lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(backend): add file-config CRUD service and router

Browse Source 
- file_config_service.py: service layer for reading, writing, and
  validating fail2ban conf files (jail.local, action.d/*, filter.d/*)
- file_config.py: REST router exposing GET/PUT endpoints for conf-file
  contents, sections, and key-value pairs; supports jails, actions,
  and filters
This commit is contained in:
Lukas
2026-03-13 13:47:19 +01:00
parent 63b48849a7
commit 673eb4c7c2
2 changed files with 555 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

312
backend/app/routers/file_config.py
View File

@@ -11,10 +11,14 @@ Endpoints:
* ``GET /api/config/filters/{name}`` — get one filter file (with content)
* ``PUT /api/config/filters/{name}`` — update a filter file
* ``POST /api/config/filters`` — create a new filter file
* ``GET /api/config/filters/{name}/parsed`` — parse a filter file into a structured model
* ``PUT /api/config/filters/{name}/parsed`` — update a filter file from a structured model
* ``GET /api/config/actions`` — list all action files
* ``GET /api/config/actions/{name}`` — get one action file (with content)
* ``PUT /api/config/actions/{name}`` — update an action file
* ``POST /api/config/actions`` — create a new action file
* ``GET /api/config/actions/{name}/parsed`` — parse an action file into a structured model
* ``PUT /api/config/actions/{name}/parsed`` — update an action file from a structured model
"""
from __future__ import annotations
@@ -24,6 +28,14 @@ from typing import Annotated
from fastapi import APIRouter, HTTPException, Path, Request, status
from app.dependencies import AuthDep
from app.models.config import (
ActionConfig,
ActionConfigUpdate,
FilterConfig,
FilterConfigUpdate,
JailFileConfig,
JailFileConfigUpdate,
)
from app.models.file_config import (
ConfFileContent,
ConfFileCreateRequest,
@@ -199,6 +211,51 @@ async def set_jail_config_file_enabled(
raise _service_unavailable(str(exc)) from exc
@router.post(
"/jail-files",
response_model=ConfFileContent,
status_code=status.HTTP_201_CREATED,
summary="Create a new jail.d config file",
)
async def create_jail_config_file(
request: Request,
_auth: AuthDep,
body: ConfFileCreateRequest,
) -> ConfFileContent:
"""Create a new ``.conf`` file in ``jail.d/``.
Args:
request: Incoming request.
_auth: Validated session.
body: :class:`~app.models.file_config.ConfFileCreateRequest` with name and content.
Returns:
:class:`~app.models.file_config.ConfFileContent` with the created file metadata.
Raises:
HTTPException: 400 if the name is unsafe or the content exceeds the size limit.
HTTPException: 409 if a file with that name already exists.
HTTPException: 503 if the config directory is unavailable.
"""
config_dir: str = request.app.state.settings.fail2ban_config_dir
try:
filename = await file_config_service.create_jail_config_file(config_dir, body)
except ConfigFileNameError as exc:
raise _bad_request(str(exc)) from exc
except ConfigFileExistsError:
raise _conflict(body.name) from None
except ConfigFileWriteError as exc:
raise _bad_request(str(exc)) from exc
except ConfigDirError as exc:
raise _service_unavailable(str(exc)) from exc
return ConfFileContent(
name=body.name,
filename=filename,
content=body.content,
)
# ---------------------------------------------------------------------------
# Filter file endpoints (Task 4d)
# ---------------------------------------------------------------------------
@@ -493,3 +550,258 @@ async def create_action_file(
filename=filename,
content=body.content,
)
# ---------------------------------------------------------------------------
# Parsed filter endpoints (Task 2.1)
# ---------------------------------------------------------------------------
@router.get(
"/filters/{name}/parsed",
response_model=FilterConfig,
summary="Return a filter file parsed into a structured model",
)
async def get_parsed_filter(
request: Request,
_auth: AuthDep,
name: _NamePath,
) -> FilterConfig:
"""Parse a filter definition file and return its structured fields.
