nessi
3e2169f217
Add ServiceDNSRecord type and gateway API endpoint to expose active service domain-to-IP mappings. Implement ListServiceDNSRecords repository method querying services table with proxy_ip resolution using effectiveAccessProxyIP helper. Add vpn-dns microservice built on CoreDNS with periodic sync from backend API. Generate Corefile with configurable upstream DNS servers and hosts plugin for service overrides.
92 lines
3.2 KiB
Go
92 lines
3.2 KiB
Go
package httpserver
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/go-chi/chi/v5"
|
|
|
|
"nexavpn/backend/internal/apiutil"
|
|
"nexavpn/backend/internal/auth"
|
|
"nexavpn/backend/internal/audit"
|
|
"nexavpn/backend/internal/device"
|
|
"nexavpn/backend/internal/gateway"
|
|
"nexavpn/backend/internal/group"
|
|
"nexavpn/backend/internal/policy"
|
|
"nexavpn/backend/internal/servicecatalog"
|
|
"nexavpn/backend/internal/user"
|
|
)
|
|
|
|
type Handlers struct {
|
|
Auth *auth.Handler
|
|
User *user.Handler
|
|
Device *device.Handler
|
|
Service *servicecatalog.Handler
|
|
Policy *policy.Handler
|
|
Gateway *gateway.Handler
|
|
Group *group.Handler
|
|
Audit *audit.Handler
|
|
}
|
|
|
|
func NewRouter(jwtSecret string, handlers Handlers) http.Handler {
|
|
r := chi.NewRouter()
|
|
r.Use(BaseMiddleware)
|
|
|
|
r.Get("/healthz", func(w http.ResponseWriter, _ *http.Request) {
|
|
apiutil.JSON(w, http.StatusOK, map[string]string{"status": "ok"})
|
|
})
|
|
|
|
r.Route("/api/v1", func(r chi.Router) {
|
|
r.Get("/auth/bootstrap/status", handlers.Auth.BootstrapStatus)
|
|
r.Post("/auth/bootstrap", handlers.Auth.Bootstrap)
|
|
r.Post("/auth/login", handlers.Auth.Login)
|
|
r.Post("/auth/refresh", handlers.Auth.Refresh)
|
|
r.Post("/auth/logout", handlers.Auth.Logout)
|
|
r.Post("/gateway-agent/bootstrap", handlers.Gateway.Bootstrap)
|
|
r.Get("/gateway-agent/dns/services", handlers.Gateway.AgentServiceDNS)
|
|
r.Get("/gateway-agent/{id}/sync", handlers.Gateway.AgentSyncBundle)
|
|
r.Post("/gateway-agent/{id}/telemetry", handlers.Gateway.Telemetry)
|
|
|
|
r.Group(func(r chi.Router) {
|
|
r.Use(AuthMiddleware(jwtSecret))
|
|
r.Get("/auth/me", handlers.Auth.Me)
|
|
r.Post("/devices/enroll", handlers.Device.Enroll)
|
|
r.Get("/me/devices", handlers.Device.ListOwn)
|
|
r.Get("/me/profile", handlers.Device.GetOwnProfile)
|
|
r.Put("/me/profile-selection", handlers.Device.SelectOwnProfile)
|
|
r.Get("/connection/status", handlers.Device.ConnectionStatus)
|
|
|
|
r.Route("/admin", func(r chi.Router) {
|
|
r.Use(AdminOnly)
|
|
r.Get("/users", handlers.User.List)
|
|
r.Post("/users", handlers.User.Create)
|
|
r.Patch("/users/{id}", handlers.User.Update)
|
|
r.Delete("/users/{id}", handlers.User.Delete)
|
|
r.Post("/users/{id}/disable", handlers.User.Disable)
|
|
r.Post("/users/{id}/enable", handlers.User.Enable)
|
|
r.Get("/devices", handlers.Device.ListAll)
|
|
r.Get("/devices/{id}/profile", handlers.Device.GetProfileByDeviceID)
|
|
r.Post("/devices/{id}/revoke", handlers.Device.Revoke)
|
|
r.Post("/devices/{id}/rotate", handlers.Device.Rotate)
|
|
r.Get("/groups", handlers.Group.List)
|
|
r.Post("/groups", handlers.Group.Create)
|
|
r.Patch("/groups/{id}", handlers.Group.Update)
|
|
r.Delete("/groups/{id}", handlers.Group.Delete)
|
|
r.Get("/services", handlers.Service.List)
|
|
r.Post("/services", handlers.Service.Create)
|
|
r.Patch("/services/{id}", handlers.Service.Update)
|
|
r.Delete("/services/{id}", handlers.Service.Delete)
|
|
r.Get("/policies", handlers.Policy.List)
|
|
r.Post("/policies", handlers.Policy.Create)
|
|
r.Patch("/policies/{id}", handlers.Policy.Update)
|
|
r.Delete("/policies/{id}", handlers.Policy.Delete)
|
|
r.Get("/gateways", handlers.Gateway.List)
|
|
r.Get("/gateways/{id}/sync", handlers.Gateway.SyncBundle)
|
|
r.Patch("/gateways/{id}", handlers.Gateway.Update)
|
|
r.Get("/audit-logs", handlers.Audit.List)
|
|
})
|
|
})
|
|
})
|
|
|
|
return r
|
|
}
|