cmd/construct: add HTTP test server

Closes #4

.dockerignore

@@ -0,0 +1,2 @@
+/bin
+/.git

Dockerfile

@@ -0,0 +1,13 @@
+FROM xena/go-mini:1.9.2
+
+ENV CGO_ENABLED=0
+ENV PATH=$PATH:/root/go/bin
+
+RUN apk add --no-cache git protobuf \
+ && go download
+
+COPY . /root/go/src/git.xeserv.us/xena/route
+
+RUN cd /root/go/src/git.xeserv.us/xena/route \
+&& go run ./cmd/mage/main.go -v tools generate build \
+&& rm -rf /root/go/pkg /root/go/bin

Gopkg.lock

@@ -1,6 +1,24 @@
 # This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
 
 
+[[projects]]
+  branch = "master"
+  name = "github.com/ThomasRooney/gexpect"
+  packages = ["."]
+  revision = "5482f03509440585d13d8f648989e05903001842"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/Xe/eclier"
+  packages = ["."]
+  revision = "3cde6c5f47044f4875c4b7fe6b12e4e6000608ea"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/Xe/gluanetrc"
+  packages = ["."]
+  revision = "af26c7928995089c19896bcc5d0f8ba48a7930a9"
+
 [[projects]]
   branch = "master"
   name = "github.com/Xe/gopreload"
@@ -9,7 +27,10 @@
 
 [[projects]]
   name = "github.com/Xe/ln"
-  packages = [".","ex"]
+  packages = [
+    ".",
+    "ex"
+  ]
   revision = "466e05b2ef3e48ce08a367b6aaac09ee29a124e5"
   version = "v0.1"
 
@@ -22,8 +43,11 @@
 [[projects]]
   branch = "master"
   name = "github.com/Xe/x"
-  packages = ["tools/svc/credentials/jwt"]
-  revision = "2e7ad18cbac67114f92ca1e1d1dc780ae21ea61f"
+  packages = [
+    "tools/glue/libs/gluaexpect",
+    "tools/glue/libs/gluasimplebox"
+  ]
+  revision = "860ea0dedb8beb93b60717510eabca2ef5ffe150"
 
 [[projects]]
   branch = "master"
@@ -31,16 +55,34 @@
   packages = ["mathx"]
   revision = "033754ab1fee508c9f98f2785eec2365964e0b05"
 
+[[projects]]
+  branch = "master"
+  name = "github.com/aead/chacha20"
+  packages = [
+    ".",
+    "chacha"
+  ]
+  revision = "8d6ce0550041f9d97e7f15ec27ed489f8bbbb0fb"
+
 [[projects]]
   name = "github.com/agext/levenshtein"
   packages = ["."]
   revision = "5f10fee965225ac1eecdc234c09daf5cd9e7f7b6"
   version = "v1.2.1"
 
+[[projects]]
+  branch = "master"
+  name = "github.com/ailncode/gluaxmlpath"
+  packages = ["."]
+  revision = "6ce478ecb4a60c4fc8929838e0b21b7fb7ca7440"
+
 [[projects]]
   branch = "master"
   name = "github.com/alecthomas/template"
-  packages = [".","parse"]
+  packages = [
+    ".",
+    "parse"
+  ]
   revision = "a0175ee3bccc567396460bf5acd36800cb10c49c"
 
 [[projects]]
@@ -69,15 +111,48 @@
 
 [[projects]]
   name = "github.com/asdine/storm"
-  packages = [".","codec","codec/json","index","internal","q"]
-  revision = "255212403bcca439778718edf5e2d3d50744eca3"
-  version = "v1.1.0"
+  packages = [
+    ".",
+    "codec",
+    "codec/json",
+    "index",
+    "internal",
+    "q"
+  ]
+  revision = "68fc73b635f890fe7ba2f3b15ce80c85b28a744f"
+  version = "v2.0.2"
 
 [[projects]]
   name = "github.com/aws/aws-sdk-go"
-  packages = ["aws","aws/awserr","aws/awsutil","aws/client","aws/client/metadata","aws/corehandlers","aws/credentials","aws/credentials/ec2rolecreds","aws/credentials/endpointcreds","aws/credentials/stscreds","aws/defaults","aws/ec2metadata","aws/endpoints","aws/request","aws/session","aws/signer/v4","internal/shareddefaults","private/protocol","private/protocol/query","private/protocol/query/queryutil","private/protocol/rest","private/protocol/restxml","private/protocol/xml/xmlutil","service/s3","service/sts"]
-  revision = "388e6676807f5968ad5eaaec0c70002f80c20b84"
-  version = "v1.12.39"
+  packages = [
+    "aws",
+    "aws/awserr",
+    "aws/awsutil",
+    "aws/client",
+    "aws/client/metadata",
+    "aws/corehandlers",
+    "aws/credentials",
+    "aws/credentials/ec2rolecreds",
+    "aws/credentials/endpointcreds",
+    "aws/credentials/stscreds",
+    "aws/defaults",
+    "aws/ec2metadata",
+    "aws/endpoints",
+    "aws/request",
+    "aws/session",
+    "aws/signer/v4",
+    "internal/shareddefaults",
+    "private/protocol",
+    "private/protocol/query",
+    "private/protocol/query/queryutil",
+    "private/protocol/rest",
+    "private/protocol/restxml",
+    "private/protocol/xml/xmlutil",
+    "service/s3",
+    "service/sts"
+  ]
+  revision = "9ed0c8de252f04ac45a65358377103d5a1aa2d92"
+  version = "v1.12.66"
 
 [[projects]]
   branch = "master"
@@ -91,18 +166,21 @@
   revision = "4aabc24848ce5fd31929f7d1e4ea74d3709c14cd"
   version = "v0.1.0"
 
+[[projects]]
+  branch = "master"
+  name = "github.com/bifurcation/mint"
+  packages = [
+    ".",
+    "syntax"
+  ]
+  revision = "350f685c15fb6b89af795dafe64fad68950948e0"
+
 [[projects]]
   name = "github.com/blang/semver"
   packages = ["."]
   revision = "2ee87856327ba09384cabd113bc6b5d174e9ec0f"
   version = "v3.5.1"
 
-[[projects]]
-  name = "github.com/boltdb/bolt"
-  packages = ["."]
-  revision = "2f1ce7a837dcb8da3ec595b1dac9d0632f0f99e8"
-  version = "v1.3.1"
-
 [[projects]]
   branch = "master"
   name = "github.com/brandur/simplebox"
@@ -112,8 +190,26 @@
 [[projects]]
   name = "github.com/caarlos0/env"
   packages = ["."]
-  revision = "0cf029d5748c52beb2c9d20c81880cb4bdf8f788"
-  version = "v3.0"
+  revision = "7cd7992b3bc86f920394f8de92c13900da1a46b7"
+  version = "v3.2.0"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/cjoudrey/gluahttp"
+  packages = ["."]
+  revision = "b4bfe0c50fea948dcbf3966e120996d6607bbd89"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/cjoudrey/gluaurl"
+  packages = ["."]
+  revision = "31cbb9bef199454415879f2e6d609d1136d60cad"
+
+[[projects]]
+  name = "github.com/coreos/bbolt"
+  packages = ["."]
+  revision = "583e8937c61f1af6513608ccc75c97b6abdf4ff9"
+  version = "v1.3.0"
 
 [[projects]]
   branch = "master"
@@ -139,21 +235,45 @@
   packages = ["."]
   revision = "fcd59fca7456889be7f2ad4515b7612fd6acef31"
 
+[[projects]]
+  name = "github.com/gchaincl/dotsql"
+  packages = ["."]
+  revision = "5487b6a5fc12870425fc14d9e05a3fabddd91d7e"
+  version = "v0.1.0"
+
 [[projects]]
   name = "github.com/go-ini/ini"
   packages = ["."]
   revision = "32e4c1e6bc4e7d0d8451aa6b75200d19e37a536a"
   version = "v1.32.0"
 
+[[projects]]
+  branch = "master"
+  name = "github.com/go-serve/bindatafs"
+  packages = ["."]
+  revision = "1f30d36183f010db5e83986b3554c1a1d9f32d47"
+
 [[projects]]
   branch = "master"
   name = "github.com/golang/protobuf"
-  packages = ["proto","ptypes","ptypes/any","ptypes/duration","ptypes/timestamp"]
-  revision = "130e6b02ab059e7b717a096f397c5b60111cae74"
+  packages = [
+    "jsonpb",
+    "proto",
+    "ptypes",
+    "ptypes/any",
+    "ptypes/duration",
+    "ptypes/struct",
+    "ptypes/timestamp"
+  ]
+  revision = "1e59b77b52bf8e4b449a57e6f79f21226d571845"
 
 [[projects]]
   name = "github.com/google/gops"
-  packages = ["agent","internal","signal"]
+  packages = [
+    "agent",
+    "internal",
+    "signal"
+  ]
   revision = "57e77c5c37da1f4e1af49f9d1fe760f146c1579e"
   version = "v0.3.2"
 
@@ -167,13 +287,16 @@
   branch = "master"
   name = "github.com/hashicorp/go-cleanhttp"
   packages = ["."]
-  revision = "06c9ea3a335b7443026f8124b22619524420291b"
+  revision = "d5fe4b57a186c716b0e00b8c301cbd9b4182694d"
 
 [[projects]]
   branch = "master"
   name = "github.com/hashicorp/go-getter"
-  packages = [".","helper/url"]
-  revision = "2f449c791e6af9e532bc1aca36d1d3865b8537f9"
+  packages = [
+    ".",
+    "helper/url"
+  ]
+  revision = "961f56d2e93379b7d9c578e998d09257509a6f97"
 
 [[projects]]
   branch = "master"
@@ -185,13 +308,13 @@
   branch = "master"
   name = "github.com/hashicorp/go-multierror"
   packages = ["."]
-  revision = "83588e72410abfbe4df460eeb6f30841ae47d4c4"
+  revision = "b7773ae218740a7be65057fc60b366a49b538a44"
 
 [[projects]]
   branch = "master"
   name = "github.com/hashicorp/go-plugin"
   packages = ["."]
-  revision = "e2fbc6864d18d3c37b6cde4297ec9fca266d28f1"
+  revision = "1fc09c47b843b73705f51ffb0520e3ac1bfecf99"
 
 [[projects]]
   branch = "master"
@@ -205,35 +328,94 @@
   packages = ["."]
   revision = "4fe82ae3040f80a03d04d2cccb5606a626b8e1ee"
 
+[[projects]]
+  branch = "master"
+  name = "github.com/hashicorp/golang-lru"
+  packages = [
+    ".",
+    "simplelru"
+  ]
+  revision = "0a025b7e63adc15a622f29b0b2c4c3848243bbf6"
+
 [[projects]]
   branch = "master"
   name = "github.com/hashicorp/hcl"
-  packages = [".","hcl/ast","hcl/parser","hcl/scanner","hcl/strconv","hcl/token","json/parser","json/scanner","json/token"]
+  packages = [
+    ".",
+    "hcl/ast",
+    "hcl/parser",
+    "hcl/scanner",
+    "hcl/strconv",
+    "hcl/token",
+    "json/parser",
+    "json/scanner",
+    "json/token"
+  ]
   revision = "23c074d0eceb2b8a5bfdbb271ab780cde70f05a8"
 
 [[projects]]
   branch = "master"
   name = "github.com/hashicorp/hcl2"
-  packages = ["gohcl","hcl","hcl/hclsyntax","hcl/json","hcldec","hclparse"]
-  revision = "44bad6dbf5490f5da17ec991e664df3d017b706f"
+  packages = [
+    "gohcl",
+    "hcl",
+    "hcl/hclsyntax",
+    "hcl/json",
+    "hcldec",
+    "hclparse"
+  ]
+  revision = "613331e829930a2321c1de7227c9483d9c76c3f4"
 
 [[projects]]
   branch = "master"
   name = "github.com/hashicorp/hil"
-  packages = [".","ast","parser","scanner"]
+  packages = [
+    ".",
+    "ast",
+    "parser",
+    "scanner"
+  ]
   revision = "fa9f258a92500514cc8e9c67020487709df92432"
 
 [[projects]]
   name = "github.com/hashicorp/terraform"
-  packages = ["config","config/configschema","config/hcl2shim","config/module","dag","flatmap","helper/hashcode","helper/hilmapstructure","helper/schema","moduledeps","plugin","plugin/discovery","registry/regsrc","registry/response","svchost","svchost/auth","svchost/disco","terraform","tfdiags","version"]
-  revision = "a42fdb08a43c7fabb8898fe8c286b793bbaa4835"
-  version = "v0.11.1"
+  packages = [
+    "config",
+    "config/configschema",
+    "config/hcl2shim",
+    "config/module",
+    "dag",
+    "flatmap",
+    "helper/hashcode",
+    "helper/hilmapstructure",
+    "helper/schema",
+    "moduledeps",
+    "plugin",
+    "plugin/discovery",
+    "registry",
+    "registry/regsrc",
+    "registry/response",
+    "svchost",
+    "svchost/auth",
+    "svchost/disco",
+    "terraform",
+    "tfdiags",
+    "version"
+  ]
+  revision = "a6008b8a48a749c7c167453b9cf55ffd572b9a5d"
+  version = "v0.11.2"
 
 [[projects]]
   branch = "master"
   name = "github.com/hashicorp/yamux"
   packages = ["."]
-  revision = "f5742cb6b85602e7fa834e9d5d91a7d7fa850824"
+  revision = "683f49123a33db61abfb241b7ac5e4af4dc54d55"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/howeyc/gopass"
+  packages = ["."]
+  revision = "bf9dde6d0d2c004a008c27aaee91170c786f6db8"
 
 [[projects]]
   name = "github.com/jmespath/go-jmespath"
@@ -242,7 +424,10 @@
 
 [[projects]]
   name = "github.com/joho/godotenv"
-  packages = [".","autoload"]
+  packages = [
+    ".",
+    "autoload"
+  ]
   revision = "a79fa1e548e2c689c241d10173efd51e5d689d5b"
   version = "v1.2.0"
 
@@ -258,12 +443,78 @@
   packages = ["."]
   revision = "ae77be60afb1dcacde03767a8c37337fad28ac14"
 
+[[projects]]
+  branch = "master"
+  name = "github.com/kballard/go-shellquote"
+  packages = ["."]
+  revision = "cd60e84ee657ff3dc51de0b4f55dd299a3e136f2"
+
+[[projects]]
+  name = "github.com/klauspost/cpuid"
+  packages = ["."]
+  revision = "ae7887de9fa5d2db4eaa8174a7eff2c1ac00f2da"
+  version = "v1.1"
+
+[[projects]]
+  name = "github.com/klauspost/reedsolomon"
+  packages = ["."]
+  revision = "6bb6130ff6a76a904c1841707d65603aec9cc288"
+  version = "v1.6"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluaenv"
+  packages = ["."]
+  revision = "2888db6bbe38923d59c42e443895875cc8ce0820"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluafs"
+  packages = ["."]
+  revision = "01391ed2d7ab89dc80157605b073403f960aa223"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluaquestion"
+  packages = ["."]
+  revision = "311437c29ba54d027ad2af383661725ae2bfdcdc"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluassh"
+  packages = ["."]
+  revision = "2a7bd48d7568de8230c87ac1ef4a4c481e45814d"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluatemplate"
+  packages = ["."]
+  revision = "d9e2c9d6b00f069a9da377a9ac529c827c1c7d71"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluayaml"
+  packages = ["."]
+  revision = "6fe413d49d73d785510ecf1529991ab0573e96c7"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kr/fs"
+  packages = ["."]
+  revision = "2788f0dbd16903de03cb8186e5c7d97b69ad387b"
+
 [[projects]]
   branch = "master"
   name = "github.com/kr/pretty"
   packages = ["."]
   revision = "cfb55aafdaf3ec08f0db22699ab822c50091b1c4"
 
+[[projects]]
+  name = "github.com/kr/pty"
+  packages = ["."]
+  revision = "282ce0e5322c82529687d609ee670fac7c7d917c"
+  version = "v1.1.1"
+
 [[projects]]
   branch = "master"
   name = "github.com/kr/text"
@@ -272,9 +523,74 @@
 
 [[projects]]
   branch = "master"
+  name = "github.com/lib/pq"
+  packages = [
+    ".",
+    "oid"
+  ]
+  revision = "27ea5d92de30060e7121ddd543fe14e9a327e0cc"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/lucas-clemente/aes12"
+  packages = ["."]
+  revision = "cd47fb39b79f867c6e4e5cd39cf7abd799f71670"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/lucas-clemente/fnv128a"
+  packages = ["."]
+  revision = "393af48d391698c6ae4219566bfbdfef67269997"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/lucas-clemente/quic-go"
+  packages = [
+    ".",
+    "ackhandler",
+    "congestion",
+    "h2quic",
+    "internal/crypto",
+    "internal/flowcontrol",
+    "internal/handshake",
+    "internal/protocol",
+    "internal/utils",
+    "internal/wire",
+    "qerr"
+  ]
+  revision = "15bcc2579f7dab14c84f438741f2b535cf474df9"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/lucas-clemente/quic-go-certificates"
+  packages = ["."]
+  revision = "d2f86524cced5186554df90d92529757d22c1cb6"
+
+[[projects]]
   name = "github.com/magefile/mage"
-  packages = ["mg"]
-  revision = "ca568f7054407930250eb570b76ee41c27c130ab"
+  packages = [
+    "build",
+    "mage",
+    "mg",
+    "parse",
+    "parse/srcimporter",
+    "sh",
+    "types"
+  ]
+  revision = "ab3ca2f6f85577d7ec82e0a6df721147a2e737f9"
+  version = "v2.0.1"
+
+[[projects]]
+  name = "github.com/mattes/migrate"
+  packages = [
+    ".",
+    "database",
+    "database/postgres",
+    "source",
+    "source/go-bindata"
+  ]
+  revision = "035c07716cd373d88456ec4d701402df52584cb4"
+  version = "v3.0.1"
 
 [[projects]]
   name = "github.com/mattn/go-isatty"
@@ -292,7 +608,7 @@
   branch = "master"
   name = "github.com/mitchellh/cli"
   packages = ["."]
-  revision = "33edc47170b5df54d2588696d590c5e20ee583fe"
+  revision = "518dc677a1e1222682f4e7db06721942cb8e9e4c"
 
 [[projects]]
   branch = "master"
@@ -328,7 +644,7 @@
   branch = "master"
   name = "github.com/mitchellh/mapstructure"
   packages = ["."]
-  revision = "06020f85339e21b2478f756a78e295255ffa4d6a"
+  revision = "b4575eea38cca1123ec2dc90c26529b5c5acfcff"
 
 [[projects]]
   branch = "master"
@@ -342,6 +658,12 @@
   packages = ["ulid"]
   revision = "b270c2c35fc775243f87c58cf3f6969c5d9369d6"
 
+[[projects]]
+  name = "github.com/oklog/run"
+  packages = ["."]
+  revision = "4dadeb3030eda0273a12382bb2348ffc7c9d1a39"
+  version = "v1.0.0"
+
 [[projects]]
   name = "github.com/oklog/ulid"
   packages = ["."]
@@ -352,7 +674,19 @@
   branch = "master"
   name = "github.com/olekukonko/tablewriter"
   packages = ["."]
-  revision = "a7a4c189eb47ed33ce7b35f2880070a0c82a67d4"
+  revision = "96aac992fc8b1a4c83841a6c3e7178d20d989625"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/otm/gluaflag"
+  packages = ["."]
+  revision = "078088de689148194436293886e8e39809167332"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/otm/gluash"
+  packages = ["."]
+  revision = "e145c563986f0b91f740a758a84bca46c163aec7"
 
 [[projects]]
   name = "github.com/pkg/errors"
@@ -360,17 +694,28 @@
   revision = "645ef00459ed84a119197bfb8d8205042c6df63d"
   version = "v0.8.0"
 
+[[projects]]
+  name = "github.com/pkg/sftp"
+  packages = ["."]
+  revision = "f6a9258a0f570c3a76681b897b6ded57cb0dfa88"
+  version = "1.2.0"
+
 [[projects]]
   name = "github.com/posener/complete"
-  packages = [".","cmd","cmd/install","match"]
+  packages = [
+    ".",
+    "cmd",
+    "cmd/install",
+    "match"
+  ]
   revision = "dc2bc5a81accba8782bebea28628224643a8286a"
   version = "v1.1"
 
 [[projects]]
   name = "github.com/satori/go.uuid"
   packages = ["."]
-  revision = "879c5887cd475cd7864858769793b2ceb0d44feb"
-  version = "v1.1.0"
+  revision = "f58768cc1a7a7e77a3bd49e98cdd21419399b6a3"
+  version = "v1.2.0"
 
 [[projects]]
   branch = "master"
@@ -384,29 +729,44 @@
   packages = ["."]
   revision = "3794dfbfb04749f896b521032f69383f24c3687e"
 
-[[projects]]
-  name = "github.com/templexxx/reedsolomon"
-  packages = ["."]
-  revision = "5e06b81a1c7628d9c8d4fb7c3c4e401e37db39b4"
-  version = "0.1.1"
-
 [[projects]]
   name = "github.com/templexxx/xor"
   packages = ["."]
   revision = "0af8e873c554da75f37f2049cdffda804533d44c"
   version = "0.1.2"
 
+[[projects]]
+  name = "github.com/tjfoc/gmsm"
+  packages = ["sm4"]
+  revision = "98aa888b79d8de04afe0fccf45ed10594efc858b"
+  version = "v1.1"
+
+[[projects]]
+  name = "github.com/twitchtv/twirp"
+  packages = [
+    ".",
+    "ctxsetters",
+    "internal/contextkeys"
+  ]
+  revision = "db96cdf354e8dc053e5ee5fe890bb0a7f18123ab"
+  version = "v5.0.0"
+
 [[projects]]
   name = "github.com/ulikunitz/xz"
-  packages = [".","internal/hash","internal/xlog","lzma"]
+  packages = [
+    ".",
+    "internal/hash",
+    "internal/xlog",
+    "lzma"
+  ]
   revision = "0c6b41e72360850ca4f98dc341fd999726ea007f"
   version = "v0.5.4"
 
 [[projects]]
   name = "github.com/xtaci/kcp-go"
   packages = ["."]
-  revision = "44c3d76a6b5cc9e3687f829078a52f372928e776"
-  version = "v3.19"
+  revision = "86eebd5cadb519b7c9306082c7eb3bcee2c49a7b"
+  version = "v3.23"
 
 [[projects]]
   name = "github.com/xtaci/smux"
@@ -414,63 +774,224 @@
   revision = "ebec7ef2574b42a7088cd7751176483e0a27d458"
   version = "v1.0.6"
 
+[[projects]]
+  branch = "master"
+  name = "github.com/yookoala/realpath"
+  packages = ["."]
+  revision = "d19ef9c409d9817c1e685775e53d361b03eabbc8"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/yuin/gluamapper"
+  packages = ["."]
+  revision = "d836955830e75240d46ce9f0e6d148d94f2e1d3a"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/yuin/gluare"
+  packages = ["."]
+  revision = "d7c94f1a80ede93a621ed100866e6d4745ca8c22"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/yuin/gopher-lua"
+  packages = [
+    ".",
+    "ast",
+    "parse",
+    "pm"
+  ]
+  revision = "7d7bc8747e3f614c5c587729a341fe7d8903cdb8"
+
 [[projects]]
   branch = "master"
   name = "github.com/zclconf/go-cty"
-  packages = ["cty","cty/convert","cty/function","cty/function/stdlib","cty/gocty","cty/json","cty/set"]
-  revision = "8bf222d6d03b7b336d013978f3acbfd877da428f"
+  packages = [
+    "cty",
+    "cty/convert",
+    "cty/function",
+    "cty/function/stdlib",
+    "cty/gocty",
+    "cty/json",
+    "cty/set"
+  ]
+  revision = "709e4033eeb037dc543dbc2048065dfb814ce316"
 
 [[projects]]
   name = "go.uber.org/atomic"
   packages = ["."]
-  revision = "4e336646b2ef9fc6e47be8e21594178f98e5ebcf"
-  version = "v1.2.0"
+  revision = "8474b86a5a6f79c443ce4b2992817ff32cf208b8"
+  version = "v1.3.1"
 
 [[projects]]
   branch = "master"
   name = "golang.org/x/crypto"
-  packages = ["acme","acme/autocert","bcrypt","blowfish","cast5","nacl/secretbox","openpgp","openpgp/armor","openpgp/elgamal","openpgp/errors","openpgp/packet","openpgp/s2k","pbkdf2","poly1305","salsa20","salsa20/salsa","tea","twofish","xtea"]
-  revision = "9419663f5a44be8b34ca85f08abc5fe1be11f8a3"
+  packages = [
+    "acme",
+    "acme/autocert",
+    "bcrypt",
+    "blowfish",
+    "cast5",
+    "curve25519",
+    "ed25519",
+    "ed25519/internal/edwards25519",
+    "hkdf",
+    "internal/chacha20",
+    "nacl/secretbox",
+    "openpgp",
+    "openpgp/armor",
+    "openpgp/elgamal",
+    "openpgp/errors",
+    "openpgp/packet",
+    "openpgp/s2k",
+    "pbkdf2",
+    "poly1305",
+    "salsa20",
+    "salsa20/salsa",
+    "ssh",
+    "ssh/agent",
+    "ssh/terminal",
+    "tea",
+    "twofish",
+    "xtea"
+  ]
+  revision = "a6600008915114d9c087fad9f03d75087b1a74df"
 
 [[projects]]
   branch = "master"
   name = "golang.org/x/net"
-  packages = ["bpf","context","html","html/atom","http2","http2/hpack","idna","internal/iana","internal/socket","internal/timeseries","ipv4","lex/httplex","trace"]
-  revision = "a04bdaca5b32abe1c069418fb7088ae607de5bd0"
+  packages = [
+    "bpf",
+    "context",
+    "html",
+    "html/atom",
+    "http2",
+    "http2/hpack",
+    "idna",
+    "internal/iana",
+    "internal/socket",
+    "internal/timeseries",
+    "ipv4",
+    "lex/httplex",
+    "trace"
+  ]
+  revision = "5ccada7d0a7ba9aeb5d3aca8d3501b4c2a509fec"
 
 [[projects]]
   branch = "master"
   name = "golang.org/x/sys"
-  packages = ["unix"]
-  revision = "314a259e304ff91bd6985da2a7149bbf91237993"
+  packages = [
+    "unix",
+    "windows"
+  ]
+  revision = "2c42eef0765b9837fbdab12011af7830f55f88f0"
 
 [[projects]]
   branch = "master"
   name = "golang.org/x/text"
-  packages = ["collate","collate/build","internal/colltab","internal/gen","internal/tag","internal/triegen","internal/ucd","language","secure/bidirule","transform","unicode/bidi","unicode/cldr","unicode/norm","unicode/rangetable"]
-  revision = "825fc78a2fd6fa0a5447e300189e3219e05e1f25"
+  packages = [
+    "collate",
+    "collate/build",
+    "internal/colltab",
+    "internal/gen",
+    "internal/tag",
+    "internal/triegen",
+    "internal/ucd",
+    "language",
+    "secure/bidirule",
+    "transform",
+    "unicode/bidi",
+    "unicode/cldr",
+    "unicode/norm",
+    "unicode/rangetable"
+  ]
+  revision = "e19ae1496984b1c655b8044a65c0300a3c878dd3"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/tools"
+  packages = [
+    "godoc/vfs",
+    "godoc/vfs/httpfs"
+  ]
+  revision = "99037e3760ed7d9c772c980caee42b17779b80ce"
 
 [[projects]]
   branch = "master"
   name = "google.golang.org/genproto"
   packages = ["googleapis/rpc/status"]
-  revision = "f676e0f3ac6395ff1a529ae59a6670878a8371a6"
+  revision = "a8101f21cf983e773d0c1133ebc5424792003214"
 
 [[projects]]
   name = "google.golang.org/grpc"
-  packages = [".","codes","connectivity","credentials","grpclb/grpc_lb_v1/messages","grpclog","health","health/grpc_health_v1","internal","keepalive","metadata","naming","peer","stats","status","tap","transport"]
-  revision = "f92cdcd7dcdc69e81b2d7b338479a19a8723cfa3"
-  version = "v1.6.0"
+  packages = [
+    ".",
+    "balancer",
+    "balancer/base",
+    "balancer/roundrobin",
+    "codes",
+    "connectivity",
+    "credentials",
+    "encoding",
+    "grpclb/grpc_lb_v1/messages",
+    "grpclog",
+    "health",
+    "health/grpc_health_v1",
+    "internal",
+    "keepalive",
+    "metadata",
+    "naming",
+    "peer",
+    "resolver",
+    "resolver/dns",
+    "resolver/passthrough",
+    "stats",
+    "status",
+    "tap",
+    "transport"
+  ]
+  revision = "6b51017f791ae1cfbec89c52efdf444b13b550ef"
+  version = "v1.9.2"
 
 [[projects]]
   name = "gopkg.in/alecthomas/kingpin.v2"
   packages = ["."]
-  revision = "1087e65c9441605df944fb12c33f0fe7072d18ca"
-  version = "v2.2.5"
+  revision = "947dcec5ba9c011838740e680966fd7087a71d0d"
+  version = "v2.2.6"
+
+[[projects]]
+  branch = "v2"
+  name = "gopkg.in/xmlpath.v2"
+  packages = ["."]
+  revision = "860cbeca3ebcc600db0b213c0e83ad6ce91f5739"
+
+[[projects]]
+  branch = "v2"
+  name = "gopkg.in/yaml.v2"
+  packages = ["."]
+  revision = "d670f9405373e636a5a2765eea47fac0c9bc91a4"
+
+[[projects]]
+  branch = "master"
+  name = "layeh.com/asar"
+  packages = ["."]
+  revision = "0ec214a4ae0d21fa761591e8cb8f0bbf162ef3e5"
+
+[[projects]]
+  branch = "master"
+  name = "layeh.com/gopher-json"
+  packages = ["."]
+  revision = "1aab82196e3b418b56866938f28b6a693f2c6b18"
+
+[[projects]]
+  name = "layeh.com/gopher-luar"
+  packages = ["."]
+  revision = "7b2b96926970546e504881ee7364c1127508eb4e"
+  version = "v1.0.2"
 
 [solve-meta]
   analyzer-name = "dep"
   analyzer-version = 1
-  inputs-digest = "012fa73a3c0eb714def85cdad9b5d9f8abc13ea4e7bd30b78da555876f2e487d"
+  inputs-digest = "d000c14171581755a2ee37649cb969d019d9c197928028a87e83e3ec729421aa"
   solver-name = "gps-cdcl"
   solver-version = 1

Gopkg.toml

@@ -1,4 +1,3 @@
-
 # Gopkg.toml example
 #
 # Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
@@ -20,6 +19,9 @@
 #  name = "github.com/x/y"
 #  version = "2.4.0"
 
+[[constraint]]
+  branch = "master"
+  name = "github.com/Xe/eclier"
 
 [[constraint]]
   branch = "master"
@@ -39,7 +41,7 @@
 
 [[constraint]]
   name = "github.com/asdine/storm"
-  version = "1.1.0"
+  version = "2.0.2"
 
 [[constraint]]
   branch = "master"
@@ -47,7 +49,7 @@
 
 [[constraint]]
   name = "github.com/caarlos0/env"
-  version = "3.0.0"
+  version = "3.2.0"
 
 [[constraint]]
   branch = "master"
@@ -69,6 +71,10 @@
   name = "github.com/google/gops"
   version = "0.3.2"
 
+[[constraint]]
+  name = "github.com/hashicorp/terraform"
+  version = "0.11.2"
+
 [[constraint]]
   name = "github.com/joho/godotenv"
   version = "1.2.0"
@@ -82,8 +88,12 @@
   name = "github.com/kr/pretty"
 
 [[constraint]]
+  name = "github.com/lucas-clemente/quic-go"
   branch = "master"
+
+[[constraint]]
   name = "github.com/magefile/mage"
+  version = "2.0.1"
 
 [[constraint]]
   branch = "master"
@@ -103,7 +113,7 @@
 
 [[constraint]]
   name = "github.com/xtaci/kcp-go"
-  version = "3.19.0"
+  version = "3.23.0"
 
 [[constraint]]
   name = "github.com/xtaci/smux"
@@ -111,7 +121,7 @@
 
 [[constraint]]
   name = "go.uber.org/atomic"
-  version = "1.2.0"
+  version = "1.3.1"
 
 [[constraint]]
   branch = "master"
@@ -123,12 +133,8 @@
 
 [[constraint]]
   name = "google.golang.org/grpc"
-  version = "1.6.0"
+  version = "1.9.2"
 
 [[constraint]]
   name = "gopkg.in/alecthomas/kingpin.v2"
-  version = "2.2.5"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/mmatczuk/go-http-tunnel"
+  version = "2.2.6"

README.md

@@ -1,5 +1,52 @@
-route
-=====
+# Route
 
-A simple cluster-friendly load balancer for http microservices.
+Route is a load balancer that has backends connect to the load balancer instead
+of the load balancer connecting to backends. This model allows networks to be
+vastly simplified, no longer having to bring in consul or another consensus layer,
+no more configuration generation or rehashing nginx on each deploy.
 
+## About
+
+Project Stability: Alpha (don't use this in production yet)
+
+This project is a passion project, as such excuse the atypical setup for everything.
+If you have ideas on how to improve things, please open an issue, comment on existing
+issues or hit me up in a private message somewhere. I want route to be the easiest
+possible way to host services of all sizes.
+
+### Constraints
+
+Constraints I am putting on myself right now:
+- Use Go as much as possible and where it makes sense use other tools
+- Create solutions using experience from the "old way" of doing things to categorically eliminate problems
+- Make solutions as robust and fault-tolerant wherever possible as soon as possible
+- Don't waste resources if you don't have to
+- Always clean things up eventually
+- If you have to fail, fail loudly
+- Don't be too clever
+- It's ${CURRENT_YEAR}, only allow TLS connections except where absolutely required
+
+## Build
+
+Route uses [mage](http://magefile.org) for building it and its dependencies. For
+convenience, a copy of mage is vendored as `./cmd/mage/main.go`. You can install
+this to your machine if you want.
+
+```console
+$ go run ./cmd/mage/main.go tools
+$ go run ./cmd/mage/main.go build
+```
+
+## Quickstart
+
+See [quickstart docs](https://git.xeserv.us/xena/route/src/master/doc/quickstart.md).
+
+## Support
+
+Please [contact me](https://christine.website/contact) to get support with this
+project.
+
+## Donations
+
+Throw me a [ko-fi](https://ko-fi.com/christinedodrill) or contact me for other
+donations.

box.rb

@@ -1,30 +0,0 @@
-$goVer = "1.9.2"
-$repoPath = "git.xeserv.us/xena/route"
-
-from "xena/go-mini:#{$goVer}"
-
-run "go#{$goVer} download"
-
-[
-  "vendor",
-  "internal",
-  "proto",
-  "cmd",
-].each { |x| copy x+"/", "/root/go/src/#{$repoPath}/#{x}" }
-
-run "apk --no-cache add build-base"
-run "go#{$goVer} build -v #{$repoPath}/cmd/... && go#{$goVer} install -v #{$repoPath}/cmd/..."
-run "apk del build-base"
-
-[
-  "route-cli",
-  "routed",
-  "route-httpagent",
-].each { |x| run "cp /root/go/bin/#{x} /usr/local/bin/#{x}" }
-
-tag "xena/route:thick"
-
-run "apk del go#{$goVer} && rm -rf /root/sdk /root/go"
-flatten
-
-tag "xena/route:latest"

cmd/construct/builtin.go

@@ -0,0 +1,69 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"runtime"
+
+	"github.com/kr/pretty"
+	"go.uber.org/atomic"
+)
+
+var (
+	hits *atomic.Int64
+)
+
+func init() {
+	hits = atomic.NewInt64(0)
+}
+
+func demoServerHandler(msg string) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprintln(w, "Route is go!")
+		fmt.Fprintf(w, "%s\n", pretty.Sprintf("%s", r.Header))
+		hn, _ := os.Hostname()
+		fmt.Fprintf(w, "message: %s\n", msg)
+		fmt.Fprintf(w, "Served by %s running %s\n", hn, runtime.GOOS)
+		fmt.Fprintf(w, "Hit count: %d", hits.Inc())
+
+		ip := r.Header.Get("X-Remote-Ip")
+		if ip != "" {
+			log.Printf("Hit from %s: %s", ip, r.RequestURI)
+		}
+	})
+}
+
+func demoServer(ctx context.Context, args []string) error {
+	fs := flag.NewFlagSet("server", flag.ContinueOnError)
+
+	addr := fs.String("addr", ":9090", "http address to listen on")
+	msg := fs.String("msg", "now here's a little lesson in trickery...", "custom message to add to each page render")
+
+	err := fs.Parse(args)
+	if err != nil {
+		return err
+	}
+
+	hs := &http.Server{
+		Addr:    *addr,
+		Handler: demoServerHandler(*msg),
+	}
+
+	go hs.ListenAndServe()
+
+	log.Printf("listening on %s", *addr)
+
+	for {
+		select {
+		case <-ctx.Done():
+			sctx := context.Background()
+			hs.Shutdown(sctx)
+
+			return nil
+		}
+	}
+}

cmd/construct/main.go

@@ -0,0 +1,124 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"log"
+	"net/http"
+	"os"
+	"path/filepath"
+
+	"git.xeserv.us/xena/route/internal/gluaroute"
+	edata "git.xeserv.us/xena/route/proto/eclier"
+	"github.com/Xe/eclier"
+	"github.com/Xe/gluanetrc"
+	"github.com/Xe/x/tools/glue/libs/gluaexpect"
+	"github.com/Xe/x/tools/glue/libs/gluasimplebox"
+	"github.com/ailncode/gluaxmlpath"
+	"github.com/cjoudrey/gluahttp"
+	"github.com/cjoudrey/gluaurl"
+	"github.com/go-serve/bindatafs"
+	"github.com/kohkimakimoto/gluaenv"
+	"github.com/kohkimakimoto/gluafs"
+	"github.com/kohkimakimoto/gluaquestion"
+	"github.com/kohkimakimoto/gluassh"
+	"github.com/kohkimakimoto/gluatemplate"
+	"github.com/kohkimakimoto/gluayaml"
+	homedir "github.com/mitchellh/go-homedir"
+	"github.com/otm/gluaflag"
+	"github.com/otm/gluash"
+	"github.com/yuin/gluare"
+	lua "github.com/yuin/gopher-lua"
+	"golang.org/x/tools/godoc/vfs/httpfs"
+	json "layeh.com/gopher-json"
+)
+
+var hDir string
+var cfgHome *string
+var netrcFile *string
+var defaultServer *string
+
+func init() {
+	dir, err := homedir.Dir()
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	hDir = dir
+
+	cfgHome = flag.String("home", filepath.Join(hDir, ".construct"), "construct's home directory")
+	netrcFile = flag.String("netrc", filepath.Join(hDir, ".netrc"), "location of netrc file to use for authentication")
+	defaultServer = flag.String("default-server", "https://api.route.xeserv.us:7268", "api server to connect to")
+
+	log.SetFlags(log.LstdFlags | log.Llongfile)
+}
+
+func main() {
+	flag.Parse()
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	pluginLoc := filepath.Join(*cfgHome, "plugins")
+	scriptsLoc := filepath.Join(*cfgHome, "local", "scripts")
+
+	os.MkdirAll(pluginLoc, 0755)
+	os.MkdirAll(scriptsLoc, 0755)
+
+	if _, err := os.Stat(*netrcFile); err != nil {
+		log.Printf("creating netrc file...")
+		fout, err := os.Create(*netrcFile)
+		if err != nil {
+			log.Fatal(err)
+		}
+		fout.Close()
+	}
+
+	efs := bindatafs.New("core://", edata.Asset, edata.AssetDir, edata.AssetInfo)
+
+	opts := []eclier.RouterOption{
+		eclier.WithGluaCreationHook(preload),
+		eclier.WithScriptHome(scriptsLoc),
+		eclier.WithFilesystem("/bindata:core/", httpfs.New(efs)),
+	}
+
+	err := filepath.Walk(pluginLoc, func(path string, info os.FileInfo, err error) error {
+		if info.IsDir() {
+			opts = append(opts, eclier.WithScriptHome(info.Name()))
+		}
+
+		return nil
+	})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	r, err := eclier.NewRouter(opts...)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	r.AddCommand(eclier.NewBuiltinCommand("server", "spawns a http server for testing", "[-addr host:port|-msg \"some message\"]", demoServer))
+
+	r.Run(ctx, flag.Args())
+}
+
+func preload(L *lua.LState) {
+	L.PreloadModule("re", gluare.Loader)
+	L.PreloadModule("sh", gluash.Loader)
+	L.PreloadModule("fs", gluafs.Loader)
+	L.PreloadModule("env", gluaenv.Loader)
+	L.PreloadModule("yaml", gluayaml.Loader)
+	L.PreloadModule("question", gluaquestion.Loader)
+	L.PreloadModule("ssh", gluassh.Loader)
+	L.PreloadModule("http", gluahttp.NewHttpModule(&http.Client{}).Loader)
+	L.PreloadModule("flag", gluaflag.Loader)
+	L.PreloadModule("template", gluatemplate.Loader)
+	L.PreloadModule("url", gluaurl.Loader)
+	gluaexpect.Preload(L)
+	gluasimplebox.Preload(L)
+	gluaxmlpath.Preload(L)
+	json.Preload(L)
+	gluanetrc.Preload(L)
+	gluaroute.Preload(L)
+}

cmd/mage/main.go

@@ -0,0 +1,9 @@
+package main
+
+import (
+	"os"
+
+	"github.com/magefile/mage/mage"
+)
+
+func main() { os.Exit(mage.Main()) }

cmd/route-cli/gops.go

@@ -1,13 +0,0 @@
-package main
-
-import (
-	"log"
-
-	"github.com/google/gops/agent"
-)
-
-func init() {
-	if err := agent.Listen(nil); err != nil {
-		log.Fatal(err)
-	}
-}

cmd/route-cli/main.go

@@ -2,7 +2,6 @@ package main
 
 import (
 	"context"
-	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"log"
@@ -16,14 +15,12 @@ import (
 	"git.xeserv.us/xena/route/internal/database"
 	"git.xeserv.us/xena/route/internal/routecrypto"
 	proto "git.xeserv.us/xena/route/proto"
+	"git.xeserv.us/xena/route/proto/route"
 	"github.com/Xe/ln"
 	"github.com/Xe/uuid"
-	jwtcreds "github.com/Xe/x/tools/svc/credentials/jwt"
 	"github.com/dickeyxxx/netrc"
 	"github.com/kr/pretty"
 	"github.com/olekukonko/tablewriter"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials"
 	"gopkg.in/alecthomas/kingpin.v2"
 )
 
@@ -69,7 +66,7 @@ var (
 	routesCreate       = routes.Command("create", "create a new route")
 	routesCreateDomain = routesCreate.Flag("domain", "domain for the route (if not given one will be generated for you)").String()
 
