handlers

package
v0.0.0-...-0732b9d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 16, 2025 License: MIT Imports: 41 Imported by: 0

Documentation

Overview

Package handlers provides HTTP request handlers for the API.

Package handlers provides HTTP handlers used by the Charon backend API.

It exposes Gin-based handler implementations for resources such as certificates, proxy hosts, users, notifications, backups, and system configuration. This package wires services to HTTP endpoints and performs request validation, response formatting, and basic error handling.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckMountedImport 

func CheckMountedImport(db *gorm.DB, mountPath, caddyBinary, importDir string) error

CheckMountedImport checks for mounted Caddyfile on startup.

func HealthHandler 

func HealthHandler(c *gin.Context)

HealthHandler responds with basic service metadata for uptime checks.

func LogsWebSocketHandler 

func LogsWebSocketHandler(c *gin.Context)

LogsWebSocketHandler handles WebSocket connections for live log streaming.

func MaskPassword 

func MaskPassword(password string) string

MaskPassword masks the password for display.

func MaskPasswordForTest 

func MaskPasswordForTest(password string) string

MaskPasswordForTest is an alias for testing.

func OpenTestDB 

func OpenTestDB(t *testing.T) *gorm.DB

OpenTestDB creates a SQLite in-memory DB unique per test and applies a busy timeout and WAL journal mode to reduce SQLITE locking during parallel tests.

Types

type AcceptInviteRequest 

type AcceptInviteRequest struct {
	Token    string `json:"token" binding:"required"`
	Name     string `json:"name" binding:"required"`
	Password string `json:"password" binding:"required,min=8"`
}

AcceptInviteRequest represents the request body for accepting an invite.

type AccessListHandler 

type AccessListHandler struct {
	// contains filtered or unexported fields
}

AccessListHandler handles access list API requests.

func NewAccessListHandler 

func NewAccessListHandler(db *gorm.DB) *AccessListHandler

NewAccessListHandler creates a new AccessListHandler.

func (*AccessListHandler) Create 

func (h *AccessListHandler) Create(c *gin.Context)

Create handles POST /api/v1/access-lists

func (*AccessListHandler) Delete 

func (h *AccessListHandler) Delete(c *gin.Context)

Delete handles DELETE /api/v1/access-lists/:id

func (*AccessListHandler) Get 

func (h *AccessListHandler) Get(c *gin.Context)

Get handles GET /api/v1/access-lists/:id

func (*AccessListHandler) GetTemplates 

func (h *AccessListHandler) GetTemplates(c *gin.Context)

GetTemplates handles GET /api/v1/access-lists/templates

func (*AccessListHandler) List 

func (h *AccessListHandler) List(c *gin.Context)

List handles GET /api/v1/access-lists

func (*AccessListHandler) SetGeoIPService 

func (h *AccessListHandler) SetGeoIPService(geoipSvc *services.GeoIPService)

SetGeoIPService sets the GeoIP service for geo-based ACL lookups.

func (*AccessListHandler) TestIP 

func (h *AccessListHandler) TestIP(c *gin.Context)

TestIP handles POST /api/v1/access-lists/:id/test

func (*AccessListHandler) Update 

func (h *AccessListHandler) Update(c *gin.Context)

Update handles PUT /api/v1/access-lists/:id

type AuthHandler 

type AuthHandler struct {
	// contains filtered or unexported fields
}

func NewAuthHandler 

func NewAuthHandler(authService *services.AuthService) *AuthHandler

func NewAuthHandlerWithDB 

func NewAuthHandlerWithDB(authService *services.AuthService, db *gorm.DB) *AuthHandler

NewAuthHandlerWithDB creates an AuthHandler with database access for forward auth.

func (*AuthHandler) ChangePassword 

func (h *AuthHandler) ChangePassword(c *gin.Context)

func (*AuthHandler) CheckHostAccess 

func (h *AuthHandler) CheckHostAccess(c *gin.Context)

CheckHostAccess checks if the current user can access a specific host.

func (*AuthHandler) GetAccessibleHosts 

func (h *AuthHandler) GetAccessibleHosts(c *gin.Context)

GetAccessibleHosts returns the list of proxy hosts the authenticated user can access.

func (*AuthHandler) Login 

func (h *AuthHandler) Login(c *gin.Context)

func (*AuthHandler) Logout 

func (h *AuthHandler) Logout(c *gin.Context)

func (*AuthHandler) Me 

func (h *AuthHandler) Me(c *gin.Context)

func (*AuthHandler) Register 

func (h *AuthHandler) Register(c *gin.Context)

func (*AuthHandler) Verify 

func (h *AuthHandler) Verify(c *gin.Context)

Verify is the forward auth endpoint for Caddy. It validates the user's session and checks access permissions for the requested host. Used by Caddy's forward_auth directive.

