v0.4.0 authentication added and router mode removed

src/internal/config/auth.go

@@ -1,7 +1,11 @@
 // FILE: logwisp/src/internal/config/auth.go
 package config
 
-import "fmt"
+import (
+	"fmt"
+	"net"
+	"strings"
+)
 
 type AuthConfig struct {
 	// Authentication type: "none", "basic", "bearer", "mtls"
@@ -12,10 +16,6 @@ type AuthConfig struct {
 
 	// Bearer token auth
 	BearerAuth *BearerAuthConfig `toml:"bearer_auth"`
-
-	// IP-based access control
-	IPWhitelist []string `toml:"ip_whitelist"`
-	IPBlacklist []string `toml:"ip_blacklist"`
 }
 
 type BasicAuthConfig struct {

src/internal/config/config.go

@@ -3,7 +3,6 @@ package config
 
 type Config struct {
 	// Top-level flags for application control
-	UseRouter   bool `toml:"router"`
 	Background  bool `toml:"background"`
 	ShowVersion bool `toml:"version"`
 	Quiet       bool `toml:"quiet"`

src/internal/config/limit.go

@@ -3,6 +3,7 @@ package config
 
 import (
 	"fmt"
+	"net"
 	"strings"
 )
 
@@ -28,6 +29,37 @@ type RateLimitConfig struct {
 	MaxEntrySizeBytes int64 `toml:"max_entry_size_bytes"`
 }
 
+func validateNetAccess(pipelineName string, cfg *NetAccessConfig) error {
+	if cfg == nil {
+		return nil
+	}
+
+	// Validate CIDR notation
+	for _, cidr := range cfg.IPWhitelist {
+		if !strings.Contains(cidr, "/") {
+			cidr = cidr + "/32"
+		}
+		if _, _, err := net.ParseCIDR(cidr); err != nil {
+			if net.ParseIP(cidr) == nil {
+				return fmt.Errorf("pipeline '%s': invalid IP whitelist entry: %s", pipelineName, cidr)
+			}
+		}
+	}
+
+	for _, cidr := range cfg.IPBlacklist {
+		if !strings.Contains(cidr, "/") {
+			cidr = cidr + "/32"
+		}
+		if _, _, err := net.ParseCIDR(cidr); err != nil {
+			if net.ParseIP(cidr) == nil {
+				return fmt.Errorf("pipeline '%s': invalid IP blacklist entry: %s", pipelineName, cidr)
+			}
+		}
+	}
+
+	return nil
+}
+
 func validateRateLimit(pipelineName string, cfg *RateLimitConfig) error {
 	if cfg == nil {
 		return nil

src/internal/config/loader.go

@@ -19,7 +19,6 @@ type LoadContext struct {
 func defaults() *Config {
 	return &Config{
 		// Top-level flag defaults
-		UseRouter:   false,
 		Background:  false,
 		ShowVersion: false,
 		Quiet:       false,

src/internal/config/pipeline.go

@@ -20,6 +20,9 @@ type PipelineConfig struct {
 	// Rate limiting
 	RateLimit *RateLimitConfig `toml:"rate_limit"`
 
+	// Network access control (IP filtering)
+	NetAccess *NetAccessConfig `toml:"net_access"`
+
 	// Filter configuration
 	Filters []FilterConfig `toml:"filters"`
 
@@ -34,6 +37,12 @@ type PipelineConfig struct {
 	Auth *AuthConfig `toml:"auth"`
 }
 
+// NetAccessConfig defines IP-based access control lists
+type NetAccessConfig struct {
+	IPWhitelist []string `toml:"ip_whitelist"`
+	IPBlacklist []string `toml:"ip_blacklist"`
+}
+
 // SourceConfig represents an input data source
 type SourceConfig struct {
 	// Source type: "directory", "file", "stdin", etc.

src/internal/config/validation.go

@@ -72,6 +72,11 @@ func (c *Config) validate() error {
 			}
 		}
 
+		// Validate net access if present
+		if err := validateNetAccess(pipeline.Name, pipeline.NetAccess); err != nil {
+			return err
+		}
+
 		// Validate auth if present
 		if err := validateAuth(pipeline.Name, pipeline.Auth); err != nil {
 			return err