctx context.Context, mux *runtime.ServeMux, conn *grpc.ClientConn) error {
-	client := NewRoutesClient(conn)
-
-	mux.Handle("GET", pattern_Routes_Get_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
-		ctx, cancel := context.WithCancel(ctx)
-		defer cancel()
-		if cn, ok := w.(http.CloseNotifier); ok {
-			go func(done <-chan struct{}, closed <-chan bool) {
-				select {
-				case <-done:
-				case <-closed:
-					cancel()
-				}
-			}(ctx.Done(), cn.CloseNotify())
-		}
-		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		rctx, err := runtime.AnnotateContext(ctx, req)
-		if err != nil {
-			runtime.HTTPError(ctx, outboundMarshaler, w, req, err)
-		}
-		resp, md, err := request_Routes_Get_0(rctx, inboundMarshaler, client, req, pathParams)
-		ctx = runtime.NewServerMetadataContext(ctx, md)
-		if err != nil {
-			runtime.HTTPError(ctx, outboundMarshaler, w, req, err)
-			return
-		}
-
-		forward_Routes_Get_0(ctx, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
-
-	})
-
-	mux.Handle("GET", pattern_Routes_GetAll_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
-		ctx, cancel := context.WithCancel(ctx)
-		defer cancel()
-		if cn, ok := w.(http.CloseNotifier); ok {
-			go func(done <-chan struct{}, closed <-chan bool) {
-				select {
-				case <-done:
-				case <-closed:
-					cancel()
-				}
-			}(ctx.Done(), cn.CloseNotify())
-		}
-		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		rctx, err := runtime.AnnotateContext(ctx, req)
-		if err != nil {
-			runtime.HTTPError(ctx, outboundMarshaler, w, req, err)
-		}
-		resp, md, err := request_Routes_GetAll_0(rctx, inboundMarshaler, client, req, pathParams)
-		ctx = runtime.NewServerMetadataContext(ctx, md)
-		if err != nil {
-			runtime.HTTPError(ctx, outboundMarshaler, w, req, err)
-			return
-		}
-
-		forward_Routes_GetAll_0(ctx, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
-
-	})
-
-	mux.Handle("POST", pattern_Routes_Put_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
-		ctx, cancel := context.WithCancel(ctx)
-		defer cancel()
-		if cn, ok := w.(http.CloseNotifier); ok {
-			go func(done <-chan struct{}, closed <-chan bool) {
-				select {
-				case <-done:
-				case <-closed:
-					cancel()
-				}
-			}(ctx.Done(), cn.CloseNotify())
-		}
-		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		rctx, err := runtime.AnnotateContext(ctx, req)
-		if err != nil {
-			runtime.HTTPError(ctx, outboundMarshaler, w, req, err)
-		}
-		resp, md, err := request_Routes_Put_0(rctx, inboundMarshaler, client, req, pathParams)
-		ctx = runtime.NewServerMetadataContext(ctx, md)
-		if err != nil {
-			runtime.HTTPError(ctx, outboundMarshaler, w, req, err)
-			return
-		}
-
-		forward_Routes_Put_0(ctx, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
-
-	})
-
-	mux.Handle("DELETE", pattern_Routes_Delete_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
-		ctx, cancel := context.WithCancel(ctx)
-		defer cancel()
-		if cn, ok := w.(http.CloseNotifier); ok {
-			go func(done <-chan struct{}, closed <-chan bool) {
-				select {
-				case <-done:
-				case <-closed:
-					cancel()
-				}
-			}(ctx.Done(), cn.CloseNotify())
-		}
-		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		rctx, err := runtime.AnnotateContext(ctx, req)
-		if err != nil {
-			runtime.HTTPError(ctx, outboundMarshaler, w, req, err)
-		}
-		resp, md, err := request_Routes_Delete_0(rctx, inboundMarshaler, client, req, pathParams)
-		ctx = runtime.NewServerMetadataContext(ctx, md)
-		if err != nil {
-			runtime.HTTPError(ctx, outboundMarshaler, w, req, err)
-			return
-		}
-
-		forward_Routes_Delete_0(ctx, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
-
-	})
-
-	return nil
-}
-
-var (
-	pattern_Routes_Get_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 1, 0, 4, 1, 5, 2}, []string{"v1", "routes", "host"}, ""))
-
-	pattern_Routes_GetAll_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"v1", "routes"}, ""))
-
-	pattern_Routes_Put_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"v1", "routes"}, ""))
-
-	pattern_Routes_Delete_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 1, 0, 4, 1, 5, 2}, []string{"v1", "routes", "host"}, ""))
-)
-
-var (
-	forward_Routes_Get_0 = runtime.ForwardResponseMessage
-
-	forward_Routes_GetAll_0 = runtime.ForwardResponseMessage
-
-	forward_Routes_Put_0 = runtime.ForwardResponseMessage
-
-	forward_Routes_Delete_0 = runtime.ForwardResponseMessage
-)
-
-// RegisterTokensHandlerFromEndpoint is same as RegisterTokensHandler but
-// automatically dials to "endpoint" and closes the connection when "ctx" gets done.
-func RegisterTokensHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error) {
-	conn, err := grpc.Dial(endpoint, opts...)
-	if err != nil {
-		return err
-	}
-	defer func() {
-		if err != nil {
-			if cerr := conn.Close(); cerr != nil {
-				grpclog.Printf("Failed to close conn to %s: %v", endpoint, cerr)
-			}
-			return
-		}
-		go func() {
-			<-ctx.Done()
-			if cerr := conn.Close(); cerr != nil {
-				grpclog.Printf("Failed to close conn to %s: %v", endpoint, cerr)
-			}
-		}()
-	}()
-
-	return RegisterTokensHandler(ctx, mux, conn)
-}
-
-// RegisterTokensHandler registers the http handlers for service Tokens to "mux".
-// The handlers forward requests to the grpc endpoint over "conn".
-func RegisterTokensHandler(ctx context.Context, mux *runtime.ServeMux, conn *grpc.ClientConn) error {
