swissmakers_gmbh/fail2ban-ui
12
1
Fork 0
mirror of https://github.com/swissmakers/fail2ban-ui.git synced 2026-04-19 06:53:14 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
9e1be2560c7aa86d0612492edc7d1a2ff99d9dcc
fail2ban-ui/internal/fail2ban/connector_agent.go

442 lines
13 KiB
Go
Raw Normal View History

Refactor the whole backend to support remote-fail2ban machines over ssh or over a agent-api(needs to be build)
2025-11-12 15:52:34 +01:00
package fail2ban
import (
"bytes"
"context"
"encoding/json"
"fmt"
"io"
"net/http"
"net/url"
"path"
"strings"
"time"
"github.com/swissmakers/fail2ban-ui/internal/config"
)
Restructure an adding basic sections 2/2
2026-02-19 19:24:18 +01:00
// =========================================================================
// Types
// =========================================================================
// Connector for a remote Fail2ban-Agent via HTTP API.
Refactor the whole backend to support remote-fail2ban machines over ssh or over a agent-api(needs to be build)
2025-11-12 15:52:34 +01:00
type AgentConnector struct {
server config.Fail2banServer
base *url.URL
client *http.Client
}
Restructure an adding basic sections 2/2
2026-02-19 19:24:18 +01:00
// =========================================================================
// Constructor
// =========================================================================
// Create a new AgentConnector for the given server config.
Refactor the whole backend to support remote-fail2ban machines over ssh or over a agent-api(needs to be build)
2025-11-12 15:52:34 +01:00
func NewAgentConnector(server config.Fail2banServer) (Connector, error) {
if server.AgentURL == "" {
return nil, fmt.Errorf("agentUrl is required for agent connector")
}
if server.AgentSecret == "" {
return nil, fmt.Errorf("agentSecret is required for agent connector")
}
parsed, err := url.Parse(server.AgentURL)
if err != nil {
return nil, fmt.Errorf("invalid agentUrl: %w", err)
}
if parsed.Scheme == "" {
parsed.Scheme = "https"
}
client := &http.Client{
Timeout: 15 * time.Second,
}
conn := &AgentConnector{
server: server,
base: parsed,
client: client,
}
if err := conn.ensureAction(context.Background()); err != nil {
fmt.Printf("warning: failed to ensure agent action for %s: %v\n", server.Name, err)
}
return conn, nil
}
Restructure an adding basic sections 2/2
2026-02-19 19:24:18 +01:00
// =========================================================================
// Connector Functions
// =========================================================================
Refactor the whole backend to support remote-fail2ban machines over ssh or over a agent-api(needs to be build)
2025-11-12 15:52:34 +01:00
func (ac *AgentConnector) ID() string {
return ac.server.ID
}
func (ac *AgentConnector) Server() config.Fail2banServer {
return ac.server
}
func (ac *AgentConnector) ensureAction(ctx context.Context) error {
Implement X-Callback-Secret for validating API requests
2025-12-15 23:16:48 +01:00
settings := config.GetSettings()
Refactor the whole backend to support remote-fail2ban machines over ssh or over a agent-api(needs to be build)
2025-11-12 15:52:34 +01:00
payload := map[string]any{
"name": "ui-custom-action",
Implement X-Callback-Secret for validating API requests
2025-12-15 23:16:48 +01:00
"config": config.BuildFail2banActionConfig(config.GetCallbackURL(), ac.server.ID, settings.CallbackSecret),
Refactor the whole backend to support remote-fail2ban machines over ssh or over a agent-api(needs to be build)
2025-11-12 15:52:34 +01:00
"callbackUrl": config.GetCallbackURL(),
"setDefault": true,
}
return ac.put(ctx, "/v1/actions/ui-custom", payload, nil)
}
func (ac *AgentConnector) GetJailInfos(ctx context.Context) ([]JailInfo, error) {
var resp struct {
Jails []JailInfo `json:"jails"`
}
if err := ac.get(ctx, "/v1/jails", &resp); err != nil {
return nil, err
}
return resp.Jails, nil
}
func (ac *AgentConnector) GetBannedIPs(ctx context.Context, jail string) ([]string, error) {
var resp struct {
Jail string `json:"jail"`
BannedIPs []string `json:"bannedIPs"`
TotalBanned int `json:"totalBanned"`
}
if err := ac.get(ctx, fmt.Sprintf("/v1/jails/%s", url.PathEscape(jail)), &resp); err != nil {
return nil, err
}
if len(resp.BannedIPs) > 0 {
return resp.BannedIPs, nil
}
return []string{}, nil
}
