diff --git a/docs/api.md b/docs/api.md index eeaa6e4..be2fa96 100644 --- a/docs/api.md +++ b/docs/api.md @@ -91,8 +91,7 @@ List all currently active permanent whitelisted IPs. ```json [ { - "ip": "1.2.3.4", - "reason": "my laptop", + "entry": "203.0.113.10" } ] ``` @@ -111,6 +110,15 @@ Retrieve audit log entries. **Authorization:** Bearer `{API_TOKEN}` +**Query parameters:** + +| Parameter | Type | Required | Default | Description | +|-----------|--------|----------|---------|---------------------------------------------------------------------| +| `action` | string | No | | Filter by action type (`add_temp`, `delete_temp`, `add_perm`, etc.) | +| `ip` | string | No | | Filter by IP address | +| `limit` | int | No | 200 | Number of entries to return (max 1000) | +| `offset` | int | No | 0 | Number of entries to skip | + **Response body:** ```json @@ -137,7 +145,7 @@ curl -X GET http://127.0.0.1:8080/api/logs \ The NGINX auth_request endpoint. Do NOT call this directly. -**Response:** 200 (allow) or 401 (deny) +**Response:** 204 No Content (allow) or 401 (deny) ### GET /status diff --git a/openapi.yaml b/openapi.yaml index 7b8a2bb..2a21c71 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -20,7 +20,7 @@ paths: summary: Auth check (NGINX auth_request) description: | The NGINX auth_request endpoint. Do NOT call this directly. - Returns 200 if the client IP is whitelisted, 401 otherwise. + Returns 204 if the client IP is whitelisted, 401 otherwise. Only checks permanent and temporary IP whitelists. operationId: checkAuth parameters: @@ -31,13 +31,8 @@ paths: type: string description: Client IP set by NGINX responses: - '200': - description: OK - content: - text/plain: - schema: - type: string - example: "ok" + '204': + description: No Content — IP is whitelisted '401': description: Unauthorized — IP not whitelisted @@ -98,8 +93,8 @@ paths: description: Unauthorized — invalid API token '500': description: Internal error — database failure - - /api/whitelist/temp/list: + '405': + description: Method not allowed — only POST is supported get: summary: List temporary whitelisted IPs description: List all currently active temporary whitelisted IPs. @@ -190,7 +185,7 @@ paths: get: summary: List permanent whitelisted IPs description: List all currently active permanent whitelisted IPs. - operationId: listTempWhitelist + operationId: listPermWhitelist responses: '200': description: List of permanent whitelisted IPs @@ -201,12 +196,9 @@ paths: items: type: object properties: - ip: + entry: type: string - example: "1.2.3.4" - reason: - type: string - example: "my laptop" + example: "203.0.113.10" '401': description: Unauthorized — invalid API token '500': @@ -238,10 +230,40 @@ paths: get: summary: Retrieve audit log entries description: | - Retrieve the last 200 audit log entries. + Retrieve the last 200 audit log entries (up to 1000 with `limit`). Each entry records a whitelist operation with its timestamp, action, affected IP, and the IP of the API client that performed the action. operationId: getLogs + parameters: + - name: action + in: query + required: false + schema: + type: string + description: Filter by action type (add_temp, delete_temp, add_perm, delete_perm, expire_temp) + - name: ip + in: query + required: false + schema: + type: string + description: Filter by IP address + - name: limit + in: query + required: false + schema: + type: integer + minimum: 1 + maximum: 1000 + default: 200 + description: Number of entries to return (default 200, max 1000) + - name: offset + in: query + required: false + schema: + type: integer + minimum: 0 + default: 0 + description: Number of entries to skip (default 0) responses: '200': description: List of audit log entries