feat: per-peer access enforcement, live peer status, auto IP assignment

Server-side access control: - firewall_manager.py: per-peer iptables FORWARD rules in WireGuard container; virtual IPs on Caddy (172.20.0.21-24) for per-service DROP/ACCEPT targeting - CoreDNS Corefile regenerated with ACL blocks for blocked services per peer - POST /api/wireguard/apply-enforcement re-applies rules after WireGuard restart; wg0.conf PostUp calls it via curl so rules restore automatically on container start WireGuard fixes: - _syncconf uses `wg set peer` instead of `wg syncconf` to avoid resetting ListenPort - add_peer validates AllowedIPs must be /32 — rejects full/split tunnel CIDRs that would route internet or LAN traffic to that peer - _config_file() checks for linuxserver wg_confs/ subdirectory first UI: - Peers page fetches /api/wireguard/peers/statuses for live handshake data; status badge now shows real Online/Offline + seconds since last handshake - IP field removed from Add Peer form (auto-assigned from 10.0.0.0/24) Tests (246 pass): - test_firewall_manager.py: 22 tests for ACL generation, iptables rule correctness, comment tagging, clear_peer_rules filter logic - test_peer_wg_integration.py: 10 tests for /32 enforcement, IP auto-assignment, syncconf called on add/remove - test_wireguard_manager.py: updated to reflect correct IPs and /32 requirement Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 01:01:07 -04:00
parent 8e41568964
commit 53c7661812
13 changed files with 1457 additions and 378 deletions
@@ -1,94 +1,164 @@
-import { useState, useEffect } from 'react';
-import { Mail, Users, Send } from 'lucide-react';
-import { emailAPI } from '../services/api';
-
-function Email() {
-  const [users, setUsers] = useState([]);
-  const [status, setStatus] = useState(null);
-  const [isLoading, setIsLoading] = useState(true);
-
-  useEffect(() => {
-    fetchEmailData();
-  }, []);
-
-  const fetchEmailData = async () => {
-    try {
-      const [usersResponse, statusResponse] = await Promise.all([
-        emailAPI.getUsers(),
-        emailAPI.getStatus()
-      ]);
-      
-      setUsers(usersResponse.data);
-      setStatus(statusResponse.data);
-    } catch (error) {
-      console.error('Failed to fetch email data:', error);
-    } finally {
-      setIsLoading(false);
-    }
-  };
-
-  if (isLoading) {
-    return (
-      <div className="flex items-center justify-center h-64">
-        <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-primary-600"></div>
-      </div>
-    );
-  }
-
-  return (
-    <div>
-      <div className="mb-8">
-        <h1 className="text-2xl font-bold text-gray-900">Email Services</h1>
-        <p className="mt-2 text-gray-600">
-          Manage Postfix and Dovecot email services
-        </p>
-      </div>
-
-      <div className="grid grid-cols-1 lg:grid-cols-2 gap-6">
-        {/* Status */}
-        <div className="card">
-          <div className="flex items-center mb-4">
-            <Mail className="h-6 w-6 text-primary-500 mr-2" />
-            <h3 className="text-lg font-medium text-gray-900">Service Status</h3>
-          </div>
-          {status ? (
-            <div className="space-y-2">
-              <div className="flex justify-between">
-                <span className="text-sm text-gray-500">Postfix:</span>
-                <span className="text-sm font-medium text-success-600">Running</span>
-              </div>
-              <div className="flex justify-between">
-                <span className="text-sm text-gray-500">Dovecot:</span>
-                <span className="text-sm font-medium text-success-600">Running</span>
-              </div>
-            </div>
-          ) : (
-            <p className="text-gray-500 text-sm">Status unavailable</p>
-          )}
-        </div>
-
-        {/* Users */}
-        <div className="card">
-          <div className="flex items-center mb-4">
-            <Users className="h-6 w-6 text-primary-500 mr-2" />
-            <h3 className="text-lg font-medium text-gray-900">Email Users</h3>
-          </div>
-          <div className="space-y-2">
-            {users.length > 0 ? (
-              users.map((user, index) => (
-                <div key={index} className="flex justify-between items-center p-2 bg-gray-50 rounded">
-                  <span className="text-sm font-medium">{user.username}</span>
-                  <span className="text-sm text-gray-500">{user.domain}</span>
-                </div>
-              ))
-            ) : (
-              <p className="text-gray-500 text-sm">No email users configured</p>
-            )}
-          </div>
-        </div>
-      </div>
-    </div>
-  );
-}
-
-export default Email; 
+import { useState, useEffect } from 'react';
+import { Mail, Users, Wifi, Copy, CheckCheck } from 'lucide-react';
+import { emailAPI } from '../services/api';
+
+const CELL_HOST = 'mail.cell';
+const CELL_IP = '172.20.0.23';
+
+function CopyButton({ text }) {
+  const [copied, setCopied] = useState(false);
+  const copy = () => {
+    navigator.clipboard.writeText(text);
+    setCopied(true);
+    setTimeout(() => setCopied(false), 1500);
+  };
+  return (
+    <button onClick={copy} className="ml-2 text-gray-400 hover:text-gray-600" title="Copy">
+      {copied ? <CheckCheck className="h-3.5 w-3.5 text-green-500" /> : <Copy className="h-3.5 w-3.5" />}
+    </button>
+  );
+}
+
+function InfoRow({ label, value }) {
