chore: commit local changes

2026-03-22 10:07:44 +01:00
parent 335f89c554
commit bf2abda595
26 changed files with 580 additions and 1384 deletions
--- a/backend/app/services/config_file_service.py
+++ b/backend/app/services/config_file_service.py
@@ -54,9 +54,9 @@ from app.models.config import (
    JailValidationResult,
    RollbackResponse,
 )
-from app.exceptions import JailNotFoundError
-from app.services import jail_service
+from app.exceptions import FilterInvalidRegexError, JailNotFoundError
 from app.utils import conffile_parser
+from app.utils.jail_utils import reload_jails
 from app.utils.fail2ban_client import (
    Fail2BanClient,
    Fail2BanConnectionError,
@@ -65,6 +65,41 @@ from app.utils.fail2ban_client import (

 log: structlog.stdlib.BoundLogger = structlog.get_logger()

+# Proxy object for jail reload operations. Tests can patch
+# app.services.config_file_service.jail_service.reload_all as needed.
+class _JailServiceProxy:
+    async def reload_all(
+        self,
+        socket_path: str,
+        include_jails: list[str] | None = None,
+        exclude_jails: list[str] | None = None,
+    ) -> None:
+        kwargs: dict[str, list[str]] = {}
+        if include_jails is not None:
+            kwargs["include_jails"] = include_jails
+        if exclude_jails is not None:
+            kwargs["exclude_jails"] = exclude_jails
+        await reload_jails(socket_path, **kwargs)
+
+
+jail_service = _JailServiceProxy()
+
+
+async def _reload_all(
+    socket_path: str,
+    include_jails: list[str] | None = None,
+    exclude_jails: list[str] | None = None,
+) -> None:
+    """Reload fail2ban jails using the configured hook or default helper."""
+    kwargs: dict[str, list[str]] = {}
+    if include_jails is not None:
+        kwargs["include_jails"] = include_jails
+    if exclude_jails is not None:
+        kwargs["exclude_jails"] = exclude_jails
+
+    await jail_service.reload_all(socket_path, **kwargs)
+
+
 # ---------------------------------------------------------------------------
 # Constants
 # ---------------------------------------------------------------------------
@@ -168,21 +203,6 @@ class FilterReadonlyError(Exception):
        )


-class FilterInvalidRegexError(Exception):
-    """Raised when a regex pattern fails to compile."""
-
-    def __init__(self, pattern: str, error: str) -> None:
-        """Initialise with the invalid pattern and the compile error.
-
-        Args:
-            pattern: The regex string that failed to compile.
-            error: The ``re.error`` message.
-        """
-        self.pattern: str = pattern
-        self.error: str = error
-        super().__init__(f"Invalid regex {pattern!r}: {error}")
-
-
 # ---------------------------------------------------------------------------
 # Internal helpers
 # ---------------------------------------------------------------------------
@@ -1206,7 +1226,7 @@ async def activate_jail(
    # Activation reload — if it fails, roll back immediately                  #
    # ---------------------------------------------------------------------- #
    try:
-        await jail_service.reload_all(socket_path, include_jails=[name])
+        await _reload_all(socket_path, include_jails=[name])
    except JailNotFoundError as exc:
        # Jail configuration is invalid (e.g. missing logpath that prevents
        # fail2ban from loading the jail). Roll back and provide a specific error.
@@ -1349,7 +1369,7 @@ async def _rollback_activation_async(

    # Step 2 — reload fail2ban with the restored config.
    try:
-        await jail_service.reload_all(socket_path)
+        await _reload_all(socket_path)
        log.info("jail_activation_rollback_reload_ok", jail=name)
    except Exception as exc:  # noqa: BLE001
        log.warning("jail_activation_rollback_reload_failed", jail=name, error=str(exc))
@@ -1416,7 +1436,7 @@ async def deactivate_jail(
    )

    try:
-        await jail_service.reload_all(socket_path, exclude_jails=[name])
+        await _reload_all(socket_path, exclude_jails=[name])
    except Exception as exc:  # noqa: BLE001
        log.warning("reload_after_deactivate_failed", jail=name, error=str(exc))

@@ -1972,7 +1992,7 @@ async def update_filter(

    if do_reload:
        try:
-            await jail_service.reload_all(socket_path)
+            await _reload_all(socket_path)
        except Exception as exc:  # noqa: BLE001
            log.warning(
                "reload_after_filter_update_failed",
@@ -2047,7 +2067,7 @@ async def create_filter(

    if do_reload:
        try:
-            await jail_service.reload_all(socket_path)
+            await _reload_all(socket_path)
        except Exception as exc:  # noqa: BLE001
            log.warning(
                "reload_after_filter_create_failed",
@@ -2174,7 +2194,7 @@ async def assign_filter_to_jail(

    if do_reload:
        try:
-            await jail_service.reload_all(socket_path)
+            await _reload_all(socket_path)
        except Exception as exc:  # noqa: BLE001
            log.warning(
                "reload_after_assign_filter_failed",
@@ -2826,7 +2846,7 @@ async def update_action(

    if do_reload:
        try:
-            await jail_service.reload_all(socket_path)
+            await _reload_all(socket_path)
        except Exception as exc:  # noqa: BLE001
            log.warning(
                "reload_after_action_update_failed",
@@ -2895,7 +2915,7 @@ async def create_action(

    if do_reload:
        try:
-            await jail_service.reload_all(socket_path)
+            await _reload_all(socket_path)
        except Exception as exc:  # noqa: BLE001
            log.warning(
                "reload_after_action_create_failed",
@@ -3026,7 +3046,7 @@ async def assign_action_to_jail(

    if do_reload:
        try:
-            await jail_service.reload_all(socket_path)
+            await _reload_all(socket_path)
        except Exception as exc:  # noqa: BLE001
            log.warning(
                "reload_after_assign_action_failed",
@@ -3088,7 +3108,7 @@ async def remove_action_from_jail(

    if do_reload:
        try:
-            await jail_service.reload_all(socket_path)
+            await _reload_all(socket_path)
        except Exception as exc:  # noqa: BLE001
            log.warning(
                "reload_after_remove_action_failed",