- Documented certificate management security features in security.md, including backup and recovery processes.
- Implemented CertificateCleanupDialog component for confirming deletion of orphaned certificates when deleting proxy hosts.
- Enhanced ProxyHosts page to check for orphaned certificates and prompt users accordingly during deletion.
- Added tests for certificate cleanup prompts and behaviors in ProxyHosts, ensuring correct handling of unique, shared, and production certificates.
- Implemented new CSS animations for UI elements including bobbing, pulsing, rotating, and spinning effects.
- Integrated loading overlays in CrowdSecConfig, Login, ProxyHosts, Security, and WafConfig pages to enhance user experience during asynchronous operations.
- Added contextual messages for loading states to inform users about ongoing processes.
- Created tests for Login and Security pages to ensure overlays function correctly during login attempts and security operations.
- Introduced isolated coverage tests for ProxyHosts with various scenarios including rendering, bulk apply, and link behavior.
- Enhanced existing ProxyHosts coverage tests to include additional assertions and error handling.
- Added tests for Uptime component to verify rendering and monitoring toggling functionality.
- Created utility functions for setting labels and help texts related to proxy host settings.
- Implemented bulk settings application logic with progress tracking and error handling.
- Added toast utility tests to ensure callback functionality and ID incrementing.
- Improved type safety in test files by using appropriate TypeScript types.
- Added checkboxes to select multiple ACLs at once
- Added Select All / Clear buttons for quick selection
- Added progress indicator when applying multiple ACLs
- ACLs are applied sequentially with visual feedback
- All tests passing with 81.32% coverage
- Add security preset system with curated threat intelligence
- High-Risk Countries preset (RU, CN, KP, IR, etc.) ~800M IPs
- Expanded Threat List preset ~1.2B IPs
- Cloud Scanner IPs preset (Shodan, Censys) ~3K IPs
- Tor Exit Nodes preset ~1.2K IPs (changes daily)
- Add tooltips linking to data sources (SANS ISC, Spamhaus, Tor Project)
- Add 'Get My IP' button to quickly add current IP to allowlist
- Add IP range calculator showing total IPs covered by rules
- Emphasize block lists over allow lists in UI
- Renamed UI labels to show 'Recommended' for block lists
- Added info box explaining why block lists are safer
- Add /system/my-ip API endpoint to fetch user's public IP
- Handles X-Forwarded-For, X-Real-IP, CF-Connecting-IP headers
- Returns IP and source (direct, proxy, Cloudflare, etc.)
- Add ARIA attributes to ProxyHosts checkboxes for accessibility
Block lists prevent lockouts while maintaining security by blocking
known threats instead of requiring explicit allow lists that can
inadvertently block legitimate users (especially CGNAT/mobile users).
Note: Bulk delete tests need refinement (event simulation) - tracked
separately.
- Add bulk delete button with automatic backup creation before deletion
- Move checkbox column to the right side of the table
- Show '(all)' indicator when all hosts are selected
- Add comprehensive delete confirmation modal listing affected hosts
- Rename 'Bulk Actions' button to 'Manage ACL' for clarity
- Add CGNAT warning banner in Access Lists page
- Explains why mobile/CGNAT connections may be blocked
- Provides solutions for locked-out users
- Includes tips for T-Mobile 5G, Starlink, and other CGNAT ISPs
- Improve error messaging and loading states
Addresses common CGNAT issues where geo-blocking fails due to
data center IP addresses appearing instead of user's location.
- Added 'Domain Link Behavior' setting to System Settings (Same Tab, New Tab, New Window)
- Updated Proxy Hosts list to render domains as clickable links
- Implemented behavior logic:
- Same Tab: Opens in current tab
- New Tab: Opens in new tab (default)
- New Window: Opens in a new popup window
- Implemented Settings page for changing user passwords with validation and feedback.
- Created Setup page for initial admin account setup with form handling and navigation.
- Added API service layer for handling requests related to proxy hosts, remote servers, and import functionality.
- Introduced mock data for testing purposes and set up testing framework with vitest.
- Configured Tailwind CSS for styling and Vite for development and build processes.
- Added scripts for Dockerfile validation, Python syntax checking, and Sourcery integration.
- Implemented release and coverage scripts for better CI/CD practices.
- Deleted Settings.tsx and Setup.tsx pages, which included functionality for changing passwords and setting up an admin account.
- Removed associated test files for Setup page.
- Eliminated API service definitions related to proxy hosts, remote servers, import functionality, and health checks.
- Cleaned up mock data and test setup files.
- Removed configuration files for TypeScript, Vite, and Tailwind CSS.
- Deleted scripts for testing coverage, release management, Dockerfile validation, and Python compilation checks.
- Removed Sourcery pre-commit wrapper script.
Major Updates:
- Rewrote all docs in beginner-friendly 'ELI5' language
- Created docs index with user journey navigation
- Added complete getting-started guide for novice users
- Set up GitHub Container Registry (GHCR) automation
- Configured GitHub Pages deployment for documentation
Documentation:
- docs/index.md - Central navigation hub
- docs/getting-started.md - Step-by-step beginner guide
- docs/github-setup.md - CI/CD setup instructions
- README.md - Complete rewrite in accessible language
- CONTRIBUTING.md - Contributor guidelines
- Multiple comprehensive API and schema docs
CI/CD Workflows:
- .github/workflows/docker-build.yml - Multi-platform builds to GHCR
- .github/workflows/docs.yml - Automated docs deployment to Pages
- Supports main (latest), development (dev), and version tags
- Automated testing of built images
- Beautiful documentation site with dark theme
Benefits:
- Zero barrier to entry for new users
- Automated Docker builds (AMD64 + ARM64)
- Professional documentation site
- No Docker Hub account needed (uses GHCR)
- Complete CI/CD pipeline
All 7 implementation phases complete - project is production ready!
