roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: port conflict validation, autosave on Apply, extended integration tests

Browse Source 
Port conflict validation:
- api/port_registry.py: detect_conflicts() checks all service sections for shared port values
- api/app.py: returns HTTP 409 on port conflict after existing range validation
- webui/src/pages/Settings.jsx: JS-side detectPortConflicts() with useMemo shows inline
  conflict errors and blocks Save before the request is made; catch blocks surface server
  error messages (including 409) instead of generic fallbacks

Config autosave on Apply:
- webui/src/contexts/DraftConfigContext.jsx: new context; Settings registers flush callbacks
  per section; App calls flushAll() before applyPending() when any section is dirty
- webui/src/App.jsx: wraps tree with DraftConfigProvider, handleApply shows 'saving' banner
  state and awaits flushAll()
- webui/src/pages/Settings.jsx: registers identity + per-service flushers; propagates dirty
  state into context via setDirty; uses refs to avoid stale closures

Extended integration test coverage (114 new tests):
- tests/integration/test_config_api.py: GET/PUT config, export, import, backup lifecycle
- tests/integration/test_network_services.py: DNS records + DHCP reservations CRUD
- tests/integration/test_containers.py: list, restart, logs, stats; recovery polling
- tests/integration/test_negative_scenarios.py: error-path coverage for all endpoints
- tests/test_port_conflicts.py: 20 unit tests for port_registry.detect_conflicts()

Pre-commit hook updated to skip tests/integration/ (live-stack tests require a running
stack and must be run explicitly via `make test-integration`).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Dmitrii Iurco
2026-04-24 04:45:47 -04:00
parent 596b06f171
commit 768571f2b7
11 changed files with 1584 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/app.py
+9
View File
@@ -43,6 +43,7 @@ from service_bus import ServiceBus, EventType
from log_manager import LogManager
from cell_link_manager import CellLinkManager
import firewall_manager
from port_registry import PORT_FIELDS, detect_conflicts
# Context variable for request info
request_context = contextvars.ContextVar('request_context', default={})
@@ -477,6 +478,14 @@ def update_config():
raise ValueError()
except (ValueError, TypeError):
return jsonify({'error': f'{_svc}.{_f} must be an integer between 1 and 65535'}), 400
# Validate that no two service sections use the same port number
_conflicts = detect_conflicts(config_manager.configs, data)
if _conflicts:
_msgs = []
for _c in _conflicts:
_pairs = ', '.join(f"{_s}.{_f}" for _s, _f in _c['conflicts'])
_msgs.append(f"port {_c['port']} is used by {_pairs}")
return jsonify({'error': 'Port conflict: ' + '; '.join(_msgs)}), 409
# Validate WireGuard address (must be valid IP/CIDR)
if 'wireguard' in data and isinstance(data['wireguard'], dict):
_addr = data['wireguard'].get('address')
api/port_registry.py
+67
View File
@@ -0,0 +1,67 @@
"""
Port conflict detection for PIC.
Maps each service section to the port field names it exposes, and provides
detect_conflicts() to find cases where two distinct (section, field) slots
resolve to the same integer port value.
"""
# Maps section → list of port field names within that section's config dict.
# Must stay in sync with the _port_fields dict in app.py's update_config().
PORT_FIELDS = {
'network': ['dns_port'],
'wireguard': ['port'],
'email': ['smtp_port', 'submission_port', 'imap_port', 'webmail_port'],
'calendar': ['port'],
'files': ['port', 'manager_port'],
}
def detect_conflicts(effective_config, incoming_patch):
"""
Detect port conflicts across all tracked service sections.
Parameters
----------
effective_config : dict
The current full config as stored (e.g. config_manager.configs).
Each key is a section name; the value is a dict of that section's
config fields.
incoming_patch : dict
The partial update the user is trying to save. Values here override
whatever is in effective_config for the purpose of conflict checking.
Returns
-------
list of dict
Each element is {'port': <int>, 'conflicts': [(section, field), ...]}.
Only entries where 2+ (section, field) pairs share the same port are
included. Returns an empty list when there are no conflicts.