Expected headers from Caddy:

  • X-Forwarded-Host: The original host being accessed
  • X-Forwarded-Uri: The original URI being accessed

Response headers on success (200):

  • X-Forwarded-User: The user's email
  • X-Forwarded-Groups: The user's role (for future RBAC)

Response on failure:

  • 401: Not authenticated (redirect to login)
  • 403: Authenticated but not authorized for this host

func (*AuthHandler) VerifyStatus 

func (h *AuthHandler) VerifyStatus(c *gin.Context)

VerifyStatus returns the current auth status without triggering a redirect. Useful for frontend to check if user is logged in.

type BackupHandler 

type BackupHandler struct {
	// contains filtered or unexported fields
}

func NewBackupHandler 

func NewBackupHandler(service *services.BackupService) *BackupHandler

func (*BackupHandler) Create 

func (h *BackupHandler) Create(c *gin.Context)

func (*BackupHandler) Delete 

func (h *BackupHandler) Delete(c *gin.Context)

func (*BackupHandler) Download 

func (h *BackupHandler) Download(c *gin.Context)

func (*BackupHandler) List 

func (h *BackupHandler) List(c *gin.Context)

func (*BackupHandler) Restore 

func (h *BackupHandler) Restore(c *gin.Context)

type BackupServiceInterface 

type BackupServiceInterface interface {
	CreateBackup() (string, error)
	ListBackups() ([]services.BackupFile, error)
	DeleteBackup(filename string) error
	GetBackupPath(filename string) (string, error)
	RestoreBackup(filename string) error
	GetAvailableSpace() (int64, error)
}

BackupServiceInterface defines the contract for backup service operations

type BanIPRequest 

type BanIPRequest struct {
	IP       string `json:"ip" binding:"required"`
	Duration string `json:"duration"`
	Reason   string `json:"reason"`
}

BanIPRequest represents the request body for banning an IP

type CerberusLogsHandler 

type CerberusLogsHandler struct {
	// contains filtered or unexported fields
}

CerberusLogsHandler handles WebSocket connections for streaming security logs.

func NewCerberusLogsHandler 

func NewCerberusLogsHandler(watcher *services.LogWatcher) *CerberusLogsHandler

NewCerberusLogsHandler creates a new handler for Cerberus security log streaming.

func (*CerberusLogsHandler) LiveLogs 

func (h *CerberusLogsHandler) LiveLogs(c *gin.Context)

LiveLogs handles WebSocket connections for Cerberus security log streaming. It upgrades the HTTP connection to WebSocket, subscribes to the LogWatcher, and streams SecurityLogEntry as JSON to connected clients.

Query parameters for filtering:

  • source: filter by source (waf, crowdsec, ratelimit, acl, normal)
  • blocked_only: only show blocked requests (true/false)
  • level: filter by log level (info, warn, error)
  • ip: filter by client IP (partial match)
  • host: filter by host (partial match)

type CertificateHandler 

type CertificateHandler struct {
	// contains filtered or unexported fields
}

func NewCertificateHandler 

func NewCertificateHandler(service *services.CertificateService, backupService BackupServiceInterface, ns *services.NotificationService) *CertificateHandler

func (*CertificateHandler) Delete 

func (h *CertificateHandler) Delete(c *gin.Context)

func (*CertificateHandler) List 

func (h *CertificateHandler) List(c *gin.Context)

func (*CertificateHandler) Upload 

func (h *CertificateHandler) Upload(c *gin.Context)

type ChangePasswordRequest 

type ChangePasswordRequest struct {
	OldPassword string `json:"old_password" binding:"required"`
	NewPassword string `json:"new_password" binding:"required,min=8"`
}

type CommandExecutor 

type CommandExecutor interface {
	Execute(ctx context.Context, name string, args ...string) ([]byte, error)
}

CommandExecutor abstracts command execution for testing.

type CreateUserRequest 

type CreateUserRequest struct {
	Email          string `json:"email" binding:"required,email"`
	Name           string `json:"name" binding:"required"`
	Password       string `json:"password" binding:"required,min=8"`
	Role           string `json:"role"`
	PermissionMode string `json:"permission_mode"`
	PermittedHosts []uint `json:"permitted_hosts"`
}

CreateUserRequest represents the request body for creating a user.

type CrowdSecDecision 

type CrowdSecDecision struct {
	ID        int64     `json:"id"`
	Origin    string    `json:"origin"`
	Type      string    `json:"type"`
	Scope     string    `json:"scope"`
	Value     string    `json:"value"`
	Duration  string    `json:"duration"`
	Scenario  string    `json:"scenario"`
	CreatedAt time.Time `json:"created_at"`
	Until     string    `json:"until,omitempty"`
}

CrowdSecDecision represents a ban decision from CrowdSec

type CrowdsecExecutor 

type CrowdsecExecutor interface {
	Start(ctx context.Context, binPath, configDir string) (int, error)
	Stop(ctx context.Context, configDir string) error
	Status(ctx context.Context, configDir string) (running bool, pid int, err error)
}

CrowdsecExecutor abstracts starting/stopping CrowdSec so tests can mock it.

type CrowdsecHandler 

type CrowdsecHandler struct {
	DB       *gorm.DB
	Executor CrowdsecExecutor
	CmdExec  CommandExecutor
	BinPath  string
	DataDir  string
	Hub      *crowdsec.HubService
	Console  *crowdsec.ConsoleEnrollmentService
	Security *services.SecurityService
}

