first commit
This commit is contained in:
620
CORS_API_DOCUMENTATION.md
Normal file
620
CORS_API_DOCUMENTATION.md
Normal file
@@ -0,0 +1,620 @@
|
||||
# CORS Whitelist & Blacklist API Dokümantasyonu
|
||||
|
||||
## 📋 Genel Bakış
|
||||
|
||||
AuthCentral'da CORS (Cross-Origin Resource Sharing) yönetimi için Whitelist ve Blacklist sistemleri mevcuttur.
|
||||
|
||||
### Özellikler:
|
||||
- ✅ CRUD operasyonları (Create, Read, Update, Delete)
|
||||
- ✅ Redis cache desteği
|
||||
- ✅ Admin only endpoints
|
||||
- ✅ Active/Inactive durumları
|
||||
- ✅ Audit trail (created_by, updated_by)
|
||||
|
||||
---
|
||||
|
||||
## 🔐 Authentication
|
||||
|
||||
Tüm endpoint'ler **Admin** yetkisi gerektirir:
|
||||
```
|
||||
Authorization: Bearer {admin_access_token}
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 📡 CORS Whitelist API
|
||||
|
||||
### 1. Tüm Whitelist Kayıtlarını Listele
|
||||
|
||||
```http
|
||||
GET /v1/settings/cors/whitelist
|
||||
```
|
||||
|
||||
**Headers:**
|
||||
```
|
||||
Authorization: Bearer {token}
|
||||
```
|
||||
|
||||
**Yanıt:**
|
||||
```json
|
||||
[
|
||||
{
|
||||
"id": "uuid",
|
||||
"origin": "http://localhost:3000",
|
||||
"description": "Development frontend",
|
||||
"is_active": true,
|
||||
"created_by": "admin@gauth.local",
|
||||
"created_at": "2026-02-05T10:00:00Z",
|
||||
"updated_at": "2026-02-05T10:00:00Z"
|
||||
},
|
||||
{
|
||||
"id": "uuid",
|
||||
"origin": "https://myapp.com",
|
||||
"description": "Production frontend",
|
||||
"is_active": true,
|
||||
"created_by": "admin@gauth.local",
|
||||
"created_at": "2026-02-05T09:00:00Z",
|
||||
"updated_at": "2026-02-05T09:00:00Z"
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
### 2. Whitelist Kaydı Oluştur
|
||||
|
||||
```http
|
||||
POST /v1/settings/cors/whitelist
|
||||
```
|
||||
|
||||
**Headers:**
|
||||
```
|
||||
Authorization: Bearer {token}
|
||||
Content-Type: application/json
|
||||
```
|
||||
|
||||
**Body:**
|
||||
```json
|
||||
{
|
||||
"origin": "https://example.com",
|
||||
"description": "Customer frontend application"
|
||||
}
|
||||
```
|
||||
|
||||
**Başarılı Yanıt (201):**
|
||||
```json
|
||||
{
|
||||
"id": "new-uuid",
|
||||
"origin": "https://example.com",
|
||||
"description": "Customer frontend application",
|
||||
"is_active": true,
|
||||
"created_by": "admin@gauth.local",
|
||||
"created_at": "2026-02-05T11:00:00Z",
|
||||
"updated_at": "2026-02-05T11:00:00Z"
|
||||
}
|
||||
```
|
||||
|
||||
### 3. Whitelist Kaydını Güncelle
|
||||
|
||||
```http
|
||||
PUT /v1/settings/cors/whitelist/{id}
|
||||
```
|
||||
|
||||
**Headers:**
|
||||
```
|
||||
Authorization: Bearer {token}
|
||||
Content-Type: application/json
|
||||
```
|
||||
|
||||
**Body (tüm alanlar opsiyonel):**
|
||||
```json
|
||||
{
|
||||
"origin": "https://new-domain.com",
|
||||
"description": "Updated description",
|
||||
"is_active": false
|
||||
}
|
||||
```
|
||||
|
||||
**Başarılı Yanıt (200):**
|
||||
```json
|
||||
{
|
||||
"message": "Whitelist updated successfully"
|
||||
}
|
||||
```
|
||||
|
||||
### 4. Whitelist Kaydını Sil
|
||||
|
||||
```http
|
||||
DELETE /v1/settings/cors/whitelist/{id}
|
||||
```
|
||||
|
||||
**Headers:**
|
||||
```
|
||||
Authorization: Bearer {token}
