projekte/edgeguard-native
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0de0a1580a115ab4b7fd123295973dde71c27a5b
edgeguard-native/internal/services/firewall/servicegroups.go
Debian 0307dc68bb feat(fw): Models + Repos für Firewall-v2 (6 Entities) 
Models (internal/models/):
* FirewallAddressObject (host|network|range|fqdn)
* FirewallAddressGroup mit MemberIDs gorm:"-"-Slice
* FirewallService (proto+ports, builtin-Flag)
* FirewallServiceGroup mit MemberIDs
* FirewallRule (v2-Shape, src/dst nullable refs, exactly-one-of-Validation
  in Handler-Layer)
* FirewallNATRule (kind=dnat|snat|masquerade, alle nullable)

Repos (internal/services/firewall/, ein Paket):
* AddressObjectsRepo, AddressGroupsRepo (mit Members-Junction-Ops)
* ServicesRepo (refused Update/Delete für builtin=TRUE Rows),
  ServiceGroupsRepo
* RulesRepo, NATRulesRepo
Jeweils Standard-CRUD; Group-Repos handhaben Members atomic in einer
TX (Update ersetzt komplette Membership).

Handler + Renderer-Rewrite + Frontend folgen in den nächsten
Commits.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-10 09:40:08 +02:00

176 lines
4.5 KiB
Go
Raw Blame History

package firewall
import (
"context"
"errors"
"github.com/jackc/pgx/v5"
"github.com/jackc/pgx/v5/pgxpool"
"git.netcell-it.de/projekte/edgeguard-native/internal/models"
)
var ErrServiceGroupNotFound = errors.New("service group not found")
type ServiceGroupsRepo struct {
Pool *pgxpool.Pool
}
func NewServiceGroupsRepo(pool *pgxpool.Pool) *ServiceGroupsRepo {
return &ServiceGroupsRepo{Pool: pool}
}
const svcGrpBaseSelect = `
SELECT id, name, description, created_at, updated_at
FROM firewall_service_groups
`
func (r *ServiceGroupsRepo) List(ctx context.Context) ([]models.FirewallServiceGroup, error) {
rows, err := r.Pool.Query(ctx, svcGrpBaseSelect+" ORDER BY name ASC")
if err != nil {
return nil, err
}
defer rows.Close()
groups := []models.FirewallServiceGroup{}
byID := map[int64]int{}
for rows.Next() {
g, err := scanSvcGrp(rows)
if err != nil {
return nil, err
}
byID[g.ID] = len(groups)
groups = append(groups, *g)
}
if err := rows.Err(); err != nil {
return nil, err
}
mRows, err := r.Pool.Query(ctx, `SELECT group_id, service_id FROM firewall_service_group_members`)
if err != nil {
return nil, err
}
defer mRows.Close()
for mRows.Next() {
var gid, sid int64
if err := mRows.Scan(&gid, &sid); err != nil {
return nil, err
}
if idx, ok := byID[gid]; ok {
groups[idx].MemberIDs = append(groups[idx].MemberIDs, sid)
}
}
return groups, mRows.Err()
}
func (r *ServiceGroupsRepo) Get(ctx context.Context, id int64) (*models.FirewallServiceGroup, error) {
row := r.Pool.QueryRow(ctx, svcGrpBaseSelect+" WHERE id = $1", id)
g, err := scanSvcGrp(row)
if err != nil {
if errors.Is(err, pgx.ErrNoRows) {
return nil, ErrServiceGroupNotFound
}
return nil, err
}
mRows, err := r.Pool.Query(ctx,
`SELECT service_id FROM firewall_service_group_members WHERE group_id = $1 ORDER BY service_id`, id)
if err != nil {
return nil, err
}
defer mRows.Close()
for mRows.Next() {
var sid int64
if err := mRows.Scan(&sid); err != nil {
return nil, err
}
g.MemberIDs = append(g.MemberIDs, sid)
}
return g, mRows.Err()
}
func (r *ServiceGroupsRepo) Create(ctx context.Context, g models.FirewallServiceGroup) (*models.FirewallServiceGroup, error) {
tx, err := r.Pool.Begin(ctx)
if err != nil {
return nil, err
}
defer tx.Rollback(ctx)
row := tx.QueryRow(ctx, `
INSERT INTO firewall_service_groups (name, description) VALUES ($1, $2)
RETURNING id, name, description, created_at, updated_at`,
g.Name, g.Description)
out, err := scanSvcGrp(row)
if err != nil {
return nil, err
}
if len(g.MemberIDs) > 0 {
if err := insertSvcGrpMembers(ctx, tx, out.ID, g.MemberIDs); err != nil {
return nil, err
}
out.MemberIDs = append([]int64{}, g.MemberIDs...)
}
return out, tx.Commit(ctx)
}
func (r *ServiceGroupsRepo) Update(ctx context.Context, id int64, g models.FirewallServiceGroup) (*models.FirewallServiceGroup, error) {
tx, err := r.Pool.Begin(ctx)
if err != nil {
return nil, err
}
defer tx.Rollback(ctx)
row := tx.QueryRow(ctx, `
UPDATE firewall_service_groups SET name = $1, description = $2, updated_at = NOW()
WHERE id = $3
RETURNING id, name, description, created_at, updated_at`,
g.Name, g.Description, id)
out, err := scanSvcGrp(row)
if err != nil {
if errors.Is(err, pgx.ErrNoRows) {
return nil, ErrServiceGroupNotFound
}
return nil, err
}
if _, err := tx.Exec(ctx, `DELETE FROM firewall_service_group_members WHERE group_id = $1`, id); err != nil {
return nil, err
}
if len(g.MemberIDs) > 0 {
if err := insertSvcGrpMembers(ctx, tx, id, g.MemberIDs); err != nil {
return nil, err
}
out.MemberIDs = append([]int64{}, g.MemberIDs...)
}
return out, tx.Commit(ctx)
}
func (r *ServiceGroupsRepo) Delete(ctx context.Context, id int64) error {
tag, err := r.Pool.Exec(ctx, `DELETE FROM firewall_service_groups WHERE id = $1`, id)
if err != nil {
return err
}
if tag.RowsAffected() == 0 {
return ErrServiceGroupNotFound
}
return nil
}
func insertSvcGrpMembers(ctx context.Context, tx pgx.Tx, gid int64, members []int64) error {
for _, sid := range members {
if _, err := tx.Exec(ctx,
`INSERT INTO firewall_service_group_members (group_id, service_id) VALUES ($1, $2) ON CONFLICT DO NOTHING`,
gid, sid); err != nil {
return err
}
}
return nil
}
func scanSvcGrp(row interface{ Scan(...any) error }) (*models.FirewallServiceGroup, error) {
var g models.FirewallServiceGroup
if err := row.Scan(
&g.ID, &g.Name, &g.Description,
&g.CreatedAt, &g.UpdatedAt,
); err != nil {
return nil, err
}
return &g, nil
}
Reference in New Issue View Git Blame Copy Permalink