add api & config

2022-03-17 22:54:57 +08:00
parent 2682c4d63b
commit 0f1f7790c5
20 changed files with 3456 additions and 18 deletions
--- a/api/api.go
+++ b/api/api.go
@ -0,0 +1,15 @@
+package api
+
+import (
+	"embed"
+)
+
+var (
+	//go:embed swagger.yaml
+	swaggerDoc embed.FS
+)
+
+type Response struct {
+	Code int    `json:"code,omitempty"`
+	Msg  string `json:"msg,omitempty"`
+}
--- a/api/config.go
+++ b/api/config.go
@ -0,0 +1,118 @@
+package api
+
+import (
+	"bytes"
+	"fmt"
+	"net/http"
+	"os"
+
+	"github.com/gin-gonic/gin"
+	"github.com/go-gost/x/config"
+)
+
+// swagger:parameters getConfigRequest
+type getConfigRequest struct {
+	// output format, one of yaml|json, default is json.
+	// in: query
+	Format string `form:"format" json:"format"`
+}
+
+// successful operation.
+// swagger:response getConfigResponse
+type getConfigResponse struct {
+	Config *config.Config
+}
+
+func getConfig(ctx *gin.Context) {
+	// swagger:route GET /config ConfigManagement getConfigRequest
+	//
+	// Get current config.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: getConfigResponse
+
+	var req getConfigRequest
+	ctx.ShouldBindQuery(&req)
+
+	var resp getConfigResponse
+	resp.Config = config.Global()
+
+	buf := &bytes.Buffer{}
+	switch req.Format {
+	case "yaml":
+	default:
+		req.Format = "json"
+	}
+
+	resp.Config.Write(buf, req.Format)
+
+	contentType := "application/json"
+	if req.Format == "yaml" {
+		contentType = "text/x-yaml"
+	}
+
+	ctx.Data(http.StatusOK, contentType, buf.Bytes())
+}
+
+// swagger:parameters saveConfigRequest
+type saveConfigRequest struct {
+	// output format, one of yaml|json, default is yaml.
+	// in: query
+	Format string `form:"format" json:"format"`
+}
+
+// successful operation.
+// swagger:response saveConfigResponse
+type saveConfigResponse struct {
+	Data Response
+}
+
+func saveConfig(ctx *gin.Context) {
+	// swagger:route POST /config ConfigManagement saveConfigRequest
+	//
+	// Save current config to file (gost.yaml or gost.json).
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: saveConfigResponse
+
+	var req saveConfigRequest
+	ctx.ShouldBindQuery(&req)
+
+	file := "gost.yaml"
+	switch req.Format {
+	case "json":
+		file = "gost.json"
+	default:
+		req.Format = "yaml"
+	}
+
+	f, err := os.Create(file)
+	if err != nil {
+		writeError(ctx, &Error{
+			statusCode: http.StatusInternalServerError,
+			Code:       40005,
+			Msg:        fmt.Sprintf("create file: %s", err.Error()),
+		})
+		return
+	}
+	defer f.Close()
+
+	if err := config.Global().Write(f, req.Format); err != nil {
+		writeError(ctx, &Error{
+			statusCode: http.StatusInternalServerError,
+			Code:       40006,
+			Msg:        fmt.Sprintf("write: %s", err.Error()),
+		})
+		return
+	}
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
--- a/api/config_admission.go
+++ b/api/config_admission.go
@ -0,0 +1,166 @@
+package api
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/go-gost/core/registry"
+	"github.com/go-gost/x/config"
+	"github.com/go-gost/x/config/parsing"
+)
+
+// swagger:parameters createAdmissionRequest
+type createAdmissionRequest struct {
+	// in: body
+	Data config.AdmissionConfig `json:"data"`
+}
+
+// successful operation.
+// swagger:response createAdmissionResponse
+type createAdmissionResponse struct {
+	Data Response
+}
+
+func createAdmission(ctx *gin.Context) {
+	// swagger:route POST /config/admissions ConfigManagement createAdmissionRequest
+	//
+	// Create a new admission, the name of admission must be unique in admission list.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: createAdmissionResponse
+
+	var req createAdmissionRequest
+	ctx.ShouldBindJSON(&req.Data)
+
+	if req.Data.Name == "" {
+		writeError(ctx, ErrInvalid)
+		return
+	}
+
+	v := parsing.ParseAdmission(&req.Data)
+
+	if err := registry.AdmissionRegistry().Register(req.Data.Name, v); err != nil {
+		writeError(ctx, ErrDup)
+		return
+	}
+
+	cfg := config.Global()
+	cfg.Admissions = append(cfg.Admissions, &req.Data)
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
+
+// swagger:parameters updateAdmissionRequest
+type updateAdmissionRequest struct {
+	// in: path
+	// required: true
+	Admission string `uri:"admission" json:"admission"`
+	// in: body
+	Data config.AdmissionConfig `json:"data"`
+}
+
+// successful operation.
