feat: logic rules switch from one file to rules.d and refactoring init cli func

cmd/banforge/command/init.go

@@ -16,53 +16,11 @@ var InitCmd = &cobra.Command{
 	Run: func(cmd *cobra.Command, args []string) {
 		fmt.Println("Initializing BanForge...")
 
-		if _, err := os.Stat("/var/log/banforge"); err == nil {
-			fmt.Println("/var/log/banforge already exists, skipping...")
-		} else if os.IsNotExist(err) {
-			err := os.Mkdir("/var/log/banforge", 0750)
-			if err != nil {
-				fmt.Println(err)
-				os.Exit(1)
-			}
-			fmt.Println("Created /var/log/banforge")
-		} else {
-			fmt.Println(err)
-			os.Exit(1)
-		}
-		if _, err := os.Stat("/var/lib/banforge"); err == nil {
-			fmt.Println("/var/lib/banforge already exists, skipping...")
-		} else if os.IsNotExist(err) {
-			err := os.Mkdir("/var/lib/banforge", 0750)
-			if err != nil {
-				fmt.Println(err)
-				os.Exit(1)
-			}
-			fmt.Println("Created /var/lib/banforge")
-		} else {
-			fmt.Println(err)
-			os.Exit(1)
-		}
-
-		if _, err := os.Stat("/etc/banforge"); err == nil {
-			fmt.Println("/etc/banforge already exists, skipping...")
-		} else if os.IsNotExist(err) {
-			err := os.Mkdir("/etc/banforge", 0750)
-			if err != nil {
-				fmt.Println(err)
-				os.Exit(1)
-			}
-			fmt.Println("Created /etc/banforge")
-		} else {
-			fmt.Println(err)
-			os.Exit(1)
-		}
-
 		err := config.CreateConf()
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)
 		}
-		fmt.Println("Config created")
 
 		err = config.FindFirewall()
 		if err != nil {

internal/config/appconf.go

@@ -32,7 +32,6 @@ func LoadMetricsConfig() (*Metrics, error) {
 func LoadRuleConfig() ([]Rule, error) {
 	log := logger.New(false)
 	var cfg Rules
-
 	_, err := toml.DecodeFile("/etc/banforge/rules.toml", &cfg)
 	if err != nil {
 		log.Error(fmt.Sprintf("failed to decode config: %v", err))

internal/config/sysconf.go

@@ -16,6 +16,24 @@ const (
 	ConfigFile = "config.toml"
 )
 
+func createFileWithPermissions(path string, perm os.FileMode) error {
+	// #nosec G304 - path is controlled by config package not user
+	file, err := os.Create(path)
+	if err != nil {
+		return err
+	}
+
+	if err := os.Chmod(path, perm); err != nil {
+		_ = file.Close()
+		return err
+	}
+
+	if err := file.Close(); err != nil {
+		return err
+	}
+	return nil
+}
+
 func CreateConf() error {
 	if os.Geteuid() != 0 {
 		return fmt.Errorf("you must be root to run this command, use sudo/doas")
@@ -28,80 +46,49 @@ func CreateConf() error {
 		return nil
 	}
 
-	file, err := os.Create("/etc/banforge/config.toml")
+	if err := os.MkdirAll(ConfigDir, 0750); err != nil {
-	if err != nil {
+		return fmt.Errorf("failed to create config directory: %w", err)
-		return fmt.Errorf("failed to create config file: %w", err)
 	}
-	defer func() {
+
-		err = file.Close()
+	if err := os.WriteFile(configPath, []byte(Base_config), 0600); err != nil {
-		if err != nil {
-			fmt.Println(err)
-		}
-	}()
-	if err := os.Chmod(configPath, 0600); err != nil {
-		return fmt.Errorf("failed to set permissions: %w", err)
-	}
-	err = os.WriteFile(configPath, []byte(Base_config), 0600)
-	if err != nil {
 		return fmt.Errorf("failed to write config file: %w", err)
 	}
-	fmt.Printf(" Config file created: %s\n", configPath)
+	fmt.Printf("Config file created: %s\n", configPath)
-	file, err = os.Create("/etc/banforge/rules.toml")
+
-	if err != nil {
+	rulesDir := filepath.Join(ConfigDir, "rules.d")
-		return fmt.Errorf("failed to create rules file: %w", err)
+	if err := os.MkdirAll(rulesDir, 0750); err != nil {
+		return fmt.Errorf("failed to create rules directory: %w", err)
+	}
+	fmt.Printf("Rules directory created: %s\n", rulesDir)
+
+	bansDBDir := filepath.Dir("/var/lib/banforge/bans.db")
+	if err := os.MkdirAll(bansDBDir, 0750); err != nil {
+		return fmt.Errorf("failed to create bans database directory: %w", err)
+	}
+
+	reqDBDir := filepath.Dir("/var/lib/banforge/requests.db")
+	if err := os.MkdirAll(reqDBDir, 0750); err != nil {
+		return fmt.Errorf("failed to create requests database directory: %w", err)
 	}
-	defer func() {
-		err = file.Close()
-		if err != nil {
-			fmt.Println(err)
-		}
-	}()
 
 	bansDBPath := "/var/lib/banforge/bans.db"
-	reqDBPath := "/var/lib/banforge/requests.db"
+	if err := createFileWithPermissions(bansDBPath, 0600); err != nil {
-
-	file, err = os.Create(bansDBPath)
-	if err != nil {
 		return fmt.Errorf("failed to create bans database file: %w", err)
 	}
-	err = os.Chmod(bansDBPath, 0600)
+	fmt.Printf("Bans database file created: %s\n", bansDBPath)
-	if err != nil {
-		err = file.Close()
-		if err != nil {
-			fmt.Println(err)
-		}
-		return fmt.Errorf("failed to set permissions: %w", err)
-	}
-	err = file.Close()
-	if err != nil {
-		return fmt.Errorf("failed to close file: %w", err)
-	}
 
-	file, err = os.Create(reqDBPath)
+	reqDBPath := "/var/lib/banforge/requests.db"
-	if err != nil {
+	if err := createFileWithPermissions(reqDBPath, 0600); err != nil {
 		return fmt.Errorf("failed to create requests database file: %w", err)
 	}
-	err = os.Chmod(reqDBPath, 0600)
+	fmt.Printf("Requests database file created: %s\n", reqDBPath)
-	if err != nil {
-		err = file.Close()
-		if err != nil {
-			fmt.Println(err)
-		}
-		return fmt.Errorf("failed to set permissions: %w", err)
-	}
-	err = file.Close()
-	if err != nil {
-		return fmt.Errorf("failed to close file: %w", err)
-	}
 
-	fmt.Printf(" Rules file created: %s\n", configPath)
 	return nil
 }
 
 func FindFirewall() error {
-	if os.Getegid() != 0 {
+	if os.Geteuid() != 0 {
-		fmt.Printf("Firewall settings needs sudo privileges\n")
+		return fmt.Errorf("firewall settings needs sudo privileges")
-		os.Exit(1)
 	}
 
 	firewalls := []string{"nft", "firewall-cmd", "iptables", "ufw"}
@@ -134,10 +121,7 @@ func FindFirewall() error {
 
 			encoder := toml.NewEncoder(file)
 			if err := encoder.Encode(cfg); err != nil {
-				err = file.Close()
+				_ = file.Close()
-				if err != nil {
-					return fmt.Errorf("failed to close file: %w", err)
-				}
 				return fmt.Errorf("failed to encode config: %w", err)
 			}