-	routesInspect       = routes.Command("inspect", "inspect one route")
+	routesInspect   = routes.Command("inspect", "inspect one route")
 	routesInspectID = routesInspect.Flag("id", "ID of the route to inspect").Required().String()
 
 	routesList = routes.Command("list", "list all routes owned by you")
@@ -173,7 +170,13 @@ retry_netrc:
 
 		tBody := uuid.New()
 
-		_, err = db.PutToken(context.Background(), tBody, *tokenGenerateUsername, *tokenGenerateScopes)
+		tok := database.Token{
+			Body:   uuid.New(),
+			Owner:  *tokenGenerateUsername,
+			Scopes: *tokenGenerateScopes,
+		}
+
+		_, err = db.Tokens().Put(context.Background(), tok)
 		if err != nil {
 			ln.FatalErr(ctx, err, ln.Action("add newly created token to database"))
 		}
@@ -192,28 +195,11 @@ retry_netrc:
 
 	m := n.Machine(*grpcServer)
 
-	connCreds := credentials.NewTLS(&tls.Config{
-		InsecureSkipVerify: true,
-	})
-	creds := jwtcreds.NewFromToken(m.Get("password"))
-	conn, err := grpc.Dial(*grpcServer,
-		grpc.WithTransportCredentials(connCreds),
-		grpc.WithPerRPCCredentials(creds))
-	if err != nil {
-		ln.FatalErr(ctx, err, ln.Action("dialing grpc server"), ln.F{"hostname": *grpcServer})
-	}
-
-	rc := proto.NewRoutesClient(conn)
-	tc := proto.NewTokensClient(conn)
-	bc := proto.NewBackendsClient(conn)
-
-	_ = rc
-	_ = tc
-	_ = bc
+	cl := route.New("https://"+*grpcServer, m.Get("password"), &http.Client{})
 
 	switch cmdline {
 	case "route create":
-		rt, err := rc.Put(ctx, &proto.Route{Host: *routesCreateDomain})
+		rt, err := cl.Routes.Put(ctx, &proto.Route{Host: *routesCreateDomain})
 		if err != nil {
 			ln.FatalErr(ctx, err, ln.Action("create new route"))
 		}
@@ -223,7 +209,7 @@ retry_netrc:
 		return
 
 	case "route inspect":
-		r, err := rc.Get(context.Background(), &proto.GetRouteRequest{
+		r, err := cl.Routes.Get(context.Background(), &proto.GetRouteRequest{
 			Id: *routesInspectID,
 		})
 		if err != nil {
@@ -236,7 +222,7 @@ retry_netrc:
 		return
 
 	case "route list":
-		rts, err := rc.GetAll(context.Background(), &proto.Nil{})
+		rts, err := cl.Routes.GetAll(context.Background(), &proto.Nil{})
 		if err != nil {
 			ln.FatalErr(ctx, err, ln.Action("get all routes"))
 		}
@@ -253,7 +239,7 @@ retry_netrc:
 		return
 
 	case "route rm":
-		_, err := rc.Delete(context.Background(), &proto.Route{Id: *routesRmID})
+		_, err := cl.Routes.Delete(context.Background(), &proto.Route{Id: *routesRmID})
 		if err != nil {
 			ln.FatalErr(ctx, err, ln.Action("remove single route"), ln.F{"id": *routesRmID})
 		}
@@ -261,7 +247,7 @@ retry_netrc:
 		return
 
 	case "backend list":
-		bkds, err := bc.List(context.Background(), &proto.BackendSelector{
+		bkds, err := cl.Backends.List(context.Background(), &proto.BackendSelector{
 			Domain: *backendListDomain,
 			User:   *backendListUser,
 		})
@@ -281,7 +267,7 @@ retry_netrc:
 		return
 
 	case "backend kill":
-		_, err := bc.Kill(context.Background(), &proto.BackendID{Id: *backendKillID})
+		_, err := cl.Backends.Kill(context.Background(), &proto.BackendID{Id: *backendKillID})
 		if err != nil {
 			ln.FatalErr(ctx, err, ln.Action("attempt to kill backend"), ln.F{"backend_id": *backendKillID})
 		}
@@ -291,7 +277,7 @@ retry_netrc:
 		return
 
 	case "token list":
-		lis, err := tc.GetAll(ctx, &proto.Nil{})
+		lis, err := cl.Tokens.GetAll(ctx, &proto.Nil{})
 		if err != nil {
 			ln.FatalErr(ctx, err, ln.Action("get all tokens"))
 		}
@@ -313,7 +299,7 @@ retry_netrc:
 			Scopes: scps,
 		}
 
-		ftkn, err := tc.Put(ctx, tkn)
+		ftkn, err := cl.Tokens.Put(ctx, tkn)
 		if err != nil {
 			ln.FatalErr(ctx, err, ln.Action("put token to server"))
 		}
@@ -324,7 +310,7 @@ retry_netrc:
 		return
 
 	case "token inspect":
-		tkn, err := tc.Get(ctx, &proto.GetTokenRequest{Id: *tokenInspectID})
+		tkn, err := cl.Tokens.Get(ctx, &proto.GetTokenRequest{Id: *tokenInspectID})
 		if err != nil {
 			ln.FatalErr(ctx, err, ln.Action("fetch token from server"), ln.F{"token_id": *tokenInspectID})
 		}
@@ -334,17 +320,17 @@ retry_netrc:
 		return
 
 	case "token rm":
-		tkn, err := tc.Get(ctx, &proto.GetTokenRequest{Id: *tokenRmID})
+		tkn, err := cl.Tokens.Get(ctx, &proto.GetTokenRequest{Id: *tokenRmID})
 		if err != nil {
 			ln.FatalErr(ctx, err, ln.Action("fetch token from server"), ln.F{"token_id": *tokenRmID})
 		}
 
 		var action ln.Fer
 		if *tokenRmHard {
-			_, err = tc.Delete(ctx, tkn)
+			_, err = cl.Tokens.Delete(ctx, tkn)
 			action = ln.Action("actually delete token")
 		} else {
-			_, err = tc.Deactivate(ctx, tkn)
+			_, err = cl.Tokens.Deactivate(ctx, tkn)
 			action = ln.Action("deactivate token")
 		}
 

cmd/route-httpagent/main.go

@@ -9,14 +9,15 @@ import (
 	"git.xeserv.us/xena/route/internal/tun2"
 	"github.com/Xe/ln"
 	"github.com/facebookgo/flagenv"
+	_ "github.com/joho/godotenv"
 )
 
 var (
-	token      = flag.String("token", "", "Service identifier token")
-	domain     = flag.String("domain", "", "Domain to ID as")
-	backend    = flag.String("backend", "http://127.0.0.1:9090", "backend TCP/HTTP server")
-	serverAddr = flag.String("server", "127.0.0.1:9234", "frontend server")
-	connMethod = flag.String("method", "tcp", "tcp or kcp connections?")
+	token      = flag.String("token", "", "authentication token used to authenticate with routed")
+	domain     = flag.String("domain", "", "domain to use when authenticating with routed")
+	backend    = flag.String("backend", "http://127.0.0.1:9090", "backend TCP/HTTP server route-httpagent should relay traffic to/from")
+	serverAddr = flag.String("server", "127.0.0.1:9234", "the address that routed is listening on for backend connections")
+	connMethod = flag.String("method", "tcp", "the connection method used to talk to routed (MUST be either 'tcp' or 'kcp')")
 )
 
 func main() {

cmd/route-runmigrations/main.go

@@ -0,0 +1,43 @@
+package main
+
+import (
+	"log"
+
+	"git.xeserv.us/xena/route/internal/database/dmigrations"
+	"github.com/caarlos0/env"
+	"github.com/mattes/migrate"
+	_ "github.com/mattes/migrate/database/postgres"
+	bindata "github.com/mattes/migrate/source/go-bindata"
+)
+
+type config struct {
+	DatabaseURL string `env:"DATABASE_URL,required"`
+}
+
+func main() {
+	var cfg config
+	err := env.Parse(&cfg)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	s := bindata.Resource(dmigrations.AssetNames(),
+		func(name string) ([]byte, error) {
+			return dmigrations.Asset(name)
+		})
+
+	d, err := bindata.WithInstance(s)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	m, err := migrate.NewWithSourceInstance("go-bindata", d, cfg.DatabaseURL)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	err = m.Up()
+	if err != nil {
+		log.Fatal(err)
+	}
+}

cmd/routed/backend.go

@@ -0,0 +1,72 @@
+package main
+
+import (
+	"git.xeserv.us/xena/route/internal/tun2"
+	proto "git.xeserv.us/xena/route/proto"
+	"github.com/Xe/ln"
+	"golang.org/x/net/context"
+)
+
+// Backend implements proto.BackendsServer for gRPC.
+type Backend struct {
+	*Server
+}
+
+// List returns a list of backends given filtering parameters.
+func (b *Backend) List(ctx context.Context, sel *proto.BackendSelector) (*proto.BackendList, error) {
+	clitok, err := b.getAuth(ctx, "backend list", "backend:list")
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "authentication for backend list"})
+	}
+
+	bl := map[string]tun2.Backend{}
+
+	switch {
+	case sel.Domain != "":
+		for _, bk := range b.ts.GetBackendsForDomain(sel.Domain) {
+			bl[bk.ID] = bk
+		}
+	case sel.User != "":
+		for _, bk := range b.ts.GetBackendsForUser(sel.User) {
+			bl[bk.ID] = bk
+		}
+	default:
+		for _, bk := range b.ts.GetAllBackends() {
+			bl[bk.ID] = bk
+		}
+	}
+
+	resp := &proto.BackendList{
+		Bs: sel,
+	}
+
+	for _, bk := range bl {
+		resp.Backends = append(resp.Backends, &proto.Backend{
+			Id:     bk.ID,
+			Proto:  bk.Proto,
+			User:   bk.User,
+			Domain: bk.Domain,
+			Phi:    bk.Phi,
+			Host:   bk.Host,
+			Usable: bk.Usable,
+		})
+	}
+
+	return resp, nil
+}
+
+// Kill removes a backend's connection by ID.
+func (b *Backend) Kill(ctx context.Context, bid *proto.BackendID) (*proto.Nil, error) {
+	clitok, err := b.getAuth(ctx, "backend list", "backend:list")
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "authentication for backend list"})
+	}
+
+	if err := b.ts.KillBackend(bid.Id); err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "killing backend", "backend_id": bid.Id})
+	}
+
+	ln.Log(ctx, clitok, ln.Action("backend killed"), ln.F{"backend_id": bid.Id})
+
+	return &proto.Nil{}, nil
+}

cmd/routed/common.go

@@ -0,0 +1,149 @@
+package main
+
+import (
+	"context"
+	"errors"
+	"net/http"
+	"time"
+
+	"git.xeserv.us/xena/route/internal/database"
+	"git.xeserv.us/xena/route/internal/middleware"
+	"github.com/Xe/ln"
+	"github.com/twitchtv/twirp"
+	"golang.org/x/net/trace"
+)
+
+// errors
+var (
+	ErrNotAuthorized = errors.New("server: not authorized")
+)
+
+func (s *Server) makeTwirpHooks() *twirp.ServerHooks {
+	hooks := &twirp.ServerHooks{}
+
+	hooks.RequestRouted = func(ctx context.Context) (context.Context, error) {
+		ctx = withStartTime(ctx)
+
+		method, ok := twirp.MethodName(ctx)
+		if !ok {
+			return ctx, nil
+		}
+
+		pkg, ok := twirp.PackageName(ctx)
+		if !ok {
+			return ctx, nil
+		}
+
+		svc, ok := twirp.ServiceName(ctx)
+		if !ok {
+			return ctx, nil
+		}
+
+		ctx = ln.WithF(ctx, ln.F{
+			"twirp_method":  method,
+			"twirp_package": pkg,
+			"twirp_service": svc,
+		})
+
+		hdr, ok := middleware.GetHeaders(ctx)
+		if !ok {
+			return ctx, errors.New("can't get request headers")
+		}
+
+		req, _ := http.NewRequest("GET", "/", nil)
+		req.Header = hdr
+
+		ck, err := req.Cookie("routed")
+		if err != nil {
+			return ctx, err
+		}
+
+		tok := ck.Value
+
+		t, err := s.db.Tokens().Get(ctx, tok)
+		if err != nil {
+			return ctx, err
+		}
+
+		ctx = withAuthToken(ctx, t)
+		ctx = ln.WithF(ctx, t.F())
+
+		return ctx, nil
+	}
+
+	hooks.ResponseSent = func(ctx context.Context) {
+		f := ln.F{}
+		now := time.Now()
+		t, ok := getStartTime(ctx)
+		if ok {
+			f["response_time"] = now.Sub(t)
+		}
+
+		ln.Log(ctx, f, ln.Action("response sent"))
+	}
+
+	hooks.Error = func(ctx context.Context, e twirp.Error) context.Context {
+		f := ln.F{}
+
+		for k, v := range e.MetaMap() {
+			f["twirp_meta_"+k] = v
+		}
+
+		ln.Error(ctx, e, f, ln.Action("twirp error"), ln.F{
+			"twirp_error_code": e.Code(),
+			"twirp_error_msg":  e.Msg(),
+		})
+
+		tr, ok := trace.FromContext(ctx)
+		if !ok {
+			return ctx
+		}
+
+		tr.SetError()
+
+		return ctx
+	}
+
+	return hooks
+}
+
+func (s *Server) getAuth(ctx context.Context, operation, scope string) (database.Token, error) {
+	t, ok := getAuthToken(ctx)
+	if !ok {
+		return database.Token{}, errors.New("no auth token in context")
+	}
+
+	ok = false
+	for _, sc := range t.Scopes {
+		// the "admin" scope is implicitly allowed for everything.
+		if sc == "admin" {
+			ok = true
+			break
+		}
+
+		if sc == scope {
+			ok = true
+		}
+	}
+
+	if !ok {
+		return database.Token{}, ErrNotAuthorized
+	}
+
+	ln.WithF(ctx, ln.F{"operation": operation})
+
+	return t, nil
+}
+
+func handleError(ctx context.Context, clitok database.Token, err error, f ln.F) error {
+	tr, ok := trace.FromContext(ctx)
+	if !ok {
+		goto skip
+	}
+	tr.SetError()
+
+skip:
+	ln.Error(ctx, err, f, clitok)
+
+	return err
+}

cmd/routed/ctx.go

@@ -0,0 +1,41 @@
+package main
+
+import (
+	"context"
+	"time"
+
+	"git.xeserv.us/xena/route/internal/database"
+)
+
+type ctxKey int
+
+const (
+	startTimeKey ctxKey = iota
+	tokenKey
+)
+
+func withStartTime(ctx context.Context) context.Context {
+	return context.WithValue(ctx, startTimeKey, time.Now())
+}
+
+func getStartTime(ctx context.Context) (time.Time, bool) {
+	t, ok := ctx.Value(startTimeKey).(time.Time)
+	if !ok {
+		return time.Time{}, false
+	}
+
+	return t, true
+}
+
+func withAuthToken(ctx context.Context, token database.Token) context.Context {
+	return context.WithValue(ctx, tokenKey, token)
+}
+
+func getAuthToken(ctx context.Context) (database.Token, bool) {
+	t, ok := ctx.Value(tokenKey).(database.Token)
+	if !ok {
+		return database.Token{}, false
+	}
+
+	return t, true
+}

cmd/routed/main.go

@@ -4,19 +4,22 @@ import (
 	"context"
 	"crypto/tls"
 	"flag"
+	"fmt"
 	"math/rand"
 	"net"
 	"net/http"
+	"os"
+	"os/signal"
 	"time"
 
 	_ "git.xeserv.us/xena/route/internal"
 	"git.xeserv.us/xena/route/internal/middleware"
 	"git.xeserv.us/xena/route/internal/routecrypto"
-	"git.xeserv.us/xena/route/internal/server"
 	"github.com/Xe/ln"
 	"github.com/caarlos0/env"
 	"github.com/facebookgo/flagenv"
 	_ "github.com/joho/godotenv/autoload"
+	"github.com/lucas-clemente/quic-go/h2quic"
 )
 
 var (
@@ -27,64 +30,157 @@ func main() {
 	flag.Parse()
 	flagenv.Parse()
 	rand.Seed(time.Now().Unix())
+
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
-	certKey, _ := routecrypto.ParseKey(*sslCertKey)
+	certKey, err := routecrypto.ParseKey(*sslCertKey)
+	if err != nil {
+		ln.FatalErr(ctx, err, ln.Action("parse cert key"))
+	}
 
-	scfg := server.Config{}
-	err := env.Parse(&scfg)
+	scfg := Config{}
+	err = env.Parse(&scfg)
 	if err != nil {
 		ln.FatalErr(ctx, err, ln.Action("parsing environment for config"))
 	}
 	scfg.CertKey = certKey
 
-	s, err := server.New(scfg)
+	s, err := New(scfg)
 	if err != nil {
 		ln.FatalErr(ctx, err, ln.Action("create server instance"))
 	}
 
-	go setupTLS(s, scfg)
+	go setupQuic(ctx, s, scfg)
+	go setupTLS(ctx, s, scfg)
+	go setupHTTP(ctx, s, scfg)
+
+	ch := make(chan os.Signal, 2)
+
+	go func() {
+		val := <-ch
+
+		ln.Log(ctx, ln.F{"signal": val.String()}, ln.Action("signal recieved"))
+		cancel()
+	}()
+
+	signal.Notify(ch, os.Interrupt)
+
+	<-ctx.Done()
+
+	fmt.Printf("%s is now waiting for final shutdown, press ^C again to kill it now\n", os.Args[0])
+	time.Sleep(30 * time.Second)
+}
+
+func setupHTTP(ctx context.Context, s *Server, scfg Config) {
+	f := ln.F{
+		"kind": "http",
+		"addr": scfg.WebAddr,
+	}
 
 	// listen on HTTP listener
 	l, err := net.Listen("tcp", scfg.WebAddr)
 	if err != nil {
-		ln.FatalErr(ctx, err, ln.Action("listening on HTTP port"), ln.F{"addr": scfg.WebAddr})
+		ln.FatalErr(ctx, err, f, ln.Action("listening on HTTP port"))
 	}
 	defer l.Close()
 
 	hs := &http.Server{
-		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			switch r.Method {
-			case http.MethodPatch, http.MethodPut, http.MethodPost:
-				http.Error(w, "use https", http.StatusNotAcceptable)
-				ln.Log(r.Context(), ln.Action("cannot redirect (wrong method)"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})
-				return
-			}
-
-			r.URL.Host = r.Host
-			r.URL.Scheme = "https"
-
-			ln.Log(r.Context(), ln.Action("redirecting insecure HTTP to HTTPS"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})
-
-			http.Redirect(w, r, r.URL.String(), http.StatusPermanentRedirect)
-		}),
-		Addr: scfg.WebAddr,
+		Handler: s.Manager.HTTPHandler(http.HandlerFunc(insecureRedirect)),
+		Addr:    scfg.WebAddr,
 	}
 
-	hs.Serve(l)
+	go ln.FatalErr(ctx, hs.Serve(l))
+	ln.Log(ctx, f, ln.Action("http server listen"))
+
+	for {
+		select {
+		case <-ctx.Done():
+			ln.Log(ctx, f, ln.Action("shutdown signal recieved"))
+			hs.SetKeepAlivesEnabled(false)
+
+			ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+			defer cancel()
+			hs.Shutdown(ctx)
+
+			ln.Log(ctx, f, ln.Action("shutdown complete"))
+			return
+		}
+	}
 }
 
-func setupTLS(s *server.Server, scfg server.Config) {
+func setupQuic(ctx context.Context, s *Server, scfg Config) {
+	f := ln.F{
+		"kind": "quic",
+		"addr": scfg.QuicAddr,
+	}
+
+	qs := &h2quic.Server{
+		Server: &http.Server{
+			Handler: middleware.Trace("http-quic")(s),
+			Addr:    scfg.QuicAddr,
+			TLSConfig: &tls.Config{
+				GetCertificate: s.GetCertificate,
+			},
+
+			IdleTimeout:       5 * time.Minute,
+			ReadHeaderTimeout: time.Second,
+		},
+	}
+
+	s.QuicServer = qs
+
+	go ln.FatalErr(context.Background(), qs.ListenAndServe())
+	ln.Log(ctx, f, ln.Action("http server listen"))
+
+	for {
+		select {
+		case <-ctx.Done():
+			ln.Log(ctx, f, ln.Action("shutdown signal recieved"))
+			qs.SetKeepAlivesEnabled(false)
+
+			ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+			defer cancel()
+			qs.Shutdown(ctx)
+
+			ln.Log(ctx, f, ln.Action("shutdown complete"))
+			return
+		}
+	}
+}
+
+func setupTLS(ctx context.Context, s *Server, scfg Config) {
+	f := ln.F{
+		"kind": "https",
+		"addr": scfg.SSLAddr,
+	}
+
 	hs := &http.Server{
-		Handler: middleware.Trace(s),
+		Handler: middleware.Trace("https")(s),
 		Addr:    scfg.SSLAddr,
 		TLSConfig: &tls.Config{
 			GetCertificate: s.GetCertificate,
 		},
+
+		IdleTimeout:       5 * time.Minute,
+		ReadHeaderTimeout: time.Second,
 	}
 
+	go ln.FatalErr(context.Background(), hs.ListenAndServeTLS("", ""))
+	ln.Log(ctx, f, ln.Action("http server listen"))
+
 	for {
-		hs.ListenAndServeTLS("", "")
+		select {
+		case <-ctx.Done():
+			ln.Log(ctx, f, ln.Action("shutdown signal recieved"))
+			hs.SetKeepAlivesEnabled(false)
+
+			ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+			defer cancel()
+			hs.Shutdown(ctx)
+
+			ln.Log(ctx, f, ln.Action("shutdown complete"))
+			return
+		}
 	}
 }

cmd/routed/route.go

@@ -0,0 +1,116 @@
+package main
+
+import (
+	"git.xeserv.us/xena/route/internal/database"
+	"git.xeserv.us/xena/route/internal/elfs"
+	proto "git.xeserv.us/xena/route/proto"
+	"github.com/Xe/ln"
+	"golang.org/x/net/context"
+)
+
+// Route implements rout.RoutesServer for gRPC
+type Route struct {
+	*Server
+}
+
+// interface assertions
+var (
+	_ proto.Routes = &Route{}
+)
+
+// Get fetches a route from the database.
+func (r *Route) Get(ctx context.Context, req *proto.GetRouteRequest) (*proto.Route, error) {
+	clitok, err := r.getAuth(ctx, "get single route", "route:get")
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "Route.Get_getAuth"})
+	}
+
+	val, err := r.db.Routes().Get(ctx, req.Id)
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "get single route from database", "id": req.Id})
+	}
+
+	if val.Creator != clitok.Owner {
+		return nil, handleError(ctx, clitok, ErrNotAuthorized, ln.F{"action": "Route.Get_wrong_ownership"})
+	}
+
+	return val.AsProto(), nil
+}
+
+// GetAll fetches all of the routes that you own.
+func (r *Route) GetAll(ctx context.Context, req *proto.Nil) (*proto.GetAllRoutesResponse, error) {
+	clitok, err := r.getAuth(ctx, "get all routes for user", "route:getall")
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "Route.GetAll_getAuth"})
+	}
+
+	routes, err := r.db.Routes().GetAll(ctx, clitok.Owner)
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "get all routes for user from database"})
+	}
+
+	result := []*proto.Route{}
+
+	// let result = apply routeAsProto routes
+	for _, rt := range routes {
+		result = append(result, rt.AsProto())
+	}
+
+	return &proto.GetAllRoutesResponse{
+		Routes: result,
+	}, nil
+}
+
+func (r *Route) Put(ctx context.Context, rt *proto.Route) (*proto.Route, error) {
+	clitok, err := r.getAuth(ctx, "put new route", "route:put")
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "Route.Put_getAuth"})
+	}
+
+	if rt.Host == "" {
+		rt.Host = elfs.MakeName() + r.cfg.DomainSuffix
+	}
+
+	rr := database.Route{
+		ID:       rt.Id,
+		Hostname: rt.Host,
+		Creator:  clitok.Owner,
+	}
+
+	drt, err := r.db.Routes().Put(ctx, rr)
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "put route to database"})
+	}
+
+	ln.Log(ctx, drt, ln.Action("put route to database"))
+
+	return drt.AsProto(), nil
+}
+
+func (r *Route) Delete(ctx context.Context, rt *proto.Route) (*proto.Nil, error) {
+	clitok, err := r.getAuth(ctx, "delete single route", "route:delete")
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "Route.Delete_getAuth"})
+	}
+
+	drt, err := r.db.Routes().Get(ctx, rt.Host)
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "fetch route from database", "host": rt.Host})
+	}
+
+	if drt.Creator != clitok.Owner {
+		return nil, handleError(ctx, clitok, ErrNotAuthorized, ln.F{"action": "user not authorized to delete this route", "host": rt.Host})
+	}
+
+	_, err = r.db.Routes().Delete(ctx, database.Route{ID: rt.Id})
+	f := drt.F()
+	f["action"] = "delete route from database"
+	if err != nil {
+		handleError(ctx, clitok, ErrNotAuthorized, f)
+	}
+
+	f["action"] = "deleted route from database"
+	ln.Log(ctx, f, drt)
+
+	return &proto.Nil{}, nil
+}

cmd/routed/server.go

@@ -0,0 +1,237 @@
+package main
+
+import (
+	"crypto/tls"
+	"errors"
+	"net"
+	"net/http"
+	"net/http/httputil"
+	"time"
+
+	"git.xeserv.us/xena/route/internal/database"
+	"git.xeserv.us/xena/route/internal/middleware"
+	"git.xeserv.us/xena/route/internal/tun2"
+	proto "git.xeserv.us/xena/route/proto"
+	"github.com/Xe/ln"
+	"github.com/lucas-clemente/quic-go/h2quic"
+	"github.com/mtneug/pkg/ulid"
+	kcp "github.com/xtaci/kcp-go"
+	"golang.org/x/crypto/acme/autocert"
+	"golang.org/x/net/context"
+)
+
+// RPC constants
+const (
+	RPCPort uint16 = 39453
+)
+
+// Server is the main server type.
+type Server struct {
+	cfg *Config
+	db  database.Storage
+	ts  *tun2.Server
+
+	QuicServer *h2quic.Server
+
+	*autocert.Manager
+}
+
+// Config configures Server
+type Config struct {
+	BoltDBPath string `env:"BOLTDB_PATH,required"`
+
+	WebAddr        string `env:"WEB_ADDR,required"`
+	SSLAddr        string `env:"SSL_ADDR,required"`
+	QuicAddr       string `env:"QUIC_ADDR,required"`
+	BackendTCPAddr string `env:"BACKEND_TCP_ADDR,required"`
+	BackendKCPAddr string `env:"BACKEND_KCP_ADDR,required"`
+	GRPCAddr       string `env:"GRPC_ADDR,required"`
+
+	DomainSuffix string `env:"DOMAIN_SUFFIX,required"`
+	ACMEEmail    string `env:"ACME_EMAIL,required"`
+	CertKey      *[32]byte
+}
+
+// listenTCP configures a listener for TCP+TLS agent connections.
+func (s *Server) listenTCP(ctx context.Context, addr string, tcfg *tls.Config) {
+	l, err := tls.Listen("tcp", addr, tcfg)
+	if err != nil {
+		panic(err)
+	}
+
+	ln.Log(ctx, ln.Action("tcp+tls listening"), ln.F{"addr": l.Addr()})
+
+	for {
+		conn, err := l.Accept()
+		if err != nil {
+			ln.Error(ctx, err, ln.Action("accept backend client socket"))
+		}
+
+		ln.Log(ctx, ln.F{
+			"action":  "new backend client",
+			"addr":    conn.RemoteAddr(),
+			"network": conn.RemoteAddr().Network(),
+		})
+
+		go s.ts.HandleConn(conn, false)
+	}
+}
+
+// listenKCP configures a listener for KCP+TLS agent connections.
+func (s *Server) listenKCP(ctx context.Context, addr string, tcfg *tls.Config) {
+	l, err := kcp.Listen(addr)
+	if err != nil {
+		panic(err)
+	}
+
+	ln.Log(ctx, ln.Action("kcp+tls listening"), ln.F{"addr": l.Addr()})
+
+	for {
+		conn, err := l.Accept()
+		if err != nil {
+			ln.Error(ctx, err, ln.F{"kind": "kcp", "addr": l.Addr().String()})
+		}
+
+		ln.Log(ctx, ln.F{
+			"action":  "new_client",
+			"network": conn.RemoteAddr().Network(),
+			"addr":    conn.RemoteAddr(),
+		})
+
+		tc := tls.Server(conn, tcfg)
+
+		go s.ts.HandleConn(tc, true)
+	}
+}
+
+// New creates a new Server
+func New(cfg Config) (*Server, error) {
+	if cfg.CertKey == nil {
+		return nil, errors.New("no cert decryption key, can't do anything")
+	}
+
+	db, err := database.NewBoltStorage(cfg.BoltDBPath, cfg.CertKey)
+	if err != nil {
+		return nil, err
+	}
+
+	m := &autocert.Manager{
+		Prompt:     autocert.AcceptTOS,
+		Cache:      database.Cache(db),
+		HostPolicy: nil,
+		Email:      cfg.ACMEEmail,
+	}
+
+	tcfg := &tun2.ServerConfig{
+		Storage: &storageWrapper{
+			Storage: db,
+		},
+	}
+
+	ts, err := tun2.NewServer(tcfg)
+	if err != nil {
+		return nil, err
+	}
+
+	s := &Server{
+		cfg: &cfg,
+		db:  db,
+		ts:  ts,
+
+		Manager: m,
+	}
+
+	tc := &tls.Config{
+		GetCertificate: m.GetCertificate,
+	}
+
+	go s.listenKCP(context.Background(), cfg.BackendKCPAddr, tc)
+	go s.listenTCP(context.Background(), cfg.BackendTCPAddr, tc)
+
+	withHandler := func(disc string, h http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			h.ServeHTTP(w, r.WithContext(ln.WithF(r.Context(), ln.F{"disc": disc})))
+		})
+	}
+
+	bhdr := proto.NewBackendsServer(&Backend{Server: s}, s.makeTwirpHooks())
+	rhdr := proto.NewRoutesServer(&Route{Server: s}, s.makeTwirpHooks())
+	thdr := proto.NewTokensServer(&Token{Server: s}, s.makeTwirpHooks())
+	mux := http.NewServeMux()
+
+	mux.Handle(proto.BackendsPathPrefix, withHandler("backends", bhdr))
+	mux.Handle(proto.RoutesPathPrefix, withHandler("routes", rhdr))
+	mux.Handle(proto.TokensPathPrefix, withHandler("tokens", thdr))
+
+	hs := &http.Server{
+		TLSConfig: tc,
+		Addr:      cfg.GRPCAddr,
+		Handler:   middleware.SaveHeaders(middleware.Trace("twirp-https")(mux)),
+	}
+
+	ln.Log(context.Background(), ln.F{
+		"kind":     "api",
+		"backends": proto.BackendsPathPrefix,
+		"routes":   proto.RoutesPathPrefix,
+		"tokens":   proto.TokensPathPrefix,
+		"addr":     cfg.GRPCAddr,
+	})
+	go hs.ListenAndServeTLS("", "")
+
+	return s, nil
+}
+
+// Director removes headers that are typically stripped off at request ingress.
+func (s *Server) Director(r *http.Request) {
+	r.Header.Del("X-Forwarded-For")
+	r.Header.Del("X-Client-Ip")
+}
+
+// ServeHTTP proxies traffic to a remote backend based on the request meta-information.
+func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if r.Header.Get("X-Tor2web") != "" {
+		http.Error(w, "tor2web proxy use is not allowed", 400)
+		return
+	}
+
+	host, _, err := net.SplitHostPort(r.RemoteAddr)
+	if err != nil {
+		http.Error(w, err.Error(), 500)
+		return
+	}
+	r.Header.Set("X-Remote-Ip", host)
+	r.Header.Set("X-Request-Ingress", time.Now().Format(time.RFC3339))
+
+	rid := ulid.New().String()
+	r.Header.Set("X-Request-Id", rid)
+	w.Header().Set("X-Request-Id", rid)
+	s.QuicServer.SetQuicHeaders(w.Header())
+
+	// http://www.gnuterrypratchett.com/
+	w.Header().Set("X-Clacks-Overhead", "GNU Ashlynn")
+
+	rp := &httputil.ReverseProxy{
+		Director:      s.Director,
+		Transport:     s.ts,
+		FlushInterval: 1 * time.Second,
+	}
+
+	rp.ServeHTTP(w, r)
+}
+
+// insecureRedirect redirects a client to https if they connect over plain HTTP.
+func insecureRedirect(w http.ResponseWriter, r *http.Request) {
+	switch r.Method {
+	case http.MethodPatch, http.MethodPut, http.MethodPost:
+		http.Error(w, "use https", http.StatusNotAcceptable)
+		ln.Log(r.Context(), ln.Action("cannot redirect (wrong method)"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})
+		return
+	}
+
+	r.URL.Host = r.Host
+	r.URL.Scheme = "https"
+
+	ln.Log(r.Context(), ln.Action("redirecting insecure HTTP to HTTPS"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})
+
+	http.Redirect(w, r, r.URL.String(), http.StatusPermanentRedirect)
+}

cmd/routed/server_test.go

@@ -0,0 +1,29 @@
+package main
+
+import (
+	"net/http"
+	"testing"
+)
+
+func TestDirector(t *testing.T) {
+	s := &Server{}
+
+	req, err := http.NewRequest("GET", "https://cetacean.club/", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	req.Header.Add("X-Forwarded-For", "Rick-James")
+	req.Header.Add("X-Client-Ip", "56.32.51.84")
+
+	s.Director(req)
+
+	for _, header := range []string{"X-Forwarded-For", "X-Client-Ip"} {
+		t.Run(header, func(t *testing.T) {
+			val := req.Header.Get(header)
+			if val != "" {
+				t.Fatalf("expected header %q to have no value, got: %v", header, val)
+			}
+		})
+	}
+}

cmd/routed/storage.go

@@ -1,4 +1,4 @@
-package server
+package main
 
 import (
 	"context"
@@ -16,7 +16,7 @@ var (
 )
 
 func (s *storageWrapper) HasToken(token string) (string, []string, error) {
-	t, err := s.Storage.GetToken(context.Background(), token)
+	t, err := s.Storage.Tokens().GetBody(context.Background(), token)
 	if err != nil {
 		return "", nil, err
 	}
@@ -25,7 +25,7 @@ func (s *storageWrapper) HasToken(token string) (string, []string, error) {
 }
 
 func (s *storageWrapper) HasRoute(domain string) (string, error) {
-	r, err := s.Storage.GetRouteHost(context.Background(), domain)
+	r, err := s.Storage.Routes().GetHost(context.Background(), domain)
 	if err != nil {
 		return "", err
 	}

cmd/routed/token.go

@@ -0,0 +1,109 @@
+package main
+
+import (
+	"errors"
+
+	"git.xeserv.us/xena/route/internal/database"
+	proto "git.xeserv.us/xena/route/proto"
+	"github.com/Xe/ln"
+	"github.com/Xe/uuid"
+	"golang.org/x/net/context"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+)
+
+// Token is the token server implementation for grpc use.
+type Token struct {
+	*Server
+}
+
+// interface assertions
+var (
+	_ proto.Tokens = &Token{}
+)
+
+func (t *Token) Get(ctx context.Context, req *proto.GetTokenRequest) (*proto.Token, error) {
+	clitok, err := t.getAuth(ctx, "get single token", "token:get")
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "not authorized"})
+	}
+
+	if req.Id == "" {
+		return nil, status.Errorf(codes.InvalidArgument, "must specify ID")
+	}
+
+	dbt, err := t.db.Tokens().Get(ctx, req.Id)
+	if err != nil {
+		return nil, err
+	}
+
+	if dbt.Owner != clitok.Owner {
+		return nil, ErrNotAuthorized
+	}
+
+	return dbt.AsProto(), nil
+}
+
+func (t *Token) GetAll(ctx context.Context, req *proto.Nil) (*proto.TokenSet, error) {
+	clitok, err := t.getAuth(ctx, "get all tokens", "token:getall")
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "Token.GetAll_getAuth"})
+	}
+
+	toks, err := t.db.Tokens().GetAll(ctx, clitok.Owner)
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "Token.GetAll_db.GetTokensForOwner"})
+	}
+
+	result := []*proto.Token{}
+
+	for _, tok := range toks {
+		result = append(result, tok.AsProto())
+	}
+
+	return &proto.TokenSet{
+		Tokens: result,
+	}, nil
+}
+
+func (t *Token) Put(ctx context.Context, tok *proto.Token) (*proto.Token, error) {
+	clitok, err := t.getAuth(ctx, "put new token", "token:put")
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "not authorized"})
+	}
+
+	dtok := database.Token{
+		ID:     uuid.New(),
+		Owner:  clitok.Owner,
+		Scopes: tok.Scopes,
+	}
+
+	dbt, err := t.db.Tokens().Put(ctx, dtok)
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "put token into database", "scopes": tok.Scopes})
+	}
+
+	ln.Log(ctx, dbt, ln.Action("new token created"))
+
+	return dbt.AsProto(), nil
+}
+
+func (t *Token) Delete(ctx context.Context, tok *proto.Token) (*proto.Nil, error) {
+	clitok, err := t.getAuth(ctx, "delete single token", "token:delete")
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "not authorized"})
+	}
+
+	_, err = t.db.Tokens().Delete(ctx, tok.Id)
+	if err != nil {
+		return nil, handleError(ctx, clitok, err, ln.F{"action": "delete token from database", "token_id": tok.Id})
+	}
+
+	ln.Log(ctx, clitok, ln.Action("token deleted"), ln.F{"token_id": tok.Id})
+
+	return &proto.Nil{}, nil
+}
+
+func (t *Token) Deactivate(ctx context.Context, tok *proto.Token) (*proto.Nil, error) {
+	return nil, errors.New("not implemented")
+}

cmd/terraform-provider-route/main.go

@@ -1,16 +1,13 @@
 package main
 
 import (
-	"crypto/tls"
 	"log"
+	"net/http"
 
-	proto "git.xeserv.us/xena/route/proto"
-	jwtcreds "github.com/Xe/x/tools/svc/credentials/jwt"
+	"git.xeserv.us/xena/route/proto/route"
 	"github.com/hashicorp/terraform/helper/schema"
 	"github.com/hashicorp/terraform/plugin"
 	"github.com/hashicorp/terraform/terraform"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials"
 )
 
 func main() {
@@ -34,15 +31,11 @@ func provider() terraform.ResourceProvider {
 				Required:    true,
 				DefaultFunc: schema.EnvDefaultFunc("ROUTE_HOST", nil),
 			},
-			"verify_tls": &schema.Schema{
-				Type:        schema.TypeBool,
-				Optional:    true,
-				DefaultFunc: schema.EnvDefaultFunc("ROUTE_VERIFY_TLS", nil),
-			},
 		},
 
 		ResourcesMap: map[string]*schema.Resource{
 			"route_route": routeResource(),
+			"route_token": tokenResource(),
 		},
 
 		ConfigureFunc: providerConfigure,
@@ -52,22 +45,10 @@ func provider() terraform.ResourceProvider {
 func providerConfigure(d *schema.ResourceData) (interface{}, error) {
 	token := d.Get("token").(string)
 	host := d.Get("host").(string)
-	verifyTLS := d.Get("verify_tls").(bool)
 
 	log.Printf("[INFO] Initializing route client connecting to %s", host)
 
-	connCreds := credentials.NewTLS(&tls.Config{
-		InsecureSkipVerify: verifyTLS,
-	})
-	creds := jwtcreds.NewFromToken(token)
-	conn, err := grpc.Dial(host,
-		grpc.WithTransportCredentials(connCreds),
-		grpc.WithPerRPCCredentials(creds))
-	if err != nil {
-		return nil, err
-	}
+	cl := route.New(host, token, &http.Client{})
 
-	rc := proto.NewRoutesClient(conn)
-
-	return rc, nil
+	return cl, nil
 }

cmd/terraform-provider-route/route.go

@@ -5,6 +5,7 @@ import (
 	"log"
 
 	proto "git.xeserv.us/xena/route/proto"
+	"git.xeserv.us/xena/route/proto/route"
 	"github.com/hashicorp/terraform/helper/schema"
 )
 
@@ -30,9 +31,9 @@ func routeResource() *schema.Resource {
 }
 
 func resourceRouteCreate(d *schema.ResourceData, meta interface{}) error {
-	cli := meta.(proto.RoutesClient)
+	cli := meta.(*route.Client)
 
-	rt, err := cli.Put(context.Background(), &proto.Route{
+	rt, err := cli.Routes.Put(context.Background(), &proto.Route{
 		Host: d.Get("host").(string),
 	})
 
@@ -46,14 +47,14 @@ func resourceRouteCreate(d *schema.ResourceData, meta interface{}) error {
 }
 
 func resourceRouteDelete(d *schema.ResourceData, meta interface{}) error {
-	cli := meta.(proto.RoutesClient)
+	cli := meta.(*route.Client)
 
-	rt, err := cli.Get(context.Background(), &proto.GetRouteRequest{Id: d.Id()})
+	rt, err := cli.Routes.Get(context.Background(), &proto.GetRouteRequest{Id: d.Id()})
 	if err != nil {
 		return err
 	}
 
-	_, err = cli.Delete(context.Background(), rt)
+	_, err = cli.Routes.Delete(context.Background(), rt)
 	if err != nil {
 		return err
 	}
@@ -64,9 +65,9 @@ func resourceRouteDelete(d *schema.ResourceData, meta interface{}) error {
 }
 
 func resourceRouteExists(d *schema.ResourceData, meta interface{}) (bool, error) {
-	cli := meta.(proto.RoutesClient)
+	cli := meta.(*route.Client)
 
-	_, err := cli.Get(context.Background(), &proto.GetRouteRequest{Id: d.Id()})
+	_, err := cli.Routes.Get(context.Background(), &proto.GetRouteRequest{Id: d.Id()})
 	if err != nil {
 		return false, err
 	}
@@ -75,9 +76,9 @@ func resourceRouteExists(d *schema.ResourceData, meta interface{}) (bool, error)
 }
 
 func resourceRouteRead(d *schema.ResourceData, meta interface{}) error {
-	cli := meta.(proto.RoutesClient)
+	cli := meta.(*route.Client)
 
