feat(backend): add raw file write endpoints for jail, filter, and action configs

Add PUT endpoints for overwriting raw content of jail.d, filter.d, and action.d config files. Mirrors the existing GET endpoints so the frontend can show an editable raw-text view of each config file.
2026-03-13 14:34:41 +01:00
parent 44f3fb8718
commit cf2336c0bc
2 changed files with 84 additions and 0 deletions
--- a/backend/app/routers/file_config.py
+++ b/backend/app/routers/file_config.py
@@ -6,6 +6,7 @@ files directly on the filesystem (``jail.d/``, ``filter.d/``, ``action.d/``).
 Endpoints:
 * ``GET  /api/config/jail-files``                  — list all jail config files
 * ``GET  /api/config/jail-files/{filename}``        — get one jail config file (with content)
+* ``PUT  /api/config/jail-files/{filename}``        — overwrite a jail config file
 * ``PUT  /api/config/jail-files/{filename}/enabled`` — enable/disable a jail config
 * ``GET  /api/config/filters``                     — list all filter files
 * ``GET  /api/config/filters/{name}``              — get one filter file (with content)
@@ -169,6 +170,46 @@ async def get_jail_config_file(
        raise _service_unavailable(str(exc)) from exc


+@router.put(
+    "/jail-files/{filename}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    summary="Overwrite a jail.d config file with new raw content",
+)
+async def write_jail_config_file(
+    request: Request,
+    _auth: AuthDep,
+    filename: _FilenamePath,
+    body: ConfFileUpdateRequest,
+) -> None:
+    """Overwrite the raw content of an existing jail.d config file.
+
+    The change is written directly to disk.  You must reload fail2ban
+    (``POST /api/config/reload``) separately for the change to take effect.
+
+    Args:
+        request: Incoming request.
+        _auth: Validated session.
+        filename: Filename of the jail config file (e.g. ``sshd.conf``).
+        body: New raw file content.
+
+    Raises:
+        HTTPException: 400 if *filename* is unsafe or content is invalid.
+        HTTPException: 404 if the file does not exist.
+        HTTPException: 503 if the config directory is unavailable.
+    """
+    config_dir: str = request.app.state.settings.fail2ban_config_dir
+    try:
+        await file_config_service.write_jail_config_file(config_dir, filename, body)
+    except ConfigFileNameError as exc:
+        raise _bad_request(str(exc)) from exc
+    except ConfigFileNotFoundError:
+        raise _not_found(filename) from None
+    except ConfigFileWriteError as exc:
+        raise _bad_request(str(exc)) from exc
+    except ConfigDirError as exc:
+        raise _service_unavailable(str(exc)) from exc
+
+
@router.put(
    "/jail-files/{filename}/enabled",
    status_code=status.HTTP_204_NO_CONTENT,