fix Fail2ban Callback URL update also on ssh/agent servers

2026-04-17 05:53:15 +02:00 · 2025-11-14 11:20:18 +01:00
parent 6fa3f206aa
commit 4b41078542
2 changed files with 59 additions and 0 deletions
--- a/internal/fail2ban/manager.go
+++ b/internal/fail2ban/manager.go
@@ -108,6 +108,41 @@ func (m *Manager) Connectors() []Connector {
 	return result
 }
 // UpdateActionFiles updates action files for all active remote connectors (SSH and Agent).
 func (m *Manager) UpdateActionFiles(ctx context.Context) error {
 	m.mu.RLock()
 	connectors := make([]Connector, 0, len(m.connectors))
 	for _, conn := range m.connectors {
 		server := conn.Server()
 		// Only update remote servers (SSH and Agent), not local
 		if server.Type == "ssh" || server.Type == "agent" {
 			connectors = append(connectors, conn)
 		}
 	}
 	m.mu.RUnlock()
 	var lastErr error
 	for _, conn := range connectors {
 		if err := updateConnectorAction(ctx, conn); err != nil {
 			fmt.Printf("warning: failed to update action file for server %s: %v\n", conn.Server().Name, err)
 			lastErr = err
 		}
 	}
 	return lastErr
 }
 // updateConnectorAction updates the action file for a specific connector.
 func updateConnectorAction(ctx context.Context, conn Connector) error {
 	switch c := conn.(type) {
 	case *SSHConnector:
 		return c.ensureAction(ctx)
 	case *AgentConnector:
 		return c.ensureAction(ctx)
 	default:
 		return nil // Local connectors are handled separately
 	}
 }
 func newConnectorForServer(server config.Fail2banServer) (Connector, error) {
 	switch server.Type {
 	case "local":
--- a/pkg/web/handlers.go
+++ b/pkg/web/handlers.go
@@ -282,6 +282,18 @@ func UpsertServerHandler(c *gin.Context) {
 		return
 	}
 	// Update action file for this server if it's a remote server (SSH or Agent) and enabled
 	if server.Enabled && (server.Type == "ssh" || server.Type == "agent") {
 		// ReloadFromSettings already created the connector, so we can update its action file
 		// We need to trigger an action file update for this specific server
 		// Since UpdateActionFiles updates all, we can call it, or we can add a single-server method
 		// For now, we'll update all remote servers (it's idempotent and ensures consistency)
 		if err := fail2ban.GetManager().UpdateActionFiles(c.Request.Context()); err != nil {
 			config.DebugLog("Warning: failed to update some remote action files: %v", err)
 			// Don't fail the request, just log the warning
 		}
 	}
 	c.JSON(http.StatusOK, gin.H{"server": server})
 }
@@ -634,6 +646,7 @@ func UpdateSettingsHandler(c *gin.Context) {
 	}
 	config.DebugLog("JSON binding successful, updating settings (handlers.go)")
 	oldSettings := config.GetSettings()
 	newSettings, err := config.UpdateSettings(req)
 	if err != nil {
 		fmt.Println("Error updating settings:", err)
@@ -642,11 +655,22 @@ func UpdateSettingsHandler(c *gin.Context) {
 	}
 	config.DebugLog("Settings updated successfully (handlers.go)")
 	// Check if callback URL changed - if so, update action files for all active remote servers
 	callbackURLChanged := oldSettings.CallbackURL != newSettings.CallbackURL
 	if err := fail2ban.GetManager().ReloadFromSettings(config.GetSettings()); err != nil {
 		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to reload fail2ban connectors: " + err.Error()})
 		return
 	}
 	// Update action files for remote servers if callback URL changed
 	if callbackURLChanged {
 		if err := fail2ban.GetManager().UpdateActionFiles(c.Request.Context()); err != nil {
 			config.DebugLog("Warning: failed to update some remote action files: %v", err)
 			// Don't fail the request, just log the warning
 		}
 	}
 	c.JSON(http.StatusOK, gin.H{
 		"message":       "Settings updated",
 		"restartNeeded": newSettings.RestartNeeded,