-	rt, err := cli.Get(context.Background(), &proto.GetRouteRequest{Id: d.Id()})
+	rt, err := cli.Routes.Get(context.Background(), &proto.GetRouteRequest{Id: d.Id()})
 	if err != nil {
 		return err
 	}

cmd/terraform-provider-route/token.go

@@ -0,0 +1,99 @@
+package main
+
+import (
+	"context"
+	"log"
+
+	proto "git.xeserv.us/xena/route/proto"
+	"git.xeserv.us/xena/route/proto/route"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func tokenResource() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceTokenCreate,
+		Read:   resourceTokenRead,
+		Delete: resourceTokenDelete,
+		Exists: resourceTokenExists,
+
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"scopes": {
+				Type:     schema.TypeList,
+				Required: true,
+				ForceNew: true,
+			},
+		},
+	}
+}
+
+func resourceTokenCreate(d *schema.ResourceData, meta interface{}) error {
+	cli := meta.(*route.Client)
+
+	var scps []string
+
+	for _, val := range d.Get("scopes").([]interface{}) {
+		sc, ok := val.(string)
+		if !ok {
+			log.Printf("[INFO] can't decode %#v", sc)
+			continue
+		}
+
+		scps = append(scps, sc)
+	}
+
+	tok, err := cli.Tokens.Put(context.Background(), &proto.Token{Scopes: scps})
+	if err != nil {
+		return err
+	}
+
+	log.Printf("[INFO] created token with scopes %v and ID %s", tok.Scopes, tok.Id)
+
+	return nil
+}
+
+func resourceTokenDelete(d *schema.ResourceData, meta interface{}) error {
+	cli := meta.(*route.Client)
+
+	tok, err := cli.Tokens.Get(context.Background(), &proto.GetTokenRequest{Id: d.Id()})
+	if err != nil {
+		return err
+	}
+
+	_, err = cli.Tokens.Deactivate(context.Background(), tok)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func resourceTokenExists(d *schema.ResourceData, meta interface{}) (bool, error) {
+	cli := meta.(*route.Client)
+
+	_, err := cli.Tokens.Get(context.Background(), &proto.GetTokenRequest{Id: d.Id()})
+	if err != nil {
+		return false, err
+	}
+
+	return true, nil
+}
+
+func resourceTokenRead(d *schema.ResourceData, meta interface{}) error {
+	cli := meta.(*route.Client)
+
+	tok, err := cli.Tokens.Get(context.Background(), &proto.GetTokenRequest{Id: d.Id()})
+	if err != nil {
+		return err
+	}
+
+	d.SetId(tok.Id)
+	d.Set("body", tok.Body)
+	d.Set("active", tok.Active)
+	d.Set("scopes", tok.Scopes)
+
+	return nil
+}

doc/CODE_OF_CONDUCT.md

@@ -0,0 +1,31 @@
+# Code of Conduct
+
+These things are notoriously difficult to write and can be kind of long-winded and
+end up policing people's private lives. This is unteneble and this minimal code of 
+conduct is aimed to categorically avoid those issues.
+
+## Community Goal
+
+The goal of this community is to create improvements and make route and its 
+associated tools, resources and utilities the best they can possibly be in order to
+make route as easy, stable and reliable as possible such that it can meet almost
+any common workload you throw at it.
+
+## Act in good faith
+
+Humans make mistakes. Mistakes will be fixed after they are made (in some way or 
+another). Don't fault people for making mistakes if they are acting in good faith.
+
+## Don't make everywhere fight club
+
+People have private lives outside of this project. If something happens that isn't
+relevant to the project outside of the context of it, it is best to not make the
+project involved with it.
+
+Additionally, don't weaponize the statements in this document. It never ends well.
+
+## BDFL
+
+Christine Dodrill is the BDFL in case of all disputes that can't be solved normally.
+The decision process will either be based on their opinion, random chance, or 
+redefining things so that both options can be done if possible.

doc/README.md

@@ -1,8 +0,0 @@
-# Route
-
-Route is a load balancer that has backends connect to the load balancer instead
-of the load balancer connecting to backends. This model allows networks to be
-vastly simplified, no longer having to bring in consul or another consensus layer,
-no more configuration generation. 
-
-Project Stability: Alpha

doc/man/route-httpagent.1

@@ -0,0 +1,131 @@
+.Dd December 14, 2017
+.Dt ROUTE-HTTPAGENT 1 URM
+
+
+.Sh NAME
+.Nm route-httpagent
+.Nd agent to communicate between
+.Xr routed 1
+and a HTTP backend of your choice.
+
+
+.Sh SYNOPSIS
+.Nm
+.Op Fl backend Ar BACKEND
+.Op Fl domain Ar DOMAIN
+.Op Fl method Ar METHOD
+.Op Fl server Ar SERVER
+.Op Fl token Ar TOKEN
+
+
+.Sh DESCRIPTION
+.Nm
+communicates with
+.Xr routed 1
+to relay traffic from it and the TCP/HTTP backend of your choice.
+
+.Bl -tag -width "routed" -offset -indent -compact
+
+.It Fl backend Ar BACKEND
+Specifies the backend TCP/HTTP server
+.Nm
+should relay traffic to/from. This is specified in URI (RFC 3986) format. If this is not specified, the default value will be http://127.0.0.1:9090.
+
+.It Fl domain Ar DOMAIN
+Specifies the domain
+.Nm
+should use when authenticating with
+.Xr routed 1 .
+This must be set or
+.Nm
+will fail to launch.
+
+.It Fl method Ar METHOD
+Specifies the connection method that
+.Nm
+should use to relay traffic with
+.Xr routed 1 .
+This MUST be set to either "tcp" or "kcp". If this is not set, the default is "tcp".
+
+.It Fl server Ar SERVER
+Specifies the TCP/UDP host+port that
+.Xr routed 1
+is configured to accept agent connections from. See the manpage for
+.Xr routed 1
+for more information on how to configure this. This must be set by the user.
+
+.It Fl token Ar TOKEN
+Specifies the authentication token used to authenticate with
+.Xr routed 1
+when setting up an agent connection. This must be set by the user.
+
+
+.Sh ENVIRONMENT
+
+All of the above command line flags can be set as environment variables. Ex: -method becomes METHOD
+
+For convenience,
+.Nm
+will load key->value pairs from .env in its current working directory when it starts up. A reference for the environment variables
+.Nm
+reads follows:
+
+.Bl -tag -width "routed" -offset indent -compact
+
+.It Ev BACKEND
+Supplies the value for -backend
+
+.It Ev DOMAIN
+Supplies the value for -domain
+
+.It Ev METHOD
+Supplies the value for -method
+
+.It Ev SERVER
+supplies the value for -server
+
+.It Ev TOKEN
+supplies the value for -token
+
+.El
+
+
+.Sh IMPLEMENTATION NOTES
+
+In order for
+.Nm
+to route traffic, a route must be set up using
+.Xr route-cli 1 .
+Please see its manpage for more information on how to do this.
+
+This relies on an instance of
+.Xr routed 1
+to be running and reachable via either TCP or UDP.
+
+
+.Sh EXAMPLES
+
+route-httpagent -backend http://127.0.0.1:9090 -domain wusg-strugzi-wu.routed.xeserv.us -method tcp -server connect.routed.xeserv.us -token <secret_omitted> 
+
+route-httpagent -domain wusg-strugzi-wu.routed.xeserv.us -method tcp -server connect.routed.xeserv.us -token <secret_omitted>
+
+
+.Sh DIAGNOSTICS
+
+.Ex -std routed
+
+
+.Sh SEE ALSO
+
+.Bl -bullet
+
+.It
+.Xr route-cli 1
+
+.It
+.Xr routed 1
+
+.It
+https://tools.ietf.org/html/rfc3986
+
+.El

doc/man/routed.1

@@ -0,0 +1,129 @@
+.Dd December 12, 2017
+.Dt ROUTED 1 URM
+
+
+.Sh NAME
+.Nm routed
+.Nd TLS termination and reverse reverse proxying daemon.
+
+
+.Sh SYNOPSIS
+.Nm
+
+
+.Sh ENVIRONMENT
+
+.Bl -tag -width "routed" -offset indent -compact
+
+.It Ev BOLTDB_PATH
+Specifies the path to the boltdb database
+.Nm
+stores all of its relevant data in.
+
+.It Ev WEB_ADDR
+Specifies the host+port that
+.Nm
+will listen on for unsecured HTTP traffic. This will only forward traffic to HTTPS.
+
+.It Ev SSL_ADDR
+Specifies the host+port that
+.Nm
+will listen on for secure (TLS) traffic. This should have port 443 if you want Let's Encrypt to work (you probably want Let's Encrypt to work).
+
+.It Ev QUIC_ADDR
+Specifies the host+port that
+.Nm
+will listen on for secure (TLS) QUIC traffic. For more information see https://datatracker.ietf.org/wg/quic/about/. This should also be port 443, but is not essential for Let's Encrypt to work.
+
+.It Ev BACKEND_TCP_ADDR
+Specifies the host+port that
+.Nm
+will listen on for secure (TLS) TCP connections from backends. Any client that is successfully able to authenticate with
+.Nm
+on this port will relay HTTP traffic from to and from end users.
+
+.It Ev BACKEND_KCP_ADDR
+Specifies the host+port that
+.Nm
+will listen on for secure (TLS) KCP (reliable-UDP) connections from backends. Any client that is successfully able to authenticate with
+.Nm
+on this port will relay HTTP traffic from to and from end users.
+
+For more information about KCP, see https://github.com/xtaci/kcp-go
+
+.It Ev GRPC_ADDR
+Specifies the host+post that
+.Nm
+will listen on for secure (TLS) TCP gRPC connections from clients wishing to control
+.Nm
+configuration. Authentication is enforced and requires the use of an API token generated by the API call route.Tokens.Put.
+
+.It Ev DOMAIN_SUFFIX
+Specifies the domain suffix that
+.Nm
+will use when automatically generating a domain name for a newly created route. Please set this to something that has a wildcard DNS record pointing to your instances of routed.
+
+.It Ev ACME_EMAIL
+Specifies the email address that
+.Nm
+will use when creating a new account with Let's Encrypt. This assumes you have read (and agree to) the Let's Encrypt terms of service found here: https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf.
+
+.It Ev SSL_CERT_KEY
+Specifies the encryption key that
+.Nm
+will use when encrypting and decrypting SSL certificates when loading them from and saving them to the database. This can be created with
+.Xr route-cli 1 .
+
+.El
+
+
+.Sh IMPLEMENTATION NOTES
+
+In order for
+.Nm
+to route traffic, a route must be set up using
+.Xr route-cli 1 .
+Please see its manpage for more information on how to do this.
+
+.Nm
+exposes debugging and introspection information on a randomly generated port every time it starts up. The message will look something like:
+
+2017/12/13 02:06:56 manhole: Now listening on http://127.0.0.1:39245
+
+Expose this using
+.Xr route-httpagent 1
+or similar tools.
+
+.Nm
+can be managed using terraform. See
+.Xr terraform-provider-route 1
+for more information.
+
+
+.Sh EXAMPLES
+
+routed
+
+
+.Sh DIAGNOSTICS
+
+.Ex -std routed
+
+
+.Sh SEE ALSO
+
+.Bl -bullet
+
+.It
+https://datatracker.ietf.org/wg/quic/about/
+
+.It
+https://github.com/xtaci/kcp-go
+
+.It 
+https://grpc.io/
+
+.It
+https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf
+
+.El

doc/theory.md

@@ -0,0 +1,61 @@
+# Theory of route
+
+## Why does this project exist?
+
+HTTP load balancing is harder than it needs to be. Existing projects assume
+there is a direct line-of-fire from the load balancer to the underlying services.
+This is NOT always true. Containerization has lead to a lot of hacks such as
+overlay networks to offer this direct line-of-fire so that the load balancer
+can make a direct TCP connection to the underlying services.
+
+Route exists to invert this problem.
+
+In most networks, it is true that it is a lot easier to guarantee the backends
+have a direct line-of-fire to the load balancer, not the other way around.
+Why not just make a connection to the load balancer and re-use it for HTTP
+traffic?
+
+Route allows you to simplify your network architecture by removing the
+requirement that all backend services need a direct TCP line-of-fire to the
+load balancer. Route allows you to host HTTP services behind NAT. Route
+allows you to throw out overlay networks and return to a simpler cluster layout.
+
+## How does route work?
+
+Route has several basic nouns, they are:
+
+- route
+- backend
+- balancer
+- agent
+
+They are inter-related like this:
+
+```graphviz
+digraph G {
+    balancer -> agent
+    agent -> balancer
+    agent -> backend
+    backend -> agent
+
+    user -> balancer
+    balancer -> user
+}
+```
+
+### route
+
+A route is a combination of HTTP domain and path (currently unsupported, so
+assume `/`). An example route would be `cloudsdale.cf/`. This maps to the
+location users get.
+
+### backend
+
+A backend is the underlying service being proxied to by route. An example backend
+is Apache, Nginx or anything else that serves compliant HTTP/1.1 traffic.
+
+### balancer
+
+A balancer is an instance of `cmd/routed` running on some server somewhere.
+Balancers accept both agent and HTTP connections, proxying requests from the HTTP
+connections to agent connections and back.

internal/database/boltdb.go

@@ -29,6 +29,22 @@ var (
 type BoltDBStorage struct {
 	db *storm.DB
 	sb *simplebox.SimpleBox
+
+	cs *boltCertificateStorage
+	rs *boltRouteStorage
+	ts *boltTokenStorage
+}
+
+type boltCertificateStorage struct {
+	*BoltDBStorage
+}
+
+type boltRouteStorage struct {
+	*BoltDBStorage
+}
+
+type boltTokenStorage struct {
+	*BoltDBStorage
 }
 
 // NewBoltStorage creates a new Storage instance backed by BoltDB + Storm.
@@ -43,24 +59,43 @@ func NewBoltStorage(path string, key *[32]byte) (Storage, error) {
 		sb: simplebox.NewFromSecretKey(key),
 	}
 
-	return Storage(b), nil
+	b.cs = &boltCertificateStorage{b}
+	b.rs = &boltRouteStorage{b}
+	b.ts = &boltTokenStorage{b}
+
+	return b, nil
 }
 
+// Certs gets the certificate storage interface.
+func (b *BoltDBStorage) Certs() Certs { return b.cs }
+
+// Routes gets the route storage interface.
+func (b *BoltDBStorage) Routes() Routes { return b.rs }
+
+// Tokens gets the token storage interface.
+func (b *BoltDBStorage) Tokens() Tokens { return b.ts }
+
+// Close cleans up resources for this Storage.
+func (b *BoltDBStorage) Close() error { return b.db.Close() }
+
 // interface compliance
 var (
 	_ Storage = &BoltDBStorage{}
+	_ Certs   = &boltCertificateStorage{}
+	_ Routes  = &boltRouteStorage{}
+	_ Tokens  = &boltTokenStorage{}
 )
 
-func (b *BoltDBStorage) GetRoute(ctx context.Context, id string) (Route, error) {
+func (b *boltRouteStorage) Get(ctx context.Context, id string) (Route, error) {
 	return b.getRouteBy(ctx, "ID", id)
 }
 
-func (b *BoltDBStorage) GetRouteHost(ctx context.Context, id string) (Route, error) {
+func (b *boltRouteStorage) GetHost(ctx context.Context, id string) (Route, error) {
 	return b.getRouteBy(ctx, "Hostname", id)
 }
 
 // getRouteBy gets a single route out of the database by a given field data.
-func (b *BoltDBStorage) getRouteBy(ctx context.Context, match, val string) (Route, error) {
+func (b *boltRouteStorage) getRouteBy(ctx context.Context, match, val string) (Route, error) {
 	r := Route{}
 	err := b.db.One(match, val, &r)
 	if err != nil {
@@ -79,19 +114,17 @@ func (b *BoltDBStorage) getRouteBy(ctx context.Context, match, val string) (Rout
 	return r, nil
 }
 
-// GetAllRoutes gets all routes out of the database for a given user by username.
-func (b *BoltDBStorage) GetAllRoutes(ctx context.Context, user string) ([]Route, error) {
+// GetAll gets all routes out of the database for a given user by username.
+func (b *boltRouteStorage) GetAll(ctx context.Context, user string) ([]Route, error) {
 	rs := []Route{}
 	err := b.db.All(&rs)
 	return rs, err
 }
 
-// PutRoute creates a new route in the database.
-func (b *BoltDBStorage) PutRoute(ctx context.Context, domain, creator string) (Route, error) {
-	r := Route{
-		ID:       uuid.New(),
-		Creator:  creator,
-		Hostname: domain,
+// Put creates a new route in the database.
+func (b *boltRouteStorage) Put(ctx context.Context, r Route) (Route, error) {
+	if r.ID == "" {
+		r.ID = uuid.New()
 	}
 
 	err := b.db.Save(&r)
@@ -105,30 +138,30 @@ func (b *BoltDBStorage) PutRoute(ctx context.Context, domain, creator string) (R
 	return r, err
 }
 
-// DeleteRoute removes a route from the database.
-func (b *BoltDBStorage) DeleteRoute(ctx context.Context, id string) error {
+// Delete removes a route from the database.
+func (b *boltRouteStorage) Delete(ctx context.Context, inp Route) (Route, error) {
 	r := Route{}
-	err := b.db.One("ID", id, &r)
+	err := b.db.One("ID", inp.ID, &r)
 	if err != nil {
-		return err
+		return r, err
 	}
 	defer b.db.Commit()
 
 	ln.Log(ctx, r, ln.Action("route deleted from database"))
 
-	return b.db.DeleteStruct(&r)
+	return r, b.db.DeleteStruct(&r)
 }
 
-// GetToken fetches a token from the database. This is mainly used in validation
+// GetBody fetches a token from the database. This is mainly used in validation
 // of tokens.
-func (b *BoltDBStorage) GetToken(ctx context.Context, token string) (Token, error) {
+func (b *boltTokenStorage) GetBody(ctx context.Context, token string) (Token, error) {
 	t := Token{}
 	err := b.db.One("Body", token, &t)
 	return t, err
 }
 
-// GetTokenID fetches a token by a given token ID.
-func (b *BoltDBStorage) GetTokenID(ctx context.Context, id string) (Token, error) {
+// Get fetches a token by a given token ID.
+func (b *boltTokenStorage) Get(ctx context.Context, id string) (Token, error) {
 	t := Token{}
 	err := b.db.One("ID", id, &t)
 	if err != nil {
@@ -143,23 +176,20 @@ func (b *BoltDBStorage) GetTokenID(ctx context.Context, id string) (Token, error
 	return t, nil
 }
 
-// GetTokensForOwner fetches all of the tokens owned by a given owner.
-func (b *BoltDBStorage) GetTokensForOwner(ctx context.Context, owner string) ([]Token, error) {
+// GetAll fetches all of the tokens owned by a given owner.
+func (b *boltTokenStorage) GetAll(ctx context.Context, owner string) ([]Token, error) {
 	ts := []Token{}
 	err := b.db.Find("Owner", owner, &ts)
 	return ts, err
 }
 
-// PutToken adds a new token to the database.
-func (b *BoltDBStorage) PutToken(ctx context.Context, token, owner string, scopes []string) (Token, error) {
-	t := Token{
-		ID:     uuid.New(),
-		Body:   token,
-		Owner:  owner,
-		Scopes: scopes,
-
-		CreatedAt: time.Now(),
-		Active:    true,
+// Put adds a new token to the database.
+func (b *boltTokenStorage) Put(ctx context.Context, t Token) (Token, error) {
+	if t.ID == "" {
+		t.ID = uuid.New()
+		t.CreatedAt = time.Now()
+		t.Active = true
+		t.Body = uuid.New()
 	}
 
 	err := b.db.Save(&t)
@@ -173,38 +203,53 @@ func (b *BoltDBStorage) PutToken(ctx context.Context, token, owner string, scope
 	return t, nil
 }
 
-// DeleteToken removes a token from the database.
-func (b *BoltDBStorage) DeleteToken(ctx context.Context, id string) error {
+// Delete removes a token from the database.
+func (b *boltTokenStorage) Delete(ctx context.Context, id string) (Token, error) {
 	t := Token{}
 	err := b.db.One("ID", id, &t)
 	if err != nil {
-		return err
+		return t, err
 	}
 
 	ln.Log(ctx, t, ln.Action("token deleted from database"))
 
-	return b.db.DeleteStruct(&t)
+	return t, b.db.DeleteStruct(&t)
 }
 
-// DeactivateToken de-activates a token in the database. This should be used
-// instead of deletion in many cases.
-func (b *BoltDBStorage) DeactivateToken(ctx context.Context, id string) error {
-	t := Token{}
-	err := b.db.One("ID", id, &t)
+// DeleteExpired deletes all expired tokens.
+func (b *boltTokenStorage) DeleteExpired(ctx context.Context) error {
+	return errors.New("not implemented")
+}
+
+// GetAll fetches all certificates and returns their DECRYPTED BODIES to the caller.
+// This is intended for usage in migration tools only.
+func (b *boltCertificateStorage) GetAll(ctx context.Context) ([]CachedCert, error) {
+	var cc []CachedCert
+	err := b.db.All(&cc)
 	if err != nil {
-		return err
+		return nil, err
 	}
-	defer b.db.Commit()
 
-	t.Active = false
+	var result []CachedCert
 
-	ln.Log(ctx, t, ln.Action("token deactivated"))
+	for _, c := range cc {
+		r := CachedCert{
+			Key: c.Key,
+		}
 
-	return b.db.Save(&t)
+		r.Body, err = b.sb.Decrypt(c.Body)
+		if err != nil {
+			return nil, err
+		}
+
+		result = append(result, r)
+	}
+
+	return result, nil
 }
 
-// GetCert fetches a TLS certificate from the database.
-func (b *BoltDBStorage) GetCert(ctx context.Context, key string) ([]byte, error) {
+// Get fetches a TLS certificate from the database.
+func (b *boltCertificateStorage) Get(ctx context.Context, key string) ([]byte, error) {
 	cc := CachedCert{}
 	err := b.db.One("Key", key, &cc)
 	if err != nil {
@@ -213,33 +258,26 @@ func (b *BoltDBStorage) GetCert(ctx context.Context, key string) ([]byte, error)
 
 	var body []byte
 
-	switch cc.CryptoLevel {
-	case CryptoLevelNone:
-		body = cc.Body
-	case CryptoLevelSecretbox:
-		if b.sb == nil {
-			return nil, ErrCantDecryptCert
-		}
+	if b.sb == nil {
+		return nil, ErrCantDecryptCert
+	}
 
-		body, err = b.sb.Decrypt(cc.Body)
-		if err != nil {
-			return nil, err
-		}
+	body, err = b.sb.Decrypt(cc.Body)
+	if err != nil {
+		return nil, err
 	}
 
 	return body, nil
 }
 
-// PutCert adds a new TLS certificate to the database.
-func (b *BoltDBStorage) PutCert(ctx context.Context, key string, data []byte) error {
+// Put adds a new TLS certificate to the database.
+func (b *boltCertificateStorage) Put(ctx context.Context, key string, data []byte) error {
 	cc := CachedCert{
-		Key:         key,
-		CryptoLevel: CryptoLevelNone,
-		Body:        data,
+		Key:  key,
+		Body: data,
 	}
 
 	if b.sb != nil {
-		cc.CryptoLevel = CryptoLevelSecretbox
 		cc.Body = b.sb.Encrypt(data)
 	}
 
@@ -250,8 +288,8 @@ func (b *BoltDBStorage) PutCert(ctx context.Context, key string, data []byte) er
 	return b.db.Save(&cc)
 }
 
-// DeleteCert removes a certificate from the database.
-func (b *BoltDBStorage) DeleteCert(ctx context.Context, key string) error {
+// Delete removes a certificate from the database.
+func (b *boltCertificateStorage) Delete(ctx context.Context, key string) error {
 	cc := CachedCert{}
 	err := b.db.One("Key", key, &cc)
 	if err != nil {
@@ -264,8 +302,3 @@ func (b *BoltDBStorage) DeleteCert(ctx context.Context, key string) error {
 
 	return b.db.DeleteStruct(&cc)
 }
-
-// Close ...
-func (b *BoltDBStorage) Close() error {
-	return b.db.Close()
-}

internal/database/cert.go

@@ -1,22 +1,58 @@
 package database
 
-// CryptoLevel indicates what form of cryptography the certificate is stored
-// with.
-type CryptoLevel int
-
-// Crypto levels / strategies defined
-const (
-	// NOTE: this is defined for debugging / testing usage only
-	CryptoLevelNone CryptoLevel = iota
-
-	// Use the global set of secretbox keys
-	CryptoLevelSecretbox
+import (
+	"github.com/asdine/storm"
+	"golang.org/x/crypto/acme/autocert"
+	"golang.org/x/net/context"
 )
 
+// Certs is the set of API calls needed to manage certificate resources.
+//
+// Database backends should implement this interface, they will not need
+// to implement certificate decryption, as that will be handled in the layer
+// above this DAO.
+type Certs interface {
+	autocert.Cache
+
+	GetAll(ctx context.Context) ([]CachedCert, error)
+}
+
 // CachedCert is an individual cached certificate in the database.
 type CachedCert struct {
-	Key         string `storm:"id"`
-	CryptoLevel CryptoLevel
-	// PEM-encoded bytes with the above crypto level as a filter.
-	Body []byte
+	Key string `storm:"id"`
+
+	// Encrypted data
+	Body []byte // above as a byte slice
+}
+
+type storageManager struct {
+	Storage
+}
+
+func (s *storageManager) Get(ctx context.Context, key string) ([]byte, error) {
+	data, err := s.Certs().Get(ctx, key)
+	if err != nil {
+		if err == storm.ErrNotFound {
+			return nil, autocert.ErrCacheMiss
+		}
+
+		return nil, err
+	}
+
+	return data, nil
+}
+
+func (s *storageManager) Put(ctx context.Context, key string, data []byte) error {
+	return s.Certs().Put(ctx, key, data)
+}
+
+func (s *storageManager) Delete(ctx context.Context, key string) error {
+	return s.Certs().Delete(ctx, key)
+}
+
+// Cache creates an autocert.Cache from a Storage instance.
+func Cache(s Storage) autocert.Cache {
+	return autocert.Cache(&storageManager{
+		Storage: s,
+	})
 }

internal/database/cert_test.go

@@ -0,0 +1,65 @@
+package database
+
+import (
+	"context"
+	"os"
+	"testing"
+
+	"github.com/Xe/uuid"
+)
+
+const (
+	cryptoKey    = `I7EzBRcoFtbW6RuqKdFjxYTHC_bpQLPJO3zyS2R-sf8=`
+	certNameBase = "cert."
+	certValue    = "hunter2"
+)
+
+func testCerts(ctx context.Context, t *testing.T, c Certs) {
+	cn := certNameBase + uuid.New()
+
+	t.Run("put", func(t *testing.T) {
+		data := certValue + uuid.New()
+
+		err := c.Put(ctx, cn, []byte(data))
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		data2, err := c.Get(ctx, cn)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if data != string(data2) {
+			t.Fatalf("expected data to be %q, got %q", data, string(data2))
+		}
+	})
+
+	t.Run("get", func(t *testing.T) {
+		_, err := c.Get(ctx, cn)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	t.Run("delete", func(t *testing.T) {
+		err := c.Delete(ctx, cn)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		_, err = c.Get(ctx, cn)
+		if err == nil {
+			t.Fatal("able to fetch a deleted item")
+		}
+	})
+}
+
+func TestBoltDBCertStorage(t *testing.T) {
+	st, p, ctx, cancel := newTestBoltStorage(t)
+	defer os.RemoveAll(p)
+	defer st.Close()
+	defer cancel()
+
+	testCerts(ctx, t, st.Certs())
+}

internal/database/common_test.go

@@ -0,0 +1,43 @@
+package database
+
+import (
+	"testing"
+
+	"git.xeserv.us/xena/route/internal/routecrypto"
+	"github.com/Xe/uuid"
+	"golang.org/x/net/context"
+)
+
+func newTestBoltStorage(t *testing.T) (Storage, string, context.Context, context.CancelFunc) {
+	k, err := routecrypto.ParseKey(cryptoKey)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	p := uuid.New()
+
+	st, err := NewBoltStorage(p, k)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+
+	return st, p, ctx, cancel
+}
+
+func newTestPostgresStorage(t *testing.T, url string) (Storage, context.Context, context.CancelFunc) {
+	k, err := routecrypto.ParseKey(cryptoKey)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	st, err := NewPostgresStorage(url, k)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ctx, cancel := context.WithCancel(context.Background())
+
+	return st, ctx, cancel
+}

internal/database/dmigrations/bindata.go

@@ -0,0 +1,373 @@
+// Code generated by go-bindata.
+// sources:
+// 1513981282_certificates.down.sql
+// 1513981282_certificates.up.sql
+// 1513981599_routes.down.sql
+// 1513981599_routes.up.sql
+// 1513982254_tokens.down.sql
+// 1513982254_tokens.up.sql
+// postgres.sql
+// DO NOT EDIT!
+
+package dmigrations
+
+import (
+	"bytes"
+	"compress/gzip"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+)
+
+func bindataRead(data []byte, name string) ([]byte, error) {
+	gz, err := gzip.NewReader(bytes.NewBuffer(data))
+	if err != nil {
+		return nil, fmt.Errorf("Read %q: %v", name, err)
+	}
+
+	var buf bytes.Buffer
+	_, err = io.Copy(&buf, gz)
+	clErr := gz.Close()
+
+	if err != nil {
+		return nil, fmt.Errorf("Read %q: %v", name, err)
+	}
+	if clErr != nil {
+		return nil, err
+	}
+
+	return buf.Bytes(), nil
+}
+
+type asset struct {
+	bytes []byte
+	info  os.FileInfo
+}
+
+type bindataFileInfo struct {
+	name    string
+	size    int64
+	mode    os.FileMode
+	modTime time.Time
+}
+
+func (fi bindataFileInfo) Name() string {
+	return fi.name
+}
+func (fi bindataFileInfo) Size() int64 {
+	return fi.size
+}
+func (fi bindataFileInfo) Mode() os.FileMode {
+	return fi.mode
+}
+func (fi bindataFileInfo) ModTime() time.Time {
+	return fi.modTime
+}
+func (fi bindataFileInfo) IsDir() bool {
+	return false
+}
+func (fi bindataFileInfo) Sys() interface{} {
+	return nil
+}
+
+var __1513981282_certificatesDownSql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x72\x09\xf2\x0f\x50\xf0\xf4\x73\x71\x8d\x50\x70\x4e\x2d\x2a\xc9\x4c\xcb\x4c\x4e\x2c\x49\x2d\x8e\x4f\xc9\xcf\x4d\xcc\xcc\xb3\xe6\x02\xcb\x87\x38\x3a\xf9\xb8\xa2\xc8\x5b\x73\x01\x02\x00\x00\xff\xff\xb8\xef\x1e\x9f\x39\x00\x00\x00")
+
+func _1513981282_certificatesDownSqlBytes() ([]byte, error) {
+	return bindataRead(
+		__1513981282_certificatesDownSql,
+		"1513981282_certificates.down.sql",
+	)
+}
+
+func _1513981282_certificatesDownSql() (*asset, error) {
+	bytes, err := _1513981282_certificatesDownSqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "1513981282_certificates.down.sql", size: 57, mode: os.FileMode(420), modTime: time.Unix(1516564385, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var __1513981282_certificatesUpSql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x8c\x90\x31\x4f\xc3\x30\x10\x85\x77\xff\x8a\xa7\x4e\x89\x04\x03\x48\xb0\x74\x72\x93\xab\xb0\x48\xec\x92\xd8\x90\x4e\x91\x95\x18\xe4\xa1\x2d\x4a\x9c\xfe\x7e\x44\x1a\x02\x61\x40\x78\xf3\xe9\x7b\xf7\x9d\x5e\x52\x10\xd7\x04\xaa\x34\xc9\x52\x28\x09\xb1\x85\x54\x1a\x54\x89\x52\x97\x58\x0d\x83\x6f\xaf\x4f\x7d\xff\xbe\x5a\x33\x36\xc1\x9a\x6f\x32\xfa\x05\x26\xae\x0b\xfe\xd5\x37\x36\xb8\x9e\x01\x11\x7c\x8b\xaf\x67\x8c\x48\xe7\xcf\xae\x10\x39\x2f\xf6\x78\xa4\x3d\x52\xda\x72\x93\x69\x7c\x4a\xea\x37\x77\x74\x9d\x0d\xae\x3e\xdf\x1c\x9a\x28\x66\xc0\x15\xda\xd3\xc1\xfa\xe3\x98\x7b\xe6\x45\xf2\xc0\x8b\xe8\xf6\xee\x3e\x1e\xc5\xd2\x64\xd9\x05\xb2\xc1\x4e\xcb\x35\x55\x7a\x36\x2d\xa0\xa6\x73\x36\xb8\xb6\xb6\x01\x5a\xe4\x54\x6a\x9e\xef\x7e\x42\xf3\x2d\x52\xbd\x4c\x72\xd7\xfa\x29\xf1\xef\x88\x6d\x82\x3f\xbb\xd1\xbe\x51\x2a\x23\x2e\x97\xa7\xcc\x91\xd0\x0d\x8e\x01\xf1\x77\xa9\x46\x8a\x27\x43\x10\x32\xa5\xea\x8f\x6e\xeb\xa9\x12\x25\x17\x63\x44\x97\x79\xbc\x66\x1f\x01\x00\x00\xff\xff\xcf\x95\x0a\x45\xd2\x01\x00\x00")
+
+func _1513981282_certificatesUpSqlBytes() ([]byte, error) {
+	return bindataRead(
+		__1513981282_certificatesUpSql,
+		"1513981282_certificates.up.sql",
+	)
+}
+
+func _1513981282_certificatesUpSql() (*asset, error) {
+	bytes, err := _1513981282_certificatesUpSqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "1513981282_certificates.up.sql", size: 466, mode: os.FileMode(420), modTime: time.Unix(1516564385, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var __1513981599_routesDownSql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x72\x09\xf2\x0f\x50\x08\x71\x74\xf2\x71\x55\x08\xca\x2f\x2d\x49\x2d\xb6\xe6\x02\x04\x00\x00\xff\xff\xf9\xea\x76\x2b\x13\x00\x00\x00")
+
+func _1513981599_routesDownSqlBytes() ([]byte, error) {
+	return bindataRead(
+		__1513981599_routesDownSql,
+		"1513981599_routes.down.sql",
+	)
+}
+
+func _1513981599_routesDownSql() (*asset, error) {
+	bytes, err := _1513981599_routesDownSqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "1513981599_routes.down.sql", size: 19, mode: os.FileMode(420), modTime: time.Unix(1516564385, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var __1513981599_routesUpSql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x8c\x90\x3f\x6f\x83\x30\x14\xc4\x77\x7f\x8a\x53\x26\x90\xda\xa1\xa9\xda\x25\x93\x13\x5e\x54\xab\x60\x52\x63\xb7\x64\x42\x08\xac\x96\x21\x50\x81\xc9\xe7\xaf\xa0\x40\xff\x0e\xf1\xe6\xa7\xdf\xdd\x7b\x77\x3b\x45\x5c\x13\x28\xd5\x24\x13\x11\x4b\x88\x3d\x64\xac\x41\xa9\x48\x74\x82\x55\xdf\x57\xe5\x75\xd3\x75\xef\xab\x0d\x63\x13\xac\xf9\x36\xa4\x5f\xa0\x6a\x7a\x67\x3b\x06\x78\xa8\x4a\xcc\xcf\x18\x11\x2c\x9f\x83\x12\x11\x57\x47\x3c\xd2\x11\x01\xed\xb9\x09\x35\x06\xfb\xec\xd5\xd6\xb6\xcd\x9d\xcd\xce\x37\xa7\xc2\xf3\x19\x70\x85\xa2\xb5\xb9\x6b\xda\x41\xf7\xcc\xd5\xee\x81\x2b\xef\x76\xed\x63\x5c\x29\x4d\x18\x8e\xd0\x5b\xd3\xb9\x3a\x3f\xd9\x6f\xd0\xfa\xee\xde\xff\x09\x8d\x4e\xb6\xcc\x72\x07\x2d\x22\x4a\x34\x8f\x0e\x83\xed\x0c\x2d\xb7\xc8\xf8\x65\x5a\x6e\xcb\x6a\x52\x5c\x2c\xc9\x0b\x57\x9d\xed\x98\x73\x1b\xc7\x21\x71\xf9\x19\xfa\x8f\xc4\xb5\xbd\x65\x80\xff\x55\xa7\x91\xe2\xc9\x10\x84\x0c\x28\xfd\xb7\xd5\x6c\xc9\xd9\xd4\xd3\x08\xde\x3c\xf3\x37\xec\x23\x00\x00\xff\xff\x28\x30\xd1\x48\xc4\x01\x00\x00")
+
+func _1513981599_routesUpSqlBytes() ([]byte, error) {
+	return bindataRead(
+		__1513981599_routesUpSql,
+		"1513981599_routes.up.sql",
+	)
+}
+
+func _1513981599_routesUpSql() (*asset, error) {
+	bytes, err := _1513981599_routesUpSqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "1513981599_routes.up.sql", size: 452, mode: os.FileMode(420), modTime: time.Unix(1516564385, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var __1513982254_tokensDownSql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x72\x09\xf2\x0f\x50\xf0\xf4\x73\x71\x8d\x50\x08\xc9\xcf\x4e\xcd\x2b\x8e\x4f\xca\x4f\xa9\xb4\xe6\xe2\x02\x4b\x84\x38\x3a\xf9\xb8\x42\x25\xac\xb9\x00\x01\x00\x00\xff\xff\x35\x06\x52\x0d\x2c\x00\x00\x00")
+
+func _1513982254_tokensDownSqlBytes() ([]byte, error) {
+	return bindataRead(
+		__1513982254_tokensDownSql,
+		"1513982254_tokens.down.sql",
+	)
+}
+
+func _1513982254_tokensDownSql() (*asset, error) {
+	bytes, err := _1513982254_tokensDownSqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "1513982254_tokens.down.sql", size: 44, mode: os.FileMode(420), modTime: time.Unix(1516564385, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var __1513982254_tokensUpSql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x74\x90\x4f\x4b\xc3\x40\x10\xc5\xef\xfb\x29\x86\x9e\x12\xd0\x83\x15\xbd\xf4\xb4\x6d\xa7\xb8\x98\x6e\x6a\x32\xab\x29\x22\x21\x26\x83\x04\xb1\x1b\xb2\x49\xd1\x6f\x2f\x5d\x62\x6c\xfd\xb3\xb7\x07\xbf\xfd\xbd\xe1\x2d\x12\x94\x84\x80\x19\xa1\x4e\x55\xac\x41\xad\x40\xc7\x04\x98\xa9\x94\x52\x98\xf4\x7d\x5d\x9d\x5b\xe7\x9a\xc9\x4c\x88\x01\x26\x39\x8f\xf0\x07\x48\xf6\x95\x77\x4e\x00\x04\x50\x57\xf0\xf5\x8c\x51\xcb\x31\x6c\x12\xb5\x96\xc9\x16\x6e\x71\x0b\x4b\x5c\x49\x13\x11\x1c\xf4\xf9\x0b\xef\xb8\x2d\x3a\xce\xf7\x17\x6f\x65\x10\x0a\x80\x33\x78\xb6\xd5\xc7\xf0\xef\x5e\x26\x8b\x1b\x99\x04\xd3\xab\xeb\xd0\x57\x6a\x13\x45\x1e\x2a\x5b\x2e\x3a\xdb\x1e\x43\x97\xd3\x10\x4e\x21\x57\xda\x86\x9d\x37\x11\x66\xf4\xf8\x34\x68\x7f\x9b\xb8\xca\x8b\x0e\x48\xad\x31\x25\xb9\xde\x1c\x43\xe3\xc1\x3a\x7e\x18\x2e\xe4\xf7\xa6\x6e\xd9\xfd\xfb\xc5\x43\x45\xd9\xd5\x7b\xf6\x7d\xf3\x38\x8e\x50\xea\xd3\xf2\xd1\xdb\xb5\x3d\x0b\x80\xf0\x7b\x65\xa3\xd5\x9d\x41\x50\x7a\x89\xd9\x9f\x63\xe7\x7e\x23\xbb\x1b\x22\x04\x87\x1c\xce\xc4\x67\x00\x00\x00\xff\xff\x43\x54\xbb\x34\xd3\x01\x00\x00")
+
+func _1513982254_tokensUpSqlBytes() ([]byte, error) {
+	return bindataRead(
+		__1513982254_tokensUpSql,
+		"1513982254_tokens.up.sql",
+	)
+}
+
+func _1513982254_tokensUpSql() (*asset, error) {
+	bytes, err := _1513982254_tokensUpSqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "1513982254_tokens.up.sql", size: 467, mode: os.FileMode(420), modTime: time.Unix(1516564385, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _postgresSql = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xb4\x94\x4f\x8b\xea\x30\x14\xc5\xf7\xfd\x14\x77\x67\x85\x66\xf1\x56\x0f\xde\xe3\x21\xa2\x79\x4c\xa1\x2a\xd4\xce\xcc\x52\x62\x73\x9d\x09\x53\x1b\x49\xa2\x8c\xdf\x7e\x48\x5b\x35\xd1\xfa\x87\xa1\x03\x5d\x94\x40\xce\xf9\xdd\x73\x4f\x4b\x08\x94\x6c\x8d\x7f\x40\x94\x1a\x95\x21\x39\x2a\x23\x56\x22\x67\x06\x83\x78\x3a\xa7\x69\x06\xf1\x34\x9b\xc1\xe8\x74\xae\x43\x2e\xd7\x4c\x94\x11\x70\x66\x58\x1f\x5e\x86\xc9\x33\x9d\x43\x38\x88\x60\xd0\xff\x1b\x04\x47\xc9\x95\x28\x39\x91\x25\x7a\xa2\x73\x9a\xd0\x51\x06\x82\x47\xe0\xca\x44\x90\x2b\x64\x06\xf9\x82\x99\x08\x90\x8b\xc3\x2b\xcb\x8d\xd8\x21\xfc\x4f\x67\x13\x0f\x02\x5e\x9f\x68\x4a\x1b\x0d\xf8\x07\x03\x48\xe2\x49\x9c\xc1\x2f\x07\x40\xe1\x5a\xee\xf0\x02\x61\x4c\x13\x9a\xd1\xef\x49\xbe\xa1\x21\xac\x28\x5c\x3d\xdd\xd9\x4c\x8e\x4f\xb3\x0e\x25\xb7\x67\x8b\x48\xed\x89\x0e\x2b\x65\xa9\x22\x78\x97\xda\xd8\x2b\x67\x7b\x68\x5b\x43\x25\x46\x96\x7b\x22\xb8\x8b\x7c\x21\xf5\x10\x77\xcd\xd1\x44\x26\xf8\x95\xb8\x2e\xbd\xad\x49\xc7\xee\x87\x9b\xb7\x18\xec\xce\x2a\x06\x4d\x56\x52\x91\xad\x46\xd5\x31\x45\x23\x61\x21\x1c\x73\x8e\x05\x1a\x3c\x45\xe0\x95\xaf\x2d\xc3\xe1\x74\x7c\xbb\x81\x4d\x33\x8c\xfc\xc0\xd2\x6b\x46\x66\x4f\x74\xb8\x94\x7c\xef\x0c\xa4\x73\xb9\x41\x1d\x01\x7e\x6e\x84\x42\xbd\x60\xc6\x6f\x4a\xfd\xf4\xcf\x2a\x6e\x79\x6b\x07\x27\xa4\x2b\xca\x5e\x50\x47\x17\x3f\xa9\x9a\xed\x5e\x5b\x3c\x67\x5b\x16\xeb\xf8\x13\x04\x56\xe7\xce\x07\x5e\x31\xb4\x97\xa5\x2b\x8a\xf6\xc6\x38\x3f\xad\x7a\x03\x6e\x63\x1e\xcb\xb1\x91\xa8\x21\x78\x33\xca\x75\x9d\x13\x2c\x10\x10\xa5\x41\xb5\x63\x05\xf4\x7e\x03\x67\x7b\xdd\x0b\xbe\x02\x00\x00\xff\xff\x49\x2d\x7b\x8a\x23\x06\x00\x00")
+
+func postgresSqlBytes() ([]byte, error) {
+	return bindataRead(
+		_postgresSql,
+		"postgres.sql",
+	)
+}
+
+func postgresSql() (*asset, error) {
+	bytes, err := postgresSqlBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "postgres.sql", size: 1571, mode: os.FileMode(420), modTime: time.Unix(1516571679, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+// Asset loads and returns the asset for the given name.
+// It returns an error if the asset could not be found or
+// could not be loaded.
+func Asset(name string) ([]byte, error) {
+	cannonicalName := strings.Replace(name, "\\", "/", -1)
+	if f, ok := _bindata[cannonicalName]; ok {
+		a, err := f()
+		if err != nil {
+			return nil, fmt.Errorf("Asset %s can't read by error: %v", name, err)
+		}
+		return a.bytes, nil
+	}
+	return nil, fmt.Errorf("Asset %s not found", name)
+}
+
+// MustAsset is like Asset but panics when Asset would return an error.
+// It simplifies safe initialization of global variables.
+func MustAsset(name string) []byte {
+	a, err := Asset(name)
+	if err != nil {
+		panic("asset: Asset(" + name + "): " + err.Error())
+	}
+
+	return a
+}
+
+// AssetInfo loads and returns the asset info for the given name.
+// It returns an error if the asset could not be found or
+// could not be loaded.
+func AssetInfo(name string) (os.FileInfo, error) {
+	cannonicalName := strings.Replace(name, "\\", "/", -1)
+	if f, ok := _bindata[cannonicalName]; ok {
+		a, err := f()
+		if err != nil {
+			return nil, fmt.Errorf("AssetInfo %s can't read by error: %v", name, err)
+		}
+		return a.info, nil
+	}
+	return nil, fmt.Errorf("AssetInfo %s not found", name)
+}
+
+// AssetNames returns the names of the assets.
+func AssetNames() []string {
+	names := make([]string, 0, len(_bindata))
+	for name := range _bindata {
+		names = append(names, name)
+	}
+	return names
+}
+
+// _bindata is a table, holding each asset generator, mapped to its name.
+var _bindata = map[string]func() (*asset, error){
+	"1513981282_certificates.down.sql": _1513981282_certificatesDownSql,
+	"1513981282_certificates.up.sql": _1513981282_certificatesUpSql,
+	"1513981599_routes.down.sql": _1513981599_routesDownSql,
+	"1513981599_routes.up.sql": _1513981599_routesUpSql,
+	"1513982254_tokens.down.sql": _1513982254_tokensDownSql,
+	"1513982254_tokens.up.sql": _1513982254_tokensUpSql,
+	"postgres.sql": postgresSql,
+}
+
+// AssetDir returns the file names below a certain
+// directory embedded in the file by go-bindata.
+// For example if you run go-bindata on data/... and data contains the
+// following hierarchy:
+//     data/
+//       foo.txt
+//       img/
+//         a.png
+//         b.png
+// then AssetDir("data") would return []string{"foo.txt", "img"}
+// AssetDir("data/img") would return []string{"a.png", "b.png"}
+// AssetDir("foo.txt") and AssetDir("notexist") would return an error
+// AssetDir("") will return []string{"data"}.
+func AssetDir(name string) ([]string, error) {
+	node := _bintree
+	if len(name) != 0 {
+		cannonicalName := strings.Replace(name, "\\", "/", -1)
+		pathList := strings.Split(cannonicalName, "/")
+		for _, p := range pathList {
+			node = node.Children[p]
+			if node == nil {
+				return nil, fmt.Errorf("Asset %s not found", name)
+			}
+		}
+	}
+	if node.Func != nil {
+		return nil, fmt.Errorf("Asset %s not found", name)
+	}
+	rv := make([]string, 0, len(node.Children))
+	for childName := range node.Children {
+		rv = append(rv, childName)
+	}
+	return rv, nil
+}
+
+type bintree struct {
+	Func     func() (*asset, error)
+	Children map[string]*bintree
+}
+var _bintree = &bintree{nil, map[string]*bintree{
+	"1513981282_certificates.down.sql": &bintree{_1513981282_certificatesDownSql, map[string]*bintree{}},
+	"1513981282_certificates.up.sql": &bintree{_1513981282_certificatesUpSql, map[string]*bintree{}},
+	"1513981599_routes.down.sql": &bintree{_1513981599_routesDownSql, map[string]*bintree{}},
+	"1513981599_routes.up.sql": &bintree{_1513981599_routesUpSql, map[string]*bintree{}},
+	"1513982254_tokens.down.sql": &bintree{_1513982254_tokensDownSql, map[string]*bintree{}},
+	"1513982254_tokens.up.sql": &bintree{_1513982254_tokensUpSql, map[string]*bintree{}},
+	"postgres.sql": &bintree{postgresSql, map[string]*bintree{}},
+}}
+
+// RestoreAsset restores an asset under the given directory
+func RestoreAsset(dir, name string) error {
+	data, err := Asset(name)
+	if err != nil {
+		return err
+	}
+	info, err := AssetInfo(name)
+	if err != nil {
+		return err
+	}
+	err = os.MkdirAll(_filePath(dir, filepath.Dir(name)), os.FileMode(0755))
+	if err != nil {
+		return err
+	}
+	err = ioutil.WriteFile(_filePath(dir, name), data, info.Mode())
+	if err != nil {
+		return err
+	}
+	err = os.Chtimes(_filePath(dir, name), info.ModTime(), info.ModTime())
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// RestoreAssets restores an asset under the given directory recursively
+func RestoreAssets(dir, name string) error {
+	children, err := AssetDir(name)
+	// File
+	if err != nil {
+		return RestoreAsset(dir, name)
+	}
+	// Dir
+	for _, child := range children {
+		err = RestoreAssets(dir, filepath.Join(name, child))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func _filePath(dir, name string) string {
+	cannonicalName := strings.Replace(name, "\\", "/", -1)
+	return filepath.Join(append([]string{dir}, strings.Split(cannonicalName, "/")...)...)
+}
+

