- Implemented `getCrowdsecKeyStatus` API call to retrieve the current status of the CrowdSec API key.
- Created `CrowdSecKeyWarning` component to display warnings when the API key is rejected.
- Integrated `CrowdSecKeyWarning` into the Security page, ensuring it only shows when relevant.
- Updated i18n initialization in main.tsx to prevent race conditions during rendering.
- Enhanced authentication setup in tests to handle various response statuses more robustly.
- Adjusted security tests to accept broader error responses for import validation.
- Implemented `useManualChallenge`, `useChallengePoll`, and `useManualChallengeMutations` hooks for managing manual DNS challenges.
- Created tests for the `useManualChallenge` hooks to ensure correct fetching and mutation behavior.
- Added `ManualDNSChallenge` component for displaying challenge details and actions.
- Developed end-to-end tests for the Manual DNS Provider feature, covering provider selection, challenge UI, and accessibility compliance.
- Included error handling tests for verification failures and network errors.
- Implemented tests to verify multi-credential DNS providers create separate TLS automation policies per zone with zone-specific credentials.
- Added tests for ZeroSSL issuer and both ACME and ZeroSSL issuers in multi-credential scenarios.
- Verified handling of ACME staging CA and scenarios where zones have no matching domains.
- Ensured graceful handling when provider type is not found in the registry.
- Added tests for disabled hosts, custom certificates, and advanced config normalization.
- Enhanced credential retrieval logic to handle multi-credential scenarios, including disabled credentials and catch-all matches.
- Improved security decision handling with admin whitelist checks.
- Updated encryption key handling in integration tests for consistent behavior.
- Implement DNSProviderCard component for displaying individual DNS provider details.
- Create DNSProviderForm component for adding and editing DNS providers.
- Add DNSProviderSelector component for selecting DNS providers in forms.
- Introduce useDNSProviders hook for fetching and managing DNS provider data.
- Add DNSProviders page for listing and managing DNS providers.
- Update layout to include DNS Providers navigation.
- Enhance UI components with new badge styles and improved layouts.
- Add default provider schemas for various DNS providers.
- Integrate translation strings for DNS provider management.
- Update Vite configuration for improved chunking and performance.
- Replace Go interface{} with any (Go 1.18+ standard)
- Add database indexes to frequently queried model fields
- Add JSDoc documentation to frontend API client methods
- Remove deprecated docker-compose version keys
- Add concurrency groups to all 25 GitHub Actions workflows
- Add YAML front matter and fix H1→H2 headings in docs
Coverage: Backend 85.5%, Frontend 87.73%
Security: No vulnerabilities detected
Refs: docs/plans/instruction_compliance_spec.md
- Updated Definition of Done report with detailed checks and results for backend and frontend tests.
- Documented issues related to race conditions and test failures in QA reports.
- Improved security scan notes and code cleanup status in QA reports.
- Added summaries for rate limit integration test fixes, including root causes and resolutions.
- Introduced new debug and integration scripts for rate limit testing.
- Updated security documentation to reflect changes in configuration and troubleshooting steps.
- Enhanced troubleshooting guides for CrowdSec and Go language server (gopls) errors.
- Improved frontend and scripts README files for clarity and usage instructions.
- Implement GeoIPService for IP-to-country lookups with comprehensive error handling.
- Add tests for GeoIPService covering various scenarios including invalid IPs and database loading.
- Extend AccessListService to handle GeoIP service integration, including graceful degradation when GeoIP service is unavailable.
- Introduce new tests for AccessListService to validate geo ACL behavior and country code parsing.
- Update SecurityService to include new fields for WAF configuration and enhance decision logging functionality.
- Add extensive tests for SecurityService covering rule set management and decision logging.
- Create a detailed Security Coverage QA Plan to ensure 100% code coverage for security-related functionality.
- Implement tests for ImportSuccessModal to verify rendering and functionality.