|
||||
```
|
||||
|
||||
**Başarılı Yanıt (200):**
|
||||
```json
|
||||
{
|
||||
"message": "Whitelist entry deleted successfully"
|
||||
}
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 🚫 CORS Blacklist API
|
||||
|
||||
### 1. Tüm Blacklist Kayıtlarını Listele
|
||||
|
||||
```http
|
||||
GET /v1/settings/cors/blacklist
|
||||
```
|
||||
|
||||
**Headers:**
|
||||
```
|
||||
Authorization: Bearer {token}
|
||||
```
|
||||
|
||||
**Yanıt:**
|
||||
```json
|
||||
[
|
||||
{
|
||||
"id": "uuid",
|
||||
"origin": "https://malicious-site.com",
|
||||
"reason": "Security threat detected",
|
||||
"is_active": true,
|
||||
"created_by": "admin@gauth.local",
|
||||
"created_at": "2026-02-05T10:00:00Z",
|
||||
"updated_at": "2026-02-05T10:00:00Z"
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
### 2. Blacklist Kaydı Oluştur
|
||||
|
||||
```http
|
||||
POST /v1/settings/cors/blacklist
|
||||
```
|
||||
|
||||
**Headers:**
|
||||
```
|
||||
Authorization: Bearer {token}
|
||||
Content-Type: application/json
|
||||
```
|
||||
|
||||
**Body:**
|
||||
```json
|
||||
{
|
||||
"origin": "https://spam-domain.com",
|
||||
"reason": "Spam attempts detected"
|
||||
}
|
||||
```
|
||||
|
||||
**Başarılı Yanıt (201):**
|
||||
```json
|
||||
{
|
||||
"id": "new-uuid",
|
||||
"origin": "https://spam-domain.com",
|
||||
"reason": "Spam attempts detected",
|
||||
"is_active": true,
|
||||
"created_by": "admin@gauth.local",
|
||||
"created_at": "2026-02-05T11:00:00Z",
|
||||
"updated_at": "2026-02-05T11:00:00Z"
|
||||
}
|
||||
```
|
||||
|
||||
### 3. Blacklist Kaydını Güncelle
|
||||
|
||||
```http
|
||||
PUT /v1/settings/cors/blacklist/{id}
|
||||
```
|
||||
|
||||
**Headers:**
|
||||
```
|
||||
Authorization: Bearer {token}
|
||||
Content-Type: application/json
|
||||
```
|
||||
|
||||
**Body (tüm alanlar opsiyonel):**
|
||||
```json
|
||||
{
|
||||
"origin": "https://updated-domain.com",
|
||||
"reason": "Updated reason",
|
||||
"is_active": false
|
||||
}
|
||||
```
|
||||
|
||||
**Başarılı Yanıt (200):**
|
||||
```json
|
||||
{
|
||||
"message": "Blacklist updated successfully"
|
||||
}
|
||||
```
|
||||
|
||||
### 4. Blacklist Kaydını Sil
|
||||
|
||||
```http
|
||||
DELETE /v1/settings/cors/blacklist/{id}
|
||||
```
|
||||
|
||||
**Headers:**
|
||||
```
|
||||
Authorization: Bearer {token}
|
||||
```
|
||||
|
||||
**Başarılı Yanıt (200):**
|
||||
```json
|
||||
{
|
||||
"message": "Blacklist entry deleted successfully"
|
||||
}
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 🧪 Kullanım Örnekleri
|
||||
|
||||
### Tam İş Akışı (cURL)
|
||||
|
||||
```bash
|
||||
#!/bin/bash
|
||||
|
||||
# 1. Admin Login
|
||||
TOKEN=$(curl -s -X POST http://localhost:8080/v1/auth/login \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{"email":"admin@gauth.local","password":"Admin@123"}' | jq -r '.access_token')
|
||||
|
||||
echo "Token: ${TOKEN:0:30}..."
|
||||
|
||||
# 2. Whitelist'e domain ekle
|
||||
echo -e "\n=== Create Whitelist Entry ==="
|
||||
curl -X POST http://localhost:8080/v1/settings/cors/whitelist \
|
||||
-H "Authorization: Bearer $TOKEN" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{
|
||||
"origin": "https://myapp.com",
|
||||
"description": "Production app"
|
||||
}' | jq .