internal/database/migrations/1513981282_certificates.down.sql

@@ -0,0 +1,2 @@
+DROP INDEX Certificates_domain;
+DROP TABLE Certificates;

internal/database/migrations/1513981282_certificates.up.sql

@@ -0,0 +1,12 @@
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+CREATE TABLE IF NOT EXISTS Certificates
+  ( id         UUID         PRIMARY KEY DEFAULT uuid_generate_v1mc()
+  , domain     VARCHAR(256) NOT NULL
+  , data       TEXT         NOT NULL
+  , created_at TIMESTAMP    NOT NULL DEFAULT NOW()
+  , edited_at  TIMESTAMP    NOT NULL DEFAULT NOW()
+  , active     BOOLEAN      NOT NULL DEFAULT true
+  );
+
+CREATE UNIQUE INDEX IF NOT EXISTS Certificates_domain ON Certificates (domain);

internal/database/migrations/1513981599_routes.down.sql

@@ -0,0 +1 @@
+DROP TABLE Routes;

internal/database/migrations/1513981599_routes.up.sql

@@ -0,0 +1,12 @@
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+CREATE TABLE IF NOT EXISTS Routes
+  ( id         UUID         PRIMARY KEY DEFAULT uuid_generate_v1mc()
+  , creator    VARCHAR(32)  NOT NULL
+  , hostname   VARCHAR(256) NOT NULL
+  , created_at TIMESTAMP    NOT NULL DEFAULT NOW()
+  , edited_at  TIMESTAMP    NOT NULL DEFAULT NOW()
+  , active     BOOLEAN      NOT NULL DEFAULT true
+  );
+
+CREATE UNIQUE INDEX IF NOT EXISTS Routes_hostname on Routes (hostname);

internal/database/migrations/1513982254_tokens.down.sql

@@ -0,0 +1,3 @@
+DROP INDEX Tokens_body;
+
+DROP TABLE Tokens;

internal/database/migrations/1513982254_tokens.up.sql

@@ -0,0 +1,13 @@
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+CREATE TABLE IF NOT EXISTS Tokens
+  ( id         UUID         PRIMARY KEY DEFAULT uuid_generate_v1mc()
+  , body       VARCHAR(256) NOT NULL
+  , creator    VARCHAR(32)  NOT NULL
+  , scopes     TEXT[]       NOT NULL
+  , created_at TIMESTAMP    NOT NULL DEFAULT NOW()
+  , expires_at TIMESTAMP    NOT NULL
+  , active     BOOLEAN      NOT NULL DEFAULT true
+  );
+
+CREATE UNIQUE INDEX IF NOT EXISTS Tokens_body on Tokens (body);

internal/database/migrations/postgres.sql

@@ -0,0 +1,42 @@
+-- name: insert-certificate
+INSERT INTO Certificates(domain, data) VALUES ($1, $2);
+
+-- name: find-one-certificate
+SELECT id, domain, data, created_at, edited_at, active FROM Certificates WHERE domain = $1 LIMIT 1;
+
+-- name: remove-one-certificate
+DELETE FROM Certificates WHERE domain = $1 LIMIT 1;
+
+-- name: get-all-certificates
+SELECT id, domain, data, created_at, edited_at, active FROM Certificates;
+
+-- name: insert-route
+INSERT INTO Routes(creator, hostname) VALUES ($1, $2);
+
+-- name: find-one-route-by-id
+SELECT id, creator, hostname, created_at, edited_at, active FROM Routes WHERE id = $1 LIMIT 1;
+
+-- name: find-one-route-by-host
+SELECT id, creator, hostname, created_at, edited_at, active FROM Routes WHERE hostname = $1 LIMIT 1;
+
+-- name: find-all-routes-for-user
+SELECT id, creator, hostname, created_at, edited_at, active FROM Routes WHERE creator = $1;
+
+-- name: delete-one-route
+DELETE FROM Routes WHERE id = $1 AND domain = $2 LIMIT 1;
+
+-- name: insert-token
+INSERT INTO Tokens(body, creator, scopes, expires_at) VALUES ($1, $2, $3, $4);
+
+-- name: get-one-token
+SELECT id, body, creator, scopes, created_at, expires_at, active FROM Tokens WHERE id = $1 LIMIT 1;
+
+-- name: get-one-token-by-body
+SELECT id, body, creator, scopes, created_at, expires_at, active FROM Tokens WHERE body = $1 LIMIT 1;
+
+-- name: get-all-tokens-for-user
+SELECT id, body, creator, scopes, created_at, expires_at, active FROM Tokens WHERE creator = $1;
+
+-- name: remove-one-token
+DELETE FROM Tokens WHERE id = $1 LIMIT 1;
+

internal/database/postgres.go

@@ -0,0 +1,178 @@
+// +build ignore
+
+package database
+
+import (
+	"bytes"
+	"database/sql"
+	"log"
+
+	"git.xeserv.us/xena/route/internal/database/dmigrations"
+	"github.com/Xe/uuid"
+	"github.com/brandur/simplebox"
+	"github.com/gchaincl/dotsql"
+	_ "github.com/lib/pq"
+	"golang.org/x/net/context"
+)
+
+type PostgresStorage struct {
+	ds *dotsql.DotSql
+	db *sql.DB
+	sb *simplebox.SimpleBox
+
+	//cs *postgresCertificateStorage
+	rs *postgresRouteStorage
+	//ts *postgresTokenStorage
+}
+
+type postgresCertificateStorage struct {
+	*PostgresStorage
+}
+
+type postgresRouteStorage struct {
+	*PostgresStorage
+}
+
+type postgresTokenStorage struct {
+	*PostgresStorage
+}
+
+// NewPostgresStorage creates a new Storage instance backed by postgres at the
+// given URL.
+func NewPostgresStorage(url string, key *[32]byte) (Storage, error) {
+	db, err := sql.Open("postgres", url)
+	if err != nil {
+		return nil, err
+	}
+
+	data, err := dmigrations.Asset("postgres.sql")
+	if err != nil {
+		return nil, err
+	}
+
+	buf := bytes.NewBuffer(data)
+
+	ds, err := dotsql.Load(buf)
+	if err != nil {
+		return nil, err
+	}
+
+	for k := range ds.QueryMap() {
+		log.Printf("preparing %s", k)
+		stmt, err := ds.Prepare(db, k)
+		if err != nil {
+			db.Close()
+			return nil, err
+		}
+		defer stmt.Close()
+	}
+
+	p := &PostgresStorage{
+		db: db,
+		ds: ds,
+		sb: simplebox.NewFromSecretKey(key),
+	}
+
+	//p.cs = &postgresCertificateStorage{p}
+	p.rs = &postgresRouteStorage{p}
+	//p.ts = &postgresTokenStorage{p}
+
+	return p, nil
+}
+
+// Certs gets the certificate storage interface.
+func (p *PostgresStorage) Certs() Certs { return nil }
+
+// Routes gets the route storage interface.
+func (p *PostgresStorage) Routes() Routes { return p.rs }
+
+// Tokens gets the token storage interface.
+func (p *PostgresStorage) Tokens() Tokens { return nil }
+
+// Close cleans up resources for this Storage.
+func (p *PostgresStorage) Close() error { return p.db.Close() }
+
+// interface compliance
+var (
+	_ Storage = &PostgresStorage{}
+	//_ Certs   = &postgresCertificateStorage{}
+	_ Routes = &postgresRouteStorage{}
+	//_ Tokens  = &postgresTokenStorage{}
+)
+
+func (p *postgresRouteStorage) getRouteInner(ctx context.Context, arg string, kind string) (Route, error) {
+	r, err := p.ds.QueryRow(p.db, kind, arg)
+	if err != nil {
+		return Route{}, err
+	}
+
+	rt := Route{}
+
+	err = (&rt).Scan(r)
+	if err != nil {
+		return Route{}, err
+	}
+
+	return rt, nil
+}
+
+func (p *postgresRouteStorage) Get(ctx context.Context, id string) (Route, error) {
+	return p.getRouteInner(ctx, id, "find-one-route-by-id")
+}
+
+func (p *postgresRouteStorage) GetHost(ctx context.Context, host string) (Route, error) {
+	return p.getRouteInner(ctx, host, "find-one-route-by-host")
+}
+
+func (p *postgresRouteStorage) GetAll(ctx context.Context, user string) ([]Route, error) {
+	var result []Route
+
+	rows, err := p.ds.Query(p.db, "find-all-routes-for-user", user)
+	if err != nil {
+		return nil, err
+	}
+
+	defer rows.Close()
+	for rows.Next() {
+		rt := &Route{}
+
+		if err := rt.Scan(rows); err != nil {
+			return nil, err
+		}
+
+		result = append(result, *rt)
+	}
+
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+
+	return result, nil
+}
+
+func (p *postgresRouteStorage) Put(ctx context.Context, r Route) (Route, error) {
+	if r.ID == "" {
+		r.ID = uuid.New()
+	}
+
+	_, err := p.ds.Exec(p.db, "insert-route", r.ID, r.Hostname)
+	if err != nil {
+		return Route{}, err
+	}
+
+	return p.Get(ctx, r.ID)
+}
+
+func (p *postgresRouteStorage) Delete(ctx context.Context, r Route) (Route, error) {
+	rt, err := p.Get(ctx, r.ID)
+	if err != nil {
+		return Route{}, err
+	}
+
+	_, err = p.ds.Exec(p.db, "delete-one-route", rt.ID, rt.Hostname)
+	if err != nil {
+		return Route{}, err
+	}
+
+	return rt, nil
+}

internal/database/route.go

@@ -1,15 +1,36 @@
 package database
 
 import (
+	"io"
+	"time"
+
 	proto "git.xeserv.us/xena/route/proto"
 	"github.com/Xe/ln"
+	"golang.org/x/net/context"
 )
 
+// Routes is the set of API calls needed to manage Route resources.
+//
+// Database backends should implement this interface.
+type Routes interface {
+	io.Closer
+
+	Get(ctx context.Context, id string) (Route, error)
+	GetHost(ctx context.Context, host string) (Route, error)
+	GetAll(ctx context.Context, user string) ([]Route, error)
+	Put(ctx context.Context, r Route) (Route, error)
+	Delete(ctx context.Context, r Route) (Route, error)
+}
+
 // Route is a single HTTP route.
 type Route struct {
 	ID       string `storm:"id"`
 	Creator  string
 	Hostname string `storm:"unique"`
+
+	CreatedAt time.Time
+	EditedAt  time.Time
+	Active    bool
 }
 
 // F https://godoc.org/github.com/Xe/ln#F
@@ -21,7 +42,11 @@ func (r Route) F() ln.F {
 	}
 }
 
-// AsProto converts this into the protobuf.
+func (r *Route) Scan(row Scanner) error {
+	return row.Scan(&r.ID, &r.Creator, &r.Hostname, &r.CreatedAt, &r.EditedAt, &r.Active)
+}
+
+// AsProto converts this into a protobuf Route.
 func (r Route) AsProto() *proto.Route {
 	return &proto.Route{
 		Id:      r.ID,

internal/database/route_test.go

@@ -0,0 +1,85 @@
+package database
+
+import (
+	"os"
+	"testing"
+
+	"github.com/Xe/uuid"
+	"golang.org/x/net/context"
+)
+
+const (
+	creator  = "shachi"
+	hostBase = "shachi.loves."
+)
+
+func testRoutes(ctx context.Context, t *testing.T, r Routes) {
+	hostname := hostBase + uuid.New()
+	id := uuid.New()
+
+	t.Run("put", func(t *testing.T) {
+		rt := Route{
+			ID:       id,
+			Creator:  creator,
+			Hostname: hostname,
+		}
+
+		_, err := r.Put(ctx, rt)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	t.Run("get", func(t *testing.T) {
+		_, err := r.Get(ctx, id)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	t.Run("getHost", func(t *testing.T) {
+		_, err := r.GetHost(ctx, hostname)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	t.Run("getAll", func(t *testing.T) {
+		res, err := r.GetAll(ctx, creator)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(res) == 0 {
+			t.Fatal("didn't get any routes back for shachi")
+		}
+	})
+
+	t.Run("delete", func(t *testing.T) {
+		_, err := r.Delete(ctx, Route{ID: id})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		_, err = r.Get(ctx, id)
+		if err == nil {
+			t.Fatal("able to fetch a deleted item")
+		}
+	})
+}
+
+func TestBoltDBRouteStorage(t *testing.T) {
+	st, p, ctx, cancel := newTestBoltStorage(t)
+	defer os.RemoveAll(p)
+	defer st.Close()
+	defer cancel()
+
+	testRoutes(ctx, t, st.Routes())
+}
+
+func TestPostgresRouteStorage(t *testing.T) {
+	st, ctx, cancel := newTestPostgresStorage(t, os.Getenv("DATABASE_URL"))
+	defer st.Close()
+	defer cancel()
+
+	testRoutes(ctx, t, st.Routes())
+}

internal/database/storage.go

@@ -1,64 +1,14 @@
 package database
 
-import (
-	"github.com/asdine/storm"
-	"golang.org/x/crypto/acme/autocert"
-	"golang.org/x/net/context"
-)
-
 // Storage is the parent interface for the database backends of route.
 type Storage interface {
-	// routes
-	GetRoute(ctx context.Context, id string) (Route, error)
-	GetRouteHost(ctx context.Context, host string) (Route, error)
-	GetAllRoutes(ctx context.Context, user string) ([]Route, error)
-	PutRoute(ctx context.Context, domain, kind string) (Route, error)
-	DeleteRoute(ctx context.Context, id string) error
-
-	// tokens
-	GetToken(ctx context.Context, token string) (Token, error)
-	GetTokenID(ctx context.Context, id string) (Token, error)
-	GetTokensForOwner(ctx context.Context, owner string) ([]Token, error)
-	PutToken(ctx context.Context, token, owner string, scopes []string) (Token, error)
-	DeleteToken(ctx context.Context, id string) error
-	DeactivateToken(ctx context.Context, id string) error
-
-	// certificates
-	GetCert(ctx context.Context, key string) ([]byte, error)
-	PutCert(ctx context.Context, key string, data []byte) error
-	DeleteCert(ctx context.Context, key string) error
+	Certs() Certs
+	Routes() Routes
+	Tokens() Tokens
 
 	Close() error
 }
 
-type storageManager struct {
-	Storage
-}
-
-func (s *storageManager) Get(ctx context.Context, key string) ([]byte, error) {
-	data, err := s.GetCert(ctx, key)
-	if err != nil {
-		if err == storm.ErrNotFound {
-			return nil, autocert.ErrCacheMiss
-		} else {
-			return nil, err
-		}
-	}
-
-	return data, nil
-}
-
-func (s *storageManager) Put(ctx context.Context, key string, data []byte) error {
-	return s.PutCert(ctx, key, data)
-}
-
-func (s *storageManager) Delete(ctx context.Context, key string) error {
-	return s.DeleteCert(ctx, key)
-}
-
-// Cache creates an autocert.Cache from a Storage instance.
-func Cache(s Storage) autocert.Cache {
-	return autocert.Cache(&storageManager{
-		Storage: s,
-	})
+type Scanner interface {
+	Scan(...interface{}) error
 }

internal/database/token.go

@@ -1,11 +1,28 @@
 package database
 
-import "time"
 import (
+	"io"
+	"time"
+
 	proto "git.xeserv.us/xena/route/proto"
 	"github.com/Xe/ln"
+	"golang.org/x/net/context"
 )
 
+// Tokens is the set of API calls needed to manage Token resources.
+//
+// Database backends should implement this interface.
+type Tokens interface {
+	io.Closer
+
+	Get(ctx context.Context, id string) (Token, error)
+	GetBody(ctx context.Context, body string) (Token, error)
+	GetAll(ctx context.Context, user string) ([]Token, error)
+	Put(ctx context.Context, t Token) (Token, error)
+	Delete(ctx context.Context, id string) (Token, error)
+	DeleteExpired(ctx context.Context) error
+}
+
 // Token is a single authorization token.
 type Token struct {
 	ID     string `storm:"id"`
@@ -14,19 +31,27 @@ type Token struct {
 	Scopes []string
 
 	CreatedAt time.Time `json:"created_at"`
+	ExpiresAt time.Time `json:"expires_at"`
 	Active    bool      `json:"active"`
 }
 
 // F https://godoc.org/github.com/Xe/ln#F
 func (t Token) F() ln.F {
-	return ln.F{
-		"token-id":     t.ID,
-		"token-owner":  t.Owner,
-		"token-active": t.Active,
+	f := ln.F{
+		"token-id":         t.ID,
+		"token-owner":      t.Owner,
+		"token-active":     t.Active,
+		"token-created-at": t.CreatedAt.String(),
 	}
+
+	if !t.ExpiresAt.IsZero() {
+		f["token-expires-at"] = t.ExpiresAt.String()
+	}
+
+	return f
 }
 
-// AsProto ...
+// AsProto converts this into a protobuf Token.
 func (t Token) AsProto() *proto.Token {
 	return &proto.Token{
 		Id:     t.ID,

internal/database/token_test.go

@@ -0,0 +1,74 @@
+package database
+
+import (
+	"os"
+	"testing"
+
+	"golang.org/x/net/context"
+)
+
+func testTokens(ctx context.Context, t *testing.T, tk Tokens) {
+	var (
+		tokenID   string
+		tokenBody string
+	)
+
+	t.Run("put", func(t *testing.T) {
+		tok := Token{
+			Owner: creator,
+		}
+
+		tok2, err := tk.Put(ctx, tok)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		tokenID = tok2.ID
+		tokenBody = tok2.Body
+	})
+
+	t.Run("get", func(t *testing.T) {
+		_, err := tk.Get(ctx, tokenID)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	t.Run("getBody", func(t *testing.T) {
+		_, err := tk.GetBody(ctx, tokenBody)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	t.Run("getAll", func(t *testing.T) {
+		lis, err := tk.GetAll(ctx, creator)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if len(lis) == 0 {
+			t.Fatal("expected results but got none")
+		}
+	})
+
+	t.Run("delete", func(t *testing.T) {
+		_, err := tk.Delete(ctx, tokenID)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		_, err = tk.Get(ctx, tokenID)
+		if err == nil {
+			t.Fatal("can fetch a deleted resource")
+		}
+	})
+}
+
+func TestBoltDBTokenStorage(t *testing.T) {
+	st, p, ctx, cancel := newTestBoltStorage(t)
+	defer os.RemoveAll(p)
+	defer st.Close()
+	defer cancel()
+
+	testTokens(ctx, t, st.Tokens())
+}

internal/gluaroute/route.go

@@ -0,0 +1,49 @@
+package gluaroute
+
+import (
+	"net/http"
+
+	"git.xeserv.us/xena/route/proto"
+	"git.xeserv.us/xena/route/proto/route"
+	lua "github.com/yuin/gopher-lua"
+	luar "layeh.com/gopher-luar"
+)
+
+var exports = map[string]lua.LGFunction{
+	"new": newClient,
+}
+
+func newClient(L *lua.LState) int {
+	routedURL := L.ToString(1)
+	token := L.ToString(2)
+
+	L.Push(luar.New(L, route.New(routedURL, token, &http.Client{})))
+
+	return 1
+}
+
+type client struct {
+	*route.Client
+}
+
+type backends struct {
+	proto.Backends
+}
+
+type routes struct {
+	proto.Routes
+}
+
+type tokens struct {
+	proto.Tokens
+}
+
+func Preload(L *lua.LState) {
+	L.PreloadModule("svc", Loader)
+}
+
+func Loader(L *lua.LState) int {
+	mod := L.SetFuncs(L.NewTable(), exports)
+	L.Push(mod)
+	return 1
+}

internal/middleware/headers.go

@@ -0,0 +1,35 @@
+package middleware
+
+import (
+	"context"
+	"net/http"
+)
+
+type headerKey int
+
+const hdrKey headerKey = iota
+
+// GetHeaders fetches http headers from the request context.
+func GetHeaders(ctx context.Context) (http.Header, bool) {
+	h, ok := ctx.Value(hdrKey).(http.Header)
+	if !ok {
+		return http.Header{}, false
+	}
+
+	return h, true
+}
+
+// SaveHeaders adds the needed values to the request context for twirp services.
+func SaveHeaders(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		ctx := r.Context()
+
+		if ctx == nil {
+			panic("context is nil")
+		}
+
+		ctx = context.WithValue(ctx, hdrKey, r.Header)
+
+		next.ServeHTTP(w, r.WithContext(ctx))
+	})
+}

internal/middleware/trace.go

@@ -3,7 +3,6 @@ package middleware
 import (
 	"context"
 	"net/http"
-	"os"
 	"path/filepath"
 	"time"
 
@@ -12,30 +11,34 @@ import (
 )
 
 // Trace adds go stdlib tracing to this http handler.
-func Trace(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		sp := trace.New(filepath.Base(os.Args[0]+"-https"), r.Host+r.RequestURI)
-		defer sp.Finish()
-		ctx, cancel := context.WithTimeout(r.Context(), 30*time.Second)
-		defer cancel()
+func Trace(family string) func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			sp := trace.New(filepath.Base(family), r.Host+r.RequestURI)
+			defer sp.Finish()
+			ctx, cancel := context.WithTimeout(r.Context(), 30*time.Second)
+			defer cancel()
 
-		ctx = trace.NewContext(ctx, sp)
-		f := ln.F{
-			"method":      r.Method,
-			"path":        r.URL.Path,
-			"remote_addr": r.RemoteAddr,
-			"user_agent":  r.UserAgent(),
-		}
+			ctx = trace.NewContext(ctx, sp)
+			f := ln.F{
+				"family":      family,
+				"method":      r.Method,
+				"path":        r.URL.Path,
+				"remote_addr": r.RemoteAddr,
+				"user_agent":  r.UserAgent(),
+			}
+			ctx = ln.WithF(ctx, f)
 
-		next.ServeHTTP(w, r.WithContext(ctx))
+			next.ServeHTTP(w, r.WithContext(ctx))
 
-		ws, ok := w.(interface {
-			Status() int
+			ws, ok := w.(interface {
+				Status() int
+			})
+			if ok {
+				f["status"] = ws.Status()
+			}
+
+			ln.Log(ctx, f)
 		})
-		if ok {
-			f["status"] = ws.Status()
-		}
-
-		ln.Log(ctx, f)
-	})
+	}
 }

internal/server/backend.go

@@ -1,72 +0,0 @@
-package server
-
-import (
-	"git.xeserv.us/xena/route/internal/tun2"
-	proto "git.xeserv.us/xena/route/proto"
-	"github.com/Xe/ln"
-	"golang.org/x/net/context"
-)
-
-// Backend implements proto.BackendsServer for gRPC.
-type Backend struct {
-	*Server
-}
-
-// List returns a list of backends given filtering parameters.
-func (b *Backend) List(ctx context.Context, sel *proto.BackendSelector) (*proto.BackendList, error) {
-	clitok, err := b.getAuth(ctx, "backend list", "backend:list")
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "authentication for backend list"})
-	}
-
-	bl := map[string]tun2.Backend{}
-
-	switch {
-	case sel.Domain != "":
-		for _, bk := range b.ts.GetBackendsForDomain(sel.Domain) {
-			bl[bk.ID] = bk
-		}
-	case sel.User != "":
-		for _, bk := range b.ts.GetBackendsForUser(sel.User) {
-			bl[bk.ID] = bk
-		}
-	default:
-		for _, bk := range b.ts.GetAllBackends() {
-			bl[bk.ID] = bk
-		}
-	}
-
-	resp := &proto.BackendList{
-		Bs: sel,
-	}
-
-	for _, bk := range bl {
-		resp.Backends = append(resp.Backends, &proto.Backend{
-			Id:     bk.ID,
-			Proto:  bk.Proto,
-			User:   bk.User,
-			Domain: bk.Domain,
-			Phi:    bk.Phi,
-			Host:   bk.Host,
-			Usable: bk.Usable,
-		})
-	}
-
-	return resp, nil
-}
-
-// Kill removes a backend's connection by ID.
-func (b *Backend) Kill(ctx context.Context, bid *proto.BackendID) (*proto.Nil, error) {
-	clitok, err := b.getAuth(ctx, "backend list", "backend:list")
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "authentication for backend list"})
-	}
-
-	if err := b.ts.KillBackend(bid.Id); err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "killing backend", "backend_id": bid.Id})
-	}
-
-	ln.Log(ctx, clitok, ln.Action("backend killed"), ln.F{"backend_id": bid.Id})
-
-	return &proto.Nil{}, nil
-}

internal/server/common.go

@@ -1,65 +0,0 @@
-package server
-
-import (
-	"context"
-	"errors"
-
-	"git.xeserv.us/xena/route/internal/database"
-	"github.com/Xe/ln"
-	"golang.org/x/net/trace"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/metadata"
-)
-
-// errors
-var (
-	ErrNotAuthorized = errors.New("server: not authorized")
-)
-
-func (s *Server) getAuth(ctx context.Context, operation, scope string) (database.Token, error) {
-	var err error
-
-	md, ok := metadata.FromIncomingContext(ctx)
-	if !ok {
-		return database.Token{}, grpc.Errorf(codes.Unauthenticated, "valid token required.")
-	}
-
-	jwtToken, ok := md["authorization"]
-	if !ok {
-		return database.Token{}, grpc.Errorf(codes.Unauthenticated, "valid token required.")
-	}
-	val := jwtToken[0]
-
-	t, err := s.db.GetToken(ctx, val)
-	if err != nil {
-		return database.Token{}, grpc.Errorf(codes.Unauthenticated, "valid token required.")
-	}
-
-	ok = false
-	for _, sc := range t.Scopes {
-		if sc == scope {
-			ok = true
-		}
-	}
-	if !ok {
-		return database.Token{}, grpc.Errorf(codes.Unauthenticated, "invalid scope.")
-	}
-
-	ln.Log(ctx, t)
-
-	return t, nil
-}
-
-func handleError(ctx context.Context, clitok database.Token, err error, f ln.F) error {
-	tr, ok := trace.FromContext(ctx)
-	if !ok {
-		goto skip
-	}
-	tr.SetError()
-
-skip:
-	ln.Error(ctx, err, f, clitok)
-
-	return err
-}

internal/server/route.go

@@ -1,109 +0,0 @@
-package server
-
-import (
-	"git.xeserv.us/xena/route/internal/elfs"
-	proto "git.xeserv.us/xena/route/proto"
-	"github.com/Xe/ln"
-	"golang.org/x/net/context"
-)
-
-// Route implements rout.RoutesServer for gRPC
-type Route struct {
-	*Server
-}
-
-// interface assertions
-var (
-	_ proto.RoutesServer = &Route{}
-)
-
-// Get fetches a route from the database.
-func (r *Route) Get(ctx context.Context, req *proto.GetRouteRequest) (*proto.Route, error) {
-	clitok, err := r.getAuth(ctx, "get single route", "route:get")
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "Route.Get_getAuth"})
-	}
-
-	val, err := r.db.GetRoute(ctx, req.Id)
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "get single route from database", "id": req.Id})
-	}
-
-	if val.Creator != clitok.Owner {
-		return nil, handleError(ctx, clitok, ErrNotAuthorized, ln.F{"action": "Route.Get_wrong_ownership"})
-	}
-
-	return val.AsProto(), nil
-}
-
-// GetAll fetches all of the routes that you own.
-func (r *Route) GetAll(ctx context.Context, req *proto.Nil) (*proto.GetAllRoutesResponse, error) {
-	clitok, err := r.getAuth(ctx, "get all routes for user", "route:getall")
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "Route.GetAll_getAuth"})
-	}
-
-	routes, err := r.db.GetAllRoutes(ctx, clitok.Owner)
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "get all routes for user from database"})
-	}
-
-	result := []*proto.Route{}
-
-	// let result = apply routeAsProto routes
-	for _, rt := range routes {
-		result = append(result, rt.AsProto())
-	}
-
-	return &proto.GetAllRoutesResponse{
-		Routes: result,
-	}, nil
-}
-
-func (r *Route) Put(ctx context.Context, rt *proto.Route) (*proto.Route, error) {
-	clitok, err := r.getAuth(ctx, "put new route", "route:put")
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "Route.Put_getAuth"})
-	}
-
-	if rt.Host == "" {
-		rt.Host = elfs.MakeName() + r.cfg.DomainSuffix
-	}
-
-	drt, err := r.db.PutRoute(ctx, rt.Host, clitok.Owner)
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "put route to database"})
-	}
-
-	ln.Log(ctx, drt, ln.Action("created new route"))
-
-	return drt.AsProto(), nil
-}
-
-func (r *Route) Delete(ctx context.Context, rt *proto.Route) (*proto.Nil, error) {
-	clitok, err := r.getAuth(ctx, "delete single route", "route:delete")
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "Route.Delete_getAuth"})
-	}
-
-	drt, err := r.db.GetRoute(ctx, rt.Host)
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "fetch route from database", "host": rt.Host})
-	}
-
-	if drt.Creator != clitok.Owner {
-		return nil, handleError(ctx, clitok, ErrNotAuthorized, ln.F{"action": "user not authorized to delete this route", "host": rt.Host})
-	}
-
-	err = r.db.DeleteRoute(ctx, rt.Id)
-	f := drt.F()
-	f["action"] = "delete route from database"
-	if err != nil {
-		handleError(ctx, clitok, ErrNotAuthorized, f)
-	}
-
-	f["action"] = "deleted route from database"
-	ln.Log(ctx, f, drt)
-
-	return &proto.Nil{}, nil
-}

internal/server/server.go

@@ -1,197 +0,0 @@
-package server
-
-import (
-	"crypto/tls"
-	"errors"
-	"net"
-	"net/http"
-	"net/http/httputil"
-	"time"
-
-	"git.xeserv.us/xena/route/internal/database"
-	"git.xeserv.us/xena/route/internal/tun2"
-	proto "git.xeserv.us/xena/route/proto"
-	"github.com/Xe/ln"
-	"github.com/mtneug/pkg/ulid"
-	kcp "github.com/xtaci/kcp-go"
-	"golang.org/x/crypto/acme/autocert"
-	"golang.org/x/net/context"
-	"google.golang.org/grpc"
-	"google.golang.org/grpc/credentials"
-)
-
-// RPC constants
-const (
-	RPCPort uint16 = 39453
-)
-
-// Server is the main server type
-type Server struct {
-	cfg *Config
-	db  database.Storage
-	ts  *tun2.Server
-
-	*autocert.Manager
-}
-
-// Config configures Server
-type Config struct {
-	BoltDBPath string `env:"BOLTDB_PATH,required"`
-
-	WebAddr        string `env:"WEB_ADDR,required"`
-	SSLAddr        string `env:"SSL_ADDR,required"`
-	BackendTCPAddr string `env:"BACKEND_TCP_ADDR,required"`
-	BackendKCPAddr string `env:"BACKEND_KCP_ADDR,required"`
-	GRPCAddr       string `env:"GRPC_ADDR,required"`
-
-	DomainSuffix string `env:"DOMAIN_SUFFIX,required"`
-	ACMEEmail    string `env:"ACME_EMAIL,required"`
-	CertKey      *[32]byte
-}
-
-func (s *Server) listenTCP(ctx context.Context, addr string, tcfg *tls.Config) {
-	l, err := tls.Listen("tcp", addr, tcfg)
-	if err != nil {
-		panic(err)
-	}
-
-	ln.Log(ctx, ln.Action("tcp+tls listening"), ln.F{"addr": l.Addr()})
-
-	for {
-		conn, err := l.Accept()
-		if err != nil {
-			ln.Error(ctx, err, ln.Action("accept backend client socket"))
-		}
-
-		ln.Log(ctx, ln.F{
-			"action":  "new backend client",
-			"addr":    conn.RemoteAddr(),
-			"network": conn.RemoteAddr().Network(),
-		})
-
-		go s.ts.HandleConn(conn, false)
-	}
-}
-
-func (s *Server) listenKCP(ctx context.Context, addr string, tcfg *tls.Config) {
-	l, err := kcp.Listen(addr)
-	if err != nil {
-		panic(err)
-	}
-
-	ln.Log(ctx, ln.Action("kcp+tls listening"), ln.F{"addr": l.Addr()})
-
-	for {
-		conn, err := l.Accept()
-		if err != nil {
-			ln.Error(ctx, err, ln.F{"kind": "kcp", "addr": l.Addr().String()})
-		}
-
-		ln.Log(ctx, ln.F{
-			"action":  "new_client",
-			"network": conn.RemoteAddr().Network(),
-			"addr":    conn.RemoteAddr(),
-		})
-
-		tc := tls.Server(conn, tcfg)
-
-		go s.ts.HandleConn(tc, true)
-	}
-}
-
-// New creates a new Server
-func New(cfg Config) (*Server, error) {
-	if cfg.CertKey == nil {
-		return nil, errors.New("no cert decryption key, can't do anything")
-	}
-
-	db, err := database.NewBoltStorage(cfg.BoltDBPath, cfg.CertKey)
-	if err != nil {
-		return nil, err
-	}
-
-	m := &autocert.Manager{
-		Prompt:     autocert.AcceptTOS,
-		Cache:      database.Cache(db),
-		HostPolicy: nil,
-		Email:      cfg.ACMEEmail,
-	}
-
-	tcfg := &tun2.ServerConfig{
-		Storage: &storageWrapper{
-			Storage: db,
-		},
-	}
-
-	ts, err := tun2.NewServer(tcfg)
-	if err != nil {
-		return nil, err
-	}
-
-	s := &Server{
-		cfg: &cfg,
-		db:  db,
-		ts:  ts,
-
-		Manager: m,
-	}
-
-	tc := &tls.Config{
-		GetCertificate: m.GetCertificate,
-	}
-
-	go s.listenKCP(context.Background(), cfg.BackendKCPAddr, tc)
-	go s.listenTCP(context.Background(), cfg.BackendTCPAddr, tc)
-
-	// gRPC setup
-	gs := grpc.NewServer(grpc.Creds(credentials.NewTLS(tc)))
-
-	proto.RegisterBackendsServer(gs, &Backend{Server: s})
-	proto.RegisterRoutesServer(gs, &Route{Server: s})
-	proto.RegisterTokensServer(gs, &Token{Server: s})
-
-	l, err := net.Listen("tcp", cfg.GRPCAddr)
-	if err != nil {
-		return nil, err
-	}
-
-	go gs.Serve(l)
-
-	return s, nil
-}
-
-// Director removes headers that are typically stripped off at request ingress.
-func (s *Server) Director(r *http.Request) {
-	r.Header.Del("X-Forwarded-For")
-	r.Header.Del("X-Client-Ip")
-}
-
-func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	if r.Header.Get("X-Tor2web") != "" {
-		http.Error(w, "tor2web proxy use is not allowed", 400)
-		return
-	}
-
-	host, _, err := net.SplitHostPort(r.RemoteAddr)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-	r.Header.Set("X-Remote-Ip", host)
-	r.Header.Set("X-Request-Ingress", time.Now().Format(time.RFC3339))
-
-	rid := ulid.New().String()
-	r.Header.Set("X-Request-Id", rid)
-	w.Header().Set("X-Request-Id", rid)
-
-	// http://www.gnuterrypratchett.com/
-	w.Header().Set("X-Clacks-Overhead", "GNU Ashlynn")
-
-	rp := &httputil.ReverseProxy{
-		Director:      s.Director,
-		Transport:     s.ts,
-		FlushInterval: 1 * time.Second,
-	}
-
-	rp.ServeHTTP(w, r)
-}

internal/server/server_test.go

@@ -1,29 +0,0 @@
-package server
-
-import (
-	"net/http"
-	"testing"
-)
-
-func TestDirector(t *testing.T) {
-	s := &Server{}
-
-	req, err := http.NewRequest("GET", "https://cetacean.club/", nil)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	req.Header.Add("X-Forwarded-For", "Rick-James")
-	req.Header.Add("X-Client-Ip", "56.32.51.84")
-
-	s.Director(req)
-
-	for _, header := range []string{"X-Forwarded-For", "X-Client-Ip"} {
-		t.Run(header, func(t *testing.T) {
-			val := req.Header.Get(header)
-			if val != "" {
-				t.Fatalf("expected header %q to have no value, got: %v", header, val)
-			}
-		})
-	}
-}

internal/server/token.go

@@ -1,112 +0,0 @@
-package server
-
-import (
-	proto "git.xeserv.us/xena/route/proto"
-	"github.com/Xe/ln"
-	"github.com/Xe/uuid"
-	"golang.org/x/net/context"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-)
-
-// Token is the token server implementation for grpc use.
-type Token struct {
-	*Server
-}
-
-// interface assertions
-var (
-	_ proto.TokensServer = &Token{}
-)
-
-func (t *Token) Get(ctx context.Context, req *proto.GetTokenRequest) (*proto.Token, error) {
-	clitok, err := t.getAuth(ctx, "get single token", "token:get")
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "not authorized"})
-	}
-
-	if req.Id == "" {
-		return nil, status.Errorf(codes.InvalidArgument, "must specify ID")
-	}
-
-	dbt, err := t.db.GetTokenID(ctx, req.Id)
-	if err != nil {
-		return nil, err
-	}
-
-	if dbt.Owner != clitok.Owner {
-		return nil, ErrNotAuthorized
-	}
-
-	return dbt.AsProto(), nil
-}
-
-func (t *Token) GetAll(ctx context.Context, req *proto.Nil) (*proto.TokenSet, error) {
-	clitok, err := t.getAuth(ctx, "get all tokens", "token:getall")
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "Token.GetAll_getAuth"})
-	}
-
-	toks, err := t.db.GetTokensForOwner(ctx, clitok.Owner)
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "Token.GetAll_db.GetTokensForOwner"})
-	}
-
-	result := []*proto.Token{}
-
-	for _, tok := range toks {
-		result = append(result, tok.AsProto())
-	}
-
-	return &proto.TokenSet{
-		Tokens: result,
-	}, nil
-}
-
-func (t *Token) Put(ctx context.Context, tok *proto.Token) (*proto.Token, error) {
-	clitok, err := t.getAuth(ctx, "put new token", "token:put")
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "not authorized"})
-	}
-
-	dbt, err := t.db.PutToken(ctx, uuid.New(), clitok.Owner, tok.Scopes)
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "put token into database", "scopes": tok.Scopes})
-	}
-
-	ln.Log(ctx, dbt, ln.Action("new token created"))
-
-	return dbt.AsProto(), nil
-}
-
-func (t *Token) Delete(ctx context.Context, tok *proto.Token) (*proto.Nil, error) {
-	clitok, err := t.getAuth(ctx, "delete single token", "token:delete")
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "not authorized"})
-	}
-
-	err = t.db.DeleteToken(ctx, tok.Id)
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "delete token from database", "token_id": tok.Id})
-	}
-
-	ln.Log(ctx, clitok, ln.Action("token deleted"), ln.F{"token_id": tok.Id})
-
-	return &proto.Nil{}, nil
-}
-
-func (t *Token) Deactivate(ctx context.Context, tok *proto.Token) (*proto.Nil, error) {
-	clitok, err := t.getAuth(ctx, "deactivate single token", "token:deactivate")
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "not authorized"})
-	}
-
-	err = t.db.DeactivateToken(ctx, tok.Id)
-	if err != nil {
-		return nil, handleError(ctx, clitok, err, ln.F{"action": "deactivate token in database", "token_id": tok.Id})
-	}
-
-	ln.Log(ctx, clitok, ln.Action("deactivated token"), ln.F{"token_id": tok.Id})
-
-	return &proto.Nil{}, nil
-}

internal/tun2/connection.go

@@ -2,10 +2,8 @@ package tun2
 
 import (
 	"bufio"
-	"bytes"
 	"context"
 	"expvar"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"time"
@@ -130,7 +128,11 @@ func (c *Connection) RoundTrip(req *http.Request) (*http.Response, error) {
 	if err != nil {
 		return nil, errors.Wrap(err, ErrCantOpenSessionStream.Error())
 	}
-	defer stream.Close()
+
+	go func() {
+		<-req.Context().Done()
+		stream.Close()
+	}()
 
 	err = req.Write(stream)
 	if err != nil {
@@ -143,15 +145,6 @@ func (c *Connection) RoundTrip(req *http.Request) (*http.Response, error) {
 	if err != nil {
 		return nil, errors.Wrap(err, ErrCantReadResponse.Error())
 	}
-	defer resp.Body.Close()
-
-	body, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return nil, errors.Wrap(err, "can't read response body")
-	}
-
-	resp.Body = ioutil.NopCloser(bytes.NewBuffer(body))
-	resp.ContentLength = int64(len(body))
 
 	c.counter.Add(1)
 

internal/tun2/server.go

@@ -411,16 +411,19 @@ func (s *Server) RoundTrip(req *http.Request) (*http.Response, error) {
 	var conns []*Connection
 	ctx := req.Context()
 
