Unifies the two previously independent email subsystems — MailService
(net/smtp transport) and NotificationService (HTTP-based providers) —
so email can participate in the notification dispatch pipeline.
Key changes:
- SendEmail signature updated to accept context.Context and []string
recipients to enable timeout propagation and multi-recipient dispatch
- NotificationService.dispatchEmail() wires MailService as a first-class
provider type with IsConfigured() guard and 30s context timeout
- 'email' added to isSupportedNotificationProviderType() and
supportsJSONTemplates() returns false for email (plain/HTML only)
- settings_handler.go test-email endpoint updated to new SendEmail API
- Frontend: 'email' added to provider type union in notifications.ts,
Notifications.tsx shows recipient field and hides URL/token fields for
email providers
- All existing tests updated to match new SendEmail signature
- New tests added covering dispatchEmail paths, IsConfigured guards,
recipient validation, and context timeout behaviour
Also fixes confirmed false-positive CodeQL go/email-injection alerts:
- smtp.SendMail, sendSSL w.Write, and sendSTARTTLS w.Write sites now
carry inline codeql[go/email-injection] annotations as required by the
CodeQL same-line suppression spec; preceding-line annotations silently
no-op in current CodeQL versions
- auth_handler.go c.SetCookie annotated for intentional Secure=false on
local non-HTTPS loopback (go/cookie-secure-not-set warning only)
Closes part of #800
Remove all deprecated Shoutrrr integration artifacts and dead legacy fallback
code from the notification subsystem.
- Remove legacySendFunc field, ErrLegacyFallbackDisabled error, and
legacyFallbackInvocationError() from notification service
- Delete ShouldUseLegacyFallback() from notification router; simplify
ShouldUseNotify() by removing now-dead providerEngine parameter
- Remove EngineLegacy engine constant; EngineNotifyV1 is the sole engine
- Remove legacy.fallback_enabled feature flag, retiredLegacyFallbackEnvAliases,
and parseFlagBool/resolveRetiredLegacyFallback helpers from flags handler
- Remove orphaned EmailRecipients field from NotificationConfig model
- Delete feature_flags_coverage_v2_test.go (tested only the retired flag path)
- Delete security_notifications_test.go.archived (stale archived file)
- Move FIREFOX_E2E_FIXES_SUMMARY.md to docs/implementation/
- Remove root-level scan artifacts tracked in error; add gitignore patterns to
prevent future tracking of trivy-report.json and related outputs
- Update ARCHITECTURE.instructions.md: Notifications row Shoutrrr → Notify
No functional changes to active notification dispatch or mail delivery.
- Added role-based middleware to various security handler tests to ensure only admin users can access certain endpoints.
- Created a new test file for authorization checks on security mutators, verifying that non-admin users receive forbidden responses.
- Updated existing tests to include role setting for admin users, ensuring consistent access control during testing.
- Introduced sensitive data masking in settings handler responses, ensuring sensitive values are not exposed in API responses.
- Enhanced user handler responses to mask API keys and invite tokens, providing additional security for user-related endpoints.
- Refactored routes to group security admin endpoints under a dedicated route with role-based access control.
- Added tests for import handler routes to verify authorization guards, ensuring only admin users can access import functionalities.
- Introduced optional keepalive settings: `keepalive_idle` and `keepalive_count` in the Server struct.
- Implemented UI controls for keepalive settings in System Settings, including validation and persistence.
- Added localization support for new keepalive fields in multiple languages.
- Created a manual test tracking plan for verifying keepalive controls and their behavior.
- Updated existing tests to cover new functionality and ensure proper validation of keepalive inputs.
- Ensured safe defaults and fallback behavior for missing or invalid keepalive values.
- Added validation to reject non-discord provider types in create, update, test, and preview operations.
- Updated the notifications form to automatically normalize non-discord types to discord.
- Modified UI to display explicit messaging for deprecated and non-dispatch statuses for non-discord providers.
- Enhanced tests to cover new validation logic and UI changes for provider types.
- Removed unnecessary fields from logs where applicable to reduce clutter and focus on essential information.
- Ensured consistent logging practices to enhance security and prevent log injection vulnerabilities.