-	client := NewTokensClient(conn)
-
-	mux.Handle("GET", pattern_Tokens_Get_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
-		ctx, cancel := context.WithCancel(ctx)
-		defer cancel()
-		if cn, ok := w.(http.CloseNotifier); ok {
-			go func(done <-chan struct{}, closed <-chan bool) {
-				select {
-				case <-done:
-				case <-closed:
-					cancel()
-				}
-			}(ctx.Done(), cn.CloseNotify())
-		}
-		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		rctx, err := runtime.AnnotateContext(ctx, req)
-		if err != nil {
-			runtime.HTTPError(ctx, outboundMarshaler, w, req, err)
-		}
-		resp, md, err := request_Tokens_Get_0(rctx, inboundMarshaler, client, req, pathParams)
-		ctx = runtime.NewServerMetadataContext(ctx, md)
-		if err != nil {
-			runtime.HTTPError(ctx, outboundMarshaler, w, req, err)
-			return
-		}
-
-		forward_Tokens_Get_0(ctx, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
-
-	})
-
-	mux.Handle("GET", pattern_Tokens_GetAll_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
-		ctx, cancel := context.WithCancel(ctx)
-		defer cancel()
-		if cn, ok := w.(http.CloseNotifier); ok {
-			go func(done <-chan struct{}, closed <-chan bool) {
-				select {
-				case <-done:
-				case <-closed:
-					cancel()
-				}
-			}(ctx.Done(), cn.CloseNotify())
-		}
-		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		rctx, err := runtime.AnnotateContext(ctx, req)
-		if err != nil {
-			runtime.HTTPError(ctx, outboundMarshaler, w, req, err)
-		}
-		resp, md, err := request_Tokens_GetAll_0(rctx, inboundMarshaler, client, req, pathParams)
-		ctx = runtime.NewServerMetadataContext(ctx, md)
-		if err != nil {
-			runtime.HTTPError(ctx, outboundMarshaler, w, req, err)
-			return
-		}
-
-		forward_Tokens_GetAll_0(ctx, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
-
-	})
-
-	mux.Handle("POST", pattern_Tokens_Put_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
-		ctx, cancel := context.WithCancel(ctx)
-		defer cancel()
-		if cn, ok := w.(http.CloseNotifier); ok {
-			go func(done <-chan struct{}, closed <-chan bool) {
-				select {
-				case <-done:
-				case <-closed:
-					cancel()
-				}
-			}(ctx.Done(), cn.CloseNotify())
-		}
-		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		rctx, err := runtime.AnnotateContext(ctx, req)
-		if err != nil {
-			runtime.HTTPError(ctx, outboundMarshaler, w, req, err)
-		}
-		resp, md, err := request_Tokens_Put_0(rctx, inboundMarshaler, client, req, pathParams)
-		ctx = runtime.NewServerMetadataContext(ctx, md)
-		if err != nil {
-			runtime.HTTPError(ctx, outboundMarshaler, w, req, err)
-			return
-		}
-
-		forward_Tokens_Put_0(ctx, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
-
-	})
-
-	mux.Handle("DELETE", pattern_Tokens_Delete_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
-		ctx, cancel := context.WithCancel(ctx)
-		defer cancel()
-		if cn, ok := w.(http.CloseNotifier); ok {
-			go func(done <-chan struct{}, closed <-chan bool) {
-				select {
-				case <-done:
-				case <-closed:
-					cancel()
-				}
-			}(ctx.Done(), cn.CloseNotify())
-		}
-		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		rctx, err := runtime.AnnotateContext(ctx, req)
-		if err != nil {
-			runtime.HTTPError(ctx, outboundMarshaler, w, req, err)
-		}
-		resp, md, err := request_Tokens_Delete_0(rctx, inboundMarshaler, client, req, pathParams)
-		ctx = runtime.NewServerMetadataContext(ctx, md)
-		if err != nil {
-			runtime.HTTPError(ctx, outboundMarshaler, w, req, err)
-			return
-		}
-
-		forward_Tokens_Delete_0(ctx, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
-
-	})
-
-	mux.Handle("POST", pattern_Tokens_Deactivate_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
-		ctx, cancel := context.WithCancel(ctx)
-		defer cancel()
-		if cn, ok := w.(http.CloseNotifier); ok {
-			go func(done <-chan struct{}, closed <-chan bool) {
-				select {
-				case <-done:
-				case <-closed:
-					cancel()
-				}
-			}(ctx.Done(), cn.CloseNotify())
-		}
-		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		rctx, err := runtime.AnnotateContext(ctx, req)
-		if err != nil {
-			runtime.HTTPError(ctx, outboundMarshaler, w, req, err)
-		}
-		resp, md, err := request_Tokens_Deactivate_0(rctx, inboundMarshaler, client, req, pathParams)
-		ctx = runtime.NewServerMetadataContext(ctx, md)
-		if err != nil {
-			runtime.HTTPError(ctx, outboundMarshaler, w, req, err)
-			return
-		}
-
-		forward_Tokens_Deactivate_0(ctx, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
-
-	})
-
-	return nil
-}
-
-var (
-	pattern_Tokens_Get_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"v1", "tokens", "one"}, ""))
-
-	pattern_Tokens_GetAll_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"v1", "tokens"}, ""))
-
-	pattern_Tokens_Put_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"v1", "tokens"}, ""))
-
-	pattern_Tokens_Delete_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"v1", "tokens"}, ""))
-
-	pattern_Tokens_Deactivate_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"v1", "tokens", "deactivate"}, ""))
-)
-
-var (
-	forward_Tokens_Get_0 = runtime.ForwardResponseMessage
-
-	forward_Tokens_GetAll_0 = runtime.ForwardResponseMessage
-
-	forward_Tokens_Put_0 = runtime.ForwardResponseMessage
-
-	forward_Tokens_Delete_0 = runtime.ForwardResponseMessage
-
-	forward_Tokens_Deactivate_0 = runtime.ForwardResponseMessage
-)