func (ac *AgentConnector) UnbanIP(ctx context.Context, jail, ip string) error {
payload := map[string]string{"ip": ip}
return ac.post(ctx, fmt.Sprintf("/v1/jails/%s/unban", url.PathEscape(jail)), payload, nil)
}
Added manual block section and BanIP method to for all connectors, like the UnbanIP functionallity
2026-01-07 16:14:48 +01:00
func (ac *AgentConnector) BanIP(ctx context.Context, jail, ip string) error {
payload := map[string]string{"ip": ip}
return ac.post(ctx, fmt.Sprintf("/v1/jails/%s/ban", url.PathEscape(jail)), payload, nil)
}
Refactor the whole backend to support remote-fail2ban machines over ssh or over a agent-api(needs to be build)
2025-11-12 15:52:34 +01:00
func (ac *AgentConnector) Reload(ctx context.Context) error {
return ac.post(ctx, "/v1/actions/reload", nil, nil)
}
func (ac *AgentConnector) Restart(ctx context.Context) error {
return ac.post(ctx, "/v1/actions/restart", nil, nil)
}
Cleanup the fal2ban restart trigger functions, and improove error handling
2025-12-17 19:16:20 +01:00
func (ac *AgentConnector) RestartWithMode(ctx context.Context) (string, error) {
if err := ac.Restart(ctx); err != nil {
return "restart", err
}
return "restart", nil
}
Restructure an adding basic sections 2/2
2026-02-19 19:24:18 +01:00
// =========================================================================
// Filter Operations
// =========================================================================
Fix loading wrong filter problem, implement creation and deletion of filters and jails, fix some css mismatches, update the handlers and routes
2025-12-30 01:10:49 +01:00
func (ac *AgentConnector) GetFilterConfig(ctx context.Context, jail string) (string, string, error) {
Refactor the whole backend to support remote-fail2ban machines over ssh or over a agent-api(needs to be build)
2025-11-12 15:52:34 +01:00
var resp struct {
Fix loading wrong filter problem, implement creation and deletion of filters and jails, fix some css mismatches, update the handlers and routes
2025-12-30 01:10:49 +01:00
Config string `json:"config"`
FilePath string `json:"filePath"`
Refactor the whole backend to support remote-fail2ban machines over ssh or over a agent-api(needs to be build)
2025-11-12 15:52:34 +01:00
}
if err := ac.get(ctx, fmt.Sprintf("/v1/filters/%s", url.PathEscape(jail)), &resp); err != nil {
Fix loading wrong filter problem, implement creation and deletion of filters and jails, fix some css mismatches, update the handlers and routes
2025-12-30 01:10:49 +01:00
return "", "", err
}
filePath := resp.FilePath
if filePath == "" {
filePath = fmt.Sprintf("/etc/fail2ban/filter.d/%s.local", jail)
Refactor the whole backend to support remote-fail2ban machines over ssh or over a agent-api(needs to be build)
2025-11-12 15:52:34 +01:00
}
Fix loading wrong filter problem, implement creation and deletion of filters and jails, fix some css mismatches, update the handlers and routes
2025-12-30 01:10:49 +01:00
return resp.Config, filePath, nil
Refactor the whole backend to support remote-fail2ban machines over ssh or over a agent-api(needs to be build)
2025-11-12 15:52:34 +01:00
}
func (ac *AgentConnector) SetFilterConfig(ctx context.Context, jail, content string) error {
payload := map[string]string{"config": content}
return ac.put(ctx, fmt.Sprintf("/v1/filters/%s", url.PathEscape(jail)), payload, nil)
}
Restructure an adding basic sections 2/2
2026-02-19 19:24:18 +01:00
// =========================================================================
// HTTP Helpers
// =========================================================================
Refactor the whole backend to support remote-fail2ban machines over ssh or over a agent-api(needs to be build)
2025-11-12 15:52:34 +01:00
func (ac *AgentConnector) get(ctx context.Context, endpoint string, out any) error {
req, err := ac.newRequest(ctx, http.MethodGet, endpoint, nil)
if err != nil {
return err
}
return ac.do(req, out)
}
func (ac *AgentConnector) post(ctx context.Context, endpoint string, payload any, out any) error {
req, err := ac.newRequest(ctx, http.MethodPost, endpoint, payload)
if err != nil {
return err
}
return ac.do(req, out)
}
func (ac *AgentConnector) put(ctx context.Context, endpoint string, payload any, out any) error {
req, err := ac.newRequest(ctx, http.MethodPut, endpoint, payload)
if err != nil {
return err
