feat(api): Phase 2 — REST-API MVP + CRUD für Domains/Backends/Routing

REST-API mit Response-Envelope (1:1 mail-gateway), HS256-JWT-Signer
(Secret persistent unter /var/lib/edgeguard/.jwt_fingerprint),
Setup-Wizard (Bcrypt-Admin-Passwort in setup.json), Auth-Middleware
(Cookie + Bearer), Setup-Gate. Update-Banner-Endpoints
/system/package-versions + /system/upgrade ab Tag 1 wired (Pattern
aus enconf-management-agent: systemd-run detached, HTTP-Response
geht VOR dem Self-Replace raus).

CRUD-Repos für domains/backends/routing_rules mit pgxpool +
handgeschriebenem SQL (mail-gateway-Pattern, kein GORM zur Laufzeit).
Audit-Log-Schreiber auf jede Mutation, NodeID aus /etc/machine-id.
DB-Pool öffnet best-effort — ohne erreichbare PG bleiben CRUD-Routen
unregistriert, Auth/Setup/System antworten weiter (Dev ohne PG).

End-to-end live-getestet gegen lokale postgres-16: Setup → Login →
POST/PUT/DELETE Backends + Domains + Routing-Rules → audit_log
schreibt 5 Zeilen mit korrektem actor/action/subject. Graceful
degrade ohne DB ebenfalls verifiziert.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

internal/handlers/response/response.go

@@ -0,0 +1,87 @@
+// Package response is the single source of truth for every JSON
+// response edgeguard-api emits. Enforces the envelope contract
+//
+//	{"data": <payload>, "error": null | "<string>", "message": "<string>"}
+//
+// (1:1 mail-gateway/internal/handlers/response/) so external clients
+// and the management UI can deserialise into a generic ApiResponse<T>
+// without per-endpoint special-casing.
+package response
+
+import (
+	"errors"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+)
+
+type Envelope struct {
+	Data    any     `json:"data"`
+	Error   *string `json:"error"`
+	Message string  `json:"message"`
+}
+
+func OK(c *gin.Context, data any) {
+	c.JSON(http.StatusOK, Envelope{Data: data, Error: nil, Message: "OK"})
+}
+
+func OKWithMessage(c *gin.Context, data any, message string) {
+	c.JSON(http.StatusOK, Envelope{Data: data, Error: nil, Message: message})
+}
+
+func Created(c *gin.Context, data any) {
+	c.JSON(http.StatusCreated, Envelope{Data: data, Error: nil, Message: "Created"})
+}
+
+func Accepted(c *gin.Context, data any) {
+	c.JSON(http.StatusAccepted, Envelope{Data: data, Error: nil, Message: "Accepted"})
+}
+
+func NoContent(c *gin.Context) {
+	c.Status(http.StatusNoContent)
+}
+
+func Err(c *gin.Context, status int, err error) {
+	msg := ""
+	if err != nil {
+		msg = err.Error()
+	}
+	c.JSON(status, Envelope{Data: nil, Error: &msg, Message: msg})
+}
+
+func ErrMessage(c *gin.Context, status int, err error, message string) {
+	e := ""
+	if err != nil {
+		e = err.Error()
+	}
+	c.JSON(status, Envelope{Data: nil, Error: &e, Message: message})
+}
+
+func BadRequest(c *gin.Context, err error) {
+	Err(c, http.StatusBadRequest, err)
+}
+
+func NotFound(c *gin.Context, err error) {
+	if err == nil {
+		err = errors.New("not found")
+	}
+	Err(c, http.StatusNotFound, err)
+}
+
+func Unauthorized(c *gin.Context, err error) {
+	if err == nil {
+		err = errors.New("not authenticated")
+	}
+	Err(c, http.StatusUnauthorized, err)
+}
+
+func Forbidden(c *gin.Context, err error) {
+	if err == nil {
+		err = errors.New("forbidden")
+	}
+	Err(c, http.StatusForbidden, err)
+}
+
+func Internal(c *gin.Context, err error) {
+	Err(c, http.StatusInternalServerError, err)
+}

internal/handlers/response/response_test.go

@@ -0,0 +1,72 @@
+package response
+
+import (
+	"encoding/json"
+	"errors"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/gin-gonic/gin"
+)
+
+func init() { gin.SetMode(gin.TestMode) }
+
+func run(handler gin.HandlerFunc) *httptest.ResponseRecorder {
+	r := gin.New()
+	r.GET("/x", handler)
+	rec := httptest.NewRecorder()
+	req, _ := http.NewRequest(http.MethodGet, "/x", nil)
+	r.ServeHTTP(rec, req)
+	return rec
+}
+
+func decodeEnv(t *testing.T, rec *httptest.ResponseRecorder) Envelope {
+	t.Helper()
+	var env Envelope
+	if err := json.Unmarshal(rec.Body.Bytes(), &env); err != nil {
+		t.Fatalf("decode: %v (body=%s)", err, rec.Body.String())
+	}
+	return env
+}
+
+func TestOK_Wraps200AndMessage(t *testing.T) {
+	rec := run(func(c *gin.Context) { OK(c, map[string]int{"n": 7}) })
+	if rec.Code != http.StatusOK {
+		t.Fatalf("status: %d", rec.Code)
+	}
+	env := decodeEnv(t, rec)
+	if env.Error != nil {
+		t.Errorf("error should be nil, got %q", *env.Error)
+	}
+	if env.Message != "OK" {
+		t.Errorf("message: %q", env.Message)
+	}
+}
+
+func TestErr_SerialisesErrorAndMessage(t *testing.T) {
+	rec := run(func(c *gin.Context) { Err(c, http.StatusBadRequest, errors.New("boom")) })
+	if rec.Code != http.StatusBadRequest {
+		t.Fatalf("status: %d", rec.Code)
+	}
+	env := decodeEnv(t, rec)
+	if env.Error == nil || *env.Error != "boom" {
+		t.Errorf("error: %v", env.Error)
+	}
+	if env.Message != "boom" {
+		t.Errorf("message: %q", env.Message)
+	}
+	if env.Data != nil {
+		t.Errorf("data should be nil on error, got %v", env.Data)
+	}
+}
+
+func TestNoContent_NoBody(t *testing.T) {
+	rec := run(func(c *gin.Context) { NoContent(c) })
+	if rec.Code != http.StatusNoContent {
+		t.Fatalf("status: %d", rec.Code)
+	}
+	if rec.Body.Len() != 0 {
+		t.Errorf("204 should have empty body, got %q", rec.Body.String())
+	}
+}