+	f := ln.F{
+		"req_remote":         req.RemoteAddr,
+		"req_host":           req.Host,
+		"req_uri":            req.RequestURI,
+		"req_method":         req.Method,
+		"req_content_length": req.ContentLength,
+	}
+
 	val, ok := s.domains.Get(req.Host)
 	if ok {
 		conns, ok = val.([]*Connection)
 		if !ok {
-			ln.Error(ctx, ErrNoSuchBackend, ln.F{
-				"action": "no_backend_connected",
-				"remote": req.RemoteAddr,
-				"host":   req.Host,
-				"uri":    req.RequestURI,
-			})
+			ln.Error(ctx, ErrNoSuchBackend, f, ln.Action("no backend available"))
 
 			return gen502Page(req), nil
 		}
@@ -434,12 +437,7 @@ func (s *Server) RoundTrip(req *http.Request) (*http.Response, error) {
 	}
 
 	if len(goodConns) == 0 {
-		ln.Error(ctx, ErrNoSuchBackend, ln.F{
-			"action": "no_backend_connected",
-			"remote": req.RemoteAddr,
-			"host":   req.Host,
-			"uri":    req.RequestURI,
-		})
+		ln.Error(ctx, ErrNoSuchBackend, f, ln.Action("no good backends available"))
 
 		return gen502Page(req), nil
 	}
@@ -448,22 +446,15 @@ func (s *Server) RoundTrip(req *http.Request) (*http.Response, error) {
 
 	resp, err := c.RoundTrip(req)
 	if err != nil {
-		ln.Error(ctx, err, c, ln.F{
-			"action": "connection_roundtrip",
-		})
+		ln.Error(ctx, err, c, f, ln.Action("connection roundtrip"))
 
 		defer c.cancel()
 		return nil, err
 	}
 
-	ln.Log(ctx, c, ln.F{
-		"action":         "http traffic",
-		"remote_addr":    req.RemoteAddr,
-		"host":           req.Host,
-		"uri":            req.URL.Path,
-		"status":         resp.Status,
-		"status_code":    resp.StatusCode,
-		"content_length": resp.ContentLength,
+	ln.Log(ctx, c, ln.Action("http traffic"), f, ln.F{
+		"resp_status_code":    resp.StatusCode,
+		"resp_content_length": resp.ContentLength,
 	})
 
 	return resp, nil
@@ -474,5 +465,3 @@ type Auth struct {
 	Token  string `json:"token"`
 	Domain string `json:"domain"`
 }
-
-const defaultUser = "Cadey"

internal/tun2/server_test.go

@@ -174,21 +174,29 @@ func TestBackendRouting(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
+	defer l.Close()
 
 	go s.Listen(l, false)
 
 	cases := []struct {
-		name      string
-		should200 bool
-		handler   http.HandlerFunc
+		name           string
+		wantStatusCode int
+		handler        http.HandlerFunc
 	}{
 		{
-			name:      "200 everything's okay",
-			should200: true,
+			name:           "200 everything's okay",
+			wantStatusCode: http.StatusOK,
 			handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 				http.Error(w, "HTTP 200, everything is okay :)", http.StatusOK)
 			}),
 		},
+		{
+			name:           "500 internal error",
+			wantStatusCode: http.StatusInternalServerError,
+			handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				http.Error(w, "HTTP 500, the world is on fire", http.StatusInternalServerError)
+			}),
+		},
 	}
 
 	for _, cs := range cases {
@@ -213,7 +221,7 @@ func TestBackendRouting(t *testing.T) {
 
 			go c.Connect(ctx) // TODO: fix the client library so this ends up actually getting cleaned up
 
-			time.Sleep(time.Second)
+			time.Sleep(125 * time.Millisecond)
 
 			req, err := http.NewRequest("GET", "http://cetacean.club/", nil)
 			if err != nil {
@@ -225,9 +233,9 @@ func TestBackendRouting(t *testing.T) {
 				t.Fatalf("error in doing round trip: %v", err)
 			}
 
-			if cs.should200 && resp.StatusCode != http.StatusOK {
+			if cs.wantStatusCode != resp.StatusCode {
 				resp.Write(os.Stdout)
-				t.Fatalf("got status %d instead of StatusOK", resp.StatusCode)
+				t.Fatalf("got status %d instead of %d", resp.StatusCode, cs.wantStatusCode)
 			}
 		})
 	}
@@ -258,8 +266,6 @@ func setupTestServer() (*Server, *mockStorage, net.Listener, error) {
 }
 
 func BenchmarkHTTP200(b *testing.B) {
-	b.Skip("this benchmark doesn't work yet")
-
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 

mage.go

@@ -6,20 +6,19 @@ import (
 	"context"
 	"fmt"
 	"io/ioutil"
-	"log"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"runtime"
-	"strings"
 
 	"github.com/jtolds/qod"
 	"github.com/magefile/mage/mg"
-	"github.com/pkg/errors"
+	"github.com/olekukonko/tablewriter"
 )
 
 var wd string
 var arches []string
+var bins []string
+var tools []string
 
 func init() {
 	lwd, err := os.Getwd()
@@ -28,69 +27,18 @@ func init() {
 	wd = lwd
 
 	arches = []string{"amd64", "ppc64", "386", "arm", "arm64"}
+	bins = []string{"route-httpagent", "route-cli", "routed", "terraform-provider-route", "construct"}
+	tools = []string{
+		"github.com/golang/dep/cmd/dep",
+		"github.com/golang/protobuf/protoc-gen-go",
+		"github.com/twitchtv/twirp/protoc-gen-twirp",
+		"github.com/Xe/twirp-codegens/cmd/protoc-gen-twirp_eclier",
+		"github.com/jteeuwen/go-bindata/go-bindata",
+	}
 }
 
 const pkgBase = "git.xeserv.us/xena/route/"
 
-func output(cmd string, args ...string) (string, error) {
-	c := exec.Command(cmd, args...)
-	c.Env = os.Environ()
-	c.Stderr = os.Stderr
-	b, err := c.Output()
-	if err != nil {
-		return "", errors.Wrapf(err, `failed to run %v %q`, cmd, args)
-	}
-	return string(b), nil
-}
-
-func gitTag() (string, error) {
-	s, err := output("git", "describe", "--tags")
-	if err != nil {
-		ee, ok := errors.Cause(err).(*exec.ExitError)
-		if ok && ee.Exited() {
-			// probably no git tag
-			return "dev", nil
-		}
-		return "", err
-	}
-
-	return strings.TrimSuffix(s, "\n"), nil
-}
-
-func shouldWork(ctx context.Context, env []string, dir string, cmdName string, args ...string) {
-	loc, err := exec.LookPath(cmdName)
-	qod.ANE(err)
-
-	cmd := exec.CommandContext(ctx, loc, args...)
-	cmd.Dir = dir
-	cmd.Env = append(env, os.Environ()...)
-
-	cmd.Stdout = os.Stdout
-	cmd.Stderr = os.Stderr
-
-	log.Printf("starting process, env: %v, pwd: %s, cmd: %s, args: %v", env, dir, loc, args)
-	err = cmd.Run()
-	qod.ANE(err)
-}
-
-func goBuild(ctx context.Context, env []string, dir string, pkgname string) {
-	shouldWork(ctx, env, dir, "go", "build", "-v", pkgBase+pkgname)
-}
-
-func goInstall(ctx context.Context, env []string, pkgname string) {
-	shouldWork(ctx, nil, wd, "go", "install", pkgBase+pkgname)
-}
-
-func goBuildPlugin(ctx context.Context, dir, pkgname, fname string) {
-	if runtime.GOOS != "linux" {
-		qod.Printlnf("plugins don't work on non-linux machines yet :(")
-		return
-	}
-
-	shouldWork(ctx, nil, dir, "go", "build", "-v", "-buildmode=plugin", "-o="+fname, pkgBase+pkgname)
-	qod.Printlnf("built %s for %s", fname, runtime.GOOS)
-}
-
 func buildBins(goos, goarch string) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
@@ -99,7 +47,7 @@ func buildBins(goos, goarch string) {
 
 	os.MkdirAll(filepath.Join(d, goos, goarch), 0777)
 
-	for _, pkg := range []string{"route-httpagent", "route-cli", "routed", "terraform-provider-route"} {
+	for _, pkg := range bins {
 		env := []string{"GOOS=" + goos, "GOARCH=" + goarch}
 		goBuild(ctx, env, filepath.Join(d, goos, goarch), "cmd/"+pkg)
 		goInstall(ctx, env, "cmd/"+pkg)
@@ -108,6 +56,15 @@ func buildBins(goos, goarch string) {
 	}
 }
 
+// Dep reruns `dep`.
+func Dep() {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	shouldWork(ctx, nil, wd, "dep", "ensure", "-update")
+	shouldWork(ctx, nil, wd, "dep", "prune")
+}
+
 // Docker builds docker images
 func Docker() {
 	ctx, cancel := context.WithCancel(context.Background())
@@ -116,9 +73,9 @@ func Docker() {
 	ver, err := gitTag()
 	qod.ANE(err)
 
-	shouldWork(ctx, nil, wd, "box", "box.rb")
-	shouldWork(ctx, nil, wd, "docker", "tag", "xena/route:latest", "xena/route:"+ver)
-	shouldWork(ctx, nil, wd, "docker", "tag", "xena/route:thick", "xena/route:thick-"+ver)
+	shouldWork(ctx, nil, wd, "docker", "build", "-t", "xena/route-core", ".")
+	shouldWork(ctx, nil, wd+"/run", "docker", "build", "-t", "xena/routed:"+ver, "-f", "Dockerfile.routed", ".")
+	shouldWork(ctx, nil, wd+"/run", "docker", "build", "-t", "xena/route-httpagent:"+ver, "-f", "Dockerfile.agent", ".")
 }
 
 // Linux builds binaries for linux
@@ -142,10 +99,6 @@ func Darwin() {
 // Build builds the binaries for route and routed.
 func Build() {
 	buildBins(runtime.GOOS, runtime.GOARCH)
-
-	if runtime.GOOS == "linux" {
-		Plugin()
-	}
 }
 
 // Plugin builds all of the plugins for programs wanting to augment themselves with route.
@@ -212,3 +165,34 @@ func Test() {
 
 	shouldWork(ctx, nil, wd, "go", "test", "-v", "./...")
 }
+
+// Tools installs all of the needed tools for the project.
+func Tools(ctx context.Context) {
+	for _, t := range tools {
+		shouldWork(ctx, nil, wd, "go", "get", "-v", "-u", t)
+	}
+}
+
+// Generate runs code generators and the like.
+func Generate(ctx context.Context) {
+	dir := filepath.Join(wd, "proto")
+
+	shouldWork(ctx, nil, dir, "sh", "./regen.sh")
+	shouldWork(ctx, nil, filepath.Join(dir, "eclier"), "go-bindata", "-pkg", "edata", "-ignore", "bindata.go", ".")
+}
+
+// Vars shows the various variables that this magefile uses.
+func Vars() {
+	table := tablewriter.NewWriter(os.Stdout)
+
+	table.SetHeader([]string{"key", "value"})
+
+	table.Append([]string{"arches", fmt.Sprint(arches)})
+	table.Append([]string{"bins", fmt.Sprint(bins)})
+	table.Append([]string{"goarch", runtime.GOARCH})
+	table.Append([]string{"goos", runtime.GOOS})
+	table.Append([]string{"tools", fmt.Sprint(tools)})
+	table.Append([]string{"wd", wd})
+
+	table.Render()
+}

mage_helpers.go

@@ -0,0 +1,107 @@
+// +build mage
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
+
+	"github.com/jtolds/qod"
+	"github.com/kr/fs"
+	"github.com/pkg/errors"
+	"layeh.com/asar"
+)
+
+func output(cmd string, args ...string) (string, error) {
+	c := exec.Command(cmd, args...)
+	c.Env = os.Environ()
+	c.Stderr = os.Stderr
+	b, err := c.Output()
+	if err != nil {
+		return "", errors.Wrapf(err, `failed to run %v %q`, cmd, args)
+	}
+	return string(b), nil
+}
+
+func gitTag() (string, error) {
+	s, err := output("git", "describe", "--tags")
+	if err != nil {
+		ee, ok := errors.Cause(err).(*exec.ExitError)
+		if ok && ee.Exited() {
+			// probably no git tag
+			return "dev", nil
+		}
+		return "", err
+	}
+
+	return strings.TrimSuffix(s, "\n"), nil
+}
+
+func shouldWork(ctx context.Context, env []string, dir string, cmdName string, args ...string) {
+	loc, err := exec.LookPath(cmdName)
+	qod.ANE(err)
+
+	cmd := exec.CommandContext(ctx, loc, args...)
+	cmd.Dir = dir
+	cmd.Env = append(env, os.Environ()...)
+
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+
+	log.Printf("starting process, env: %v, pwd: %s, cmd: %s, args: %v", env, dir, loc, args)
+	err = cmd.Run()
+	qod.ANE(err)
+}
+
+func goBuild(ctx context.Context, env []string, dir string, pkgname string) {
+	shouldWork(ctx, env, dir, "go", "build", "-v", pkgBase+pkgname)
+}
+
+func goInstall(ctx context.Context, env []string, pkgname string) {
+	shouldWork(ctx, nil, wd, "go", "install", pkgBase+pkgname)
+}
+
+func goBuildPlugin(ctx context.Context, dir, pkgname, fname string) {
+	if runtime.GOOS != "linux" {
+		qod.Printlnf("plugins don't work on non-linux machines yet :(")
+		return
+	}
+
+	shouldWork(ctx, nil, dir, "go", "build", "-v", "-buildmode=plugin", "-o="+fname, pkgBase+pkgname)
+	qod.Printlnf("built %s for %s", fname, runtime.GOOS)
+}
+
+func asarPack(dir string) (*asar.Entry, error) {
+	b := &asar.Builder{}
+
+	w := fs.Walk(dir)
+	for w.Step() {
+		if err := w.Err(); err != nil {
+			fmt.Printf("walk error: %v\n", err)
+			continue
+		}
+
+		p := w.Path()
+		st := w.Stat()
+
+		if st.IsDir() {
+			w.SkipDir()
+		}
+
+		fin, err := os.Open(p)
+		if err != nil {
+			return nil, err
+		}
+		defer fin.Close()
+
+		b.Add(filepath.Base(p), fin, st.Size(), asar.FlagNone)
+	}
+
+	return b.Root(), nil
+}

proto/client/client.go

@@ -1 +0,0 @@
-package routeclient

proto/client/doc.go

@@ -1,2 +0,0 @@
-// Package routeclient is a higer level convenience wrapper around the RPC layer for route.
-package routeclient