The file is read from ``filter.d/``, parsed as fail2ban INI format, and
returned as a :class:`~app.models.config.FilterConfig` JSON object. This
is the input model for the form-based filter editor (Task 2.3).
Args:
request: Incoming request.
_auth: Validated session.
name: Base name (e.g. ``sshd`` or ``sshd.conf``).
Returns:
:class:`~app.models.config.FilterConfig`.
Raises:
HTTPException: 400 if *name* is unsafe.
HTTPException: 404 if the file does not exist.
HTTPException: 503 if the config directory is unavailable.
"""
config_dir: str = request.app.state.settings.fail2ban_config_dir
try:
return await file_config_service.get_parsed_filter_file(config_dir, name)
except ConfigFileNameError as exc:
raise _bad_request(str(exc)) from exc
except ConfigFileNotFoundError:
raise _not_found(name) from None
except ConfigDirError as exc:
raise _service_unavailable(str(exc)) from exc
@router.put(
"/filters/{name}/parsed",
status_code=status.HTTP_204_NO_CONTENT,
summary="Update a filter file from a structured model",
)
async def update_parsed_filter(
request: Request,
_auth: AuthDep,
name: _NamePath,
body: FilterConfigUpdate,
) -> None:
"""Apply a partial structured update to a filter definition file.
Fields set to ``null`` in the request body are left unchanged. The file is
re-serialized to fail2ban INI format after merging.
Args:
request: Incoming request.
_auth: Validated session.
name: Base name of the filter to update.
body: Partial :class:`~app.models.config.FilterConfigUpdate`.
Raises:
HTTPException: 400 if *name* is unsafe or content exceeds the size limit.
HTTPException: 404 if the file does not exist.
HTTPException: 503 if the config directory is unavailable.
"""
config_dir: str = request.app.state.settings.fail2ban_config_dir
try:
await file_config_service.update_parsed_filter_file(config_dir, name, body)
except ConfigFileNameError as exc:
raise _bad_request(str(exc)) from exc
except ConfigFileNotFoundError:
raise _not_found(name) from None
except ConfigFileWriteError as exc:
raise _bad_request(str(exc)) from exc
except ConfigDirError as exc:
raise _service_unavailable(str(exc)) from exc
# ---------------------------------------------------------------------------
# Parsed action endpoints (Task 3.1)
# ---------------------------------------------------------------------------
@router.get(
"/actions/{name}/parsed",
response_model=ActionConfig,
summary="Return an action file parsed into a structured model",
)
async def get_parsed_action(
request: Request,
_auth: AuthDep,
name: _NamePath,
) -> ActionConfig:
"""Parse an action definition file and return its structured fields.
The file is read from ``action.d/``, parsed as fail2ban INI format, and
returned as a :class:`~app.models.config.ActionConfig` JSON object. This
is the input model for the form-based action editor (Task 3.3).
Args:
request: Incoming request.
_auth: Validated session.
name: Base name (e.g. ``iptables`` or ``iptables.conf``).
Returns:
:class:`~app.models.config.ActionConfig`.
Raises:
HTTPException: 400 if *name* is unsafe.
HTTPException: 404 if the file does not exist.
HTTPException: 503 if the config directory is unavailable.
"""
config_dir: str = request.app.state.settings.fail2ban_config_dir
try:
return await file_config_service.get_parsed_action_file(config_dir, name)
except ConfigFileNameError as exc:
raise _bad_request(str(exc)) from exc
except ConfigFileNotFoundError:
raise _not_found(name) from None
except ConfigDirError as exc:
raise _service_unavailable(str(exc)) from exc
@router.put(
"/actions/{name}/parsed",
status_code=status.HTTP_204_NO_CONTENT,
summary="Update an action file from a structured model",
)
async def update_parsed_action(
request: Request,
_auth: AuthDep,
name: _NamePath,
body: ActionConfigUpdate,
) -> None:
"""Apply a partial structured update to an action definition file.
Fields set to ``null`` in the request body are left unchanged. The file is
re-serialized to fail2ban INI format after merging.
