init: added the base files by ai and debugged by hand

it's great but currently it has a basic error which is go nil pointer dereference

WIP
This commit is contained in:
db123-test
2026-05-03 16:17:04 +03:30
commit b02b720dc6
16 changed files with 1265 additions and 0 deletions

85
docs/api.md Normal file
View File

@@ -0,0 +1,85 @@
# Auth-gate API Reference
## Endpoints
### POST /api/whitelist/temp
Create a temporary whitelisted IP.
**Authorization:** Bearer `{API_TOKEN}`
**Request body:**
```json
{
"ip": "1.2.3.4",
"ttl_seconds": 300,
"reason": "my laptop"
}
```
**Response:** 204 No Content
**Example:**
```bash
curl -X POST http://127.0.0.1:8080/api/whitelist/temp \
-H "Authorization: Bearer CHANGE_ME" \
-H "Content-Type: application/json" \
-d '{"ip":"203.0.113.10","ttl_seconds":300,"reason":"admin laptop"}'
```
### GET /api/whitelist
List all currently active temporary whitelisted IPs.
**Authorization:** Bearer `{API_TOKEN}`
**Response body:**
```json
[
{
"ip": "1.2.3.4",
"reason": "my laptop",
"expires": "2024-01-01T12:05:00Z"
}
]
```
### DELETE /api/whitelist/{ip}
Remove a temporary whitelisted IP.
**Authorization:** Bearer `{API_TOKEN}`
**Response:** 204 No Content
### GET /auth
The NGINX auth_request endpoint. Do NOT call this directly.
**Response:** 200 (allow) or 401 (deny)
### GET /status
Health check.
**Response:** 200 `ok`
## Auth endpoint
The `/auth` endpoint uses HTTP Basic Auth for the fallback.
**Example:**
```bash
curl -u user:pass http://127.0.0.1:8080/auth
```
## Security notes
- The API is not exposed publicly. It's only accessible from NGINX via Docker
internal networking.
- The API token is the only secret for the API. Keep it in the environment.
- The Basic Auth credentials are set via environment variables. Use strong passwords.