+  return (
+    <div className="flex items-center justify-between py-1.5 border-b border-gray-100 last:border-0">
+      <span className="text-sm text-gray-500 w-36 shrink-0">{label}</span>
+      <div className="flex items-center">
+        <span className="text-sm font-mono font-medium text-gray-800">{value}</span>
+        <CopyButton text={value} />
+      </div>
+    </div>
+  );
+}
+
+function Email() {
+  const [users, setUsers] = useState([]);
+  const [status, setStatus] = useState(null);
+  const [isLoading, setIsLoading] = useState(true);
+
+  useEffect(() => {
+    fetchEmailData();
+  }, []);
+
+  const fetchEmailData = async () => {
+    try {
+      const [usersResponse, statusResponse] = await Promise.all([
+        emailAPI.getUsers(),
+        emailAPI.getStatus()
+      ]);
+      setUsers(usersResponse.data);
+      setStatus(statusResponse.data);
+    } catch (error) {
+      console.error('Failed to fetch email data:', error);
+    } finally {
+      setIsLoading(false);
+    }
+  };
+
+  if (isLoading) {
+    return (
+      <div className="flex items-center justify-center h-64">
+        <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-primary-600"></div>
+      </div>
+    );
+  }
+
+  return (
+    <div>
+      <div className="mb-8">
+        <h1 className="text-2xl font-bold text-gray-900">Email Services</h1>
+        <p className="mt-2 text-gray-600">Postfix (SMTP) + Dovecot (IMAP)</p>
+      </div>
+
+      <div className="grid grid-cols-1 lg:grid-cols-2 gap-6">
+        {/* Incoming mail */}
+        <div className="card">
+          <div className="flex items-center mb-4">
+            <Wifi className="h-5 w-5 text-primary-500 mr-2" />
+            <h3 className="text-lg font-medium text-gray-900">Incoming mail (IMAP)</h3>
+          </div>
+          <div className="bg-gray-50 rounded-lg px-4 py-2">
+            <InfoRow label="Server"       value={CELL_HOST} />
+            <InfoRow label="Port"         value="993" />
+            <InfoRow label="Security"     value="SSL/TLS" />
+            <InfoRow label="Direct IP"    value={CELL_IP} />
+          </div>
+        </div>
+
+        {/* Outgoing mail */}
+        <div className="card">
+          <div className="flex items-center mb-4">
+            <Mail className="h-5 w-5 text-primary-500 mr-2" />
+            <h3 className="text-lg font-medium text-gray-900">Outgoing mail (SMTP)</h3>
+          </div>
+          <div className="bg-gray-50 rounded-lg px-4 py-2">
+            <InfoRow label="Server"       value={CELL_HOST} />
+            <InfoRow label="Port"         value="587" />
+            <InfoRow label="Security"     value="STARTTLS" />
+            <InfoRow label="Auth"         value="Username + Password" />
+          </div>
+        </div>
+
+        {/* Webmail */}
+        <div className="card">
+          <div className="flex items-center mb-4">
+            <Mail className="h-5 w-5 text-primary-500 mr-2" />
+            <h3 className="text-lg font-medium text-gray-900">Webmail</h3>
+          </div>
+          <div className="bg-gray-50 rounded-lg px-4 py-2">
+            <InfoRow label="URL"          value="http://mail.cell" />
+            <InfoRow label="Alt URL"      value="http://webmail.cell" />
+            <InfoRow label="Direct IP"    value={`http://${CELL_IP}`} />
+          </div>
+          <p className="text-xs text-gray-400 mt-3">
+            Requires VPN + DNS set to <span className="font-mono">172.20.0.3</span>.
+          </p>
+        </div>
+
+        {/* Status */}
+        <div className="card">
+          <div className="flex items-center mb-4">
+            <Mail className="h-6 w-6 text-primary-500 mr-2" />
+            <h3 className="text-lg font-medium text-gray-900">Service Status</h3>
+          </div>
+          {status ? (
+            <div className="space-y-2">
+              <div className="flex justify-between">
+                <span className="text-sm text-gray-500">Postfix (SMTP):</span>
+                <span className="text-sm font-medium text-success-600">Running</span>
+              </div>
+              <div className="flex justify-between">
+                <span className="text-sm text-gray-500">Dovecot (IMAP):</span>
+                <span className="text-sm font-medium text-success-600">Running</span>
+              </div>
+            </div>
+          ) : (
+            <p className="text-gray-500 text-sm">Status unavailable</p>
+          )}
+        </div>
+
+        {/* Users */}
+        <div className="card lg:col-span-2">
+          <div className="flex items-center mb-4">
+            <Users className="h-6 w-6 text-primary-500 mr-2" />
+            <h3 className="text-lg font-medium text-gray-900">Email Accounts</h3>
+          </div>
+          <div className="space-y-2">
+            {users.length > 0 ? (
+              users.map((user, index) => (
+                <div key={index} className="flex justify-between items-center p-2 bg-gray-50 rounded">
+                  <span className="text-sm font-medium">{user.username}</span>
+                  <span className="text-sm text-gray-500">{user.domain}</span>
+                </div>
+              ))
+            ) : (
+              <p className="text-gray-500 text-sm">No email accounts configured</p>
+            )}
+          </div>
+        </div>
+      </div>
+    </div>
+  );
+}
+
+export default Email;