feat(observability): phase 3 - direct proxy creation with validation

Add standalone proxy management: - Multi-step validation pipeline (DNS, TCP, HTTP) with diagnostic hints - Proxy lifecycle: create/update/delete via NPM API with SSL auto-assign - Periodic health monitoring (5min) with event log on status transitions - Unified /api/proxies/all endpoint merging standalone + managed proxies - Frontend types and API functions for downstream UI phases
2026-03-30 11:19:55 +03:00
parent aefecdffdf
commit 7a85441b81
9 changed files with 1076 additions and 1 deletions
@@ -0,0 +1,192 @@
+package api
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-chi/chi/v5"
+
+	"github.com/alexei/docker-watcher/internal/proxy"
+)
+
+// validateProxy runs the validation pipeline without creating a proxy.
+// POST /api/proxies/validate
+func (s *Server) validateProxy(w http.ResponseWriter, r *http.Request) {
+	var req struct {
+		Host string `json:"host"`
+		Port int    `json:"port"`
+	}
+	if !decodeJSON(w, r, &req) {
+		return
+	}
+
+	if req.Host == "" {
+		respondError(w, http.StatusBadRequest, "host is required")
+		return
+	}
+	if req.Port < 1 || req.Port > 65535 {
+		respondError(w, http.StatusBadRequest, "port must be between 1 and 65535")
+		return
+	}
+
+	ctx, cancel := context.WithTimeout(r.Context(), 30*time.Second)
+	defer cancel()
+
+	result := proxy.ValidateDestination(ctx, req.Host, req.Port)
+	respondJSON(w, http.StatusOK, result)
+}
+
+// createProxy creates a new standalone proxy.
+// POST /api/proxies
+func (s *Server) createProxy(w http.ResponseWriter, r *http.Request) {
+	if s.proxyManager == nil {
+		respondError(w, http.StatusServiceUnavailable, "proxy manager not configured")
+		return
+	}
+
+	var req proxy.CreateProxyRequest
+	if !decodeJSON(w, r, &req) {
+		return
+	}
+
+	if req.Domain == "" {
+		respondError(w, http.StatusBadRequest, "domain is required")
+		return
+	}
+	if req.DestinationURL == "" {
+		respondError(w, http.StatusBadRequest, "destination_url is required")
+		return
+	}
+	if req.DestinationPort < 1 || req.DestinationPort > 65535 {
+		respondError(w, http.StatusBadRequest, "destination_port must be between 1 and 65535")
+		return
+	}
+
+	p, err := s.proxyManager.CreateProxy(r.Context(), req)
+	if err != nil {
+		respondError(w, http.StatusInternalServerError, err.Error())
+		return
+	}
+
+	respondJSON(w, http.StatusCreated, p)
+}
+
+// listProxies returns all standalone proxies.
+// GET /api/proxies
+func (s *Server) listProxies(w http.ResponseWriter, r *http.Request) {
+	if s.proxyManager == nil {
+		respondError(w, http.StatusServiceUnavailable, "proxy manager not configured")
+		return
+	}
+
+	proxies, err := s.proxyManager.ListProxies()
+	if err != nil {
+		respondError(w, http.StatusInternalServerError, err.Error())
+		return
+	}
+
+	respondJSON(w, http.StatusOK, proxies)
+}
+
+// getProxy returns a single standalone proxy.
+// GET /api/proxies/{id}
+func (s *Server) getProxy(w http.ResponseWriter, r *http.Request) {
+	if s.proxyManager == nil {
+		respondError(w, http.StatusServiceUnavailable, "proxy manager not configured")
+		return
+	}
+
+	id := chi.URLParam(r, "id")
+	p, err := s.proxyManager.GetProxy(id)
+	if err != nil {
+		if proxy.IsNotFound(err) {
+			respondNotFound(w, "proxy")
+			return
+		}
+		respondError(w, http.StatusInternalServerError, err.Error())
+		return
+	}
+
+	respondJSON(w, http.StatusOK, p)
+}
+
+// updateProxy updates an existing standalone proxy.
+// PUT /api/proxies/{id}
+func (s *Server) updateProxy(w http.ResponseWriter, r *http.Request) {
+	if s.proxyManager == nil {
+		respondError(w, http.StatusServiceUnavailable, "proxy manager not configured")
+		return
+	}
+
+	id := chi.URLParam(r, "id")
+
+	var req proxy.UpdateProxyRequest
+	if !decodeJSON(w, r, &req) {
+		return
+	}
+
+	if req.Domain == "" {
+		respondError(w, http.StatusBadRequest, "domain is required")
+		return
+	}
+	if req.DestinationURL == "" {
+		respondError(w, http.StatusBadRequest, "destination_url is required")
+		return
+	}
+	if req.DestinationPort < 1 || req.DestinationPort > 65535 {
+		respondError(w, http.StatusBadRequest, "destination_port must be between 1 and 65535")
+		return
+	}
+
+	p, err := s.proxyManager.UpdateProxy(r.Context(), id, req)
+	if err != nil {
+		if proxy.IsNotFound(err) {
+			respondNotFound(w, "proxy")
+			return
+		}
+		respondError(w, http.StatusInternalServerError, err.Error())
+		return
+	}
+
+	respondJSON(w, http.StatusOK, p)
+}
+
+// deleteProxy removes a standalone proxy.
+// DELETE /api/proxies/{id}
+func (s *Server) deleteProxy(w http.ResponseWriter, r *http.Request) {
+	if s.proxyManager == nil {
+		respondError(w, http.StatusServiceUnavailable, "proxy manager not configured")
+		return
+	}
+
+	id := chi.URLParam(r, "id")
+
+	if err := s.proxyManager.DeleteProxy(r.Context(), id); err != nil {
+		if proxy.IsNotFound(err) {
+			respondNotFound(w, "proxy")
+			return
+		}
+		respondError(w, http.StatusInternalServerError, err.Error())
+		return
+	}
+
+	respondJSON(w, http.StatusOK, map[string]string{"deleted": id})
+}
+
+// listAllProxies returns a merged view of standalone and deploy-managed proxies.
+// GET /api/proxies/all
+func (s *Server) listAllProxies(w http.ResponseWriter, r *http.Request) {
+	if s.proxyManager == nil {
+		respondError(w, http.StatusServiceUnavailable, "proxy manager not configured")
+		return
+	}
+
+	views, err := s.proxyManager.ListAllProxies()
+	if err != nil {
+		respondError(w, http.StatusInternalServerError, err.Error())
+		return
+	}
+
+	respondJSON(w, http.StatusOK, views)
+}
@@ -11,6 +11,7 @@ import (
 	"github.com/alexei/docker-watcher/internal/docker"
 	"github.com/alexei/docker-watcher/internal/events"
 	"github.com/alexei/docker-watcher/internal/npm"
+	"github.com/alexei/docker-watcher/internal/proxy"
 	"github.com/alexei/docker-watcher/internal/stale"
 	"github.com/alexei/docker-watcher/internal/store"
 	"github.com/alexei/docker-watcher/internal/webhook"
@@ -28,6 +29,7 @@ type Server struct {
 	localAuth    *auth.LocalAuth
 	oidcProvider *auth.OIDCProvider
 	staleScanner *stale.Scanner
+	proxyManager *proxy.Manager
 }