Args:
request: Incoming request.
_auth: Validated session.
name: Base name of the action to update.
body: Partial :class:`~app.models.config.ActionConfigUpdate`.
Raises:
HTTPException: 400 if *name* is unsafe or content exceeds the size limit.
HTTPException: 404 if the file does not exist.
HTTPException: 503 if the config directory is unavailable.
"""
config_dir: str = request.app.state.settings.fail2ban_config_dir
try:
await file_config_service.update_parsed_action_file(config_dir, name, body)
except ConfigFileNameError as exc:
raise _bad_request(str(exc)) from exc
except ConfigFileNotFoundError:
raise _not_found(name) from None
except ConfigFileWriteError as exc:
raise _bad_request(str(exc)) from exc
except ConfigDirError as exc:
raise _service_unavailable(str(exc)) from exc
# ---------------------------------------------------------------------------
# Parsed jail file endpoints (Task 6.1)
# ---------------------------------------------------------------------------
@router.get(
"/jail-files/{filename}/parsed",
response_model=JailFileConfig,
summary="Return a jail.d file parsed into a structured model",
)
async def get_parsed_jail_file(
request: Request,
_auth: AuthDep,
filename: _NamePath,
) -> JailFileConfig:
"""Parse a jail.d config file and return its structured fields.
The file is read from ``jail.d/``, parsed as fail2ban INI format, and
returned as a :class:`~app.models.config.JailFileConfig` JSON object. This
is the input model for the form-based jail file editor (Task 6.2).
Args:
request: Incoming request.
_auth: Validated session.
filename: Filename including extension (e.g. ``sshd.conf``).
Returns:
:class:`~app.models.config.JailFileConfig`.
Raises:
HTTPException: 400 if *filename* is unsafe.
HTTPException: 404 if the file does not exist.
HTTPException: 503 if the config directory is unavailable.
"""
config_dir: str = request.app.state.settings.fail2ban_config_dir
try:
return await file_config_service.get_parsed_jail_file(config_dir, filename)
except ConfigFileNameError as exc:
raise _bad_request(str(exc)) from exc
except ConfigFileNotFoundError:
raise _not_found(filename) from None
except ConfigDirError as exc:
raise _service_unavailable(str(exc)) from exc
@router.put(
"/jail-files/{filename}/parsed",
status_code=status.HTTP_204_NO_CONTENT,
summary="Update a jail.d file from a structured model",
)
async def update_parsed_jail_file(
request: Request,
_auth: AuthDep,
filename: _NamePath,
body: JailFileConfigUpdate,
) -> None:
"""Apply a partial structured update to a jail.d config file.
Fields set to ``null`` in the request body are left unchanged. The file is
re-serialized to fail2ban INI format after merging.
Args:
request: Incoming request.
_auth: Validated session.
filename: Filename including extension (e.g. ``sshd.conf``).
body: Partial :class:`~app.models.config.JailFileConfigUpdate`.
Raises:
HTTPException: 400 if *filename* is unsafe or content exceeds size limit.
HTTPException: 404 if the file does not exist.
HTTPException: 503 if the config directory is unavailable.
"""
config_dir: str = request.app.state.settings.fail2ban_config_dir
try:
await file_config_service.update_parsed_jail_file(config_dir, filename, body)
except ConfigFileNameError as exc:
raise _bad_request(str(exc)) from exc
except ConfigFileNotFoundError:
raise _not_found(filename) from None
except ConfigFileWriteError as exc:
raise _bad_request(str(exc)) from exc
except ConfigDirError as exc:
raise _service_unavailable(str(exc)) from exc

243
backend/app/services/file_config_service.py
View File

@@ -19,6 +19,7 @@ import asyncio
import configparser
import re
from pathlib import Path
from typing import TYPE_CHECKING
import structlog
@@ -33,6 +34,16 @@ from app.models.file_config import (
JailConfigFilesResponse,
)
if TYPE_CHECKING:
from app.models.config import (
ActionConfig,
ActionConfigUpdate,
FilterConfig,
FilterConfigUpdate,
JailFileConfig,
JailFileConfigUpdate,
)
log: structlog.stdlib.BoundLogger = structlog.get_logger()
# ---------------------------------------------------------------------------
@@ -378,6 +389,35 @@ async def set_jail_config_enabled(
await asyncio.get_event_loop().run_in_executor(None, _do)
async def create_jail_config_file(
config_dir: str,
req: ConfFileCreateRequest,
) -> str:
"""Create a new jail.d config file.
