first commit

This commit is contained in:
Beyhan Oğur
2026-04-26 21:37:58 +03:00
commit 8b1fbdee99
104 changed files with 23398 additions and 0 deletions

558
SETTINGS_API.md Normal file
View File

@@ -0,0 +1,558 @@
# 🔧 CORS & Rate Limit Yönetim API'si
## Yeni Endpoint'ler
### Base URL
```
http://localhost:8080/v1/settings
```
**Not:** Tüm settings endpoint'leri authentication gerektirir (Bearer token).
---
## 📋 CORS Whitelist Yönetimi
### 1. Tüm Whitelist Kayıtlarını Getir
```
GET /v1/settings/cors/whitelist
Authorization: Bearer {token}
```
**Response:**
```json
[
{
"id": "uuid",
"origin": "http://localhost:3000",
"description": "Default local frontend",
"is_active": true,
"created_by": "system",
"created_at": "2026-02-04T00:00:00Z",
"updated_at": "2026-02-04T00:00:00Z"
}
]
```
### 2. Yeni Whitelist Ekle
```
POST /v1/settings/cors/whitelist
Authorization: Bearer {token}
Content-Type: application/json
```
**Request Body:**
```json
{
"origin": "https://example.com",
"description": "Production frontend"
}
```
**Response (201):**
```json
{
"id": "uuid",
"origin": "https://example.com",
"description": "Production frontend",
"is_active": true,
"created_by": "user@example.com",
"created_at": "2026-02-04T00:00:00Z",
"updated_at": "2026-02-04T00:00:00Z"
}
```
### 3. Whitelist Güncelle
```
PUT /v1/settings/cors/whitelist/{id}
Authorization: Bearer {token}
Content-Type: application/json
```
**Request Body:**
```json
{
"origin": "https://newdomain.com",
"description": "Updated description",
"is_active": false
}
```
**Response (200):**
```json
{
"message": "Whitelist updated successfully"
}
```
### 4. Whitelist Sil
```
DELETE /v1/settings/cors/whitelist/{id}
Authorization: Bearer {token}
```
**Response (200):**
```json
{
"message": "Whitelist entry deleted successfully"
}
```
---
## 🚫 CORS Blacklist Yönetimi
### 1. Tüm Blacklist Kayıtlarını Getir
```
GET /v1/settings/cors/blacklist
Authorization: Bearer {token}
```
**Response:**
```json
[
{
"id": "uuid",
"origin": "http://malicious-site.com",
"reason": "Security threat",
"is_active": true,
"created_by": "admin@example.com",
"created_at": "2026-02-04T00:00:00Z",
"updated_at": "2026-02-04T00:00:00Z"
}
]
```
### 2. Yeni Blacklist Ekle
```
POST /v1/settings/cors/blacklist
Authorization: Bearer {token}
Content-Type: application/json
```
**Request Body:**
```json
{
"origin": "http://spam-site.com",
"reason": "Spam attempts detected"
}
```
**Response (201):**
```json
{
"id": "uuid",
"origin": "http://spam-site.com",
"reason": "Spam attempts detected",
"is_active": true,
"created_by": "user@example.com",
"created_at": "2026-02-04T00:00:00Z",
"updated_at": "2026-02-04T00:00:00Z"
}
```
### 3. Blacklist Güncelle
```
PUT /v1/settings/cors/blacklist/{id}
Authorization: Bearer {token}
Content-Type: application/json
```
**Request Body:**
```json
{
"origin": "http://updated-domain.com",
"reason": "Updated reason",
"is_active": true
}
```
**Response (200):**
```json
{
"message": "Blacklist updated successfully"
}
```
### 4. Blacklist Sil
```
DELETE /v1/settings/cors/blacklist/{id}
Authorization: Bearer {token}
```
**Response (200):**
```json
{
"message": "Blacklist entry deleted successfully"
}
```
---
## ⚡ Rate Limit Ayarları Yönetimi
### 1. Tüm Rate Limit Ayarlarını Getir
```
GET /v1/settings/ratelimit
Authorization: Bearer {token}
```
**Response:**
```json
[
{
"id": "uuid",
"name": "login",
"description": "Login endpoint rate limit",
"max_requests": 5,
"window_seconds": 60,
"is_active": true,
"updated_by": "admin@example.com",
"created_at": "2026-02-04T00:00:00Z",
"updated_at": "2026-02-04T00:00:00Z"
},
{
"id": "uuid",
"name": "register",
