package store import "helix-proxy/internal/models" // Convenience type aliases so that code importing "helix-proxy/internal/store" // can refer to the domain models as e.g. store.ProxyHost (historical API surface). type ( Root = models.Root User = models.User ProxyHost = models.ProxyHost HeaderRule = models.HeaderRule Location = models.Location AccessList = models.AccessList AccessClient = models.AccessClient AccessItem = models.AccessItem Stream = models.Stream Certificate = models.Certificate RedirectionHost = models.RedirectionHost DeadHost = models.DeadHost AuditLog = models.AuditLog ) // New returns the default Store implementation (bbolt, a pure-Go // embedded transactional database). This is the recommended constructor for // normal operation. // // It provides real ACID transactions and good concurrency while remaining a // single static binary with no external database process. func New() (Store, error) { return NewBboltStore() } // Store is the interface for all persistent state in Helix Proxy. // // We use bbolt (pure-Go embedded transactional key/value store) as the one and only // implementation. The interface exists primarily to: // - Make the rest of the code (engine, cert manager, API handlers) easy to test with fakes. // - Keep a clean boundary (in case we ever need to evolve the storage layer). // // All methods are safe for concurrent use. // // Models live in internal/models. type Store interface { // --- meta / bootstrap --- IsSetup() bool GetUsers() []models.User // --- ProxyHost --- GetProxyHosts() []models.ProxyHost GetProxyHost(id int) (models.ProxyHost, bool) CreateProxyHost(h models.ProxyHost) (models.ProxyHost, error) UpdateProxyHost(h models.ProxyHost) (models.ProxyHost, error) DeleteProxyHost(id int) error SetProxyHostEnabled(id int, enabled bool) error // --- AccessList --- GetAccessLists() []models.AccessList GetAccessList(id int) (models.AccessList, bool) CreateAccessList(al models.AccessList) (models.AccessList, error) UpdateAccessList(al models.AccessList) (models.AccessList, error) DeleteAccessList(id int) error // --- Stream --- GetStreams() []models.Stream GetStream(id int) (models.Stream, bool) CreateStream(st models.Stream) (models.Stream, error) UpdateStream(st models.Stream) (models.Stream, error) DeleteStream(id int) error SetStreamEnabled(id int, enabled bool) error // --- Certificate --- GetCertificates() []models.Certificate GetCertificate(id int) (models.Certificate, bool) CreateCertificate(c models.Certificate) (models.Certificate, error) SetCertificate(c models.Certificate) error // used after LE issuance/renewal mutates meta+expires DeleteCertificate(id int) error // --- RedirectionHost --- GetRedirectionHosts() []models.RedirectionHost GetRedirectionHost(id int) (models.RedirectionHost, bool) CreateRedirectionHost(h models.RedirectionHost) (models.RedirectionHost, error) UpdateRedirectionHost(h models.RedirectionHost) (models.RedirectionHost, error) DeleteRedirectionHost(id int) error SetRedirectionHostEnabled(id int, enabled bool) error // --- DeadHost --- GetDeadHosts() []models.DeadHost GetDeadHost(id int) (models.DeadHost, bool) CreateDeadHost(h models.DeadHost) (models.DeadHost, error) UpdateDeadHost(h models.DeadHost) (models.DeadHost, error) DeleteDeadHost(id int) error SetDeadHostEnabled(id int, enabled bool) error // --- Settings (global) --- GetSettings() map[string]any SetSetting(name string, value any) error // --- Audit --- GetAuditLogs() []models.AuditLog AddAuditLog(log models.AuditLog) (models.AuditLog, error) // --- Users + 2FA --- GetUserByEmail(email string) (models.User, bool) CreateUser(u models.User) (models.User, error) UpdateUser(u models.User) error UpdateUserFull(u models.User) error // used when updating without changing password DeleteUser(id int) error // GetUsers avoids needing to fetch the entire root for user lists. }