}
return ac.do(req, out)
}
Fix loading wrong filter problem, implement creation and deletion of filters and jails, fix some css mismatches, update the handlers and routes
2025-12-30 01:10:49 +01:00
func (ac *AgentConnector) delete(ctx context.Context, endpoint string, out any) error {
req, err := ac.newRequest(ctx, http.MethodDelete, endpoint, nil)
if err != nil {
return err
}
return ac.do(req, out)
}
Refactor the whole backend to support remote-fail2ban machines over ssh or over a agent-api(needs to be build)
2025-11-12 15:52:34 +01:00
func (ac *AgentConnector) newRequest(ctx context.Context, method, endpoint string, payload any) (*http.Request, error) {
u := *ac.base
u.Path = path.Join(ac.base.Path, strings.TrimPrefix(endpoint, "/"))
var body io.Reader
if payload != nil {
data, err := json.Marshal(payload)
if err != nil {
return nil, err
}
body = bytes.NewReader(data)
}
req, err := http.NewRequestWithContext(ctx, method, u.String(), body)
if err != nil {
return nil, err
}
if payload != nil {
req.Header.Set("Content-Type", "application/json")
}
req.Header.Set("Accept", "application/json")
req.Header.Set("X-F2B-Token", ac.server.AgentSecret)
return req, nil
}
func (ac *AgentConnector) do(req *http.Request, out any) error {
settingsSnapshot := config.GetSettings()
if settingsSnapshot.Debug {
config.DebugLog("Agent request [%s]: %s %s", ac.server.Name, req.Method, req.URL.String())
}
resp, err := ac.client.Do(req)
if err != nil {
if settingsSnapshot.Debug {
config.DebugLog("Agent request error [%s]: %v", ac.server.Name, err)
}
return fmt.Errorf("agent request failed: %w", err)
}
defer resp.Body.Close()
data, err := io.ReadAll(io.LimitReader(resp.Body, 4096))
if err != nil {
return err
}
trimmed := strings.TrimSpace(string(data))
if settingsSnapshot.Debug {
config.DebugLog("Agent response [%s]: %s | %s", ac.server.Name, resp.Status, trimmed)
}
if resp.StatusCode >= 400 {
return fmt.Errorf("agent request failed: %s (%s)", resp.Status, trimmed)
}
if out == nil {
return nil
}
if len(trimmed) == 0 {
return nil
}
return json.Unmarshal(data, out)
}
Fix the manage jails functions over ssh, also improve the speed or remote connections
2025-11-12 16:25:16 +01:00
Restructure an adding basic sections 2/2
2026-02-19 19:24:18 +01:00
// =========================================================================
// Jail Operations
// =========================================================================
Fix the manage jails functions over ssh, also improve the speed or remote connections
2025-11-12 16:25:16 +01:00
func (ac *AgentConnector) GetAllJails(ctx context.Context) ([]JailInfo, error) {
var resp struct {
Jails []JailInfo `json:"jails"`
}
if err := ac.get(ctx, "/v1/jails/all", &resp); err != nil {
return nil, err
}
return resp.Jails, nil
}
func (ac *AgentConnector) UpdateJailEnabledStates(ctx context.Context, updates map[string]bool) error {
return ac.post(ctx, "/v1/jails/update-enabled", updates, nil)
}
func (ac *AgentConnector) GetFilters(ctx context.Context) ([]string, error) {
var resp struct {
Filters []string `json:"filters"`
}
if err := ac.get(ctx, "/v1/filters", &resp); err != nil {
return nil, err
}
return resp.Filters, nil
}
Enhanced Filter Debug page with inline editing and improved SSH filter testing
2026-01-16 11:39:51 +01:00
func (ac *AgentConnector) TestFilter(ctx context.Context, filterName string, logLines []string, filterContent string) (string, string, error) {
Fix the manage jails functions over ssh, also improve the speed or remote connections
2025-11-12 16:25:16 +01:00
payload := map[string]any{
"filterName": filterName,
"logLines": logLines,
}
Enhanced Filter Debug page with inline editing and improved SSH filter testing
2026-01-16 11:39:51 +01:00
if filterContent != "" {
payload["filterContent"] = filterContent
}
Fix the manage jails functions over ssh, also improve the speed or remote connections
2025-11-12 16:25:16 +01:00
var resp struct {
In test filters also priorize .local filters over .conf filters and return always also the explicit used filter path in results
2025-12-06 13:11:15 +01:00
Output string `json:"output"`
FilterPath string `json:"filterPath"`
Fix the manage jails functions over ssh, also improve the speed or remote connections
2025-11-12 16:25:16 +01:00
}
if err := ac.post(ctx, "/v1/filters/test", payload, &resp); err != nil {
