Enforce repository boundary: Remove DbDep from routers

This commit enforces the repository boundary by eliminating direct database connection dependencies (DbDep) from all routers. Routers now depend on service context dependencies that combine the database connection with the related repositories. Changes: - Add 5 service context dependencies in dependencies.py: * SessionServiceContext: db + session_repo * BlocklistServiceContext: db + blocklist_repo + import_log_repo + settings_repo * SettingsServiceContext: db + settings_repo * BanServiceContext: db + fail2ban_db_repo * HistoryServiceContext: db + fail2ban_db_repo + history_archive_repo - Refactor all 9 routers (auth, bans, blocklist, config_misc, dashboard, geo, history, jails, setup) to use service contexts instead of DbDep. - Update Backend-Development.md with clear examples of the new pattern and documentation of available service contexts. Rationale: - Enforces the repository boundary through the dependency system - Makes database operations explicit and auditable - Improves testability by allowing service contexts to be mocked - Prevents accidental direct database access from routers The deprecated DbDep remains available for backward compatibility with services that have not yet been refactored, but routers can no longer import it. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-28 07:35:23 +02:00
parent 813cf09bed
commit 507f153ab9
11 changed files with 318 additions and 105 deletions
--- a/backend/app/routers/dashboard.py
+++ b/backend/app/routers/dashboard.py
@@ -19,7 +19,7 @@ from fastapi import APIRouter, Query
 from app import __version__
 from app.dependencies import (
    AuthDep,
-    DbDep,
+    BanServiceContextDep,
    Fail2BanSocketDep,
    GeoCacheDep,
    HttpSessionDep,
@@ -81,7 +81,7 @@ async def get_server_status(
 )
 async def get_dashboard_bans(
    _auth: AuthDep,
-    db: DbDep,
+    ban_ctx: BanServiceContextDep,
    socket_path: Fail2BanSocketDep,
    http_session: HttpSessionDep,
    geo_cache: GeoCacheDep,
@@ -107,6 +107,10 @@ async def get_dashboard_bans(

    Args:
        _auth: Validated session dependency.
+        ban_ctx: Ban service context containing db and repository.
+        socket_path: Path to fail2ban Unix domain socket.
+        http_session: Shared HTTP session for geolocation.
+        geo_cache: Geolocation cache instance.
        range: Time-range preset — ``"24h"``, ``"7d"``, ``"30d"``, or
            ``"365d"``.
        page: 1-based page number.
@@ -124,7 +128,7 @@ async def get_dashboard_bans(
        page=page,
        page_size=page_size,
        http_session=http_session,
-        app_db=db,
+        app_db=ban_ctx.db,
        geo_cache=geo_cache,
        origin=origin,
    )
@@ -137,7 +141,7 @@ async def get_dashboard_bans(
 )
 async def get_bans_by_country(
    _auth: AuthDep,
-    db: DbDep,
+    ban_ctx: BanServiceContextDep,
    socket_path: Fail2BanSocketDep,
    http_session: HttpSessionDep,
    geo_cache: GeoCacheDep,
@@ -165,6 +169,10 @@ async def get_bans_by_country(

    Args:
        _auth: Validated session dependency.
+        ban_ctx: Ban service context containing db and repository.
+        socket_path: Path to fail2ban Unix domain socket.
+        http_session: Shared HTTP session for geolocation.
+        geo_cache: Geolocation cache instance.
        range: Time-range preset.
        origin: Optional filter by ban origin.

@@ -179,7 +187,7 @@ async def get_bans_by_country(
        http_session=http_session,
        geo_cache_lookup=geo_cache.lookup_cached_only,
        geo_cache=geo_cache,
-        app_db=db,
+        app_db=ban_ctx.db,
        origin=origin,
        country_code=country_code,
    )
@@ -192,7 +200,7 @@ async def get_bans_by_country(
 )
 async def get_ban_trend(
    _auth: AuthDep,
-    db: DbDep,
+    ban_ctx: BanServiceContextDep,
    socket_path: Fail2BanSocketDep,
    range: TimeRange = Query(default=_DEFAULT_RANGE, description="Time-range preset."),
    source: Literal["fail2ban", "archive"] = Query(
@@ -220,6 +228,8 @@ async def get_ban_trend(

    Args:
        _auth: Validated session dependency.
+        ban_ctx: Ban service context containing db and repository.
+        socket_path: Path to fail2ban Unix domain socket.
        range: Time-range preset.
        origin: Optional filter by ban origin.

@@ -231,7 +241,7 @@ async def get_ban_trend(
        socket_path,
        range,
        source=source,
-        app_db=db,
+        app_db=ban_ctx.db,
        origin=origin,
    )

@@ -243,7 +253,7 @@ async def get_ban_trend(
 )
 async def get_bans_by_jail(
    _auth: AuthDep,
-    db: DbDep,
+    ban_ctx: BanServiceContextDep,
    socket_path: Fail2BanSocketDep,
    range: TimeRange = Query(default=_DEFAULT_RANGE, description="Time-range preset."),
    source: Literal["fail2ban", "archive"] = Query(
@@ -263,6 +273,8 @@ async def get_bans_by_jail(

    Args:
        _auth: Validated session dependency.
+        ban_ctx: Ban service context containing db and repository.
+        socket_path: Path to fail2ban Unix domain socket.
        range: Time-range preset — ``"24h"``, ``"7d"``, ``"30d"``, or
            ``"365d"``.
        origin: Optional filter by ban origin.
@@ -275,6 +287,6 @@ async def get_bans_by_jail(
        socket_path,
        range,
        source=source,
-        app_db=db,
+        app_db=ban_ctx.db,
        origin=origin,
    )