Args:
config_dir: Path to the fail2ban configuration directory.
req: :class:`~app.models.file_config.ConfFileCreateRequest`.
Returns:
The filename that was created.
Raises:
ConfigFileExistsError: If a file with that name already exists.
ConfigFileNameError: If the name is invalid.
ConfigFileWriteError: If the file cannot be created.
ConfigDirError: If *config_dir* does not exist.
"""
def _do() -> str:
jail_d = _resolve_subdir(config_dir, "jail.d")
filename = _create_conf_file(jail_d, req.name, req.content)
log.info("jail_config_file_created", filename=filename)
return filename
return await asyncio.get_event_loop().run_in_executor(None, _do)
# ---------------------------------------------------------------------------
# Internal helpers — generic conf file listing / reading / writing
# ---------------------------------------------------------------------------
@@ -723,3 +763,206 @@ async def create_action_file(
return filename
return await asyncio.get_event_loop().run_in_executor(None, _do)
# ---------------------------------------------------------------------------
# Public API — structured (parsed) filter files (Task 2.1)
# ---------------------------------------------------------------------------
async def get_parsed_filter_file(config_dir: str, name: str) -> FilterConfig:
"""Parse a filter definition file and return its structured representation.
Reads the raw ``.conf``/``.local`` file from ``filter.d/``, parses it with
:func:`~app.services.conffile_parser.parse_filter_file`, and returns the
result.
Args:
config_dir: Path to the fail2ban configuration directory.
name: Base name with or without extension.
Returns:
:class:`~app.models.config.FilterConfig`.
Raises:
ConfigFileNotFoundError: If no matching file is found.
ConfigDirError: If *config_dir* does not exist.
"""
from app.services.conffile_parser import parse_filter_file # avoid circular imports
def _do() -> FilterConfig:
filter_d = _resolve_subdir(config_dir, "filter.d")
raw = _read_conf_file(filter_d, name)
result = parse_filter_file(raw.content, name=raw.name, filename=raw.filename)
log.debug("filter_file_parsed", name=raw.name)
return result
return await asyncio.get_event_loop().run_in_executor(None, _do)
async def update_parsed_filter_file(
config_dir: str,
name: str,
update: FilterConfigUpdate,
) -> None:
"""Apply a structured partial update to a filter definition file.
Reads the existing file, merges *update* onto it, serializes to INI format,
and writes the result back to disk.
Args:
config_dir: Path to the fail2ban configuration directory.
name: Base name of the file to update.
update: Partial fields to apply.
Raises:
ConfigFileNotFoundError: If no matching file is found.
ConfigFileWriteError: If the file cannot be written.
ConfigDirError: If *config_dir* does not exist.
"""
from app.services.conffile_parser import ( # avoid circular imports
merge_filter_update,
parse_filter_file,
serialize_filter_config,
)
def _do() -> None:
filter_d = _resolve_subdir(config_dir, "filter.d")
raw = _read_conf_file(filter_d, name)
current = parse_filter_file(raw.content, name=raw.name, filename=raw.filename)
merged = merge_filter_update(current, update)
new_content = serialize_filter_config(merged)
_validate_content(new_content)
_write_conf_file(filter_d, name, new_content)
log.info("filter_file_updated_parsed", name=name)
await asyncio.get_event_loop().run_in_executor(None, _do)
# ---------------------------------------------------------------------------
# Public API — structured (parsed) action files (Task 3.1)
# ---------------------------------------------------------------------------
async def get_parsed_action_file(config_dir: str, name: str) -> ActionConfig:
"""Parse an action definition file and return its structured representation.
