0a6f81beaa
REST-API mit Response-Envelope (1:1 mail-gateway), HS256-JWT-Signer (Secret persistent unter /var/lib/edgeguard/.jwt_fingerprint), Setup-Wizard (Bcrypt-Admin-Passwort in setup.json), Auth-Middleware (Cookie + Bearer), Setup-Gate. Update-Banner-Endpoints /system/package-versions + /system/upgrade ab Tag 1 wired (Pattern aus enconf-management-agent: systemd-run detached, HTTP-Response geht VOR dem Self-Replace raus). CRUD-Repos für domains/backends/routing_rules mit pgxpool + handgeschriebenem SQL (mail-gateway-Pattern, kein GORM zur Laufzeit). Audit-Log-Schreiber auf jede Mutation, NodeID aus /etc/machine-id. DB-Pool öffnet best-effort — ohne erreichbare PG bleiben CRUD-Routen unregistriert, Auth/Setup/System antworten weiter (Dev ohne PG). End-to-end live-getestet gegen lokale postgres-16: Setup → Login → POST/PUT/DELETE Backends + Domains + Routing-Rules → audit_log schreibt 5 Zeilen mit korrektem actor/action/subject. Graceful degrade ohne DB ebenfalls verifiziert. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
60 lines
1.4 KiB
Go
60 lines
1.4 KiB
Go
package handlers
|
|
|
|
import (
|
|
"github.com/gin-gonic/gin"
|
|
|
|
"git.netcell-it.de/projekte/edgeguard-native/internal/handlers/response"
|
|
"git.netcell-it.de/projekte/edgeguard-native/internal/services/setup"
|
|
)
|
|
|
|
// SetupHandler exposes the first-run wizard endpoints. Both endpoints
|
|
// are mounted before SetupGate so they remain reachable while the API
|
|
// is in setup mode.
|
|
type SetupHandler struct {
|
|
Store *setup.Store
|
|
}
|
|
|
|
func NewSetupHandler(store *setup.Store) *SetupHandler {
|
|
return &SetupHandler{Store: store}
|
|
}
|
|
|
|
func (h *SetupHandler) Register(rg *gin.RouterGroup) {
|
|
g := rg.Group("/setup")
|
|
g.GET("/status", h.Status)
|
|
g.POST("/complete", h.Complete)
|
|
}
|
|
|
|
// Status returns just the public bits of the setup state: whether
|
|
// it's done and (if so) the configured admin_email + fqdn. Never
|
|
// exposes the password hash.
|
|
func (h *SetupHandler) Status(c *gin.Context) {
|
|
st, err := h.Store.Load()
|
|
if err != nil {
|
|
response.Internal(c, err)
|
|
return
|
|
}
|
|
response.OK(c, gin.H{
|
|
"completed": st.Completed,
|
|
"admin_email": st.AdminEmail,
|
|
"fqdn": st.FQDN,
|
|
})
|
|
}
|
|
|
|
func (h *SetupHandler) Complete(c *gin.Context) {
|
|
var req setup.Request
|
|
if err := c.ShouldBindJSON(&req); err != nil {
|
|
response.BadRequest(c, err)
|
|
return
|
|
}
|
|
st, err := h.Store.Complete(req)
|
|
if err != nil {
|
|
response.BadRequest(c, err)
|
|
return
|
|
}
|
|
response.OK(c, gin.H{
|
|
"completed": st.Completed,
|
|
"admin_email": st.AdminEmail,
|
|
"fqdn": st.FQDN,
|
|
})
|
|
}
|