- Implement DNSProviderCard component for displaying individual DNS provider details.
- Create DNSProviderForm component for adding and editing DNS providers.
- Add DNSProviderSelector component for selecting DNS providers in forms.
- Introduce useDNSProviders hook for fetching and managing DNS provider data.
- Add DNSProviders page for listing and managing DNS providers.
- Update layout to include DNS Providers navigation.
- Enhance UI components with new badge styles and improved layouts.
- Add default provider schemas for various DNS providers.
- Integrate translation strings for DNS provider management.
- Update Vite configuration for improved chunking and performance.
- Replace Go interface{} with any (Go 1.18+ standard)
- Add database indexes to frequently queried model fields
- Add JSDoc documentation to frontend API client methods
- Remove deprecated docker-compose version keys
- Add concurrency groups to all 25 GitHub Actions workflows
- Add YAML front matter and fix H1→H2 headings in docs
Coverage: Backend 85.5%, Frontend 87.73%
Security: No vulnerabilities detected
Refs: docs/plans/instruction_compliance_spec.md
Add X-Real-IP, X-Forwarded-Proto, X-Forwarded-Host, and X-Forwarded-Port headers to all proxy hosts for proper client IP detection, HTTPS enforcement, and logging.
- New feature flag: enable_standard_headers (default: true for new hosts, false for existing)
- UI: Checkbox in proxy host form and bulk apply modal for easy migration
- Security: Always configure trusted_proxies when headers enabled
- Backward compatible: Existing hosts preserve legacy behavior until explicitly enabled
BREAKING CHANGE: New proxy hosts will have standard headers enabled by default. Existing hosts maintain legacy behavior. Users can opt-in via UI.
Backend: 98.7% coverage, 8 new tests
Frontend: 87.7% coverage, full TypeScript support
Docs: Comprehensive migration guide and troubleshooting
Closes #<issue-number> (FileFlows WebSocket fix)
- Created `qa-test-output-after-fix.txt` and `qa-test-output.txt` to log results of certificate page authentication tests.
- Added `build.sh` for deterministic backend builds in CI, utilizing `go list` for efficiency.
- Introduced `codeql_scan.sh` for CodeQL database creation and analysis for Go and JavaScript/TypeScript.
- Implemented `dockerfile_check.sh` to validate Dockerfiles for base image and package manager mismatches.
- Added `sourcery_precommit_wrapper.sh` to facilitate Sourcery CLI usage in pre-commit hooks.
- Modified the GenerateConfig function to include an additional parameter for ruleset paths.
- Updated multiple test cases across various files to accommodate the new parameter.
- Enhanced the manager's ApplyConfig method to handle ruleset file creation and error handling.
- Added integration tests for Coraza WAF to validate runtime behavior and ruleset application.
- Updated documentation to include instructions for testing Coraza WAF integration locally.
- Updated SecurityConfig model to only support 'local' or 'disabled' modes for CrowdSec.
- Modified related logic in the manager and services to reject external mode.
- Adjusted tests to validate the new restrictions on CrowdSec modes.
- Updated frontend components to remove references to external mode and provide appropriate user feedback.
- Enhanced documentation to reflect the removal of external CrowdSec mode support.
- Added SecurityConfig model to manage Cerberus settings including admin whitelist and break-glass token.
- Introduced SecurityService for handling security configurations and token generation.
- Updated Manager to check for admin whitelist before applying configurations to prevent accidental lockouts.
- Enhanced frontend with hooks and API calls for managing security settings and generating break-glass tokens.
- Updated documentation to include self-lockout protection measures and best practices for using Cerberus.
- Updated `GenerateConfig` function calls in tests to include additional security parameters.
- Enhanced `Manager` struct to hold a `SecurityConfig` instance for managing security-related settings.
- Implemented `computeEffectiveFlags` method to determine the effective state of security features based on both static configuration and runtime database settings.
- Added comprehensive tests for the new security configuration handling, ensuring correct behavior for various scenarios including ACL and CrowdSec settings.
- Adjusted existing tests to accommodate the new structure and ensure compatibility with the updated configuration management.
- Deleted `useSecurity.ts` hook which managed authentication users, providers, and policies.
- Removed `Policies.tsx`, `Providers.tsx`, and `Users.tsx` pages that utilized the above hook.
