chore: initial project scaffold with admin web, backend, desktop client, and deployment setup
Add monorepo structure for NexaVPN WireGuard control plane including: - .gitignore for node_modules, build artifacts, and environment files - README with project overview, monorepo layout, and quick start guide - Admin web UI with React, Vite, TypeScript, and nginx reverse proxy - API client with type definitions for users, devices, policies, gateways, and audit logs - Admin pages for dashboard, users, devices, policies, g
This commit is contained in:
143
backend/internal/policy/repository.go
Normal file
143
backend/internal/policy/repository.go
Normal file
@@ -0,0 +1,143 @@
|
||||
package policy
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/google/uuid"
|
||||
"github.com/jackc/pgx/v5/pgxpool"
|
||||
)
|
||||
|
||||
type Repository interface {
|
||||
List(ctx context.Context) ([]Policy, error)
|
||||
Create(ctx context.Context, input CreateRequest, createdBy uuid.UUID) (Policy, error)
|
||||
ResolveDestinations(ctx context.Context, userID uuid.UUID, deviceID *uuid.UUID) ([]string, error)
|
||||
}
|
||||
|
||||
type PGRepository struct {
|
||||
db *pgxpool.Pool
|
||||
}
|
||||
|
||||
func NewPGRepository(db *pgxpool.Pool) *PGRepository {
|
||||
return &PGRepository{db: db}
|
||||
}
|
||||
|
||||
func (r *PGRepository) List(ctx context.Context) ([]Policy, error) {
|
||||
rows, err := r.db.Query(ctx, `
|
||||
select
|
||||
p.id,
|
||||
p.name,
|
||||
p.description,
|
||||
p.priority,
|
||||
p.effect,
|
||||
p.full_tunnel,
|
||||
p.is_active,
|
||||
coalesce(array_agg(pd.destination::text) filter (where pd.destination is not null), '{}')
|
||||
from policies p
|
||||
left join policy_destinations pd on pd.policy_id = p.id
|
||||
where p.deleted_at is null
|
||||
group by p.id, p.name, p.description, p.priority, p.effect, p.full_tunnel, p.is_active, p.created_at
|
||||
order by p.priority asc, p.created_at desc
|
||||
`)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer rows.Close()
|
||||
|
||||
var items []Policy
|
||||
for rows.Next() {
|
||||
var item Policy
|
||||
if err := rows.Scan(&item.ID, &item.Name, &item.Description, &item.Priority, &item.Effect, &item.FullTunnel, &item.IsActive, &item.Destinations); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
items = append(items, item)
|
||||
}
|
||||
return items, rows.Err()
|
||||
}
|
||||
|
||||
func (r *PGRepository) Create(ctx context.Context, input CreateRequest, createdBy uuid.UUID) (Policy, error) {
|
||||
tx, err := r.db.Begin(ctx)
|
||||
if err != nil {
|
||||
return Policy{}, err
|
||||
}
|
||||
defer tx.Rollback(ctx)
|
||||
|
||||
policyID := uuid.New()
|
||||
_, err = tx.Exec(ctx, `
|
||||
insert into policies (id, name, description, priority, effect, full_tunnel, created_by)
|
||||
values ($1, $2, $3, $4, $5, $6, $7)
|
||||
`, policyID, input.Name, input.Description, input.Priority, input.Effect, input.FullTunnel, createdBy)
|
||||
if err != nil {
|
||||
return Policy{}, err
|
||||
}
|
||||
|
||||
for _, destination := range input.Destinations {
|
||||
if _, err := tx.Exec(ctx, `
|
||||
insert into policy_destinations (id, policy_id, destination)
|
||||
values ($1, $2, $3::cidr)
|
||||
`, uuid.New(), policyID, destination); err != nil {
|
||||
return Policy{}, err
|
||||
}
|
||||
}
|
||||
|
||||
for _, target := range input.Targets {
|
||||
if _, err := tx.Exec(ctx, `
|
||||
insert into policy_targets (id, policy_id, target_type, target_id)
|
||||
values ($1, $2, $3, $4)
|
||||
`, uuid.New(), policyID, target.Type, target.ID); err != nil {
|
||||
return Policy{}, err
|
||||
}
|
||||
}
|
||||
|
||||
if err := tx.Commit(ctx); err != nil {
|
||||
return Policy{}, err
|
||||
}
|
||||
|
||||
inputPolicy := Policy{
|
||||
ID: policyID,
|
||||
Name: input.Name,
|
||||
Description: input.Description,
|
||||
Priority: input.Priority,
|
||||
Effect: input.Effect,
|
||||
FullTunnel: input.FullTunnel,
|
||||
IsActive: true,
|
||||
Destinations: input.Destinations,
|
||||
Targets: input.Targets,
|
||||
}
|
||||
return inputPolicy, nil
|
||||
}
|
||||
|
||||
func (r *PGRepository) ResolveDestinations(ctx context.Context, userID uuid.UUID, deviceID *uuid.UUID) ([]string, error) {
|
||||
query := `
|
||||
select distinct pd.destination::text
|
||||
from policies p
|
||||
join policy_destinations pd on pd.policy_id = p.id
|
||||
join policy_targets pt on pt.policy_id = p.id
|
||||
where p.deleted_at is null
|
||||
and p.is_active = true
|
||||
and p.effect = 'allow'
|
||||
and (
|
||||
(pt.target_type = 'user' and pt.target_id = $1)
|
||||
`
|
||||
args := []any{userID}
|
||||
if deviceID != nil {
|
||||
query += ` or (pt.target_type = 'device' and pt.target_id = $2)`
|
||||
args = append(args, *deviceID)
|
||||
}
|
||||
query += `)`
|
||||
|
||||
rows, err := r.db.Query(ctx, query, args...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer rows.Close()
|
||||
|
||||
var destinations []string
|
||||
for rows.Next() {
|
||||
var value string
|
||||
if err := rows.Scan(&value); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
destinations = append(destinations, value)
|
||||
}
|
||||
return destinations, rows.Err()
|
||||
}
|
||||
Reference in New Issue
Block a user