"description": "Registration endpoint rate limit",
"max_requests": 3,
"window_seconds": 300,
"is_active": true,
"updated_by": null,
"created_at": "2026-02-04T00:00:00Z",
"updated_at": "2026-02-04T00:00:00Z"
},
{
"id": "uuid",
"name": "api",
"description": "General API rate limit",
"max_requests": 100,
"window_seconds": 60,
"is_active": true,
"updated_by": null,
"created_at": "2026-02-04T00:00:00Z",
"updated_at": "2026-02-04T00:00:00Z"
}
]
```
### 2. Rate Limit Ayarını Güncelle
```
PUT /v1/settings/ratelimit/{id}
Authorization: Bearer {token}
Content-Type: application/json
```
**Request Body:**
```json
{
"max_requests": 10,
"window_seconds": 120,
"description": "Updated rate limit",
"is_active": true
}
```
**Response (200):**
```json
{
"message": "Rate limit setting updated successfully"
}
```
---
## 🔄 Çalışma Mantığı
### CORS Kontrolü
1. **Request gelir** → Origin header okunur
2. **Blacklist kontrolü** → Origin blacklist'te var mı?
- Varsa → **403 Forbidden**
3. **Whitelist kontrolü** → Origin whitelist'te var mı?
- Varsa → **İzin ver**
- Yoksa → **403 Forbidden**
### Cache Stratejisi
- **Whitelist/Blacklist**: 1 saat cache
- **Rate Limit Settings**: 1 saat cache
- Her CRUD işleminden sonra ilgili cache **invalidate** edilir
- Database'den tekrar okunur ve cache'lenir
### Rate Limiting
1. **Database'den ayarlar okunur** (cache'den veya DB'den)
2. **IP bazlı sayaç** Redis'te tutulur
3. **Limit aşılırsa****429 Too Many Requests**
---
## 📝 Kullanım Örnekleri
### JavaScript/TypeScript
```javascript
const API_BASE = 'http://localhost:8080/v1/settings';
const token = localStorage.getItem('access_token');
// Whitelist'e yeni origin ekle
async function addToWhitelist(origin, description) {
const response = await fetch(`${API_BASE}/cors/whitelist`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${token}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({ origin, description })
});
return response.json();
}
// Rate limit ayarlarını getir
async function getRateLimits() {
const response = await fetch(`${API_BASE}/ratelimit`, {
headers: {
'Authorization': `Bearer ${token}`
}
});
return response.json();
}
// Rate limit güncelle
async function updateRateLimit(id, maxRequests, windowSeconds) {
const response = await fetch(`${API_BASE}/ratelimit/${id}`, {
method: 'PUT',
headers: {
'Authorization': `Bearer ${token}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
max_requests: maxRequests,
window_seconds: windowSeconds
})
});
return response.json();
}
// Blacklist'e ekle
async function addToBlacklist(origin, reason) {
const response = await fetch(`${API_BASE}/cors/blacklist`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${token}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({ origin, reason })
});
return response.json();
}
```
### cURL Örnekleri
```bash
# Token al (önce login)
TOKEN="your_access_token_here"
# Whitelist'i görüntüle
curl -X GET http://localhost:8080/v1/settings/cors/whitelist \
-H "Authorization: Bearer $TOKEN"
# Yeni origin ekle
curl -X POST http://localhost:8080/v1/settings/cors/whitelist \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"origin": "https://myapp.com",
"description": "Production app"
}'
# Whitelist güncelle
curl -X PUT http://localhost:8080/v1/settings/cors/whitelist/UUID_HERE \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"is_active": false
}'
# Blacklist'e ekle
curl -X POST http://localhost:8080/v1/settings/cors/blacklist \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"origin": "http://bad-site.com",
"reason": "Security threat"
}'
# Rate limit ayarlarını görüntüle
curl -X GET http://localhost:8080/v1/settings/ratelimit \
