akanealw
eec8c28fb3
Go Benchmark / Performance Regression Check (push) Has been cancelled
Cerberus Integration / Cerberus Security Stack Integration (push) Has been cancelled
Upload Coverage to Codecov / Backend Codecov Upload (push) Has been cancelled
Upload Coverage to Codecov / Frontend Codecov Upload (push) Has been cancelled
CodeQL - Analyze / CodeQL analysis (go) (push) Has been cancelled
CodeQL - Analyze / CodeQL analysis (javascript-typescript) (push) Has been cancelled
CrowdSec Integration / CrowdSec Bouncer Integration (push) Has been cancelled
Docker Build, Publish & Test / build-and-push (push) Has been cancelled
Quality Checks / Auth Route Protection Contract (push) Has been cancelled
Quality Checks / Codecov Trigger/Comment Parity Guard (push) Has been cancelled
Quality Checks / Backend (Go) (push) Has been cancelled
Quality Checks / Frontend (React) (push) Has been cancelled
Rate Limit integration / Rate Limiting Integration (push) Has been cancelled
Security Scan (PR) / Trivy Binary Scan (push) Has been cancelled
Supply Chain Verification (PR) / Verify Supply Chain (push) Has been cancelled
WAF integration / Coraza WAF Integration (push) Has been cancelled
Docker Build, Publish & Test / Security Scan PR Image (push) Has been cancelled
Repo Health Check / Repo health (push) Has been cancelled
History Rewrite Dry-Run / Dry-run preview for history rewrite (push) Has been cancelled
Prune Renovate Branches / prune (push) Has been cancelled
Renovate / renovate (push) Has been cancelled
Nightly Build & Package / sync-development-to-nightly (push) Has been cancelled
Nightly Build & Package / Trigger Nightly Validation Workflows (push) Has been cancelled
Nightly Build & Package / build-and-push-nightly (push) Has been cancelled
Nightly Build & Package / test-nightly-image (push) Has been cancelled
Nightly Build & Package / verify-nightly-supply-chain (push) Has been cancelled
Update GeoLite2 Checksum / update-checksum (push) Has been cancelled
Container Registry Prune / prune-ghcr (push) Has been cancelled
Container Registry Prune / prune-dockerhub (push) Has been cancelled
Container Registry Prune / summarize (push) Has been cancelled
Supply Chain Verification / Verify SBOM (push) Has been cancelled
Supply Chain Verification / Verify Release Artifacts (push) Has been cancelled
Supply Chain Verification / Verify Docker Image Supply Chain (push) Has been cancelled
Monitor Caddy Major Release / check-caddy-major (push) Has been cancelled
Weekly Nightly to Main Promotion / Verify Nightly Branch Health (push) Has been cancelled
Weekly Nightly to Main Promotion / Create Promotion PR (push) Has been cancelled
Weekly Nightly to Main Promotion / Trigger Missing Required Checks (push) Has been cancelled
Weekly Nightly to Main Promotion / Notify on Failure (push) Has been cancelled
Weekly Nightly to Main Promotion / Workflow Summary (push) Has been cancelled
Weekly Security Rebuild / Security Rebuild & Scan (push) Has been cancelled
51 lines
1.9 KiB
Go
Executable File
51 lines
1.9 KiB
Go
Executable File
package models
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/google/uuid"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
// NotificationConfig stores configuration for security notifications.
|
|
type NotificationConfig struct {
|
|
ID string `gorm:"primaryKey" json:"id"`
|
|
Enabled bool `json:"enabled"`
|
|
MinLogLevel string `json:"min_log_level"` // error, warn, info, debug
|
|
WebhookURL string `json:"webhook_url"`
|
|
// Blocker 2 Fix: API surface uses security_* field names per spec (internal fields remain notify_*)
|
|
NotifyWAFBlocks bool `json:"security_waf_enabled"`
|
|
NotifyACLDenies bool `json:"security_acl_enabled"`
|
|
NotifyRateLimitHits bool `json:"security_rate_limit_enabled"`
|
|
NotifyCrowdSecDecisions bool `json:"security_crowdsec_enabled"`
|
|
|
|
// Legacy destination fields (compatibility, not stored in DB)
|
|
DiscordWebhookURL string `gorm:"-" json:"discord_webhook_url,omitempty"`
|
|
SlackWebhookURL string `gorm:"-" json:"slack_webhook_url,omitempty"`
|
|
GotifyURL string `gorm:"-" json:"gotify_url,omitempty"`
|
|
GotifyToken string `gorm:"-" json:"-"` // Security: Never expose token in JSON (OWASP A02)
|
|
DestinationAmbiguous bool `gorm:"-" json:"destination_ambiguous,omitempty"`
|
|
|
|
CreatedAt time.Time `json:"created_at"`
|
|
UpdatedAt time.Time `json:"updated_at"`
|
|
}
|
|
|
|
// BeforeCreate sets the ID if not already set.
|
|
func (nc *NotificationConfig) BeforeCreate(tx *gorm.DB) error {
|
|
if nc.ID == "" {
|
|
nc.ID = uuid.New().String()
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// SecurityEvent represents a security event for notification dispatch.
|
|
type SecurityEvent struct {
|
|
EventType string `json:"event_type"` // waf_block, acl_deny, etc.
|
|
Severity string `json:"severity"` // error, warn, info
|
|
Message string `json:"message"`
|
|
ClientIP string `json:"client_ip"`
|
|
Path string `json:"path"`
|
|
Timestamp time.Time `json:"timestamp"`
|
|
Metadata map[string]any `json:"metadata"`
|
|
}
|