fix: simplify whitelist entries and update logs API
- Change whitelist response format to use single `entry` field instead of `ip` + `reason` - Update auth endpoint to return 204 No Content instead of 200 with body - Add 405 Method Not Allowed response for auth endpoint - Fix operationId for permanent whitelist endpoint (was `listTempWhitelist`) - Add query parameters for logs endpoint: action, ip, limit, offset - Update documentation in docs/api.md and openapi.yaml
This commit is contained in:
14
docs/api.md
14
docs/api.md
@@ -91,8 +91,7 @@ List all currently active permanent whitelisted IPs.
|
|||||||
```json
|
```json
|
||||||
[
|
[
|
||||||
{
|
{
|
||||||
"ip": "1.2.3.4",
|
"entry": "203.0.113.10"
|
||||||
"reason": "my laptop",
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
@@ -111,6 +110,15 @@ Retrieve audit log entries.
|
|||||||
|
|
||||||
**Authorization:** Bearer `{API_TOKEN}`
|
**Authorization:** Bearer `{API_TOKEN}`
|
||||||
|
|
||||||
|
**Query parameters:**
|
||||||
|
|
||||||
|
| Parameter | Type | Required | Default | Description |
|
||||||
|
|-----------|--------|----------|---------|---------------------------------------------------------------------|
|
||||||
|
| `action` | string | No | | Filter by action type (`add_temp`, `delete_temp`, `add_perm`, etc.) |
|
||||||
|
| `ip` | string | No | | Filter by IP address |
|
||||||
|
| `limit` | int | No | 200 | Number of entries to return (max 1000) |
|
||||||
|
| `offset` | int | No | 0 | Number of entries to skip |
|
||||||
|
|
||||||
**Response body:**
|
**Response body:**
|
||||||
|
|
||||||
```json
|
```json
|
||||||
@@ -137,7 +145,7 @@ curl -X GET http://127.0.0.1:8080/api/logs \
|
|||||||
|
|
||||||
The NGINX auth_request endpoint. Do NOT call this directly.
|
The NGINX auth_request endpoint. Do NOT call this directly.
|
||||||
|
|
||||||
**Response:** 200 (allow) or 401 (deny)
|
**Response:** 204 No Content (allow) or 401 (deny)
|
||||||
|
|
||||||
### GET /status
|
### GET /status
|
||||||
|
|
||||||
|
|||||||
56
openapi.yaml
56
openapi.yaml
@@ -20,7 +20,7 @@ paths:
|
|||||||
summary: Auth check (NGINX auth_request)
|
summary: Auth check (NGINX auth_request)
|
||||||
description: |
|
description: |
|
||||||
The NGINX auth_request endpoint. Do NOT call this directly.
|
The NGINX auth_request endpoint. Do NOT call this directly.
|
||||||
Returns 200 if the client IP is whitelisted, 401 otherwise.
|
Returns 204 if the client IP is whitelisted, 401 otherwise.
|
||||||
Only checks permanent and temporary IP whitelists.
|
Only checks permanent and temporary IP whitelists.
|
||||||
operationId: checkAuth
|
operationId: checkAuth
|
||||||
parameters:
|
parameters:
|
||||||
@@ -31,13 +31,8 @@ paths:
|
|||||||
type: string
|
type: string
|
||||||
description: Client IP set by NGINX
|
description: Client IP set by NGINX
|
||||||
responses:
|
responses:
|
||||||
'200':
|
'204':
|
||||||
description: OK
|
description: No Content — IP is whitelisted
|
||||||
content:
|
|
||||||
text/plain:
|
|
||||||
schema:
|
|
||||||
type: string
|
|
||||||
example: "ok"
|
|
||||||
'401':
|
'401':
|
||||||
description: Unauthorized — IP not whitelisted
|
description: Unauthorized — IP not whitelisted
|
||||||
|
|
||||||
@@ -98,8 +93,8 @@ paths:
|
|||||||
description: Unauthorized — invalid API token
|
description: Unauthorized — invalid API token
|
||||||
'500':
|
'500':
|
||||||
description: Internal error — database failure
|
description: Internal error — database failure
|
||||||
|
'405':
|
||||||
/api/whitelist/temp/list:
|
description: Method not allowed — only POST is supported
|
||||||
get:
|
get:
|
||||||
summary: List temporary whitelisted IPs
|
summary: List temporary whitelisted IPs
|
||||||
description: List all currently active temporary whitelisted IPs.
|
description: List all currently active temporary whitelisted IPs.
|
||||||
@@ -190,7 +185,7 @@ paths:
|
|||||||
get:
|
get:
|
||||||
summary: List permanent whitelisted IPs
|
summary: List permanent whitelisted IPs
|
||||||
description: List all currently active permanent whitelisted IPs.
|
description: List all currently active permanent whitelisted IPs.
|
||||||
operationId: listTempWhitelist
|
operationId: listPermWhitelist
|
||||||
responses:
|
responses:
|
||||||
'200':
|
'200':
|
||||||
description: List of permanent whitelisted IPs
|
description: List of permanent whitelisted IPs
|
||||||
@@ -201,12 +196,9 @@ paths:
|
|||||||
items:
|
items:
|
||||||
type: object
|
type: object
|
||||||
properties:
|
properties:
|
||||||
ip:
|
entry:
|
||||||
type: string
|
type: string
|
||||||
example: "1.2.3.4"
|
example: "203.0.113.10"
|
||||||
reason:
|
|
||||||
type: string
|
|
||||||
example: "my laptop"
|
|
||||||
'401':
|
'401':
|
||||||
description: Unauthorized — invalid API token
|
description: Unauthorized — invalid API token
|
||||||
'500':
|
'500':
|
||||||
@@ -238,10 +230,40 @@ paths:
|
|||||||
get:
|
get:
|
||||||
summary: Retrieve audit log entries
|
summary: Retrieve audit log entries
|
||||||
description: |
|
description: |
|
||||||
Retrieve the last 200 audit log entries.
|
Retrieve the last 200 audit log entries (up to 1000 with `limit`).
|
||||||
Each entry records a whitelist operation with its timestamp, action, affected IP,
|
Each entry records a whitelist operation with its timestamp, action, affected IP,
|
||||||
and the IP of the API client that performed the action.
|
and the IP of the API client that performed the action.
|
||||||
operationId: getLogs
|
operationId: getLogs
|
||||||
|
parameters:
|
||||||
|
- name: action
|
||||||
|
in: query
|
||||||
|
required: false
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
description: Filter by action type (add_temp, delete_temp, add_perm, delete_perm, expire_temp)
|
||||||
|
- name: ip
|
||||||
|
in: query
|
||||||
|
required: false
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
description: Filter by IP address
|
||||||
|
- name: limit
|
||||||
|
in: query
|
||||||
|
required: false
|
||||||
|
schema:
|
||||||
|
type: integer
|
||||||
|
minimum: 1
|
||||||
|
maximum: 1000
|
||||||
|
default: 200
|
||||||
|
description: Number of entries to return (default 200, max 1000)
|
||||||
|
- name: offset
|
||||||
|
in: query
|
||||||
|
required: false
|
||||||
|
schema:
|
||||||
|
type: integer
|
||||||
|
minimum: 0
|
||||||
|
default: 0
|
||||||
|
description: Number of entries to skip (default 0)
|
||||||
responses:
|
responses:
|
||||||
'200':
|
'200':
|
||||||
description: List of audit log entries
|
description: List of audit log entries
|
||||||
|
|||||||
Reference in New Issue
Block a user