fix: simplify whitelist entries and update logs API

- Change whitelist response format to use single `entry` field instead of `ip` + `reason`
- Update auth endpoint to return 204 No Content instead of 200 with body
- Add 405 Method Not Allowed response for auth endpoint
- Fix operationId for permanent whitelist endpoint (was `listTempWhitelist`)
- Add query parameters for logs endpoint: action, ip, limit, offset
- Update documentation in docs/api.md and openapi.yaml
This commit is contained in:
db123-test
2026-05-04 13:27:06 +03:30
parent 252c617769
commit a281012fc4
2 changed files with 50 additions and 20 deletions

View File

@@ -20,7 +20,7 @@ paths:
summary: Auth check (NGINX auth_request)
description: |
The NGINX auth_request endpoint. Do NOT call this directly.
Returns 200 if the client IP is whitelisted, 401 otherwise.
Returns 204 if the client IP is whitelisted, 401 otherwise.
Only checks permanent and temporary IP whitelists.
operationId: checkAuth
parameters:
@@ -31,13 +31,8 @@ paths:
type: string
description: Client IP set by NGINX
responses:
'200':
description: OK
content:
text/plain:
schema:
type: string
example: "ok"
'204':
description: No Content — IP is whitelisted
'401':
description: Unauthorized — IP not whitelisted
@@ -98,8 +93,8 @@ paths:
description: Unauthorized — invalid API token
'500':
description: Internal error — database failure
/api/whitelist/temp/list:
'405':
description: Method not allowed — only POST is supported
get:
summary: List temporary whitelisted IPs
description: List all currently active temporary whitelisted IPs.
@@ -190,7 +185,7 @@ paths:
get:
summary: List permanent whitelisted IPs
description: List all currently active permanent whitelisted IPs.
operationId: listTempWhitelist
operationId: listPermWhitelist
responses:
'200':
description: List of permanent whitelisted IPs
@@ -201,12 +196,9 @@ paths:
items:
type: object
properties:
ip:
entry:
type: string
example: "1.2.3.4"
reason:
type: string
example: "my laptop"
example: "203.0.113.10"
'401':
description: Unauthorized — invalid API token
'500':
@@ -238,10 +230,40 @@ paths:
get:
summary: Retrieve audit log entries
description: |
Retrieve the last 200 audit log entries.
Retrieve the last 200 audit log entries (up to 1000 with `limit`).
Each entry records a whitelist operation with its timestamp, action, affected IP,
and the IP of the API client that performed the action.
operationId: getLogs
parameters:
- name: action
in: query
required: false
schema:
type: string
description: Filter by action type (add_temp, delete_temp, add_perm, delete_perm, expire_temp)
- name: ip
in: query
required: false
schema:
type: string
description: Filter by IP address
- name: limit
in: query
required: false
schema:
type: integer
minimum: 1
maximum: 1000
default: 200
description: Number of entries to return (default 200, max 1000)
- name: offset
in: query
required: false
schema:
type: integer
minimum: 0
default: 0
description: Number of entries to skip (default 0)
responses:
'200':
description: List of audit log entries