In test filters also priorize .local filters over .conf filters and return always also the explicit used filter path in results
2025-12-06 13:11:15 +01:00
return "", "", err
}
filterPath := resp.FilterPath
if filterPath == "" {
filterPath = fmt.Sprintf("/etc/fail2ban/filter.d/%s.conf", filterName)
Fix the manage jails functions over ssh, also improve the speed or remote connections
2025-11-12 16:25:16 +01:00
}
In test filters also priorize .local filters over .conf filters and return always also the explicit used filter path in results
2025-12-06 13:11:15 +01:00
return resp.Output, filterPath, nil
Fix the manage jails functions over ssh, also improve the speed or remote connections
2025-11-12 16:25:16 +01:00
}
Refactor jail.local and jail.d management
2025-12-03 20:43:44 +01:00
Fix loading wrong filter problem, implement creation and deletion of filters and jails, fix some css mismatches, update the handlers and routes
2025-12-30 01:10:49 +01:00
func (ac *AgentConnector) GetJailConfig(ctx context.Context, jail string) (string, string, error) {
Refactor jail.local and jail.d management
2025-12-03 20:43:44 +01:00
var resp struct {
Fix loading wrong filter problem, implement creation and deletion of filters and jails, fix some css mismatches, update the handlers and routes
2025-12-30 01:10:49 +01:00
Config string `json:"config"`
FilePath string `json:"filePath"`
Refactor jail.local and jail.d management
2025-12-03 20:43:44 +01:00
}
if err := ac.get(ctx, fmt.Sprintf("/v1/jails/%s/config", url.PathEscape(jail)), &resp); err != nil {
Fix loading wrong filter problem, implement creation and deletion of filters and jails, fix some css mismatches, update the handlers and routes
2025-12-30 01:10:49 +01:00
return "", "", err
Refactor jail.local and jail.d management
2025-12-03 20:43:44 +01:00
}
Fix loading wrong filter problem, implement creation and deletion of filters and jails, fix some css mismatches, update the handlers and routes
2025-12-30 01:10:49 +01:00
filePath := resp.FilePath
if filePath == "" {
filePath = fmt.Sprintf("/etc/fail2ban/jail.d/%s.local", jail)
}
return resp.Config, filePath, nil
Refactor jail.local and jail.d management
2025-12-03 20:43:44 +01:00
}
func (ac *AgentConnector) SetJailConfig(ctx context.Context, jail, content string) error {
payload := map[string]string{"config": content}
return ac.put(ctx, fmt.Sprintf("/v1/jails/%s/config", url.PathEscape(jail)), payload, nil)
}
Restructure an adding basic sections 2/2
2026-02-19 19:24:18 +01:00
// =========================================================================
// Logpath Operations
// =========================================================================
Refactor jail.local and jail.d management
2025-12-03 20:43:44 +01:00
func (ac *AgentConnector) TestLogpath(ctx context.Context, logpath string) ([]string, error) {
payload := map[string]string{"logpath": logpath}
var resp struct {
Files []string `json:"files"`
}
if err := ac.post(ctx, "/v1/jails/test-logpath", payload, &resp); err != nil {
Restructure an adding basic sections 2/2
2026-02-19 19:24:18 +01:00
return []string{}, nil
Refactor jail.local and jail.d management
2025-12-03 20:43:44 +01:00
}
return resp.Files, nil
}
restructure jail.local default config functions, make banactions configurable
2025-12-04 19:42:43 +01:00
Reimplement Logpath Tester with fail2ban variable resolution and real-path joining
2025-12-05 23:21:08 +01:00
func (ac *AgentConnector) TestLogpathWithResolution(ctx context.Context, logpath string) (originalPath, resolvedPath string, files []string, err error) {
originalPath = strings.TrimSpace(logpath)
if originalPath == "" {
return originalPath, "", []string{}, nil
}
payload := map[string]string{"logpath": originalPath}
var resp struct {
OriginalLogpath string `json:"original_logpath"`
ResolvedLogpath string `json:"resolved_logpath"`
Files []string `json:"files"`
Error string `json:"error,omitempty"`
}
// Try new endpoint first, fallback to old endpoint
if err := ac.post(ctx, "/v1/jails/test-logpath-with-resolution", payload, &resp); err != nil {
Restructure an adding basic sections 2/2
2026-02-19 19:24:18 +01:00
// Fallback; use old endpoint if new endpoint fails and assume no resolution
Reimplement Logpath Tester with fail2ban variable resolution and real-path joining