+// swagger:response updateAdmissionResponse
+type updateAdmissionResponse struct {
+	Data Response
+}
+
+func updateAdmission(ctx *gin.Context) {
+	// swagger:route PUT /config/admissions/{admission} ConfigManagement updateAdmissionRequest
+	//
+	// Update admission by name, the admission must already exist.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: updateAdmissionResponse
+
+	var req updateAdmissionRequest
+	ctx.ShouldBindUri(&req)
+	ctx.ShouldBindJSON(&req.Data)
+
+	if !registry.AdmissionRegistry().IsRegistered(req.Admission) {
+		writeError(ctx, ErrNotFound)
+		return
+	}
+
+	req.Data.Name = req.Admission
+
+	v := parsing.ParseAdmission(&req.Data)
+
+	registry.AdmissionRegistry().Unregister(req.Admission)
+
+	if err := registry.AdmissionRegistry().Register(req.Admission, v); err != nil {
+		writeError(ctx, ErrDup)
+		return
+	}
+
+	cfg := config.Global()
+	for i := range cfg.Admissions {
+		if cfg.Admissions[i].Name == req.Admission {
+			cfg.Admissions[i] = &req.Data
+			break
+		}
+	}
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
+
+// swagger:parameters deleteAdmissionRequest
+type deleteAdmissionRequest struct {
+	// in: path
+	// required: true
+	Admission string `uri:"admission" json:"admission"`
+}
+
+// successful operation.
+// swagger:response deleteAdmissionResponse
+type deleteAdmissionResponse struct {
+	Data Response
+}
+
+func deleteAdmission(ctx *gin.Context) {
+	// swagger:route DELETE /config/admissions/{admission} ConfigManagement deleteAdmissionRequest
+	//
+	// Delete admission by name.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: deleteAdmissionResponse
+
+	var req deleteAdmissionRequest
+	ctx.ShouldBindUri(&req)
+
+	if !registry.AdmissionRegistry().IsRegistered(req.Admission) {
+		writeError(ctx, ErrNotFound)
+		return
+	}
+	registry.AdmissionRegistry().Unregister(req.Admission)
+
+	cfg := config.Global()
+	admissiones := cfg.Admissions
+	cfg.Admissions = nil
+	for _, s := range admissiones {
+		if s.Name == req.Admission {
+			continue
+		}
+		cfg.Admissions = append(cfg.Admissions, s)
+	}
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
--- a/api/config_auther.go
+++ b/api/config_auther.go
@ -0,0 +1,164 @@
+package api
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/go-gost/core/registry"
+	"github.com/go-gost/x/config"
+	"github.com/go-gost/x/config/parsing"
+)
+
+// swagger:parameters createAutherRequest
+type createAutherRequest struct {
+	// in: body
+	Data config.AutherConfig `json:"data"`
+}
+
+// successful operation.
+// swagger:response createAutherResponse
+type createAutherResponse struct {
+	Data Response
+}
+
+func createAuther(ctx *gin.Context) {
+	// swagger:route POST /config/authers ConfigManagement createAutherRequest
+	//
+	// Create a new auther, the name of the auther must be unique in auther list.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: createAutherResponse
+
+	var req createAutherRequest
+	ctx.ShouldBindJSON(&req.Data)
+
+	if req.Data.Name == "" {
+		writeError(ctx, ErrInvalid)
+		return
+	}
+
+	v := parsing.ParseAuther(&req.Data)
+	if err := registry.AutherRegistry().Register(req.Data.Name, v); err != nil {
+		writeError(ctx, ErrDup)
+		return
+	}
+
+	cfg := config.Global()
+	cfg.Authers = append(cfg.Authers, &req.Data)
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
+
+// swagger:parameters updateAutherRequest
+type updateAutherRequest struct {
+	// in: path
+	// required: true
+	Auther string `uri:"auther" json:"auther"`
+	// in: body
+	Data config.AutherConfig `json:"data"`
+}
+
+// successful operation.
+// swagger:response updateAutherResponse
+type updateAutherResponse struct {
+	Data Response
+}
+
+func updateAuther(ctx *gin.Context) {
+	// swagger:route PUT /config/authers/{auther} ConfigManagement updateAutherRequest
+	//
+	// Update auther by name, the auther must already exist.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: updateAutherResponse
+
+	var req updateAutherRequest
+	ctx.ShouldBindUri(&req)
+	ctx.ShouldBindJSON(&req.Data)
+
+	if !registry.AutherRegistry().IsRegistered(req.Auther) {
+		writeError(ctx, ErrNotFound)
+		return
+	}
+
+	req.Data.Name = req.Auther
+
+	v := parsing.ParseAuther(&req.Data)
+	registry.AutherRegistry().Unregister(req.Auther)
+
+	if err := registry.AutherRegistry().Register(req.Auther, v); err != nil {
+		writeError(ctx, ErrDup)
+		return
+	}
+
+	cfg := config.Global()
+	for i := range cfg.Authers {
+		if cfg.Authers[i].Name == req.Auther {
+			cfg.Authers[i] = &req.Data
+			break
+		}
+	}
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
+
+// swagger:parameters deleteAutherRequest
+type deleteAutherRequest struct {
+	// in: path
+	// required: true
+	Auther string `uri:"auther" json:"auther"`
+}
+
+// successful operation.
