lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: reload/stop jail 404 + access list simulator

Browse Source 
Task 1 — fix Stop/Reload Jail returning 404
  Root cause: reload_jail and reload_all sent an empty config stream
  (["reload", name, [], []]).  In fail2ban's reload protocol the end-of-
  reload phase deletes every jail still in reload_state — i.e. every jail
  that received no configuration commands.  An empty stream means *all*
  affected jails are silently removed from the daemon's runtime, causing
  everything touching those jails afterwards (including stop) to receive
  UnknownJailException → HTTP 404.

  Fixes:
  - reload_jail: send ["start", name] in the config stream; startJail()
    removes the jail from reload_state so the end phase commits instead of
    deletes, and un-idles the jail.
  - reload_all: fetch current jail list first, build a ["start", name]
    entry for every active jail, then send reload --all with that stream.
  - stop_jail: made idempotent — if the jail is already gone (not-found
    error) the operation silently succeeds (200 OK) rather than returning
    404, matching the user expectation that stop = ensure-stopped.
  - Router: removed dead JailNotFoundError handler from stop endpoint.

  391 tests pass (2 new), ruff clean, mypy clean (pre-existing
  config.py error unchanged).

Task 2 — access list simulator
  - Docker/simulate_accesses.sh: writes fake HTTP-scan log lines in
    custom format (bangui-access: http scan from <IP> ...) to
    Docker/logs/access.log so the bangui-access jail detects them.
  - fail2ban/filter.d/bangui-access.conf: failregex matching the above.
  - fail2ban/jail.d/bangui-access.conf: polling jail on access.log,
    same settings as bangui-sim (maxretry=3, bantime=60s).
  - .gitignore: whitelist new bangui-access.conf files.
  - Docker/fail2ban-dev-config/README.md: added "Testing the Access
    List Feature" section with step-by-step instructions and updated
    Configuration Reference + Troubleshooting.
This commit is contained in:
Lukas
2026-03-06 19:49:31 +01:00
parent 73c1300d9f
commit 08b8f3872a
10 changed files with 239 additions and 965 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
backend/tests/test_routers/test_jails.py
View File

@@ -257,17 +257,19 @@ class TestStopJail:
assert resp.status_code == 200
async def test_404_for_unknown_jail(self, jails_client: AsyncClient) -> None:
"""POST /api/jails/ghost/stop returns 404."""
from app.services.jail_service import JailNotFoundError
async def test_200_for_already_stopped_jail(self, jails_client: AsyncClient) -> None:
"""POST /api/jails/sshd/stop returns 200 even when the jail is already stopped.
stop_jail is idempotent — service returns None rather than raising
JailNotFoundError when the jail is not present in fail2ban's runtime.
"""
with patch(
"app.routers.jails.jail_service.stop_jail",
AsyncMock(side_effect=JailNotFoundError("ghost")),
AsyncMock(return_value=None),
):
resp = await jails_client.post("/api/jails/ghost/stop")
resp = await jails_client.post("/api/jails/sshd/stop")
assert resp.status_code == 404
assert resp.status_code == 200
# ---------------------------------------------------------------------------