|
||||
|
||||
# 3. Tüm whitelist'i listele
|
||||
echo -e "\n=== List All Whitelist ==="
|
||||
curl -X GET http://localhost:8080/v1/settings/cors/whitelist \
|
||||
-H "Authorization: Bearer $TOKEN" | jq .
|
||||
|
||||
# 4. Blacklist'e domain ekle
|
||||
echo -e "\n=== Create Blacklist Entry ==="
|
||||
curl -X POST http://localhost:8080/v1/settings/cors/blacklist \
|
||||
-H "Authorization: Bearer $TOKEN" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{
|
||||
"origin": "https://spam.com",
|
||||
"reason": "Spam detected"
|
||||
}' | jq .
|
||||
|
||||
# 5. Whitelist entry'yi güncelle (ID'yi yukarıdaki response'dan alın)
|
||||
WHITELIST_ID="your-whitelist-id-here"
|
||||
echo -e "\n=== Update Whitelist Entry ==="
|
||||
curl -X PUT "http://localhost:8080/v1/settings/cors/whitelist/$WHITELIST_ID" \
|
||||
-H "Authorization: Bearer $TOKEN" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{
|
||||
"description": "Updated description",
|
||||
"is_active": true
|
||||
}' | jq .
|
||||
|
||||
# 6. Blacklist entry'yi sil
|
||||
BLACKLIST_ID="your-blacklist-id-here"
|
||||
echo -e "\n=== Delete Blacklist Entry ==="
|
||||
curl -X DELETE "http://localhost:8080/v1/settings/cors/blacklist/$BLACKLIST_ID" \
|
||||
-H "Authorization: Bearer $TOKEN" | jq .
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 🎯 Frontend Entegrasyonu (React)
|
||||
|
||||
### API Client
|
||||
|
||||
```javascript
|
||||
class CorsSettingsAPI {
|
||||
constructor(baseURL, token) {
|
||||
this.baseURL = baseURL;
|
||||
this.token = token;
|
||||
}
|
||||
|
||||
// ====== Whitelist ======
|
||||
|
||||
async getWhitelist() {
|
||||
const response = await fetch(`${this.baseURL}/v1/settings/cors/whitelist`, {
|
||||
headers: {
|
||||
'Authorization': `Bearer ${this.token}`
|
||||
}
|
||||
});
|
||||
return response.json();
|
||||
}
|
||||
|
||||
async createWhitelist(origin, description) {
|
||||
const response = await fetch(`${this.baseURL}/v1/settings/cors/whitelist`, {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Authorization': `Bearer ${this.token}`,
|
||||
'Content-Type': 'application/json'
|
||||
},
|
||||
body: JSON.stringify({ origin, description })
|
||||
});
|
||||
return response.json();
|
||||
}
|
||||
|
||||
async updateWhitelist(id, updates) {
|
||||
const response = await fetch(`${this.baseURL}/v1/settings/cors/whitelist/${id}`, {
|
||||
method: 'PUT',
|
||||
headers: {
|
||||
'Authorization': `Bearer ${this.token}`,
|
||||
'Content-Type': 'application/json'
|
||||
},
|
||||
body: JSON.stringify(updates)
|
||||
});
|
||||
return response.json();
|
||||
}
|
||||
|
||||
async deleteWhitelist(id) {
|
||||
const response = await fetch(`${this.baseURL}/v1/settings/cors/whitelist/${id}`, {
|
||||
method: 'DELETE',
|
||||
headers: {
|
||||
'Authorization': `Bearer ${this.token}`
|
||||
}
|
||||
});
|
||||
return response.json();
|
||||
}
|
||||
|
||||
// ====== Blacklist ======
|
||||
|
||||
async getBlacklist() {
|
||||
const response = await fetch(`${this.baseURL}/v1/settings/cors/blacklist`, {
|
||||
headers: {
|
||||
'Authorization': `Bearer ${this.token}`
|
||||
}
|
||||
});
|
||||
return response.json();
|
||||
}
|
||||
|
||||
async createBlacklist(origin, reason) {
|
||||
const response = await fetch(`${this.baseURL}/v1/settings/cors/blacklist`, {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Authorization': `Bearer ${this.token}`,
|
||||
'Content-Type': 'application/json'
|
||||
},
|
||||
body: JSON.stringify({ origin, reason })
