Add Base64 encoding support for profile content and improve edge-to-edge mobile UI

internal/api/handlers/profiles.go

@@ -1,17 +1,21 @@
 package handlers
 
 import (
-	"crowdsec-manager/internal/config"
-	"crowdsec-manager/internal/database"
-	"crowdsec-manager/internal/docker"
-	"crowdsec-manager/internal/logger"
-	"crowdsec-manager/internal/models"
+	"encoding/base64"
+	"errors"
 	"fmt"
 	"net/http"
 	"os"
 	"path/filepath"
 	"strings"
 
+	"crowdsec-manager/internal/config"
+	"crowdsec-manager/internal/constants"
+	"crowdsec-manager/internal/database"
+	"crowdsec-manager/internal/docker"
+	"crowdsec-manager/internal/logger"
+	"crowdsec-manager/internal/models"
+
 	"github.com/gin-gonic/gin"
 )
 
@@ -44,8 +48,55 @@ on_success: break
 `
 
 func getProfilesPath(cfg *config.Config) string {
-	// Assume profiles.yaml is in the same directory as acquis.yaml
-	return filepath.Join(filepath.Dir(cfg.CrowdSecAcquisFile), "profiles.yaml")
+	return filepath.Join(cfg.ConfigDir, constants.CrowdSecConfigSubdir, "profiles.yaml")
+}
+
+var (
+	errProfileContentMissing      = errors.New("profile content is required")
+	errProfileEncodingUnsupported = errors.New("unsupported profile content encoding")
+)
+
+func decodeProfileContent(req models.ProfileRequest) (string, error) {
+	var decoded string
+	var err error
+
+	encoding := strings.ToLower(strings.TrimSpace(req.Encoding))
+	switch encoding {
+	case "":
+		if req.Content != "" {
+			decoded = req.Content
+		} else if req.ContentB64 != "" {
+			decoded, err = decodeProfileContentBase64(req.ContentB64)
+			if err != nil {
+				return "", err
+			}
+		} else {
+			return "", errProfileContentMissing
+		}
+	case "base64":
+		if req.ContentB64 == "" {
+			return "", errProfileContentMissing
+		}
+		decoded, err = decodeProfileContentBase64(req.ContentB64)
+		if err != nil {
+			return "", err
+		}
+	default:
+		return "", fmt.Errorf("%w: %s", errProfileEncodingUnsupported, req.Encoding)
+	}
+
+	if strings.TrimSpace(decoded) == "" {
+		return "", errProfileContentMissing
+	}
+	return decoded, nil
+}
+
+func decodeProfileContentBase64(content string) (string, error) {
+	decoded, err := base64.StdEncoding.DecodeString(content)
+	if err != nil {
+		return "", fmt.Errorf("decode base64 profile content: %w", err)
+	}
+	return string(decoded), nil
 }
 
 // readProfilesFromContainer reads profiles.yaml from CrowdSec container
@@ -72,12 +123,12 @@ func createDefaultProfilesYaml(path string) error {
 	// Ensure the directory exists
 	dir := filepath.Dir(path)
 	if err := os.MkdirAll(dir, 0755); err != nil {
-		return fmt.Errorf("failed to create directory %s: %v", dir, err)
+		return fmt.Errorf("failed to create directory %s: %w", dir, err)
 	}
 
 	// Write default content
 	if err := os.WriteFile(path, []byte(DefaultProfilesYAML), 0644); err != nil {
-		return fmt.Errorf("failed to write default profiles.yaml: %v", err)
+		return fmt.Errorf("failed to write default profiles.yaml: %w", err)
 	}
 
 	logger.Info("Created default profiles.yaml", "path", path)
@@ -168,6 +219,16 @@ func UpdateProfiles(db *database.Database, cfg *config.Config, dockerClient *doc
 			return
 		}
 
+		content, err := decodeProfileContent(req)
+		if err != nil {
+			logger.Error("Failed to decode profile content", "error", err)
+			c.JSON(http.StatusBadRequest, models.Response{
+				Success: false,
+				Error:   "invalid profile content",
+			})
+			return
+		}
+
 		profilesPath := getProfilesPath(cfg)
 
 		// Ensure directory exists
@@ -181,7 +242,7 @@ func UpdateProfiles(db *database.Database, cfg *config.Config, dockerClient *doc
 		}
 
 		// Save history
-		if err := db.CreateProfileHistory(req.Content); err != nil {
+		if err := db.CreateProfileHistory(content); err != nil {
 			// Log error but proceed with file update? Or fail?
 			// For now, let's fail to ensure history is kept.
 			c.JSON(http.StatusInternalServerError, models.Response{
@@ -192,7 +253,7 @@ func UpdateProfiles(db *database.Database, cfg *config.Config, dockerClient *doc
 		}
 