proto/route.proto

@@ -1,96 +1,68 @@
 syntax = "proto3";
 
-// option go_package = "git.xeserv.us/xena/route/routerpc/routegrpc;routegrpc";
-
-package route;
-
-import "google/api/annotations.proto";
+package xeserv.us.route;
+option go_package = "proto";
 
+// Nil represents nothing.
 message Nil {}
 
+// Routes lets users manage and manipulate http routes.
 service Routes {
-  rpc Get(GetRouteRequest) returns (Route) {
-    option (google.api.http) = {
-      get: "/v1/routes/{host}"
-    };
-  }
+  // Get fetches a single route based on the Host or ID.
+  rpc Get(GetRouteRequest) returns (Route) {}
 
-  rpc GetAll(Nil) returns (GetAllRoutesResponse) {
-    option (google.api.http) = {
-      get: "/v1/routes"
-    };
-  }
+  // GetAll fetches all of the routes that the user owns.
+  rpc GetAll(Nil) returns (GetAllRoutesResponse) {}
 
-  rpc Put(Route) returns (IDResponse) {
-    option (google.api.http) = {
-      post: "/v1/routes"
-    };
-  }
+  // Put creates a new route based on user-supplied details.
+  rpc Put(Route) returns (Route) {}
 
-  rpc Delete(Route) returns (IDResponse) {
-    option (google.api.http) = {
-      delete: "/v1/routes/{host}"
-    };
-  }
+  // Delete removes a route.
+  rpc Delete(Route) returns (Nil) {}
 }
 
+// GetRouteRequest specifies the host or id of the route that the user wants
+// to fetch.
 message GetRouteRequest {
-  string host = 1;
+  string unused = 1;
+  string id = 2;
 }
 
+// Route is a single HTTP route. 
 message Route {
   string id = 1;
   string creator = 2;
   string host = 3;
 }
 