2025-12-05 23:21:08 +01:00
files, err2 := ac.TestLogpath(ctx, originalPath)
if err2 != nil {
return originalPath, "", nil, fmt.Errorf("failed to test logpath: %w", err2)
}
return originalPath, originalPath, files, nil
}
if resp.Error != "" {
return originalPath, "", nil, fmt.Errorf("agent error: %s", resp.Error)
}
if resp.ResolvedLogpath == "" {
resp.ResolvedLogpath = resp.OriginalLogpath
}
if resp.OriginalLogpath == "" {
resp.OriginalLogpath = originalPath
}
return resp.OriginalLogpath, resp.ResolvedLogpath, resp.Files, nil
}
Restructure an adding basic sections 2/2
2026-02-19 19:24:18 +01:00
// =========================================================================
// Settings and Structure
// =========================================================================
restructure jail.local default config functions, make banactions configurable
2025-12-04 19:42:43 +01:00
func (ac *AgentConnector) UpdateDefaultSettings(ctx context.Context, settings config.AppSettings) error {
Simplify the connector and jail.local cunstruction with a unified function for all connectors
2026-02-10 15:50:32 +01:00
return ac.EnsureJailLocalStructure(ctx)
restructure jail.local default config functions, make banactions configurable
2025-12-04 19:42:43 +01:00
}
Check jail.local state and warn user if it is not fail2ban-UI managed, disable automatic jail.local migration because it is only testing
2026-02-09 19:56:43 +01:00
func (ac *AgentConnector) CheckJailLocalIntegrity(ctx context.Context) (bool, bool, error) {
var result struct {
Exists bool `json:"exists"`
HasUIAction bool `json:"hasUIAction"`
}
if err := ac.get(ctx, "/v1/jails/check-integrity", &result); err != nil {
// If the agent does not implement this endpoint, assume OK
if strings.Contains(err.Error(), "404") || strings.Contains(err.Error(), "not found") {
return false, false, nil
}
return false, false, fmt.Errorf("failed to check jail.local integrity on %s: %w", ac.server.Name, err)
}
return result.Exists, result.HasUIAction, nil
}
restructure jail.local default config functions, make banactions configurable
2025-12-04 19:42:43 +01:00
func (ac *AgentConnector) EnsureJailLocalStructure(ctx context.Context) error {
Restructure an adding basic sections 2/2
2026-02-19 19:24:18 +01:00
// If jail.local exists but is not managed by Fail2ban-UI, it belongs to the user, we do not overwrite it.
Check jail.local state and warn user if it is not fail2ban-UI managed, disable automatic jail.local migration because it is only testing
2026-02-09 19:56:43 +01:00
if exists, hasUI, err := ac.CheckJailLocalIntegrity(ctx); err == nil && exists && !hasUI {
config.DebugLog("jail.local on agent server %s exists but is not managed by Fail2ban-UI -- skipping overwrite", ac.server.Name)
return nil
}
restructure jail.local default config functions, make banactions configurable
2025-12-04 19:42:43 +01:00
return ac.post(ctx, "/v1/jails/ensure-structure", nil, nil)
}
Fix loading wrong filter problem, implement creation and deletion of filters and jails, fix some css mismatches, update the handlers and routes
2025-12-30 01:10:49 +01:00
Restructure an adding basic sections 2/2
2026-02-19 19:24:18 +01:00
// =========================================================================
// Filter and Jail Management
// =========================================================================
Fix loading wrong filter problem, implement creation and deletion of filters and jails, fix some css mismatches, update the handlers and routes
2025-12-30 01:10:49 +01:00
func (ac *AgentConnector) CreateJail(ctx context.Context, jailName, content string) error {
payload := map[string]interface{}{
"name": jailName,
"content": content,
}
return ac.post(ctx, "/v1/jails", payload, nil)
}
func (ac *AgentConnector) DeleteJail(ctx context.Context, jailName string) error {
return ac.delete(ctx, fmt.Sprintf("/v1/jails/%s", jailName), nil)
}
func (ac *AgentConnector) CreateFilter(ctx context.Context, filterName, content string) error {
payload := map[string]interface{}{
"name": filterName,
"content": content,
}
return ac.post(ctx, "/v1/filters", payload, nil)
}
func (ac *AgentConnector) DeleteFilter(ctx context.Context, filterName string) error {
return ac.delete(ctx, fmt.Sprintf("/v1/filters/%s", filterName), nil)
}
Reference in New Issue Copy Permalink