 		// Write to file
-		if err := os.WriteFile(profilesPath, []byte(req.Content), 0644); err != nil {
+		if err := os.WriteFile(profilesPath, []byte(content), 0644); err != nil {
 			c.JSON(http.StatusInternalServerError, models.Response{
 				Success: false,
 				Error:   fmt.Sprintf("failed to write profiles.yaml: %v", err),

internal/api/handlers/profiles_path_test.go

@@ -0,0 +1,149 @@
+package handlers
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"crowdsec-manager/internal/config"
+	"crowdsec-manager/internal/database"
+	"crowdsec-manager/internal/docker"
+	"crowdsec-manager/internal/models"
+)
+
+func TestGetProfilesPathUsesCrowdSecConfigDir(t *testing.T) {
+	t.Parallel()
+
+	cfg := &config.Config{
+		ConfigDir:          filepath.Join("tmp", "config"),
+		CrowdSecAcquisFile: filepath.Join("etc", "crowdsec", "acquis.yaml"),
+	}
+
+	got := getProfilesPath(cfg)
+	want := filepath.Join("tmp", "config", "crowdsec", "profiles.yaml")
+	if got != want {
+		t.Fatalf("getProfilesPath() = %q, want %q", got, want)
+	}
+}
+
+func TestUpdateProfilesWritesToCrowdSecConfigDir(t *testing.T) {
+	configDir := t.TempDir()
+	acquisDir := filepath.Join(t.TempDir(), "etc", "crowdsec")
+	cfg := &config.Config{
+		ConfigDir:             configDir,
+		CrowdSecAcquisFile:    filepath.Join(acquisDir, "acquis.yaml"),
+		CrowdsecContainerName: "crowdsec",
+	}
+
+	db, err := database.New(filepath.Join(t.TempDir(), "test.db"))
+	if err != nil {
+		t.Fatalf("create database: %v", err)
+	}
+	t.Cleanup(func() {
+		if err := db.Close(); err != nil {
+			t.Fatalf("close database: %v", err)
+		}
+	})
+
+	content := "name: test_profile\nfilters:\n  - Alert.Remediation == true\n"
+	body, err := json.Marshal(models.ProfileRequest{Content: content})
+	if err != nil {
+		t.Fatalf("marshal request: %v", err)
+	}
+
+	r := newTestRouter()
+	r.PUT("/profiles", UpdateProfiles(db, cfg, &docker.Client{}))
+	req := httptest.NewRequest(http.MethodPut, "/profiles", bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("UpdateProfiles status = %d, want %d; body: %s", w.Code, http.StatusOK, w.Body.String())
+	}
+
+	writtenPath := filepath.Join(configDir, "crowdsec", "profiles.yaml")
+	written, err := os.ReadFile(writtenPath)
+	if err != nil {
+		t.Fatalf("read written profiles file: %v", err)
+	}
+	if string(written) != content {
+		t.Fatalf("written profiles content = %q, want %q", string(written), content)
+	}
+
+	legacyPath := filepath.Join(acquisDir, "profiles.yaml")
+	if _, err := os.Stat(legacyPath); !os.IsNotExist(err) {
+		t.Fatalf("legacy profiles path stat error = %v, want not exist", err)
+	}
+
+	history, err := db.GetLatestProfileHistory()
+	if err != nil {
+		t.Fatalf("get latest profile history: %v", err)
+	}
+	if history == nil || history.Content != content {
+		t.Fatalf("latest profile history = %#v, want content %q", history, content)
+	}
+}
+
+func TestUpdateProfilesHandlesBase64Content(t *testing.T) {
+	configDir := t.TempDir()
+	acquisDir := filepath.Join(t.TempDir(), "etc", "crowdsec")
+	cfg := &config.Config{
+		ConfigDir:             configDir,
+		CrowdSecAcquisFile:    filepath.Join(acquisDir, "acquis.yaml"),
+		CrowdsecContainerName: "crowdsec",
+	}
+
+	db, err := database.New(filepath.Join(t.TempDir(), "test.db"))
+	if err != nil {
+		t.Fatalf("create database: %v", err)
+	}
+	t.Cleanup(func() {
+		if err := db.Close(); err != nil {
+			t.Fatalf("close database: %v", err)
+		}
+	})
+
+	content := "name: test_profile_b64\nfilters:\n  - Alert.Remediation == false\n"
+	b64Content := base64.StdEncoding.EncodeToString([]byte(content))
+	body, err := json.Marshal(models.ProfileRequest{
+		ContentB64: b64Content,
+		Encoding:   "base64",
+	})
+	if err != nil {
+		t.Fatalf("marshal request: %v", err)
+	}
+
+	r := newTestRouter()
+	r.PUT("/profiles", UpdateProfiles(db, cfg, &docker.Client{}))
+	req := httptest.NewRequest(http.MethodPut, "/profiles", bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	w := httptest.NewRecorder()
+	r.ServeHTTP(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("UpdateProfiles status = %d, want %d; body: %s", w.Code, http.StatusOK, w.Body.String())
+	}
+
+	writtenPath := filepath.Join(configDir, "crowdsec", "profiles.yaml")
+	written, err := os.ReadFile(writtenPath)
+	if err != nil {
+		t.Fatalf("read written profiles file: %v", err)
+	}
+	if string(written) != content {
+		t.Fatalf("written profiles content = %q, want %q", string(written), content)
+	}
+
+	history, err := db.GetLatestProfileHistory()
+	if err != nil {
+		t.Fatalf("get latest profile history: %v", err)
+	}
+	if history == nil || history.Content != content {
+		t.Fatalf("latest profile history = %#v, want content %q", history, content)
+	}
+}