CrowdsecHandler manages CrowdSec process and config imports.

func NewCrowdsecHandler 

func NewCrowdsecHandler(db *gorm.DB, executor CrowdsecExecutor, binPath, dataDir string) *CrowdsecHandler

func (*CrowdsecHandler) ApplyPreset 

func (h *CrowdsecHandler) ApplyPreset(c *gin.Context)

ApplyPreset installs a pulled preset from cache or via cscli.

func (*CrowdsecHandler) BanIP 

func (h *CrowdsecHandler) BanIP(c *gin.Context)

BanIP adds a manual ban for an IP address

func (*CrowdsecHandler) CheckLAPIHealth 

func (h *CrowdsecHandler) CheckLAPIHealth(c *gin.Context)

CheckLAPIHealth verifies that CrowdSec LAPI is responding.

func (*CrowdsecHandler) ConsoleEnroll 

func (h *CrowdsecHandler) ConsoleEnroll(c *gin.Context)

ConsoleEnroll enrolls the local engine with CrowdSec console.

func (*CrowdsecHandler) ConsoleStatus 

func (h *CrowdsecHandler) ConsoleStatus(c *gin.Context)

ConsoleStatus returns the current console enrollment status without secrets.

func (*CrowdsecHandler) DeleteConsoleEnrollment 

func (h *CrowdsecHandler) DeleteConsoleEnrollment(c *gin.Context)

DeleteConsoleEnrollment clears the local enrollment state to allow fresh enrollment. DELETE /api/v1/admin/crowdsec/console/enrollment Note: This does NOT unenroll from crowdsec.net - that must be done manually on the console.

func (*CrowdsecHandler) ExportConfig 

func (h *CrowdsecHandler) ExportConfig(c *gin.Context)

ExportConfig creates a tar.gz archive of the CrowdSec data directory and streams it back to the client as a downloadable file.

func (*CrowdsecHandler) GetAcquisitionConfig 

func (h *CrowdsecHandler) GetAcquisitionConfig(c *gin.Context)

GetAcquisitionConfig returns the current CrowdSec acquisition configuration. GET /api/v1/admin/crowdsec/acquisition

func (*CrowdsecHandler) GetCachedPreset 

func (h *CrowdsecHandler) GetCachedPreset(c *gin.Context)

GetCachedPreset returns cached preview for a slug when available.

func (*CrowdsecHandler) GetLAPIDecisions 

func (h *CrowdsecHandler) GetLAPIDecisions(c *gin.Context)

GetLAPIDecisions queries CrowdSec LAPI directly for current decisions. This is an alternative to ListDecisions which uses cscli. Query params:

  • ip: filter by specific IP address
  • scope: filter by scope (e.g., "ip", "range")
  • type: filter by decision type (e.g., "ban", "captcha")

func (*CrowdsecHandler) ImportConfig 

func (h *CrowdsecHandler) ImportConfig(c *gin.Context)

ImportConfig accepts a tar.gz or zip upload and extracts into DataDir (backing up existing config).

func (*CrowdsecHandler) ListDecisions 

func (h *CrowdsecHandler) ListDecisions(c *gin.Context)

ListDecisions calls cscli to get current decisions (banned IPs)

func (*CrowdsecHandler) ListFiles 

func (h *CrowdsecHandler) ListFiles(c *gin.Context)

ListFiles returns a flat list of files under the CrowdSec DataDir.

func (*CrowdsecHandler) ListPresets 

func (h *CrowdsecHandler) ListPresets(c *gin.Context)

ListPresets returns the curated preset catalog when Cerberus is enabled.

func (*CrowdsecHandler) PullPreset 

func (h *CrowdsecHandler) PullPreset(c *gin.Context)

PullPreset downloads and caches a hub preset while returning a preview.

func (*CrowdsecHandler) ReadFile 

func (h *CrowdsecHandler) ReadFile(c *gin.Context)

ReadFile returns the contents of a specific file under DataDir. Query param 'path' required.

func (*CrowdsecHandler) RegisterBouncer 

func (h *CrowdsecHandler) RegisterBouncer(c *gin.Context)

RegisterBouncer registers a new bouncer or returns existing bouncer status. POST /api/v1/admin/crowdsec/bouncer/register

func (*CrowdsecHandler) RegisterRoutes 

func (h *CrowdsecHandler) RegisterRoutes(rg *gin.RouterGroup)

RegisterRoutes registers crowdsec admin routes under protected group

func (*CrowdsecHandler) Start 

func (h *CrowdsecHandler) Start(c *gin.Context)

Start starts the CrowdSec process and waits for LAPI to be ready.

func (*CrowdsecHandler) Status 

func (h *CrowdsecHandler) Status(c *gin.Context)

Status returns running state including LAPI availability check.

func (*CrowdsecHandler) Stop 

func (h *CrowdsecHandler) Stop(c *gin.Context)

Stop stops the CrowdSec process.

func (*CrowdsecHandler) UnbanIP 

func (h *CrowdsecHandler) UnbanIP(c *gin.Context)

