"""Geo / IP lookup router. Provides the IP enrichment endpoints: * ``GET /api/geo/lookup/{ip}`` — ban status, ban history, and geo info for an IP * ``POST /api/geo/re-resolve`` — retry all previously failed geo lookups """ from __future__ import annotations from typing import TYPE_CHECKING, Annotated if TYPE_CHECKING: from app.services.jail_service import IpLookupResult import aiosqlite from fastapi import APIRouter, Depends, HTTPException, Path, status from app.dependencies import ( AuthDep, Fail2BanSocketDep, HttpSessionDep, get_db, ) from app.models.geo import GeoCacheStatsResponse, GeoReResolveResponse, IpLookupResponse from app.services import geo_service, jail_service from app.utils.fail2ban_client import Fail2BanConnectionError router: APIRouter = APIRouter(prefix="/api/geo", tags=["Geo"]) _IpPath = Annotated[str, Path(description="IPv4 or IPv6 address to look up.")] @router.get( "/lookup/{ip}", response_model=IpLookupResponse, summary="Look up ban status and geo information for an IP", ) async def lookup_ip( _auth: AuthDep, ip: _IpPath, socket_path: Fail2BanSocketDep, http_session: HttpSessionDep, ) -> IpLookupResponse: """Return current ban status, geo data, and network information for an IP. Checks every running fail2ban jail to determine whether the IP is currently banned, and enriches the result with country, ASN, and organisation data from ip-api.com. Args: _auth: Validated session — enforces authentication. ip: The IP address to look up. Returns: :class:`~app.models.geo.IpLookupResponse` with ban status and geo data. Raises: HTTPException: 400 when *ip* is not a valid IP address. HTTPException: 502 when fail2ban is unreachable. """ async def _enricher(addr: str) -> geo_service.GeoInfo | None: return await geo_service.lookup(addr, http_session) try: result: IpLookupResult = await jail_service.lookup_ip( socket_path, ip, geo_enricher=_enricher, ) except ValueError as exc: raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail=str(exc), ) from exc except Fail2BanConnectionError as exc: raise HTTPException( status_code=status.HTTP_502_BAD_GATEWAY, detail=f"Cannot reach fail2ban: {exc}", ) from exc return IpLookupResponse(**result) # --------------------------------------------------------------------------- # POST /api/geo/re-resolve # --------------------------------------------------------------------------- # --------------------------------------------------------------------------- # GET /api/geo/stats # --------------------------------------------------------------------------- @router.get( "/stats", response_model=GeoCacheStatsResponse, summary="Geo cache diagnostic counters", ) async def geo_stats( _auth: AuthDep, db: Annotated[aiosqlite.Connection, Depends(get_db)], ) -> GeoCacheStatsResponse: """Return diagnostic counters for the geo cache subsystem. Useful for operators and the UI to gauge geo-resolution health. Args: _auth: Validated session — enforces authentication. db: BanGUI application database connection. Returns: :class:`~app.models.geo.GeoCacheStatsResponse` with current counters. """ stats: dict[str, int] = await geo_service.cache_stats(db) return GeoCacheStatsResponse(**stats) @router.post( "/re-resolve", summary="Re-resolve all IPs whose country could not be determined", response_model=GeoReResolveResponse, ) async def re_resolve_geo( _auth: AuthDep, db: Annotated[aiosqlite.Connection, Depends(get_db)], http_session: HttpSessionDep, ) -> GeoReResolveResponse: """Retry geo resolution for every IP in ``geo_cache`` with a null country. Clears the in-memory negative cache first so that previously failing IPs are immediately eligible for a new API attempt. Args: _auth: Validated session — enforces authentication. db: BanGUI application database (for reading/writing ``geo_cache``). http_session: Shared HTTP session for geo lookups. Returns: A :class:`~app.models.geo.GeoReResolveResponse` with retry counts. """ return await geo_service.re_resolve_all(db, http_session)