From d534fc79d756d6c847dc7bd6e2427f5b6f594e10 Mon Sep 17 00:00:00 2001 From: d3m0k1d Date: Mon, 23 Feb 2026 00:26:52 +0300 Subject: [PATCH] feat: logic rules switch from one file to rules.d and refactoring init cli func --- cmd/banforge/command/init.go | 42 -------------- internal/config/appconf.go | 1 - internal/config/sysconf.go | 108 +++++++++++++++-------------------- 3 files changed, 46 insertions(+), 105 deletions(-) diff --git a/cmd/banforge/command/init.go b/cmd/banforge/command/init.go index 584b4b5..032ce9c 100644 --- a/cmd/banforge/command/init.go +++ b/cmd/banforge/command/init.go @@ -16,53 +16,11 @@ var InitCmd = &cobra.Command{ Run: func(cmd *cobra.Command, args []string) { fmt.Println("Initializing BanForge...") - if _, err := os.Stat("/var/log/banforge"); err == nil { - fmt.Println("/var/log/banforge already exists, skipping...") - } else if os.IsNotExist(err) { - err := os.Mkdir("/var/log/banforge", 0750) - if err != nil { - fmt.Println(err) - os.Exit(1) - } - fmt.Println("Created /var/log/banforge") - } else { - fmt.Println(err) - os.Exit(1) - } - if _, err := os.Stat("/var/lib/banforge"); err == nil { - fmt.Println("/var/lib/banforge already exists, skipping...") - } else if os.IsNotExist(err) { - err := os.Mkdir("/var/lib/banforge", 0750) - if err != nil { - fmt.Println(err) - os.Exit(1) - } - fmt.Println("Created /var/lib/banforge") - } else { - fmt.Println(err) - os.Exit(1) - } - - if _, err := os.Stat("/etc/banforge"); err == nil { - fmt.Println("/etc/banforge already exists, skipping...") - } else if os.IsNotExist(err) { - err := os.Mkdir("/etc/banforge", 0750) - if err != nil { - fmt.Println(err) - os.Exit(1) - } - fmt.Println("Created /etc/banforge") - } else { - fmt.Println(err) - os.Exit(1) - } - err := config.CreateConf() if err != nil { fmt.Println(err) os.Exit(1) } - fmt.Println("Config created") err = config.FindFirewall() if err != nil { diff --git a/internal/config/appconf.go b/internal/config/appconf.go index 56914eb..bd6094b 100644 --- a/internal/config/appconf.go +++ b/internal/config/appconf.go @@ -32,7 +32,6 @@ func LoadMetricsConfig() (*Metrics, error) { func LoadRuleConfig() ([]Rule, error) { log := logger.New(false) var cfg Rules - _, err := toml.DecodeFile("/etc/banforge/rules.toml", &cfg) if err != nil { log.Error(fmt.Sprintf("failed to decode config: %v", err)) diff --git a/internal/config/sysconf.go b/internal/config/sysconf.go index 04de3f9..603adc7 100644 --- a/internal/config/sysconf.go +++ b/internal/config/sysconf.go @@ -16,6 +16,24 @@ const ( ConfigFile = "config.toml" ) +func createFileWithPermissions(path string, perm os.FileMode) error { + // #nosec G304 - path is controlled by config package not user + file, err := os.Create(path) + if err != nil { + return err + } + + if err := os.Chmod(path, perm); err != nil { + _ = file.Close() + return err + } + + if err := file.Close(); err != nil { + return err + } + return nil +} + func CreateConf() error { if os.Geteuid() != 0 { return fmt.Errorf("you must be root to run this command, use sudo/doas") @@ -28,80 +46,49 @@ func CreateConf() error { return nil } - file, err := os.Create("/etc/banforge/config.toml") - if err != nil { - return fmt.Errorf("failed to create config file: %w", err) + if err := os.MkdirAll(ConfigDir, 0750); err != nil { + return fmt.Errorf("failed to create config directory: %w", err) } - defer func() { - err = file.Close() - if err != nil { - fmt.Println(err) - } - }() - if err := os.Chmod(configPath, 0600); err != nil { - return fmt.Errorf("failed to set permissions: %w", err) - } - err = os.WriteFile(configPath, []byte(Base_config), 0600) - if err != nil { + + if err := os.WriteFile(configPath, []byte(Base_config), 0600); err != nil { return fmt.Errorf("failed to write config file: %w", err) } - fmt.Printf(" Config file created: %s\n", configPath) - file, err = os.Create("/etc/banforge/rules.toml") - if err != nil { - return fmt.Errorf("failed to create rules file: %w", err) + fmt.Printf("Config file created: %s\n", configPath) + + rulesDir := filepath.Join(ConfigDir, "rules.d") + if err := os.MkdirAll(rulesDir, 0750); err != nil { + return fmt.Errorf("failed to create rules directory: %w", err) + } + fmt.Printf("Rules directory created: %s\n", rulesDir) + + bansDBDir := filepath.Dir("/var/lib/banforge/bans.db") + if err := os.MkdirAll(bansDBDir, 0750); err != nil { + return fmt.Errorf("failed to create bans database directory: %w", err) + } + + reqDBDir := filepath.Dir("/var/lib/banforge/requests.db") + if err := os.MkdirAll(reqDBDir, 0750); err != nil { + return fmt.Errorf("failed to create requests database directory: %w", err) } - defer func() { - err = file.Close() - if err != nil { - fmt.Println(err) - } - }() bansDBPath := "/var/lib/banforge/bans.db" - reqDBPath := "/var/lib/banforge/requests.db" - - file, err = os.Create(bansDBPath) - if err != nil { + if err := createFileWithPermissions(bansDBPath, 0600); err != nil { return fmt.Errorf("failed to create bans database file: %w", err) } - err = os.Chmod(bansDBPath, 0600) - if err != nil { - err = file.Close() - if err != nil { - fmt.Println(err) - } - return fmt.Errorf("failed to set permissions: %w", err) - } - err = file.Close() - if err != nil { - return fmt.Errorf("failed to close file: %w", err) - } + fmt.Printf("Bans database file created: %s\n", bansDBPath) - file, err = os.Create(reqDBPath) - if err != nil { + reqDBPath := "/var/lib/banforge/requests.db" + if err := createFileWithPermissions(reqDBPath, 0600); err != nil { return fmt.Errorf("failed to create requests database file: %w", err) } - err = os.Chmod(reqDBPath, 0600) - if err != nil { - err = file.Close() - if err != nil { - fmt.Println(err) - } - return fmt.Errorf("failed to set permissions: %w", err) - } - err = file.Close() - if err != nil { - return fmt.Errorf("failed to close file: %w", err) - } + fmt.Printf("Requests database file created: %s\n", reqDBPath) - fmt.Printf(" Rules file created: %s\n", configPath) return nil } func FindFirewall() error { - if os.Getegid() != 0 { - fmt.Printf("Firewall settings needs sudo privileges\n") - os.Exit(1) + if os.Geteuid() != 0 { + return fmt.Errorf("firewall settings needs sudo privileges") } firewalls := []string{"nft", "firewall-cmd", "iptables", "ufw"} @@ -134,10 +121,7 @@ func FindFirewall() error { encoder := toml.NewEncoder(file) if err := encoder.Encode(cfg); err != nil { - err = file.Close() - if err != nil { - return fmt.Errorf("failed to close file: %w", err) - } + _ = file.Close() return fmt.Errorf("failed to encode config: %w", err) }