UnbanIP removes a ban for an IP address

func (*CrowdsecHandler) UpdateAcquisitionConfig 

func (h *CrowdsecHandler) UpdateAcquisitionConfig(c *gin.Context)

UpdateAcquisitionConfig updates the CrowdSec acquisition configuration. PUT /api/v1/admin/crowdsec/acquisition

func (*CrowdsecHandler) WriteFile 

func (h *CrowdsecHandler) WriteFile(c *gin.Context)

WriteFile writes content to a file under the CrowdSec DataDir, creating a backup before doing so. JSON body: { "path": "relative/path.conf", "content": "..." }

type DefaultCrowdsecExecutor 

type DefaultCrowdsecExecutor struct {
	// contains filtered or unexported fields
}

DefaultCrowdsecExecutor implements CrowdsecExecutor using OS processes.

func NewDefaultCrowdsecExecutor 

func NewDefaultCrowdsecExecutor() *DefaultCrowdsecExecutor

func (*DefaultCrowdsecExecutor) Start 

func (e *DefaultCrowdsecExecutor) Start(ctx context.Context, binPath, configDir string) (int, error)

func (*DefaultCrowdsecExecutor) Status 

func (e *DefaultCrowdsecExecutor) Status(ctx context.Context, configDir string) (running bool, pid int, err error)

func (*DefaultCrowdsecExecutor) Stop 

func (e *DefaultCrowdsecExecutor) Stop(ctx context.Context, configDir string) error

Stop stops the CrowdSec process. It is idempotent - stopping an already-stopped service or one that was never started will succeed without error.

type DockerHandler 

type DockerHandler struct {
	// contains filtered or unexported fields
}

func NewDockerHandler 

func NewDockerHandler(dockerService *services.DockerService, remoteServerService *services.RemoteServerService) *DockerHandler

func (*DockerHandler) ListContainers 

func (h *DockerHandler) ListContainers(c *gin.Context)

func (*DockerHandler) RegisterRoutes 

func (h *DockerHandler) RegisterRoutes(r *gin.RouterGroup)

type DomainHandler 

type DomainHandler struct {
	DB *gorm.DB
	// contains filtered or unexported fields
}

func NewDomainHandler 

func NewDomainHandler(db *gorm.DB, ns *services.NotificationService) *DomainHandler

func (*DomainHandler) Create 

func (h *DomainHandler) Create(c *gin.Context)

func (*DomainHandler) Delete 

func (h *DomainHandler) Delete(c *gin.Context)

func (*DomainHandler) List 

func (h *DomainHandler) List(c *gin.Context)

type FeatureFlagsHandler 

type FeatureFlagsHandler struct {
	DB *gorm.DB
}

FeatureFlagsHandler exposes simple DB-backed feature flags with env fallback.

func NewFeatureFlagsHandler 

func NewFeatureFlagsHandler(db *gorm.DB) *FeatureFlagsHandler

func (*FeatureFlagsHandler) GetFlags 

func (h *FeatureFlagsHandler) GetFlags(c *gin.Context)

GetFlags returns a map of feature flag -> bool. DB setting takes precedence and falls back to environment variables if present.

func (*FeatureFlagsHandler) UpdateFlags 

func (h *FeatureFlagsHandler) UpdateFlags(c *gin.Context)

UpdateFlags accepts a JSON object map[string]bool and upserts settings.

type ImportHandler 

type ImportHandler struct {
	// contains filtered or unexported fields
}

ImportHandler handles Caddyfile import operations.

func NewImportHandler 

func NewImportHandler(db *gorm.DB, caddyBinary, importDir, mountPath string) *ImportHandler

NewImportHandler creates a new import handler.

func (*ImportHandler) Cancel 

func (h *ImportHandler) Cancel(c *gin.Context)

Cancel discards a pending import session.

func (*ImportHandler) Commit 

func (h *ImportHandler) Commit(c *gin.Context)

Commit finalizes the import with user's conflict resolutions.

func (*ImportHandler) DetectImports 

func (h *ImportHandler) DetectImports(c *gin.Context)

DetectImports analyzes Caddyfile content and returns detected import directives.

func (*ImportHandler) GetPreview 

func (h *ImportHandler) GetPreview(c *gin.Context)

GetPreview returns parsed hosts and conflicts for review.

func (*ImportHandler) GetStatus 

func (h *ImportHandler) GetStatus(c *gin.Context)

GetStatus returns current import session status.

func (*ImportHandler) RegisterRoutes 

func (h *ImportHandler) RegisterRoutes(router *gin.RouterGroup)

RegisterRoutes registers import-related routes.

func (*ImportHandler) Upload 

func (h *ImportHandler) Upload(c *gin.Context)

Upload handles manual Caddyfile upload or paste.

func (*ImportHandler) UploadMulti 

func (h *ImportHandler) UploadMulti(c *gin.Context)

UploadMulti handles upload of main Caddyfile + multiple site files.

type InviteUserRequest 

type InviteUserRequest struct {
	Email          string `json:"email" binding:"required,email"`
	Role           string `json:"role"`
	PermissionMode string `json:"permission_mode"`
	PermittedHosts []uint `json:"permitted_hosts"`
}

