0a6f81beaa
REST-API mit Response-Envelope (1:1 mail-gateway), HS256-JWT-Signer (Secret persistent unter /var/lib/edgeguard/.jwt_fingerprint), Setup-Wizard (Bcrypt-Admin-Passwort in setup.json), Auth-Middleware (Cookie + Bearer), Setup-Gate. Update-Banner-Endpoints /system/package-versions + /system/upgrade ab Tag 1 wired (Pattern aus enconf-management-agent: systemd-run detached, HTTP-Response geht VOR dem Self-Replace raus). CRUD-Repos für domains/backends/routing_rules mit pgxpool + handgeschriebenem SQL (mail-gateway-Pattern, kein GORM zur Laufzeit). Audit-Log-Schreiber auf jede Mutation, NodeID aus /etc/machine-id. DB-Pool öffnet best-effort — ohne erreichbare PG bleiben CRUD-Routen unregistriert, Auth/Setup/System antworten weiter (Dev ohne PG). End-to-end live-getestet gegen lokale postgres-16: Setup → Login → POST/PUT/DELETE Backends + Domains + Routing-Rules → audit_log schreibt 5 Zeilen mit korrektem actor/action/subject. Graceful degrade ohne DB ebenfalls verifiziert. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
152 lines
3.7 KiB
Go
152 lines
3.7 KiB
Go
package handlers
|
|
|
|
import (
|
|
"errors"
|
|
"strconv"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
"git.netcell-it.de/projekte/edgeguard-native/internal/handlers/response"
|
|
"git.netcell-it.de/projekte/edgeguard-native/internal/models"
|
|
"git.netcell-it.de/projekte/edgeguard-native/internal/services/audit"
|
|
"git.netcell-it.de/projekte/edgeguard-native/internal/services/domains"
|
|
"git.netcell-it.de/projekte/edgeguard-native/internal/services/routingrules"
|
|
)
|
|
|
|
type DomainsHandler struct {
|
|
Repo *domains.Repo
|
|
Routing *routingrules.Repo
|
|
Audit *audit.Repo
|
|
NodeID string
|
|
}
|
|
|
|
func NewDomainsHandler(repo *domains.Repo, routing *routingrules.Repo, a *audit.Repo, nodeID string) *DomainsHandler {
|
|
return &DomainsHandler{Repo: repo, Routing: routing, Audit: a, NodeID: nodeID}
|
|
}
|
|
|
|
func (h *DomainsHandler) Register(rg *gin.RouterGroup) {
|
|
g := rg.Group("/domains")
|
|
g.GET("", h.List)
|
|
g.POST("", h.Create)
|
|
g.GET("/:id", h.Get)
|
|
g.PUT("/:id", h.Update)
|
|
g.DELETE("/:id", h.Delete)
|
|
g.GET("/:id/routing-rules", h.ListRoutingRules)
|
|
}
|
|
|
|
func (h *DomainsHandler) List(c *gin.Context) {
|
|
out, err := h.Repo.List(c.Request.Context())
|
|
if err != nil {
|
|
response.Internal(c, err)
|
|
return
|
|
}
|
|
response.OK(c, gin.H{"domains": out})
|
|
}
|
|
|
|
func (h *DomainsHandler) Get(c *gin.Context) {
|
|
id, ok := parseID(c)
|
|
if !ok {
|
|
return
|
|
}
|
|
d, err := h.Repo.Get(c.Request.Context(), id)
|
|
if err != nil {
|
|
if errors.Is(err, domains.ErrNotFound) {
|
|
response.NotFound(c, err)
|
|
return
|
|
}
|
|
response.Internal(c, err)
|
|
return
|
|
}
|
|
response.OK(c, d)
|
|
}
|
|
|
|
func (h *DomainsHandler) Create(c *gin.Context) {
|
|
var req models.Domain
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
response.BadRequest(c, err)
|
|
return
|
|
}
|
|
out, err := h.Repo.Create(c.Request.Context(), req)
|
|
if err != nil {
|
|
response.Internal(c, err)
|
|
return
|
|
}
|
|
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "domain.create", req.Name, out, h.NodeID)
|
|
response.Created(c, out)
|
|
}
|
|
|
|
func (h *DomainsHandler) Update(c *gin.Context) {
|
|
id, ok := parseID(c)
|
|
if !ok {
|
|
return
|
|
}
|
|
var req models.Domain
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
response.BadRequest(c, err)
|
|
return
|
|
}
|
|
out, err := h.Repo.Update(c.Request.Context(), id, req)
|
|
if err != nil {
|
|
if errors.Is(err, domains.ErrNotFound) {
|
|
response.NotFound(c, err)
|
|
return
|
|
}
|
|
response.Internal(c, err)
|
|
return
|
|
}
|
|
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "domain.update", out.Name, out, h.NodeID)
|
|
response.OK(c, out)
|
|
}
|
|
|
|
func (h *DomainsHandler) Delete(c *gin.Context) {
|
|
id, ok := parseID(c)
|
|
if !ok {
|
|
return
|
|
}
|
|
if err := h.Repo.Delete(c.Request.Context(), id); err != nil {
|
|
if errors.Is(err, domains.ErrNotFound) {
|
|
response.NotFound(c, err)
|
|
return
|
|
}
|
|
response.Internal(c, err)
|
|
return
|
|
}
|
|
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "domain.delete",
|
|
strconv.FormatInt(id, 10), gin.H{"id": id}, h.NodeID)
|
|
response.NoContent(c)
|
|
}
|
|
|
|
// ListRoutingRules narrows /routing-rules to one domain — UI uses this
|
|
// for the per-domain rules tab rather than fetching the global list
|
|
// and filtering client-side.
|
|
func (h *DomainsHandler) ListRoutingRules(c *gin.Context) {
|
|
id, ok := parseID(c)
|
|
if !ok {
|
|
return
|
|
}
|
|
out, err := h.Routing.ListForDomain(c.Request.Context(), id)
|
|
if err != nil {
|
|
response.Internal(c, err)
|
|
return
|
|
}
|
|
response.OK(c, gin.H{"routing_rules": out})
|
|
}
|
|
|
|
// parseID parses /:id as int64 and writes a 400 on parse failure.
|
|
// Returns (0, false) and aborts when the param is malformed.
|
|
func parseID(c *gin.Context) (int64, bool) {
|
|
id, err := strconv.ParseInt(c.Param("id"), 10, 64)
|
|
if err != nil {
|
|
response.BadRequest(c, errors.New("invalid id"))
|
|
return 0, false
|
|
}
|
|
return id, true
|
|
}
|
|
|
|
func actorOf(c *gin.Context) string {
|
|
if t := CurrentToken(c); t != nil {
|
|
return t.Actor
|
|
}
|
|
return "unknown"
|
|
}
|