+// GetAllRoutesResponse encapsulates a list of routes.
 message GetAllRoutesResponse {
   repeated Route routes = 1;
 }
 
-message IDResponse {
-  string id = 1;
-}
-
+// Tokens lets a user manage the database authentication tokens.
 service Tokens {
-  rpc Get(GetTokenRequest) returns (Token) {
-    option (google.api.http) = {
-      get: "/v1/tokens/one"
-    };
-  }
+  rpc Get(GetTokenRequest) returns (Token) {}
 
-  rpc GetAll(Nil) returns (TokenSet) {
-    option (google.api.http) = {
-      get: "/v1/tokens"
-    };
-  }
+  rpc GetAll(Nil) returns (TokenSet) {}
 
-  rpc Put(Token) returns (Token) {
-    option (google.api.http) = {
-      post: "/v1/tokens"
-    };
-  }
+  rpc Put(Token) returns (Token) {}
 
-  rpc Delete(Token) returns (Nil) {
-    option (google.api.http) = {
-      delete: "/v1/tokens"
-    };
-  }
+  rpc Delete(Token) returns (Nil) {}
 
-  rpc Deactivate(Token) returns (Nil) {
-    option (google.api.http) = {
-      post: "/v1/tokens/deactivate"
-    };
-  }
+  rpc Deactivate(Token) returns (Nil) {}
 }
 
+// Token is an individual authentication token. Id and Body will usually be
+// unique ID's or other cryptographic identifiers.
 message Token {
   string id = 1;
-  string body = 2;
-  repeated string scopes = 3;
+  string body = 2; // the actual token used in authenitcation
+  repeated string scopes = 3; // the permissions the token has
   bool active = 4;
 }
 
+// Tokenset encapsulates a list of tokens.
 message TokenSet {
   repeated Token tokens = 1;
 }
@@ -99,3 +71,33 @@ message GetTokenRequest {
   string token = 1;
   string id = 2;
 }
+
+service Backends {
+  rpc List(BackendSelector) returns (BackendList) {}
+
+  rpc Kill(BackendID) returns (Nil) {}
+}
+
+message Backend {
+  string id = 1;
+  string proto = 2;
+  string user = 3;
+  string domain = 4;
+  float phi = 5;
+  string host = 6;
+  bool usable = 7;
+}
+
+message BackendList {
+  BackendSelector bs = 1;
+  repeated Backend backends = 2;
+}
+
+message BackendSelector {
+  string domain = 1;
+  string user = 2;
+}
+
+message BackendID {
+  string id = 1;
+}

