BanGUI/backend/app/utils/constants.py

"""Application-wide constants.

All magic numbers, default paths, and limit values live here.
Import from this module rather than hard-coding values in business logic.
"""

from typing import Final

# ---------------------------------------------------------------------------
# fail2ban integration
# ---------------------------------------------------------------------------

DEFAULT_FAIL2BAN_SOCKET: Final[str] = "/var/run/fail2ban/fail2ban.sock"
"""Default path to the fail2ban Unix domain socket."""

FAIL2BAN_SOCKET_TIMEOUT_FAST: Final[float] = 5.0
"""Maximum seconds for fast operations (health checks, metadata probes)."""

FAIL2BAN_SOCKET_TIMEOUT: Final[float] = 10.0
"""Maximum seconds for command operations (config, jail management)."""

FAIL2BAN_TRUTHY_VALUES: Final[frozenset[str]] = frozenset({"true", "yes", "1"})
"""String values treated as boolean true by fail2ban configuration parsers."""

# ---------------------------------------------------------------------------
# Database
# ---------------------------------------------------------------------------

DEFAULT_DATABASE_PATH: Final[str] = "bangui.db"
"""Default filename for the BanGUI application SQLite database."""

# ---------------------------------------------------------------------------
# Authentication
# ---------------------------------------------------------------------------

DEFAULT_SESSION_DURATION_MINUTES: Final[int] = 60
"""Default session lifetime in minutes."""

SESSION_TOKEN_BYTES: Final[int] = 32
"""Number of random bytes used when generating a session token."""

SESSION_TOKEN_SIGNATURE_SEPARATOR: Final[str] = "."
"""Separator used to append a signature to a signed session token."""

SESSION_COOKIE_NAME: Final[str] = "bangui_session"
"""Name of the session cookie used by the browser SPA."""

# ---------------------------------------------------------------------------
# Authentication penalty (brute-force resistance)
# ---------------------------------------------------------------------------

LOGIN_PENALTY_BASE_SECONDS: Final[float] = 1.0
"""Base penalty (seconds) for a failed login attempt."""

LOGIN_PENALTY_MAX_SECONDS: Final[float] = 10.0
"""Maximum penalty (seconds) for failed login attempts."""

LOGIN_PENALTY_MULTIPLIER: Final[float] = 2.0
"""Exponential multiplier applied per failed attempt."""

# ---------------------------------------------------------------------------
# Time-range presets (used by dashboard and history endpoints)
# ---------------------------------------------------------------------------

TIME_RANGE_24H: Final[str] = "24h"
TIME_RANGE_7D: Final[str] = "7d"
TIME_RANGE_30D: Final[str] = "30d"
TIME_RANGE_365D: Final[str] = "365d"

VALID_TIME_RANGES: Final[frozenset[str]] = frozenset(
    {TIME_RANGE_24H, TIME_RANGE_7D, TIME_RANGE_30D, TIME_RANGE_365D}
)

TIME_RANGE_HOURS: Final[dict[str, int]] = {
    TIME_RANGE_24H: 24,
    TIME_RANGE_7D: 7 * 24,
    TIME_RANGE_30D: 30 * 24,
    TIME_RANGE_365D: 365 * 24,
}

TIME_RANGE_SLACK_SECONDS: Final[int] = 60
"""Clock drift and test seeding tolerance for timestamp comparisons."""

# ---------------------------------------------------------------------------
# Pagination
# ---------------------------------------------------------------------------

DEFAULT_PAGE_SIZE: Final[int] = 100
MAX_PAGE_SIZE: Final[int] = 500

# ---------------------------------------------------------------------------
# Blocklist import
# ---------------------------------------------------------------------------

BLOCKLIST_IMPORT_DEFAULT_HOUR: Final[int] = 3
"""Default hour (UTC) for the nightly blocklist import job."""

BLOCKLIST_PREVIEW_MAX_LINES: Final[int] = 100
"""Maximum number of IP lines returned by the blocklist preview endpoint."""

# ---------------------------------------------------------------------------
# Health check
# ---------------------------------------------------------------------------

HEALTH_CHECK_INTERVAL_SECONDS: Final[int] = 30
"""How often the background health-check task polls fail2ban."""