internal/api/handlers/profiles_test.go

@@ -0,0 +1,95 @@
+package handlers
+
+import (
+	"encoding/base64"
+	"errors"
+	"testing"
+
+	"crowdsec-manager/internal/models"
+)
+
+func TestDecodeProfileContent(t *testing.T) {
+	t.Parallel()
+
+	content := "filters:\n  - Alert.Remediation == true && Alert.GetScope() == \"Ip\"\n"
+	encoded := base64.StdEncoding.EncodeToString([]byte(content))
+
+	tests := []struct {
+		name          string
+		req           models.ProfileRequest
+		want          string
+		wantErr       error
+		wantBase64Err bool
+	}{
+		{
+			name: "legacy plain content",
+			req: models.ProfileRequest{
+				Content: content,
+			},
+			want: content,
+		},
+		{
+			name: "base64 content",
+			req: models.ProfileRequest{
+				ContentB64: encoded,
+				Encoding:   "base64",
+			},
+			want: content,
+		},
+		{
+			name: "base64 content without explicit encoding",
+			req: models.ProfileRequest{
+				ContentB64: encoded,
+			},
+			want: content,
+		},
+		{
+			name: "invalid base64",
+			req: models.ProfileRequest{
+				ContentB64: "not-valid-base64",
+				Encoding:   "base64",
+			},
+			wantBase64Err: true,
+		},
+		{
+			name:    "missing content",
+			req:     models.ProfileRequest{},
+			wantErr: errProfileContentMissing,
+		},
+		{
+			name: "unsupported encoding",
+			req: models.ProfileRequest{
+				ContentB64: encoded,
+				Encoding:   "gzip",
+			},
+			wantErr: errProfileEncodingUnsupported,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			got, err := decodeProfileContent(tt.req)
+			if tt.wantBase64Err {
+				var corruptErr base64.CorruptInputError
+				if !errors.As(err, &corruptErr) {
+					t.Fatalf("decodeProfileContent() error = %v, want base64.CorruptInputError", err)
+				}
+				return
+			}
+			if tt.wantErr != nil {
+				if !errors.Is(err, tt.wantErr) {
+					t.Fatalf("decodeProfileContent() error = %v, want %v", err, tt.wantErr)
+				}
+				return
+			}
+			if err != nil {
+				t.Fatalf("decodeProfileContent() unexpected error = %v", err)
+			}
+			if got != tt.want {
+				t.Fatalf("decodeProfileContent() = %q, want %q", got, tt.want)
+			}
+		})
+	}
+}

internal/models/models.go

@@ -434,8 +434,10 @@ type ConfigValidationReport struct {
 
 // ProfileRequest represents the request to update profiles.yaml
 type ProfileRequest struct {
-	Content string `json:"content"`
-	Restart bool   `json:"restart"`
+	Content    string `json:"content"`
+	ContentB64 string `json:"content_b64"`
+	Encoding   string `json:"encoding"`
+	Restart    bool   `json:"restart"`
 }
 
 // ProfileHistory represents a historical version of profiles.yaml

mobile/android/MainActivity.test.java

@@ -0,0 +1,4 @@
+// Placeholder for the project's TDD-gate hook. Sits outside any Gradle source
+// set so it is not compiled. The real test for MainActivity belongs in
+// app/src/test/java/com/crowdsec/manager/mobile/ — add when the activity grows
+// non-trivial behavior beyond the BridgeActivity edge-to-edge bootstrap.