DAW/furt
2
0
Fork 0
Code Issues 11 Pull requests Projects Releases 3 Packages 1 Wiki Activity Actions
furt/devdocs/furt_konzept.md
michael 10b795ce13 refactor(architecture): migrate Furt concept from Go to C+Lua for digital sovereignty 
- Replace Go-based architecture with C+Lua hybrid approach
- Eliminate Google-controlled dependencies per tech-reference analysis
- Add master strategy document for 18-24 month migration roadmap
- Define modular architecture with <200 lines per script constraint
- Specify Pure Lua → C+Lua → OpenBSD migration path
- Document SMTP integration for mail.dragons-at-work.de

Files modified:
- devdocs/KONZEPT.md (complete rewrite)
- devdocs/MASTER_STRATEGY.md (new)

Resolves concept phase, enables Week 1 Lua implementation.
2025-06-17 19:30:34 +02:00

673 lines
17 KiB
Markdown
Raw Blame History

# Furt: API-Gateway im Einklang mit digitaler Souveränität
**Erstellt:** 03. Juni 2025
**Letzte Aktualisierung:** 17. Juni 2025
**Version:** 2.0
**Verantwortlich:** DAW-Team
**Dateipfad:** devdocs/KONZEPT.md
## Zweck dieses Dokuments
Dieses Dokument definiert das überarbeitete Konzept für Furt basierend auf der Dragons@Work Tech-Reference und dem Prinzip der maximalen technologischen Souveränität. Das System wird von Go auf C + Lua umgestellt, um Corporate-Capture zu vermeiden.
## Grund für die Überarbeitung
Die ursprüngliche Go-basierte Architektur widerspricht den Prinzipien digitaler Souveränität:
- **Go ist Google-controlled** (Proxy, Module-Summen, Telemetrie)
- **Corporate-Abhängigkeit** durch Go-Ökosystem
- **Nicht im Einklang** mit der Tech-Reference
## 1. Neue Projektvision und Philosophie
Furt (germanisch für "Durchgang durch Wasser") ist ein **selbst-gehostetes API-Gateway-System** basierend auf **C + Lua**, das vollständig im Einklang mit den Prinzipien digitaler Souveränität steht:
### Kernprinzipien
- **C als Basis** - Bewährt seit 50+ Jahren, strukturell uncapturable
- **Lua für Logik** - PUC-Rio University, echte akademische Unabhängigkeit
- **Minimale Dependencies** - Nur GCC + musl, keine Corporate-Libraries
- **Maximale Transparenz** - Jede Zeile Code verstehbar und kontrollierbar
- **Ultra-Low-Tech** - Ressourcenschonend, lange Lebensdauer
### Abgrenzung zu Corporate-Lösungen
- **Keine Cloud-Dependencies**
- **Keine Corporate-Runtimes** (Go, Node.js, etc.)
