TASK-015: Add validation for GlobalConfigUpdate.log_target and log_level

- Add LogLevel Literal type: CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG - Add log_target validation to accept special values (STDOUT, STDERR, SYSLOG) or validated file paths within allowed directories - Update GlobalConfigResponse to use LogLevel type - Add field_validator for log_target in both GlobalConfigUpdate and GlobalConfigResponse following the same pattern as AddLogPathRequest - Add @autouse fixture to test_config_service.py to mock get_settings - Update existing tests to use uppercase log level values - Add 12 comprehensive tests for new validation in test_models.py - Update Features.md to document valid log_target and log_level values - Add section to Backend-Development.md documenting Literal types and field_validator patterns with examples Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-26 13:57:22 +02:00
parent b9e046bd66
commit d66493f135
6 changed files with 306 additions and 45 deletions
--- a/backend/app/models/config.py
+++ b/backend/app/models/config.py
@@ -14,6 +14,8 @@ from app.config import get_settings
 DNSMode = Literal["yes", "warn", "no", "raw"]
 LogEncoding = Literal["auto", "ascii", "utf-8", "UTF-8", "latin-1"]
 BackendType = Literal["auto", "polling", "pyinotify", "systemd", "gamin"]
+LogLevel = Literal["CRITICAL", "ERROR", "WARNING", "NOTICE", "INFO", "DEBUG"]
+LogTarget = Literal["STDOUT", "STDERR", "SYSLOG"]

 # ---------------------------------------------------------------------------
 # Ban-time escalation
@@ -177,28 +179,103 @@ class GlobalConfigResponse(BaseModel):

    model_config = ConfigDict(strict=True)

-    log_level: str
-    log_target: str
+    log_level: LogLevel
+    log_target: str = Field(..., description="Log target: STDOUT, STDERR, SYSLOG, or a validated file path.")
    db_purge_age: int = Field(..., description="Seconds after which ban records are purged from the fail2ban DB.")
    db_max_matches: int = Field(..., description="Maximum stored log-line matches per ban record.")

+    @field_validator("log_target", mode="after")
+    @classmethod
+    def validate_log_target(cls, value: str) -> str:
+        """Validate that log_target is either a special value or a valid file path.
+
+        Args:
+            value: The log target to validate.
+
+        Returns:
+            The validated log target.
+
+        Raises:
+            ValueError: If the target is not a special value and not in allowed directories.
+        """
+        if value.upper() in ("STDOUT", "STDERR", "SYSLOG"):
+            return value
+
+        settings = get_settings()
+        try:
+            resolved_path = Path(value).resolve()
+        except (OSError, RuntimeError) as e:
+            raise ValueError(f"Cannot resolve path {value!r}: {e}") from e
+
+        for allowed_dir in settings.allowed_log_dirs:
+            allowed_path = Path(allowed_dir).resolve()
+            try:
+                resolved_path.relative_to(allowed_path)
+                return value
+            except ValueError:
+                continue
+
+        allowed_dirs_str = ", ".join(settings.allowed_log_dirs)
+        raise ValueError(
+            f"Log target {value!r} is outside allowed directories: {allowed_dirs_str}"
+        )
+

 class GlobalConfigUpdate(BaseModel):
    """Payload for ``PUT /api/config/global``."""

    model_config = ConfigDict(strict=True)

-    log_level: str | None = Field(
+    log_level: LogLevel | None = Field(
        default=None,
-        description="Log level: CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG.",
+        description="Log level: CRITICAL, ERROR, WARNING, NOTICE, INFO, or DEBUG.",
    )
    log_target: str | None = Field(
        default=None,
-        description="Log target: STDOUT, STDERR, SYSLOG, SYSTEMD-JOURNAL, or a file path.",
+        description="Log target: STDOUT, STDERR, SYSLOG, or a validated file path.",
    )
    db_purge_age: int | None = Field(default=None, ge=0)
    db_max_matches: int | None = Field(default=None, ge=0)

+    @field_validator("log_target", mode="after")
+    @classmethod
+    def validate_log_target(cls, value: str | None) -> str | None:
+        """Validate that log_target is either a special value or a valid file path.
+
+        Args:
+            value: The log target to validate, or None.
+
+        Returns:
+            The validated log target, or None if input was None.
+
+        Raises:
+            ValueError: If the target is not a special value and not in allowed directories.
+        """
+        if value is None:
+            return None
+
+        if value.upper() in ("STDOUT", "STDERR", "SYSLOG"):
+            return value
+
+        settings = get_settings()
+        try:
+            resolved_path = Path(value).resolve()
+        except (OSError, RuntimeError) as e:
+            raise ValueError(f"Cannot resolve path {value!r}: {e}") from e
+
+        for allowed_dir in settings.allowed_log_dirs:
+            allowed_path = Path(allowed_dir).resolve()
+            try:
+                resolved_path.relative_to(allowed_path)
+                return value
+            except ValueError:
+                continue
+
+        allowed_dirs_str = ", ".join(settings.allowed_log_dirs)
+        raise ValueError(
+            f"Log target {value!r} is outside allowed directories: {allowed_dirs_str}"
+        )
+

 # ---------------------------------------------------------------------------
 # Log observation / preview models