0307dc68bb
Models (internal/models/): * FirewallAddressObject (host|network|range|fqdn) * FirewallAddressGroup mit MemberIDs gorm:"-"-Slice * FirewallService (proto+ports, builtin-Flag) * FirewallServiceGroup mit MemberIDs * FirewallRule (v2-Shape, src/dst nullable refs, exactly-one-of-Validation in Handler-Layer) * FirewallNATRule (kind=dnat|snat|masquerade, alle nullable) Repos (internal/services/firewall/, ein Paket): * AddressObjectsRepo, AddressGroupsRepo (mit Members-Junction-Ops) * ServicesRepo (refused Update/Delete für builtin=TRUE Rows), ServiceGroupsRepo * RulesRepo, NATRulesRepo Jeweils Standard-CRUD; Group-Repos handhaben Members atomic in einer TX (Update ersetzt komplette Membership). Handler + Renderer-Rewrite + Frontend folgen in den nächsten Commits. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
104 lines
2.8 KiB
Go
104 lines
2.8 KiB
Go
package firewall
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
|
|
"github.com/jackc/pgx/v5"
|
|
"github.com/jackc/pgx/v5/pgxpool"
|
|
|
|
"git.netcell-it.de/projekte/edgeguard-native/internal/models"
|
|
)
|
|
|
|
var ErrAddressObjectNotFound = errors.New("address object not found")
|
|
|
|
type AddressObjectsRepo struct {
|
|
Pool *pgxpool.Pool
|
|
}
|
|
|
|
func NewAddressObjectsRepo(pool *pgxpool.Pool) *AddressObjectsRepo {
|
|
return &AddressObjectsRepo{Pool: pool}
|
|
}
|
|
|
|
const addrObjBaseSelect = `
|
|
SELECT id, name, kind, value, description, created_at, updated_at
|
|
FROM firewall_address_objects
|
|
`
|
|
|
|
func (r *AddressObjectsRepo) List(ctx context.Context) ([]models.FirewallAddressObject, error) {
|
|
rows, err := r.Pool.Query(ctx, addrObjBaseSelect+" ORDER BY name ASC")
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer rows.Close()
|
|
out := make([]models.FirewallAddressObject, 0, 8)
|
|
for rows.Next() {
|
|
o, err := scanAddrObj(rows)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
out = append(out, *o)
|
|
}
|
|
return out, rows.Err()
|
|
}
|
|
|
|
func (r *AddressObjectsRepo) Get(ctx context.Context, id int64) (*models.FirewallAddressObject, error) {
|
|
row := r.Pool.QueryRow(ctx, addrObjBaseSelect+" WHERE id = $1", id)
|
|
o, err := scanAddrObj(row)
|
|
if err != nil {
|
|
if errors.Is(err, pgx.ErrNoRows) {
|
|
return nil, ErrAddressObjectNotFound
|
|
}
|
|
return nil, err
|
|
}
|
|
return o, nil
|
|
}
|
|
|
|
func (r *AddressObjectsRepo) Create(ctx context.Context, o models.FirewallAddressObject) (*models.FirewallAddressObject, error) {
|
|
row := r.Pool.QueryRow(ctx, `
|
|
INSERT INTO firewall_address_objects (name, kind, value, description)
|
|
VALUES ($1, $2, $3, $4)
|
|
RETURNING id, name, kind, value, description, created_at, updated_at`,
|
|
o.Name, o.Kind, o.Value, o.Description)
|
|
return scanAddrObj(row)
|
|
}
|
|
|
|
func (r *AddressObjectsRepo) Update(ctx context.Context, id int64, o models.FirewallAddressObject) (*models.FirewallAddressObject, error) {
|
|
row := r.Pool.QueryRow(ctx, `
|
|
UPDATE firewall_address_objects SET
|
|
name = $1, kind = $2, value = $3, description = $4, updated_at = NOW()
|
|
WHERE id = $5
|
|
RETURNING id, name, kind, value, description, created_at, updated_at`,
|
|
o.Name, o.Kind, o.Value, o.Description, id)
|
|
out, err := scanAddrObj(row)
|
|
if err != nil {
|
|
if errors.Is(err, pgx.ErrNoRows) {
|
|
return nil, ErrAddressObjectNotFound
|
|
}
|
|
return nil, err
|
|
}
|
|
return out, nil
|
|
}
|
|
|
|
func (r *AddressObjectsRepo) Delete(ctx context.Context, id int64) error {
|
|
tag, err := r.Pool.Exec(ctx, `DELETE FROM firewall_address_objects WHERE id = $1`, id)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if tag.RowsAffected() == 0 {
|
|
return ErrAddressObjectNotFound
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func scanAddrObj(row interface{ Scan(...any) error }) (*models.FirewallAddressObject, error) {
|
|
var o models.FirewallAddressObject
|
|
if err := row.Scan(
|
|
&o.ID, &o.Name, &o.Kind, &o.Value,
|
|
&o.Description, &o.CreatedAt, &o.UpdatedAt,
|
|
); err != nil {
|
|
return nil, err
|
|
}
|
|
return &o, nil
|
|
}
|