proto/eclier/bindata.go

@@ -0,0 +1,465 @@
+// Code generated by go-bindata.
+// sources:
+// route_twirp_eclier_backends_kill.lua
+// route_twirp_eclier_backends_list.lua
+// route_twirp_eclier_routes_delete.lua
+// route_twirp_eclier_routes_get.lua
+// route_twirp_eclier_routes_get_all.lua
+// route_twirp_eclier_routes_put.lua
+// route_twirp_eclier_tokens_deactivate.lua
+// route_twirp_eclier_tokens_delete.lua
+// route_twirp_eclier_tokens_get.lua
+// route_twirp_eclier_tokens_get_all.lua
+// route_twirp_eclier_tokens_put.lua
+// DO NOT EDIT!
+
+package edata
+
+import (
+	"bytes"
+	"compress/gzip"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+	"time"
+)
+
+func bindataRead(data []byte, name string) ([]byte, error) {
+	gz, err := gzip.NewReader(bytes.NewBuffer(data))
+	if err != nil {
+		return nil, fmt.Errorf("Read %q: %v", name, err)
+	}
+
+	var buf bytes.Buffer
+	_, err = io.Copy(&buf, gz)
+	clErr := gz.Close()
+
+	if err != nil {
+		return nil, fmt.Errorf("Read %q: %v", name, err)
+	}
+	if clErr != nil {
+		return nil, err
+	}
+
+	return buf.Bytes(), nil
+}
+
+type asset struct {
+	bytes []byte
+	info  os.FileInfo
+}
+
+type bindataFileInfo struct {
+	name    string
+	size    int64
+	mode    os.FileMode
+	modTime time.Time
+}
+
+func (fi bindataFileInfo) Name() string {
+	return fi.name
+}
+func (fi bindataFileInfo) Size() int64 {
+	return fi.size
+}
+func (fi bindataFileInfo) Mode() os.FileMode {
+	return fi.mode
+}
+func (fi bindataFileInfo) ModTime() time.Time {
+	return fi.modTime
+}
+func (fi bindataFileInfo) IsDir() bool {
+	return false
+}
+func (fi bindataFileInfo) Sys() interface{} {
+	return nil
+}
+
+var _route_twirp_eclier_backends_killLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x5c\x52\x4d\x6b\xdc\x30\x10\xbd\xeb\x57\x3c\x74\xb2\x21\x36\xdb\x43\x2f\x0b\xbe\xb4\xc9\x21\x50\x1a\x28\xe9\xa9\x84\xa2\x95\xc7\xb6\x58\xaf\xe4\xce\x48\x4e\xfa\xef\x8b\xe4\xec\x47\x73\x30\x58\x7a\xef\xcd\x7b\x33\xa3\xa6\xc1\xd7\xd0\x13\x46\xf2\xc4\x26\x52\x8f\xc3\x5f\x2c\x1c\x62\xb0\xcd\x48\xbe\x89\xaf\x8e\x97\xdf\x64\x67\x47\x8c\xf5\x73\xbb\x6b\x77\xf7\x4f\xf8\xfe\xf4\x8c\x87\xfb\xc7\x67\xd5\x34\x90\x90\xd8\xd2\x1e\x1c\x52\xa4\xb6\x48\x95\x12\xcb\x6e\x89\xed\x4a\x7c\x40\x07\x7d\x30\xf6\x48\xbe\x97\xfd\xd1\xcd\xb3\x3e\xa3\x13\xcd\x4b\x46\x1f\xde\xc8\xa6\x48\x82\x13\xc5\x29\xf4\xc8\x24\x04\x0f\x21\x5e\x9d\x25\x9c\xd5\x18\x02\xa3\x04\xc2\x62\xec\xd1\x8c\x84\x37\xca\xa4\x36\x49\xbb\xd9\x9f\xa9\x17\x0f\x93\xe2\x14\x38\xbb\x9c\x8c\x9d\x9c\xa7\xe6\xd2\xa9\xbe\x49\x29\x2e\xf8\x4c\xda\x3a\xbc\x20\x49\xb2\x49\x07\xad\x95\x9a\x83\x35\x33\x86\xd9\x8c\xe8\xc0\xf4\x27\x39\x26\xe8\x7c\xd6\xef\x98\xac\xf6\x16\x92\xd5\x5e\x65\x82\xae\x68\x5b\x4f\xaf\x55\xad\xf2\xe0\xf2\x71\xeb\xe9\xcb\x96\xfa\xb1\x57\x83\xec\x25\xb2\xf3\x63\xa5\x5d\xaf\xef\xa0\xf3\xb7\x9a\x39\x51\x21\x9e\x48\x4a\x22\xc3\x23\x5c\xaf\x6b\xf5\x31\xe8\x20\xfb\xf2\x9b\x2d\x86\xe4\x6d\xcc\x7d\x71\xf2\x95\xe1\xb1\x56\x80\x1b\xb2\xf6\xd7\xa7\x17\x74\x1d\x74\x93\x37\xa0\x11\xf8\xbf\xcb\xf7\xdb\x38\x91\x57\x00\xb0\xb0\xf3\xb1\xba\x56\xae\xcb\x2d\x53\x4c\x9c\x09\xe4\x7b\xa5\x50\x2a\xec\x5e\xd0\xe1\x66\xf5\x0a\xb8\x4e\x4d\xb6\x78\x8b\x61\xa1\x2d\xce\x05\x66\x92\xfc\x10\x64\xb5\x65\x3c\x66\x71\x3f\x7f\x7c\xbb\x43\x0c\x47\xf2\xf5\xfe\xbc\xd3\xaa\x2e\xcf\xa7\x2a\xc5\x6a\xa5\xb2\xf1\xbf\x00\x00\x00\xff\xff\x9b\x1b\x96\x37\xbf\x02\x00\x00")
+
+func route_twirp_eclier_backends_killLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_backends_killLua,
+		"route_twirp_eclier_backends_kill.lua",
+	)
+}
+
+func route_twirp_eclier_backends_killLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_backends_killLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_backends_kill.lua", size: 703, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_backends_listLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x7c\x52\xc1\x6e\xdb\x3a\x10\xbc\xf3\x2b\x06\x3c\x59\x40\x24\xe4\x1d\xde\x45\x80\x2e\x6d\x72\x28\x50\x34\x40\x9b\x9e\x9a\xa0\xa0\xa9\x95\x4c\x44\x26\xd5\x5d\x52\x49\xff\xbe\x20\x65\xd9\x6e\x81\xf6\x60\xc0\xdc\x99\xd9\x9d\x5d\x4d\x5d\xe3\x7d\xe8\x09\x23\x79\x62\x13\xa9\xc7\xfe\x27\x66\x0e\x31\xd8\x7a\x24\x5f\xc7\x57\xc7\xf3\x77\xb2\x93\x23\xc6\xf2\x7f\x73\xdb\xdc\xde\x3d\xe0\xd3\xc3\x23\xee\xef\x3e\x3c\xaa\xba\x86\x84\xc4\x96\x5a\x70\x48\x91\x9a\x22\x55\x4a\x2c\xbb\x39\x36\x0b\xf1\x1e\x1d\xf4\xde\xd8\x17\xf2\xbd\xb4\x93\x93\xa8\x37\xf4\x40\xd3\x9c\xd1\xfb\x37\xb2\x29\x92\xe0\x48\xf1\x10\x7a\x64\x12\x82\x87\x10\x2f\xce\x12\x36\x35\x86\xc0\x28\x86\x30\x1b\xfb\x62\x46\xc2\x1b\x65\x52\x93\xa4\x59\xc7\x6f\xd4\xf3\x0c\x93\xe2\x21\x70\x9e\x72\x34\xf6\xe0\x3c\xd5\xe7\x4d\xf5\x95\x4b\x71\xc1\x67\xd2\xba\xe1\x19\x49\x92\x87\x74\xd0\x5a\xa9\x29\x58\x33\x61\x98\xcc\x88\x0e\x4c\x3f\x92\x63\x82\xce\x6f\x7d\xc2\x64\xb1\xd7\x90\x2c\xf6\x22\x13\x74\x45\xdb\x78\x7a\xdd\x55\x2a\x1f\x2e\x3f\xd7\x9d\xde\xad\xae\xbf\xd0\x44\x36\x06\x56\x83\xb4\x12\xd9\xf9\x71\xa7\xfb\x70\x34\xce\xeb\x1b\xe8\xfc\x5b\xcc\x94\xa8\x48\x8e\x24\xc5\x9b\xe1\x11\x27\x4e\x75\xad\x4b\x42\xfc\x6f\x55\x61\x54\xea\xcf\x55\x07\x69\xcb\xdf\x6c\x72\x48\xde\xc6\x7c\x19\x4e\x7e\x67\x78\xac\x14\xe0\x86\xac\xfe\xf6\xdf\x33\xba\x0e\xba\xce\xdf\x50\x23\xf0\x6f\xc5\x53\x35\x1e\xc8\x2b\x00\x98\xd9\xf9\xb8\xbb\x74\xae\x4a\x95\x29\x26\xce\x04\xf2\xbd\x52\x28\x1d\x6e\x9f\xd1\xe1\x2a\x3c\x0a\xb8\xdc\x5d\x56\x7b\xb3\x61\xa1\xd5\xce\x19\x66\x92\x1c\x25\x59\x6c\x39\xb0\x99\xdd\xd7\xcf\x1f\x6f\x10\xc3\x0b\xf9\xaa\xdd\x52\xb1\xab\x4a\x00\x77\xa5\x59\x51\xaf\xce\xf4\x5e\xda\xa7\xf8\x14\x35\x9a\x06\x31\x9c\x6e\x98\x7b\x36\x7b\x29\x6e\x37\xde\x96\xe3\xbf\xb1\x4f\x78\x55\xa9\xbc\xd4\xaf\x00\x00\x00\xff\xff\x5b\x4a\x7f\xf6\x5d\x03\x00\x00")
+
+func route_twirp_eclier_backends_listLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_backends_listLua,
+		"route_twirp_eclier_backends_list.lua",
+	)
+}
+
+func route_twirp_eclier_backends_listLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_backends_listLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_backends_list.lua", size: 861, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_routes_deleteLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x7c\x52\x4f\x6b\xdc\x3e\x10\xbd\xeb\x53\x3c\x74\xb2\x21\x36\xfb\x3b\xfc\x2e\x06\x9f\x9a\x1c\x0a\xa5\x81\x90\x9e\x4a\x28\x8a\x3c\xb6\x45\xbc\x92\x3b\x23\x39\xe9\xb7\x2f\x92\x37\xbb\x9b\x1e\x72\x30\x58\xf3\xde\x9b\x79\xf3\xa7\x69\xf0\x25\x0c\x84\x89\x3c\xb1\x89\x34\xe0\xf9\x0f\x56\x0e\x31\xd8\x66\x22\xdf\xc4\x57\xc7\xeb\x2f\xb2\x8b\x23\xc6\xf6\x7f\x7b\x68\x0f\xb7\xf7\xf8\x7e\xff\x88\xbb\xdb\xaf\x8f\xaa\x69\x20\x21\xb1\xa5\x0e\x1c\x52\xa4\xb6\x48\x95\x12\xcb\x6e\x8d\xed\x46\xfc\x8c\x1e\xba\x60\xd2\x0d\xb4\x50\x24\xfd\x8e\xce\xb4\xac\x19\xbd\x7b\x23\x9b\x71\x1c\x29\xce\x61\xc0\x4e\x43\xf0\x10\xe2\xcd\x59\xda\x73\x0b\xc6\xc0\x28\x86\xb0\x1a\xfb\x62\x26\xc2\x1b\x65\x4a\x9b\xa4\xdd\xcb\xef\xc4\x73\x05\x93\xe2\x1c\x38\xd7\x38\x1a\x3b\x3b\x4f\xcd\xb9\x4f\x7d\xe5\x51\x5c\xf0\x99\xb4\xf7\x77\x46\x92\xe4\x12\x3d\xb4\x56\x6a\x09\xd6\x2c\x18\x17\x33\xa1\x07\xd3\xef\xe4\x98\xa0\xf3\x5b\x9f\x30\xd9\xec\x35\x24\x9b\xbd\xc8\x04\x7d\xd1\xb6\x9e\x5e\xab\x5a\xe5\xb1\xe5\xe7\xde\xd1\x43\xf6\xac\x46\xe9\x24\xb2\xf3\x53\xa5\xdd\xa0\x6f\xa0\xf3\xb7\x99\x25\x51\x21\x1d\x49\x8a\x1b\xc3\x13\xdc\xa0\xeb\x6b\xbe\x65\x32\x31\xf0\xe7\xa2\x77\xd2\x07\xe5\x1c\x24\x7e\x2e\x2b\x8c\x5a\xfd\x3b\x92\x51\xba\xf2\x9b\x9b\x19\x93\xb7\x31\x4f\x90\x93\xaf\x0c\x4f\xb5\x02\xdc\x98\xd5\x3f\xff\x7b\x42\xdf\x43\x37\x79\xd3\x1a\x81\x3f\x04\x4f\xd1\x38\x93\x57\x00\xb0\xb2\xf3\xb1\xba\x64\xae\x4b\x94\x29\x26\xce\x04\xf2\x83\x52\x28\x19\x0e\x4f\xe8\x71\x75\x62\x0a\xb8\xec\x47\x76\x7b\xab\x61\xa1\xdd\xce\x19\x66\x92\x7c\x70\xb2\xd9\xb2\x08\xb3\xba\x1f\x0f\xdf\x6e\x10\xc3\x0b\xf9\xba\xdb\x6f\xa7\xaa\x4f\x67\x5a\x95\x64\xb5\x52\xb9\xf0\xdf\x00\x00\x00\xff\xff\x75\x1a\x14\x61\x27\x03\x00\x00")
+
+func route_twirp_eclier_routes_deleteLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_routes_deleteLua,
+		"route_twirp_eclier_routes_delete.lua",
+	)
+}
+
+func route_twirp_eclier_routes_deleteLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_routes_deleteLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_routes_delete.lua", size: 807, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_routes_getLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x84\x52\x4d\x6b\xdc\x30\x10\xbd\xeb\x57\x3c\x74\x5a\x43\x6c\xd2\x43\x2f\x06\x9f\x9a\x50\x0a\xa5\x81\x90\x9e\x9a\x50\x14\x79\x6c\x8b\x38\x92\x33\x92\x9c\xf4\xdf\x97\x91\xdd\xdd\x6d\x21\xf4\xb0\xb0\x9a\xf7\x31\x6f\xc6\x53\xd7\xf8\x14\x7a\xc2\x48\x9e\xd8\x24\xea\xf1\xf8\x0b\x0b\x87\x14\x6c\x3d\x92\xaf\xd3\xab\xe3\xe5\x27\xd9\xd9\x11\x63\xfd\xd8\x5c\x36\x97\x57\x37\xf8\x76\x73\x87\xeb\xab\x2f\x77\xaa\xae\x11\x43\x66\x4b\x2d\x38\xe4\x44\x4d\x91\x2a\x15\x2d\xbb\x25\x35\x2b\xf1\x23\x3a\xe8\x82\xc5\x76\xa4\xa4\xff\x40\x13\xcd\x8b\x40\xd7\x6f\x64\x05\xc4\x33\xa5\x29\xf4\x18\x29\x21\x78\x44\xe2\xd5\x59\xda\x5c\x23\x86\xc0\x28\x51\xb0\x18\xfb\x64\x46\xc2\x1b\x09\xa5\xc9\xb1\xd9\x1a\x6f\xc4\xa3\xbd\xc9\x69\x0a\x2c\x0d\x9e\x8d\x9d\x9c\xa7\xfa\x38\xa1\x3e\x4b\x17\x5d\xf0\x42\xda\x26\x3b\x22\x39\x4a\x8b\x0e\x5a\x2b\x35\x07\x6b\x66\x0c\xb3\x19\xd1\x81\xe9\x25\x3b\x26\x68\x79\xeb\x1d\x8b\xab\x3d\x87\xe2\x6a\x4f\xb2\x88\xae\x68\x1b\x4f\xaf\x87\x4a\xc9\xc2\xe4\xb9\x4d\xf4\x99\xd2\xad\xc4\xbe\xa5\x97\x4c\x31\xa9\x21\xb6\x31\xb1\xf3\xe3\x41\x67\x9f\x23\xf5\xfa\x02\x5a\x7e\xab\x99\x33\x15\xc9\x33\xc5\x92\xcd\xf0\x88\x9d\x53\x9d\xeb\xdc\x7f\x34\x4e\xf8\xff\x8e\x39\xc4\xb6\xfc\x95\x80\x43\xf6\x36\xc9\x56\x38\xfb\x83\xe1\xb1\x52\x80\x1b\x44\xfb\xe3\xc3\x03\xba\x0e\xba\x96\x4f\xa7\x11\xf8\xaf\xe2\x5e\x4d\x13\x79\x05\x00\x0b\x3b\x9f\x0e\x27\xe7\xaa\x54\x99\x52\x66\x21\x90\xef\x95\x42\x71\xb8\x7c\x40\x87\xb3\x83\x51\xc0\x69\xe7\x71\x8b\xb7\x18\x8e\xb4\xc5\x39\xc2\x4c\x51\x2e\x28\xae\xb6\x2c\xd7\x2c\xee\xfb\xed\xd7\x0b\xa4\xf0\x44\xbe\x6a\xb7\x7b\x38\x54\x72\x74\x87\xe2\x54\xa4\x5b\x2c\xed\xfa\xf6\x3e\xdd\x27\x8d\xa6\x41\x0a\xfb\xf2\xc4\xb0\x71\x7d\x89\xba\xf3\x2c\x93\x49\x81\xdf\x23\xef\xf0\xb9\x62\x0a\x31\xbd\x47\x17\xac\xaa\x94\xcc\xfe\x3b\x00\x00\xff\xff\x07\xd9\x95\x3a\x78\x03\x00\x00")
+
+func route_twirp_eclier_routes_getLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_routes_getLua,
+		"route_twirp_eclier_routes_get.lua",
+	)
+}
+
+func route_twirp_eclier_routes_getLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_routes_getLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_routes_get.lua", size: 888, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_routes_get_allLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x5c\x52\x4d\x6f\xdd\x20\x10\xbc\xf3\x2b\x46\x9c\x6c\xa9\xb6\x5e\x0f\xbd\x3c\xc9\xa7\x26\x87\x4a\x55\x22\x55\xe9\xa9\x89\x22\xc2\x5b\xdb\x28\x0e\xb8\xcb\xe2\xa4\xff\xbe\x02\xde\x57\x7b\x83\x9d\xd9\xd9\x19\x96\xae\xc3\xd7\x70\x20\x4c\xe4\x89\x8d\xd0\x01\x2f\x7f\xb0\x72\x90\x60\xbb\x89\x7c\x27\xef\x8e\xd7\x67\xb2\x8b\x23\xc6\xf6\xa5\xdf\xf5\xbb\x9b\x7b\xdc\xdd\x3f\xe0\xf6\xe6\xdb\x83\xea\x3a\xc4\x90\xd8\xd2\x1e\x1c\x92\x50\x5f\x5a\x95\x8a\x96\xdd\x2a\xfd\x46\xfc\x82\x01\xba\x60\x71\x3f\x91\x3c\x9b\x65\xd1\x27\x78\xa6\x65\xcd\xf0\xed\x07\xd9\x4c\xc0\x1b\xc9\x1c\x0e\x38\xf2\x10\x3c\x22\xf1\xe6\x2c\x55\xf5\x88\x31\x30\x8a\x25\xac\xc6\xbe\x9a\x89\xf0\x41\x99\xd2\xa7\xd8\x57\x03\x95\x78\x1e\x61\x92\xcc\x81\xf3\x90\x37\x63\x67\xe7\xa9\x3b\x27\xd5\x57\x2e\xa3\x0b\x3e\x93\x6a\xc2\x33\x92\x62\x1e\x31\x40\x6b\xa5\x96\x60\xcd\x82\x71\x31\x13\x06\x30\xfd\x4e\x8e\x09\x3a\xdf\xf5\x11\x8b\x9b\xbd\x86\xe2\x66\x2f\x6d\x11\x43\xe9\xed\x3d\xbd\x37\xad\xca\x0f\x97\xaf\x35\xd1\x9d\x5b\xd4\xff\x23\xc7\xb8\x2f\xc7\x4c\x1e\x93\xb7\x92\x1d\x72\xf2\x8d\xe1\xa9\x55\x80\x1b\x61\x78\xfa\xf5\xf9\x09\xc3\x00\xdd\xe5\xa7\xd4\x08\xfc\x4f\xf1\x58\x95\x99\xbc\x02\x80\x95\x9d\x97\xe6\xa2\xdc\x96\x2a\x93\x24\xce\x04\xf2\x07\xa5\x50\x14\x76\x4f\x18\x70\xb5\x44\x05\x5c\xf2\xc7\x6a\x6f\x35\x1c\xa9\xda\x39\xc3\x4c\x31\x6f\x34\x6e\xb6\x04\x35\xab\xfb\xf9\xe3\xfb\x27\x48\x78\x25\xdf\xee\xeb\x6e\x9a\xf6\xf4\x11\x9a\xa2\x56\xda\xab\xb5\xd3\x47\x79\x94\x47\xd1\xe8\x7b\x48\x88\xc2\xce\x4f\x4d\x16\x3e\xee\xb6\x6d\x55\x76\xfa\x37\x00\x00\xff\xff\xd4\xa1\xe0\x99\xba\x02\x00\x00")
+
+func route_twirp_eclier_routes_get_allLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_routes_get_allLua,
+		"route_twirp_eclier_routes_get_all.lua",
+	)
+}
+
+func route_twirp_eclier_routes_get_allLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_routes_get_allLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_routes_get_all.lua", size: 698, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_routes_putLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x7c\x52\xcd\x6a\xdc\x3c\x14\xdd\xeb\x29\x0e\x5a\x8d\x21\x36\xf9\x16\xdf\xc6\xe0\x55\x93\x45\xa1\x34\x10\xd2\x55\x13\x8a\x22\x5f\xdb\x22\x8e\xe4\x5e\x49\x4e\xfa\xf6\xe5\xca\xce\xcc\xa4\x90\x2c\x0c\x96\xce\x8f\xce\xfd\xa9\x6b\x7c\x09\x3d\x61\x24\x4f\x6c\x12\xf5\x78\xfc\x83\x85\x43\x0a\xb6\x1e\xc9\xd7\xe9\xc5\xf1\xf2\x8b\xec\xec\x88\xb1\xfe\xdf\x5c\x36\x97\x57\x37\xf8\x7e\x73\x87\xeb\xab\xaf\x77\xaa\xae\x11\x43\x66\x4b\x2d\x38\xe4\x44\x4d\x91\x2a\x15\x2d\xbb\x25\x35\x2b\xf1\x23\x3a\xe8\x82\xc5\x76\xc9\x49\xbf\x41\x13\xcd\x8b\x40\xd7\xaf\x64\x05\xc4\x33\xa5\x29\xf4\x58\x72\x42\xf0\x88\xc4\xab\xb3\xb4\xb9\x46\x0c\x81\x51\xa2\x60\x31\xf6\xc9\x8c\x84\x57\x12\x4a\x93\x63\xb3\x3d\xbc\x11\x8f\xf6\x26\xa7\x29\xb0\x3c\xf0\x6c\xec\xe4\x3c\xd5\xc7\x0a\xf5\x59\xba\xe8\x82\x17\xd2\x56\xd9\x11\xc9\x51\x9e\xe8\xa0\xb5\x52\x73\xb0\x66\xc6\x30\x9b\x11\x1d\x98\x7e\x67\xc7\x04\x2d\x67\xbd\x63\x71\xb5\xe7\x50\x5c\xed\x49\x16\xd1\x15\x6d\xe3\xe9\xe5\x50\x29\x69\x98\x1c\xb7\x8a\x6e\x25\xb3\x1a\x62\x1b\x13\x3b\x3f\x1e\xf4\x14\x62\xd2\x17\xd0\xf2\xad\x66\xce\x54\x68\xcf\x14\x4b\x1e\xc3\x23\x0a\xa3\x3a\xd7\xb8\xfe\x73\x85\xeb\xdf\xf3\x2d\x93\x49\x81\x3f\x17\xbd\x91\x2a\xf5\x6f\x4b\x86\xd8\x96\x5f\x29\x66\xc8\xde\x26\xe9\x20\x67\x7f\x30\x3c\x56\x0a\x70\x83\x18\xfc\xfc\xef\x01\x5d\x07\x5d\xcb\x98\x35\x02\xbf\xbb\xdc\x6f\xd3\x44\x5e\x01\xc0\xc2\xce\xa7\xc3\xc9\xb9\x2a\xb7\x4c\x29\xb3\x10\xc8\xf7\x4a\xa1\x38\x5c\x3e\xa0\xc3\xd9\x72\x29\xe0\x34\x9f\xb8\xc5\x5b\x0c\x47\xda\xe2\x1c\x61\xa6\x28\xdb\x16\x57\x5b\x06\x61\x16\xf7\xe3\xf6\xdb\x05\x52\x78\x22\x5f\xb5\xdb\xee\x1c\x2a\x59\xd0\x43\x71\x2a\xd2\x2d\x96\x76\x7d\x7b\x9f\xee\x93\x46\xd3\x20\x85\xbd\x8d\x62\xd8\xb8\xbe\x44\xdd\x79\x7b\xcf\x3e\x22\xef\xf0\xb9\x42\x86\xf9\x11\x5d\xb0\xaa\x52\x52\xfb\xdf\x00\x00\x00\xff\xff\x86\x08\x46\x8f\xa4\x03\x00\x00")
+
+func route_twirp_eclier_routes_putLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_routes_putLua,
+		"route_twirp_eclier_routes_put.lua",
+	)
+}
+
+func route_twirp_eclier_routes_putLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_routes_putLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_routes_put.lua", size: 932, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_tokens_deactivateLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x7c\x92\x41\x6f\xdb\x30\x0c\x85\xef\xfa\x15\x0f\x3a\xd9\x40\x6c\x64\x87\x5d\x02\xf8\xb4\xf6\x30\x60\x58\x81\x21\x3b\x0d\xc5\xa0\xc8\xb4\x23\xd4\x91\x3c\x52\x72\xdb\x7f\x3f\x48\xce\x92\x74\x40\x7b\xb3\xc9\xef\x91\x8f\x14\x9b\x06\x5f\x42\x4f\x18\xc9\x13\x9b\x48\x3d\x0e\xaf\x98\x39\xc4\x60\x9b\x91\x7c\x13\x9f\x1d\xcf\xbf\xc9\x4e\x8e\x18\xcb\xe7\x76\xdb\x6e\xef\x1e\xf0\xfd\x61\x8f\xfb\xbb\xaf\x7b\xd5\x34\x90\x90\xd8\xd2\x0e\x1c\x52\xa4\xb6\x48\x95\x12\xcb\x6e\x8e\xed\x42\x7c\x40\x07\x1d\xc3\x13\x79\xd9\xf5\x64\x6c\x74\x8b\x89\xa4\xff\x11\x47\x9a\xe6\x4c\xdc\xbf\x90\x4d\x91\x04\x27\x8a\xc7\xd0\xe3\x8a\x22\x78\x08\xf1\xe2\x2c\x61\xad\x83\x21\x30\x8a\x31\xcc\xc6\x3e\x99\x91\xf0\x42\x19\x69\x93\xb4\xab\x8d\x15\xbc\x74\x31\x29\x1e\x03\xe7\x3e\x27\x63\x8f\xce\x53\x73\x99\x57\xdf\x78\x15\x17\x7c\x86\xd6\x39\x2f\x99\x24\xb9\x45\x07\xad\x95\x9a\x82\x35\x13\x86\xc9\x8c\xe8\xc0\xf4\x27\x39\x26\xe8\xfc\xaf\xcf\x39\x59\xec\x6d\x4a\x16\x7b\x95\x09\xba\xa2\x6d\x3d\x3d\x57\xb5\xca\xeb\xcb\xbf\xeb\x44\xfb\xec\x59\x0d\xb2\x3b\x84\x30\x55\xba\xcc\x4f\x7a\x83\xc1\x4c\x42\x1b\xe8\xc5\x4c\x89\x0a\x79\x22\x29\x96\x0c\x8f\x38\x63\x75\x16\x4a\x64\xe7\xc7\x4a\xbb\x5e\x6f\xa0\xf5\xbb\x1a\xd7\xbf\xe5\x0f\xa1\x7f\xfd\x58\x51\x88\x1b\x8d\x54\x5a\x6c\x98\x49\xde\x97\x9c\xf3\xb5\xfa\x7f\x8d\x83\xec\xca\x67\x5e\xc0\x90\xbc\x8d\x79\xeb\x9c\x7c\x65\x78\xac\x15\xe0\x86\xac\xff\xf5\xe9\x11\x5d\x07\xdd\xe4\x0b\xd1\x08\xfc\x26\x78\x8e\xc6\x23\x79\x05\x00\x33\x3b\x1f\xab\x6b\xe5\xba\x44\x99\x62\xe2\x0c\x90\xef\x95\x42\xa9\xb0\x7d\x44\x87\x9b\xf3\x54\xc0\xf5\x4d\x65\xb5\x37\x1b\x16\x5a\xed\x5c\xd2\x4c\x92\x0f\x55\x16\x5b\x1e\xcf\xcc\xee\xe7\x8f\x6f\x9b\xf5\x22\xeb\xdd\x7a\x6f\x55\x7d\x73\xe2\x55\x29\x58\x2b\x95\x9b\xff\x0d\x00\x00\xff\xff\x41\x42\x7e\x72\x67\x03\x00\x00")
+
+func route_twirp_eclier_tokens_deactivateLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_tokens_deactivateLua,
+		"route_twirp_eclier_tokens_deactivate.lua",
+	)
+}
+
+func route_twirp_eclier_tokens_deactivateLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_tokens_deactivateLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_tokens_deactivate.lua", size: 871, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_tokens_deleteLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x7c\x52\xc1\x6a\xdc\x30\x10\xbd\xeb\x2b\x1e\x3a\xd9\x10\x9b\xed\xa1\x97\x05\x9f\x9a\x1c\x0a\xa5\x81\xb2\x3d\x95\x50\xb4\xf2\xd8\x2b\xe2\x95\xdc\x19\xc9\x49\xfe\xbe\x48\xde\xee\xba\x85\xf4\x60\xb0\xf4\xde\x9b\x79\x33\x7a\x4d\x83\x4f\xa1\x27\x8c\xe4\x89\x4d\xa4\x1e\xc7\x37\xcc\x1c\x62\xb0\xcd\x48\xbe\x89\x2f\x8e\xe7\x9f\x64\x27\x47\x8c\xe5\x63\xbb\x6b\x77\xf7\x8f\xf8\xfa\x78\xc0\xc3\xfd\xe7\x83\x6a\x1a\x48\x48\x6c\x69\x0f\x0e\x29\x52\x5b\xa4\x4a\x89\x65\x37\xc7\x76\x21\x3e\xa2\x83\x8e\xe1\x99\xbc\xec\x7b\x9a\x28\x92\xfe\x83\x9e\x68\x9a\x33\xfa\xf0\x4a\x36\x45\x12\x9c\x29\x9e\x42\x8f\x95\x86\xe0\x21\xc4\x8b\xb3\x84\x55\x8f\x21\x30\x8a\x21\xcc\xc6\x3e\x9b\x91\xf0\x4a\x99\xd2\x26\x69\xd7\xf6\x2b\xf1\xda\xc1\xa4\x78\x0a\x9c\x7b\x9c\x8d\x3d\x39\x4f\xcd\x75\x4e\xbd\xf1\x28\x2e\xf8\x4c\x5a\xe7\xbb\x22\x49\x72\x8b\x0e\x5a\x2b\x35\x05\x6b\x26\x0c\x93\x19\xd1\x81\xe9\x57\x72\x4c\xd0\xf9\xac\x2f\x98\x2c\x76\x0b\xc9\x62\x6f\x32\x41\x57\xb4\xad\xa7\x97\xaa\x56\x79\x6d\xf9\xb8\x4e\x74\xc8\x9e\xd5\x20\x7b\x89\xec\xfc\x58\x69\xd7\xeb\x3b\xe8\xfc\x2d\x66\x4a\x54\x48\x67\x92\xe2\xc6\xf0\x08\xd7\xeb\x7a\xcb\x3f\x86\xfe\xed\xff\x8a\xc2\xd8\x68\xa4\xd2\x62\xc3\x4c\xf2\xbe\xe4\x82\x17\xd1\x31\x84\xa9\xd2\xc6\x46\xb7\x90\xbe\xc3\x60\x26\xa1\x77\x85\x17\x5a\xad\xfe\x5d\xe3\x20\xfb\xf2\x9b\x17\x30\x24\x6f\x63\xde\x3a\x27\x5f\x19\x1e\x6b\x05\xb8\x21\xeb\x7f\x7c\x78\x42\xd7\x41\x37\x39\x1d\x1a\x81\xff\xba\xbc\xdc\xc6\x13\x79\x05\x00\x33\x3b\x1f\xab\x5b\xe5\xba\xdc\x32\xc5\xc4\x99\x40\xbe\x57\x0a\xa5\xc2\xee\x09\x1d\x36\xb1\x54\xc0\xed\x4d\x65\xb5\x37\x1b\x16\x5a\xed\x5c\x61\x26\xc9\x21\x95\xc5\x96\xc7\x33\xb3\xfb\xfe\xed\xcb\xdd\x9a\xc8\x7a\xbf\xe6\xad\xaa\x2f\xd1\xae\x4a\xb1\x5a\xa9\xdc\xf8\x77\x00\x00\x00\xff\xff\x50\xe4\x70\xe6\x5b\x03\x00\x00")
+
+func route_twirp_eclier_tokens_deleteLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_tokens_deleteLua,
+		"route_twirp_eclier_tokens_delete.lua",
+	)
+}
+
+func route_twirp_eclier_tokens_deleteLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_tokens_deleteLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_tokens_delete.lua", size: 859, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_tokens_getLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x7c\x92\x41\x6b\xdc\x3e\x10\xc5\xef\xfa\x14\x0f\x9d\x6c\x88\x4d\xfe\x87\xff\xc5\xe0\x53\x13\x4a\xa1\x34\x10\xb6\xa7\x26\x14\xad\x3c\xf6\x8a\x78\x25\x67\x24\x39\xc9\xb7\x2f\x92\xb6\xbb\x6e\x61\x7b\x58\x58\xe9\xfd\xde\xe8\xcd\x78\x9a\x06\x9f\xdc\x40\x98\xc8\x12\xab\x40\x03\xf6\x1f\x58\xd8\x05\xa7\x9b\x89\x6c\x13\xde\x0c\x2f\x3f\x49\xcf\x86\x18\xeb\xff\xed\x6d\x7b\x7b\xf7\x80\x6f\x0f\x3b\xdc\xdf\x7d\xd9\x89\xa6\x81\x77\x91\x35\x75\x60\x17\x03\xb5\xd9\x2a\x84\xd7\x6c\x96\xd0\xae\xc4\x7b\xf4\x90\xc1\xbd\x90\xf5\xdd\x44\x41\xfe\x96\x0e\x34\x2f\x49\xba\x7f\x27\x1d\x03\x79\x1c\x29\x1c\xdc\x80\x89\x02\x9c\x85\x27\x5e\x8d\x26\x14\x27\x46\xc7\xc8\x51\xb0\x28\xfd\xa2\x26\xc2\x3b\x25\xa4\x8d\xbe\x2d\x0f\x17\xf0\x5c\x5e\xc5\x70\x70\x9c\x1e\x38\x2a\x7d\x30\x96\x9a\x73\x87\x72\x93\xce\x1b\x67\x13\x54\x3a\x3b\x2b\xd1\xa7\x27\x7a\x48\x29\xc4\xec\xb4\x9a\x31\xce\x6a\x42\x0f\xa6\xd7\x68\x98\x20\xd3\x59\x9e\x34\xbf\xea\xad\xe4\x57\x7d\xb1\x79\xf4\xd9\xdb\x5a\x7a\xab\x6a\x91\x06\x96\x8e\xa5\xa3\xcf\x14\x76\x29\xf6\x23\xbd\x46\xf2\x41\x8c\xbe\xf3\x81\x8d\x9d\x2a\x69\x06\x79\x03\x99\x7e\xab\x9a\x23\x65\xfc\x48\x3e\xe7\x52\x3c\xc1\x0c\xb2\xde\xf2\xb9\xfd\x7f\x5b\x0a\x52\x8b\xbf\x9b\x1c\x7d\x97\xff\xa6\x78\x63\xb4\x3a\xa4\x99\x70\xb4\x95\xe2\xa9\x16\x80\x19\x93\xfd\xc7\x7f\xcf\xe8\x7b\xc8\x26\x7d\x38\x09\xc7\x7f\x5c\x9e\x6e\xc3\x81\xac\x00\x80\x85\x8d\x0d\xd5\xa5\x72\x9d\x6f\x99\x42\xe4\x04\x90\x1d\x84\x40\xae\x70\xfb\x8c\x1e\x9b\x75\x11\xc0\x65\xe2\xbe\xc4\x5b\x14\x7b\x2a\x71\xce\x32\x93\x4f\xfb\xe3\x57\x9d\x47\xab\x16\xf3\xfd\xf1\xeb\x4d\x69\xb2\xee\xca\x36\x54\x75\x5a\xb9\x2a\x57\xca\xd6\x12\x4b\x9a\xa1\x7b\x0a\x4f\x41\xa2\x6d\x11\xdc\x69\x84\xa9\x60\x6b\x86\x1c\xf5\xc4\xed\xdd\xf0\x71\x8d\x4c\xda\x96\xf5\xda\x2d\xe4\xaf\xd1\x45\xdd\xf2\x4a\x07\xb3\xd2\x35\xbe\xa8\x75\x2d\xd2\xa4\x7e\x05\x00\x00\xff\xff\x6f\x53\x96\xcd\xa4\x03\x00\x00")
+
+func route_twirp_eclier_tokens_getLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_tokens_getLua,
+		"route_twirp_eclier_tokens_get.lua",
+	)
+}
+
+func route_twirp_eclier_tokens_getLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_tokens_getLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_tokens_get.lua", size: 932, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_tokens_get_allLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x5c\x52\x4d\x6f\xdd\x20\x10\xbc\xf3\x2b\x46\x9c\x6c\xa9\xb6\x5e\x0f\xbd\x3c\xc9\xa7\x26\x87\x4a\x55\x22\x55\xe9\xa9\x89\x22\xc2\x5b\xdb\x28\x0e\xb8\xcb\xe2\xa4\xff\xbe\x02\xde\x57\x7b\x83\x9d\xd9\xdd\x19\x86\xae\xc3\xd7\x70\x20\x4c\xe4\x89\x8d\xd0\x01\x2f\x7f\xb0\x72\x90\x60\xbb\x89\x7c\x27\xef\x8e\xd7\x67\xb2\x8b\x23\xc6\xf6\xa5\xdf\xf5\xbb\x9b\x7b\xdc\xdd\x3f\xe0\xf6\xe6\xdb\x83\xea\x3a\xc4\x90\xd8\xd2\x1e\x1c\x92\x50\x5f\x5a\x95\x8a\x96\xdd\x2a\xfd\x46\xfc\x82\x01\x5a\xc2\x2b\xf9\xb8\x9f\x48\x9e\xcd\xb2\xe8\x13\x3c\xd3\xb2\x66\xf8\xf6\x83\x6c\x12\x8a\x78\x23\x99\xc3\x01\x47\x1e\x82\x47\x24\xde\x9c\x25\xd4\x09\x18\x03\xa3\x48\xc2\x6a\xec\xab\x99\x08\x1f\x94\x29\x7d\x8a\x7d\x15\x50\x89\xe7\x15\x26\xc9\x1c\x38\x2f\x79\x33\x76\x76\x9e\xba\xb3\x53\x7d\xa5\x32\xba\xe0\x33\xa9\x3a\x3c\x23\x29\xe6\x15\x03\xb4\x56\x6a\x09\xd6\x2c\x18\x17\x33\x61\x00\xd3\xef\xe4\x98\xa0\xf3\x5d\x1f\xb1\xb8\xd9\x6b\x28\x6e\xf6\xd2\x16\x31\x94\xde\xde\xd3\x7b\xd3\xaa\xfc\x70\xf9\x5a\x1d\xdd\xb9\x45\xfd\xbf\x72\x8c\xfb\x72\xcc\xe4\x31\x79\x2b\x59\x21\x27\xdf\x18\x9e\x5a\x05\xb8\x11\x86\xa7\x5f\x9f\x9f\x30\x0c\xd0\x5d\x7e\x4a\x8d\xc0\xff\x14\x8f\x55\x99\xc9\x2b\x00\x58\xd9\x79\x69\x2e\x93\xdb\x52\x65\x92\xc4\x99\x40\xfe\xa0\x14\xca\x84\xdd\x13\x06\x5c\x85\xa8\x80\x8b\xff\x58\xe5\xad\x86\x23\x55\x39\x67\x98\x29\xe6\x44\xe3\x66\x8b\x51\xb3\xba\x9f\x3f\xbe\x7f\xaa\xe9\xb5\xfb\x9a\x4d\xd3\x9e\x3e\x42\x53\xa6\x95\xf6\x2a\xed\xf4\x51\x1e\xe5\x51\x34\xfa\x1e\x12\xa2\xb0\xf3\x53\x93\x07\x1f\xb3\x6d\x5b\x95\x95\xfe\x0d\x00\x00\xff\xff\xe9\x8f\x90\xdc\xba\x02\x00\x00")
+
+func route_twirp_eclier_tokens_get_allLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_tokens_get_allLua,
+		"route_twirp_eclier_tokens_get_all.lua",
+	)
+}
+
+func route_twirp_eclier_tokens_get_allLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_tokens_get_allLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_tokens_get_all.lua", size: 698, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+var _route_twirp_eclier_tokens_putLua = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x7c\x92\x41\x6b\xdc\x30\x10\x85\xef\xfa\x15\x0f\x9d\x6c\x88\x4d\x7a\xe8\xc5\xe0\x53\x93\x43\xa1\x34\x50\xd2\x53\x13\x8a\x56\x1e\x7b\x45\xbc\x92\xab\x91\x9c\xe4\xdf\x17\x49\xee\xae\x5b\xd8\x1e\x16\xd6\x7a\xdf\x1b\x3d\xcd\x4c\xd3\xe0\x93\x1b\x08\x13\x59\xf2\x2a\xd0\x80\xc3\x3b\x16\xef\x82\xd3\xcd\x44\xb6\x09\xaf\xc6\x2f\x3f\x49\xcf\x86\x3c\xd6\x8f\xed\x6d\x7b\x7b\xf7\x80\xaf\x0f\x8f\xb8\xbf\xfb\xfc\x28\x9a\x06\xec\xa2\xd7\xd4\xc1\xbb\x18\xa8\xcd\x56\x21\x58\x7b\xb3\x84\x76\x25\x7f\x40\x0f\x19\xdc\x0b\x59\xee\x96\x18\xe4\x1f\xe9\x48\xf3\x92\xa4\xfb\x37\xd2\x31\x10\xe3\x44\xe1\xe8\x06\x2c\x31\xc0\x59\x30\xf9\xd5\x68\x42\x71\x62\x74\x1e\x39\x0a\x16\xa5\x5f\xd4\x44\x78\xa3\x84\xb4\x91\xdb\x72\x71\x01\xcf\xe5\x55\x0c\x47\xe7\xd3\x05\x27\xa5\x8f\xc6\x52\x73\x7e\xa1\xdc\xa5\x63\xe3\x6c\x82\xca\xcb\xce\x4a\xe4\x74\x45\x0f\x29\x85\x98\x9d\x56\x33\xc6\x59\x4d\xe8\xe1\xe9\x57\x34\x9e\x20\xd3\xb7\xdc\x34\x5e\xf5\x5e\xe2\x55\x5f\x6c\x8c\x3e\x7b\x5b\x4b\xaf\x55\x2d\x52\xc3\xd2\x67\x79\xd1\x63\xca\x2c\x46\xee\x38\x78\x63\xa7\x4a\x9a\x41\xde\x40\xa6\xdf\xaa\xe6\x48\x19\x3a\x11\xe7\x34\xca\x4f\x30\x83\xac\xf7\xfc\xc1\x0d\xef\xff\x77\x64\x62\xe7\xe1\x4a\xb2\x76\x0b\xf1\x75\xcb\xa6\x67\xd3\xc1\xb9\xb9\x92\x4a\x07\xb3\x92\xbc\xc1\xa8\x66\xa6\xab\xc6\x0d\xab\xc5\xbf\x6d\x1c\xb9\xcb\x7f\x53\x03\xc6\x68\x75\x48\x5d\xf7\xd1\x56\xca\x4f\xb5\x00\xcc\x98\xfc\x3f\x3e\x3c\xa3\xef\x21\x9b\xb4\x1a\x12\xce\xff\x75\xb8\x9d\x86\x23\x59\x01\x00\x8b\x37\x36\x54\x97\xca\x75\x3e\xf5\x14\xa2\x4f\x00\xd9\x41\x08\xe4\x0a\xb7\xcf\xe8\xb1\x5b\x48\x01\x5c\x66\xca\x25\xde\xa2\x3c\x53\x89\x73\x96\x3d\x71\xda\x50\x5e\x75\x1e\x9e\x5a\xcc\xf7\x6f\x5f\x6e\xca\x46\xd6\x5d\xd9\xb7\xaa\x4e\x4b\x5d\xe5\x4a\xd9\x5a\x62\x49\x33\x74\x4f\xe1\x29\x48\xb4\x2d\x82\xdb\xc6\x95\x0a\xb6\x66\xc8\x51\x37\x2e\x8d\xe7\x1a\x99\xb4\x3d\x5b\xe6\x72\x8d\x2e\xea\x9e\x2f\xe3\xb8\xc6\x17\xb5\xae\x45\xea\xd4\xef\x00\x00\x00\xff\xff\x38\x3f\xda\x56\x06\x04\x00\x00")
+
+func route_twirp_eclier_tokens_putLuaBytes() ([]byte, error) {
+	return bindataRead(
+		_route_twirp_eclier_tokens_putLua,
+		"route_twirp_eclier_tokens_put.lua",
+	)
+}
+
+func route_twirp_eclier_tokens_putLua() (*asset, error) {
+	bytes, err := route_twirp_eclier_tokens_putLuaBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "route_twirp_eclier_tokens_put.lua", size: 1030, mode: os.FileMode(420), modTime: time.Unix(1516605524, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
+// Asset loads and returns the asset for the given name.
+// It returns an error if the asset could not be found or
+// could not be loaded.
+func Asset(name string) ([]byte, error) {
+	cannonicalName := strings.Replace(name, "\\", "/", -1)
+	if f, ok := _bindata[cannonicalName]; ok {
+		a, err := f()
+		if err != nil {
+			return nil, fmt.Errorf("Asset %s can't read by error: %v", name, err)
+		}
+		return a.bytes, nil
+	}
+	return nil, fmt.Errorf("Asset %s not found", name)
+}
+
+// MustAsset is like Asset but panics when Asset would return an error.
+// It simplifies safe initialization of global variables.
+func MustAsset(name string) []byte {
+	a, err := Asset(name)
+	if err != nil {
+		panic("asset: Asset(" + name + "): " + err.Error())
+	}
+
+	return a
+}
+
+// AssetInfo loads and returns the asset info for the given name.
+// It returns an error if the asset could not be found or
+// could not be loaded.
+func AssetInfo(name string) (os.FileInfo, error) {
+	cannonicalName := strings.Replace(name, "\\", "/", -1)
+	if f, ok := _bindata[cannonicalName]; ok {
+		a, err := f()
+		if err != nil {
+			return nil, fmt.Errorf("AssetInfo %s can't read by error: %v", name, err)
+		}
+		return a.info, nil
+	}
+	return nil, fmt.Errorf("AssetInfo %s not found", name)
+}
+
+// AssetNames returns the names of the assets.
+func AssetNames() []string {
+	names := make([]string, 0, len(_bindata))
+	for name := range _bindata {
+		names = append(names, name)
+	}
+	return names
+}
+
+// _bindata is a table, holding each asset generator, mapped to its name.
+var _bindata = map[string]func() (*asset, error){
+	"route_twirp_eclier_backends_kill.lua": route_twirp_eclier_backends_killLua,
+	"route_twirp_eclier_backends_list.lua": route_twirp_eclier_backends_listLua,
+	"route_twirp_eclier_routes_delete.lua": route_twirp_eclier_routes_deleteLua,
+	"route_twirp_eclier_routes_get.lua": route_twirp_eclier_routes_getLua,
+	"route_twirp_eclier_routes_get_all.lua": route_twirp_eclier_routes_get_allLua,
+	"route_twirp_eclier_routes_put.lua": route_twirp_eclier_routes_putLua,
+	"route_twirp_eclier_tokens_deactivate.lua": route_twirp_eclier_tokens_deactivateLua,
+	"route_twirp_eclier_tokens_delete.lua": route_twirp_eclier_tokens_deleteLua,
+	"route_twirp_eclier_tokens_get.lua": route_twirp_eclier_tokens_getLua,
+	"route_twirp_eclier_tokens_get_all.lua": route_twirp_eclier_tokens_get_allLua,
+	"route_twirp_eclier_tokens_put.lua": route_twirp_eclier_tokens_putLua,
+}
+
+// AssetDir returns the file names below a certain
+// directory embedded in the file by go-bindata.
+// For example if you run go-bindata on data/... and data contains the
+// following hierarchy:
+//     data/
+//       foo.txt
+//       img/
+//         a.png
+//         b.png
+// then AssetDir("data") would return []string{"foo.txt", "img"}
+// AssetDir("data/img") would return []string{"a.png", "b.png"}
+// AssetDir("foo.txt") and AssetDir("notexist") would return an error
+// AssetDir("") will return []string{"data"}.
+func AssetDir(name string) ([]string, error) {
+	node := _bintree
+	if len(name) != 0 {
+		cannonicalName := strings.Replace(name, "\\", "/", -1)
+		pathList := strings.Split(cannonicalName, "/")
+		for _, p := range pathList {
+			node = node.Children[p]
+			if node == nil {
+				return nil, fmt.Errorf("Asset %s not found", name)
+			}
+		}
+	}
+	if node.Func != nil {
+		return nil, fmt.Errorf("Asset %s not found", name)
+	}
+	rv := make([]string, 0, len(node.Children))
+	for childName := range node.Children {
+		rv = append(rv, childName)
+	}
+	return rv, nil
+}
+
+type bintree struct {
+	Func     func() (*asset, error)
+	Children map[string]*bintree
+}
+var _bintree = &bintree{nil, map[string]*bintree{
+	"route_twirp_eclier_backends_kill.lua": &bintree{route_twirp_eclier_backends_killLua, map[string]*bintree{}},
+	"route_twirp_eclier_backends_list.lua": &bintree{route_twirp_eclier_backends_listLua, map[string]*bintree{}},
+	"route_twirp_eclier_routes_delete.lua": &bintree{route_twirp_eclier_routes_deleteLua, map[string]*bintree{}},
+	"route_twirp_eclier_routes_get.lua": &bintree{route_twirp_eclier_routes_getLua, map[string]*bintree{}},
+	"route_twirp_eclier_routes_get_all.lua": &bintree{route_twirp_eclier_routes_get_allLua, map[string]*bintree{}},
+	"route_twirp_eclier_routes_put.lua": &bintree{route_twirp_eclier_routes_putLua, map[string]*bintree{}},
+	"route_twirp_eclier_tokens_deactivate.lua": &bintree{route_twirp_eclier_tokens_deactivateLua, map[string]*bintree{}},
+	"route_twirp_eclier_tokens_delete.lua": &bintree{route_twirp_eclier_tokens_deleteLua, map[string]*bintree{}},
+	"route_twirp_eclier_tokens_get.lua": &bintree{route_twirp_eclier_tokens_getLua, map[string]*bintree{}},
+	"route_twirp_eclier_tokens_get_all.lua": &bintree{route_twirp_eclier_tokens_get_allLua, map[string]*bintree{}},
+	"route_twirp_eclier_tokens_put.lua": &bintree{route_twirp_eclier_tokens_putLua, map[string]*bintree{}},
+}}
+
+// RestoreAsset restores an asset under the given directory
+func RestoreAsset(dir, name string) error {
+	data, err := Asset(name)
+	if err != nil {
+		return err
+	}
+	info, err := AssetInfo(name)
+	if err != nil {
+		return err
+	}
+	err = os.MkdirAll(_filePath(dir, filepath.Dir(name)), os.FileMode(0755))
+	if err != nil {
+		return err
+	}
+	err = ioutil.WriteFile(_filePath(dir, name), data, info.Mode())
+	if err != nil {
+		return err
+	}
+	err = os.Chtimes(_filePath(dir, name), info.ModTime(), info.ModTime())
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// RestoreAssets restores an asset under the given directory recursively
+func RestoreAssets(dir, name string) error {
+	children, err := AssetDir(name)
+	// File
+	if err != nil {
+		return RestoreAsset(dir, name)
+	}
+	// Dir
+	for _, child := range children {
+		err = RestoreAssets(dir, filepath.Join(name, child))
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func _filePath(dir, name string) string {
+	cannonicalName := strings.Replace(name, "\\", "/", -1)
+	return filepath.Join(append([]string{dir}, strings.Split(cannonicalName, "/")...)...)
+}
+

proto/eclier/route_twirp_eclier_backends_kill.lua

@@ -0,0 +1,31 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "backends:kill"
+script.help = "Executes method kill on service backends for twirp package xeserv.us.route.backends"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for BackendId
+fs:string("id", "", "value for message arg id")
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):backends():kill(flags)
+
+end

proto/eclier/route_twirp_eclier_backends_list.lua

@@ -0,0 +1,34 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "backends:list"
+script.help = "Executes method list on service backends for twirp package xeserv.us.route.backends"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for BackendSelector
+fs:string("domain", "", "value for message arg domain")
+fs:string("user", "", "value for message arg user")
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):backends():list(flags)
+
+  print("bs:\t\t" .. tostring(resp.bs))
+  print("backends:\t\t" .. tostring(resp.backends))
+end

proto/eclier/route_twirp_eclier_routes_delete.lua

@@ -0,0 +1,33 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "routes:delete"
+script.help = "Executes method delete on service routes for twirp package xeserv.us.route.routes"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for Route
+fs:string("id", "", "value for message arg id")
+fs:string("creator", "", "value for message arg creator")
+fs:string("host", "", "value for message arg host")
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):routes():delete(flags)
+
+end

proto/eclier/route_twirp_eclier_routes_get.lua

@@ -0,0 +1,35 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "routes:get"
+script.help = "Executes method get on service routes for twirp package xeserv.us.route.routes"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for GetRouteRequest
+fs:string("unused", "", "value for message arg unused")
+fs:string("id", "", "value for message arg id")
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):routes():get(flags)
+
+  print("id:\t\t" .. tostring(resp.id))
+  print("creator:\t\t" .. tostring(resp.creator))
+  print("host:\t\t" .. tostring(resp.host))
+end

proto/eclier/route_twirp_eclier_routes_get_all.lua

@@ -0,0 +1,31 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "routes:get_all"
+script.help = "Executes method get_all on service routes for twirp package xeserv.us.route.routes"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for Nil
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):routes():get_all(flags)
+
+  print("routes:\t\t" .. tostring(resp.routes))
+end

proto/eclier/route_twirp_eclier_routes_put.lua

@@ -0,0 +1,36 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "routes:put"
+script.help = "Executes method put on service routes for twirp package xeserv.us.route.routes"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for Route
+fs:string("host", "", "value for message arg host")
+fs:string("id", "", "value for message arg id")
+fs:string("creator", "", "value for message arg creator")
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):routes():put(flags)
+
+  print("id:\t\t" .. tostring(resp.id))
+  print("creator:\t\t" .. tostring(resp.creator))
+  print("host:\t\t" .. tostring(resp.host))
+end

proto/eclier/route_twirp_eclier_tokens_deactivate.lua

@@ -0,0 +1,34 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "tokens:deactivate"
+script.help = "Executes method deactivate on service tokens for twirp package xeserv.us.route.tokens"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for Token
+fs:bool("active", false, "value for message arg active")
+fs:string("id", "", "value for message arg id")
+fs:string("body", "", "value for message arg body")
+fs:strings("scopes", "value for message arg scopes")
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):tokens():deactivate(flags)
+
+end

proto/eclier/route_twirp_eclier_tokens_delete.lua

@@ -0,0 +1,34 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "tokens:delete"
+script.help = "Executes method delete on service tokens for twirp package xeserv.us.route.tokens"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for Token
+fs:string("id", "", "value for message arg id")
+fs:string("body", "", "value for message arg body")
+fs:strings("scopes", "value for message arg scopes")
+fs:bool("active", false, "value for message arg active")
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):tokens():delete(flags)
+
+end

proto/eclier/route_twirp_eclier_tokens_get.lua

@@ -0,0 +1,36 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "tokens:get"
+script.help = "Executes method get on service tokens for twirp package xeserv.us.route.tokens"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for GetTokenRequest
+fs:string("id", "", "value for message arg id")
+fs:string("token", "", "value for message arg token")
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):tokens():get(flags)
+
+  print("id:\t\t" .. tostring(resp.id))
+  print("body:\t\t" .. tostring(resp.body))
+  print("scopes:\t\t" .. tostring(resp.scopes))
+  print("active:\t\t" .. tostring(resp.active))
+end

proto/eclier/route_twirp_eclier_tokens_get_all.lua

@@ -0,0 +1,31 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "tokens:get_all"
+script.help = "Executes method get_all on service tokens for twirp package xeserv.us.route.tokens"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for Nil
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):tokens():get_all(flags)
+
+  print("tokens:\t\t" .. tostring(resp.tokens))
+end

proto/eclier/route_twirp_eclier_tokens_put.lua

@@ -0,0 +1,38 @@
+-- Code generated by protoc-gen-twirp_eclier v5.0.0DO NOT EDIT
+-- source: route.proto
+
+script.verb = "tokens:put"
+script.help = "Executes method put on service tokens for twirp package xeserv.us.route.tokens"
+script.author = "machine-generated"
+script.version = "v5.0.0"
+script.usage = ""
+
+local flag = require "flag"
+local svc = require "svc"
+
+local fs = flag.new()
+
+-- flags for Token
+fs:string("id", "", "value for message arg id")
+fs:string("body", "", "value for message arg body")
+fs:strings("scopes", "value for message arg scopes")
+fs:bool("active", false, "value for message arg active")
+
+script.usage = fs:usage()
+
+function run(arg)
+  if arg[1] == "-help" or arg[1] == "--help" then
+    print(fs:usage())
+    return
+  end
+
+  arg[0] = script.verb
+  local flags = fs:parse(arg)
+
+  local resp = svc.new(apiURL, token):tokens():put(flags)
+
+  print("id:\t\t" .. tostring(resp.id))
+  print("body:\t\t" .. tostring(resp.body))
+  print("scopes:\t\t" .. tostring(resp.scopes))
+  print("active:\t\t" .. tostring(resp.active))
+end

proto/regen.sh

@@ -1,19 +1,7 @@
 #!/bin/bash
 
-protoc -I/usr/local/include -I. \
-  -I$GOPATH/src \
-  -I$GOPATH/src/github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis \
-  --go_out=Mgoogle/api/annotations.proto=github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis/google/api,plugins=grpc:. \
+protoc -I. \
+  --go_out=:. \
+  --twirp_out=. \
+  --twirp_eclier_out=./eclier \
   route.proto
-
-#  protoc -I/usr/local/include -I. \
-#   -I$GOPATH/src \
-#   -I$GOPATH/src/github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis \
-#   --grpc-gateway_out=logtostderr=true:. \
-#   route.proto
-
-# protoc -I/usr/local/include -I. \
-#   -I$GOPATH/src \
-#   -I$GOPATH/src/github.com/grpc-ecosystem/grpc-gateway/third_party/googleapis \
-#   --swagger_out=logtostderr=true:. \
-#   route.proto

proto/route.pb.go

@@ -2,7 +2,7 @@
 // source: route.proto
 
 /*
-Package route is a generated protocol buffer package.
+Package proto is a generated protocol buffer package.
 
 It is generated from these files:
 	route.proto
@@ -20,19 +20,14 @@ It has these top-level messages:
 	BackendSelector
 	BackendID
 */
-package route
+package proto
 
-import proto "github.com/golang/protobuf/proto"
+import proto1 "github.com/golang/protobuf/proto"
 import fmt "fmt"
 import math "math"
 
-import (
-	context "golang.org/x/net/context"
-	grpc "google.golang.org/grpc"
-)
-
 // Reference imports to suppress errors if they are not otherwise used.
-var _ = proto.Marshal
+var _ = proto1.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 
@@ -40,14 +35,14 @@ var _ = math.Inf
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+const _ = proto1.ProtoPackageIsVersion2 // please upgrade the proto package
 
 // Nil represents nothing.
 type Nil struct {
 }
 
 func (m *Nil) Reset()                    { *m = Nil{} }
-func (m *Nil) String() string            { return proto.CompactTextString(m) }
+func (m *Nil) String() string            { return proto1.CompactTextString(m) }
 func (*Nil) ProtoMessage()               {}
 func (*Nil) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} }
 
@@ -59,7 +54,7 @@ type GetRouteRequest struct {
 }
 
 func (m *GetRouteRequest) Reset()                    { *m = GetRouteRequest{} }
-func (m *GetRouteRequest) String() string            { return proto.CompactTextString(m) }
+func (m *GetRouteRequest) String() string            { return proto1.CompactTextString(m) }
 func (*GetRouteRequest) ProtoMessage()               {}
 func (*GetRouteRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{1} }
 
@@ -85,7 +80,7 @@ type Route struct {
 }
 
 func (m *Route) Reset()                    { *m = Route{} }
-func (m *Route) String() string            { return proto.CompactTextString(m) }
+func (m *Route) String() string            { return proto1.CompactTextString(m) }
 func (*Route) ProtoMessage()               {}
 func (*Route) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{2} }
 
@@ -116,7 +111,7 @@ type GetAllRoutesResponse struct {
 }
 
 func (m *GetAllRoutesResponse) Reset()                    { *m = GetAllRoutesResponse{} }
-func (m *GetAllRoutesResponse) String() string            { return proto.CompactTextString(m) }
+func (m *GetAllRoutesResponse) String() string            { return proto1.CompactTextString(m) }
 func (*GetAllRoutesResponse) ProtoMessage()               {}
 func (*GetAllRoutesResponse) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{3} }
 
@@ -137,7 +132,7 @@ type Token struct {
 }
 
 func (m *Token) Reset()                    { *m = Token{} }
-func (m *Token) String() string            { return proto.CompactTextString(m) }
+func (m *Token) String() string            { return proto1.CompactTextString(m) }
 func (*Token) ProtoMessage()               {}
 func (*Token) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{4} }
 
@@ -175,7 +170,7 @@ type TokenSet struct {
 }
 
 func (m *TokenSet) Reset()                    { *m = TokenSet{} }
-func (m *TokenSet) String() string            { return proto.CompactTextString(m) }
+func (m *TokenSet) String() string            { return proto1.CompactTextString(m) }
 func (*TokenSet) ProtoMessage()               {}
 func (*TokenSet) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{5} }
 
@@ -192,7 +187,7 @@ type GetTokenRequest struct {
 }
 
 func (m *GetTokenRequest) Reset()                    { *m = GetTokenRequest{} }
-func (m *GetTokenRequest) String() string            { return proto.CompactTextString(m) }
+func (m *GetTokenRequest) String() string            { return proto1.CompactTextString(m) }
 func (*GetTokenRequest) ProtoMessage()               {}
 func (*GetTokenRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{6} }
 
@@ -221,7 +216,7 @@ type Backend struct {
 }
 
 func (m *Backend) Reset()                    { *m = Backend{} }
-func (m *Backend) String() string            { return proto.CompactTextString(m) }
+func (m *Backend) String() string            { return proto1.CompactTextString(m) }
 func (*Backend) ProtoMessage()               {}
 func (*Backend) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{7} }
 
@@ -280,7 +275,7 @@ type BackendList struct {
 }
 
 func (m *BackendList) Reset()                    { *m = BackendList{} }
-func (m *BackendList) String() string            { return proto.CompactTextString(m) }
+func (m *BackendList) String() string            { return proto1.CompactTextString(m) }
 func (*BackendList) ProtoMessage()               {}
 func (*BackendList) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{8} }
 
@@ -304,7 +299,7 @@ type BackendSelector struct {
 }
 
 func (m *BackendSelector) Reset()                    { *m = BackendSelector{} }
-func (m *BackendSelector) String() string            { return proto.CompactTextString(m) }
+func (m *BackendSelector) String() string            { return proto1.CompactTextString(m) }
 func (*BackendSelector) ProtoMessage()               {}
 func (*BackendSelector) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{9} }
 
@@ -327,7 +322,7 @@ type BackendID struct {
 }
 
 func (m *BackendID) Reset()                    { *m = BackendID{} }
-func (m *BackendID) String() string            { return proto.CompactTextString(m) }
+func (m *BackendID) String() string            { return proto1.CompactTextString(m) }
 func (*BackendID) ProtoMessage()               {}
 func (*BackendID) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{10} }
 
@@ -339,528 +334,58 @@ func (m *BackendID) GetId() string {
 }
 
 func init() {
-	proto.RegisterType((*Nil)(nil), "route.Nil")
-	proto.RegisterType((*GetRouteRequest)(nil), "route.GetRouteRequest")
-	proto.RegisterType((*Route)(nil), "route.Route")
-	proto.RegisterType((*GetAllRoutesResponse)(nil), "route.GetAllRoutesResponse")
-	proto.RegisterType((*Token)(nil), "route.Token")
-	proto.RegisterType((*TokenSet)(nil), "route.TokenSet")
-	proto.RegisterType((*GetTokenRequest)(nil), "route.GetTokenRequest")
-	proto.RegisterType((*Backend)(nil), "route.Backend")
-	proto.RegisterType((*BackendList)(nil), "route.BackendList")
-	proto.RegisterType((*BackendSelector)(nil), "route.BackendSelector")
-	proto.RegisterType((*BackendID)(nil), "route.BackendID")
+	proto1.RegisterType((*Nil)(nil), "xeserv.us.route.Nil")
+	proto1.RegisterType((*GetRouteRequest)(nil), "xeserv.us.route.GetRouteRequest")
+	proto1.RegisterType((*Route)(nil), "xeserv.us.route.Route")
+	proto1.RegisterType((*GetAllRoutesResponse)(nil), "xeserv.us.route.GetAllRoutesResponse")
+	proto1.RegisterType((*Token)(nil), "xeserv.us.route.Token")
+	proto1.RegisterType((*TokenSet)(nil), "xeserv.us.route.TokenSet")
+	proto1.RegisterType((*GetTokenRequest)(nil), "xeserv.us.route.GetTokenRequest")
+	proto1.RegisterType((*Backend)(nil), "xeserv.us.route.Backend")
+	proto1.RegisterType((*BackendList)(nil), "xeserv.us.route.BackendList")
+	proto1.RegisterType((*BackendSelector)(nil), "xeserv.us.route.BackendSelector")
+	proto1.RegisterType((*BackendID)(nil), "xeserv.us.route.BackendID")
 }
 
