akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 7 Packages Projects Releases Wiki Activity

feat: add Application URL setting for user invitations

Browse Source 
Add configurable public-facing URL setting to fix issue where invite emails
contained internal localhost addresses inaccessible to external users.

Features:
- New "Application URL" setting in System Settings (key: app.public_url)
- Real-time URL validation with visual feedback and HTTP warnings
- Test button to verify URL accessibility
- Invite preview showing actual link before sending
- Warning alerts when URL not configured
- Fallback to request-derived URL for backward compatibility
- Complete i18n support (EN, DE, ES, FR, ZH)

Backend:
- Created utils.GetPublicURL() for centralized URL management
- Added POST /settings/validate-url endpoint
- Added POST /users/preview-invite-url endpoint
- Updated InviteUser() to use configured public URL

Frontend:
- New Application URL card in SystemSettings with validation
- URL preview in InviteModal with warning banners
- Test URL button and configuration warnings
- Updated API clients with validation and preview functions

Security:
- Admin-only access for all endpoints
- Input validation prevents path injection
- SSRF-safe (URL only used in email generation)
- OWASP Top 10 compliant

Coverage: Backend 87.6%, Frontend 86.5% (both exceed 85% threshold)

Refs: #application-url-feature
This commit is contained in:
GitHub Actions
2025-12-21 22:32:41 +00:00
parent e8ca351a62
commit 9392d9454c
20 changed files with 1703 additions and 341 deletions
Download Patch File Download Diff File Expand all files Collapse all files
frontend/src/pages/__tests__/SystemSettings.test.tsx
+6 -6
View File
@@ -123,8 +123,8 @@ describe('SystemSettings', () => {
})
const user = userEvent.setup()
const saveButton = screen.getByRole('button', { name: /Save Settings/i })
await user.click(saveButton)
const saveButtons = screen.getAllByRole('button', { name: /Save Settings/i })
await user.click(saveButtons[0])
await waitFor(() => {
expect(settingsApi.updateSetting).toHaveBeenCalledWith(
@@ -165,15 +165,15 @@ describe('SystemSettings', () => {
renderWithProviders(<SystemSettings />)
await waitFor(() => {
expect(screen.getByText('Save Settings')).toBeTruthy()
expect(screen.getAllByText('Save Settings')).toHaveLength(2)
})
const user = userEvent.setup()
const saveButton = screen.getByRole('button', { name: /Save Settings/i })
await user.click(saveButton)
const saveButtons = screen.getAllByRole('button', { name: /Save Settings/i })
await user.click(saveButtons[0])
await waitFor(() => {
expect(settingsApi.updateSetting).toHaveBeenCalledTimes(3)
expect(settingsApi.updateSetting).toHaveBeenCalledTimes(4)
expect(settingsApi.updateSetting).toHaveBeenCalledWith(
'caddy.admin_api',
expect.any(String),