+// swagger:response deleteAutherResponse
+type deleteAutherResponse struct {
+	Data Response
+}
+
+func deleteAuther(ctx *gin.Context) {
+	// swagger:route DELETE /config/authers/{auther} ConfigManagement deleteAutherRequest
+	//
+	// Delete auther by name.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: deleteAutherResponse
+
+	var req deleteAutherRequest
+	ctx.ShouldBindUri(&req)
+
+	if !registry.AutherRegistry().IsRegistered(req.Auther) {
+		writeError(ctx, ErrNotFound)
+		return
+	}
+	registry.AutherRegistry().Unregister(req.Auther)
+
+	cfg := config.Global()
+	authers := cfg.Authers
+	cfg.Authers = nil
+	for _, s := range authers {
+		if s.Name == req.Auther {
+			continue
+		}
+		cfg.Authers = append(cfg.Authers, s)
+	}
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
--- a/api/config_bypass.go
+++ b/api/config_bypass.go
@ -0,0 +1,166 @@
+package api
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/go-gost/core/registry"
+	"github.com/go-gost/x/config"
+	"github.com/go-gost/x/config/parsing"
+)
+
+// swagger:parameters createBypassRequest
+type createBypassRequest struct {
+	// in: body
+	Data config.BypassConfig `json:"data"`
+}
+
+// successful operation.
+// swagger:response createBypassResponse
+type createBypassResponse struct {
+	Data Response
+}
+
+func createBypass(ctx *gin.Context) {
+	// swagger:route POST /config/bypasses ConfigManagement createBypassRequest
+	//
+	// Create a new bypass, the name of bypass must be unique in bypass list.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: createBypassResponse
+
+	var req createBypassRequest
+	ctx.ShouldBindJSON(&req.Data)
+
+	if req.Data.Name == "" {
+		writeError(ctx, ErrInvalid)
+		return
+	}
+
+	v := parsing.ParseBypass(&req.Data)
+
+	if err := registry.BypassRegistry().Register(req.Data.Name, v); err != nil {
+		writeError(ctx, ErrDup)
+		return
+	}
+
+	cfg := config.Global()
+	cfg.Bypasses = append(cfg.Bypasses, &req.Data)
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
+
+// swagger:parameters updateBypassRequest
+type updateBypassRequest struct {
+	// in: path
+	// required: true
+	Bypass string `uri:"bypass" json:"bypass"`
+	// in: body
+	Data config.BypassConfig `json:"data"`
+}
+
+// successful operation.
+// swagger:response updateBypassResponse
+type updateBypassResponse struct {
+	Data Response
+}
+
+func updateBypass(ctx *gin.Context) {
+	// swagger:route PUT /config/bypasses/{bypass} ConfigManagement updateBypassRequest
+	//
+	// Update bypass by name, the bypass must already exist.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: updateBypassResponse
+
+	var req updateBypassRequest
+	ctx.ShouldBindUri(&req)
+	ctx.ShouldBindJSON(&req.Data)
+
+	if !registry.BypassRegistry().IsRegistered(req.Bypass) {
+		writeError(ctx, ErrNotFound)
+		return
+	}
+
+	req.Data.Name = req.Bypass
+
+	v := parsing.ParseBypass(&req.Data)
+
+	registry.BypassRegistry().Unregister(req.Bypass)
+
+	if err := registry.BypassRegistry().Register(req.Bypass, v); err != nil {
+		writeError(ctx, ErrDup)
+		return
+	}
+
+	cfg := config.Global()
+	for i := range cfg.Bypasses {
+		if cfg.Bypasses[i].Name == req.Bypass {
+			cfg.Bypasses[i] = &req.Data
+			break
+		}
+	}
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
+
+// swagger:parameters deleteBypassRequest
+type deleteBypassRequest struct {
+	// in: path
+	// required: true
+	Bypass string `uri:"bypass" json:"bypass"`
+}
+
+// successful operation.