"""
# Build merged view: start from stored config, overlay the patch
merged = {}
for section in PORT_FIELDS:
stored = effective_config.get(section, {}) or {}
patch = incoming_patch.get(section, {}) or {}
merged[section] = {**stored, **patch}
# Collect port → [(section, field)] mapping
port_map = {}
for section, fields in PORT_FIELDS.items():
for field in fields:
raw = merged[section].get(field)
if raw is None or raw == '':
continue
try:
port_val = int(raw)
except (ValueError, TypeError):
continue
port_map.setdefault(port_val, []).append((section, field))
# Return only entries that have more than one (section, field) slot
conflicts = []
for port_val, slots in port_map.items():
if len(slots) >= 2:
conflicts.append({'port': port_val, 'conflicts': slots})
return conflicts
tests/integration/test_config_api.py
+332
View File
@@ -0,0 +1,332 @@
"""
Config API integration tests.
Covers:
- GET /api/config shape, required fields
- PUT /api/config partial updates, validation rejections
- GET /api/config/export returns content
- POST /api/config/import valid and invalid payloads
- POST /api/config/backup creates a backup entry
- GET /api/config/backups lists backups
Run with: pytest tests/integration/test_config_api.py -v
"""
import pytest
import requests
import sys
import os
sys.path.insert(0, os.path.dirname(__file__))
from conftest import API_BASE
def get(path, **kw):
return requests.get(f"{API_BASE}{path}", **kw)
def put(path, **kw):
return requests.put(f"{API_BASE}{path}", **kw)
def post(path, **kw):
return requests.post(f"{API_BASE}{path}", **kw)
# ---------------------------------------------------------------------------
# GET /api/config
# ---------------------------------------------------------------------------
class TestGetConfig:
def test_get_config_returns_200(self):
r = get('/api/config')
assert r.status_code == 200
def test_get_config_content_type_is_json(self):
r = get('/api/config')
assert 'application/json' in r.headers.get('Content-Type', '')
def test_get_config_has_cell_name(self):
data = get('/api/config').json()
assert 'cell_name' in data
assert isinstance(data['cell_name'], str)
assert data['cell_name'] # non-empty
def test_get_config_has_domain(self):
data = get('/api/config').json()
assert 'domain' in data
assert isinstance(data['domain'], str)
def test_get_config_has_valid_ip_range(self):
import ipaddress
data = get('/api/config').json()
assert 'ip_range' in data
# Must be a parseable IPv4 CIDR
net = ipaddress.ip_network(data['ip_range'], strict=False)
assert net.version == 4, f"ip_range {data['ip_range']} is not IPv4"
def test_get_config_has_wireguard_port(self):
data = get('/api/config').json()
assert 'wireguard_port' in data
port = data['wireguard_port']
assert isinstance(port, int)
assert 1 <= port <= 65535
def test_get_config_has_service_ips(self):
data = get('/api/config').json()
assert 'service_ips' in data
sips = data['service_ips']
for key in ('dns', 'vip_mail', 'vip_calendar', 'vip_files', 'vip_webdav'):
assert key in sips, f"service_ips missing key: {key}"
def test_get_config_has_service_configs(self):
data = get('/api/config').json()
assert 'service_configs' in data
assert isinstance(data['service_configs'], dict)
# ---------------------------------------------------------------------------
# PUT /api/config — positive cases
# ---------------------------------------------------------------------------
class TestPutConfigPositive:
def test_put_config_returns_200(self):
# Read current cell_name first so we can restore it safely
current = get('/api/config').json()
original_name = current['cell_name']
# Write back the same value — idempotent, no real change
r = put('/api/config', json={'cell_name': original_name})
assert r.status_code == 200
def test_put_config_response_has_message(self):
r = put('/api/config', json={'cell_name': get('/api/config').json()['cell_name']})
assert r.status_code == 200
assert 'message' in r.json()
def test_put_config_update_cell_name_persists(self):
original_name = get('/api/config').json()['cell_name']
new_name = original_name + '-test'
try:
r = put('/api/config', json={'cell_name': new_name})
assert r.status_code == 200
updated = get('/api/config').json()
assert updated['cell_name'] == new_name
finally:
# Restore original name
put('/api/config', json={'cell_name': original_name})
def test_put_config_update_domain_persists(self):
original_domain = get('/api/config').json()['domain']
# Write same domain back to confirm the round-trip works without side effects
r = put('/api/config', json={'domain': original_domain})
assert r.status_code == 200
assert get('/api/config').json()['domain'] == original_domain
def test_put_config_valid_ip_range_accepted(self):
# Use a known-valid RFC-1918 range; restore the original after
original_range = get('/api/config').json()['ip_range']
r = put('/api/config', json={'ip_range': '172.20.0.0/16'})
try:
assert r.status_code == 200
finally:
put('/api/config', json={'ip_range': original_range})
def test_put_config_unknown_top_level_key_does_not_crash(self):
