From 86445d86078ae22a554998646011e1d3c5021098 Mon Sep 17 00:00:00 2001
From: chahinebrini <chahinebrini@gmail.com>
Date: Sun, 10 May 2026 16:17:24 +0200
Subject: [PATCH] feat(url-filter): add blocklist.txt endpoint for DNS-filter
 sync
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

AdGuard Home auf rebreak-mdm pullt diese Liste alle 1h für DoH-DNS-NXDOMAIN.
Single source of truth mit dem URL-Filter (NEFilter) — gleicher
getActiveBlocklistDomains() backend-call.

Public (no auth) — Casino-Domains sind keine PII, andere DNS-Blocklisten
(HaGeZi, OISD) sind genauso public.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../api/url-filter/blocklist.txt.get.ts       | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 backend/server/api/url-filter/blocklist.txt.get.ts

diff --git a/backend/server/api/url-filter/blocklist.txt.get.ts b/backend/server/api/url-filter/blocklist.txt.get.ts
new file mode 100644
index 0000000..f7702cc
--- /dev/null
+++ b/backend/server/api/url-filter/blocklist.txt.get.ts
@@ -0,0 +1,19 @@
+import { getActiveBlocklistDomains } from "../../db/domains";
+
+/**
+ * GET /api/url-filter/blocklist.txt
+ *
+ * Plain-text Blocklist für externe DNS-Filter (AdGuard Home, Pi-hole, etc.).
+ * Eine Domain pro Zeile. Wird vom rebreak-mdm DoH-Server alle 1h gepullt.
+ *
+ * Public — Casino-Domains sind keine PII. Andere Filter-Listen (HaGeZi, OISD)
+ * sind genauso public. Single source of truth mit dem URL-Filter im NEFilter.
+ */
+export default defineEventHandler(async (event) => {
+  const domains = await getActiveBlocklistDomains();
+  const body = domains.map((d) => d.domain).join("\n") + "\n";
+
+  setHeader(event, "Content-Type", "text/plain; charset=utf-8");
+  setHeader(event, "Cache-Control", "public, max-age=300");
+  return body;
+});