akanealw
eec8c28fb3
Some checks failed
Go Benchmark / Performance Regression Check (push) Has been cancelled
Cerberus Integration / Cerberus Security Stack Integration (push) Has been cancelled
Upload Coverage to Codecov / Backend Codecov Upload (push) Has been cancelled
Upload Coverage to Codecov / Frontend Codecov Upload (push) Has been cancelled
CodeQL - Analyze / CodeQL analysis (go) (push) Has been cancelled
CodeQL - Analyze / CodeQL analysis (javascript-typescript) (push) Has been cancelled
CrowdSec Integration / CrowdSec Bouncer Integration (push) Has been cancelled
Docker Build, Publish & Test / build-and-push (push) Has been cancelled
Quality Checks / Auth Route Protection Contract (push) Has been cancelled
Quality Checks / Codecov Trigger/Comment Parity Guard (push) Has been cancelled
Quality Checks / Backend (Go) (push) Has been cancelled
Quality Checks / Frontend (React) (push) Has been cancelled
Rate Limit integration / Rate Limiting Integration (push) Has been cancelled
Security Scan (PR) / Trivy Binary Scan (push) Has been cancelled
Supply Chain Verification (PR) / Verify Supply Chain (push) Has been cancelled
WAF integration / Coraza WAF Integration (push) Has been cancelled
Docker Build, Publish & Test / Security Scan PR Image (push) Has been cancelled
Repo Health Check / Repo health (push) Has been cancelled
History Rewrite Dry-Run / Dry-run preview for history rewrite (push) Has been cancelled
Prune Renovate Branches / prune (push) Has been cancelled
Renovate / renovate (push) Has been cancelled
Nightly Build & Package / sync-development-to-nightly (push) Has been cancelled
Nightly Build & Package / Trigger Nightly Validation Workflows (push) Has been cancelled
Nightly Build & Package / build-and-push-nightly (push) Has been cancelled
Nightly Build & Package / test-nightly-image (push) Has been cancelled
Nightly Build & Package / verify-nightly-supply-chain (push) Has been cancelled
32 lines
1.8 KiB
Go
Executable File
32 lines
1.8 KiB
Go
Executable File
package models
|
|
|
|
import (
|
|
"time"
|
|
)
|
|
|
|
// SecurityConfig represents global Cerberus/CrowdSec/WAF/RateLimit settings
|
|
// used by the server and propagated into the generated Caddy config.
|
|
type SecurityConfig struct {
|
|
ID uint `json:"-" gorm:"primaryKey"`
|
|
UUID string `json:"uuid" gorm:"uniqueIndex"`
|
|
Name string `json:"name" gorm:"index"`
|
|
Enabled bool `json:"enabled" gorm:"index"`
|
|
AdminWhitelist string `json:"admin_whitelist" gorm:"type:text"` // JSON array or comma-separated CIDRs
|
|
BreakGlassHash string `json:"-" gorm:"column:break_glass_hash"`
|
|
CrowdSecMode string `json:"crowdsec_mode"` // "disabled" or "local"
|
|
CrowdSecAPIURL string `json:"crowdsec_api_url" gorm:"type:text"`
|
|
WAFMode string `json:"waf_mode"` // "disabled", "monitor", "block"
|
|
WAFRulesSource string `json:"waf_rules_source" gorm:"type:text"` // URL or name of ruleset
|
|
WAFLearning bool `json:"waf_learning"`
|
|
WAFParanoiaLevel int `json:"waf_paranoia_level" gorm:"default:1"` // 1-4, OWASP CRS paranoia level
|
|
WAFExclusions string `json:"waf_exclusions" gorm:"type:text"` // JSON array of rule exclusions
|
|
RateLimitMode string `json:"rate_limit_mode"` // "disabled", "enabled"
|
|
RateLimitEnable bool `json:"rate_limit_enable"`
|
|
RateLimitBurst int `json:"rate_limit_burst"`
|
|
RateLimitRequests int `json:"rate_limit_requests"`
|
|
RateLimitWindowSec int `json:"rate_limit_window_sec"`
|
|
RateLimitBypassList string `json:"rate_limit_bypass_list" gorm:"type:text"` // Comma-separated CIDRs
|
|
CreatedAt time.Time `json:"created_at"`
|
|
UpdatedAt time.Time `json:"updated_at"`
|
|
}
|