- Update AuthContext to store authentication token in localStorage and manage token state.
- Modify useImport hook to capture and expose commit results, preventing unnecessary refetches.
- Enhance useCertificates hook to support optional refetch intervals.
- Update Dashboard to conditionally poll certificates based on pending status.
- Integrate ImportSuccessModal into ImportCaddy for user feedback on import completion.
- Adjust Login component to utilize returned token for authentication.
- Refactor CrowdSecConfig tests for improved readability and reliability.
- Add debug_db.py script for inspecting the SQLite database.
- Update integration and test scripts for better configuration and error handling.
- Introduce Trivy scan script for vulnerability assessment of Docker images.
- Created `qa-test-output-after-fix.txt` and `qa-test-output.txt` to log results of certificate page authentication tests.
- Added `build.sh` for deterministic backend builds in CI, utilizing `go list` for efficiency.
- Introduced `codeql_scan.sh` for CodeQL database creation and analysis for Go and JavaScript/TypeScript.
- Implemented `dockerfile_check.sh` to validate Dockerfiles for base image and package manager mismatches.
- Added `sourcery_precommit_wrapper.sh` to facilitate Sourcery CLI usage in pre-commit hooks.
- Added unit tests for CrowdSec handler, including listing, banning, and unbanning IPs.
- Implemented mock command executor for testing command execution.
- Created tests for various scenarios including successful operations, error handling, and invalid inputs.
- Developed CrowdSec configuration tests to ensure proper handler setup and JSON output.
- Documented security features and identified gaps in CrowdSec, WAF, and Rate Limiting implementations.
- Established acceptance criteria for feature completeness and outlined implementation phases for future work.
- Modified the GenerateConfig function to include an additional parameter for ruleset paths.
- Updated multiple test cases across various files to accommodate the new parameter.
- Enhanced the manager's ApplyConfig method to handle ruleset file creation and error handling.
- Added integration tests for Coraza WAF to validate runtime behavior and ruleset application.
- Updated documentation to include instructions for testing Coraza WAF integration locally.
- Updated SecurityConfig model to only support 'local' or 'disabled' modes for CrowdSec.
- Modified related logic in the manager and services to reject external mode.
- Adjusted tests to validate the new restrictions on CrowdSec modes.
- Updated frontend components to remove references to external mode and provide appropriate user feedback.
- Enhanced documentation to reflect the removal of external CrowdSec mode support.
- Added SecurityConfig model to manage Cerberus settings including admin whitelist and break-glass token.
- Introduced SecurityService for handling security configurations and token generation.
- Updated Manager to check for admin whitelist before applying configurations to prevent accidental lockouts.
- Enhanced frontend with hooks and API calls for managing security settings and generating break-glass tokens.
- Updated documentation to include self-lockout protection measures and best practices for using Cerberus.
- Updated `GenerateConfig` function calls in tests to include additional security parameters.
- Enhanced `Manager` struct to hold a `SecurityConfig` instance for managing security-related settings.
- Implemented `computeEffectiveFlags` method to determine the effective state of security features based on both static configuration and runtime database settings.
- Added comprehensive tests for the new security configuration handling, ensuring correct behavior for various scenarios including ACL and CrowdSec settings.
- Adjusted existing tests to accommodate the new structure and ensure compatibility with the updated configuration management.
- Deleted `useSecurity.ts` hook which managed authentication users, providers, and policies.
- Removed `Policies.tsx`, `Providers.tsx`, and `Users.tsx` pages that utilized the above hook.
- Cleaned up the `index.tsx` file in the Security section to remove references to the deleted pages.
- Updated mock data by removing unused properties related to forward authentication.
- Introduced ForwardAuthConfig model to store global forward authentication settings.
- Updated Manager to fetch and apply forward authentication configuration.
- Added ForwardAuthHandler to create a reverse proxy handler for authentication.
