feat(backend): add raw file write endpoints for jail, filter, and action configs

Add PUT endpoints for overwriting raw content of jail.d, filter.d, and action.d config files. Mirrors the existing GET endpoints so the frontend can show an editable raw-text view of each config file.
2026-03-13 14:34:41 +01:00
parent 44f3fb8718
commit cf2336c0bc
2 changed files with 84 additions and 0 deletions
--- a/backend/app/services/file_config_service.py
+++ b/backend/app/services/file_config_service.py
@@ -418,6 +418,49 @@ async def create_jail_config_file(
    return await asyncio.get_event_loop().run_in_executor(None, _do)


+async def write_jail_config_file(
+    config_dir: str,
+    filename: str,
+    req: ConfFileUpdateRequest,
+) -> None:
+    """Overwrite an existing jail.d config file with new raw content.
+
+    Args:
+        config_dir: Path to the fail2ban configuration directory.
+        filename: Filename including extension (e.g. ``sshd.conf``).
+        req: :class:`~app.models.file_config.ConfFileUpdateRequest` with new
+            content.
+
+    Raises:
+        ConfigFileNotFoundError: If the file does not exist.
+        ConfigFileNameError: If *filename* is unsafe or has a bad extension.
+        ConfigFileWriteError: If the file cannot be written.
+        ConfigDirError: If *config_dir* does not exist.
+    """
+
+    def _do() -> None:
+        jail_d = _resolve_subdir(config_dir, "jail.d").resolve()
+        if not jail_d.is_dir():
+            raise ConfigFileNotFoundError(filename)
+        path = (jail_d / filename).resolve()
+        _assert_within(jail_d, path)
+        if path.suffix not in _CONF_EXTENSIONS:
+            raise ConfigFileNameError(
+                f"Only .conf and .local files are supported, got {filename!r}."
+            )
+        if not path.is_file():
+            raise ConfigFileNotFoundError(filename)
+        try:
+            path.write_text(req.content, encoding="utf-8")
+        except OSError as exc:
+            raise ConfigFileWriteError(
+                f"Cannot write {filename!r}: {exc}"
+            ) from exc
+        log.info("jail_config_file_written", filename=filename)
+
+    await asyncio.get_event_loop().run_in_executor(None, _do)
+
+
 # ---------------------------------------------------------------------------
 # Internal helpers — generic conf file listing / reading / writing
 # ---------------------------------------------------------------------------