feat: add SQLite persistence and REST API for temporary whitelisting
- Migrate IP-based temporary whitelisting from file to SQLite storage - Add REST API endpoints for managing temporary and permanent whitelists - Create `.env.example` with required environment variables - Document API endpoints in README.md and docs/api.md - Add new dependency `modernc.org/sqlite` for SQLite support - Update deployment and security documentation
This commit is contained in:
@@ -76,22 +76,9 @@ nginx -s reload
|
||||
|----------|-------------|---------|
|
||||
| AUTH_GATE_PORT | HTTP listen port | 8080 |
|
||||
| AUTH_GATE_API_TOKEN | API bearer token | (none) |
|
||||
| AUTH_GATE_BASIC_USER | Basic Auth username | admin |
|
||||
| AUTH_GATE_BASIC_PASSWORD | Basic Auth password | changeme |
|
||||
| PERMANENT_WHITELIST_FILE | Path to permanent whitelist file | /config/permanent_whitelist.txt |
|
||||
| AUTH_GATE_DB_PATH | SQLite database path | ./data/auth-gate.db |
|
||||
| DATA_DIR | Data directory | /data |
|
||||
| CLEANUP_INTERVAL | Cleanup interval | 60s |
|
||||
| WATCH_INTERVAL | Whitelist file watch interval | 30s |
|
||||
|
||||
## Permanent whitelist file
|
||||
|
||||
```
|
||||
# /config/permanent_whitelist.txt
|
||||
203.0.113.10
|
||||
198.51.100.0/24
|
||||
```
|
||||
|
||||
The file is reloaded every 30 seconds (configurable).
|
||||
|
||||
## Graceful shutdown
|
||||
|
||||
@@ -109,5 +96,4 @@ For production, use the Dockerfile from this repository. It:
|
||||
- Runs the service as a non-root user.
|
||||
- Drops all Linux capabilities.
|
||||
- Sets the no-new-privileges flag.
|
||||
- Mounts the whitelist file as read-only.
|
||||
- Mounts /tmp as tmpfs (no persistence).
|
||||
- Mounts /tmp as tmpfs (no persistence).
|
||||
|
||||
Reference in New Issue
Block a user