- Add security preset system with curated threat intelligence
- High-Risk Countries preset (RU, CN, KP, IR, etc.) ~800M IPs
- Expanded Threat List preset ~1.2B IPs
- Cloud Scanner IPs preset (Shodan, Censys) ~3K IPs
- Tor Exit Nodes preset ~1.2K IPs (changes daily)
- Add tooltips linking to data sources (SANS ISC, Spamhaus, Tor Project)
- Add 'Get My IP' button to quickly add current IP to allowlist
- Add IP range calculator showing total IPs covered by rules
- Emphasize block lists over allow lists in UI
- Renamed UI labels to show 'Recommended' for block lists
- Added info box explaining why block lists are safer
- Add /system/my-ip API endpoint to fetch user's public IP
- Handles X-Forwarded-For, X-Real-IP, CF-Connecting-IP headers
- Returns IP and source (direct, proxy, Cloudflare, etc.)
- Add ARIA attributes to ProxyHosts checkboxes for accessibility
Block lists prevent lockouts while maintaining security by blocking
known threats instead of requiring explicit allow lists that can
inadvertently block legitimate users (especially CGNAT/mobile users).
Note: Bulk delete tests need refinement (event simulation) - tracked
separately.
- Add bulk delete button with automatic backup creation before deletion
- Move checkbox column to the right side of the table
- Show '(all)' indicator when all hosts are selected
- Add comprehensive delete confirmation modal listing affected hosts
- Rename 'Bulk Actions' button to 'Manage ACL' for clarity
- Add CGNAT warning banner in Access Lists page
- Explains why mobile/CGNAT connections may be blocked
- Provides solutions for locked-out users
- Includes tips for T-Mobile 5G, Starlink, and other CGNAT ISPs
- Improve error messaging and loading states
Addresses common CGNAT issues where geo-blocking fails due to
data center IP addresses appearing instead of user's location.
- Added API integration for access lists including listing, creating, updating, deleting, and testing IPs against access lists.
- Created AccessListForm component for creating and editing access lists with validation.
- Developed AccessListSelector component for selecting access lists with detailed display of selected ACL.
- Implemented hooks for managing access lists and handling API interactions.
- Added tests for AccessListSelector and useAccessLists hooks to ensure functionality.
- Enhanced AccessLists page with UI for managing access lists, including create, edit, delete, and test IP features.
- Deleted `useSecurity.ts` hook which managed authentication users, providers, and policies.
- Removed `Policies.tsx`, `Providers.tsx`, and `Users.tsx` pages that utilized the above hook.
- Cleaned up the `index.tsx` file in the Security section to remove references to the deleted pages.
- Updated mock data by removing unused properties related to forward authentication.
- Introduced ForwardAuthConfig model to store global forward authentication settings.
- Updated Manager to fetch and apply forward authentication configuration.
- Added ForwardAuthHandler to create a reverse proxy handler for authentication.
- Enhanced ProxyHost model to include forward authentication options.
- Created Security page and ForwardAuthSettings component for managing authentication settings.
- Implemented API endpoints for fetching and updating forward authentication configuration.
- Added tests for new functionality including validation and error handling.
- Updated frontend components to support forward authentication settings.
- Refactor import handler to support transient previews for uploads and mounted Caddyfiles
- Import sessions are now created only when user commits (not on upload/mount)
- Upload endpoint saves files to import/uploads/<uuid>.caddyfile and returns preview without DB persistence
- GetPreview supports both DB-backed sessions and transient previews from mountPath
- Commit endpoint handles both DB sessions and transient uploads/mounts, persisting session on commit
- Cancel endpoint removes DB sessions or deletes transient uploaded files
- CheckMountedImport no longer auto-creates DB sessions (transient preview behavior)
- Add conflict detection for transient previews against existing ProxyHosts
- Update importer to return raw domain names in conflicts array instead of formatted messages
- Fix import handler Cancel to return 404 for non-existent sessions
- Update all tests to match new transient preview behavior
- Install Node.js 20.x for pre-commit hooks
- Adjust coverage threshold to 78% (78.2% actual)
- Added 'Domain Link Behavior' setting to System Settings (Same Tab, New Tab, New Window)
- Updated Proxy Hosts list to render domains as clickable links
- Implemented behavior logic:
- Same Tab: Opens in current tab
- New Tab: Opens in new tab (default)
- New Window: Opens in a new popup window
- Frontend: Increase heartbeat history to 60 items (1 hour)
- Frontend: Add empty bars for alignment when history is sparse
- Frontend: Improve tooltips with detailed status info
- Frontend: Update API client to support limit parameter
