projekte/edgeguard-native
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
edgeguard-native/internal/handlers/domains.go
Debian 3545b8422b feat(api): Auto-Reload HAProxy bei Domain/Backend/Routing-Mutation 
Symmetrisch zur Firewall: Domains-, Backends- und RoutingRules-Handler
bekommen einen Reloader-Hook injiziert, der nach jeder Mutation
haproxy.cfg neu rendert + sudo systemctl reload haproxy fährt. Errors
werden nur geloggt, nicht failed (Row ist committed; manuelle
Re-Render via edgeguard-ctl render-config bleibt möglich).

Vorher: nur Firewall-Regeln waren auto-applied — Domain/Backend-
Änderungen sind in der DB gelandet, aber das laufende haproxy hat
sie nicht gesehen bis zum nächsten render-config oder API-Restart.

Version 1.0.8.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-10 18:23:18 +02:00

170 lines
4.5 KiB
Go
Raw Permalink Blame History

package handlers
import (
"context"
"errors"
"log/slog"
"strconv"
"github.com/gin-gonic/gin"
"git.netcell-it.de/projekte/edgeguard-native/internal/handlers/response"
"git.netcell-it.de/projekte/edgeguard-native/internal/models"
"git.netcell-it.de/projekte/edgeguard-native/internal/services/audit"
"git.netcell-it.de/projekte/edgeguard-native/internal/services/domains"
"git.netcell-it.de/projekte/edgeguard-native/internal/services/routingrules"
)
type DomainsHandler struct {
Repo *domains.Repo
Routing *routingrules.Repo
Audit *audit.Repo
NodeID string
// Reloader regenerates and applies the haproxy config. Symmetric
// to FirewallHandler.Reloader; called after every mutation so the
// running haproxy.cfg always matches the DB. Errors are logged
// but don't fail the API call (the row is committed and the
// operator can re-trigger via `edgeguard-ctl render-config`).
Reloader func(ctx context.Context) error
}
func NewDomainsHandler(repo *domains.Repo, routing *routingrules.Repo, a *audit.Repo, nodeID string, reloader func(context.Context) error) *DomainsHandler {
return &DomainsHandler{Repo: repo, Routing: routing, Audit: a, NodeID: nodeID, Reloader: reloader}
}
func (h *DomainsHandler) reload(ctx context.Context, op string) {
if h.Reloader == nil {
return
}
if err := h.Reloader(ctx); err != nil {
slog.Warn("haproxy: reload after domain mutation failed", "op", op, "error", err)
}
}
func (h *DomainsHandler) Register(rg *gin.RouterGroup) {
g := rg.Group("/domains")
g.GET("", h.List)
g.POST("", h.Create)
g.GET("/:id", h.Get)
g.PUT("/:id", h.Update)
g.DELETE("/:id", h.Delete)
g.GET("/:id/routing-rules", h.ListRoutingRules)
}
func (h *DomainsHandler) List(c *gin.Context) {
out, err := h.Repo.List(c.Request.Context())
if err != nil {
response.Internal(c, err)
return
}
response.OK(c, gin.H{"domains": out})
}
func (h *DomainsHandler) Get(c *gin.Context) {
id, ok := parseID(c)
if !ok {
return
}
d, err := h.Repo.Get(c.Request.Context(), id)
if err != nil {
if errors.Is(err, domains.ErrNotFound) {
response.NotFound(c, err)
return
}
response.Internal(c, err)
return
}
response.OK(c, d)
}
func (h *DomainsHandler) Create(c *gin.Context) {
var req models.Domain
if err := c.ShouldBindJSON(&req); err != nil {
response.BadRequest(c, err)
return
}
out, err := h.Repo.Create(c.Request.Context(), req)
if err != nil {
response.Internal(c, err)
return
}
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "domain.create", req.Name, out, h.NodeID)
response.Created(c, out); h.reload(c.Request.Context(), "create")
}
func (h *DomainsHandler) Update(c *gin.Context) {
id, ok := parseID(c)
if !ok {
return
}
var req models.Domain
if err := c.ShouldBindJSON(&req); err != nil {
response.BadRequest(c, err)
return
}
out, err := h.Repo.Update(c.Request.Context(), id, req)
if err != nil {
if errors.Is(err, domains.ErrNotFound) {
response.NotFound(c, err)
return
}
response.Internal(c, err)
return
}
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "domain.update", out.Name, out, h.NodeID)
response.OK(c, out); h.reload(c.Request.Context(), "update")
}
func (h *DomainsHandler) Delete(c *gin.Context) {
id, ok := parseID(c)
if !ok {
return
}
if err := h.Repo.Delete(c.Request.Context(), id); err != nil {
if errors.Is(err, domains.ErrNotFound) {
response.NotFound(c, err)
return
}
response.Internal(c, err)
return
}
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "domain.delete",
strconv.FormatInt(id, 10), gin.H{"id": id}, h.NodeID)
response.NoContent(c); h.reload(c.Request.Context(), "delete")
}
// ListRoutingRules narrows /routing-rules to one domain — UI uses this
// for the per-domain rules tab rather than fetching the global list
// and filtering client-side.
func (h *DomainsHandler) ListRoutingRules(c *gin.Context) {
id, ok := parseID(c)
if !ok {
return
}
out, err := h.Routing.ListForDomain(c.Request.Context(), id)
if err != nil {
response.Internal(c, err)
return
}
response.OK(c, gin.H{"routing_rules": out})
}
// parseID parses /:id as int64 and writes a 400 on parse failure.
// Returns (0, false) and aborts when the param is malformed.
func parseID(c *gin.Context) (int64, bool) {
id, err := strconv.ParseInt(c.Param("id"), 10, 64)
if err != nil {
response.BadRequest(c, errors.New("invalid id"))
return 0, false
}
return id, true
}
func actorOf(c *gin.Context) string {
if t := CurrentToken(c); t != nil {
return t.Actor
}
return "unknown"
}
Reference in New Issue View Git Blame Copy Permalink