|
||||
});
|
||||
return response.json();
|
||||
}
|
||||
|
||||
async updateBlacklist(id, updates) {
|
||||
const response = await fetch(`${this.baseURL}/v1/settings/cors/blacklist/${id}`, {
|
||||
method: 'PUT',
|
||||
headers: {
|
||||
'Authorization': `Bearer ${this.token}`,
|
||||
'Content-Type': 'application/json'
|
||||
},
|
||||
body: JSON.stringify(updates)
|
||||
});
|
||||
return response.json();
|
||||
}
|
||||
|
||||
async deleteBlacklist(id) {
|
||||
const response = await fetch(`${this.baseURL}/v1/settings/cors/blacklist/${id}`, {
|
||||
method: 'DELETE',
|
||||
headers: {
|
||||
'Authorization': `Bearer ${this.token}`
|
||||
}
|
||||
});
|
||||
return response.json();
|
||||
}
|
||||
}
|
||||
|
||||
// Kullanım
|
||||
const api = new CorsSettingsAPI('http://localhost:8080', YOUR_ADMIN_TOKEN);
|
||||
|
||||
// Whitelist listele
|
||||
const whitelists = await api.getWhitelist();
|
||||
console.log(whitelists);
|
||||
|
||||
// Yeni whitelist ekle
|
||||
const newEntry = await api.createWhitelist('https://newapp.com', 'New application');
|
||||
console.log(newEntry);
|
||||
```
|
||||
|
||||
### React Component Örneği
|
||||
|
||||
```jsx
|
||||
import React, { useState, useEffect } from 'react';
|
||||
|
||||
function CorsWhitelistManager() {
|
||||
const [whitelists, setWhitelists] = useState([]);
|
||||
const [newOrigin, setNewOrigin] = useState('');
|
||||
const [newDescription, setNewDescription] = useState('');
|
||||
const token = localStorage.getItem('admin_token');
|
||||
|
||||
useEffect(() => {
|
||||
fetchWhitelists();
|
||||
}, []);
|
||||
|
||||
const fetchWhitelists = async () => {
|
||||
try {
|
||||
const response = await fetch('http://localhost:8080/v1/settings/cors/whitelist', {
|
||||
headers: {
|
||||
'Authorization': `Bearer ${token}`
|
||||
}
|
||||
});
|
||||
const data = await response.json();
|
||||
setWhitelists(data);
|
||||
} catch (error) {
|
||||
console.error('Error fetching whitelists:', error);
|
||||
}
|
||||
};
|
||||
|
||||
const handleCreate = async (e) => {
|
||||
e.preventDefault();
|
||||
try {
|
||||
const response = await fetch('http://localhost:8080/v1/settings/cors/whitelist', {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Authorization': `Bearer ${token}`,
|
||||
'Content-Type': 'application/json'
|
||||
},
|
||||
body: JSON.stringify({
|
||||
origin: newOrigin,
|
||||
description: newDescription
|
||||
})
|
||||
});
|
||||
|
||||
if (response.ok) {
|
||||
setNewOrigin('');
|
||||
setNewDescription('');
|
||||
fetchWhitelists(); // Refresh list
|
||||
alert('Whitelist entry created!');
|
||||
}
|
||||
} catch (error) {
|
||||
console.error('Error creating whitelist:', error);
|
||||
}
|
||||
};
|
||||
|
||||
const handleDelete = async (id) => {
|
||||
if (!confirm('Are you sure you want to delete this entry?')) return;
|
||||
|
||||
try {
|
||||
const response = await fetch(`http://localhost:8080/v1/settings/cors/whitelist/${id}`, {
|
||||
method: 'DELETE',
|
||||
headers: {
|
||||
'Authorization': `Bearer ${token}`
|
||||
}
|
||||
});
|
||||
|
||||
if (response.ok) {
|
||||
fetchWhitelists(); // Refresh list
|
||||
alert('Whitelist entry deleted!');
|
||||
}
|
||||
} catch (error) {
|
||||
console.error('Error deleting whitelist:', error);
|
||||
}
|
||||
};
|
||||
|
||||
const toggleActive = async (id, currentStatus) => {
|
||||
try {
|
||||
const response = await fetch(`http://localhost:8080/v1/settings/cors/whitelist/${id}`, {
|
||||
method: 'PUT',
