fix: simplify whitelist entries and update logs API

- Change whitelist response format to use single `entry` field instead of `ip` + `reason`
- Update auth endpoint to return 204 No Content instead of 200 with body
- Add 405 Method Not Allowed response for auth endpoint
- Fix operationId for permanent whitelist endpoint (was `listTempWhitelist`)
- Add query parameters for logs endpoint: action, ip, limit, offset
- Update documentation in docs/api.md and openapi.yaml
This commit is contained in:
db123-test
2026-05-04 13:27:06 +03:30
parent 252c617769
commit a281012fc4
2 changed files with 50 additions and 20 deletions

View File

@@ -91,8 +91,7 @@ List all currently active permanent whitelisted IPs.
```json ```json
[ [
{ {
"ip": "1.2.3.4", "entry": "203.0.113.10"
"reason": "my laptop",
} }
] ]
``` ```
@@ -111,6 +110,15 @@ Retrieve audit log entries.
**Authorization:** Bearer `{API_TOKEN}` **Authorization:** Bearer `{API_TOKEN}`
**Query parameters:**
| Parameter | Type | Required | Default | Description |
|-----------|--------|----------|---------|---------------------------------------------------------------------|
| `action` | string | No | | Filter by action type (`add_temp`, `delete_temp`, `add_perm`, etc.) |
| `ip` | string | No | | Filter by IP address |
| `limit` | int | No | 200 | Number of entries to return (max 1000) |
| `offset` | int | No | 0 | Number of entries to skip |
**Response body:** **Response body:**
```json ```json
@@ -137,7 +145,7 @@ curl -X GET http://127.0.0.1:8080/api/logs \
The NGINX auth_request endpoint. Do NOT call this directly. The NGINX auth_request endpoint. Do NOT call this directly.
**Response:** 200 (allow) or 401 (deny) **Response:** 204 No Content (allow) or 401 (deny)
### GET /status ### GET /status

View File

@@ -20,7 +20,7 @@ paths:
summary: Auth check (NGINX auth_request) summary: Auth check (NGINX auth_request)
description: | description: |
The NGINX auth_request endpoint. Do NOT call this directly. The NGINX auth_request endpoint. Do NOT call this directly.
Returns 200 if the client IP is whitelisted, 401 otherwise. Returns 204 if the client IP is whitelisted, 401 otherwise.
Only checks permanent and temporary IP whitelists. Only checks permanent and temporary IP whitelists.
operationId: checkAuth operationId: checkAuth
parameters: parameters:
@@ -31,13 +31,8 @@ paths:
type: string type: string
description: Client IP set by NGINX description: Client IP set by NGINX
responses: responses:
'200': '204':
description: OK description: No Content — IP is whitelisted
content:
text/plain:
schema:
type: string
example: "ok"
'401': '401':
description: Unauthorized — IP not whitelisted description: Unauthorized — IP not whitelisted
@@ -98,8 +93,8 @@ paths:
description: Unauthorized — invalid API token description: Unauthorized — invalid API token
'500': '500':
description: Internal error — database failure description: Internal error — database failure
'405':
/api/whitelist/temp/list: description: Method not allowed — only POST is supported
get: get:
summary: List temporary whitelisted IPs summary: List temporary whitelisted IPs
description: List all currently active temporary whitelisted IPs. description: List all currently active temporary whitelisted IPs.
@@ -190,7 +185,7 @@ paths:
get: get:
summary: List permanent whitelisted IPs summary: List permanent whitelisted IPs
description: List all currently active permanent whitelisted IPs. description: List all currently active permanent whitelisted IPs.
operationId: listTempWhitelist operationId: listPermWhitelist
responses: responses:
'200': '200':
description: List of permanent whitelisted IPs description: List of permanent whitelisted IPs
@@ -201,12 +196,9 @@ paths:
items: items:
type: object type: object
properties: properties:
ip: entry:
type: string type: string
example: "1.2.3.4" example: "203.0.113.10"
reason:
type: string
example: "my laptop"
'401': '401':
description: Unauthorized — invalid API token description: Unauthorized — invalid API token
'500': '500':
@@ -238,10 +230,40 @@ paths:
get: get:
summary: Retrieve audit log entries summary: Retrieve audit log entries
description: | description: |
Retrieve the last 200 audit log entries. Retrieve the last 200 audit log entries (up to 1000 with `limit`).
Each entry records a whitelist operation with its timestamp, action, affected IP, Each entry records a whitelist operation with its timestamp, action, affected IP,
and the IP of the API client that performed the action. and the IP of the API client that performed the action.
operationId: getLogs operationId: getLogs
parameters:
- name: action
in: query
required: false
schema:
type: string
description: Filter by action type (add_temp, delete_temp, add_perm, delete_perm, expire_temp)
- name: ip
in: query
required: false
schema:
type: string
description: Filter by IP address
- name: limit
in: query
required: false
schema:
type: integer
minimum: 1
maximum: 1000
default: 200
description: Number of entries to return (default 200, max 1000)
- name: offset
in: query
required: false
schema:
type: integer
minimum: 0
default: 0
description: Number of entries to skip (default 0)
responses: responses:
'200': '200':
description: List of audit log entries description: List of audit log entries