+// swagger:response deleteBypassResponse
+type deleteBypassResponse struct {
+	Data Response
+}
+
+func deleteBypass(ctx *gin.Context) {
+	// swagger:route DELETE /config/bypasses/{bypass} ConfigManagement deleteBypassRequest
+	//
+	// Delete bypass by name.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: deleteBypassResponse
+
+	var req deleteBypassRequest
+	ctx.ShouldBindUri(&req)
+
+	if !registry.BypassRegistry().IsRegistered(req.Bypass) {
+		writeError(ctx, ErrNotFound)
+		return
+	}
+	registry.BypassRegistry().Unregister(req.Bypass)
+
+	cfg := config.Global()
+	bypasses := cfg.Bypasses
+	cfg.Bypasses = nil
+	for _, s := range bypasses {
+		if s.Name == req.Bypass {
+			continue
+		}
+		cfg.Bypasses = append(cfg.Bypasses, s)
+	}
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
--- a/api/config_chain.go
+++ b/api/config_chain.go
@ -0,0 +1,175 @@
+package api
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/go-gost/core/registry"
+	"github.com/go-gost/x/config"
+	"github.com/go-gost/x/config/parsing"
+)
+
+// swagger:parameters createChainRequest
+type createChainRequest struct {
+	// in: body
+	Data config.ChainConfig `json:"data"`
+}
+
+// successful operation.
+// swagger:response createChainResponse
+type createChainResponse struct {
+	Data Response
+}
+
+func createChain(ctx *gin.Context) {
+	// swagger:route POST /config/chains ConfigManagement createChainRequest
+	//
+	// Create a new chain, the name of chain must be unique in chain list.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: createChainResponse
+
+	var req createChainRequest
+	ctx.ShouldBindJSON(&req.Data)
+
+	if req.Data.Name == "" {
+		writeError(ctx, ErrInvalid)
+		return
+	}
+
+	v, err := parsing.ParseChain(&req.Data)
+	if err != nil {
+		writeError(ctx, ErrCreate)
+		return
+	}
+
+	if err := registry.ChainRegistry().Register(req.Data.Name, v); err != nil {
+		writeError(ctx, ErrDup)
+		return
+	}
+
+	cfg := config.Global()
+	cfg.Chains = append(cfg.Chains, &req.Data)
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
+
+// swagger:parameters updateChainRequest
+type updateChainRequest struct {
+	// in: path
+	// required: true
+	// chain name
+	Chain string `uri:"chain" json:"chain"`
+	// in: body
+	Data config.ChainConfig `json:"data"`
+}
+
+// successful operation.
+// swagger:response updateChainResponse
+type updateChainResponse struct {
+	Data Response
+}
+
+func updateChain(ctx *gin.Context) {
+	// swagger:route PUT /config/chains/{chain} ConfigManagement updateChainRequest
+	//
+	// Update chain by name, the chain must already exist.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: updateChainResponse
+
+	var req updateChainRequest
+	ctx.ShouldBindUri(&req)
+	ctx.ShouldBindJSON(&req.Data)
+
+	if !registry.ChainRegistry().IsRegistered(req.Chain) {
+		writeError(ctx, ErrNotFound)
+		return
+	}
+
+	req.Data.Name = req.Chain
+
+	v, err := parsing.ParseChain(&req.Data)
+	if err != nil {
+		writeError(ctx, ErrCreate)
+		return
+	}
+
+	registry.ChainRegistry().Unregister(req.Chain)
+
+	if err := registry.ChainRegistry().Register(req.Chain, v); err != nil {
+		writeError(ctx, ErrDup)
+		return
+	}
+
+	cfg := config.Global()
+	for i := range cfg.Chains {
+		if cfg.Chains[i].Name == req.Chain {
+			cfg.Chains[i] = &req.Data
+			break
+		}
+	}
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
+
+// swagger:parameters deleteChainRequest
+type deleteChainRequest struct {
+	// in: path
+	// required: true
+	Chain string `uri:"chain" json:"chain"`
+}
+
+// successful operation.
+// swagger:response deleteChainResponse
+type deleteChainResponse struct {
+	Data Response
+}
+
+func deleteChain(ctx *gin.Context) {
+	// swagger:route DELETE /config/chains/{chain} ConfigManagement deleteChainRequest
+	//
+	// Delete chain by name.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: deleteChainResponse
+
+	var req deleteChainRequest
+	ctx.ShouldBindUri(&req)
+
+	if !registry.ChainRegistry().IsRegistered(req.Chain) {
+		writeError(ctx, ErrNotFound)
+		return
+	}
+	registry.ChainRegistry().Unregister(req.Chain)
+
+	cfg := config.Global()
+	chains := cfg.Chains
+	cfg.Chains = nil
+	for _, s := range chains {
+		if s.Name == req.Chain {
+			continue
+		}
+		cfg.Chains = append(cfg.Chains, s)
+	}
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
--- a/api/config_hosts.go
+++ b/api/config_hosts.go
@ -0,0 +1,166 @@
+package api
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/go-gost/core/registry"
+	"github.com/go-gost/x/config"
+	"github.com/go-gost/x/config/parsing"
+)
+
+// swagger:parameters createHostsRequest
+type createHostsRequest struct {
+	// in: body
+	Data config.HostsConfig `json:"data"`
+}
+
+// successful operation.
