akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 9 Packages Projects Releases Wiki Activity
Files
555ab5e669a23faffced2bf186d5ddc379fb58b7
Charon/backend/internal/models/proxy_host.go
T
GitHub Actions 8cf762164f feat: implement HTTP Security Headers management (Issue #20) 
Add comprehensive security header management system with reusable
profiles, interactive builders, and security scoring.

Features:
- SecurityHeaderProfile model with 11+ header types
- CRUD API with 10 endpoints (/api/v1/security/headers/*)
- Caddy integration for automatic header injection
- 3 built-in presets (Basic, Strict, Paranoid)
- Security score calculator (0-100) with suggestions
- Interactive CSP builder with validation
- Permissions-Policy builder
- Real-time security score preview
- Per-host profile assignment

Headers Supported:
- HSTS with preload support
- Content-Security-Policy with report-only mode
- X-Frame-Options, X-Content-Type-Options
- Referrer-Policy, Permissions-Policy
- Cross-Origin-Opener/Resource/Embedder-Policy
- X-XSS-Protection, Cache-Control security

Implementation:
- Backend: models, handlers, services (85% coverage)
- Frontend: React components, hooks (87.46% coverage)
- Tests: 1,163 total tests passing
- Docs: Comprehensive feature documentation

Closes #20
2025-12-19 18:55:48 +00:00

52 lines
2.9 KiB
Go
Raw Blame History

package models
import (
"time"
)
// ProxyHost represents a reverse proxy configuration.
type ProxyHost struct {
ID uint `json:"id" gorm:"primaryKey"`
UUID string `json:"uuid" gorm:"uniqueIndex;not null"`
Name string `json:"name"`
DomainNames string `json:"domain_names" gorm:"not null"` // Comma-separated list
ForwardScheme string `json:"forward_scheme" gorm:"default:http"`
ForwardHost string `json:"forward_host" gorm:"not null"`
ForwardPort int `json:"forward_port" gorm:"not null"`
SSLForced bool `json:"ssl_forced" gorm:"default:false"`
HTTP2Support bool `json:"http2_support" gorm:"default:true"`
HSTSEnabled bool `json:"hsts_enabled" gorm:"default:false"`
HSTSSubdomains bool `json:"hsts_subdomains" gorm:"default:false"`
BlockExploits bool `json:"block_exploits" gorm:"default:true"`
WebsocketSupport bool `json:"websocket_support" gorm:"default:false"`
Application string `json:"application" gorm:"default:none"` // none, plex, jellyfin, emby, homeassistant, nextcloud, vaultwarden
Enabled bool `json:"enabled" gorm:"default:true"`
CertificateID *uint `json:"certificate_id"`
Certificate *SSLCertificate `json:"certificate" gorm:"foreignKey:CertificateID"`
AccessListID *uint `json:"access_list_id"`
AccessList *AccessList `json:"access_list" gorm:"foreignKey:AccessListID"`
Locations []Location `json:"locations" gorm:"foreignKey:ProxyHostID;constraint:OnDelete:CASCADE"`
AdvancedConfig string `json:"advanced_config" gorm:"type:text"`
AdvancedConfigBackup string `json:"advanced_config_backup" gorm:"type:text"`
// Forward Auth / User Gateway settings
// When enabled, Caddy will use forward_auth to verify user access via Charon
ForwardAuthEnabled bool `json:"forward_auth_enabled" gorm:"default:false"`
// WAF override - when true, disables WAF for this specific host
WAFDisabled bool `json:"waf_disabled" gorm:"default:false"`
// Security Headers Configuration
// Either reference a profile OR use inline settings
SecurityHeaderProfileID *uint `json:"security_header_profile_id"`
SecurityHeaderProfile *SecurityHeaderProfile `json:"security_header_profile" gorm:"foreignKey:SecurityHeaderProfileID"`
// Inline security header settings (used when no profile is selected)
// These override profile settings if both are set
SecurityHeadersEnabled bool `json:"security_headers_enabled" gorm:"default:true"`
SecurityHeadersCustom string `json:"security_headers_custom" gorm:"type:text"` // JSON for custom headers
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
Reference in New Issue View Git Blame Copy Permalink