-H "Authorization: Bearer $TOKEN"
# Rate limit güncelle
curl -X PUT http://localhost:8080/v1/settings/ratelimit/UUID_HERE \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"max_requests": 20,
"window_seconds": 60,
"description": "Updated login limit"
}'
```
---
## 🗄️ Database Tabloları
### cors_whitelists
```sql
CREATE TABLE cors_whitelists (
id UUID PRIMARY KEY,
origin VARCHAR(255) UNIQUE NOT NULL,
description TEXT,
is_active BOOLEAN DEFAULT true,
created_by VARCHAR(255),
created_at TIMESTAMP,
updated_at TIMESTAMP
);
```
### cors_blacklists
```sql
CREATE TABLE cors_blacklists (
id UUID PRIMARY KEY,
origin VARCHAR(255) UNIQUE NOT NULL,
reason TEXT,
is_active BOOLEAN DEFAULT true,
created_by VARCHAR(255),
created_at TIMESTAMP,
updated_at TIMESTAMP
);
```
### rate_limit_settings
```sql
CREATE TABLE rate_limit_settings (
id UUID PRIMARY KEY,
name VARCHAR(100) UNIQUE NOT NULL,
description TEXT,
max_requests BIGINT NOT NULL,
window_seconds INTEGER NOT NULL,
is_active BOOLEAN DEFAULT true,
updated_by VARCHAR(255),
created_at TIMESTAMP,
updated_at TIMESTAMP
);
```
---
## ⚙️ Default Ayarlar
Uygulama ilk kez başlatıldığında otomatik olarak şu ayarlar oluşturulur:
### CORS Whitelist
- `http://localhost:3000` - Default local frontend
- `http://localhost:8080` - Backend self
### Rate Limit Settings
- **login**: 5 istek / 60 saniye
- **register**: 3 istek / 300 saniye
- **api**: 100 istek / 60 saniye
---
## 🔐 Güvenlik Notları
1. **Authentication Zorunlu**: Tüm settings endpoint'leri authentication gerektirir
2. **Admin Kontrolü**: Şu anda tüm authenticated kullanıcılar yönetebilir (TODO: Admin role check eklenecek)
3. **Cache**: Değişiklikler 1 saat boyunca cache'de kalır
4. **Blacklist Önceliği**: Blacklist kontrolü whitelist'ten önce yapılır
---
## 📊 Frontend Admin Panel Örneği
```javascript
// Admin Panel Component
class CorsManagement {
constructor() {
this.api = 'http://localhost:8080/v1/settings';
this.token = localStorage.getItem('access_token');
}
async getWhitelist() {
const res = await fetch(`${this.api}/cors/whitelist`, {
headers: { 'Authorization': `Bearer ${this.token}` }
});
return res.json();
}
async addWhitelist(origin, description) {
const res = await fetch(`${this.api}/cors/whitelist`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${this.token}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({ origin, description })
});
return res.json();
}
async updateWhitelist(id, data) {
const res = await fetch(`${this.api}/cors/whitelist/${id}`, {
method: 'PUT',
headers: {
'Authorization': `Bearer ${this.token}`,
'Content-Type': 'application/json'
},
body: JSON.stringify(data)
});
return res.json();
}
async deleteWhitelist(id) {
const res = await fetch(`${this.api}/cors/whitelist/${id}`, {
method: 'DELETE',
headers: { 'Authorization': `Bearer ${this.token}` }
});
return res.json();
}
}
// Kullanım
const corsManager = new CorsManagement();
// Whitelist listele
corsManager.getWhitelist().then(data => {
console.log('Whitelist:', data);
});
// Yeni ekle
corsManager.addWhitelist('https://myapp.com', 'Production app');
// Güncelle
corsManager.updateWhitelist('uuid-here', { is_active: false });
// Sil
corsManager.deleteWhitelist('uuid-here');
```
---
## ✅ Özet
Artık CORS whitelist/blacklist ve rate limit ayarlarını:
-**Database'de** saklayabiliyorsunuz
-**Redis ile cache**'leyebiliyorsunuz
-**Frontend'den yönetebiliyorsunuz**
-**CRUD işlemleri** yapabiliyorsunuz
-**Dinamik olarak** güncelleyebiliyorsunuz
Tüm ayarlar database'de tutulur, değişiklikler anında Redis cache'ini invalidate eder ve yeni değerler kullanılmaya başlanır!