InviteUserRequest represents the request body for inviting a user.

type LogEntry 

type LogEntry struct {
	Level     string                 `json:"level"`
	Message   string                 `json:"message"`
	Timestamp string                 `json:"timestamp"`
	Source    string                 `json:"source"`
	Fields    map[string]interface{} `json:"fields"`
}

LogEntry represents a structured log entry sent over WebSocket.

type LoginRequest 

type LoginRequest struct {
	Email    string `json:"email" binding:"required,email"`
	Password string `json:"password" binding:"required"`
}

type LogsHandler 

type LogsHandler struct {
	// contains filtered or unexported fields
}

func NewLogsHandler 

func NewLogsHandler(service *services.LogService) *LogsHandler

func (*LogsHandler) Download 

func (h *LogsHandler) Download(c *gin.Context)

func (*LogsHandler) List 

func (h *LogsHandler) List(c *gin.Context)

func (*LogsHandler) Read 

func (h *LogsHandler) Read(c *gin.Context)

type MyIPResponse 

type MyIPResponse struct {
	IP     string `json:"ip"`
	Source string `json:"source"`
}

type NotificationHandler 

type NotificationHandler struct {
	// contains filtered or unexported fields
}

func NewNotificationHandler 

func NewNotificationHandler(service *services.NotificationService) *NotificationHandler

func (*NotificationHandler) List 

func (h *NotificationHandler) List(c *gin.Context)

func (*NotificationHandler) MarkAllAsRead 

func (h *NotificationHandler) MarkAllAsRead(c *gin.Context)

func (*NotificationHandler) MarkAsRead 

func (h *NotificationHandler) MarkAsRead(c *gin.Context)

type NotificationProviderHandler 

type NotificationProviderHandler struct {
	// contains filtered or unexported fields
}

func NewNotificationProviderHandler 

func NewNotificationProviderHandler(service *services.NotificationService) *NotificationProviderHandler

func (*NotificationProviderHandler) Create 

func (h *NotificationProviderHandler) Create(c *gin.Context)

func (*NotificationProviderHandler) Delete 

func (h *NotificationProviderHandler) Delete(c *gin.Context)

func (*NotificationProviderHandler) List 

func (h *NotificationProviderHandler) List(c *gin.Context)

func (*NotificationProviderHandler) Preview 

func (h *NotificationProviderHandler) Preview(c *gin.Context)

Preview renders the template for a provider and returns the resulting JSON object or an error.

func (*NotificationProviderHandler) Templates 

func (h *NotificationProviderHandler) Templates(c *gin.Context)

Templates returns a list of built-in templates a provider can use.

func (*NotificationProviderHandler) Test 

func (h *NotificationProviderHandler) Test(c *gin.Context)

func (*NotificationProviderHandler) Update 

func (h *NotificationProviderHandler) Update(c *gin.Context)

type NotificationTemplateHandler 

type NotificationTemplateHandler struct {
	// contains filtered or unexported fields
}

func NewNotificationTemplateHandler 

func NewNotificationTemplateHandler(s *services.NotificationService) *NotificationTemplateHandler

func (*NotificationTemplateHandler) Create 

func (h *NotificationTemplateHandler) Create(c *gin.Context)

func (*NotificationTemplateHandler) Delete 

func (h *NotificationTemplateHandler) Delete(c *gin.Context)

func (*NotificationTemplateHandler) List 

func (h *NotificationTemplateHandler) List(c *gin.Context)

func (*NotificationTemplateHandler) Preview 

func (h *NotificationTemplateHandler) Preview(c *gin.Context)

Preview allows rendering an arbitrary template (provided in request) or a stored template by id.

func (*NotificationTemplateHandler) Update 

func (h *NotificationTemplateHandler) Update(c *gin.Context)

type ProxyHostHandler 

type ProxyHostHandler struct {
	// contains filtered or unexported fields
}

ProxyHostHandler handles CRUD operations for proxy hosts.

func NewProxyHostHandler 

func NewProxyHostHandler(db *gorm.DB, caddyManager *caddy.Manager, ns *services.NotificationService, uptimeService *services.UptimeService) *ProxyHostHandler

NewProxyHostHandler creates a new proxy host handler.

func (*ProxyHostHandler) BulkUpdateACL 

func (h *ProxyHostHandler) BulkUpdateACL(c *gin.Context)

BulkUpdateACL applies or removes an access list to multiple proxy hosts.

func (*ProxyHostHandler) Create 

func (h *ProxyHostHandler) Create(c *gin.Context)

Create creates a new proxy host.

func (*ProxyHostHandler) Delete 

func (h *ProxyHostHandler) Delete(c *gin.Context)

Delete removes a proxy host.

func (*ProxyHostHandler) Get 

func (h *ProxyHostHandler) Get(c *gin.Context)

Get retrieves a proxy host by UUID.

func (*ProxyHostHandler) List 

func (h *ProxyHostHandler) List(c *gin.Context)

List retrieves all proxy hosts.

func (*ProxyHostHandler) RegisterRoutes 

func (h *ProxyHostHandler) RegisterRoutes(router *gin.RouterGroup)