- Cleaned up the `index.tsx` file in the Security section to remove references to the deleted pages.
- Updated mock data by removing unused properties related to forward authentication.
- Introduced ForwardAuthConfig model to store global forward authentication settings.
- Updated Manager to fetch and apply forward authentication configuration.
- Added ForwardAuthHandler to create a reverse proxy handler for authentication.
- Enhanced ProxyHost model to include forward authentication options.
- Created Security page and ForwardAuthSettings component for managing authentication settings.
- Implemented API endpoints for fetching and updating forward authentication configuration.
- Added tests for new functionality including validation and error handling.
- Updated frontend components to support forward authentication settings.
- Implemented Settings page for changing user passwords with validation and feedback.
- Created Setup page for initial admin account setup with form handling and navigation.
- Added API service layer for handling requests related to proxy hosts, remote servers, and import functionality.
- Introduced mock data for testing purposes and set up testing framework with vitest.
- Configured Tailwind CSS for styling and Vite for development and build processes.
- Added scripts for Dockerfile validation, Python syntax checking, and Sourcery integration.
- Implemented release and coverage scripts for better CI/CD practices.
- Deleted Settings.tsx and Setup.tsx pages, which included functionality for changing passwords and setting up an admin account.
- Removed associated test files for Setup page.
- Eliminated API service definitions related to proxy hosts, remote servers, import functionality, and health checks.
- Cleaned up mock data and test setup files.
- Removed configuration files for TypeScript, Vite, and Tailwind CSS.
- Deleted scripts for testing coverage, release management, Dockerfile validation, and Python compilation checks.
- Removed Sourcery pre-commit wrapper script.
- Deleted Caddy configuration types and validation logic from the backend.
- Removed associated test files for validation.
- Cleaned up related service and model files that are no longer needed.
- Removed unnecessary environment configuration and database connection code.
- Eliminated unused models related to access control, SSL certificates, and user management.
- Cleaned up node modules by removing unnecessary binaries.
- Implemented Issue #9: User Authentication & Authorization
- Added User model fields (FailedLoginAttempts, LockedUntil, LastLogin)
- Created AuthService with JWT support, bcrypt hashing, and account lockout
- Added AuthMiddleware and AuthHandler
- Registered auth routes in backend
- Created AuthContext and RequireAuth component in frontend
- Implemented Login page and integrated with backend
- Fixed 'Blank Page' issue in local Docker environment
- Added QueryClientProvider to main.tsx
- Installed missing lucide-react dependency
- Fixed TypeScript linting errors in SetupGuard.tsx
- Updated docker-entrypoint.sh to use 127.0.0.1 for reliable Caddy checks
- Verified with local Docker build
- Updated ProxyHostForm to include functionality for managing custom locations.
- Introduced add, remove, and update operations for locations in the form.
- Modified the ProxyHost interface to include an array of locations.
- Removed the advanced configuration textarea in favor of a more structured location input.
- Updated the frontend assets in index.html to reflect the latest build.
- Add Caddy client package (client.go) with Load/GetConfig/Ping methods
- Implement config generator (config.go) transforming ProxyHost → Caddy JSON
- Add pre-flight validator (validator.go) catching config errors before reload
- Create manager (manager.go) with rollback capability using config snapshots
- Add CaddyConfig model for audit trail of configuration changes
- Update Config to include Caddy admin API and config dir settings
- Create comprehensive unit tests with 100% coverage for caddy package
Docker Infrastructure:
- Add docker-compose.yml with Caddy sidecar container
- Add docker-compose.dev.yml for development overrides
- Create .github/workflows/docker-publish.yml for GHCR publishing
- Update CI to build Docker images and run integration tests
- Add DOCKER.md with comprehensive deployment guide
- Update Makefile with docker-compose commands
- Update README with Docker-first deployment instructions
Configuration:
- Add CPM_CADDY_ADMIN_API and CPM_CADDY_CONFIG_DIR env vars
- Update .env.example with new Caddy settings
- Update AutoMigrate to include CaddyConfig model
All acceptance criteria met:
✅ Can programmatically generate valid Caddy JSON configs
✅ Can reload Caddy configuration via admin API
✅ Invalid configs caught by validator before reload
✅ Automatic rollback on failure via snapshot system