+// swagger:response createHostsResponse
+type createHostsesponse struct {
+	Data Response
+}
+
+func createHosts(ctx *gin.Context) {
+	// swagger:route POST /config/hosts ConfigManagement createHostsRequest
+	//
+	// Create a new hosts, the name of the hosts must be unique in hosts list.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: createHostsResponse
+
+	var req createHostsRequest
+	ctx.ShouldBindJSON(&req.Data)
+
+	if req.Data.Name == "" {
+		writeError(ctx, ErrInvalid)
+		return
+	}
+
+	v := parsing.ParseHosts(&req.Data)
+
+	if err := registry.HostsRegistry().Register(req.Data.Name, v); err != nil {
+		writeError(ctx, ErrDup)
+		return
+	}
+
+	cfg := config.Global()
+	cfg.Hosts = append(cfg.Hosts, &req.Data)
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
+
+// swagger:parameters updateHostsRequest
+type updateHostsRequest struct {
+	// in: path
+	// required: true
+	Hosts string `uri:"hosts" json:"hosts"`
+	// in: body
+	Data config.HostsConfig `json:"data"`
+}
+
+// successful operation.
+// swagger:response updateHostsResponse
+type updateHostsResponse struct {
+	Data Response
+}
+
+func updateHosts(ctx *gin.Context) {
+	// swagger:route PUT /config/hosts/{hosts} ConfigManagement updateHostsRequest
+	//
+	// Update hosts by name, the hosts must already exist.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: updateHostsResponse
+
+	var req updateHostsRequest
+	ctx.ShouldBindUri(&req)
+	ctx.ShouldBindJSON(&req.Data)
+
+	if !registry.HostsRegistry().IsRegistered(req.Hosts) {
+		writeError(ctx, ErrNotFound)
+		return
+	}
+
+	req.Data.Name = req.Hosts
+
+	v := parsing.ParseHosts(&req.Data)
+
+	registry.HostsRegistry().Unregister(req.Hosts)
+
+	if err := registry.HostsRegistry().Register(req.Hosts, v); err != nil {
+		writeError(ctx, ErrDup)
+		return
+	}
+
+	cfg := config.Global()
+	for i := range cfg.Hosts {
+		if cfg.Hosts[i].Name == req.Hosts {
+			cfg.Hosts[i] = &req.Data
+			break
+		}
+	}
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
+
+// swagger:parameters deleteHostsRequest
+type deleteHostsRequest struct {
+	// in: path
+	// required: true
+	Hosts string `uri:"hosts" json:"hosts"`
+}
+
+// successful operation.
+// swagger:response deleteHostsResponse
+type deleteHostsResponse struct {
+	Data Response
+}
+
+func deleteHosts(ctx *gin.Context) {
+	// swagger:route DELETE /config/hosts/{hosts} ConfigManagement deleteHostsRequest
+	//
+	// Delete hosts by name.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: deleteHostsResponse
+
+	var req deleteHostsRequest
+	ctx.ShouldBindUri(&req)
+
+	if !registry.HostsRegistry().IsRegistered(req.Hosts) {
+		writeError(ctx, ErrNotFound)
+		return
+	}
+	registry.HostsRegistry().Unregister(req.Hosts)
+
+	cfg := config.Global()
+	hosts := cfg.Hosts
+	cfg.Hosts = nil
+	for _, s := range hosts {
+		if s.Name == req.Hosts {
+			continue
+		}
+		cfg.Hosts = append(cfg.Hosts, s)
+	}
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
--- a/api/config_resolver.go
+++ b/api/config_resolver.go
@ -0,0 +1,174 @@
+package api
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/go-gost/core/registry"
+	"github.com/go-gost/x/config"
+	"github.com/go-gost/x/config/parsing"
+)
+
+// swagger:parameters createResolverRequest
+type createResolverRequest struct {
+	// in: body
+	Data config.ResolverConfig `json:"data"`
+}
+
+// successful operation.
+// swagger:response createResolverResponse
+type createResolverResponse struct {
+	Data Response
+}
+
+func createResolver(ctx *gin.Context) {
+	// swagger:route POST /config/resolvers ConfigManagement createResolverRequest
+	//
+	// Create a new resolver, the name of the resolver must be unique in resolver list.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: createResolverResponse
+
+	var req createResolverRequest
+	ctx.ShouldBindJSON(&req.Data)
+
+	if req.Data.Name == "" {
+		writeError(ctx, ErrInvalid)
+		return
+	}
+
+	v, err := parsing.ParseResolver(&req.Data)
+	if err != nil {
+		writeError(ctx, ErrCreate)
+		return
+	}
+
+	if err := registry.ResolverRegistry().Register(req.Data.Name, v); err != nil {
+		writeError(ctx, ErrDup)
+		return
+	}
+
+	cfg := config.Global()
+	cfg.Resolvers = append(cfg.Resolvers, &req.Data)
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
+
+// swagger:parameters updateResolverRequest
+type updateResolverRequest struct {
+	// in: path
+	// required: true
+	Resolver string `uri:"resolver" json:"resolver"`
+	// in: body
+	Data config.ResolverConfig `json:"data"`
+}
+
+// successful operation.