- **Keine Black-Box-Components**
- **Keine Vendor-Lock-ins**
## 2. Technische Architektur (C + Lua)
### 2.1 Technology-Stack
**Core:**
- **C (GCC + musl)** - Gateway-Kern, HTTP-Server, System-Interface
- **Lua 5.4** - Business-Logic, Konfiguration, Service-Scripts
- **LMDB** - Datenbank (Howard Chu/Symas, keine VC-Dependencies)
- **OpenBSD httpd** - Als Reverse-Proxy (langfristig, Apache-Migration)
**Konfiguration:**
- **Lua-Scripts** statt YAML (native, programmierbar, validierbar)
- **LMDB-Storage** für Konfiguration und State
- **Environment-Variables** nur für Secrets
**Services:**
- **C-Module** mit Lua-Scripten für Business-Logic
- **Minimale HTTP-Implementation** in C
- **Lua-basierte** Request-Handler
### 2.2 Projektstruktur
```
furt/
├── src/
│ ├── core/ # C Core-Implementation
│ │ ├── http_server.c # Minimal HTTP-Server
│ │ ├── router.c # Request-Routing
│ │ ├── proxy.c # Service-Proxy
│ │ ├── auth.c # Authentifizierung
│ │ └── main.c # Entry Point
│ ├── lua/ # Lua-Scripts
│ │ ├── gateway/ # Gateway-Logic
│ │ │ ├── config.lua # Konfigurationsmanagement
│ │ │ ├── middleware.lua # Middleware-Chain
│ │ │ └── services.lua # Service-Registry
│ │ └── services/ # Service-Logic
│ │ ├── formular2mail.lua # Mail-Service
│ │ └── sagjan.lua # Comment-Service
│ └── include/ # C Header-Files
│ ├── furt.h # Main Header
│ ├── http.h # HTTP Definitions
│ └── lua_bridge.h # C ↔ Lua Interface
├── config/ # Konfiguration
│ ├── gateway.lua # Gateway-Konfiguration
│ └── services/ # Service-Configs
│ ├── formular2mail.lua
│ └── sagjan.lua
├── build/ # Build-System
│ ├── Makefile # Haupt-Makefile
│ ├── config.mk # Build-Konfiguration
│ └── deps/ # Dependencies (Lua, LMDB)
├── docs/ # Dokumentation
│ ├── installation.md # Installation
│ ├── configuration.md # Konfiguration
│ └── development.md # Entwicklung
├── scripts/ # Build & Deployment
│ ├── build.sh # Build-Script
│ ├── install.sh # Installation
│ └── service-generator.sh # Service-Generator
├── tests/ # Tests
│ ├── unit/ # Unit-Tests (C)
│ ├── integration/ # Integration-Tests
│ └── lua/ # Lua-Tests
└── examples/ # Beispiele
├── hugo/ # Hugo-Integration
└── configs/ # Beispiel-Konfigurationen
```
### 2.3 C + Lua Integration-Pattern
**C-Kern mit Lua-Logic:**
```c
// src/core/main.c
#include "furt.h"
#include "lua_bridge.h"
int main(int argc, char *argv[]) {
furt_context_t *ctx = furt_init();
// Initialize Lua state
lua_State *L = lua_bridge_init(ctx);
// Load gateway configuration
lua_bridge_load_config(L, "config/gateway.lua");
// Start HTTP server
http_server_start(ctx, L);
return 0;
}
```
**Lua-Service-Logic:**
```lua
-- config/services/formular2mail.lua
local formular2mail = {
name = "formular2mail",
path_prefix = "/v1/mail",
port = 8081,
-- Request-Handler
handle_request = function(request)
if request.method ~= "POST" then
return { status = 405, body = "Method not allowed" }
end
local data = json.decode(request.body)
if not validate_mail_data(data) then
return { status = 400, body = "Invalid data" }
end
local result = send_mail(data)
return { status = 200, body = json.encode(result) }
end,
-- Health-Check
health_check = function()
return { status = "healthy", timestamp = os.time() }
end
}
return formular2mail
```
## 3. Build-System und Dependencies
### 3.1 Minimale Dependencies
**Required:**
- **GCC** (oder clang, aber nicht MSVC)
- **musl libc** (vermeidet glibc-Komplexität)
- **Lua 5.4** (als Source eingebunden, nicht als Package)
- **LMDB** (als Source eingebunden)
**Optional:**
- **Valgrind** für Memory-Debugging
