Add Basic Config Validation

2025-09-13 15:19:08 +00:00 · 2023-03-06 17:13:17 +01:00 · 2023-03-06 17:13:17 +01:00 · 7b0474e4eb
commit 7b0474e4eb
parent a04127c0e6
9 changed files with 85 additions and 20 deletions
--- a/pkg/definitions/address.go
+++ b/pkg/definitions/address.go
@ -8,11 +8,11 @@ import (
 )

 type Address struct {
-	Type     AddressType     `json:"type"`
+	Type     AddressType     `json:"type" validate:"min=0,max=3"`
 	Comment  string          `json:"comment,omitempty"`
-	Host     *netip.Addr     `json:"host,omitempty"`
-	Range    *netipx.IPRange `json:"range,omitempty"`
-	Network  *IPNet          `json:"network,omitempty"`
+	Host     *netip.Addr     `json:"host,omitempty" validate:"excluded_unless=Type 0"`
+	Range    *netipx.IPRange `json:"range,omitempty" validate:"excluded_unless=Type 1"`
+	Network  *IPNet          `json:"network,omitempty" validate:"excluded_unless=Type 2"`
 	Children *[]string       `json:"children,omitempty"`
 }

--- a/pkg/definitions/config.go
+++ b/pkg/definitions/config.go
@ -1,6 +1,37 @@
 package definitions

+import (
+	"fmt"
+
+	"github.com/go-playground/validator/v10"
+	"golang.org/x/exp/slog"
+)
+
 type Config struct {
-	ConfigVersion uint64   `json:"config_version"`
-	Firewall      Firewall `json:"firewall"`
+	ConfigVersion uint64   `json:"config_version" validate:"required,eq=1"`
+	Firewall      Firewall `json:"firewall" validate:"required,dive"`
+}
+
+func ValidateConfig(conf *Config) error {
+	val := validator.New()
+	slog.Info("Registering validator")
+	val.RegisterValidation("test", nilIfOtherNil)
+	return val.Struct(conf)
+}
+
+func nilIfOtherNil(fl validator.FieldLevel) bool {
+	slog.Info("Start", "field", fl.FieldName(), "param", fl.Param())
+	if !fl.Field().IsNil() {
+		slog.Info("Field is not nil", "field", fl.FieldName())
+		f := fl.Parent().FieldByName(fl.Param())
+		if f.IsZero() {
+			panic(fmt.Errorf("Param %v is not a Valid Field", fl.Param()))
+		}
+		if !f.IsNil() {
+			slog.Info("Fail", "field", fl.FieldName(), "param", fl.Param())
+			return false
+		}
+	}
+	slog.Info("Success", "field", fl.FieldName(), "param", fl.Param())
+	return true
 }
--- a/pkg/definitions/firewall.go
+++ b/pkg/definitions/firewall.go
@ -1,9 +1,9 @@
 package definitions

 type Firewall struct {
-	ForwardRules        []ForwardRule        `json:"forward_rules"`
-	DestinationNATRules []DestinationNATRule `json:"destination_nat_rules"`
-	SourceNATRules      []SourceNATRule      `json:"source_nat_rules"`
-	Addresses           map[string]Address   `json:"addresses"`
-	Services            map[string]Service   `json:"services"`
+	ForwardRules        []ForwardRule        `json:"forward_rules" validate:"required,dive"`
+	DestinationNATRules []DestinationNATRule `json:"destination_nat_rules" validate:"required,dive"`
+	SourceNATRules      []SourceNATRule      `json:"source_nat_rules" validate:"required,dive"`
+	Addresses           map[string]Address   `json:"addresses" validate:"required,dive"`
+	Services            map[string]Service   `json:"services" validate:"required,dive"`
 }
--- a/pkg/definitions/rule.go
+++ b/pkg/definitions/rule.go
@ -3,15 +3,15 @@ package definitions
 import "encoding/json"

 type Rule struct {
-	Name    string `json:"name"`
-	Match   Match  `json:"match"`
+	Name    string `json:"name" validate:"required"`
+	Match   Match  `json:"match" validate:"required,dive"`
 	Comment string `json:"comment,omitempty"`
 	Counter bool   `json:"counter,omitempty"`
 }

 type ForwardRule struct {
 	Rule
-	Verdict Verdict `json:"verdict"`
+	Verdict Verdict `json:"verdict" validate:"min=0,max=2"`
 }

 type Verdict int
--- a/pkg/definitions/service.go
+++ b/pkg/definitions/service.go
@ -6,13 +6,13 @@ import (
 )

 type Service struct {
-	Type       ServiceType `json:"type"`
+	Type       ServiceType `json:"type" validate:"min=0,max=3"`
 	Comment    string      `json:"comment,omitempty"`
-	SPortStart *uint32     `json:"sport_start,omitempty"`
+	SPortStart *uint32     `json:"sport_start,omitempty" validate:"excluded_unless=Type 0|excluded_unless=Type 1"`
 	SPortEnd   *uint32     `json:"sport_end,omitempty"`
-	DPortStart *uint32     `json:"dport_start,omitempty"`
+	DPortStart *uint32     `json:"dport_start,omitempty" validate:"excluded_unless=Type 0|excluded_unless=Type 1"`
 	DPortEnd   *uint32     `json:"dport_end,omitempty"`
-	ICMPCode   *uint32     `json:"icmp_code,omitempty"`
+	ICMPCode   *uint32     `json:"icmp_code,omitempty" validate:"excluded_unless=Type 2"`
 	Children   *[]string   `json:"children,omitempty"`
 }

--- a/pkg/definitions/source_nat.go
+++ b/pkg/definitions/source_nat.go
@ -4,7 +4,7 @@ import "encoding/json"

 type SourceNATRule struct {
 	Rule
-	Type    SnatType `json:"type"`
+	Type    SnatType `json:"type" validate:"min=0,max=1"`
 	Address string   `json:"address,omitempty"`
 	Service string   `json:"service,omitempty"`
 }