-// Reference imports to suppress errors if they are not otherwise used.
-var _ context.Context
-var _ grpc.ClientConn
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the grpc package it is being compiled against.
-const _ = grpc.SupportPackageIsVersion4
-
-// Client API for Routes service
-
-type RoutesClient interface {
-	// Get fetches a single route based on the Host or ID.
-	Get(ctx context.Context, in *GetRouteRequest, opts ...grpc.CallOption) (*Route, error)
-	// GetAll fetches all of the routes that the user owns.
-	GetAll(ctx context.Context, in *Nil, opts ...grpc.CallOption) (*GetAllRoutesResponse, error)
-	// Put creates a new route based on user-supplied details.
-	Put(ctx context.Context, in *Route, opts ...grpc.CallOption) (*Route, error)
-	// Delete removes a route.
-	Delete(ctx context.Context, in *Route, opts ...grpc.CallOption) (*Nil, error)
-}
-
-type routesClient struct {
-	cc *grpc.ClientConn
-}
-
-func NewRoutesClient(cc *grpc.ClientConn) RoutesClient {
-	return &routesClient{cc}
-}
-
-func (c *routesClient) Get(ctx context.Context, in *GetRouteRequest, opts ...grpc.CallOption) (*Route, error) {
-	out := new(Route)
-	err := grpc.Invoke(ctx, "/route.Routes/Get", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *routesClient) GetAll(ctx context.Context, in *Nil, opts ...grpc.CallOption) (*GetAllRoutesResponse, error) {
-	out := new(GetAllRoutesResponse)
-	err := grpc.Invoke(ctx, "/route.Routes/GetAll", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *routesClient) Put(ctx context.Context, in *Route, opts ...grpc.CallOption) (*Route, error) {
-	out := new(Route)
-	err := grpc.Invoke(ctx, "/route.Routes/Put", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *routesClient) Delete(ctx context.Context, in *Route, opts ...grpc.CallOption) (*Nil, error) {
-	out := new(Nil)
-	err := grpc.Invoke(ctx, "/route.Routes/Delete", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-// Server API for Routes service
-
-type RoutesServer interface {
-	// Get fetches a single route based on the Host or ID.
-	Get(context.Context, *GetRouteRequest) (*Route, error)
-	// GetAll fetches all of the routes that the user owns.
-	GetAll(context.Context, *Nil) (*GetAllRoutesResponse, error)
-	// Put creates a new route based on user-supplied details.
-	Put(context.Context, *Route) (*Route, error)
-	// Delete removes a route.
-	Delete(context.Context, *Route) (*Nil, error)
-}
-
-func RegisterRoutesServer(s *grpc.Server, srv RoutesServer) {
-	s.RegisterService(&_Routes_serviceDesc, srv)
-}
-
-func _Routes_Get_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetRouteRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(RoutesServer).Get(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Routes/Get",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(RoutesServer).Get(ctx, req.(*GetRouteRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _Routes_GetAll_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Nil)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(RoutesServer).GetAll(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Routes/GetAll",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(RoutesServer).GetAll(ctx, req.(*Nil))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _Routes_Put_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Route)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(RoutesServer).Put(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Routes/Put",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(RoutesServer).Put(ctx, req.(*Route))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _Routes_Delete_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Route)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(RoutesServer).Delete(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Routes/Delete",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(RoutesServer).Delete(ctx, req.(*Route))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-var _Routes_serviceDesc = grpc.ServiceDesc{
-	ServiceName: "route.Routes",
-	HandlerType: (*RoutesServer)(nil),
-	Methods: []grpc.MethodDesc{
-		{
-			MethodName: "Get",
-			Handler:    _Routes_Get_Handler,
-		},
-		{
-			MethodName: "GetAll",
-			Handler:    _Routes_GetAll_Handler,
-		},
-		{
-			MethodName: "Put",
-			Handler:    _Routes_Put_Handler,
-		},
-		{
-			MethodName: "Delete",
-			Handler:    _Routes_Delete_Handler,
-		},
-	},
-	Streams:  []grpc.StreamDesc{},
-	Metadata: "route.proto",
-}
-
-// Client API for Tokens service
-
-type TokensClient interface {
-	Get(ctx context.Context, in *GetTokenRequest, opts ...grpc.CallOption) (*Token, error)
-	GetAll(ctx context.Context, in *Nil, opts ...grpc.CallOption) (*TokenSet, error)
-	Put(ctx context.Context, in *Token, opts ...grpc.CallOption) (*Token, error)
-	Delete(ctx context.Context, in *Token, opts ...grpc.CallOption) (*Nil, error)
-	Deactivate(ctx context.Context, in *Token, opts ...grpc.CallOption) (*Nil, error)
-}
-
-type tokensClient struct {
-	cc *grpc.ClientConn
-}
-
-func NewTokensClient(cc *grpc.ClientConn) TokensClient {
-	return &tokensClient{cc}
-}
-
-func (c *tokensClient) Get(ctx context.Context, in *GetTokenRequest, opts ...grpc.CallOption) (*Token, error) {
-	out := new(Token)
-	err := grpc.Invoke(ctx, "/route.Tokens/Get", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *tokensClient) GetAll(ctx context.Context, in *Nil, opts ...grpc.CallOption) (*TokenSet, error) {
-	out := new(TokenSet)
-	err := grpc.Invoke(ctx, "/route.Tokens/GetAll", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *tokensClient) Put(ctx context.Context, in *Token, opts ...grpc.CallOption) (*Token, error) {
-	out := new(Token)
-	err := grpc.Invoke(ctx, "/route.Tokens/Put", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *tokensClient) Delete(ctx context.Context, in *Token, opts ...grpc.CallOption) (*Nil, error) {
-	out := new(Nil)
-	err := grpc.Invoke(ctx, "/route.Tokens/Delete", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *tokensClient) Deactivate(ctx context.Context, in *Token, opts ...grpc.CallOption) (*Nil, error) {
-	out := new(Nil)
-	err := grpc.Invoke(ctx, "/route.Tokens/Deactivate", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-// Server API for Tokens service
-
-type TokensServer interface {
-	Get(context.Context, *GetTokenRequest) (*Token, error)
-	GetAll(context.Context, *Nil) (*TokenSet, error)
-	Put(context.Context, *Token) (*Token, error)
-	Delete(context.Context, *Token) (*Nil, error)
-	Deactivate(context.Context, *Token) (*Nil, error)
-}
-
-func RegisterTokensServer(s *grpc.Server, srv TokensServer) {
-	s.RegisterService(&_Tokens_serviceDesc, srv)
-}
-
-func _Tokens_Get_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetTokenRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(TokensServer).Get(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Tokens/Get",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(TokensServer).Get(ctx, req.(*GetTokenRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _Tokens_GetAll_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Nil)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(TokensServer).GetAll(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Tokens/GetAll",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(TokensServer).GetAll(ctx, req.(*Nil))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _Tokens_Put_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Token)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(TokensServer).Put(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Tokens/Put",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(TokensServer).Put(ctx, req.(*Token))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _Tokens_Delete_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Token)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(TokensServer).Delete(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Tokens/Delete",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(TokensServer).Delete(ctx, req.(*Token))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _Tokens_Deactivate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(Token)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(TokensServer).Deactivate(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Tokens/Deactivate",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(TokensServer).Deactivate(ctx, req.(*Token))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-var _Tokens_serviceDesc = grpc.ServiceDesc{
-	ServiceName: "route.Tokens",
-	HandlerType: (*TokensServer)(nil),
-	Methods: []grpc.MethodDesc{
-		{
-			MethodName: "Get",
-			Handler:    _Tokens_Get_Handler,
-		},
-		{
-			MethodName: "GetAll",
-			Handler:    _Tokens_GetAll_Handler,
-		},
-		{
-			MethodName: "Put",
-			Handler:    _Tokens_Put_Handler,
-		},
-		{
-			MethodName: "Delete",
-			Handler:    _Tokens_Delete_Handler,
-		},
-		{
-			MethodName: "Deactivate",
-			Handler:    _Tokens_Deactivate_Handler,
-		},
-	},
-	Streams:  []grpc.StreamDesc{},
-	Metadata: "route.proto",
-}
-
-// Client API for Backends service
-
-type BackendsClient interface {
-	List(ctx context.Context, in *BackendSelector, opts ...grpc.CallOption) (*BackendList, error)
-	Kill(ctx context.Context, in *BackendID, opts ...grpc.CallOption) (*Nil, error)
-}
-
-type backendsClient struct {
-	cc *grpc.ClientConn
-}
-
-func NewBackendsClient(cc *grpc.ClientConn) BackendsClient {
-	return &backendsClient{cc}
-}
-
-func (c *backendsClient) List(ctx context.Context, in *BackendSelector, opts ...grpc.CallOption) (*BackendList, error) {
-	out := new(BackendList)
-	err := grpc.Invoke(ctx, "/route.Backends/List", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *backendsClient) Kill(ctx context.Context, in *BackendID, opts ...grpc.CallOption) (*Nil, error) {
-	out := new(Nil)
-	err := grpc.Invoke(ctx, "/route.Backends/Kill", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-// Server API for Backends service
-
-type BackendsServer interface {
-	List(context.Context, *BackendSelector) (*BackendList, error)
-	Kill(context.Context, *BackendID) (*Nil, error)
-}
-
-func RegisterBackendsServer(s *grpc.Server, srv BackendsServer) {
-	s.RegisterService(&_Backends_serviceDesc, srv)
-}
-
-func _Backends_List_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(BackendSelector)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(BackendsServer).List(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Backends/List",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(BackendsServer).List(ctx, req.(*BackendSelector))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _Backends_Kill_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(BackendID)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(BackendsServer).Kill(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/route.Backends/Kill",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(BackendsServer).Kill(ctx, req.(*BackendID))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-var _Backends_serviceDesc = grpc.ServiceDesc{
-	ServiceName: "route.Backends",
-	HandlerType: (*BackendsServer)(nil),
-	Methods: []grpc.MethodDesc{
-		{
-			MethodName: "List",
-			Handler:    _Backends_List_Handler,
-		},
-		{
-			MethodName: "Kill",
-			Handler:    _Backends_Kill_Handler,
-		},
-	},
-	Streams:  []grpc.StreamDesc{},
-	Metadata: "route.proto",
-}
-
-func init() { proto.RegisterFile("route.proto", fileDescriptor0) }
+func init() { proto1.RegisterFile("route.proto", fileDescriptor0) }
 
 var fileDescriptor0 = []byte{
-	// 556 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x53, 0xd1, 0x6a, 0xdb, 0x4a,
-	0x10, 0xb5, 0x24, 0x4b, 0xb1, 0xc7, 0x97, 0x38, 0x0c, 0x26, 0x08, 0xe7, 0xc5, 0xec, 0x0d, 0xa9,
-	0x29, 0x34, 0x14, 0xa7, 0x50, 0x0a, 0xed, 0x43, 0x8b, 0x8b, 0x09, 0x2d, 0xa1, 0xc8, 0x7d, 0xeb,
-	0x93, 0x64, 0x0d, 0x58, 0x44, 0xf5, 0xba, 0xda, 0x55, 0xa1, 0x9f, 0xd2, 0x2f, 0xe9, 0x97, 0xf4,
-	0x7f, 0xca, 0xce, 0xae, 0x63, 0xcb, 0x4a, 0xfb, 0x36, 0x33, 0x67, 0x76, 0x74, 0xce, 0xcc, 0x11,
-	0x0c, 0x2a, 0x59, 0x6b, 0xba, 0xde, 0x56, 0x52, 0x4b, 0x0c, 0x39, 0x11, 0x21, 0x04, 0x77, 0x45,
-	0x29, 0x5e, 0xc1, 0x70, 0x41, 0x3a, 0x31, 0xa5, 0x84, 0xbe, 0xd5, 0xa4, 0x34, 0x9e, 0x43, 0x54,
-	0x6f, 0x6a, 0x45, 0x79, 0xec, 0x4d, 0xbc, 0x69, 0x3f, 0x71, 0x19, 0x9e, 0x82, 0x5f, 0xe4, 0xb1,
-	0xcf, 0x35, 0xbf, 0xc8, 0xc5, 0x7b, 0x08, 0xf9, 0x9d, 0x03, 0xbc, 0x1d, 0x80, 0x31, 0x9c, 0xac,
-	0x2a, 0x4a, 0xb5, 0xac, 0x5c, 0xf7, 0x2e, 0x45, 0x84, 0xee, 0x5a, 0x2a, 0x1d, 0x07, 0x5c, 0xe6,
-	0x58, 0xbc, 0x86, 0xd1, 0x82, 0xf4, 0xdb, 0xb2, 0xe4, 0x61, 0x2a, 0x21, 0xb5, 0x95, 0x1b, 0x45,
-	0x78, 0x09, 0x11, 0x33, 0x55, 0xb1, 0x37, 0x09, 0xa6, 0x83, 0xd9, 0x7f, 0xd7, 0x56, 0x85, 0xe5,
-	0xea, 0x30, 0xf1, 0x05, 0xc2, 0xcf, 0xf2, 0x9e, 0x36, 0x2d, 0x12, 0x08, 0xdd, 0x4c, 0xe6, 0x3f,
-	0x1c, 0x03, 0x8e, 0x8d, 0x32, 0xb5, 0x92, 0x5b, 0x52, 0x71, 0x30, 0x09, 0x8c, 0x32, 0x9b, 0x99,
-	0x7a, 0xba, 0xd2, 0xc5, 0x77, 0x8a, 0xbb, 0x13, 0x6f, 0xda, 0x4b, 0x5c, 0x26, 0x9e, 0x43, 0x8f,
-	0x87, 0x2f, 0x49, 0x1b, 0x3a, 0xda, 0xc4, 0xc7, 0x74, 0xb8, 0x21, 0x71, 0x98, 0x78, 0xc9, 0xeb,
-	0xb4, 0x35, 0xb7, 0xce, 0x11, 0x84, 0x0c, 0x3a, 0x6e, 0x36, 0x69, 0x2d, 0xf3, 0xa7, 0x07, 0x27,
-	0xef, 0xd2, 0xd5, 0x3d, 0x6d, 0xf2, 0x96, 0x94, 0x11, 0x84, 0x7c, 0x3a, 0xd7, 0x6e, 0x13, 0x23,
-	0xb0, 0x56, 0x54, 0xed, 0x76, 0x69, 0x62, 0x23, 0x24, 0x97, 0x5f, 0xd3, 0x62, 0xc3, 0x42, 0xfa,
-	0x89, 0xcb, 0xf0, 0x0c, 0x82, 0xed, 0xba, 0x88, 0xc3, 0x89, 0x37, 0xf5, 0x13, 0x13, 0x3e, 0x5c,
-	0x22, 0xda, 0x5f, 0x82, 0x0f, 0xaf, 0xd2, 0xac, 0xa4, 0xf8, 0xc4, 0xae, 0xc1, 0x66, 0x22, 0x85,
-	0x81, 0xa3, 0xf6, 0xb1, 0x50, 0x1a, 0xaf, 0xc0, 0xcf, 0x14, 0xd3, 0x1b, 0xcc, 0xce, 0xdd, 0x16,
-	0x1c, 0xbe, 0xa4, 0x92, 0x56, 0x5a, 0x56, 0x89, 0x9f, 0x29, 0x7c, 0x0a, 0xbd, 0xcc, 0x96, 0x55,
-	0xec, 0xf3, 0xce, 0x4e, 0x9b, 0xdd, 0xc9, 0x03, 0x2e, 0xde, 0xc0, 0xf0, 0x68, 0xc4, 0x81, 0x16,
-	0xaf, 0xa1, 0x65, 0xa7, 0xdb, 0xdf, 0xeb, 0x16, 0x17, 0xd0, 0x77, 0xcf, 0x6f, 0xe7, 0xc7, 0xeb,
-	0x9b, 0xfd, 0xf2, 0x20, 0xb2, 0xde, 0xc2, 0x67, 0x10, 0x2c, 0x48, 0xe3, 0x8e, 0xf5, 0x91, 0xf3,
-	0xc7, 0x0d, 0x8b, 0x89, 0x0e, 0xde, 0x40, 0x64, 0xad, 0x89, 0xe0, 0x90, 0xbb, 0xa2, 0x1c, 0x5f,
-	0xec, 0x5f, 0xb7, 0x5c, 0x2b, 0x3a, 0xf8, 0x3f, 0x04, 0x9f, 0x6a, 0x8d, 0x8d, 0x59, 0xad, 0xc9,
-	0x97, 0x10, 0xcd, 0xa9, 0x24, 0x4d, 0x47, 0x7d, 0x07, 0xdf, 0x11, 0x9d, 0xd9, 0x6f, 0x0f, 0x22,
-	0xf6, 0xd2, 0x63, 0xcc, 0x0f, 0x4d, 0x36, 0x6e, 0xb8, 0x51, 0x74, 0xf0, 0xc9, 0xa3, 0xcc, 0x87,
-	0x87, 0x5d, 0x4b, 0xd2, 0x6d, 0xb6, 0x8c, 0xb4, 0xa6, 0xb5, 0xd9, 0xda, 0xbe, 0x06, 0x5b, 0x9c,
-	0x02, 0xcc, 0x89, 0xff, 0x9c, 0xf4, 0xdf, 0x9d, 0xb3, 0x35, 0xf4, 0xdc, 0xb9, 0x14, 0xbe, 0x80,
-	0x2e, 0xbb, 0xea, 0x2f, 0x4e, 0x1a, 0x63, 0xb3, 0x6e, 0x7a, 0x45, 0x07, 0xaf, 0xa0, 0xfb, 0xa1,
-	0x28, 0x4b, 0x3c, 0x6b, 0xa2, 0xb7, 0xf3, 0xe6, 0x97, 0xb2, 0x88, 0xff, 0x95, 0x9b, 0x3f, 0x01,
-	0x00, 0x00, 0xff, 0xff, 0x48, 0xf0, 0xaf, 0x88, 0x02, 0x05, 0x00, 0x00,
+	// 579 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x54, 0xc1, 0x6e, 0xd3, 0x40,
+	0x10, 0x8d, 0xed, 0xd8, 0x49, 0x27, 0x12, 0x41, 0xa3, 0xa8, 0x32, 0x81, 0x83, 0xb5, 0x12, 0x52,
+	0x4e, 0x16, 0x0a, 0x48, 0x85, 0x02, 0x87, 0x56, 0x81, 0x50, 0x81, 0x2a, 0xe4, 0x70, 0x82, 0x93,
+	0x1d, 0x8f, 0x54, 0xab, 0x26, 0x0e, 0xde, 0x75, 0x05, 0x5f, 0xc0, 0x95, 0x2b, 0x9f, 0xc2, 0xdf,
+	0x21, 0xcf, 0x6e, 0xda, 0x12, 0xc7, 0xa9, 0x38, 0x65, 0x66, 0xf6, 0xcd, 0xfa, 0xbd, 0xb7, 0x33,
+	0x81, 0x41, 0x59, 0x54, 0x8a, 0xc2, 0x75, 0x59, 0xa8, 0x02, 0x87, 0xdf, 0x49, 0x52, 0x79, 0x15,
+	0x56, 0x32, 0xe4, 0xb2, 0x70, 0xc1, 0x39, 0xcf, 0x72, 0xf1, 0x02, 0x86, 0x73, 0x52, 0x51, 0x5d,
+	0x8a, 0xe8, 0x5b, 0x45, 0x52, 0xe1, 0x21, 0x78, 0xd5, 0xaa, 0x92, 0x94, 0xfa, 0x56, 0x60, 0x4d,
+	0x0e, 0x22, 0x93, 0xe1, 0x3d, 0xb0, 0xb3, 0xd4, 0xb7, 0xb9, 0x66, 0x67, 0xa9, 0x78, 0x03, 0x2e,
+	0xf7, 0x99, 0x03, 0x6b, 0x73, 0x80, 0x3e, 0xf4, 0x96, 0x25, 0xc5, 0xaa, 0x28, 0x0d, 0x7a, 0x93,
+	0x22, 0x42, 0xf7, 0xa2, 0x90, 0xca, 0x77, 0xb8, 0xcc, 0xb1, 0x78, 0x0b, 0xa3, 0x39, 0xa9, 0x93,
+	0x3c, 0xe7, 0xcb, 0x64, 0x44, 0x72, 0x5d, 0xac, 0x24, 0x61, 0x08, 0x1e, 0x33, 0x95, 0xbe, 0x15,
+	0x38, 0x93, 0xc1, 0xf4, 0x30, 0xdc, 0x92, 0x10, 0x6a, 0xd6, 0x06, 0x25, 0xbe, 0x80, 0xfb, 0xa9,
+	0xb8, 0xa4, 0x55, 0x83, 0x0e, 0x42, 0x37, 0x29, 0xd2, 0x1f, 0x86, 0x0b, 0xc7, 0xb5, 0x46, 0xb9,
+	0x2c, 0xd6, 0x24, 0x7d, 0x27, 0x70, 0x6a, 0x8d, 0x3a, 0xab, 0xeb, 0xf1, 0x52, 0x65, 0x57, 0xe4,
+	0x77, 0x03, 0x6b, 0xd2, 0x8f, 0x4c, 0x26, 0x8e, 0xa1, 0xcf, 0x97, 0x2f, 0x48, 0xd5, 0xc4, 0x54,
+	0x1d, 0xb7, 0x13, 0x63, 0x68, 0x64, 0x50, 0xe2, 0x88, 0x2d, 0xd6, 0x35, 0x63, 0xf1, 0x08, 0x5c,
+	0x3e, 0x34, 0x2c, 0x75, 0xd2, 0x30, 0xf8, 0xb7, 0x05, 0xbd, 0xd3, 0x78, 0x79, 0x49, 0xab, 0xb4,
+	0x21, 0x6a, 0x04, 0x2e, 0x3f, 0xac, 0x81, 0xeb, 0xa4, 0x96, 0x5a, 0x49, 0x2a, 0x37, 0xfe, 0xd6,
+	0x71, 0x2d, 0x29, 0x2d, 0xbe, 0xc6, 0xd9, 0x8a, 0x25, 0x1d, 0x44, 0x26, 0xc3, 0xfb, 0xe0, 0xac,
+	0x2f, 0x32, 0xdf, 0x0d, 0xac, 0x89, 0x1d, 0xd5, 0xe1, 0xf5, 0xeb, 0x78, 0x37, 0xaf, 0xc3, 0xc3,
+	0x20, 0xe3, 0x24, 0x27, 0xbf, 0xa7, 0x0d, 0xd1, 0x99, 0xa8, 0x60, 0x60, 0xa8, 0x7d, 0xc8, 0xa4,
+	0xc2, 0x27, 0x60, 0x27, 0x92, 0xe9, 0x0d, 0xa6, 0x41, 0xc3, 0x0f, 0x83, 0x5c, 0x50, 0x4e, 0x4b,
+	0x55, 0x94, 0x91, 0x9d, 0x48, 0x7c, 0x06, 0xfd, 0x44, 0x97, 0xa5, 0x6f, 0xb3, 0x8f, 0x7e, 0x5b,
+	0x5f, 0x74, 0x8d, 0x14, 0xaf, 0x61, 0xb8, 0x75, 0xd9, 0x2d, 0x7d, 0xd6, 0x3f, 0xfa, 0x36, 0x5e,
+	0xd8, 0x37, 0x5e, 0x88, 0x87, 0x70, 0x60, 0xda, 0xcf, 0x66, 0xdb, 0x96, 0x4e, 0x7f, 0xda, 0xe0,
+	0xe9, 0x19, 0xc4, 0x13, 0x70, 0xe6, 0xa4, 0xb0, 0xa9, 0x64, 0x6b, 0x57, 0xc6, 0x2d, 0x43, 0x29,
+	0x3a, 0x38, 0x07, 0x4f, 0x8f, 0x35, 0x8e, 0x1a, 0x98, 0xf3, 0x2c, 0x1f, 0x3f, 0xde, 0x75, 0x77,
+	0x63, 0x0b, 0x44, 0x07, 0x8f, 0xc0, 0xf9, 0x58, 0x29, 0x6c, 0xf9, 0xd2, 0x1e, 0x06, 0xcf, 0xc1,
+	0x9b, 0x51, 0x4e, 0x8a, 0x5a, 0x7b, 0x77, 0x32, 0x13, 0x9d, 0xe9, 0x1f, 0x1b, 0x3c, 0x9e, 0xd7,
+	0xfd, 0x4e, 0xdc, 0x1e, 0xe9, 0x71, 0xcb, 0x16, 0x88, 0x0e, 0xbe, 0xbc, 0xc3, 0x89, 0x07, 0xbb,
+	0x3b, 0x17, 0xa4, 0xf6, 0xa9, 0x67, 0xcc, 0x9e, 0xaf, 0xee, 0x53, 0xaf, 0x7b, 0x5b, 0xd4, 0xe3,
+	0x2b, 0x80, 0x19, 0xf1, 0xde, 0xc7, 0xff, 0xdf, 0x3d, 0xfd, 0x65, 0x41, 0xdf, 0xcc, 0x98, 0xc4,
+	0x77, 0xd0, 0xe5, 0xf5, 0xb8, 0x73, 0x25, 0xc6, 0x8f, 0xda, 0x10, 0x75, 0xbf, 0xe8, 0xe0, 0x31,
+	0x74, 0xdf, 0x67, 0x79, 0x8e, 0xe3, 0x36, 0xdc, 0xd9, 0xac, 0x8d, 0xd2, 0x69, 0xef, 0xb3, 0xfe,
+	0x7b, 0x48, 0x3c, 0xfe, 0x79, 0xfa, 0x37, 0x00, 0x00, 0xff, 0xff, 0x0e, 0x50, 0x5f, 0x13, 0x1a,
+	0x06, 0x00, 0x00,
 }

proto/route.proto

@@ -1,8 +1,7 @@
 syntax = "proto3";
 
-// option go_package = "git.xeserv.us/xena/route/routerpc/routegrpc;routegrpc";
-
-package route;
+package xeserv.us.route;
+option go_package = "proto";
 
 // Nil represents nothing.
 message Nil {}

proto/route/client.go

@@ -0,0 +1,55 @@
+// Package route is a higher level client for routed suitable to embed into
+// Go programs.
+package route
+
+import (
+	"net/http"
+
+	"git.xeserv.us/xena/route/proto"
+)
+
+// New creates a new instance of the routed client with a given token and service
+// URL.
+func New(routedURL, token string, underlying *http.Client) *Client {
+	c := &Client{
+		underlying: underlying,
+		authToken:  token,
+		serverURL:  routedURL,
+	}
+
+	c.Backends = proto.NewBackendsProtobufClient(routedURL, c.hClient())
+	c.Routes = proto.NewRoutesProtobufClient(routedURL, c.hClient())
+	c.Tokens = proto.NewTokensProtobufClient(routedURL, c.hClient())
+
+	return c
+}
+
+// Client is a higher level client for routed
+type Client struct {
+	Backends proto.Backends
+	Routes   proto.Routes
+	Tokens   proto.Tokens
+
+	underlying *http.Client
+	authToken  string
+	serverURL  string
+}
+
+// RoundTrip executes a HTTP request, adding authentication headers and then
+// executing it using the underlying http client.
+func (c *Client) RoundTrip(r *http.Request) (*http.Response, error) {
+	ck := &http.Cookie{
+		Name:  "routed",
+		Value: c.authToken,
+	}
+
+	r.AddCookie(ck)
+
+	return c.underlying.Do(r)
+}
+
+func (c *Client) hClient() *http.Client {
+	return &http.Client{
+		Transport: c,
+	}
+}

run/Dockerfile.agent

@@ -0,0 +1,6 @@
+FROM xena/route-core
+FROM xena/alpine
+
+COPY --from=0 /root/go/src/git.xeserv.us/xena/route/bin/linux/amd64/route-httpagent /usr/local/bin/route-httpagent
+
+CMD /usr/local/bin/route-httpagent

run/Dockerfile.routed

@@ -0,0 +1,10 @@
+FROM xena/route-core
+FROM xena/alpine
+
+COPY --from=0 /root/go/src/git.xeserv.us/xena/route/bin/linux/amd64/routed /usr/local/bin/routed
+
+VOLUME /routed
+
+ENV BOLTDB_PATH /routed/route.db
+
+CMD /usr/local/bin/routed

vendor/github.com/ThomasRooney/gexpect/LICENCE

@@ -0,0 +1,7 @@
+Copyright (C) 2014 Thomas Rooney
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

vendor/github.com/ThomasRooney/gexpect/README.md

@@ -0,0 +1,64 @@
+# Gexpect
+
+Gexpect is a pure golang expect-like module.
+
+It makes it simpler to create and control other terminal applications.
+
+	child, err := gexpect.Spawn("python")
+	if err != nil {
+		panic(err)
+	}
+	child.Expect(">>>")
+	child.SendLine("print 'Hello World'")
+	child.Interact()
+	child.Close()
+
+## Examples
+
+`Spawn` handles the argument parsing from a string
+
+	child.Spawn("/bin/sh -c 'echo \"my complicated command\" | tee log | cat > log2'")
+	child.ReadLine() // ReadLine() (string, error)
+	child.ReadUntil(' ') // ReadUntil(delim byte) ([]byte, error)
+
+`ReadLine`, `ReadUntil` and `SendLine` send strings from/to `stdout/stdin` respectively
+
+	child, _ := gexpect.Spawn("cat")
+	child.SendLine("echoing process_stdin") //  SendLine(command string) (error)
+	msg, _ := child.ReadLine() // msg = echoing process_stdin
+
+`Wait` and `Close` allow for graceful and ungraceful termination.
+
+	child.Wait() // Waits until the child terminates naturally.
+	child.Close() // Sends a kill command
+
+`AsyncInteractChannels` spawns two go routines to pipe into and from `stdout`/`stdin`, allowing for some usecases to be a little simpler.
+
+	child, _ := gexpect.Spawn("sh")
+	sender, receiver := child.AsyncInteractChannels()
+	sender <- "echo Hello World\n" // Send to stdin
+	line, open := <- receiver // Recieve a line from stdout/stderr
+	// When the subprocess stops (e.g. with child.Close()) , receiver is closed
+	if open {
+		fmt.Printf("Received %s", line)
+	}
+
+`ExpectRegex` uses golang's internal regex engine to wait until a match from the process with the given regular expression (or an error on process termination with no match).
+
+	child, _ := gexpect.Spawn("echo accb")	
+	match, _ := child.ExpectRegex("a..b")
+	// (match=true)
+
+`ExpectRegexFind` allows for groups to be extracted from process stdout. The first element is an array of containing the total matched text, followed by each subexpression group match.
+
+	child, _ := gexpect.Spawn("echo 123 456 789")
+	result, _ := child.ExpectRegexFind("\d+ (\d+) (\d+)")
+	// result = []string{"123 456 789", "456", "789"}
+
+See `gexpect_test.go` and the `examples` folder for full syntax
+
+## Credits
+
+	github.com/kballard/go-shellquote	
+	github.com/kr/pty
+	KMP Algorithm: "http://blog.databigbang.com/searching-for-substrings-in-streams-a-slight-modification-of-the-knuth-morris-pratt-algorithm-in-haxe/"

vendor/github.com/ThomasRooney/gexpect/gexpect.go

@@ -0,0 +1,449 @@
+// +build !windows
+
+package gexpect
+
+import (
+	"bytes"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+	"regexp"
+	"time"
+	"unicode/utf8"
+
+	shell "github.com/kballard/go-shellquote"
+	"github.com/kr/pty"
+)
+
+var (
+	ErrEmptySearch = errors.New("empty search string")
+)
+
+type ExpectSubprocess struct {
+	Cmd          *exec.Cmd
+	buf          *buffer
+	outputBuffer []byte
+}
+
+type buffer struct {
+	f       *os.File
+	b       bytes.Buffer
+	collect bool
+
+	collection bytes.Buffer
+}
+
+func (buf *buffer) StartCollecting() {
+	buf.collect = true
+}
+
+func (buf *buffer) StopCollecting() (result string) {
+	result = string(buf.collection.Bytes())
+	buf.collect = false
+	buf.collection.Reset()
+	return result
+}
+
+func (buf *buffer) Read(chunk []byte) (int, error) {
+	nread := 0
+	if buf.b.Len() > 0 {
+		n, err := buf.b.Read(chunk)
+		if err != nil {
+			return n, err
+		}
+		if n == len(chunk) {
+			return n, nil
+		}
+		nread = n
+	}
+	fn, err := buf.f.Read(chunk[nread:])
+	return fn + nread, err
+}
+
+func (buf *buffer) ReadRune() (r rune, size int, err error) {
+	l := buf.b.Len()
+
+	chunk := make([]byte, utf8.UTFMax)
+	if l > 0 {
+		n, err := buf.b.Read(chunk)
+		if err != nil {
+			return 0, 0, err
+		}
+		if utf8.FullRune(chunk[:n]) {
+			r, rL := utf8.DecodeRune(chunk)
+			if n > rL {
+				buf.PutBack(chunk[rL:n])
+			}
+			if buf.collect {
+				buf.collection.WriteRune(r)
+			}
+			return r, rL, nil
+		}
+	}
+	// else add bytes from the file, then try that
+	for l < utf8.UTFMax {
+		fn, err := buf.f.Read(chunk[l : l+1])
+		if err != nil {
+			return 0, 0, err
+		}
+		l = l + fn
+
+		if utf8.FullRune(chunk[:l]) {
+			r, rL := utf8.DecodeRune(chunk)
+			if buf.collect {
+				buf.collection.WriteRune(r)
+			}
+			return r, rL, nil
+		}
+	}
+	return 0, 0, errors.New("File is not a valid UTF=8 encoding")
+}
+
+func (buf *buffer) PutBack(chunk []byte) {
+	if len(chunk) == 0 {
+		return
+	}
+	if buf.b.Len() == 0 {
+		buf.b.Write(chunk)
+		return
+	}
+	d := make([]byte, 0, len(chunk)+buf.b.Len())
+	d = append(d, chunk...)
+	d = append(d, buf.b.Bytes()...)
+	buf.b.Reset()
+	buf.b.Write(d)
+}
+
+func SpawnAtDirectory(command string, directory string) (*ExpectSubprocess, error) {
+	expect, err := _spawn(command)
+	if err != nil {
+		return nil, err
+	}
+	expect.Cmd.Dir = directory
+	return _start(expect)
+}
+
+func Command(command string) (*ExpectSubprocess, error) {
+	expect, err := _spawn(command)
+	if err != nil {
+		return nil, err
+	}
+	return expect, nil
+}
+
+func (expect *ExpectSubprocess) Start() error {
+	_, err := _start(expect)
+	return err
+}
+
+func Spawn(command string) (*ExpectSubprocess, error) {
+	expect, err := _spawn(command)
+	if err != nil {
+		return nil, err
+	}
+	return _start(expect)
+}
+
+func (expect *ExpectSubprocess) Close() error {
+	if err := expect.Cmd.Process.Kill(); err != nil {
+		return err
+	}
+	if err := expect.buf.f.Close(); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (expect *ExpectSubprocess) AsyncInteractChannels() (send chan string, receive chan string) {
+	receive = make(chan string)
+	send = make(chan string)
+
+	go func() {
+		for {
+			str, err := expect.ReadLine()
+			if err != nil {
+				close(receive)
+				return
+			}
+			receive <- str
+		}
+	}()
+
+	go func() {
+		for {
+			select {
+			case sendCommand, exists := <-send:
+				{
+					if !exists {
+						return
+					}
+					err := expect.Send(sendCommand)
+					if err != nil {
+						receive <- "gexpect Error: " + err.Error()
+						return
+					}
+				}
+			}
+		}
+	}()
+
+	return
+}
+
+func (expect *ExpectSubprocess) ExpectRegex(regex string) (bool, error) {
+	return regexp.MatchReader(regex, expect.buf)
+}
+
+func (expect *ExpectSubprocess) expectRegexFind(regex string, output bool) ([]string, string, error) {
+	re, err := regexp.Compile(regex)
+	if err != nil {
+		return nil, "", err
+	}
+	expect.buf.StartCollecting()
+	pairs := re.FindReaderSubmatchIndex(expect.buf)
+	stringIndexedInto := expect.buf.StopCollecting()
+	l := len(pairs)
+	numPairs := l / 2
+	result := make([]string, numPairs)
+	for i := 0; i < numPairs; i += 1 {
+		result[i] = stringIndexedInto[pairs[i*2]:pairs[i*2+1]]
+	}
+	// convert indexes to strings
+
+	if len(result) == 0 {
+		err = fmt.Errorf("ExpectRegex didn't find regex '%v'.", regex)
+	} else {
+		// The number in pairs[1] is an index of a first
+		// character outside the whole match
+		putBackIdx := pairs[1]
+		if len(stringIndexedInto) > putBackIdx {
+			stringToPutBack := stringIndexedInto[putBackIdx:]
+			stringIndexedInto = stringIndexedInto[:putBackIdx]
+			expect.buf.PutBack([]byte(stringToPutBack))
+		}
+	}
+	return result, stringIndexedInto, err
+}
+
+func (expect *ExpectSubprocess) expectTimeoutRegexFind(regex string, timeout time.Duration) (result []string, out string, err error) {
+	t := make(chan bool)
+	go func() {
+		result, out, err = expect.ExpectRegexFindWithOutput(regex)
+		t <- false
+	}()
+	go func() {
+		time.Sleep(timeout)
+		err = fmt.Errorf("ExpectRegex timed out after %v finding '%v'.\nOutput:\n%s", timeout, regex, expect.Collect())
+		t <- true
+	}()
+	<-t
+	return result, out, err
+}
+
+func (expect *ExpectSubprocess) ExpectRegexFind(regex string) ([]string, error) {
+	result, _, err := expect.expectRegexFind(regex, false)
+	return result, err
+}
+
+func (expect *ExpectSubprocess) ExpectTimeoutRegexFind(regex string, timeout time.Duration) ([]string, error) {
+	result, _, err := expect.expectTimeoutRegexFind(regex, timeout)
+	return result, err
+}
+
+func (expect *ExpectSubprocess) ExpectRegexFindWithOutput(regex string) ([]string, string, error) {
+	return expect.expectRegexFind(regex, true)
+}
+
+func (expect *ExpectSubprocess) ExpectTimeoutRegexFindWithOutput(regex string, timeout time.Duration) ([]string, string, error) {
+	return expect.expectTimeoutRegexFind(regex, timeout)
+}
+
+func buildKMPTable(searchString string) []int {
+	pos := 2
+	cnd := 0
+	length := len(searchString)
+
+	var table []int
+	if length < 2 {
+		length = 2
+	}
+
+	table = make([]int, length)
+	table[0] = -1
+	table[1] = 0
+
+	for pos < len(searchString) {
+		if searchString[pos-1] == searchString[cnd] {
+			cnd += 1
+			table[pos] = cnd
+			pos += 1
+		} else if cnd > 0 {
+			cnd = table[cnd]
+		} else {
+			table[pos] = 0
+			pos += 1
+		}
+	}
+	return table
+}
+
+func (expect *ExpectSubprocess) ExpectTimeout(searchString string, timeout time.Duration) (e error) {
+	result := make(chan error)
+	go func() {
+		result <- expect.Expect(searchString)
+	}()
+	select {
+	case e = <-result:
+	case <-time.After(timeout):
+		e = fmt.Errorf("Expect timed out after %v waiting for '%v'.\nOutput:\n%s", timeout, searchString, expect.Collect())
+	}
+	return e
+}
+
+func (expect *ExpectSubprocess) Expect(searchString string) (e error) {
+	target := len(searchString)
+	if target < 1 {
+		return ErrEmptySearch
+	}
+	chunk := make([]byte, target*2)
+	if expect.outputBuffer != nil {
+		expect.outputBuffer = expect.outputBuffer[0:]
+	}
+	m := 0
+	i := 0
+	// Build KMP Table
+	table := buildKMPTable(searchString)
+
+	for {
+		n, err := expect.buf.Read(chunk)
+		if n == 0 && err != nil {
+			return err
+		}
+		if expect.outputBuffer != nil {
+			expect.outputBuffer = append(expect.outputBuffer, chunk[:n]...)
+		}
+		offset := m + i
+		for m+i-offset < n {
+			if searchString[i] == chunk[m+i-offset] {
+				i += 1
+				if i == target {
+					unreadIndex := m + i - offset
+					if len(chunk) > unreadIndex {
+						expect.buf.PutBack(chunk[unreadIndex:n])
+					}
+					return nil
+				}
+			} else {
+				m += i - table[i]
+				if table[i] > -1 {
+					i = table[i]
+				} else {
+					i = 0
+				}
+			}
+		}
+	}
+}
+
+func (expect *ExpectSubprocess) Send(command string) error {
+	_, err := io.WriteString(expect.buf.f, command)
+	return err
+}
+
+func (expect *ExpectSubprocess) Capture() {
+	if expect.outputBuffer == nil {
+		expect.outputBuffer = make([]byte, 0)
+	}
+}
+
+func (expect *ExpectSubprocess) Collect() []byte {
+	collectOutput := make([]byte, len(expect.outputBuffer))
+	copy(collectOutput, expect.outputBuffer)
+	expect.outputBuffer = nil
+	return collectOutput
+}
+
+func (expect *ExpectSubprocess) SendLine(command string) error {
+	_, err := io.WriteString(expect.buf.f, command+"\r\n")
+	return err
+}
+
+func (expect *ExpectSubprocess) Interact() {
+	defer expect.Cmd.Wait()
+	io.Copy(os.Stdout, &expect.buf.b)
+	go io.Copy(os.Stdout, expect.buf.f)
+	go io.Copy(expect.buf.f, os.Stdin)
+}
+
+func (expect *ExpectSubprocess) ReadUntil(delim byte) ([]byte, error) {
+	join := make([]byte, 0, 512)
+	chunk := make([]byte, 255)
+
+	for {
+		n, err := expect.buf.Read(chunk)
+
+		for i := 0; i < n; i++ {
+			if chunk[i] == delim {
+				if len(chunk) > i+1 {
+					expect.buf.PutBack(chunk[i+1:n])
+				}
+				return join, nil
+			} else {
+				join = append(join, chunk[i])
+			}
+		}
+
+		if err != nil {
+			return join, err
+		}
+	}
+}
+
+func (expect *ExpectSubprocess) Wait() error {
+	return expect.Cmd.Wait()
+}
+
+func (expect *ExpectSubprocess) ReadLine() (string, error) {
+	str, err := expect.ReadUntil('\n')
+	return string(str), err
+}
+
+func _start(expect *ExpectSubprocess) (*ExpectSubprocess, error) {
+	f, err := pty.Start(expect.Cmd)
+	if err != nil {
+		return nil, err
+	}
+	expect.buf.f = f
+
+	return expect, nil
+}
+
+func _spawn(command string) (*ExpectSubprocess, error) {
+	wrapper := new(ExpectSubprocess)
+
+	wrapper.outputBuffer = nil
+
+	splitArgs, err := shell.Split(command)
+	if err != nil {
+		return nil, err
+	}
+	numArguments := len(splitArgs) - 1
+	if numArguments < 0 {
+		return nil, errors.New("gexpect: No command given to spawn")
+	}
+	path, err := exec.LookPath(splitArgs[0])
+	if err != nil {
+		return nil, err
+	}
+
+	if numArguments >= 1 {
+		wrapper.Cmd = exec.Command(path, splitArgs[1:]...)
+	} else {
+		wrapper.Cmd = exec.Command(path)
+	}
+	wrapper.buf = new(buffer)
+
+	return wrapper, nil
+}

