akanealw/caddy-proxy-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
2,248 Commits 2 Branches 4 Tags
develop
Commit Graph

8 Commits

Author SHA1 Message Date
akanealw
99819b70ff added caddy-proxy-manager for testing
Some checks failed
Build and Push Docker Images (Trusted) / build-and-push (., docker/caddy/Dockerfile, caddy) (push) Has been cancelled
Details
Build and Push Docker Images (Trusted) / build-and-push (., docker/l4-port-manager/Dockerfile, l4-port-manager) (push) Has been cancelled
Details
Build and Push Docker Images (Trusted) / build-and-push (., docker/web/Dockerfile, web) (push) Has been cancelled
Details
Tests / test (push) Has been cancelled
Details
2026-04-21 22:49:08 +00:00
fuomag9
debd0d98fc security: fix 17 vulnerabilities from comprehensive pentest 
Fixes identified from full security audit covering auth, crypto,
injection, infrastructure, and configuration security.

Critical:
- C1: Fail-closed on unrecognized NODE_ENV (prevent DEV_SECRET in staging)
- C3: Validate API token expires_at (reject invalid dates that bypass expiry)

High:
- H1: Refresh JWT role from DB on each session (reflect demotions immediately)
- H2: Docker socket proxy for l4-port-manager (restrict API surface)
- H5: Block dangerous WAF custom directives (SecRuleEngine, SecAuditEngine)
- H7: Require explicit NEXTAUTH_TRUST_HOST instead of always trusting Host
- H8: Semantic validation of sync payload (block metadata SSRF, size limits)

Medium:
- M3: Rate limit password change current-password verification
- M5: Parameterized SQL in log/waf parsers (replace template literals)
- M6: Nonce-based CSP replacing unsafe-inline for script-src
- M9: Strip Caddy placeholders from rewrite path_prefix
- M10: Sanitize authentik outpostDomain (path traversal, placeholders)
- M14: Deny access on missing JWT role instead of defaulting to "user"

Low:
- L1: Require Origin header on mutating session-authenticated requests
- L4: Enforce password complexity on user password changes
- L5: Time-limited legacy SHA-256 key fallback (grace period until 2026-06-01)
- L6: Escape LIKE metacharacters in audit log search
- L7: Runtime-validate WAF excluded_rule_ids as positive integers

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-26 12:14:44 +01:00
fuomag9
896ee2281b feat: rewrite overview and core dashboard pages with shadcn 
Replaces all MUI components in 8 dashboard page files with shadcn/ui
and Tailwind. Adds global TooltipProvider to app/providers.tsx.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-22 15:57:38 +01:00
fuomag9
7aeaaded5e feat: scaffold tailwind + shadcn foundation, swap to next-themes 
Installs Tailwind CSS v3, postcss, autoprefixer, next-themes, lucide-react,
clsx, tailwind-merge, class-variance-authority, sonner, and tailwindcss-animate.
Creates tailwind.config.ts, postcss.config.mjs, components.json, src/lib/utils.ts
(cn helper), replaces globals.css with CSS variable theme, adds
suppressHydrationWarning to html element, and replaces MUI ThemeProvider
with next-themes ThemeProvider + sonner Toaster. MUI remains installed.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-22 11:14:09 +01:00
fuomag9
ce741c98c6 fix alignment issue and missing background 2026-01-15 01:20:19 +01:00
fuomag9
85c7a0f8c7 finalized UI and website for 1.0 release 2026-01-15 01:16:25 +01:00
fuomag9
b064003c34 Updated the UI 2025-10-31 23:25:04 +01:00
fuomag9
29acf06f75 Swapped the entire UI to Material UI, applied a global dark theme, and removed all of the old styled-jsx/CSS-module styling 2025-10-31 21:03:02 +01:00