Files
auth-proxy/openapi.yaml
db123-test 30adeeebed fix: fix temporary whitelist IP listing endpoint
Fix new API endpoint `/api/whitelist/temp/list` to retrieve currently
active temporary whitelisted IPs. Also clean up trailing whitespace in
the permanent whitelist endpoint section.
2026-05-05 18:39:17 +03:30

366 lines
11 KiB
YAML

openapi: "3.0.3"
info:
title: Auth-proxy API
description: Lightweight Go auth gateway for IP-based whitelisting with temporary entries and audit logging.
version: "1.0.0"
contact:
name: Auth-proxy Project
url: https://github.com/db123/auth-proxy
servers:
- url: http://127.0.0.1:8080
description: Local development server
security:
- BearerAuth: []
paths:
/auth:
get:
summary: Auth check (NGINX auth_request)
description: |
The NGINX auth_request endpoint. Do NOT call this directly.
Returns 204 if the client IP is whitelisted, 401 otherwise.
Only checks permanent and temporary IP whitelists.
operationId: checkAuth
parameters:
- name: X-Real-IP
in: header
required: true
schema:
type: string
description: Client IP set by NGINX
responses:
'204':
description: No Content — IP is whitelisted
'401':
description: Unauthorized — IP not whitelisted
/status:
get:
summary: Health check
description: Returns JSON with uptime, DB status, and whitelist counts.
operationId: healthCheck
security: []
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
properties:
status:
type: string
example: "ok"
uptime:
type: string
example: "1h30m0s"
perm_whitelist_count:
type: integer
example: 15
temp_whitelist_count:
type: integer
example: 3
db_ok:
type: boolean
example: true
/api/whitelist/temp:
post:
summary: Add a temporary whitelisted IP
description: Create a temporary whitelisted IP entry with a TTL.
operationId: addTempWhitelist
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- ip
- ttl_seconds
properties:
ip:
type: string
description: The IP address to whitelist
example: "1.2.3.4"
ttl_seconds:
type: integer
description: Time-to-live in seconds
minimum: 1
example: 300
reason:
type: string
description: Optional reason for whitelisting
example: "admin laptop"
responses:
'204':
description: Created
'400':
description: Bad request — missing or invalid parameters
content:
text/plain:
schema:
type: string
example: "ip and ttl_seconds required"
'401':
description: Unauthorized — invalid API token
'500':
description: Internal error — database failure
'405':
description: Method not allowed — only POST is supported
/api/whitelist/temp/list:
get:
summary: List temporary whitelisted IPs
description: List all currently active temporary whitelisted IPs.
operationId: listTempWhitelist
parameters:
- name: limit
in: query
required: false
schema:
type: integer
minimum: 1
maximum: 1000
default: 200
description: Number of entries to return (default 200, max 1000)
- name: offset
in: query
required: false
schema:
type: integer
minimum: 0
default: 0
description: Number of entries to skip (default 0)
responses:
'200':
description: List of temporary whitelisted IPs
content:
application/json:
schema:
type: array
items:
type: object
properties:
ip:
type: string
example: "1.2.3.4"
reason:
type: string
example: "my laptop"
expires:
type: string
format: date-time
example: "2024-01-01T12:05:00Z"
'401':
description: Unauthorized — invalid API token
'500':
description: Internal error — database failure
/api/whitelist/temp/{ip}:
delete:
summary: Remove a temporary whitelisted IP
description: Remove a specific temporary whitelisted IP entry.
operationId: deleteTempWhitelist
parameters:
- name: ip
in: path
required: true
schema:
type: string
description: The IP address to remove
responses:
'204':
description: Deleted
'400':
description: Bad request — IP required
'401':
description: Unauthorized — invalid API token
'500':
description: Internal error
/api/whitelist/perm:
post:
summary: Add a permanent whitelisted IP or CIDR
description: Add a permanent whitelisted IP address or CIDR range.
operationId: addPermWhitelist
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- ip
properties:
ip:
type: string
description: IP address or CIDR range to whitelist
example: "203.0.113.10"
responses:
'204':
description: Created
'400':
description: Bad request — missing ip or invalid ip (must be valid IP or CIDR range)
'401':
description: Unauthorized — invalid API token
'409':
description: Conflict — ip already exists
content:
text/plain:
schema:
type: string
example: "ip already exists"
'500':
description: Internal error
/api/whitelist/perm/list:
get:
summary: List permanent whitelisted IPs
description: List all currently active permanent whitelisted IPs.
operationId: listPermWhitelist
parameters:
- name: limit
in: query
required: false
schema:
type: integer
minimum: 1
maximum: 1000
default: 200
description: Number of entries to return (default 200, max 1000)
- name: offset
in: query
required: false
schema:
type: integer
minimum: 0
default: 0
description: Number of entries to skip (default 0)
responses:
'200':
description: List of permanent whitelisted IPs
content:
application/json:
schema:
type: array
items:
type: object
properties:
ip:
type: string
example: "203.0.113.10"
'401':
description: Unauthorized — invalid API token
'500':
description: Internal error — database failure
/api/whitelist/perm/{ip}:
delete:
summary: Remove a permanent whitelisted IP or CIDR
description: Remove a permanent whitelisted IP address or CIDR range.
operationId: deletePermWhitelist
parameters:
- name: ip
in: path
required: true
schema:
type: string
description: The IP address or CIDR range to remove
responses:
'204':
description: Deleted
'400':
description: Bad request — ip required
'401':
description: Unauthorized — invalid API token
'500':
description: Internal error
/api/logs:
get:
summary: Retrieve audit log entries
description: |
Retrieve the last 200 audit log entries (up to 1000 with `limit`).
Each entry records a whitelist operation with its timestamp, action, affected IP,
and the IP of the API client that performed the action.
The audit log is automatically rotated to a maximum of 200,000 entries.
operationId: getLogs
parameters:
- name: action
in: query
required: false
schema:
type: string
description: Filter by action type (add_temp, delete_temp, add_perm, delete_perm, expire_temp)
- name: ip
in: query
required: false
schema:
type: string
description: Filter by IP address
- name: limit
in: query
required: false
schema:
type: integer
minimum: 1
maximum: 1000
default: 200
description: Number of entries to return (default 200, max 1000)
- name: offset
in: query
required: false
schema:
type: integer
minimum: 0
default: 0
description: Number of entries to skip (default 0)
responses:
'200':
description: List of audit log entries
content:
application/json:
schema:
type: array
items:
type: object
properties:
timestamp:
type: string
format: date-time
example: "2024-01-01T12:00:00Z"
action:
type: string
example: "add_temp"
ip:
type: string
nullable: true
example: "1.2.3.4"
ttl_seconds:
type: integer
nullable: true
example: 300
reason:
type: string
nullable: true
example: "admin laptop"
api_client_ip:
type: string
nullable: true
example: "10.0.0.1"
'401':
description: Unauthorized — invalid API token
'500':
description: Internal error — database failure
components:
securitySchemes:
BearerAuth:
type: http
scheme: bearer
bearerFormat: token
description: API token for authenticating to the API endpoints