Full configuration management via Admin API

Author: zigazajc007

docs/admin-api.md

@@ -71,14 +71,75 @@ All endpoints may return these errors:
 
 ### GET /v1/admin/config
 
-Returns the entire current configuration object.
+Returns the entire current configuration as read from `config.toml`.
+
+**Query Parameters:**
+
+| Parameter | Type   | Default | Description                       |
+| --------- | ------ | ------- | --------------------------------- |
+| `format`  | string | `json`  | Response format: `json` or `toml` |
+
+**JSON example:**
 
 ```bash
 curl -H "Authorization: Bearer <token>" \
   http://localhost:3000/v1/admin/config
 ```
 
-**Response:** The full parsed `config.toml` as JSON, including all monitors, groups, status pages, notifications, pulse monitors, and server settings.
+**TOML example:**
+
+```bash
+curl -H "Authorization: Bearer <token>" \
+  "http://localhost:3000/v1/admin/config?format=toml"
+```
+
+**Response:** The full parsed `config.toml`, including all monitors, groups, status pages, notifications, pulse monitors and server settings.
+
+### POST /v1/admin/config
+
+Replace the entire configuration. The body is validated, written to `config.toml`, and hot-reloaded. On reload failure, the previous configuration is automatically restored.
+
+**Query Parameters:**
+
+| Parameter | Type   | Default | Description                           |
+| --------- | ------ | ------- | ------------------------------------- |
+| `format`  | string | `json`  | Request body format: `json` or `toml` |
+
+**JSON example:**
+
+```bash
+curl -X POST \
+  -H "Authorization: Bearer <token>" \
+  -H "Content-Type: application/json" \
+  -d @config.json \
+  http://localhost:3000/v1/admin/config
+```
+
+**TOML example:**
+
+```bash
+curl -X POST \
+  -H "Authorization: Bearer <token>" \
+  -H "Content-Type: application/toml" \
+  -d @config.toml \
+  "http://localhost:3000/v1/admin/config?format=toml"
+```
+
+**Success Response:**
+
+```json
+{ "success": true }
+```
+
+**Error Responses:**
+
+| Status | Description                                             |
+| ------ | ------------------------------------------------------- |
+| `400`  | Invalid request body or configuration validation failed |
+| `401`  | Unauthorized                                            |
+| `500`  | Config write or reload failed                           |
+
+> **Tip:** You can GET the config, modify it, and POST it back to make bulk changes safely. Both endpoints use the same key format, so round-tripping works without any transformation.
 
 ---
 
@@ -1139,6 +1200,7 @@ All incident operations broadcast real-time events to WebSocket subscribers of t
 | Method   | Endpoint                                    | Description                    |
 | -------- | ------------------------------------------- | ------------------------------ |
 | `GET`    | `/v1/admin/config`                          | Get full configuration         |
+| `POST`   | `/v1/admin/config`                          | Replace full configuration     |
 | `GET`    | `/v1/admin/monitors`                        | List all monitors              |
 | `GET`    | `/v1/admin/monitors/:id`                    | Get a monitor                  |
 | `POST`   | `/v1/admin/monitors`                        | Create a monitor               |

docs/api.md

@@ -534,7 +534,7 @@ See the [Admin API Reference](admin-api.md) for complete documentation of all en
 
 | Resource              | Endpoints                                                                                                                                          |
 | --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Configuration         | `GET /v1/admin/config`                                                                                                                             |
+| Configuration         | `GET/POST /v1/admin/config`                                                                                                                        |
 | Monitors              | `GET/POST /v1/admin/monitors`, `GET/PUT/DELETE /v1/admin/monitors/:id`                                                                             |
 | Groups                | `GET/POST /v1/admin/groups`, `GET/PUT/DELETE /v1/admin/groups/:id`                                                                                 |
 | Status Pages          | `GET/POST /v1/admin/status-pages`, `GET/PUT/DELETE /v1/admin/status-pages/:id`                                                                     |

package.json

@@ -1,7 +1,7 @@
 {
 	"name": "uptimemonitor-server",
 	"module": "src/index.ts",
-	"version": "0.4.4",
+	"version": "0.4.5",
 	"type": "module",
 	"private": true,
 	"scripts": {

src/admin/config.ts

@@ -0,0 +1,49 @@
+import type { Server, Web } from "@rabbit-company/web";
+import { adminBearerAuth, readRawConfig, validateConfig, writeAndReload } from "./helpers";
+import { Logger } from "../logger";
+import TOML from "smol-toml";
+
+export function registerConfigRoutes(app: Web, getServer: () => Server): void {
+	app.get("/v1/admin/config", adminBearerAuth(), async (ctx) => {
+		const query = ctx.query();
+		const raw = await readRawConfig();
+
+		if (query.get("format") === "toml") {
+			return ctx.text(TOML.stringify(raw), 200, { "Content-Type": "application/toml; charset=utf-8" });
+		}
+
+		return ctx.json(raw);
+	});
+
+	app.post("/v1/admin/config", adminBearerAuth(), async (ctx) => {
+		const format = ctx.query().get("format")?.toLowerCase();
+
+		let raw: any;
+
+		try {
+			if (format === "toml") {
+				const text = await ctx.req.text();
+				raw = Bun.TOML.parse(text);
+			} else {
+				raw = await ctx.req.json();
+			}
+		} catch (e: any) {
+			return ctx.json({ error: "Invalid request body", details: e?.message }, 400);
+		}
+
+		const validationErrors = validateConfig(raw);
+		if (validationErrors) {
+			return ctx.json({ error: "Configuration validation failed", details: validationErrors }, 400);
+		}
+
+		try {
+			await writeAndReload(raw, getServer);
+			Logger.audit("Admin API: Config updated");
+
+			return ctx.json({ success: true });
+		} catch (e: any) {
+			Logger.error("Admin API: Failed to update config", { error: e?.message });
+			return ctx.json({ error: e?.message }, 500);
+		}
+	});
+}