RegisterRoutes registers proxy host routes.

func (*ProxyHostHandler) TestConnection 

func (h *ProxyHostHandler) TestConnection(c *gin.Context)

TestConnection checks if the proxy host is reachable.

func (*ProxyHostHandler) Update 

func (h *ProxyHostHandler) Update(c *gin.Context)

Update updates an existing proxy host.

type RealCommandExecutor 

type RealCommandExecutor struct{}

RealCommandExecutor executes commands using os/exec.

func (*RealCommandExecutor) Execute 

func (r *RealCommandExecutor) Execute(ctx context.Context, name string, args ...string) ([]byte, error)

Execute runs a command and returns its combined output (stdout/stderr)

type RegisterRequest 

type RegisterRequest struct {
	Email    string `json:"email" binding:"required,email"`
	Password string `json:"password" binding:"required,min=8"`
	Name     string `json:"name" binding:"required"`
}

type RemoteServerHandler 

type RemoteServerHandler struct {
	// contains filtered or unexported fields
}

RemoteServerHandler handles HTTP requests for remote server management.

func NewRemoteServerHandler 

func NewRemoteServerHandler(service *services.RemoteServerService, ns *services.NotificationService) *RemoteServerHandler

NewRemoteServerHandler creates a new remote server handler.

func (*RemoteServerHandler) Create 

func (h *RemoteServerHandler) Create(c *gin.Context)

Create creates a new remote server.

func (*RemoteServerHandler) Delete 

func (h *RemoteServerHandler) Delete(c *gin.Context)

Delete removes a remote server.

func (*RemoteServerHandler) Get 

func (h *RemoteServerHandler) Get(c *gin.Context)

Get retrieves a remote server by UUID.

func (*RemoteServerHandler) List 

func (h *RemoteServerHandler) List(c *gin.Context)

List retrieves all remote servers.

func (*RemoteServerHandler) RegisterRoutes 

func (h *RemoteServerHandler) RegisterRoutes(router *gin.RouterGroup)

RegisterRoutes registers remote server routes.

func (*RemoteServerHandler) TestConnection 

func (h *RemoteServerHandler) TestConnection(c *gin.Context)

TestConnection tests the TCP connection to a remote server.

func (*RemoteServerHandler) TestConnectionCustom 

func (h *RemoteServerHandler) TestConnectionCustom(c *gin.Context)

TestConnectionCustom tests connectivity to a host/port provided in the body

func (*RemoteServerHandler) Update 

func (h *RemoteServerHandler) Update(c *gin.Context)

Update updates an existing remote server.

type SMTPConfigRequest 

type SMTPConfigRequest struct {
	Host        string `json:"host" binding:"required"`
	Port        int    `json:"port" binding:"required,min=1,max=65535"`
	Username    string `json:"username"`
	Password    string `json:"password"`
	FromAddress string `json:"from_address" binding:"required,email"`
	Encryption  string `json:"encryption" binding:"required,oneof=none ssl starttls"`
}

SMTPConfigRequest represents the request body for SMTP configuration.

type SecurityHandler 

type SecurityHandler struct {
	// contains filtered or unexported fields
}

SecurityHandler handles security-related API requests.

func NewSecurityHandler 

func NewSecurityHandler(cfg config.SecurityConfig, db *gorm.DB, caddyManager *caddy.Manager) *SecurityHandler

NewSecurityHandler creates a new SecurityHandler.

func (*SecurityHandler) AddWAFExclusion 

func (h *SecurityHandler) AddWAFExclusion(c *gin.Context)

AddWAFExclusion adds a rule exclusion to the WAF configuration

func (*SecurityHandler) CreateDecision 

func (h *SecurityHandler) CreateDecision(c *gin.Context)

CreateDecision creates a manual decision (override) - for now no checks besides payload

func (*SecurityHandler) DeleteRuleSet 

func (h *SecurityHandler) DeleteRuleSet(c *gin.Context)

DeleteRuleSet removes a ruleset by id

func (*SecurityHandler) DeleteWAFExclusion 

func (h *SecurityHandler) DeleteWAFExclusion(c *gin.Context)

DeleteWAFExclusion removes a rule exclusion by rule_id

func (*SecurityHandler) Disable 

func (h *SecurityHandler) Disable(c *gin.Context)

Disable toggles Cerberus off; requires break-glass token or localhost request

func (*SecurityHandler) Enable 

func (h *SecurityHandler) Enable(c *gin.Context)

Enable toggles Cerberus on, validating admin whitelist or break-glass token

func (*SecurityHandler) GenerateBreakGlass 

func (h *SecurityHandler) GenerateBreakGlass(c *gin.Context)

GenerateBreakGlass generates a break-glass token and returns the plaintext token once

func (*SecurityHandler) GetConfig 

func (h *SecurityHandler) GetConfig(c *gin.Context)

GetConfig returns the site security configuration from DB or default

func (*SecurityHandler) GetGeoIPStatus 

func (h *SecurityHandler) GetGeoIPStatus(c *gin.Context)

GetGeoIPStatus returns the current status of the GeoIP service.

