# Abstract Wizard [English](#english) | [中文](#中文) --- ## English Secure configuration file management service. Read, modify, and version-control JSON/YAML config files via REST API. Listens on localhost only — access remotely via SSH tunnel. ### Quick Start #### Docker Compose (Recommended) ```bash docker compose up -d ``` The service listens on `127.0.0.1:18080`. #### Run Locally ```bash go build -o abstract-wizard . CONFIG_DIR=./configs ./abstract-wizard ``` ### Environment Variables | Variable | Default | Description | |----------|---------|-------------| | `CONFIG_DIR` | `/config` | Base directory for config files | | `LISTEN_ADDR` | `127.0.0.1:8080` | HTTP listen address | | `MAX_BACKUPS` | `10` | Max backup versions per file | ### API #### Health Check ```bash curl http://127.0.0.1:18080/health ``` #### Read Config ```bash curl http://127.0.0.1:18080/api/v1/config/app.json ``` #### Full Replace ```bash curl -X PUT http://127.0.0.1:18080/api/v1/config/app.json \ -d '{"database": {"host": "localhost", "port": 5432}}' ``` A backup is created automatically before each write. The response includes `backup_version`. #### Partial Update (Deep Merge) ```bash curl -X PATCH http://127.0.0.1:18080/api/v1/config/app.json \ -d '{"database": {"port": 3306}}' ``` Only the specified fields are updated; nested objects are merged recursively. #### List Backups ```bash curl http://127.0.0.1:18080/api/v1/backups/app.json ``` #### Rollback ```bash # Get the version from the backup list, then: curl -X POST http://127.0.0.1:18080/api/v1/rollback/app.json \ -d '{"version": "20260215T120000Z"}' ``` #### Mode Switching Get current mode: ```bash curl http://127.0.0.1:18080/api/v1/mode ``` Switch to readonly (rejects all writes): ```bash curl -X PUT http://127.0.0.1:18080/api/v1/mode \ -d '{"mode": "readonly"}' ``` Switch back to init (read/write): ```bash curl -X PUT http://127.0.0.1:18080/api/v1/mode \ -d '{"mode": "init"}' ``` ### YAML Support All endpoints support both JSON and YAML. The format is detected by file extension: ```bash curl -X PUT http://127.0.0.1:18080/api/v1/config/app.yaml \ -H "Content-Type: text/yaml" \ -d ' database: host: localhost port: 5432 ' ``` ### Security Model The service binds to `127.0.0.1` by default and is not exposed externally. Use an SSH tunnel for remote access: ```bash ssh -L 18080:127.0.0.1:18080 user@server ``` Then access via `http://127.0.0.1:18080` locally. ### Project Structure ``` ├── main.go # Entry point, env config, graceful shutdown ├── config/ │ ├── validation.go # Path validation, traversal prevention │ ├── parser.go # JSON/YAML parse, serialize, deep merge │ ├── atomic.go # Atomic write (temp → fsync → rename) │ └── backup.go # Timestamped backups, pruning, rollback ├── audit/ │ └── logger.go # Structured JSON audit log ├── server/ │ ├── server.go # HTTP server, routing, mode state machine │ ├── middleware.go # Request logging middleware │ └── handlers.go # API handlers ├── Dockerfile # Multi-stage build └── docker-compose.yaml # Example deployment ``` --- ## 中文 安全的配置文件管理服务。通过 REST API 对 JSON/YAML 配置文件进行读取、修改和版本管理,仅监听 localhost,通过 SSH 隧道访问。 ### 快速开始 #### Docker Compose(推荐) ```bash docker compose up -d ``` 服务启动后监听 `127.0.0.1:18080`。 #### 本地运行 ```bash go build -o abstract-wizard . CONFIG_DIR=./configs ./abstract-wizard ``` ### 环境变量 | 变量 | 默认值 | 说明 | |------|--------|------| | `CONFIG_DIR` | `/config` | 配置文件存放目录 | | `LISTEN_ADDR` | `127.0.0.1:8080` | 监听地址 | | `MAX_BACKUPS` | `10` | 每个文件保留的最大备份数 | ### API #### 健康检查 ```bash curl http://127.0.0.1:18080/health ``` #### 读取配置 ```bash curl http://127.0.0.1:18080/api/v1/config/app.json ``` #### 完整替换配置 ```bash curl -X PUT http://127.0.0.1:18080/api/v1/config/app.json \ -d '{"database": {"host": "localhost", "port": 5432}}' ``` 写入前会自动创建备份,响应中包含 `backup_version`。 #### 局部更新(深度合并) ```bash curl -X PATCH http://127.0.0.1:18080/api/v1/config/app.json \ -d '{"database": {"port": 3306}}' ``` 仅更新指定字段,嵌套对象递归合并。 #### 查看备份列表 ```bash curl http://127.0.0.1:18080/api/v1/backups/app.json ``` #### 回滚到指定版本 ```bash # 先从备份列表获取版本号,然后: curl -X POST http://127.0.0.1:18080/api/v1/rollback/app.json \ -d '{"version": "20260215T120000Z"}' ``` #### 模式切换 查看当前模式: ```bash curl http://127.0.0.1:18080/api/v1/mode ``` 切换为只读模式(拒绝所有写操作): ```bash curl -X PUT http://127.0.0.1:18080/api/v1/mode \ -d '{"mode": "readonly"}' ``` 切换回初始化模式(允许读写): ```bash curl -X PUT http://127.0.0.1:18080/api/v1/mode \ -d '{"mode": "init"}' ``` ### YAML 支持 所有端点同时支持 JSON 和 YAML,格式由文件扩展名自动判断: ```bash curl -X PUT http://127.0.0.1:18080/api/v1/config/app.yaml \ -H "Content-Type: text/yaml" \ -d ' database: host: localhost port: 5432 ' ``` ### 安全模型 服务默认仅监听 `127.0.0.1`,不暴露到外部网络。远程访问通过 SSH 隧道实现: ```bash ssh -L 18080:127.0.0.1:18080 user@server ``` 之后本地即可通过 `http://127.0.0.1:18080` 访问。 ### 项目结构 ``` ├── main.go # 入口:环境变量、初始化、优雅关闭 ├── config/ │ ├── validation.go # 路径校验,防止目录穿越 │ ├── parser.go # JSON/YAML 解析、序列化、深度合并 │ ├── atomic.go # 原子写入(temp → fsync → rename) │ └── backup.go # 时间戳备份、清理、回滚 ├── audit/ │ └── logger.go # 结构化 JSON 审计日志 ├── server/ │ ├── server.go # HTTP 服务、路由、模式状态机 │ ├── middleware.go # 请求日志中间件 │ └── handlers.go # API 处理函数 ├── Dockerfile # 多阶段构建 └── docker-compose.yaml # 示例部署配置 ```