- Implemented SystemPermissionsHandler to check and repair file permissions.
- Added endpoints for retrieving and repairing permissions.
- Introduced utility functions for permission checks and error mapping.
- Created tests for the new handler and utility functions.
- Updated routes to include the new permissions endpoints.
- Enhanced configuration to support new logging and plugin directories.
- Added a reset of the models.Setting struct before querying for settings in both the Manager and Cerberus components to avoid ID leakage from previous queries.
- Introduced new functions in Cerberus for checking admin authentication and admin whitelist status.
- Enhanced middleware logic to allow admin users to bypass ACL checks if their IP is whitelisted.
- Added tests to verify the behavior of the middleware with respect to ACLs and admin whitelisting.
- Created a new utility for checking if an IP is in a CIDR list.
- Updated various services to use `Where` clause for fetching records by ID instead of directly passing the ID to `First`, ensuring consistency in query patterns.
- Added comprehensive tests for settings queries to demonstrate and verify the fix for ID leakage issues.
Complete Phase 4 implementation enabling ACL, WAF, and Rate Limiting
toggle functionality in the Security Dashboard UI.
Backend:
Add 60-second TTL settings cache layer to Cerberus middleware
Trigger async Caddy config reload on security.* setting changes
Query runtime settings in Caddy manager before config generation
Wire SettingsHandler with CaddyManager and Cerberus dependencies
Frontend:
Fix optimistic update logic to preserve mode field for WAF/rate_limit
Replace onChange with onCheckedChange for all Switch components
Add unit tests for mode preservation and rollback behavior
Test Fixes:
Fix CrowdSec startup test assertions (cfg.Enabled is global Cerberus flag)
Fix security service test UUID uniqueness for UNIQUE constraint
Add .first() to toast locator in wait-helpers.ts for multiple toasts
Documentation:
Add Security Dashboard Toggles section to features.md
Mark phase4_security_toggles_spec.md as IMPLEMENTED
Add E2E coverage mode (Docker vs Vite) documentation
Enables 8 previously skipped E2E tests in security-dashboard.spec.ts
and rate-limiting.spec.ts.
Add configurable public-facing URL setting to fix issue where invite emails
contained internal localhost addresses inaccessible to external users.
Features:
- New "Application URL" setting in System Settings (key: app.public_url)
- Real-time URL validation with visual feedback and HTTP warnings
- Test button to verify URL accessibility
- Invite preview showing actual link before sending
- Warning alerts when URL not configured
- Fallback to request-derived URL for backward compatibility
- Complete i18n support (EN, DE, ES, FR, ZH)
Backend:
- Created utils.GetPublicURL() for centralized URL management
- Added POST /settings/validate-url endpoint
- Added POST /users/preview-invite-url endpoint
- Updated InviteUser() to use configured public URL
Frontend:
- New Application URL card in SystemSettings with validation
- URL preview in InviteModal with warning banners
- Test URL button and configuration warnings
- Updated API clients with validation and preview functions
Security:
- Admin-only access for all endpoints
- Input validation prevents path injection
- SSRF-safe (URL only used in email generation)
- OWASP Top 10 compliant
Coverage: Backend 87.6%, Frontend 86.5% (both exceed 85% threshold)
Refs: #application-url-feature
- Created `qa-test-output-after-fix.txt` and `qa-test-output.txt` to log results of certificate page authentication tests.
- Added `build.sh` for deterministic backend builds in CI, utilizing `go list` for efficiency.
- Introduced `codeql_scan.sh` for CodeQL database creation and analysis for Go and JavaScript/TypeScript.
- Implemented `dockerfile_check.sh` to validate Dockerfiles for base image and package manager mismatches.
- Added `sourcery_precommit_wrapper.sh` to facilitate Sourcery CLI usage in pre-commit hooks.
- Added a new SMTP settings page with functionality to configure SMTP settings, test connections, and send test emails.
- Implemented user management page to list users, invite new users, and manage user permissions.
- Created modals for inviting users and editing user permissions.
- Added tests for the new SMTP settings and user management functionalities.
- Updated navigation to include links to the new SMTP settings and user management pages.
