feat: implement API versioning /api/v1/

- All backend routers moved to /api/v1/ prefix - Frontend BASE_URL updated to /api/v1 - Setup redirect middleware updated to redirect to /api/v1/setup - Health router path fixed: prefix=/api/v1/health, @router.get('') - conftest.py: set server_status=online for test fixture - Created Docs/API_VERSIONING.md with deprecation policy - Updated Docs/Backend-Development.md with versioning section - Updated Instructions.md curl examples Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-02 21:29:30 +02:00
parent 0d5882b32f
commit cc6dbcf3f0
51 changed files with 1886 additions and 671 deletions
--- a/backend/app/routers/bans.py
+++ b/backend/app/routers/bans.py
@@ -10,21 +10,91 @@ Manual ban and unban operations and the active-bans overview:

 from __future__ import annotations

-from fastapi import APIRouter, Request, status
+from fastapi import APIRouter, Depends, Request, status

 from app.dependencies import (
    AuthDep,
    BanServiceContextDep,
    Fail2BanSocketDep,
    GeoCacheDep,
+    GlobalRateLimiterDep,
    HttpSessionDep,
 )
 from app.mappers import map_domain_active_ban_list_to_response
 from app.models.ban import ActiveBanListResponse, BanRequest, UnbanAllResponse, UnbanRequest
 from app.models.jail import JailCommandResponse
 from app.services import ban_service, jail_service
+from app.utils.constants import (
+    RATE_LIMIT_BANS_BAN_REQUESTS,
+    RATE_LIMIT_BANS_UNBAN_REQUESTS,
+)

-router: APIRouter = APIRouter(prefix="/api/bans", tags=["Bans"])
+router: APIRouter = APIRouter(prefix="/api/v1/bans", tags=["Bans"])
+
+# Rate limit bucket constants
+_BANS_BAN_BUCKET = "bans:ban"
+_BANS_UNBAN_BUCKET = "bans:unban"
+
+# 60 seconds per minute
+_MINUTE = 60
+
+
+def _check_ban_rate_limit(
+    request: Request,
+    rate_limiter: GlobalRateLimiterDep,
+) -> None:
+    """Check rate limit for ban operations."""
+    from app.utils.client_ip import get_client_ip
+
+    settings = request.app.state.settings
+    client_ip = get_client_ip(request, trusted_proxies=settings.trusted_proxies)
+    is_allowed, retry_after = rate_limiter.check_allowed_for_bucket(
+        _BANS_BAN_BUCKET, client_ip, RATE_LIMIT_BANS_BAN_REQUESTS, _MINUTE
+    )
+    if not is_allowed:
+        from app.exceptions import RateLimitError
+        import structlog
+
+        log = structlog.get_logger()
+        log.warning(
+            "bans_ban_rate_limit_exceeded",
+            client_ip=client_ip,
+            path=request.url.path,
+            retry_after=retry_after,
+        )
+        raise RateLimitError(
+            "Rate limit exceeded for ban operations. Please try again later.",
+            retry_after_seconds=retry_after,
+        )
+
+
+def _check_unban_rate_limit(
+    request: Request,
+    rate_limiter: GlobalRateLimiterDep,
+) -> None:
+    """Check rate limit for unban operations."""
+    from app.utils.client_ip import get_client_ip
+
+    settings = request.app.state.settings
+    client_ip = get_client_ip(request, trusted_proxies=settings.trusted_proxies)
+    is_allowed, retry_after = rate_limiter.check_allowed_for_bucket(
+        _BANS_UNBAN_BUCKET, client_ip, RATE_LIMIT_BANS_UNBAN_REQUESTS, _MINUTE
+    )
+    if not is_allowed:
+        from app.exceptions import RateLimitError
+        import structlog
+
+        log = structlog.get_logger()
+        log.warning(
+            "bans_unban_rate_limit_exceeded",
+            client_ip=client_ip,
+            path=request.url.path,
+            retry_after=retry_after,
+        )
+        raise RateLimitError(
+            "Rate limit exceeded for unban operations. Please try again later.",
+            retry_after_seconds=retry_after,
+        )


@router.get(
@@ -73,6 +143,7 @@ async def get_active_bans(
    status_code=status.HTTP_201_CREATED,
    response_model=JailCommandResponse,
    summary="Ban an IP address in a specific jail",
+    dependencies=[Depends(_check_ban_rate_limit)],
 )
 async def ban_ip(
    request: Request,
@@ -110,6 +181,7 @@ async def ban_ip(
    "",
    response_model=JailCommandResponse,
    summary="Unban an IP address from one or all jails",
+    dependencies=[Depends(_check_unban_rate_limit)],
 )
 async def unban_ip(
    request: Request,