- Enhanced ProxyHost model to include forward authentication options.
- Created Security page and ForwardAuthSettings component for managing authentication settings.
- Implemented API endpoints for fetching and updating forward authentication configuration.
- Added tests for new functionality including validation and error handling.
- Updated frontend components to support forward authentication settings.
- Implemented Settings page for changing user passwords with validation and feedback.
- Created Setup page for initial admin account setup with form handling and navigation.
- Added API service layer for handling requests related to proxy hosts, remote servers, and import functionality.
- Introduced mock data for testing purposes and set up testing framework with vitest.
- Configured Tailwind CSS for styling and Vite for development and build processes.
- Added scripts for Dockerfile validation, Python syntax checking, and Sourcery integration.
- Implemented release and coverage scripts for better CI/CD practices.
- Deleted Settings.tsx and Setup.tsx pages, which included functionality for changing passwords and setting up an admin account.
- Removed associated test files for Setup page.
- Eliminated API service definitions related to proxy hosts, remote servers, import functionality, and health checks.
- Cleaned up mock data and test setup files.
- Removed configuration files for TypeScript, Vite, and Tailwind CSS.
- Deleted scripts for testing coverage, release management, Dockerfile validation, and Python compilation checks.
- Removed Sourcery pre-commit wrapper script.
- Deleted Caddy configuration types and validation logic from the backend.
- Removed associated test files for validation.
- Cleaned up related service and model files that are no longer needed.
- Removed unnecessary environment configuration and database connection code.
- Eliminated unused models related to access control, SSL certificates, and user management.
- Cleaned up node modules by removing unnecessary binaries.
- Implemented Issue #9: User Authentication & Authorization
- Added User model fields (FailedLoginAttempts, LockedUntil, LastLogin)
- Created AuthService with JWT support, bcrypt hashing, and account lockout
- Added AuthMiddleware and AuthHandler
- Registered auth routes in backend
- Created AuthContext and RequireAuth component in frontend
- Implemented Login page and integrated with backend
- Fixed 'Blank Page' issue in local Docker environment
- Added QueryClientProvider to main.tsx
- Installed missing lucide-react dependency
- Fixed TypeScript linting errors in SetupGuard.tsx
- Updated docker-entrypoint.sh to use 127.0.0.1 for reliable Caddy checks
- Verified with local Docker build
- Updated ProxyHostForm to include functionality for managing custom locations.
- Introduced add, remove, and update operations for locations in the form.
- Modified the ProxyHost interface to include an array of locations.
- Removed the advanced configuration textarea in favor of a more structured location input.
- Updated the frontend assets in index.html to reflect the latest build.
- Add Caddy client package (client.go) with Load/GetConfig/Ping methods
- Implement config generator (config.go) transforming ProxyHost → Caddy JSON
- Add pre-flight validator (validator.go) catching config errors before reload
- Create manager (manager.go) with rollback capability using config snapshots
- Add CaddyConfig model for audit trail of configuration changes
- Update Config to include Caddy admin API and config dir settings
- Create comprehensive unit tests with 100% coverage for caddy package
Docker Infrastructure:
- Add docker-compose.yml with Caddy sidecar container
- Add docker-compose.dev.yml for development overrides
- Create .github/workflows/docker-publish.yml for GHCR publishing
- Update CI to build Docker images and run integration tests
- Add DOCKER.md with comprehensive deployment guide
- Update Makefile with docker-compose commands
- Update README with Docker-first deployment instructions
Configuration:
- Add CPM_CADDY_ADMIN_API and CPM_CADDY_CONFIG_DIR env vars
- Update .env.example with new Caddy settings
- Update AutoMigrate to include CaddyConfig model
All acceptance criteria met:
✅ Can programmatically generate valid Caddy JSON configs
✅ Can reload Caddy configuration via admin API
✅ Invalid configs caught by validator before reload
✅ Automatic rollback on failure via snapshot system
