Add better jail configuration: file CRUD, enable/disable, log paths

Task 4 (Better Jail Configuration) implementation: - Add fail2ban_config_dir setting to app/config.py - New file_config_service: list/view/edit/create jail.d, filter.d, action.d files with path-traversal prevention and 512 KB content size limit - New file_config router: GET/PUT/POST endpoints for jail files, filter files, and action files; PUT .../enabled for toggle on/off - Extend config_service with delete_log_path() and add_log_path() - Add DELETE /api/config/jails/{name}/logpath and POST /api/config/jails/{name}/logpath - Extend geo router with re-resolve endpoint; add geo_re_resolve background task - Update blocklist_service with revised scheduling helpers - Update Docker compose files with BANGUI_FAIL2BAN_CONFIG_DIR env var and rw volume mount for the fail2ban config directory - Frontend: new Jail Files, Filters, Actions tabs in ConfigPage; file editor with accordion-per-file, editable textarea, save/create; add/delete log paths - Frontend: types in types/config.ts; API calls in api/config.ts and api/endpoints.ts - 63 new backend tests (test_file_config_service, test_file_config, test_geo_re_resolve) - 6 new frontend tests in ConfigPageLogPath.test.tsx - ruff, mypy --strict, tsc --noEmit, eslint: all clean; 617 backend tests pass
2026-03-12 20:08:33 +01:00
parent 59464a1592
commit ea35695221
23 changed files with 2911 additions and 91 deletions
--- a/backend/app/models/file_config.py
+++ b/backend/app/models/file_config.py
@@ -0,0 +1,109 @@
+"""Pydantic models for file-based fail2ban configuration management.
+
+Covers jail config files (``jail.d/``), filter definitions (``filter.d/``),
+and action definitions (``action.d/``).
+"""
+
+from pydantic import BaseModel, ConfigDict, Field
+
+# ---------------------------------------------------------------------------
+# Jail config file models (Task 4a)
+# ---------------------------------------------------------------------------
+
+
+class JailConfigFile(BaseModel):
+    """Metadata for a single jail configuration file in ``jail.d/``."""
+
+    model_config = ConfigDict(strict=True)
+
+    name: str = Field(..., description="Jail name (file stem, e.g. ``sshd``).")
+    filename: str = Field(..., description="Actual filename (e.g. ``sshd.conf``).")
+    enabled: bool = Field(
+        ...,
+        description=(
+            "Whether the jail is enabled.  Derived from the ``enabled`` key "
+            "inside the file; defaults to ``true`` when the key is absent."
+        ),
+    )
+
+
+class JailConfigFilesResponse(BaseModel):
+    """Response for ``GET /api/config/jail-files``."""
+
+    model_config = ConfigDict(strict=True)
+
+    files: list[JailConfigFile] = Field(default_factory=list)
+    total: int = Field(..., ge=0)
+
+
+class JailConfigFileContent(BaseModel):
+    """Single jail config file with its raw content."""
+
+    model_config = ConfigDict(strict=True)
+
+    name: str = Field(..., description="Jail name (file stem).")
+    filename: str = Field(..., description="Actual filename.")
+    enabled: bool = Field(..., description="Whether the jail is enabled.")
+    content: str = Field(..., description="Raw file content.")
+
+
+class JailConfigFileEnabledUpdate(BaseModel):
+    """Payload for ``PUT /api/config/jail-files/{filename}/enabled``."""
+
+    model_config = ConfigDict(strict=True)
+
+    enabled: bool = Field(..., description="New enabled state for this jail.")
+
+
+# ---------------------------------------------------------------------------
+# Generic conf-file entry (shared by filter.d and action.d)
+# ---------------------------------------------------------------------------
+
+
+class ConfFileEntry(BaseModel):
+    """Metadata for a single ``.conf`` or ``.local`` file."""
+
+    model_config = ConfigDict(strict=True)
+
+    name: str = Field(..., description="Base name without extension (e.g. ``sshd``).")
+    filename: str = Field(..., description="Actual filename (e.g. ``sshd.conf``).")
+
+
+class ConfFilesResponse(BaseModel):
+    """Response for list endpoints (``GET /api/config/filters`` and ``GET /api/config/actions``)."""
+
+    model_config = ConfigDict(strict=True)
+
+    files: list[ConfFileEntry] = Field(default_factory=list)
+    total: int = Field(..., ge=0)
+
+
+class ConfFileContent(BaseModel):
+    """A conf file with its raw text content."""
+
+    model_config = ConfigDict(strict=True)
+
+    name: str = Field(..., description="Base name without extension.")
+    filename: str = Field(..., description="Actual filename.")
+    content: str = Field(..., description="Raw file content.")
+
+
+class ConfFileUpdateRequest(BaseModel):
+    """Payload for ``PUT /api/config/filters/{name}`` and ``PUT /api/config/actions/{name}``."""
+
+    model_config = ConfigDict(strict=True)
+
+    content: str = Field(..., description="New raw file content (must not exceed 512 KB).")
+
+
+class ConfFileCreateRequest(BaseModel):
+    """Payload for ``POST /api/config/filters`` and ``POST /api/config/actions``."""
+
+    model_config = ConfigDict(strict=True)
+
+    name: str = Field(
+        ...,
+        description="New file base name (without extension).  Must contain only "
+        "alphanumeric characters, hyphens, underscores, and dots.",
+    )
+    content: str = Field(..., description="Initial raw file content (must not exceed 512 KB).")