GitBucket
|
|
|||
|---|---|---|---|
| .agent/ skills | 29 days ago | ||
| .github/ workflows | 29 days ago | ||
| app | 29 days ago | ||
| scripts | 29 days ago | ||
| .gitignore | 29 days ago | ||
| CLIENT_GUIDE.md | 29 days ago | ||
| Dockerfile | 29 days ago | ||
| README.md | 29 days ago | ||
| docker-compose.yml | 29 days ago | ||
| implementation_plan.md | 29 days ago | ||
| local_app.js | 29 days ago | ||
| requirements.txt | 29 days ago | ||
| start.sh | 29 days ago | ||
| stress_node_key.json | 29 days ago | ||
| test_auth_flow.py | 29 days ago | ||
| test_client.py | 29 days ago | ||
| test_nested_upload.py | 29 days ago | ||
| test_revoke.py | 29 days ago | ||
| test_service_account.py | 29 days ago | ||
README.md
Cortex Vault (The Upload Server)
Cortex Vault is a high-performance, self-hosted, and 100% cloud-free data orchestration server. It is designed to receive, organize, and secure data from any Cortex-compatible device or agent, providing a premium administrative dashboard for real-time file management and auditing.
🚀 Key Features
1. Native OIDC Authentication
- Identity-First Security: Support for Google, Okta, and generic OIDC providers via automatic discovery (
/.well-known/openid-configuration). - Dynamic Claim Mapping: Authorize access based on custom JWT claims (e.g., specific email domains or groups).
- Stateful Testing: Built-in OIDC sandbox to verify provider configurations before locking the server.
2. Premium 3-Pane Dashboard
- Node Navigator: Audit and switch between all registered mobile nodes and service accounts.
- File Explorer: Fast, breadcrumb-based directory traversal with support for deeply nested paths.
- Integrated Viewer: Real-time preview for text files and rich media support (Images, Video, Audio) directly in the browser.
3. Reliable Chunked Sync
- Resumable Uploads: Multi-step chunked protocol for stable transfers on unstable mobile networks.
- Integrity Verification: SHA-256 hashing at the session level ensures zero data corruption.
- High Concurrency: Stress-tested to handle 10+ simultaneous node uploads with throughput exceeding 140MB/s.
4. Flexible Security Model
- Zero-Config Mode: Default anonymous access for easy local development.
- Hardened Mode: Instant lock-down as soon as a
VAULT_API_KEYor OIDC provider is configured. - Master Key Bypass: Support for service accounts and legacy nodes even when the dashboard is OIDC-protected.
🛠️ Project Structure
cortex-upload-server/ ├── app/ │ ├── main.py # FastAPI application & lifecycle │ ├── auth.py # OIDC, JWT, and API Key middleware │ ├── database.py # SQLite store for settings & node metadata │ ├── storage.py # Chunk merging & recursive disk management │ ├── routes/ # Modular API endpoints (Auth, Admin, Upload) │ └── static/ # Premium Material Design 3 Dashboard ├── data/ # Encrypted-at-rest persistent storage ├── start.sh # Intelligent bootstrap script └── .env # Environment configuration
🚥 Quick Start
1. Setup Environment
Clone the repository and create a .env file:
VAULT_API_KEY=your-secure-key # Leave empty for anonymous mode JWT_SECRET=your-jwt-secret # Used for dashboard sessions STORAGE_PATH=./data PORT=8080
2. Launch
Run the bootstrap script (requires Docker or Python 3):
chmod +x start.sh ./start.sh
3. Configure OIDC (Optional)
Once the server is running, navigate to the Settings modal in the dashboard to enable OIDC and configure your Issuer URL, Client ID, and required claims.
📡 API Overview
Administrative Operations
| Endpoint | Method | Auth Required | Purpose |
|---|---|---|---|
/api/admin/stats |
GET | Admin | System health & storage metrics |
/api/admin/nodes |
GET | Admin | List all registered devices |
/api/admin/files/{node_id} |
GET | Admin/Node | Browse file tree |
/api/admin/read/{node_id}/{path:path} |
GET | Admin/Node | View/Read file content |
Node Upload Protocol
- Init:
POST /api/upload/init?filename=data.bin&total_size=1048576 - Chunk:
POST /api/upload/chunk?upload_id={id}&chunk_index=0 - Finalize:
POST /api/upload/finalize/{id}
Cortex Vault: Your data, your hardware, your control.