roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: WireGuard peer sync, privileged mode, E2E and integration test correctness

Browse Source 
- api/app.py: sync WireGuard server config on peer add/remove (non-fatal)
- docker-compose.yml: add privileged:true to wireguard service
- E2E tests: fix logout selector, DNS IP lookup, wg config DNS line, VIP skip guards,
  badge text selectors, heading .first, async logout wait
- Integration tests: fix 4 tests that sent unauthenticated requests expecting 400
  (now use authenticated session helpers); accept 401 as valid in webui proxy test;
  add password field to service_access validation test
- Remove stale tracked config templates (config/api/api/*, config/api/cell.env, etc.)
  that no longer exist on disk after config layout was reorganised

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Dmitrii Iurco
2026-04-26 06:04:40 -04:00
parent 31a7951ffd
commit 420dced9ff
35 changed files with 101 additions and 464 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/e2e/helpers/playwright_login.py
+3 -3
View File
@@ -13,7 +13,7 @@ def do_login(page: Page, webui_base: str, username: str, password: str):
def do_logout(page: Page, webui_base: str):
"""Click the 'Sign out' button in the desktop sidebar and wait for redirect to /login."""
# The desktop sidebar renders a button with text "Sign out"; the mobile sidebar
# also has one. Use first() to avoid a strict-mode error when both are mounted.
page.locator('button:has-text("Sign out")').first.click()
# Desktop sidebar button has title="Sign out"; mobile button has no title.
# This avoids clicking the hidden mobile sidebar button when both are in the DOM.
page.locator('button[title="Sign out"]').click()
page.wait_for_url(lambda url: '/login' in url, timeout=5000)
tests/e2e/helpers/wg_runner.py
+6 -2
View File
@@ -33,12 +33,16 @@ class WGInterface:
def build_wg_config(private_key: str, peer_ip: str, server_pubkey: str,
server_endpoint: str, server_port: int = 51820,
allowed_ips: str = '10.0.0.0/24',
dns: str = '10.0.0.1') -> str:
dns: str = None) -> str:
# Omit DNS line by default — wg-quick would try to call resolvconf/systemd-resolved
# to set system DNS, which is not installed in all test environments.
# DNS tests reach 10.0.0.1 directly via `dig @10.0.0.1` once the tunnel is up.
dns_line = f"DNS = {dns}\n" if dns else ""
return (
f"[Interface]\n"
f"PrivateKey = {private_key}\n"
f"Address = {peer_ip}/32\n"
f"DNS = {dns}\n\n"
f"{dns_line}\n"
f"[Peer]\n"
f"PublicKey = {server_pubkey}\n"
f"Endpoint = {server_endpoint}:{server_port}\n"