feat: implement modular security services with CrowdSec and WAF integration

2025-11-26 18:35:14 +00:00
parent 06d0aca8a4
commit c8a452f1a0
14 changed files with 526 additions and 5 deletions
--- a/backend/internal/api/handlers/security_handler_test.go
+++ b/backend/internal/api/handlers/security_handler_test.go
@@ -0,0 +1,105 @@
+package handlers
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/gin-gonic/gin"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/Wikid82/CaddyProxyManagerPlus/backend/internal/config"
+)
+
+func TestSecurityHandler_GetStatus(t *testing.T) {
+	gin.SetMode(gin.TestMode)
+
+	tests := []struct {
+		name           string
+		cfg            config.SecurityConfig
+		expectedStatus int
+		expectedBody   map[string]interface{}
+	}{
+		{
+			name: "All Disabled",
+			cfg: config.SecurityConfig{
+				CrowdSecMode:     "disabled",
+				WAFMode:          "disabled",
+				RateLimitEnabled: false,
+				ACLEnabled:       false,
+			},
+			expectedStatus: http.StatusOK,
+			expectedBody: map[string]interface{}{
+				"crowdsec": map[string]interface{}{
+					"mode":    "disabled",
+					"api_url": "",
+					"enabled": false,
+				},
+				"waf": map[string]interface{}{
+					"mode":    "disabled",
+					"enabled": false,
+				},
+				"rate_limit": map[string]interface{}{
+					"enabled": false,
+				},
+				"acl": map[string]interface{}{
+					"enabled": false,
+				},
+			},
+		},
+		{
+			name: "All Enabled",
+			cfg: config.SecurityConfig{
+				CrowdSecMode:     "local",
+				WAFMode:          "enabled",
+				RateLimitEnabled: true,
+				ACLEnabled:       true,
+			},
+			expectedStatus: http.StatusOK,
+			expectedBody: map[string]interface{}{
+				"crowdsec": map[string]interface{}{
+					"mode":    "local",
+					"api_url": "",
+					"enabled": true,
+				},
+				"waf": map[string]interface{}{
+					"mode":    "enabled",
+					"enabled": true,
+				},
+				"rate_limit": map[string]interface{}{
+					"enabled": true,
+				},
+				"acl": map[string]interface{}{
+					"enabled": true,
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			handler := NewSecurityHandler(tt.cfg)
+			router := gin.New()
+			router.GET("/security/status", handler.GetStatus)
+
+			w := httptest.NewRecorder()
+			req, _ := http.NewRequest("GET", "/security/status", nil)
+			router.ServeHTTP(w, req)
+
+			assert.Equal(t, tt.expectedStatus, w.Code)
+
+			var response map[string]interface{}
+			err := json.Unmarshal(w.Body.Bytes(), &response)
+			assert.NoError(t, err)
+
+			// Helper to convert map[string]interface{} to JSON and back to normalize types
+			// (e.g. int vs float64)
+			expectedJSON, _ := json.Marshal(tt.expectedBody)
+			var expectedNormalized map[string]interface{}
+			json.Unmarshal(expectedJSON, &expectedNormalized)
+
+			assert.Equal(t, expectedNormalized, response)
+		})
+	}
+}