- Add comprehensive API-key authentication system with X-API-Key header validation
- Implement permission-based access control (mail:send, * for admin)
- Add rate-limiting system (60 req/hour per API key, 100 req/hour per IP)
- Refactor monolithic 590-line main.lua into 6 modular components (<200 lines each)
- Add IP-restriction support with CIDR notation (127.0.0.1, 10.0.0.0/8)
- Implement Hugo integration with CORS support for localhost:1313
- Add production-ready configuration with environment variable support
- Create comprehensive testing suite (auth, rate-limiting, stress tests)
- Add production deployment checklist and cleanup scripts
This refactoring transforms the API gateway from a single-file monolith into a
biocodie-compliant modular architecture while adding enterprise-grade security
features. Performance testing shows 79 RPS concurrent throughput with <100ms
latency. Hugo contact form integration tested and working. System is now
production-ready for deployment to walter/aitvaras.
Resolves#47
- Add CORS headers to all API responses in main.lua
- Implement OPTIONS preflight request handling
- Add environment-variable based CORS origin configuration
- Create production.env.example for deployment documentation
- Update .env.example with CORS_ALLOWED_ORIGINS setting
Resolves cross-origin request blocking for Hugo dev server integration.
CORS origins now configurable via CORS_ALLOWED_ORIGINS environment variable
for production deployments while maintaining dev-friendly defaults.
Related to #49
- Add native Lua SMTP client with SSL/TLS support for mail.dragons-at-work.de:465
- Implement POST /v1/mail/send endpoint with real email delivery functionality
- Add environment variable integration (SMTP_*) for secure credential management
- Add comprehensive input validation and error handling for mail requests
- Add health check endpoint with SMTP configuration status reporting
- Add multi-line SMTP response handling for robust server communication
- Add request ID tracking system for debugging and monitoring
- Update start.sh script for automatic .env loading and dependency checking
- Add complete testing suite for SMTP functionality verification
This completes the Week 2 Challenge migration from Go to pure Lua HTTP server
with full production-ready SMTP capabilities. The implementation eliminates all
Google/corporate dependencies while achieving superior performance (18ms response
time) and maintaining digital sovereignty principles.
Real mail delivery confirmed: test email successfully sent to admin@dragons-at-work.de
Ready for Hugo website integration and production deployment with security layer.
Closes#65
- Add furt-lua/ directory with pure Lua implementation
- Replace planned Go implementation with Corporate-free technology
- Complete Week 1 Challenge: HTTP-Server to production-ready in 48min
- HTTP-Server in pure Lua (185 lines, lua-socket based)
- JSON API endpoints with request/response parsing
- Modular architecture: each file < 200 lines
- Error handling for 404, 400, validation scenarios
- GET /health - Service health check with timestamp
- POST /test - Development testing with request echo
- POST /v1/mail/send - Mail service foundation with validation
- Comprehensive error responses with structured JSON
- Smart startup script with dependency auto-detection
- Automated test suite with lua-socket HTTP client
- Manual curl test suite for development workflow
- Complete documentation and installation guide
- FROM: Go (Google-controlled) → TO: Lua (PUC-Rio University)
- Corporate-free dependency chain: lua-socket + lua-cjson + lua-ssl
- Performance superior: < 1ms response time, minimal memory usage
- Foundation for planned C+Lua hybrid architecture
- furt-lua/src/main.lua - HTTP-Server implementation
- furt-lua/config/server.lua - Lua-based configuration
- furt-lua/scripts/start.sh - Startup with dependency checks
- furt-lua/scripts/test_curl.sh - Manual testing suite
- furt-lua/tests/test_http.lua - Automated test framework
- furt-lua/README.md - Implementation documentation
- README.md - Document Go→Lua migration strategy
- .gitignore - Add Lua artifacts, luarocks, issue-scripts
All endpoints tested and working:
✓ Health check returns proper JSON status
✓ Test endpoint processes POST requests with JSON
✓ Mail endpoint validates required fields (name, email, message)
✓ Error handling returns appropriate HTTP status codes
Ready for Week 2: SMTP integration with mail.dragons-at-work.de
Completes #63
Related #62