vendor/github.com/ThomasRooney/gexpect/gexpect_test.go

@@ -0,0 +1,419 @@
+// +build !windows
+
+package gexpect
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestEmptySearchString(t *testing.T) {
+	t.Logf("Testing empty search string...")
+	child, err := Spawn("echo Hello World")
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = child.Expect("")
+	if err != ErrEmptySearch {
+		t.Fatalf("Expected empty search error, got %v", err)
+	}
+}
+
+func TestHelloWorld(t *testing.T) {
+	t.Logf("Testing Hello World... ")
+	child, err := Spawn("echo \"Hello World\"")
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = child.Expect("Hello World")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestDoubleHelloWorld(t *testing.T) {
+	t.Logf("Testing Double Hello World... ")
+	child, err := Spawn(`sh -c "echo Hello World ; echo Hello ; echo Hi"`)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = child.Expect("Hello World")
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = child.Expect("Hello")
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = child.Expect("Hi")
+	if err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestHelloWorldFailureCase(t *testing.T) {
+	t.Logf("Testing Hello World Failure case... ")
+	child, err := Spawn("echo \"Hello World\"")
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = child.Expect("YOU WILL NEVER FIND ME")
+	if err != nil {
+		return
+	}
+	t.Fatal("Expected an error for TestHelloWorldFailureCase")
+}
+
+func TestBiChannel(t *testing.T) {
+
+	t.Logf("Testing BiChannel screen... ")
+	child, err := Spawn("cat")
+	if err != nil {
+		t.Fatal(err)
+	}
+	sender, receiver := child.AsyncInteractChannels()
+	wait := func(str string) {
+		for {
+			msg, open := <-receiver
+			if !open {
+				return
+			}
+			if strings.Contains(msg, str) {
+				return
+			}
+		}
+	}
+
+	endlChar := fmt.Sprintln("")
+	sender <- fmt.Sprintf("echo%v", endlChar)
+	wait("echo")
+	sender <- fmt.Sprintf("echo2%v", endlChar)
+	wait("echo2")
+	child.Close()
+	child.Wait()
+}
+
+func TestCommandStart(t *testing.T) {
+	t.Logf("Testing Command... ")
+
+	// Doing this allows you to modify the cmd struct prior to execution, for example to add environment variables
+	child, err := Command("echo 'Hello World'")
+	if err != nil {
+		t.Fatal(err)
+	}
+	child.Start()
+	child.Expect("Hello World")
+}
+
+var regexMatchTests = []struct {
+	re   string
+	good string
+	bad  string
+}{
+	{`a`, `a`, `b`},
+	{`.b`, `ab`, `ac`},
+	{`a+hello`, `aaaahello`, `bhello`},
+	{`(hello|world)`, `hello`, `unknown`},
+	{`(hello|world)`, `world`, `unknown`},
+	{"\u00a9", "\u00a9", `unknown`}, // 2 bytes long unicode character "copyright sign"
+}
+
+func TestRegexMatch(t *testing.T) {
+	t.Logf("Testing Regular Expression Matching... ")
+	for _, tt := range regexMatchTests {
+		runTest := func(input string) bool {
+			var match bool
+			child, err := Spawn("echo \"" + input + "\"")
+			if err != nil {
+				t.Fatal(err)
+			}
+			match, err = child.ExpectRegex(tt.re)
+			if err != nil {
+				t.Fatal(err)
+			}
+			return match
+		}
+		if !runTest(tt.good) {
+			t.Errorf("Regex Not matching [%#q] with pattern [%#q]", tt.good, tt.re)
+		}
+		if runTest(tt.bad) {
+			t.Errorf("Regex Matching [%#q] with pattern [%#q]", tt.bad, tt.re)
+		}
+	}
+}
+
+var regexFindTests = []struct {
+	re      string
+	input   string
+	matches []string
+}{
+	{`he(l)lo wo(r)ld`, `hello world`, []string{"hello world", "l", "r"}},
+	{`(a)`, `a`, []string{"a", "a"}},
+	{`so.. (hello|world)`, `so.. hello`, []string{"so.. hello", "hello"}},
+	{`(a+)hello`, `aaaahello`, []string{"aaaahello", "aaaa"}},
+	{`\d+ (\d+) (\d+)`, `123 456 789`, []string{"123 456 789", "456", "789"}},
+	{`\d+ (\d+) (\d+)`, "\u00a9 123 456 789 \u00a9", []string{"123 456 789", "456", "789"}}, // check unicode characters
+}
+
+func TestRegexFind(t *testing.T) {
+	t.Logf("Testing Regular Expression Search... ")
+	for _, tt := range regexFindTests {
+		runTest := func(input string) []string {
+			child, err := Spawn("echo \"" + input + "\"")
+			if err != nil {
+				t.Fatal(err)
+			}
+			matches, err := child.ExpectRegexFind(tt.re)
+			if err != nil {
+				t.Fatal(err)
+			}
+			return matches
+		}
+		matches := runTest(tt.input)
+		if len(matches) != len(tt.matches) {
+			t.Fatalf("Regex not producing the expected number of patterns.. got[%d] ([%s]) expected[%d] ([%s])",
+				len(matches), strings.Join(matches, ","),
+				len(tt.matches), strings.Join(tt.matches, ","))
+		}
+		for i, _ := range matches {
+			if matches[i] != tt.matches[i] {
+				t.Errorf("Regex Expected group [%s] and got group [%s] with pattern [%#q] and input [%s]",
+					tt.matches[i], matches[i], tt.re, tt.input)
+			}
+		}
+	}
+}
+
+func TestReadLine(t *testing.T) {
+	t.Logf("Testing ReadLine...")
+
+	child, err := Spawn("echo \"foo\nbar\"")
+
+	if err != nil {
+		t.Fatal(err)
+	}
+	s, err := child.ReadLine()
+
+	if err != nil {
+		t.Fatal(err)
+	}
+	if s != "foo\r" {
+		t.Fatalf("expected 'foo\\r', got '%s'", s)
+	}
+	s, err = child.ReadLine()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if s != "bar\r" {
+		t.Fatalf("expected 'bar\\r', got '%s'", s)
+	}
+}
+
+func TestRegexWithOutput(t *testing.T) {
+	t.Logf("Testing Regular Expression search with output...")
+
+	s := "You will not find me"
+	p, err := Spawn("echo -n " + s)
+	if err != nil {
+		t.Fatalf("Cannot exec rkt: %v", err)
+	}
+	searchPattern := `I should not find you`
+	result, out, err := p.ExpectRegexFindWithOutput(searchPattern)
+	if err == nil {
+		t.Fatalf("Shouldn't have found `%v` in `%v`", searchPattern, out)
+	}
+	if s != out {
+		t.Fatalf("Child output didn't match: %s", out)
+	}
+
+	err = p.Wait()
+	if err != nil {
+		t.Fatalf("Child didn't terminate correctly: %v", err)
+	}
+
+	p, err = Spawn("echo You will find me")
+	if err != nil {
+		t.Fatalf("Cannot exec rkt: %v", err)
+	}
+	searchPattern = `.*(You will).*`
+	result, out, err = p.ExpectRegexFindWithOutput(searchPattern)
+	if err != nil || result[1] != "You will" {
+		t.Fatalf("Did not find pattern `%v` in `%v'\n", searchPattern, out)
+	}
+	err = p.Wait()
+	if err != nil {
+		t.Fatalf("Child didn't terminate correctly: %v", err)
+	}
+}
+
+func TestRegexTimeoutWithOutput(t *testing.T) {
+	t.Logf("Testing Regular Expression search with timeout and output...")
+
+	seconds := 2
+	timeout := time.Duration(seconds-1) * time.Second
+
+	p, err := Spawn(fmt.Sprintf("sh -c 'sleep %d && echo You find me'", seconds))
+	if err != nil {
+		t.Fatalf("Cannot exec rkt: %v", err)
+	}
+	searchPattern := `find me`
+	result, out, err := p.ExpectTimeoutRegexFindWithOutput(searchPattern, timeout)
+	if err == nil {
+		t.Fatalf("Shouldn't have finished call with result: %v", result)
+	}
+
+	seconds = 2
+	timeout = time.Duration(seconds+1) * time.Second
+
+	p, err = Spawn(fmt.Sprintf("sh -c 'sleep %d && echo You find me'", seconds))
+	if err != nil {
+		t.Fatalf("Cannot exec rkt: %v", err)
+	}
+	searchPattern = `find me`
+	result, out, err = p.ExpectTimeoutRegexFindWithOutput(searchPattern, timeout)
+	if err != nil {
+		t.Fatalf("Didn't find %v in output: %v", searchPattern, out)
+	}
+}
+
+func TestRegexFindNoExcessBytes(t *testing.T) {
+	t.Logf("Testing Regular Expressions returning output with no excess strings")
+	repeats := 50
+	tests := []struct {
+		desc           string
+		loopBody       string
+		searchPattern  string
+		expectFullTmpl string
+		unmatchedData  string
+	}{
+		{
+			desc:           `matching lines line by line with $ at the end of the regexp`,
+			loopBody:       `echo "prefix: ${i} line"`,
+			searchPattern:  `(?m)^prefix:\s+(\d+) line\s??$`,
+			expectFullTmpl: `prefix: %d line`,
+			unmatchedData:  "\n",
+			// the "$" char at the end of regexp does not
+			// match the \n, so it is left as an unmatched
+			// data
+		},
+		{
+			desc:           `matching lines line by line with \n at the end of the regexp`,
+			loopBody:       `echo "prefix: ${i} line"`,
+			searchPattern:  `(?m)^prefix:\s+(\d+) line\s??\n`,
+			expectFullTmpl: `prefix: %d line`,
+			unmatchedData:  "",
+		},
+		{
+			desc:           `matching chunks in single line chunk by chunk`,
+			loopBody:       `printf "a ${i} b"`,
+			searchPattern:  `a\s+(\d+)\s+b`,
+			expectFullTmpl: `a %d b`,
+			unmatchedData:  "",
+		},
+	}
+	seqCmd := fmt.Sprintf("`seq 1 %d`", repeats)
+	shCmdTmpl := fmt.Sprintf(`sh -c 'for i in %s; do %%s; done'`, seqCmd)
+	for _, tt := range tests {
+		t.Logf("Test: %s", tt.desc)
+		shCmd := fmt.Sprintf(shCmdTmpl, tt.loopBody)
+		t.Logf("Running command: %s", shCmd)
+		p, err := Spawn(shCmd)
+		if err != nil {
+			t.Fatalf("Cannot exec shell script: %v", err)
+		}
+		defer func() {
+			if err := p.Wait(); err != nil {
+				t.Fatalf("shell script didn't terminate correctly: %v", err)
+			}
+		}()
+		for i := 1; i <= repeats; i++ {
+			matches, output, err := p.ExpectRegexFindWithOutput(tt.searchPattern)
+			if err != nil {
+				t.Fatalf("Failed to get the match number %d: %v", i, err)
+			}
+			if len(matches) != 2 {
+				t.Fatalf("Expected only 2 matches, got %d", len(matches))
+			}
+			full := strings.TrimSpace(matches[0])
+			expFull := fmt.Sprintf(tt.expectFullTmpl, i)
+			partial := matches[1]
+			expPartial := fmt.Sprintf("%d", i)
+			if full != expFull {
+				t.Fatalf("Did not the expected full match %q, got %q", expFull, full)
+			}
+			if partial != expPartial {
+				t.Fatalf("Did not the expected partial match %q, got %q", expPartial, partial)
+			}
+			// The output variable usually contains the
+			// unmatched data followed by the whole match.
+			// The first line is special as it has no data
+			// preceding it.
+			var expectedOutput string
+			if i == 1 || tt.unmatchedData == "" {
+				expectedOutput = matches[0]
+			} else {
+				expectedOutput = fmt.Sprintf("%s%s", tt.unmatchedData, matches[0])
+			}
+			if output != expectedOutput {
+				t.Fatalf("The collected output %q should be the same as the whole match %q", output, expectedOutput)
+			}
+		}
+	}
+}
+
+func TestBufferReadRune(t *testing.T) {
+	tests := []struct {
+		bufferContent []byte
+		fileContent   []byte
+		expectedRune  rune
+	}{
+		// unicode "copyright char" is \u00a9 is encoded as two bytes in utf8 0xc2 0xa9
+		{[]byte{0xc2, 0xa9}, []byte{}, '\u00a9'}, // whole rune is already in buffer.b
+		{[]byte{0xc2}, []byte{0xa9}, '\u00a9'},   // half of is in the buffer.b and another half still in buffer.f (file)
+		{[]byte{}, []byte{0xc2, 0xa9}, '\u00a9'}, // whole rune is the file
+		// some random noise in the end of file
+		{[]byte{0xc2, 0xa9}, []byte{0x20, 0x20, 0x20, 0x20}, '\u00a9'},
+		{[]byte{0xc2}, []byte{0xa9, 0x20, 0x20, 0x20, 0x20}, '\u00a9'},
+		{[]byte{}, []byte{0xc2, 0xa9, 0x20, 0x20, 0x20, 0x20}, '\u00a9'},
+	}
+
+	for i, tt := range tests {
+
+		// prepare tmp file with fileContent
+		f, err := ioutil.TempFile("", "")
+		if err != nil {
+			t.Fatal(err)
+		}
+		n, err := f.Write(tt.fileContent)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if n != len(tt.fileContent) {
+			t.Fatal("expected fileContent written to temp file")
+		}
+		_, err = f.Seek(0, 0)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		// new buffer
+		buf := buffer{f: f, b: *bytes.NewBuffer(tt.bufferContent)}
+
+		// call ReadRune
+		r, size, err := buf.ReadRune()
+
+		if r != tt.expectedRune {
+			t.Fatalf("#%d: expected rune %+q but go is %+q", i, tt.expectedRune, r)
+		}
+
+		if size != len(string(tt.expectedRune)) {
+			t.Fatalf("#%d: expected rune %d bytes long but got just %d bytes long", i, len(string(tt.expectedRune)), size)
+		}
+
+	}
+
+}

vendor/github.com/Xe/eclier/.gitignore

@@ -0,0 +1,2 @@
+.DS_Store
+doc

vendor/github.com/Xe/eclier/Gopkg.lock

@@ -0,0 +1,223 @@
+memo = "b40e77e679fec09015bfda27b7d1fc37f4ba6240cbe95cf9fb88b5c56e40ebdf"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/ThomasRooney/gexpect"
+  packages = ["."]
+  revision = "5482f03509440585d13d8f648989e05903001842"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/Xe/x"
+  packages = ["tools/glue/libs/gluaexpect","tools/glue/libs/gluasimplebox"]
+  revision = "d0ebe3970f361daa31a135f1e0c7304eb1442f61"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/ailncode/gluaxmlpath"
+  packages = ["."]
+  revision = "6ce478ecb4a60c4fc8929838e0b21b7fb7ca7440"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/brandur/simplebox"
+  packages = ["."]
+  revision = "84e9865bb03ad38c464043bf5382ce8c68ca5f0c"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/cjoudrey/gluahttp"
+  packages = ["."]
+  revision = "b4bfe0c50fea948dcbf3966e120996d6607bbd89"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/cjoudrey/gluaurl"
+  packages = ["."]
+  revision = "31cbb9bef199454415879f2e6d609d1136d60cad"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/cyberdelia/heroku-go"
+  packages = ["v3"]
+  revision = "bb8b6b1e9656ec0728638961f8e8b4211fee735d"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/dickeyxxx/netrc"
+  packages = ["."]
+  revision = "3acf1b3de25d89c7688c63bb45f6b07f566555ec"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/google/go-querystring"
+  packages = ["query"]
+  revision = "53e6ce116135b80d037921a7fdd5138cf32d7a8a"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/howeyc/gopass"
+  packages = ["."]
+  revision = "bf9dde6d0d2c004a008c27aaee91170c786f6db8"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kballard/go-shellquote"
+  packages = ["."]
+  revision = "d8ec1a69a250a17bb0e419c386eac1f3711dc142"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluaenv"
+  packages = ["."]
+  revision = "2888db6bbe38923d59c42e443895875cc8ce0820"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluafs"
+  packages = ["."]
+  revision = "01391ed2d7ab89dc80157605b073403f960aa223"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluaquestion"
+  packages = ["."]
+  revision = "311437c29ba54d027ad2af383661725ae2bfdcdc"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluassh"
+  packages = ["."]
+  revision = "2a7bd48d7568de8230c87ac1ef4a4c481e45814d"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluatemplate"
+  packages = ["."]
+  revision = "d9e2c9d6b00f069a9da377a9ac529c827c1c7d71"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluayaml"
+  packages = ["."]
+  revision = "6fe413d49d73d785510ecf1529991ab0573e96c7"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kr/fs"
+  packages = ["."]
+  revision = "2788f0dbd16903de03cb8186e5c7d97b69ad387b"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/kr/pty"
+  packages = ["."]
+  revision = "ce7fa45920dc37a92de8377972e52bc55ffa8d57"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/mattn/go-runewidth"
+  packages = ["."]
+  revision = "737072b4e32b7a5018b4a7125da8d12de90e8045"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/mitchellh/mapstructure"
+  packages = ["."]
+  revision = "cc8532a8e9a55ea36402aa21efdf403a60d34096"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/olekukonko/tablewriter"
+  packages = ["."]
+  revision = "44e365d423f4f06769182abfeeae2b91be9d529b"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/otm/gluaflag"
+  packages = ["."]
+  revision = "078088de689148194436293886e8e39809167332"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/otm/gluash"
+  packages = ["."]
+  revision = "e145c563986f0b91f740a758a84bca46c163aec7"
+
+[[projects]]
+  name = "github.com/pborman/uuid"
+  packages = ["."]
+  revision = "e790cca94e6cc75c7064b1332e63811d4aae1a53"
+  version = "v1.1"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/pkg/sftp"
+  packages = ["."]
+  revision = "e84cc8c755ca39b7b64f510fe1fffc1b51f210a5"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/yookoala/realpath"
+  packages = ["."]
+  revision = "c416d99ab5ed256fa30c1f3bab73152deb59bb69"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/yuin/gluamapper"
+  packages = ["."]
+  revision = "d836955830e75240d46ce9f0e6d148d94f2e1d3a"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/yuin/gluare"
+  packages = ["."]
+  revision = "8e2742cd1bf2b904720ac66eca3c2091b2ea0720"
+
+[[projects]]
+  branch = "master"
+  name = "github.com/yuin/gopher-lua"
+  packages = [".","ast","parse","pm"]
+  revision = "33ebc07735566cd0c3c4b69e2839d522cc389852"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/crypto"
+  packages = ["curve25519","ed25519","ed25519/internal/edwards25519","nacl/secretbox","poly1305","salsa20/salsa","ssh","ssh/agent","ssh/terminal"]
+  revision = "dd85ac7e6a88fc6ca420478e934de5f1a42dd3c6"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/net"
+  packages = ["html","html/atom"]
+  revision = "66aacef3dd8a676686c7ae3716979581e8b03c47"
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/sys"
+  packages = ["unix"]
+  revision = "9ccfe848b9db8435a24c424abbc07a921adf1df5"
+
+[[projects]]
+  branch = "v2"
+  name = "gopkg.in/xmlpath.v2"
+  packages = ["."]
+  revision = "860cbeca3ebcc600db0b213c0e83ad6ce91f5739"
+
+[[projects]]
+  branch = "master"
+  name = "gopkg.in/yaml.v2"
+  packages = ["."]
+  revision = "cd8b52f8269e0feb286dfeef29f8fe4d5b397e0b"
+
+[[projects]]
+  branch = "master"
+  name = "layeh.com/gopher-json"
+  packages = ["."]
+  revision = "c128cc74278be889c4381681712931976fe0d88b"
+
+[[projects]]
+  branch = "master"
+  name = "layeh.com/gopher-luar"
+  packages = ["."]
+  revision = "80196fe2abc5682963fc7a5261f5a5d77509938b"

vendor/github.com/Xe/eclier/Gopkg.toml

@@ -0,0 +1,72 @@
+
+[[dependencies]]
+  branch = "master"
+  name = "github.com/Xe/x"
+
+[[dependencies]]
+  branch = "master"
+  name = "github.com/ailncode/gluaxmlpath"
+
+[[dependencies]]
+  branch = "master"
+  name = "github.com/cjoudrey/gluahttp"
+
+[[dependencies]]
+  branch = "master"
+  name = "github.com/cjoudrey/gluaurl"
+
+[[dependencies]]
+  branch = "master"
+  name = "github.com/dickeyxxx/netrc"
+
+[[dependencies]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluaenv"
+
+[[dependencies]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluafs"
+
+[[dependencies]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluaquestion"
+
+[[dependencies]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluassh"
+
+[[dependencies]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluatemplate"
+
+[[dependencies]]
+  branch = "master"
+  name = "github.com/kohkimakimoto/gluayaml"
+
+[[dependencies]]
+  branch = "master"
+  name = "github.com/olekukonko/tablewriter"
+
+[[dependencies]]
+  branch = "master"
+  name = "github.com/otm/gluaflag"
+
+[[dependencies]]
+  branch = "master"
+  name = "github.com/otm/gluash"
+
+[[dependencies]]
+  branch = "master"
+  name = "github.com/yuin/gluare"
+
+[[dependencies]]
+  branch = "master"
+  name = "github.com/yuin/gopher-lua"
+
+[[dependencies]]
+  branch = "master"
+  name = "layeh.com/gopher-json"
+
+[[dependencies]]
+  branch = "master"
+  name = "layeh.com/gopher-luar"

vendor/github.com/Xe/eclier/LICENSE

@@ -0,0 +1,121 @@
+Creative Commons Legal Code
+
+CC0 1.0 Universal
+
+    CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
+    LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
+    ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
+    INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
+    REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
+    PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
+    THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
+    HEREUNDER.
+
+Statement of Purpose
+
+The laws of most jurisdictions throughout the world automatically confer
+exclusive Copyright and Related Rights (defined below) upon the creator
+and subsequent owner(s) (each and all, an "owner") of an original work of
+authorship and/or a database (each, a "Work").
+
+Certain owners wish to permanently relinquish those rights to a Work for
+the purpose of contributing to a commons of creative, cultural and
+scientific works ("Commons") that the public can reliably and without fear
+of later claims of infringement build upon, modify, incorporate in other
+works, reuse and redistribute as freely as possible in any form whatsoever
+and for any purposes, including without limitation commercial purposes.
+These owners may contribute to the Commons to promote the ideal of a free
+culture and the further production of creative, cultural and scientific
+works, or to gain reputation or greater distribution for their Work in
+part through the use and efforts of others.
+
+For these and/or other purposes and motivations, and without any
+expectation of additional consideration or compensation, the person
+associating CC0 with a Work (the "Affirmer"), to the extent that he or she
+is an owner of Copyright and Related Rights in the Work, voluntarily
+elects to apply CC0 to the Work and publicly distribute the Work under its
+terms, with knowledge of his or her Copyright and Related Rights in the
+Work and the meaning and intended legal effect of CC0 on those rights.
+
+1. Copyright and Related Rights. A Work made available under CC0 may be
+protected by copyright and related or neighboring rights ("Copyright and
+Related Rights"). Copyright and Related Rights include, but are not
+limited to, the following:
+
+  i. the right to reproduce, adapt, distribute, perform, display,
+     communicate, and translate a Work;
+ ii. moral rights retained by the original author(s) and/or performer(s);
+iii. publicity and privacy rights pertaining to a person's image or
+     likeness depicted in a Work;
+ iv. rights protecting against unfair competition in regards to a Work,
+     subject to the limitations in paragraph 4(a), below;
+  v. rights protecting the extraction, dissemination, use and reuse of data
+     in a Work;
+ vi. database rights (such as those arising under Directive 96/9/EC of the
+     European Parliament and of the Council of 11 March 1996 on the legal
+     protection of databases, and under any national implementation
+     thereof, including any amended or successor version of such
+     directive); and
+vii. other similar, equivalent or corresponding rights throughout the
+     world based on applicable law or treaty, and any national
+     implementations thereof.
+
+2. Waiver. To the greatest extent permitted by, but not in contravention
+of, applicable law, Affirmer hereby overtly, fully, permanently,
+irrevocably and unconditionally waives, abandons, and surrenders all of
+Affirmer's Copyright and Related Rights and associated claims and causes
+of action, whether now known or unknown (including existing as well as
+future claims and causes of action), in the Work (i) in all territories
+worldwide, (ii) for the maximum duration provided by applicable law or
+treaty (including future time extensions), (iii) in any current or future
+medium and for any number of copies, and (iv) for any purpose whatsoever,
+including without limitation commercial, advertising or promotional
+purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
+member of the public at large and to the detriment of Affirmer's heirs and
+successors, fully intending that such Waiver shall not be subject to
+revocation, rescission, cancellation, termination, or any other legal or
+equitable action to disrupt the quiet enjoyment of the Work by the public
+as contemplated by Affirmer's express Statement of Purpose.
+
+3. Public License Fallback. Should any part of the Waiver for any reason
+be judged legally invalid or ineffective under applicable law, then the
+Waiver shall be preserved to the maximum extent permitted taking into
+account Affirmer's express Statement of Purpose. In addition, to the
+extent the Waiver is so judged Affirmer hereby grants to each affected
+person a royalty-free, non transferable, non sublicensable, non exclusive,
+irrevocable and unconditional license to exercise Affirmer's Copyright and
+Related Rights in the Work (i) in all territories worldwide, (ii) for the
+maximum duration provided by applicable law or treaty (including future
+time extensions), (iii) in any current or future medium and for any number
+of copies, and (iv) for any purpose whatsoever, including without
+limitation commercial, advertising or promotional purposes (the
+"License"). The License shall be deemed effective as of the date CC0 was
+applied by Affirmer to the Work. Should any part of the License for any
+reason be judged legally invalid or ineffective under applicable law, such
+partial invalidity or ineffectiveness shall not invalidate the remainder
+of the License, and in such case Affirmer hereby affirms that he or she
+will not (i) exercise any of his or her remaining Copyright and Related
+Rights in the Work or (ii) assert any associated claims and causes of
+action with respect to the Work, in either case contrary to Affirmer's
+express Statement of Purpose.
+
+4. Limitations and Disclaimers.
+
+ a. No trademark or patent rights held by Affirmer are waived, abandoned,
+    surrendered, licensed or otherwise affected by this document.
+ b. Affirmer offers the Work as-is and makes no representations or
+    warranties of any kind concerning the Work, express, implied,
+    statutory or otherwise, including without limitation warranties of
+    title, merchantability, fitness for a particular purpose, non
+    infringement, or the absence of latent or other defects, accuracy, or
+    the present or absence of errors, whether or not discoverable, all to
+    the greatest extent permissible under applicable law.
+ c. Affirmer disclaims responsibility for clearing rights of other persons
+    that may apply to the Work or any use thereof, including without
+    limitation any person's Copyright and Related Rights in the Work.
+    Further, Affirmer disclaims responsibility for obtaining any necessary
+    consents, permissions or other rights required for any use of the
+    Work.
+ d. Affirmer understands and acknowledges that Creative Commons is not a
+    party to this document and has no duty or obligation with respect to
+    this CC0 or use of the Work.

vendor/github.com/Xe/eclier/README.md

@@ -0,0 +1,38 @@
+# eclier
+
+Pronounced like eclair
+
+The core of a command line application allowing for trivial user extension.
+
+Every command and subcommand is its own `.lua` file that is either shipped as
+part of the built-in cartridge of commands or a plugin that the user installs.
+
+The core contains the following:
+
+- A module loading system for preparing different commands for use
+- The core subcommand router
+
+## How to write plugins
+
+Create a new file in the script home named after the plugin subcommand, for
+example: `scripts/hello.lua`:
+
+```lua
+script.verb = "hello"
+script.help = "prints everyone's favorite hello world message"
+script.author = "Xe" -- put your github username here
+script.version = "1.0"
+script.usage = ""
+
+function(run) 
+  print "Hello, world!"
+end
+```
+
+And then run it using the example shell cli:
+
+```console
+~/go/src/github.com/Xe/eclier:master λ go run ./example/main.go hello
+Hello, world!
+```
+

vendor/github.com/Xe/eclier/builtin.go

@@ -0,0 +1,119 @@
+package eclier
+
+import (
+	"context"
+	"flag"
+	"os"
+
+	"github.com/olekukonko/tablewriter"
+)
+
+// Constants for built-in commands.
+const (
+	BuiltinScriptPath = "<built-in>"
+	BuiltinAuthor     = "<built-in>"
+	BuiltinVersion    = "<built-in>"
+)
+
+type pluginCommand struct {
+	r  *Router
+	fs *flag.FlagSet
+
+	dontShowBuiltin *bool
+}
+
+// Close is a no-op.
+func (p *pluginCommand) Close() error { return nil }
+
+// Init sets up the flags for this command.
+func (p *pluginCommand) Init() {
+	p.fs = flag.NewFlagSet(p.Verb(), flag.ExitOnError)
+
+	p.dontShowBuiltin = p.fs.Bool("no-builtin", false, "if set, don't show built-in commands")
+}
+
+// ScriptPath returns the built-in script path.
+func (p *pluginCommand) ScriptPath() string { return BuiltinScriptPath }
+
+// Verb returns the command verb.
+func (p *pluginCommand) Verb() string { return "plugins" }
+
+// Help returns the command help
+func (p *pluginCommand) Help() string {
+	return `plugin lists all of the loaded commands and their script paths.`
+}
+
+func (p *pluginCommand) Usage() string {
+	return `  -no-builtin 
+    	if set, don't show built-in commands`
+}
+
+func (p *pluginCommand) Author() string { return BuiltinAuthor }
+
+func (p *pluginCommand) Version() string { return BuiltinVersion }
+
+// Run executes the command.
+func (p *pluginCommand) Run(ctx context.Context, arg []string) error {
+	p.fs.Parse(arg)
+
+	table := tablewriter.NewWriter(os.Stdout)
+	table.SetHeader([]string{"Verb", "Path"})
+
+	for _, c := range p.r.cmds {
+		if c.ScriptPath() == BuiltinScriptPath && *p.dontShowBuiltin {
+			continue
+		}
+
+		table.Append([]string{c.Verb(), c.ScriptPath()})
+	}
+
+	table.Render()
+	return nil
+}
+
+// NewBuiltinCommand makes it easier to write core commands for eclier.
+func NewBuiltinCommand(verb, help, usage string, doer func(context.Context, []string) error) Command {
+	return &commandFunc{
+		verb:  verb,
+		help:  help,
+		usage: usage,
+		doer:  doer,
+	}
+}
+
+// commandFunc is a simple alias for creating builtin commands.
+type commandFunc struct {
+	verb  string
+	help  string
+	usage string
+	doer  func(context.Context, []string) error
+}
+
+// Close deallocates resources set up by the initialization of the command.
+func (c *commandFunc) Close() error { return nil }
+
+// Init is a no-op.
+func (c *commandFunc) Init() {}
+
+// ScriptPath returns the built-in script path.
+func (c *commandFunc) ScriptPath() string { return BuiltinScriptPath }
+
+// Verb returns the command verb.
+func (c *commandFunc) Verb() string { return c.verb }
+
+// Help returns the command help.
+func (c *commandFunc) Help() string { return c.help }
+
+// Usage returns the command usage.
+func (c *commandFunc) Usage() string { return c.usage }
+
+// Author returns the built-in author.
+func (c *commandFunc) Author() string { return BuiltinAuthor }
+
+// Version returns the built-in version.
+func (c *commandFunc) Version() string { return BuiltinVersion }
+
+// Run runs the command handler.
+func (c *commandFunc) Run(ctx context.Context, arg []string) error {
+	return c.doer(ctx, arg)
+}

vendor/github.com/Xe/eclier/command.go

@@ -0,0 +1,18 @@
+package eclier
+
+import (
+	"context"
+)
+
+// Command is an individual subcommand.
+type Command interface {
+	Close() error
+	Init()
+	ScriptPath() string
+	Verb() string
+	Help() string
+	Usage() string
+	Author() string
+	Version() string
+	Run(ctx context.Context, arg []string) error
+}

vendor/github.com/Xe/eclier/config.ld

@@ -0,0 +1,8 @@
+file = {
+     "./internal/gluanetrc/netrc.lua",
+     "./internal/gluaheroku/heroku.lua",
+}
+
+title = "eclier lua libraries"
+project = "eclier"
+description = "The lua libraries created for eclier demos and common utility."

vendor/github.com/Xe/eclier/router.go

@@ -0,0 +1,214 @@
+package eclier
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
+	"sync"
+
+	"github.com/olekukonko/tablewriter"
+	lua "github.com/yuin/gopher-lua"
+	"layeh.com/asar"
+)
+
+// Router is the main subcommand router for eclier. At a high level what this is
+// doing is similar to http.ServeMux, but for CLI commands instead of HTTP handlers.
+type Router struct {
+	lock sync.Mutex
+	cmds map[string]Command
+
+	// configured data
+	gluaCreationHook func(*lua.LState)
+	scriptHomes      []string
+	cartridge        map[string]string
+}
+
+// NewRouter creates a new instance of Router and sets it up for use.
+func NewRouter(opts ...RouterOption) (*Router, error) {
+	r := &Router{
+		cmds:      map[string]Command{},
+		cartridge: map[string]string{},
+	}
+
+	for _, opt := range opts {
+		opt(r)
+	}
+
+	// scan r.scriptHome for lua scripts, load them into their own lua states and
+	// make a wrapper around them for the Command type.
+
+	for _, home := range r.scriptHomes {
+		err := filepath.Walk(home, func(path string, info os.FileInfo, err error) error {
+			if err != nil {
+				log.Printf("error in arg: %v", err)
+				return err
+			}
+
+			if strings.HasSuffix(info.Name(), ".lua") {
+				fname := filepath.Join(home, info.Name())
+				fin, err := os.Open(fname)
+				if err != nil {
+					return err
+				}
+				defer fin.Close()
+
+				c := newGluaCommand(r.gluaCreationHook, fname, fin)
+				r.cmds[c.Verb()] = c
+			}
+
+			return nil
+		})
+
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	var helpCommand Command = NewBuiltinCommand("help", "shows help for subcommands", "help [subcommand]", func(ctx context.Context, arg []string) error {
+		if len(arg) == 0 {
+			table := tablewriter.NewWriter(os.Stdout)
+			table.SetHeader([]string{"Verb", "Author", "Version", "Help"})
+
+			for _, cmd := range r.cmds {
+				table.Append([]string{cmd.Verb(), cmd.Author(), cmd.Version(), cmd.Help()})
+			}
+
+			table.Render()
+			return nil
+		}
+
+		cmd, ok := r.cmds[arg[0]]
+		if !ok {
+			fmt.Printf("can't find help for %s", arg[0])
+			os.Exit(2)
+		}
+
+		fmt.Printf("Verb: %s\nAuthor: %s\nVersion: %s\nHelp: %s\nUsage: %s %s\n", cmd.Verb(), cmd.Author(), cmd.Version(), cmd.Help(), cmd.Verb(), cmd.Usage())
+		return nil
+	})
+
+	r.cmds["plugins"] = &pluginCommand{r: r}
+	r.cmds["help"] = helpCommand
+
+	return r, nil
+}
+
+// AddCommand adds a given command instance to the eclier router.
+func (r *Router) AddCommand(cmd Command) {
+	r.lock.Lock()
+	defer r.lock.Unlock()
+
+	r.cmds[cmd.Verb()] = cmd
+}
+
+// Run executes a single command given in slot 0 of the argument array.
+func (r *Router) Run(ctx context.Context, arg []string) error {
+	r.lock.Lock()
+	defer r.lock.Unlock()
+
+	if len(arg) == 0 {
+		fmt.Printf("please specify a subcommand, such as `%s help`\n", filepath.Base(os.Args[0]))
+		os.Exit(2)
+	}
+
+	cmd := arg[0]
+	arg = arg[1:]
+
+	ci, ok := r.cmds[cmd]
+	if !ok {
+		fmt.Printf("No such command %s could be run.\n", cmd)
+		os.Exit(2)
+	}
+
+	ci.Init()
+	return ci.Run(ctx, arg)
+}
+
+// RouterOption is a functional option for Router.
+type RouterOption func(*Router)
+
+// WithScriptHome sets the router's script home to the given directory. This is
+// where lua files will be walked and parsed.
+func WithScriptHome(dir string) RouterOption {
+	return func(r *Router) {
+		r.scriptHomes = append(r.scriptHomes, dir)
+	}
+}
+
+// WithGluaCreationHook adds a custom bit of code that runs every time a new
+// gopher-lua LState is created. This allows users of this library to register
+// custom libraries to the pile of states.
+func WithGluaCreationHook(hook func(*lua.LState)) RouterOption {
+	return func(r *Router) {
+		r.gluaCreationHook = hook
+	}
+}
+
+// WithFilesystem loads a http.FileSystem full of lua scripts into this eclier
+// router.
+func WithFilesystem(shortName string, fs http.FileSystem) RouterOption {
+	return func(r *Router) {
+		fin, err := fs.Open("/")
+		if err != nil {
+			log.Fatal(err)
+		}
+		defer fin.Close()
+
+		childs, err := fin.Readdir(-1)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		for _, chl := range childs {
+			if strings.HasSuffix(chl.Name(), ".lua") {
+				fname := filepath.Join(shortName, chl.Name())
+				sFin, err := fs.Open(chl.Name())
+				if err != nil {
+					log.Fatal(err)
+				}
+				defer sFin.Close()
+
+				c := newGluaCommand(r.gluaCreationHook, fname, sFin)
+				r.cmds[c.Verb()] = c
+			}
+		}
+	}
+}
+
+// WithAsarFile loads an asar file full of lua scripts into this eclier router.
+func WithAsarFile(shortName, fname string) RouterOption {
+	return func(r *Router) {
+		fin, err := os.Open(fname)
+		if err != nil {
+			log.Fatal(err)
+		}
+		defer fin.Close()
+
+		e, err := asar.Decode(fin)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		err = e.Walk(func(path string, info os.FileInfo, err error) error {
+			if strings.HasSuffix(info.Name(), ".lua") {
+				fname := filepath.Join(shortName, "::", path)
+				fin := e.Find(path)
+				if fin == nil {
+					return nil
+				}
+
+				c := newGluaCommand(r.gluaCreationHook, fname, fin.Open())
+				r.cmds[c.Verb()] = c
+			}
+
+			return nil
+		})
+		if err != nil {
+			log.Fatal(err)
+		}
+	}
+}

vendor/github.com/Xe/eclier/script.go

@@ -0,0 +1,92 @@
+package eclier
+
+import (
+	"context"
+	"errors"
+	"io"
+	"io/ioutil"
+	"sync"
+
+	lua "github.com/yuin/gopher-lua"
+	luar "layeh.com/gopher-luar"
+)
+
+type Script struct {
+	Verb    string
+	Help    string
+	Usage   string
+	Author  string
+	Version string
+}
+
+type gluaCommand struct {
+	sync.Mutex
+	script *Script
+	L      *lua.LState
+
+	filename string
+}
+
+func newGluaCommand(preload func(*lua.LState), filename string, r io.Reader) Command {
+	L := lua.NewState()
+	preload(L)
+
+	script := &Script{}
+	L.SetGlobal("script", luar.New(L, script))
+
+	data, err := ioutil.ReadAll(r)
+	if err != nil {
+		panic(err)
+	}
+
+	err = L.DoString(string(data))
+	if err != nil {
+		panic(err)
+	}
+
+	return &gluaCommand{script: script, L: L, filename: filename}
+}
+
+func (g *gluaCommand) Close() error {
+	g.L.Close()
+	return nil
+}
+
+func (g *gluaCommand) Init() {}
+
+func (g *gluaCommand) ScriptPath() string { return g.filename }
+
+func (g *gluaCommand) Verb() string { return g.script.Verb }
+
+func (g *gluaCommand) Help() string { return g.script.Help }
+
+func (g *gluaCommand) Usage() string { return g.script.Usage }
+
+func (g *gluaCommand) Author() string { return g.script.Author }
+
+func (g *gluaCommand) Version() string { return g.script.Version }
+
+func (g *gluaCommand) Run(ctx context.Context, arg []string) error {
+	runf := g.L.GetGlobal("run")
+
+	if runf.Type() == lua.LTNil {
+		return errors.New("no global function run in this script")
+	}
+
+	tab := g.L.NewTable()
+
+	for _, a := range arg {
+		tab.Append(lua.LString(a))
+	}
+
+	err := g.L.CallByParam(lua.P{
+		Fn:      runf,
+		NRet:    0,
+		Protect: false,
+	}, tab)
+	if err != nil {
+		panic(err)
+	}
+
+	return nil
+}

vendor/github.com/Xe/gluanetrc/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2017 Christine Dodrill <me@christine.website>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

vendor/github.com/Xe/gluanetrc/config.ld

@@ -0,0 +1,7 @@
+file = {
+     "./netrc.lua",
+}
+
+title = "gluanetrc"
+project = "Xe/gluanetrc"
+description = "netrc offers a simple interface to a user's netrc file in their home directory"

vendor/github.com/Xe/gluanetrc/netrc.go

@@ -0,0 +1,81 @@
+package gluanetrc
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/dickeyxxx/netrc"
+	lua "github.com/yuin/gopher-lua"
+	luar "layeh.com/gopher-luar"
+)
+
+var n *netrc.Netrc
+
+func init() {
+	var err error
+
+	fname := filepath.Join(os.Getenv("HOME"), ".netrc")
+
+	fout, err := os.Create(fname)
+	if err != nil {
+		panic(err)
+	}
+	fout.Close()
+
+	n, err = netrc.Parse(filepath.Join(fname))
+	if err != nil {
+		panic(err)
+	}
+}
+
+var exports = map[string]lua.LGFunction{
+	"machine":        machine,
+	"save":           save,
+	"remove_machine": removeMachine,
+	"add_machine":    addMachine,
+}
+
+func addMachine(L *lua.LState) int {
+	name := L.ToString(1)
+	login := L.ToString(2)
+	password := L.ToString(3)
+
+	n.AddMachine(name, login, password)
+
+	L.Push(luar.New(L, n.Machine(name)))
+	return 1
+}
+
+func removeMachine(L *lua.LState) int {
+	name := L.ToString(1)
+
+	n.RemoveMachine(name)
+
+	return 0
+}
+
+func machine(L *lua.LState) int {
+	name := L.ToString(1)
+
+	m := n.Machine(string(name))
+
+	L.Push(luar.New(L, m))
+	return 1
+}
+
+func save(L *lua.LState) int {
+	n.Save()
+	return 0
+}
+
+// Preload loads netrc into a gopher-lua's LState module registry.
+func Preload(L *lua.LState) {
+	L.PreloadModule("netrc", Loader)
+}
+
+// Loader loads the netrc modules.
+func Loader(L *lua.LState) int {
+	mod := L.SetFuncs(L.NewTable(), exports)
+	L.Push(mod)
+	return 1
+}