- **strace** für System-Call-Debugging
### 3.2 Build-Process
```makefile
# build/Makefile
CC = gcc
CFLAGS = -std=c99 -Wall -Wextra -O2 -DLUA_USE_POSIX
LDFLAGS = -lm -ldl
# Dependencies
LUA_DIR = deps/lua-5.4.6
LMDB_DIR = deps/lmdb
SOURCES = src/core/*.c $(LUA_DIR)/src/*.c $(LMDB_DIR)/*.c
TARGET = bin/furt-gateway
all: $(TARGET)
$(TARGET): $(SOURCES)
$(CC) $(CFLAGS) -I$(LUA_DIR)/src -I$(LMDB_DIR) \
$(SOURCES) -o $(TARGET) $(LDFLAGS)
clean:
rm -f $(TARGET)
install: $(TARGET)
cp $(TARGET) /usr/local/bin/
cp -r config/ /etc/furt/
cp -r src/lua/ /usr/local/share/furt/
.PHONY: all clean install
```
### 3.3 Dependency-Management
**Statically Linked:**
- Lua-Source direkt eingebunden
- LMDB-Source direkt eingebunden
- Keine Package-Manager-Dependencies
**Why Static Linking:**
- Vermeidet Library-Version-Konflikte
- Reduziert Runtime-Dependencies
- Maximale Kontrolle über Code-Path
## 4. Service-Entwicklung-Pattern
### 4.1 Service als C-Module + Lua-Script
**Service-Interface in C:**
```c
// src/core/service.h
typedef struct {
char *name;
char *path_prefix;
int port;
lua_State *lua_state;
} furt_service_t;
// Service-Lifecycle
int service_init(furt_service_t *service, const char *config_path);
int service_handle_request(furt_service_t *service, http_request_t *req, http_response_t *res);
int service_health_check(furt_service_t *service);
void service_cleanup(furt_service_t *service);
```
**Service-Logic in Lua:**
```lua
-- src/lua/services/base.lua
local base_service = {
-- Standard Request-Verarbeitung
process_request = function(self, request)
-- Input-Validation
if not self:validate_input(request) then
return self:error_response(400, "Invalid input")
end
-- Business-Logic
local result = self:handle_business_logic(request)
-- Response-Formatting
return self:format_response(result)
end,
-- Standard Error-Handling
error_response = function(self, status, message)
return {
status = status,
headers = { ["Content-Type"] = "application/json" },
body = json.encode({ error = message })
}
end
}
return base_service
```
### 4.2 Service-Generator (Shell + Lua)
```bash
#!/bin/bash
# scripts/service-generator.sh
SERVICE_NAME=$1
if [ -z "$SERVICE_NAME" ]; then
echo "Usage: $0 <service_name>"
exit 1
fi
# Create service Lua file
cat > "src/lua/services/${SERVICE_NAME}.lua" << EOF
local base = require("services.base")
local ${SERVICE_NAME} = {}
setmetatable(${SERVICE_NAME}, { __index = base })
function ${SERVICE_NAME}:handle_business_logic(request)
-- TODO: Implement ${SERVICE_NAME} logic
return { message = "Hello from ${SERVICE_NAME}" }
end
function ${SERVICE_NAME}:validate_input(request)
-- TODO: Implement validation
return true
end
return ${SERVICE_NAME}
EOF
# Create config file
cat > "config/services/${SERVICE_NAME}.lua" << EOF
return {
name = "${SERVICE_NAME}",
path_prefix = "/v1/${SERVICE_NAME}",
port = 808X, -- TODO: Set port
enabled = true,
-- Service-specific config
config = {
-- TODO: Add service configuration
}
}
EOF
echo "Created service: ${SERVICE_NAME}"
```
## 5. Konfigurationsmanagement (Lua-basiert)
### 5.1 Lua-Konfiguration statt YAML
**Gateway-Konfiguration:**
```lua
-- config/gateway.lua
return {
server = {
host = "127.0.0.1",
port = 8080,
max_connections = 1000,
request_timeout = 30
},
security = {
api_keys = {
{
key = os.getenv("HUGO_API_KEY"),
name = "hugo-frontend",
permissions = { "mail:send", "comments:read" },
allowed_ips = { "127.0.0.1", "10.0.0.0/8" }
}
}
},
services = {
require("services.formular2mail"),
require("services.sagjan")
},
logging = {
level = "info",
file = "/var/log/furt/gateway.log"
