feat(api): Phase 2 — REST-API MVP + CRUD für Domains/Backends/Routing
REST-API mit Response-Envelope (1:1 mail-gateway), HS256-JWT-Signer (Secret persistent unter /var/lib/edgeguard/.jwt_fingerprint), Setup-Wizard (Bcrypt-Admin-Passwort in setup.json), Auth-Middleware (Cookie + Bearer), Setup-Gate. Update-Banner-Endpoints /system/package-versions + /system/upgrade ab Tag 1 wired (Pattern aus enconf-management-agent: systemd-run detached, HTTP-Response geht VOR dem Self-Replace raus). CRUD-Repos für domains/backends/routing_rules mit pgxpool + handgeschriebenem SQL (mail-gateway-Pattern, kein GORM zur Laufzeit). Audit-Log-Schreiber auf jede Mutation, NodeID aus /etc/machine-id. DB-Pool öffnet best-effort — ohne erreichbare PG bleiben CRUD-Routen unregistriert, Auth/Setup/System antworten weiter (Dev ohne PG). End-to-end live-getestet gegen lokale postgres-16: Setup → Login → POST/PUT/DELETE Backends + Domains + Routing-Rules → audit_log schreibt 5 Zeilen mit korrektem actor/action/subject. Graceful degrade ohne DB ebenfalls verifiziert. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Debian
136
internal/services/routingrules/routingrules.go
Normal file
136
internal/services/routingrules/routingrules.go
Normal file
@@ -0,0 +1,136 @@
|
||||
// Package routingrules implements CRUD against the `routing_rules`
|
||||
// table. A rule maps (domain, path_prefix) → backend; higher priority
|
||||
// wins, ties broken by id.
|
||||
package routingrules
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
|
||||
"github.com/jackc/pgx/v5"
|
||||
"github.com/jackc/pgx/v5/pgxpool"
|
||||
|
||||
"git.netcell-it.de/projekte/edgeguard-native/internal/models"
|
||||
)
|
||||
|
||||
var ErrNotFound = errors.New("routing rule not found")
|
||||
|
||||
type Repo struct {
|
||||
Pool *pgxpool.Pool
|
||||
}
|
||||
|
||||
func New(pool *pgxpool.Pool) *Repo { return &Repo{Pool: pool} }
|
||||
|
||||
const baseSelect = `
|
||||
SELECT id, domain_id, path_prefix, backend_id, priority, active,
|
||||
created_at, updated_at
|
||||
FROM routing_rules
|
||||
`
|
||||
|
||||
// List returns rules ordered by domain_id then priority desc — the
|
||||
// shape the config-renderer wants when building haproxy/nginx vhosts.
|
||||
func (r *Repo) List(ctx context.Context) ([]models.RoutingRule, error) {
|
||||
rows, err := r.Pool.Query(ctx, baseSelect+
|
||||
" ORDER BY domain_id ASC, priority DESC, id ASC")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer rows.Close()
|
||||
out := make([]models.RoutingRule, 0, 16)
|
||||
for rows.Next() {
|
||||
rr, err := scanRule(rows)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
out = append(out, *rr)
|
||||
}
|
||||
return out, rows.Err()
|
||||
}
|
||||
|
||||
// ListForDomain narrows List to a single domain — handlers expose this
|
||||
// as GET /domains/:id/routing-rules so the UI only fetches what it needs.
|
||||
func (r *Repo) ListForDomain(ctx context.Context, domainID int64) ([]models.RoutingRule, error) {
|
||||
rows, err := r.Pool.Query(ctx, baseSelect+
|
||||
" WHERE domain_id = $1 ORDER BY priority DESC, id ASC", domainID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer rows.Close()
|
||||
out := make([]models.RoutingRule, 0, 4)
|
||||
for rows.Next() {
|
||||
rr, err := scanRule(rows)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
out = append(out, *rr)
|
||||
}
|
||||
return out, rows.Err()
|
||||
}
|
||||
|
||||
func (r *Repo) Get(ctx context.Context, id int64) (*models.RoutingRule, error) {
|
||||
row := r.Pool.QueryRow(ctx, baseSelect+" WHERE id = $1", id)
|
||||
rr, err := scanRule(row)
|
||||
if err != nil {
|
||||
if errors.Is(err, pgx.ErrNoRows) {
|
||||
return nil, ErrNotFound
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
return rr, nil
|
||||
}
|
||||
|
||||
func (r *Repo) Create(ctx context.Context, rr models.RoutingRule) (*models.RoutingRule, error) {
|
||||
row := r.Pool.QueryRow(ctx, `
|
||||
INSERT INTO routing_rules (domain_id, path_prefix, backend_id, priority, active)
|
||||
VALUES ($1, $2, $3, $4, $5)
|
||||
RETURNING id, domain_id, path_prefix, backend_id, priority, active,
|
||||
created_at, updated_at`,
|
||||
rr.DomainID, rr.PathPrefix, rr.BackendID, rr.Priority, rr.Active)
|
||||
return scanRule(row)
|
||||
}
|
||||
|
||||
func (r *Repo) Update(ctx context.Context, id int64, rr models.RoutingRule) (*models.RoutingRule, error) {
|
||||
row := r.Pool.QueryRow(ctx, `
|
||||
UPDATE routing_rules SET
|
||||
domain_id = $1,
|
||||
path_prefix = $2,
|
||||
backend_id = $3,
|
||||
priority = $4,
|
||||
active = $5,
|
||||
updated_at = NOW()
|
||||
WHERE id = $6
|
||||
RETURNING id, domain_id, path_prefix, backend_id, priority, active,
|
||||
created_at, updated_at`,
|
||||
rr.DomainID, rr.PathPrefix, rr.BackendID, rr.Priority, rr.Active, id)
|
||||
out, err := scanRule(row)
|
||||
if err != nil {
|
||||
if errors.Is(err, pgx.ErrNoRows) {
|
||||
return nil, ErrNotFound
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
return out, nil
|
||||
}
|
||||
|
||||
func (r *Repo) Delete(ctx context.Context, id int64) error {
|
||||
tag, err := r.Pool.Exec(ctx, `DELETE FROM routing_rules WHERE id = $1`, id)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if tag.RowsAffected() == 0 {
|
||||
return ErrNotFound
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func scanRule(row interface{ Scan(...any) error }) (*models.RoutingRule, error) {
|
||||
var rr models.RoutingRule
|
||||
if err := row.Scan(
|
||||
&rr.ID, &rr.DomainID, &rr.PathPrefix, &rr.BackendID,
|
||||
&rr.Priority, &rr.Active,
|
||||
&rr.CreatedAt, &rr.UpdatedAt,
|
||||
); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &rr, nil
|
||||
}
|
||||
Reference in New Issue
Block a user