Args:
config_dir: Path to the fail2ban configuration directory.
name: Base name with or without extension.
Returns:
:class:`~app.models.config.ActionConfig`.
Raises:
ConfigFileNotFoundError: If no matching file is found.
ConfigDirError: If *config_dir* does not exist.
"""
from app.services.conffile_parser import parse_action_file # avoid circular imports
def _do() -> ActionConfig:
action_d = _resolve_subdir(config_dir, "action.d")
raw = _read_conf_file(action_d, name)
result = parse_action_file(raw.content, name=raw.name, filename=raw.filename)
log.debug("action_file_parsed", name=raw.name)
return result
return await asyncio.get_event_loop().run_in_executor(None, _do)
async def update_parsed_action_file(
config_dir: str,
name: str,
update: ActionConfigUpdate,
) -> None:
"""Apply a structured partial update to an action definition file.
Args:
config_dir: Path to the fail2ban configuration directory.
name: Base name of the file to update.
update: Partial fields to apply.
Raises:
ConfigFileNotFoundError: If no matching file is found.
ConfigFileWriteError: If the file cannot be written.
ConfigDirError: If *config_dir* does not exist.
"""
from app.services.conffile_parser import ( # avoid circular imports
merge_action_update,
parse_action_file,
serialize_action_config,
)
def _do() -> None:
action_d = _resolve_subdir(config_dir, "action.d")
raw = _read_conf_file(action_d, name)
current = parse_action_file(raw.content, name=raw.name, filename=raw.filename)
merged = merge_action_update(current, update)
new_content = serialize_action_config(merged)
_validate_content(new_content)
_write_conf_file(action_d, name, new_content)
log.info("action_file_updated_parsed", name=name)
await asyncio.get_event_loop().run_in_executor(None, _do)
async def get_parsed_jail_file(config_dir: str, filename: str) -> JailFileConfig:
"""Parse a jail.d config file into a structured :class:`~app.models.config.JailFileConfig`.
Args:
config_dir: Path to the fail2ban configuration directory.
filename: Filename including extension (e.g. ``"sshd.conf"``).
Returns:
:class:`~app.models.config.JailFileConfig`.
Raises:
ConfigFileNotFoundError: If no matching file is found.
ConfigDirError: If *config_dir* does not exist.
"""
from app.services.conffile_parser import parse_jail_file # avoid circular imports
def _do() -> JailFileConfig:
jail_d = _resolve_subdir(config_dir, "jail.d")
raw = _read_conf_file(jail_d, filename)
result = parse_jail_file(raw.content, filename=raw.filename)
log.debug("jail_file_parsed", filename=raw.filename)
return result
return await asyncio.get_event_loop().run_in_executor(None, _do)
async def update_parsed_jail_file(
config_dir: str,
filename: str,
update: JailFileConfigUpdate,
) -> None:
"""Apply a structured partial update to a jail.d config file.
Args:
config_dir: Path to the fail2ban configuration directory.
filename: Filename including extension (e.g. ``"sshd.conf"``).
update: Partial fields to apply.
Raises:
ConfigFileNotFoundError: If no matching file is found.
ConfigFileWriteError: If the file cannot be written.
ConfigDirError: If *config_dir* does not exist.
"""
from app.services.conffile_parser import ( # avoid circular imports
merge_jail_file_update,
parse_jail_file,
serialize_jail_file_config,
)
def _do() -> None:
jail_d = _resolve_subdir(config_dir, "jail.d")
raw = _read_conf_file(jail_d, filename)
current = parse_jail_file(raw.content, filename=raw.filename)
merged = merge_jail_file_update(current, update)
new_content = serialize_jail_file_config(merged)
_validate_content(new_content)
_write_conf_file(jail_d, filename, new_content)
log.info("jail_file_updated_parsed", filename=filename)
await asyncio.get_event_loop().run_in_executor(None, _do)