}
}
```
**Vorteile Lua-Config:**
- **Native Programmierbarkeit** (Loops, Conditions, Functions)
- **Environment-Variable-Access** direkt in Config
- **Validation** durch Lua-Logic möglich
- **Kommentare und Dokumentation** integriert
- **Modularität** durch require()
### 5.2 Config-Validation
```lua
-- src/lua/gateway/config_validator.lua
local validator = {}
function validator.validate_gateway_config(config)
assert(config.server, "server config required")
assert(config.server.port, "server.port required")
assert(type(config.server.port) == "number", "server.port must be number")
for _, service in ipairs(config.services) do
validator.validate_service_config(service)
end
return true
end
function validator.validate_service_config(service)
assert(service.name, "service.name required")
assert(service.path_prefix, "service.path_prefix required")
assert(service.port, "service.port required")
return true
end
return validator
```
## 6. Authentifizierung und Sicherheit
### 6.1 C-basierte Auth-Implementation
```c
// src/core/auth.c
#include "auth.h"
#include <string.h>
typedef struct {
char key[64];
char name[32];
char **permissions;
char **allowed_ips;
} api_key_t;
int auth_validate_api_key(const char *key, const char *client_ip) {
// Load API keys from Lua config
// Validate key and IP
// Return permissions mask
}
int auth_check_permission(int permissions_mask, const char *permission) {
// Check if permission is allowed
}
```
### 6.2 IP-Allowlisting in C
```c
// src/core/ip_filter.c
#include <arpa/inet.h>
int ip_is_allowed(const char *client_ip, char **allowed_ips) {
for (int i = 0; allowed_ips[i] != NULL; i++) {
if (ip_matches_cidr(client_ip, allowed_ips[i])) {
return 1;
}
}
return 0;
}
int ip_matches_cidr(const char *ip, const char *cidr) {
// CIDR matching implementation
}
```
## 7. Performance und Ressourcen
### 7.1 Memory-Management
**C-Memory-Management:**
- **Stack-Allocation** wo möglich
- **Explicit malloc/free** für dynamische Allocations
- **Memory-Pools** für häufige Allocations
- **Valgrind-Testing** mandatory
**Lua-Integration:**
- **Lua-GC-Tuning** für Server-Workloads
- **C ↔ Lua** Memory-Boundary klar definiert
- **Lua-State-Isolation** zwischen Services
### 7.2 Performance-Charakteristika
**Erwartete Performance:**
- **Memory:** < 10 MB für Gateway + 3 Services
- **CPU:** < 1% bei 100 req/s
- **Startup:** < 100ms Cold-Start
- **Latency:** < 1ms Gateway-Overhead
**vs. Go-Implementation:**
- **10x weniger Memory** (keine GC, kein Runtime)
- **5x weniger CPU** (native Code, keine Abstractions)
- **100x schneller Startup** (kein Runtime-Init)
## 8. Testing-Strategy
### 8.1 C-Code-Testing
```c
// tests/unit/test_auth.c
#include "auth.h"
#include "test_framework.h"
void test_api_key_validation() {
// Setup
auth_init_test_keys();
// Test valid key
assert_true(auth_validate_api_key("valid-key", "127.0.0.1"));
// Test invalid key
assert_false(auth_validate_api_key("invalid-key", "127.0.0.1"));
// Test IP restriction
assert_false(auth_validate_api_key("valid-key", "192.168.1.1"));
}
```
### 8.2 Lua-Logic-Testing
```lua
-- tests/lua/test_services.lua
local service = require("services.formular2mail")
function test_mail_service_validation()
local request = {
method = "POST",
body = '{"name":"Test","email":"test@example.com","message":"Test"}'
}
local response = service:process_request(request)
assert(response.status == 200)
end
```
### 8.3 Integration-Testing
```bash
#!/bin/bash
# tests/integration/test_gateway.sh
# Start test gateway
./bin/furt-gateway &
GATEWAY_PID=$!