+// swagger:response updateResolverResponse
+type updateResolverResponse struct {
+	Data Response
+}
+
+func updateResolver(ctx *gin.Context) {
+	// swagger:route PUT /config/resolvers/{resolver} ConfigManagement updateResolverRequest
+	//
+	// Update resolver by name, the resolver must already exist.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: updateResolverResponse
+
+	var req updateResolverRequest
+	ctx.ShouldBindUri(&req)
+	ctx.ShouldBindJSON(&req.Data)
+
+	if !registry.ResolverRegistry().IsRegistered(req.Resolver) {
+		writeError(ctx, ErrNotFound)
+		return
+	}
+
+	req.Data.Name = req.Resolver
+
+	v, err := parsing.ParseResolver(&req.Data)
+	if err != nil {
+		writeError(ctx, ErrCreate)
+		return
+	}
+
+	registry.ResolverRegistry().Unregister(req.Resolver)
+
+	if err := registry.ResolverRegistry().Register(req.Resolver, v); err != nil {
+		writeError(ctx, ErrDup)
+		return
+	}
+
+	cfg := config.Global()
+	for i := range cfg.Resolvers {
+		if cfg.Resolvers[i].Name == req.Resolver {
+			cfg.Resolvers[i] = &req.Data
+			break
+		}
+	}
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
+
+// swagger:parameters deleteResolverRequest
+type deleteResolverRequest struct {
+	// in: path
+	// required: true
+	Resolver string `uri:"resolver" json:"resolver"`
+}
+
+// successful operation.
+// swagger:response deleteResolverResponse
+type deleteResolverResponse struct {
+	Data Response
+}
+
+func deleteResolver(ctx *gin.Context) {
+	// swagger:route DELETE /config/resolvers/{resolver} ConfigManagement deleteResolverRequest
+	//
+	// Delete resolver by name.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: deleteResolverResponse
+
+	var req deleteResolverRequest
+	ctx.ShouldBindUri(&req)
+
+	if !registry.ResolverRegistry().IsRegistered(req.Resolver) {
+		writeError(ctx, ErrNotFound)
+		return
+	}
+	registry.ResolverRegistry().Unregister(req.Resolver)
+
+	cfg := config.Global()
+	resolvers := cfg.Resolvers
+	cfg.Resolvers = nil
+	for _, s := range resolvers {
+		if s.Name == req.Resolver {
+			continue
+		}
+		cfg.Resolvers = append(cfg.Resolvers, s)
+	}
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
--- a/api/config_service.go
+++ b/api/config_service.go
@ -0,0 +1,190 @@
+package api
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/go-gost/core/registry"
+	"github.com/go-gost/x/config"
+	"github.com/go-gost/x/config/parsing"
+)
+
+// swagger:parameters createServiceRequest
+type createServiceRequest struct {
+	// in: body
+	Data config.ServiceConfig `json:"data"`
+}
+
+// successful operation.
+// swagger:response createServiceResponse
+type createServiceResponse struct {
+	Data Response
+}
+
+func createService(ctx *gin.Context) {
+	// swagger:route POST /config/services ConfigManagement createServiceRequest
+	//
+	// Create a new service, the name of the service must be unique in service list.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: createServiceResponse
+
+	var req createServiceRequest
+	ctx.ShouldBindJSON(&req.Data)
+
+	if req.Data.Name == "" {
+		writeError(ctx, ErrInvalid)
+		return
+	}
+
+	if registry.ServiceRegistry().IsRegistered(req.Data.Name) {
+		writeError(ctx, ErrDup)
+		return
+	}
+
+	svc, err := parsing.ParseService(&req.Data)
+	if err != nil {
+		writeError(ctx, ErrCreate)
+		return
+	}
+
+	if err := registry.ServiceRegistry().Register(req.Data.Name, svc); err != nil {
+		svc.Close()
+		writeError(ctx, ErrDup)
+		return
+	}
+
+	go svc.Serve()
+
+	cfg := config.Global()
+	cfg.Services = append(cfg.Services, &req.Data)
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
+
+// swagger:parameters updateServiceRequest
+type updateServiceRequest struct {
+	// in: path
+	// required: true
+	Service string `uri:"service" json:"service"`
+	// in: body
+	Data config.ServiceConfig `json:"data"`
+}
+
+// successful operation.
