M1 foundation: fix proxy, pool HTTP clients, split services, add ApiError + RLS

- Fix proxy body forwarding, round-robin load balancing, response streaming - Pool reqwest::Client in proxy, control, and gateway (no per-request alloc) - Harden CORS in gateway/main.rs (was allow_origin(Any), now uses ALLOWED_ORIGINS) - Add common/src/error.rs: ApiError type with structured JSON responses - Add common/src/rls.rs: RlsTransaction extractor for deduplicated RLS setup - Fix tracing in all standalone binaries (EnvFilter instead of unused var) - Dockerfile multi-stage: separate worker-runtime, control-runtime, proxy-runtime targets - docker-compose.yml: split into worker/system/proxy services with health checks - Fix Grafana port mapping in pillar-system (3030:3000) - Add config/prometheus.yml and config/vmagent.yml - Add .env.example with all required variables - 55 tests pass (49 run + 6 ignored integration tests requiring external services) Made-with: Cursor
2026-03-15 13:38:49 +02:00
parent 780e8b1c43
commit 0179cc285d
34 changed files with 1032 additions and 504 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1060,7 +1060,7 @@ dependencies = [
 name = "common"
 version = "0.1.0"
 dependencies = [
- "anyhow",
+ "axum",
 "chrono",
 "config",
 "dotenvy",
@@ -2080,6 +2080,7 @@ name = "functions"
 version = "0.1.0"
 dependencies = [
 "anyhow",
+ "auth",
 "axum",
 "base64 0.22.1",
 "chrono",
@@ -2238,10 +2239,12 @@ dependencies = [
 "data_api",
 "dotenvy",
 "functions",
+ "futures",
+ "lazy_static",
 "moka",
 "realtime",
 "redis",
- "reqwest 0.11.27",
+ "reqwest 0.12.28",
 "serde",
 "serde_json",
 "sqlx",
@@ -2686,15 +2689,18 @@ dependencies = [

 [[package]]
 name = "hyper-tls"
-version = "0.5.0"
+version = "0.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905"
+checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0"
 dependencies = [
 "bytes",
- "hyper 0.14.32",
+ "http-body-util",
+ "hyper 1.8.1",
+ "hyper-util",
 "native-tls",
 "tokio",
 "tokio-native-tls",
+ "tower-service",
 ]

 [[package]]
@@ -4495,12 +4501,10 @@ dependencies = [
 "http-body 0.4.6",
 "hyper 0.14.32",
 "hyper-rustls 0.24.2",
- "hyper-tls",
 "ipnet",
 "js-sys",
 "log",
 "mime",
- "native-tls",
 "once_cell",
 "percent-encoding",
 "pin-project-lite",
@@ -4512,7 +4516,6 @@ dependencies = [
 "sync_wrapper 0.1.2",
 "system-configuration 0.5.1",
 "tokio",
- "tokio-native-tls",
 "tokio-rustls 0.24.1",
 "tower-service",
 "url",
@@ -4531,15 +4534,21 @@ checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147"
 dependencies = [
 "base64 0.22.1",
 "bytes",
+ "encoding_rs",
 "futures-core",
+ "futures-util",
+ "h2 0.4.13",
 "http 1.4.0",
 "http-body 1.0.1",
 "http-body-util",
 "hyper 1.8.1",
 "hyper-rustls 0.27.7",
+ "hyper-tls",
 "hyper-util",
 "js-sys",
 "log",
+ "mime",
+ "native-tls",
 "percent-encoding",
 "pin-project-lite",
 "quinn",
@@ -4550,13 +4559,16 @@ dependencies = [
 "serde_urlencoded",
 "sync_wrapper 1.0.2",
 "tokio",
+ "tokio-native-tls",
 "tokio-rustls 0.26.4",
+ "tokio-util",
 "tower 0.5.3",
 "tower-http 0.6.8",
 "tower-service",
 "url",
 "wasm-bindgen",
 "wasm-bindgen-futures",
+ "wasm-streams",
 "web-sys",
 "webpki-roots 1.0.6",
 ]
@@ -5559,6 +5571,7 @@ name = "storage"
 version = "0.1.0"
 dependencies = [
 "anyhow",
+ "async-trait",
 "auth",
 "aws-config",
 "aws-sdk-s3",
@@ -6590,6 +6603,19 @@ dependencies = [
 "wasmparser 0.244.0",
 ]

+[[package]]
+name = "wasm-streams"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "15053d8d85c7eccdbefef60f06769760a563c7f0a9d6902a13d35c7800b0ad65"
+dependencies = [
+ "futures-util",
+ "js-sys",
+ "wasm-bindgen",
+ "wasm-bindgen-futures",
+ "web-sys",
+]
+
 [[package]]
 name = "wasmparser"
 version = "0.121.2"