- Update .goreleaser.yaml:
- Split builds into linux, windows, and darwin
- Configure Zig as the C/C++ compiler for cross-compilation (CGO enabled)
- Add zip archive format for Windows
- Restrict deb/rpm packages to Linux builds
- Update .github/workflows/release-goreleaser.yml:
- Add setup-zig action to install Zig compiler
- Remove manual apt-get cross-compiler installation
- Update Makefile with new targets:
- lint-backend: Run golangci-lint via Docker
- lint-docker: Run hadolint via Docker
- test-race: Run Go tests with race detection
- benchmark: Run Go benchmarks
- integration-test: Run local integration tests
- Update .pre-commit-config.yaml:
- Add go-test-race hook
- Add golangci-lint hook
- Add hadolint hook
- Add .goreleaser.yaml configuration:
- Define builds for linux/amd64 and linux/arm64
- Configure archive creation (tar.gz)
- Configure package creation (deb, rpm)
- Add .github/workflows/release-goreleaser.yml:
- New workflow to test GoReleaser builds
- Builds frontend first, then uses GoReleaser
- Handles cross-compilation dependencies
- Add security preset system with curated threat intelligence
- High-Risk Countries preset (RU, CN, KP, IR, etc.) ~800M IPs
- Expanded Threat List preset ~1.2B IPs
- Cloud Scanner IPs preset (Shodan, Censys) ~3K IPs
- Tor Exit Nodes preset ~1.2K IPs (changes daily)
- Add tooltips linking to data sources (SANS ISC, Spamhaus, Tor Project)
- Add 'Get My IP' button to quickly add current IP to allowlist
- Add IP range calculator showing total IPs covered by rules
- Emphasize block lists over allow lists in UI
- Renamed UI labels to show 'Recommended' for block lists
- Added info box explaining why block lists are safer
- Add /system/my-ip API endpoint to fetch user's public IP
- Handles X-Forwarded-For, X-Real-IP, CF-Connecting-IP headers
- Returns IP and source (direct, proxy, Cloudflare, etc.)
- Add ARIA attributes to ProxyHosts checkboxes for accessibility
Block lists prevent lockouts while maintaining security by blocking
known threats instead of requiring explicit allow lists that can
inadvertently block legitimate users (especially CGNAT/mobile users).
Note: Bulk delete tests need refinement (event simulation) - tracked
separately.
- Add bulk delete button with automatic backup creation before deletion
- Move checkbox column to the right side of the table
- Show '(all)' indicator when all hosts are selected
- Add comprehensive delete confirmation modal listing affected hosts
- Rename 'Bulk Actions' button to 'Manage ACL' for clarity
- Add CGNAT warning banner in Access Lists page
- Explains why mobile/CGNAT connections may be blocked
- Provides solutions for locked-out users
- Includes tips for T-Mobile 5G, Starlink, and other CGNAT ISPs
- Improve error messaging and loading states
Addresses common CGNAT issues where geo-blocking fails due to
data center IP addresses appearing instead of user's location.
- Create main testing issue with 64 manual test checkpoints
- Add 7 sub-issue templates for organized testing workflow
- Cover basic functionality, error handling, UI/UX, integration, cross-browser, and regression testing
- Include test environment setup and success criteria
- Added API integration for access lists including listing, creating, updating, deleting, and testing IPs against access lists.
- Created AccessListForm component for creating and editing access lists with validation.
- Developed AccessListSelector component for selecting access lists with detailed display of selected ACL.
- Implemented hooks for managing access lists and handling API interactions.
- Added tests for AccessListSelector and useAccessLists hooks to ensure functionality.
- Enhanced AccessLists page with UI for managing access lists, including create, edit, delete, and test IP features.
- Deleted `useSecurity.ts` hook which managed authentication users, providers, and policies.
- Removed `Policies.tsx`, `Providers.tsx`, and `Users.tsx` pages that utilized the above hook.
- Cleaned up the `index.tsx` file in the Security section to remove references to the deleted pages.
- Updated mock data by removing unused properties related to forward authentication.
- Introduced ForwardAuthConfig model to store global forward authentication settings.
- Updated Manager to fetch and apply forward authentication configuration.
- Added ForwardAuthHandler to create a reverse proxy handler for authentication.
- Enhanced ProxyHost model to include forward authentication options.
- Created Security page and ForwardAuthSettings component for managing authentication settings.
- Implemented API endpoints for fetching and updating forward authentication configuration.
- Added tests for new functionality including validation and error handling.
- Updated frontend components to support forward authentication settings.
