Commit Graph

12 Commits

Author SHA1 Message Date
db123-test
f525eaa8f3 feat: enhance auth, add input validation and pagination
- Add IP validation in auth handler with detailed logging
- Implement apiKeyMiddleware helper for API key verification
- Add IP and CIDR validation for whitelist operations
- Support pagination for listing temp and permanent entries
- Add parsePagination helper to extract limit and offset
- Include comprehensive unit tests for IsIP, IsCIDR, and IPMatch
2026-05-05 11:34:35 +03:30
db123-test
93c9eb2a45 refactor(db): replace cidr with ip column in audit_log table
Remove the cidr column from the audit_log table schema and
update all INSERT statements to use the ip column instead,
aligning the field name with the actual data being stored.
2026-05-05 11:02:45 +03:30
db123-test
a352adb441 fix: use sql.NullString for reason field in audit log
Update reason field handling in auth.go and db.go to properly support
NULL values using sql.NullString. When inserting expired temp entries
and serializing logs to JSON, extract the string value to avoid
JSON marshaling issues with nullable fields.
2026-05-04 17:48:18 +03:30
db123-test
6425158f61 refactor: format SQL queries with multi-line style
Improve readability of SQL queries in db.go by formatting them
with consistent multi-line style. This change affects all database
operations including AddPermanentEntry, DeletePermanentEntry,
AddTempEntry, DeleteTempEntry, and CleanupExpiredTemp.

Also simplifies DeletePermanentEntry and DeleteTempEntry by removing
the RowsAffected() checks - audit logging is now executed unconditionally
regardless of whether rows were actually affected.
2026-05-04 17:10:54 +03:30
db123-test
5a811241e1 refactor: replace PostgreSQL placeholders with generic SQL syntax and add audit logging for duplicate entries
- Replace $%d placeholders with ? in logsHandler for database abstraction
- Remove unused argIndex variable in auth.go
- Log duplicate permanent whitelist insertions to audit_log in db.go
2026-05-04 15:17:12 +03:30
db123-test
252c617769 fix: handle errors from audit log INSERT statements
Previously, errors from INSERT INTO audit_log were silently discarded using _, _, which
meant audit log failures could go unnoticed during add/delete/cleanup operations.

The changes now properly capture and return errors for permanent entry operations and
temporary entry operations, except for cleanupExpiredTemp which logs warnings instead
of failing the entire cleanup process when individual audit log entries fail.
2026-05-04 13:16:58 +03:30
db123-test
327827da69 refactor(db): remove unnecessary created_at column from perm whitelist query
The `created_at` field is no longer needed in the result set,
so it was removed from the SELECT query to reduce data transfer
and simplify the response.
2026-05-04 13:03:16 +03:30
db123-test
82f391f129 fix: initialize slices explicitly and improve uniqueness check robustness
- Initialize list slices with make() to avoid nil slices in ListTempEntries and ListPermEntries
- Use strings.Contains() for uniqueness constraint checking to handle variations in error messages
2026-05-04 12:10:41 +03:30
db123-test
39747cc151 fix: list permanent whitelist entries sorted by creation time
Update ListPermEntries to return entry field instead of ip and
sort results by created_at. Update the handler in auth.go to call
ListPermEntries instead of ListTempEntries for the whitelist endpoint.
2026-05-04 11:35:02 +03:30
db123-test
7221feb6d4 feat: add permanent whitelist list endpoint and rename DB table
- Add GET /api/whitelist/perm/list to list permanent whitelisted entries
- Implement permWhitelistListHandler with API key verification
- Rename permanent_whitelist table to perm_whitelist for consistency
- Update default DB path from ./data to /data
- Comment out build job in CI/CD workflow
2026-05-04 11:29:01 +03:30
db123-test
515de33837 feat: add SQLite persistence and REST API for temporary whitelisting
- Migrate IP-based temporary whitelisting from file to SQLite storage
- Add REST API endpoints for managing temporary and permanent whitelists
- Create `.env.example` with required environment variables
- Document API endpoints in README.md and docs/api.md
- Add new dependency `modernc.org/sqlite` for SQLite support
- Update deployment and security documentation
2026-05-04 09:08:11 +03:30
d82ab73336 refactor: added ton of sqlite helpers and used sqlite for all the whitelists 2026-05-04 08:29:36 +03:30