fix: simplify whitelist entries and update logs API
- Change whitelist response format to use single `entry` field instead of `ip` + `reason` - Update auth endpoint to return 204 No Content instead of 200 with body - Add 405 Method Not Allowed response for auth endpoint - Fix operationId for permanent whitelist endpoint (was `listTempWhitelist`) - Add query parameters for logs endpoint: action, ip, limit, offset - Update documentation in docs/api.md and openapi.yaml
This commit is contained in:
14
docs/api.md
14
docs/api.md
@@ -91,8 +91,7 @@ List all currently active permanent whitelisted IPs.
|
||||
```json
|
||||
[
|
||||
{
|
||||
"ip": "1.2.3.4",
|
||||
"reason": "my laptop",
|
||||
"entry": "203.0.113.10"
|
||||
}
|
||||
]
|
||||
```
|
||||
@@ -111,6 +110,15 @@ Retrieve audit log entries.
|
||||
|
||||
**Authorization:** Bearer `{API_TOKEN}`
|
||||
|
||||
**Query parameters:**
|
||||
|
||||
| Parameter | Type | Required | Default | Description |
|
||||
|-----------|--------|----------|---------|---------------------------------------------------------------------|
|
||||
| `action` | string | No | | Filter by action type (`add_temp`, `delete_temp`, `add_perm`, etc.) |
|
||||
| `ip` | string | No | | Filter by IP address |
|
||||
| `limit` | int | No | 200 | Number of entries to return (max 1000) |
|
||||
| `offset` | int | No | 0 | Number of entries to skip |
|
||||
|
||||
**Response body:**
|
||||
|
||||
```json
|
||||
@@ -137,7 +145,7 @@ curl -X GET http://127.0.0.1:8080/api/logs \
|
||||
|
||||
The NGINX auth_request endpoint. Do NOT call this directly.
|
||||
|
||||
**Response:** 200 (allow) or 401 (deny)
|
||||
**Response:** 204 No Content (allow) or 401 (deny)
|
||||
|
||||
### GET /status
|
||||
|
||||
|
||||
56
openapi.yaml
56
openapi.yaml
@@ -20,7 +20,7 @@ paths:
|
||||
summary: Auth check (NGINX auth_request)
|
||||
description: |
|
||||
The NGINX auth_request endpoint. Do NOT call this directly.
|
||||
Returns 200 if the client IP is whitelisted, 401 otherwise.
|
||||
Returns 204 if the client IP is whitelisted, 401 otherwise.
|
||||
Only checks permanent and temporary IP whitelists.
|
||||
operationId: checkAuth
|
||||
parameters:
|
||||
@@ -31,13 +31,8 @@ paths:
|
||||
type: string
|
||||
description: Client IP set by NGINX
|
||||
responses:
|
||||
'200':
|
||||
description: OK
|
||||
content:
|
||||
text/plain:
|
||||
schema:
|
||||
type: string
|
||||
example: "ok"
|
||||
'204':
|
||||
description: No Content — IP is whitelisted
|
||||
'401':
|
||||
description: Unauthorized — IP not whitelisted
|
||||
|
||||
@@ -98,8 +93,8 @@ paths:
|
||||
description: Unauthorized — invalid API token
|
||||
'500':
|
||||
description: Internal error — database failure
|
||||
|
||||
/api/whitelist/temp/list:
|
||||
'405':
|
||||
description: Method not allowed — only POST is supported
|
||||
get:
|
||||
summary: List temporary whitelisted IPs
|
||||
description: List all currently active temporary whitelisted IPs.
|
||||
@@ -190,7 +185,7 @@ paths:
|
||||
get:
|
||||
summary: List permanent whitelisted IPs
|
||||
description: List all currently active permanent whitelisted IPs.
|
||||
operationId: listTempWhitelist
|
||||
operationId: listPermWhitelist
|
||||
responses:
|
||||
'200':
|
||||
description: List of permanent whitelisted IPs
|
||||
@@ -201,12 +196,9 @@ paths:
|
||||
items:
|
||||
type: object
|
||||
properties:
|
||||
ip:
|
||||
entry:
|
||||
type: string
|
||||
example: "1.2.3.4"
|
||||
reason:
|
||||
type: string
|
||||
example: "my laptop"
|
||||
example: "203.0.113.10"
|
||||
'401':
|
||||
description: Unauthorized — invalid API token
|
||||
'500':
|
||||
@@ -238,10 +230,40 @@ paths:
|
||||
get:
|
||||
summary: Retrieve audit log entries
|
||||
description: |
|
||||
Retrieve the last 200 audit log entries.
|
||||
Retrieve the last 200 audit log entries (up to 1000 with `limit`).
|
||||
Each entry records a whitelist operation with its timestamp, action, affected IP,
|
||||
and the IP of the API client that performed the action.
|
||||
operationId: getLogs
|
||||
parameters:
|
||||
- name: action
|
||||
in: query
|
||||
required: false
|
||||
schema:
|
||||
type: string
|
||||
description: Filter by action type (add_temp, delete_temp, add_perm, delete_perm, expire_temp)
|
||||
- name: ip
|
||||
in: query
|
||||
required: false
|
||||
schema:
|
||||
type: string
|
||||
description: Filter by IP address
|
||||
- name: limit
|
||||
in: query
|
||||
required: false
|
||||
schema:
|
||||
type: integer
|
||||
minimum: 1
|
||||
maximum: 1000
|
||||
default: 200
|
||||
description: Number of entries to return (default 200, max 1000)
|
||||
- name: offset
|
||||
in: query
|
||||
required: false
|
||||
schema:
|
||||
type: integer
|
||||
minimum: 0
|
||||
default: 0
|
||||
description: Number of entries to skip (default 0)
|
||||
responses:
|
||||
'200':
|
||||
description: List of audit log entries
|
||||
|
||||
Reference in New Issue
Block a user