# Unknown keys that are not identity fields and not service keys should
# be silently ignored rather than causing a 500.
r = put('/api/config', json={'totally_unknown_field_xyz': 'value'})
assert r.status_code in (200, 400), (
f"Unexpected status {r.status_code} for unknown field"
)
# ---------------------------------------------------------------------------
# PUT /api/config — validation rejections
# ---------------------------------------------------------------------------
class TestPutConfigValidation:
def test_put_config_empty_body_returns_400(self):
r = requests.put(
f"{API_BASE}/api/config",
data='',
headers={'Content-Type': 'application/json'},
)
assert r.status_code == 400
def test_put_config_invalid_json_returns_400(self):
r = requests.put(
f"{API_BASE}/api/config",
data='not valid json }{',
headers={'Content-Type': 'application/json'},
)
assert r.status_code == 400
def test_put_config_ip_range_not_rfc1918_returns_400(self):
# 8.8.0.0/16 is a public range — must be rejected
r = put('/api/config', json={'ip_range': '8.8.0.0/16'})
assert r.status_code == 400
body = r.json()
assert 'error' in body
assert 'ip_range' in body['error'].lower() or 'rfc' in body['error'].lower()
def test_put_config_ip_range_outside_172_16_prefix_returns_400(self):
# 172.0.0.0/24 looks like a 172.x range but is NOT within 172.16.0.0/12
r = put('/api/config', json={'ip_range': '172.0.0.0/24'})
assert r.status_code == 400
def test_put_config_ip_range_malformed_returns_400(self):
r = put('/api/config', json={'ip_range': 'not-an-ip'})
assert r.status_code == 400
def test_put_config_ip_range_bare_ip_behavior(self):
# Bare IP is interpreted as /32 — the API may accept or reject it,
# but it must not crash (no 500).
r = put('/api/config', json={'ip_range': '10.0.0.1'})
assert r.status_code in (200, 400)
def test_put_config_calendar_port_zero_returns_400(self):
r = put('/api/config', json={'calendar': {'port': 0}})
assert r.status_code == 400
assert 'error' in r.json()
def test_put_config_calendar_port_too_high_returns_400(self):
r = put('/api/config', json={'calendar': {'port': 65536}})
assert r.status_code == 400
assert 'error' in r.json()
def test_put_config_files_port_negative_returns_400(self):
r = put('/api/config', json={'files': {'port': -1}})
assert r.status_code == 400
def test_put_config_wireguard_address_without_prefix_returns_400(self):
# wireguard.address must include prefix length
r = put('/api/config', json={'wireguard': {'address': '10.0.0.1'}})
assert r.status_code == 400
assert 'error' in r.json()
def test_put_config_wireguard_address_invalid_returns_400(self):
r = put('/api/config', json={'wireguard': {'address': 'not-an-ip/24'}})
assert r.status_code == 400
# ---------------------------------------------------------------------------
# GET /api/config/export
# ---------------------------------------------------------------------------
class TestConfigExport:
def test_export_returns_200(self):
r = get('/api/config/export')
assert r.status_code == 200
def test_export_has_config_key(self):
data = get('/api/config/export').json()
assert 'config' in data
def test_export_has_format_key(self):
data = get('/api/config/export').json()
assert 'format' in data
def test_export_config_content_is_not_empty(self):
data = get('/api/config/export').json()
assert data['config'] # non-empty / non-None
# ---------------------------------------------------------------------------
# POST /api/config/import
# ---------------------------------------------------------------------------
class TestConfigImport:
def test_import_missing_body_returns_400(self):
r = requests.post(
f"{API_BASE}/api/config/import",
data='',
headers={'Content-Type': 'application/json'},
)
assert r.status_code == 400
def test_import_invalid_json_returns_400(self):
r = requests.post(
f"{API_BASE}/api/config/import",
data='{{bad json',
headers={'Content-Type': 'application/json'},
)
assert r.status_code == 400
def test_import_valid_empty_config_does_not_crash(self):