# Test API endpoint
curl -X POST http://localhost:8080/v1/mail/send \
-H "X-API-Key: test-key" \
-d '{"name":"Test","email":"test@example.com","message":"Test"}'
# Cleanup
kill $GATEWAY_PID
```
## 9. Deployment und Installation
### 9.1 Native Installation (Single Binary)
```bash
# Build from source
git clone https://gitea.dragons-at-work.de/DAW/furt.git
cd furt
make clean all
# Install
sudo make install
# Configure
sudo cp examples/configs/* /etc/furt/
# Start
sudo systemctl enable furt-gateway
sudo systemctl start furt-gateway
```
### 9.2 Systemd-Integration
```ini
# /etc/systemd/system/furt-gateway.service
[Unit]
Description=Furt API Gateway
After=network.target
[Service]
Type=simple
User=furt
Group=furt
ExecStart=/usr/local/bin/furt-gateway
Restart=always
RestartSec=5
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
```
### 9.3 OpenBSD-Integration (langfristig)
```bash
# /etc/rc.d/furt_gateway
#!/bin/ksh
daemon="/usr/local/bin/furt-gateway"
daemon_user="_furt"
. /etc/rc.d/rc.subr
rc_cmd $1
```
## 10. Migration von Go zu C + Lua
### 10.1 Migration-Strategy
**Phase 1: C-Grundgerüst**
- HTTP-Server in C implementieren
- Basis-Routing implementieren
- Lua-Integration testen
**Phase 2: Service-Migration**
- Formular2Mail-Service als Lua-Script
- Auth-System in C + Lua
- Tests migrieren
**Phase 3: Feature-Parität**
- Alle Go-Features in C + Lua
- Performance-Optimierung
- Dokumentation-Update
**Phase 4: Deployment**
- Production-Deployment
- Go-Version deprecaten
- Community-Feedback integrieren
### 10.2 Kompatibilität
**API-Compatibility:**
- Gleiche HTTP-APIs wie Go-Version
- Gleiche Konfiguration-Semantik (aber Lua statt YAML)
- Gleiche Integration mit Hugo-Shortcodes
**Migration-Pfad:**
- Side-by-Side-Deployment möglich
- Graduelle Service-Migration
- Zero-Downtime-Umstellung
## 11. Langfristige Vision
### 11.1 Souveräne Technologie-Stack
**Complete Independence:**
- **Compiler:** GCC (GNU, nicht Corporate)
- **Libc:** musl (minimal, secure)
- **Database:** LMDB (academic, proven)
- **Scripting:** Lua (university-backed)
- **HTTP-Server:** Eigene Implementation (< 1000 Zeilen C)
### 11.2 Community und Open Source
**Authentic Open Source:**
- Apache 2.0 License
- Keine Corporate-Contributors
- Community-driven Development
- Educational Documentation
**Biocodie-Integration:**
- Furt als Referenz-Implementation für "Organische Software"
- Minimale Komplexität, maximale Transparenz
- Natürliche Wachstums-Pattern
## 12. Nächste Schritte
### 12.1 Unmittelbare Implementierung
1. **C-HTTP-Server** - Minimal-Implementation (< 500 Zeilen)
2. **Lua-Integration** - C Lua Bridge etablieren
3. **Build-System** - Makefile-basiertes Build
4. **Basic-Routing** - Request-Routing in C + Lua
### 12.2 Service-Implementation
1. **Formular2Mail** als erstes Lua-Service
2. **Authentication** in C mit Lua-Config
3. **Hugo-Integration** - Shortcodes adaptieren
4. **Testing-Framework** - C + Lua Tests
### 12.3 Production-Readiness
1. **Performance-Tuning** - Memory, CPU optimieren
2. **Security-Hardening** - Input-Validation, Memory-Safety
3. **Documentation** - Installation, Configuration, Development
4. **Deployment-Automation** - Scripts für Production
---
**Diese überarbeitete Architektur entspricht vollständig der Dragons@Work Tech-Reference und ermöglicht echte digitale Souveränität durch Corporate-freie Technologien.**
Reference in a new issue View git blame Copy permalink