feat(fw): /api/v1/firewall/* CRUD-Handler für alle 6 Entities
internal/handlers/firewall.go: ein FirewallHandler-Struct hält alle
6 Repos + Audit-Ref. Register(authed) mountet 30 Endpoints unter
/api/v1/firewall/{address-objects,address-groups,services,
service-groups,rules,nat-rules}.
Validation:
* Address-Objects: kind=host → ParseIP, network → ParseCIDR,
range → "IP-IP", fqdn → looksLikeFQDN.
* Rules: src/dst max one of (object_id|group_id|cidr); 0 = "any".
service max one of (object|group). CIDR-Werte werden geparsed.
* NAT: kind-spezifische Pflichtfelder. dnat braucht target_addr
+ match_dport_start. snat braucht target_addr. masquerade
verbietet target_addr (Iface-IP gewinnt).
* Services: builtin-Rows können nicht editiert/gelöscht werden
(Repo-Layer enforced).
Audit-Log pro Mutation. NoContent für DELETE.
Wiring in cmd/edgeguard-api/main.go: 6 Repos + ein
NewFirewallHandler(...).Register(authed).
Renderer (nft aus allen Joins) + Frontend folgen in den nächsten
Commits.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Debian
@@ -25,6 +25,7 @@ import (
|
||||
"git.netcell-it.de/projekte/edgeguard-native/internal/services/audit"
|
||||
"git.netcell-it.de/projekte/edgeguard-native/internal/services/backends"
|
||||
"git.netcell-it.de/projekte/edgeguard-native/internal/services/domains"
|
||||
"git.netcell-it.de/projekte/edgeguard-native/internal/services/firewall"
|
||||
"git.netcell-it.de/projekte/edgeguard-native/internal/services/ipaddresses"
|
||||
"git.netcell-it.de/projekte/edgeguard-native/internal/services/networkifs"
|
||||
"git.netcell-it.de/projekte/edgeguard-native/internal/services/routingrules"
|
||||
@@ -125,6 +126,12 @@ func main() {
|
||||
ifsRepo := networkifs.New(pool)
|
||||
ipsRepo := ipaddresses.New(pool)
|
||||
tlsRepo := tlscerts.New(pool)
|
||||
fwAddrObj := firewall.NewAddressObjectsRepo(pool)
|
||||
fwAddrGrp := firewall.NewAddressGroupsRepo(pool)
|
||||
fwSvc := firewall.NewServicesRepo(pool)
|
||||
fwSvcGrp := firewall.NewServiceGroupsRepo(pool)
|
||||
fwRules := firewall.NewRulesRepo(pool)
|
||||
fwNAT := firewall.NewNATRulesRepo(pool)
|
||||
|
||||
// ACME (Let's Encrypt). Email comes from setup.json — the
|
||||
// wizard collects acme_email and the issuer registers an
|
||||
@@ -143,6 +150,7 @@ func main() {
|
||||
handlers.NewIPAddressesHandler(ipsRepo, auditRepo, nodeID).Register(authed)
|
||||
handlers.NewClusterHandler(clusterStore, nodeID).Register(authed)
|
||||
handlers.NewTLSCertsHandler(tlsRepo, auditRepo, nodeID, acmeService).Register(authed)
|
||||
handlers.NewFirewallHandler(fwAddrObj, fwAddrGrp, fwSvc, fwSvcGrp, fwRules, fwNAT, auditRepo, nodeID).Register(authed)
|
||||
}
|
||||
|
||||
mountUI(r)
|
||||
|
||||
Reference in New Issue
Block a user