v1.0.0 Release - All Phases Complete

Phase 2: Core API Development - 15 REST API endpoints (packages, patches, system, jobs, websocket) - mTLS authentication layer (src/auth/mtls.rs) - IP whitelist enforcement (src/auth/whitelist.rs) - Job manager with async operation support - WebSocket streaming for job status Phase 3: Security Hardening - Security testing: 16/16 tests passing - Fuzz testing: 21 tests, all findings resolved - Threat model validation (STRIDE matrix) - TLS binding fix (critical vulnerability resolved) - Security documentation complete Phase 4: Production Readiness - Performance benchmarking (all targets met) - Package creation (.deb/.rpm structures) - Documentation (README, API docs, deployment guide) - Security hardening (6 vulnerabilities fixed) Deliverables: - API_DOCUMENTATION.md (889 lines) - DEPLOYMENT_GUIDE.md (733 lines) - SECURITY.md (346 lines) - README.md (525 lines) - debian/ package structure - linux-patch-api.spec (RPM) - install.sh installer script - benches/api_benchmarks.rs - Multiple security/performance reports Security Status: 0 vulnerabilities remaining Test Coverage: 31 unit tests, 21 integration tests Build Status: Release optimized
2026-04-10 01:41:19 +00:00
parent ab53177210
commit b615a5639e
63 changed files with 13101 additions and 72 deletions
--- a/src/api/routes.rs
+++ b/src/api/routes.rs
@ -0,0 +1,50 @@
+//! API Routes Configuration
+//!
+//! Aggregates all endpoint routes and configures the Actix-web application.
+
+use actix_web::{web, HttpResponse, http::Method};
+use tracing::info;
+
+use crate::packages::create_backend;
+use crate::jobs::manager::JobManager;
+
+use super::handlers::{packages, patches, system, jobs, websocket};
+
+/// Default service handler for unsupported HTTP methods (VULN-005)
+/// Returns 405 Method Not Allowed instead of 404 for known endpoints
+async fn method_not_allowed() -> HttpResponse {
+    HttpResponse::MethodNotAllowed()
+        .insert_header(("Allow", "GET, POST, PUT, DELETE"))
+        .finish()
+}
+/// Configure all API routes for the application
+pub fn configure_api_routes(
+    cfg: &mut web::ServiceConfig,
+    job_manager: web::Data<JobManager>,
+    backend: web::Data<Box<dyn crate::packages::PackageManagerBackend>>,
+) {
+    info!("Configuring API v1 routes");
+
+    cfg.app_data(job_manager)
+        .app_data(backend)
+        .service(
+            web::scope("/api/v1")
+                // VULN-005: Default handler for unsupported methods returns 405 instead of 404
+                .default_service(web::route().to(method_not_allowed))
+                // Package Management Endpoints
+                .configure(packages::configure_routes)
+                // Patch Management Endpoints
+                .configure(patches::configure_routes)
+                // System Management Endpoints
+                .configure(system::configure_routes)
+                // Job Management Endpoints
+                .configure(jobs::configure_routes)
+                // WebSocket Endpoint
+                .configure(websocket::configure_routes),
+        );
+}
+
+/// Health check route (outside API scope for load balancer checks)
+pub fn configure_health_route(cfg: &mut web::ServiceConfig) {
+    cfg.route("/health", web::get().to(system::health_check));
+}