akanealw/caddy-proxy-manager
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
277ae6e79cb3156559c2b400e5ad649d059ba8ac
caddy-proxy-manager/src/lib
History
fuomag9 277ae6e79c Add mTLS RBAC with path-based access control, role/cert trust model, and comprehensive tests 
Implements full role-based access control for mTLS client certificates:
- Database: mtls_roles, mtls_certificate_roles, mtls_access_rules tables with migration
- Models: CRUD for roles, cert-role assignments, path-based access rules
- Caddy config: HTTP-layer RBAC enforcement via CEL fingerprint matching in subroutes
- New trust model: select individual certs or entire roles instead of CAs (derives CAs automatically)
- REST API: /api/v1/mtls-roles, cert assignments, proxy-host access rules endpoints
- UI: Roles management tab (card-based), cert/role trust picker, inline RBAC rule editor
- Fix: dialog autoclose bug after creating proxy host (key-based remount)
- Tests: 85 new tests (785 total) covering models, schema, RBAC route generation, leaf override, edge cases

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 18:40:21 +02:00
..
db
Add mTLS RBAC with path-based access control, role/cert trust model, and comprehensive tests
2026-04-05 18:40:21 +02:00
models
Add mTLS RBAC with path-based access control, role/cert trust model, and comprehensive tests
2026-04-05 18:40:21 +02:00
services
fix: harden security post-review (JWT exposure, rate limiter, token expiry, timing)
2026-02-25 20:58:21 +01:00
actions.ts
updated a lot of stuff
2025-11-02 22:16:13 +01:00
analytics-db.ts
fix: include WAF blocks in dashboard blocked counter
2026-04-03 10:15:13 +02:00
api-auth.ts
chore: remove finding-ID prefixes from code comments
2026-03-26 12:51:39 +01:00
audit.ts
Rewritten to use drizzle instead of prisma
2025-11-07 19:26:32 +01:00
auth.ts
chore: remove finding-ID prefixes from code comments
2026-03-26 12:51:39 +01:00
caddy-monitor.ts
Handle wildcard proxy hosts and stabilize test coverage
2026-03-14 01:03:34 +01:00
caddy-mtls.ts
Add mTLS RBAC with path-based access control, role/cert trust model, and comprehensive tests
2026-04-05 18:40:21 +02:00
caddy-utils.ts
refractor code to allow more tests
2026-03-07 16:53:36 +01:00
caddy-waf.ts
chore: remove finding-ID prefixes from code comments
2026-03-26 12:51:39 +01:00
caddy.ts
Add mTLS RBAC with path-based access control, role/cert trust model, and comprehensive tests
2026-04-05 18:40:21 +02:00
config.ts
chore: remove finding-ID prefixes from code comments
2026-03-26 12:51:39 +01:00
db.ts
fix: use bun:sqlite in production, better-sqlite3 as test-only devDep
2026-03-21 11:53:33 +01:00
form-parse.ts
refractor code to allow more tests
2026-03-07 16:53:36 +01:00
host-pattern-priority.ts
Handle wildcard proxy hosts and stabilize test coverage
2026-03-14 01:03:34 +01:00
init-db.ts
enforce admin role by reading user role instead of hardcoding
2025-11-19 18:06:24 +01:00
instance-sync.ts
feat: instant banner refresh on L4 mutations + master-slave L4 sync
2026-03-22 00:22:44 +01:00
l4-ports.ts
feat: add L4 (TCP/UDP) proxy host support via caddy-l4
2026-03-22 00:11:16 +01:00
log-parser.ts
chore: remove finding-ID prefixes from code comments
2026-03-26 12:51:39 +01:00
proxy-host-domains.ts
Handle wildcard proxy hosts and stabilize test coverage
2026-03-14 01:03:34 +01:00
rate-limit.ts
Throttle login attempts and lock admin actions to privileged sessions
2025-11-04 00:00:22 +01:00
secret.ts
chore: remove finding-ID prefixes from code comments
2026-03-26 12:51:39 +01:00
settings.ts
remove DetectionOnly WAF mode
2026-03-06 17:27:08 +01:00
utils.ts
feat: scaffold tailwind + shadcn foundation, swap to next-themes
2026-03-22 11:14:09 +01:00
waf-log-parser.ts
chore: remove finding-ID prefixes from code comments
2026-03-26 12:51:39 +01:00