+// swagger:response updateServiceResponse
+type updateServiceResponse struct {
+	Data Response
+}
+
+func updateService(ctx *gin.Context) {
+	// swagger:route PUT /config/services/{service} ConfigManagement updateServiceRequest
+	//
+	// Update service by name, the service must already exist.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: updateServiceResponse
+
+	var req updateServiceRequest
+	ctx.ShouldBindUri(&req)
+	ctx.ShouldBindJSON(&req.Data)
+
+	old := registry.ServiceRegistry().Get(req.Service)
+	if old == nil {
+		writeError(ctx, ErrNotFound)
+		return
+	}
+	old.Close()
+
+	req.Data.Name = req.Service
+
+	svc, err := parsing.ParseService(&req.Data)
+	if err != nil {
+		writeError(ctx, ErrCreate)
+		return
+	}
+
+	registry.ServiceRegistry().Unregister(req.Service)
+
+	if err := registry.ServiceRegistry().Register(req.Service, svc); err != nil {
+		svc.Close()
+		writeError(ctx, ErrDup)
+		return
+	}
+
+	go svc.Serve()
+
+	cfg := config.Global()
+	for i := range cfg.Services {
+		if cfg.Services[i].Name == req.Service {
+			cfg.Services[i] = &req.Data
+			break
+		}
+	}
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
+
+// swagger:parameters deleteServiceRequest
+type deleteServiceRequest struct {
+	// in: path
+	// required: true
+	Service string `uri:"service" json:"service"`
+}
+
+// successful operation.
+// swagger:response deleteServiceResponse
+type deleteServiceResponse struct {
+	Data Response
+}
+
+func deleteService(ctx *gin.Context) {
+	// swagger:route DELETE /config/services/{service} ConfigManagement deleteServiceRequest
+	//
+	// Delete service by name.
+	//
+	//     Security:
+	//       basicAuth: []
+	//
+	//     Responses:
+	//       200: deleteServiceResponse
+
+	var req deleteServiceRequest
+	ctx.ShouldBindUri(&req)
+
+	svc := registry.ServiceRegistry().Get(req.Service)
+	if svc == nil {
+		writeError(ctx, ErrNotFound)
+		return
+	}
+
+	registry.ServiceRegistry().Unregister(req.Service)
+	svc.Close()
+
+	cfg := config.Global()
+	services := cfg.Services
+	cfg.Services = nil
+	for _, s := range services {
+		if s.Name == req.Service {
+			continue
+		}
+		cfg.Services = append(cfg.Services, s)
+	}
+	config.SetGlobal(cfg)
+
+	ctx.JSON(http.StatusOK, Response{
+		Msg: "OK",
+	})
+}
--- a/api/doc.go
+++ b/api/doc.go
@ -0,0 +1,18 @@
+// Documentation of Web API.
+//
+//     Schemes: https, http
+//     BasePath: /
+//     Version: 1.0.0
+//
+//     Consumes:
+//     - application/json
+//
+//     Produces:
+//     - application/json
+//
+//     SecurityDefinitions:
+//     basicAuth:
+//       type: basic
+//
+// swagger:meta
+package api
--- a/api/error.go
+++ b/api/error.go
@ -0,0 +1,45 @@
+package api
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+)
+
+var (
+	ErrInvalid  = &Error{statusCode: http.StatusBadRequest, Code: 40001, Msg: "object invalid"}
+	ErrDup      = &Error{statusCode: http.StatusBadRequest, Code: 40002, Msg: "object duplicated"}
+	ErrCreate   = &Error{statusCode: http.StatusConflict, Code: 40003, Msg: "object creation failed"}
+	ErrNotFound = &Error{statusCode: http.StatusBadRequest, Code: 40004, Msg: "object not found"}
+	ErrSave     = &Error{statusCode: http.StatusInternalServerError, Code: 40005, Msg: "save config failed"}
+)
+
+// Error is an api error.