func (*SecurityHandler) GetRateLimitPresets 

func (h *SecurityHandler) GetRateLimitPresets(c *gin.Context)

GetRateLimitPresets returns predefined rate limit configurations

func (*SecurityHandler) GetStatus 

func (h *SecurityHandler) GetStatus(c *gin.Context)

GetStatus returns the current status of all security services. Priority chain: 1. Settings table (highest - runtime overrides) 2. SecurityConfig DB record (middle - user configuration) 3. Static config (lowest - defaults)

func (*SecurityHandler) GetWAFExclusions 

func (h *SecurityHandler) GetWAFExclusions(c *gin.Context)

GetWAFExclusions returns current WAF rule exclusions from SecurityConfig

func (*SecurityHandler) ListDecisions 

func (h *SecurityHandler) ListDecisions(c *gin.Context)

ListDecisions returns recent security decisions

func (*SecurityHandler) ListRuleSets 

func (h *SecurityHandler) ListRuleSets(c *gin.Context)

ListRuleSets returns the list of known rulesets

func (*SecurityHandler) LookupGeoIP 

func (h *SecurityHandler) LookupGeoIP(c *gin.Context)

LookupGeoIP performs a GeoIP lookup for a given IP address.

func (*SecurityHandler) ReloadGeoIP 

func (h *SecurityHandler) ReloadGeoIP(c *gin.Context)

ReloadGeoIP reloads the GeoIP database from disk.

func (*SecurityHandler) SetGeoIPService 

func (h *SecurityHandler) SetGeoIPService(geoipSvc *services.GeoIPService)

SetGeoIPService sets the GeoIP service for the handler.

func (*SecurityHandler) UpdateConfig 

func (h *SecurityHandler) UpdateConfig(c *gin.Context)

UpdateConfig creates or updates the SecurityConfig in DB

func (*SecurityHandler) UpsertRuleSet 

func (h *SecurityHandler) UpsertRuleSet(c *gin.Context)

UpsertRuleSet uploads or updates a ruleset

type SecurityNotificationHandler 

type SecurityNotificationHandler struct {
	// contains filtered or unexported fields
}

SecurityNotificationHandler handles notification settings endpoints.

func NewSecurityNotificationHandler 

func NewSecurityNotificationHandler(service *services.SecurityNotificationService) *SecurityNotificationHandler

NewSecurityNotificationHandler creates a new handler instance.

func (*SecurityNotificationHandler) GetSettings 

func (h *SecurityNotificationHandler) GetSettings(c *gin.Context)

GetSettings retrieves the current notification settings.

func (*SecurityNotificationHandler) UpdateSettings 

func (h *SecurityNotificationHandler) UpdateSettings(c *gin.Context)

UpdateSettings updates the notification settings.

type SettingsHandler 

type SettingsHandler struct {
	DB          *gorm.DB
	MailService *services.MailService
}

func NewSettingsHandler 

func NewSettingsHandler(db *gorm.DB) *SettingsHandler

func (*SettingsHandler) GetSMTPConfig 

func (h *SettingsHandler) GetSMTPConfig(c *gin.Context)

GetSMTPConfig returns the current SMTP configuration.

func (*SettingsHandler) GetSettings 

func (h *SettingsHandler) GetSettings(c *gin.Context)

GetSettings returns all settings.

func (*SettingsHandler) SendTestEmail 

func (h *SettingsHandler) SendTestEmail(c *gin.Context)

SendTestEmail sends a test email to verify the SMTP configuration.

func (*SettingsHandler) TestSMTPConfig 

func (h *SettingsHandler) TestSMTPConfig(c *gin.Context)

TestSMTPConfig tests the SMTP connection.

func (*SettingsHandler) UpdateSMTPConfig 

func (h *SettingsHandler) UpdateSMTPConfig(c *gin.Context)

UpdateSMTPConfig updates the SMTP configuration.

func (*SettingsHandler) UpdateSetting 

func (h *SettingsHandler) UpdateSetting(c *gin.Context)

UpdateSetting updates or creates a setting.

type SetupRequest 

type SetupRequest struct {
	Name     string `json:"name" binding:"required"`
	Email    string `json:"email" binding:"required,email"`
	Password string `json:"password" binding:"required,min=8"`
}

type SystemHandler 

type SystemHandler struct{}

func NewSystemHandler 

func NewSystemHandler() *SystemHandler

func (*SystemHandler) GetMyIP 

func (h *SystemHandler) GetMyIP(c *gin.Context)

GetMyIP returns the client's public IP address

type UpdateHandler 

type UpdateHandler struct {
	// contains filtered or unexported fields
}

func NewUpdateHandler 

func NewUpdateHandler(service *services.UpdateService) *UpdateHandler

func (*UpdateHandler) Check 

func (h *UpdateHandler) Check(c *gin.Context)

type UpdateProfileRequest 

type UpdateProfileRequest struct {
	Name            string `json:"name" binding:"required"`
	Email           string `json:"email" binding:"required,email"`
	CurrentPassword string `json:"current_password"`
}

type UpdateSettingRequest 

type UpdateSettingRequest struct {
	Key      string `json:"key" binding:"required"`
	Value    string `json:"value" binding:"required"`
	Category string `json:"category"`
	Type     string `json:"type"`
}

type UpdateUserPermissionsRequest 

type UpdateUserPermissionsRequest struct {
	PermissionMode string `json:"permission_mode" binding:"required,oneof=allow_all deny_all"`
	PermittedHosts []uint `json:"permitted_hosts"`
}