src/admin/index.ts

@@ -1,16 +1,16 @@
 import type { Web, Server } from "@rabbit-company/web";
 import { Logger } from "../logger";
-import { config } from "../config";
 import { registerMonitorRoutes } from "./monitors";
-import { adminBearerAuth } from "./helpers";
 import { registerGroupRoutes } from "./groups";
 import { registerStatusPageRoutes } from "./status-pages";
 import { registerPulseMonitorRoutes } from "./pulse-monitors";
 import { registerNotificationRoutes } from "./notifications";
 import { registerAdminReportRoutes } from "./reports";
 import { registerIncidentRoutes } from "./incidents";
+import { registerConfigRoutes } from "./config";
 
 export function registerAdminAPI(app: Web, getServer: () => Server): void {
+	registerConfigRoutes(app, getServer);
 	registerMonitorRoutes(app, getServer);
 	registerGroupRoutes(app, getServer);
 	registerStatusPageRoutes(app, getServer);
@@ -19,9 +19,5 @@ export function registerAdminAPI(app: Web, getServer: () => Server): void {
 	registerAdminReportRoutes(app);
 	registerIncidentRoutes(app, getServer);
 
-	app.get("/v1/admin/config", adminBearerAuth(), (ctx) => {
-		return ctx.json(config);
-	});
-
 	Logger.info("Admin API registered", { prefix: "/v1/admin" });
 }

src/openapi.ts

@@ -1001,18 +1001,32 @@ export const openapi = {
 			get: {
 				tags: ["Admin: Configuration"],
 				summary: "Get full configuration",
-				description: "Returns the entire current server configuration. Requires Admin API to be enabled.",
+				description: "Returns the entire current configuration as read from config.toml. Use ?format=toml to get TOML instead of JSON.",
 				operationId: "adminGetConfig",
 				security: [{ adminBearerAuth: [] }],
+				parameters: [
+					{
+						name: "format",
+						in: "query",
+						required: false,
+						description: "Response format: json (default) or toml",
+						schema: { type: "string", enum: ["json", "toml"], default: "json" },
+					},
+				],
 				responses: {
 					"200": {
 						description: "Full server configuration",
 						content: {
 							"application/json": {
 								schema: {
 									type: "object",
-									description:
-										"The complete parsed config.toml as JSON, including all monitors, groups, status pages, notifications, pulse monitors, and server settings.",
+									description: "The complete parsed config.toml as JSON.",
+								},
+							},
+							"application/toml": {
+								schema: {
+									type: "string",
+									description: "The complete config as TOML.",
 								},
 							},
 						},
@@ -1023,6 +1037,63 @@ export const openapi = {
 					},
 				},
 			},
+			post: {
+				tags: ["Admin: Configuration"],
+				summary: "Replace full configuration",
+				description:
+					"Replace the entire configuration. The body is validated, written to config.toml, and hot-reloaded. On failure, the previous configuration is automatically restored. Use ?format=toml to send TOML instead of JSON.",
+				operationId: "adminUpdateConfig",
+				security: [{ adminBearerAuth: [] }],
+				parameters: [
+					{
+						name: "format",
+						in: "query",
+						required: false,
+						description: "Request body format: json (default) or toml",
+						schema: { type: "string", enum: ["json", "toml"], default: "json" },
+					},
+				],
+				requestBody: {
+					required: true,
+					content: {
+						"application/json": {
+							schema: {
+								type: "object",
+								description: "The full configuration object with the same structure as config.toml.",
+							},
+						},
+						"application/toml": {
+							schema: {
+								type: "string",
+								description: "The full configuration as TOML.",
+							},
+						},
+					},
+				},
+				responses: {
+					"200": {
+						description: "Configuration updated successfully",
+						content: {
+							"application/json": {
+								schema: { $ref: "#/components/schemas/AdminSuccessSimple" },
+								example: { success: true },
+							},
+						},
+					},
+					"400": {
+						description: "Invalid request body or configuration validation failed",
+						content: { "application/json": { schema: { $ref: "#/components/schemas/AdminValidationError" } } },
+					},
+					"401": {
+						description: "Unauthorized",
+						content: { "application/json": { schema: { $ref: "#/components/schemas/Error" } } },
+					},
+					"500": {
+						description: "Config write or reload failed",
+						content: { "application/json": { schema: { $ref: "#/components/schemas/Error" } } },
+					},
+				},
+			},
 		},
 		"/v1/admin/monitors": {
 			get: {