akanealw/caddy-proxy-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
277ae6e79cb3156559c2b400e5ad649d059ba8ac
caddy-proxy-manager/drizzle/meta/_journal.json
fuomag9 277ae6e79c Add mTLS RBAC with path-based access control, role/cert trust model, and comprehensive tests 
Implements full role-based access control for mTLS client certificates:
- Database: mtls_roles, mtls_certificate_roles, mtls_access_rules tables with migration
- Models: CRUD for roles, cert-role assignments, path-based access rules
- Caddy config: HTTP-layer RBAC enforcement via CEL fingerprint matching in subroutes
- New trust model: select individual certs or entire roles instead of CAs (derives CAs automatically)
- REST API: /api/v1/mtls-roles, cert assignments, proxy-host access rules endpoints
- UI: Roles management tab (card-based), cert/role trust picker, inline RBAC rule editor
- Fix: dialog autoclose bug after creating proxy host (key-based remount)
- Tests: 85 new tests (785 total) covering models, schema, RBAC route generation, leaf override, edge cases

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 18:40:21 +02:00

126 lines
2.4 KiB
JSON
Raw Blame History

{
"version": "5",
"dialect": "sqlite",
"entries": [
{
"idx": 0,
"version": "6",
"when": 1762515724134,
"tag": "0000_initial",
"breakpoints": true
},
{
"idx": 1,
"version": "6",
"when": 1766854292252,
"tag": "0001_adorable_sally_floyd",
"breakpoints": true
},
{
"idx": 2,
"version": "6",
"when": 1766880443160,
"tag": "0002_perfect_hedge_knight",
"breakpoints": true
},
{
"idx": 3,
"version": "6",
"when": 1769262874211,
"tag": "0003_instances",
"breakpoints": true
},
{
"idx": 4,
"version": "6",
"when": 1770395358533,
"tag": "0004_slimy_grim_reaper",
"breakpoints": true
},
{
"idx": 5,
"version": "6",
"when": 1770395358534,
"tag": "0005_remove_static_response",
"breakpoints": true
},
{
"idx": 6,
"version": "6",
"when": 1770395358535,
"tag": "0006_remove_redirects",
"breakpoints": true
},
{
"idx": 7,
"version": "6",
"when": 1740441600000,
"tag": "0007_linking_tokens",
"breakpoints": true
},
{
"idx": 8,
"version": "6",
"when": 1740960000000,
"tag": "0008_unique_provider_subject",
"breakpoints": true
},
{
"idx": 9,
"version": "6",
"when": 1772129593846,
"tag": "0009_watery_bill_hollister",
"breakpoints": true
},
{
"idx": 10,
"version": "6",
"when": 1772200000000,
"tag": "0010_waf",
"breakpoints": true
},
{
"idx": 11,
"version": "6",
"when": 1772300000000,
"tag": "0011_mtls",
"breakpoints": true
},
{
"idx": 12,
"version": "6",
"when": 1772400000000,
"tag": "0012_ca_private_key",
"breakpoints": true
},
{
"idx": 13,
"version": "6",
"when": 1772500000000,
"tag": "0013_issued_client_certificates",
"breakpoints": true
},
{
"idx": 14,
"version": "6",
"when": 1772806000000,
"tag": "0014_waf_blocked",
"breakpoints": true
},
{
"idx": 15,
"version": "6",
"when": 1774300000000,
"tag": "0015_l4_proxy_hosts",
"breakpoints": true
},
{
"idx": 16,
"version": "6",
"when": 1775400000000,
"tag": "0016_mtls_rbac",
"breakpoints": true
}
]
}
Reference in New Issue View Git Blame Copy Permalink