+type Error struct {
+	statusCode int
+	Code       int    `json:"code"`
+	Msg        string `json:"msg"`
+}
+
+func (e *Error) Error() string {
+	b, _ := json.Marshal(e)
+	return string(b)
+}
+
+func writeError(c *gin.Context, err error) {
+	// c.Set(HTTPResponseTag, err)
+	c.JSON(getStatusCode(err), err)
+}
+
+func getStatusCode(err error) int {
+	if err == nil {
+		return http.StatusOK
+	}
+	if e, ok := err.(*Error); ok {
+		if e.statusCode >= http.StatusOK && e.statusCode < 600 {
+			return e.statusCode
+		}
+	}
+	return http.StatusInternalServerError
+}
--- a/api/middleware.go
+++ b/api/middleware.go
@ -0,0 +1,42 @@
+package api
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/go-gost/core/auth"
+	"github.com/go-gost/core/logger"
+)
+
+func mwLogger() gin.HandlerFunc {
+	return func(ctx *gin.Context) {
+		// start time
+		startTime := time.Now()
+		// Processing request
+		ctx.Next()
+		duration := time.Since(startTime)
+
+		logger.Default().WithFields(map[string]any{
+			"kind":     "api",
+			"method":   ctx.Request.Method,
+			"uri":      ctx.Request.RequestURI,
+			"code":     ctx.Writer.Status(),
+			"client":   ctx.ClientIP(),
+			"duration": duration,
+		}).Infof("| %3d | %13v | %15s | %-7s %s",
+			ctx.Writer.Status(), duration, ctx.ClientIP(), ctx.Request.Method, ctx.Request.RequestURI)
+	}
+}
+
+func mwBasicAuth(auther auth.Authenticator) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if auther == nil {
+			return
+		}
+		u, p, _ := c.Request.BasicAuth()
+		if !auther.Authenticate(u, p) {
+			c.AbortWithStatus(http.StatusUnauthorized)
+		}
+	}
+}
--- a/api/service.go
+++ b/api/service.go
@ -0,0 +1,132 @@
+package api
+
+import (
+	"net"
+	"net/http"
+
+	"github.com/gin-contrib/cors"
+	"github.com/gin-gonic/gin"
+	"github.com/go-gost/core/auth"
+	"github.com/go-gost/core/service"
+)
+
+type options struct {
+	accessLog  bool
+	pathPrefix string
+	auther     auth.Authenticator
+}
+
+type Option func(*options)
+
+func PathPrefixOption(pathPrefix string) Option {
+	return func(o *options) {
+		o.pathPrefix = pathPrefix
+	}
+}
+
+func AccessLogOption(enable bool) Option {
+	return func(o *options) {
+		o.accessLog = enable
+	}
+}
+
+func AutherOption(auther auth.Authenticator) Option {
+	return func(o *options) {
+		o.auther = auther
+	}
+}
+
+type server struct {
+	s  *http.Server
+	ln net.Listener
+}
+
+func NewService(addr string, opts ...Option) (service.Service, error) {
+	ln, err := net.Listen("tcp", addr)
+	if err != nil {
+		return nil, err
+	}
+
+	var options options
+	for _, opt := range opts {
+		opt(&options)
+	}
+
+	gin.SetMode(gin.ReleaseMode)
+
+	r := gin.New()
+	r.Use(
+		cors.New((cors.Config{
+			AllowAllOrigins: true,
+			AllowMethods:    []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
+			AllowHeaders:    []string{"*"},
+		})),
+		gin.Recovery(),
+	)
+	if options.accessLog {
+		r.Use(mwLogger())
+	}
+
+	router := r.Group("")
+	if options.pathPrefix != "" {
+		router = router.Group(options.pathPrefix)
+	}
+
+	router.StaticFS("/docs", http.FS(swaggerDoc))
+
+	config := router.Group("/config")
+	config.Use(mwBasicAuth(options.auther))
+	registerConfig(config)
+
+	return &server{
+		s: &http.Server{
+			Handler: r,
+		},
+		ln: ln,
+	}, nil
+}
+
+func (s *server) Serve() error {
+	return s.s.Serve(s.ln)
+}
+
+func (s *server) Addr() net.Addr {
+	return s.ln.Addr()
+}
+
+func (s *server) Close() error {
+	return s.s.Close()
+}
+
+func registerConfig(config *gin.RouterGroup) {
+	config.GET("", getConfig)
+	config.POST("", saveConfig)
+
+	config.POST("/services", createService)
+	config.PUT("/services/:service", updateService)
+	config.DELETE("/services/:service", deleteService)
+
+	config.POST("/chains", createChain)
+	config.PUT("/chains/:chain", updateChain)
+	config.DELETE("/chains/:chain", deleteChain)
+
+	config.POST("/authers", createAuther)
+	config.PUT("/authers/:auther", updateAuther)
+	config.DELETE("/authers/:auther", deleteAuther)
+
+	config.POST("/admissions", createAdmission)
+	config.PUT("/admissions/:admission", updateAdmission)
+	config.DELETE("/admissions/:admission", deleteAdmission)
+
+	config.POST("/bypasses", createBypass)
+	config.PUT("/bypasses/:bypass", updateBypass)
+	config.DELETE("/bypasses/:bypass", deleteBypass)
+
+	config.POST("/resolvers", createResolver)
+	config.PUT("/resolvers/:resolver", updateResolver)
+	config.DELETE("/resolvers/:resolver", deleteResolver)
+
+	config.POST("/hosts", createHosts)
+	config.PUT("/hosts/:hosts", updateHosts)
+	config.DELETE("/hosts/:hosts", deleteHosts)
+}
--- a/api/swagger.yaml
+++ b/api/swagger.yaml