|
||||
headers: {
|
||||
'Authorization': `Bearer ${token}`,
|
||||
'Content-Type': 'application/json'
|
||||
},
|
||||
body: JSON.stringify({
|
||||
is_active: !currentStatus
|
||||
})
|
||||
});
|
||||
|
||||
if (response.ok) {
|
||||
fetchWhitelists(); // Refresh list
|
||||
}
|
||||
} catch (error) {
|
||||
console.error('Error updating whitelist:', error);
|
||||
}
|
||||
};
|
||||
|
||||
return (
|
||||
<div className="cors-whitelist-manager">
|
||||
<h2>CORS Whitelist Manager</h2>
|
||||
|
||||
{/* Add New Entry Form */}
|
||||
<form onSubmit={handleCreate} className="add-form">
|
||||
<input
|
||||
type="text"
|
||||
placeholder="Origin (e.g., https://example.com)"
|
||||
value={newOrigin}
|
||||
onChange={(e) => setNewOrigin(e.target.value)}
|
||||
required
|
||||
/>
|
||||
<input
|
||||
type="text"
|
||||
placeholder="Description"
|
||||
value={newDescription}
|
||||
onChange={(e) => setNewDescription(e.target.value)}
|
||||
/>
|
||||
<button type="submit">Add to Whitelist</button>
|
||||
</form>
|
||||
|
||||
{/* Whitelist Table */}
|
||||
<table>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Origin</th>
|
||||
<th>Description</th>
|
||||
<th>Active</th>
|
||||
<th>Created By</th>
|
||||
<th>Actions</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{whitelists.map(entry => (
|
||||
<tr key={entry.id}>
|
||||
<td>{entry.origin}</td>
|
||||
<td>{entry.description}</td>
|
||||
<td>
|
||||
<button onClick={() => toggleActive(entry.id, entry.is_active)}>
|
||||
{entry.is_active ? '✅ Active' : '❌ Inactive'}
|
||||
</button>
|
||||
</td>
|
||||
<td>{entry.created_by}</td>
|
||||
<td>
|
||||
<button onClick={() => handleDelete(entry.id)}>Delete</button>
|
||||
</td>
|
||||
</tr>
|
||||
))}
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
);
|
||||
}
|
||||
|
||||
export default CorsWhitelistManager;
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 📊 API Endpoints Özeti
|
||||
|
||||
| Endpoint | Method | Açıklama | Admin Required |
|
||||
|----------|--------|----------|----------------|
|
||||
| `/v1/settings/cors/whitelist` | GET | Whitelist listele | ✅ |
|
||||
| `/v1/settings/cors/whitelist` | POST | Whitelist ekle | ✅ |
|
||||
| `/v1/settings/cors/whitelist/:id` | PUT | Whitelist güncelle | ✅ |
|
||||
| `/v1/settings/cors/whitelist/:id` | DELETE | Whitelist sil | ✅ |
|
||||
| `/v1/settings/cors/blacklist` | GET | Blacklist listele | ✅ |
|
||||
| `/v1/settings/cors/blacklist` | POST | Blacklist ekle | ✅ |
|
||||
| `/v1/settings/cors/blacklist/:id` | PUT | Blacklist güncelle | ✅ |
|
||||
| `/v1/settings/cors/blacklist/:id` | DELETE | Blacklist sil | ✅ |
|
||||
|
||||
---
|
||||
|
||||
## 🔧 Cache Yönetimi
|
||||
|
||||
CORS ayarları Redis'te cache'lenir:
|
||||
- **Cache süresi:** 1 saat
|
||||
- **Otomatik invalidation:** Create/Update/Delete işlemlerinde
|
||||
- **Cache key:**
|
||||
- Whitelist: `cors:whitelist`
|
||||
- Blacklist: `cors:blacklist`
|
||||
|
||||
---
|
||||
|
||||
## ✅ Test Checklist
|
||||
|
||||
- [ ] Admin token alındı
|
||||
- [ ] Whitelist ekleme testi
|
||||
- [ ] Whitelist listeleme testi
|
||||
- [ ] Whitelist güncelleme testi
|
||||
- [ ] Whitelist silme testi
|
||||
- [ ] Blacklist ekleme testi
|
||||
- [ ] Blacklist listeleme testi
|
||||
- [ ] Blacklist güncelleme testi
|
||||
- [ ] Blacklist silme testi
|
||||
- [ ] Swagger dokümantasyonu kontrol edildi
|
||||
|
||||
**CORS Whitelist & Blacklist API'leri tam çalışır durumda!** 🚀
|
||||
Reference in New Issue
Block a user