UpdateUserPermissionsRequest represents the request body for updating user permissions.

type UpdateUserRequest 

type UpdateUserRequest struct {
	Name    string `json:"name"`
	Email   string `json:"email"`
	Role    string `json:"role"`
	Enabled *bool  `json:"enabled"`
}

UpdateUserRequest represents the request body for updating a user.

type UploadCertificateRequest 

type UploadCertificateRequest struct {
	Name        string `form:"name" binding:"required"`
	Certificate string `form:"certificate"` // PEM content
	PrivateKey  string `form:"private_key"` // PEM content
}

type UptimeHandler 

type UptimeHandler struct {
	// contains filtered or unexported fields
}

func NewUptimeHandler 

func NewUptimeHandler(service *services.UptimeService) *UptimeHandler

func (*UptimeHandler) CheckMonitor 

func (h *UptimeHandler) CheckMonitor(c *gin.Context)

CheckMonitor triggers an immediate check for a specific monitor

func (*UptimeHandler) Delete 

func (h *UptimeHandler) Delete(c *gin.Context)

Delete removes a monitor and its associated data

func (*UptimeHandler) GetHistory 

func (h *UptimeHandler) GetHistory(c *gin.Context)

func (*UptimeHandler) List 

func (h *UptimeHandler) List(c *gin.Context)

func (*UptimeHandler) Sync 

func (h *UptimeHandler) Sync(c *gin.Context)

func (*UptimeHandler) Update 

func (h *UptimeHandler) Update(c *gin.Context)

type UserHandler 

type UserHandler struct {
	DB          *gorm.DB
	MailService *services.MailService
}

func NewUserHandler 

func NewUserHandler(db *gorm.DB) *UserHandler

func (*UserHandler) AcceptInvite 

func (h *UserHandler) AcceptInvite(c *gin.Context)

AcceptInvite accepts an invitation and sets the user's password (public endpoint).

func (*UserHandler) CreateUser 

func (h *UserHandler) CreateUser(c *gin.Context)

CreateUser creates a new user with a password (admin only).

func (*UserHandler) DeleteUser 

func (h *UserHandler) DeleteUser(c *gin.Context)

DeleteUser deletes a user (admin only).

func (*UserHandler) GetProfile 

func (h *UserHandler) GetProfile(c *gin.Context)

GetProfile returns the current user's profile including API key.

func (*UserHandler) GetSetupStatus 

func (h *UserHandler) GetSetupStatus(c *gin.Context)

GetSetupStatus checks if the application needs initial setup (i.e., no users exist).

func (*UserHandler) GetUser 

func (h *UserHandler) GetUser(c *gin.Context)

GetUser returns a single user by ID (admin only).

func (*UserHandler) InviteUser 

func (h *UserHandler) InviteUser(c *gin.Context)

InviteUser creates a new user with an invite token and sends an email (admin only).

func (*UserHandler) ListUsers 

func (h *UserHandler) ListUsers(c *gin.Context)

ListUsers returns all users (admin only).

func (*UserHandler) RegenerateAPIKey 

func (h *UserHandler) RegenerateAPIKey(c *gin.Context)

RegenerateAPIKey generates a new API key for the authenticated user.

func (*UserHandler) RegisterRoutes 

func (h *UserHandler) RegisterRoutes(r *gin.RouterGroup)

func (*UserHandler) Setup 

func (h *UserHandler) Setup(c *gin.Context)

Setup creates the initial admin user and configures the ACME email.

func (*UserHandler) UpdateProfile 

func (h *UserHandler) UpdateProfile(c *gin.Context)

UpdateProfile updates the authenticated user's profile.

func (*UserHandler) UpdateUser 

func (h *UserHandler) UpdateUser(c *gin.Context)

UpdateUser updates an existing user (admin only).

func (*UserHandler) UpdateUserPermissions 

func (h *UserHandler) UpdateUserPermissions(c *gin.Context)

UpdateUserPermissions updates a user's permission mode and host exceptions (admin only).

func (*UserHandler) ValidateInvite 

func (h *UserHandler) ValidateInvite(c *gin.Context)

ValidateInvite validates an invite token (public endpoint).

type WAFExclusion 

type WAFExclusion struct {
	RuleID      int    `json:"rule_id"`
	Target      string `json:"target,omitempty"`
	Description string `json:"description,omitempty"`
}

WAFExclusion represents a stored rule exclusion

type WAFExclusionRequest 

type WAFExclusionRequest struct {
	RuleID      int    `json:"rule_id" binding:"required"`
	Target      string `json:"target,omitempty"`      // e.g., "ARGS:password"
	Description string `json:"description,omitempty"` // Human-readable reason
}

WAFExclusionRequest represents a rule exclusion for false positives

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.