 // NewServer creates a new API Server with all required dependencies.
@@ -68,6 +70,12 @@ func (s *Server) SetStaleScanner(scanner *stale.Scanner) {
 	s.staleScanner = scanner
 }

+// SetProxyManager sets the proxy manager on the server.
+// Called after both the API server and proxy manager are initialized.
+func (s *Server) SetProxyManager(pm *proxy.Manager) {
+	s.proxyManager = pm
+}
+
 // initOIDCProvider creates an OIDC provider from settings. Errors are logged, not fatal.
 func (s *Server) initOIDCProvider(ctx context.Context, as store.AuthSettings) {
 	// Decrypt the OIDC client secret if it's encrypted.
@@ -146,10 +154,25 @@ func (s *Server) Router() chi.Router {
 			// Stale container endpoints.
 			r.Get("/containers/stale", s.listStaleContainers)

+			// Proxy endpoints (read-only for any authenticated user).
+			r.Get("/proxies", s.listProxies)
+			r.Get("/proxies/all", s.listAllProxies)
+			r.Route("/proxies/{id}", func(r chi.Router) {
+				r.Get("/", s.getProxy)
+			})
+
 			// Admin-only routes: require admin role.
 			r.Group(func(r chi.Router) {
 				r.Use(auth.AdminOnly)

+				// Proxy mutation endpoints.
+				r.Post("/proxies/validate", s.validateProxy)
+				r.Post("/proxies", s.createProxy)
+				r.Route("/proxies/{id}", func(r chi.Router) {
+					r.Put("/", s.updateProxy)
+					r.Delete("/", s.deleteProxy)
+				})
+
 				// Config export (reveals project/infra details).
 				r.Get("/config/export", s.exportConfig)