proto/route.swagger.json

@@ -1,274 +0,0 @@
-{
-  "swagger": "2.0",
-  "info": {
-    "title": "route.proto",
-    "version": "version not set"
-  },
-  "schemes": [
-    "http",
-    "https"
-  ],
-  "consumes": [
-    "application/json"
-  ],
-  "produces": [
-    "application/json"
-  ],
-  "paths": {
-    "/v1/routes": {
-      "get": {
-        "operationId": "GetAll",
-        "responses": {
-          "200": {
-            "description": "",
-            "schema": {
-              "$ref": "#/definitions/routeGetAllRoutesResponse"
-            }
-          }
-        },
-        "tags": [
-          "Routes"
-        ]
-      },
-      "post": {
-        "operationId": "Put",
-        "responses": {
-          "200": {
-            "description": "",
-            "schema": {
-              "$ref": "#/definitions/routeIDResponse"
-            }
-          }
-        },
-        "tags": [
-          "Routes"
-        ]
-      }
-    },
-    "/v1/routes/{host}": {
-      "get": {
-        "operationId": "Get",
-        "responses": {
-          "200": {
-            "description": "",
-            "schema": {
-              "$ref": "#/definitions/routeRoute"
-            }
-          }
-        },
-        "parameters": [
-          {
-            "name": "host",
-            "in": "path",
-            "required": true,
-            "type": "string"
-          }
-        ],
-        "tags": [
-          "Routes"
-        ]
-      },
-      "delete": {
-        "operationId": "Delete",
-        "responses": {
-          "200": {
-            "description": "",
-            "schema": {
-              "$ref": "#/definitions/routeIDResponse"
-            }
-          }
-        },
-        "parameters": [
-          {
-            "name": "host",
-            "in": "path",
-            "required": true,
-            "type": "string"
-          }
-        ],
-        "tags": [
-          "Routes"
-        ]
-      }
-    },
-    "/v1/tokens": {
-      "get": {
-        "operationId": "GetAll",
-        "responses": {
-          "200": {
-            "description": "",
-            "schema": {
-              "$ref": "#/definitions/routeTokenSet"
-            }
-          }
-        },
-        "tags": [
-          "Tokens"
-        ]
-      },
-      "delete": {
-        "operationId": "Delete",
-        "responses": {
-          "200": {
-            "description": "",
-            "schema": {
-              "$ref": "#/definitions/routeNil"
-            }
-          }
-        },
-        "tags": [
-          "Tokens"
-        ]
-      },
-      "post": {
-        "operationId": "Put",
-        "responses": {
-          "200": {
-            "description": "",
-            "schema": {
-              "$ref": "#/definitions/routeToken"
-            }
-          }
-        },
-        "tags": [
-          "Tokens"
-        ]
-      }
-    },
-    "/v1/tokens/deactivate": {
-      "post": {
-        "operationId": "Deactivate",
-        "responses": {
-          "200": {
-            "description": "",
-            "schema": {
-              "$ref": "#/definitions/routeNil"
-            }
-          }
-        },
-        "tags": [
-          "Tokens"
-        ]
-      }
-    },
-    "/v1/tokens/one": {
-      "get": {
-        "operationId": "Get",
-        "responses": {
-          "200": {
-            "description": "",
-            "schema": {
-              "$ref": "#/definitions/routeToken"
-            }
-          }
-        },
-        "parameters": [
-          {
-            "name": "token",
-            "in": "query",
-            "required": false,
-            "type": "string"
-          },
-          {
-            "name": "id",
-            "in": "query",
-            "required": false,
-            "type": "string"
-          }
-        ],
-        "tags": [
-          "Tokens"
-        ]
-      }
-    }
-  },
-  "definitions": {
-    "routeGetAllRoutesResponse": {
-      "type": "object",
-      "properties": {
-        "routes": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/routeRoute"
-          }
-        }
-      }
-    },
-    "routeGetRouteRequest": {
-      "type": "object",
-      "properties": {
-        "host": {
-          "type": "string"
-        }
-      }
-    },
-    "routeGetTokenRequest": {
-      "type": "object",
-      "properties": {
-        "token": {
-          "type": "string"
-        },
-        "id": {
-          "type": "string"
-        }
-      }
-    },
-    "routeIDResponse": {
-      "type": "object",
-      "properties": {
-        "id": {
-          "type": "string"
-        }
-      }
-    },
-    "routeNil": {
-      "type": "object"
-    },
-    "routeRoute": {
-      "type": "object",
-      "properties": {
-        "id": {
-          "type": "string"
-        },
-        "creator": {
-          "type": "string"
-        },
-        "host": {
-          "type": "string"
-        }
-      }
-    },
-    "routeToken": {
-      "type": "object",
-      "properties": {
-        "id": {
-          "type": "string"
-        },
-        "body": {
-          "type": "string"
-        },
-        "scopes": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "active": {
-          "type": "boolean",
-          "format": "boolean"
-        }
-      }
-    },
-    "routeTokenSet": {
-      "type": "object",
-      "properties": {
-        "tokens": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/routeToken"
-          }
-        }
-      }
-    }
-  }
-}

proto/route/client.go

@@ -0,0 +1,55 @@
+// Package route is a higher level client for routed suitable to embed into
+// Go programs.
+package route
+
+import (
+	"net/http"
+
+	"git.xeserv.us/xena/route/proto"
+)
+
+// New creates a new instance of the routed client with a given token and service
+// URL.
+func New(routedURL, token string, underlying *http.Client) *Client {
+	c := &Client{
+		underlying: underlying,
+		authToken:  token,
+		serverURL:  routedURL,
+	}
+
+	c.Backends = proto.NewBackendsProtobufClient(routedURL, c.hClient())
+	c.Routes = proto.NewRoutesProtobufClient(routedURL, c.hClient())
+	c.Tokens = proto.NewTokensProtobufClient(routedURL, c.hClient())
+
+	return c
+}
+
+// Client is a higher level client for routed
+type Client struct {
+	Backends proto.Backends
+	Routes   proto.Routes
+	Tokens   proto.Tokens
+
+	underlying *http.Client
+	authToken  string
+	serverURL  string
+}
+
+// RoundTrip executes a HTTP request, adding authentication headers and then
+// executing it using the underlying http client.
+func (c *Client) RoundTrip(r *http.Request) (*http.Response, error) {
+	ck := &http.Cookie{
+		Name:  "routed",
+		Value: c.authToken,
+	}
+
+	r.AddCookie(ck)
+
+	return c.underlying.Do(r)
+}
+
+func (c *Client) hClient() *http.Client {
+	return &http.Client{
+		Transport: c,
+	}
+}