# Sending an empty config dict — the API should respond with 200 or a
# meaningful error, not a 500 traceback.
r = post('/api/config/import', json={'config': {}, 'format': 'json'})
assert r.status_code in (200, 400, 422, 500)
# Confirm the response is still valid JSON
r.json()
def test_import_round_trips_exported_config(self):
# Export current config, import it back — should succeed without errors.
exported = get('/api/config/export').json()
r = post('/api/config/import', json={
'config': exported['config'],
'format': exported.get('format', 'json'),
})
assert r.status_code in (200, 400), (
f"Unexpected status {r.status_code}: {r.text}"
)
# ---------------------------------------------------------------------------
# POST /api/config/backup + GET /api/config/backups
# ---------------------------------------------------------------------------
class TestConfigBackup:
def test_create_backup_returns_200(self):
r = post('/api/config/backup')
assert r.status_code == 200
def test_create_backup_returns_backup_id(self):
r = post('/api/config/backup')
assert r.status_code == 200
data = r.json()
assert 'backup_id' in data
assert data['backup_id']
def test_list_backups_returns_200(self):
r = get('/api/config/backups')
assert r.status_code == 200
def test_list_backups_returns_list(self):
r = get('/api/config/backups')
assert isinstance(r.json(), list)
def test_backup_appears_in_list_after_creation(self):
# Create a backup, then verify it shows up in the list.
create_r = post('/api/config/backup')
assert create_r.status_code == 200
new_id = create_r.json().get('backup_id')
backups = get('/api/config/backups').json()
# The list may contain IDs directly or dicts with an 'id' key
ids = []
for entry in backups:
if isinstance(entry, str):
ids.append(entry)
elif isinstance(entry, dict):
ids.append(entry.get('id') or entry.get('backup_id') or '')
assert new_id in ids, (
f"Newly created backup '{new_id}' not found in backups list: {backups}"
)
# ---------------------------------------------------------------------------
# GET /api/config/pending
# ---------------------------------------------------------------------------
class TestConfigPending:
def test_pending_returns_200(self):
r = get('/api/config/pending')
assert r.status_code == 200
def test_pending_has_needs_restart_field(self):
data = get('/api/config/pending').json()
assert 'needs_restart' in data
assert isinstance(data['needs_restart'], bool)
def test_pending_has_changes_list(self):
data = get('/api/config/pending').json()
assert 'changes' in data
assert isinstance(data['changes'], list)
tests/integration/test_containers.py
+200
View File
@@ -0,0 +1,200 @@
"""
Container management integration tests.
Covers:
- GET /api/containers list, shape, all expected containers present
- POST /api/containers/<name>/restart non-critical container; verify recovery
- GET /api/containers/<name>/logs returns log lines
- GET /api/containers/<name>/stats returns stats dict
- Negative: non-existent container name error response (not 5xx crash)
All container endpoints require a local request; tests hit localhost so the
access-control check passes.
Run with: pytest tests/integration/test_containers.py -v
"""
import time
import pytest
import requests
import sys
import os
sys.path.insert(0, os.path.dirname(__file__))
from conftest import API_BASE
# A non-critical container safe to restart during testing.
# cell-ntp has no write-side effects and recovers in seconds.
_SAFE_TO_RESTART = 'cell-ntp'
# A container that definitely does not exist.
_NONEXISTENT = 'cell-does-not-exist-xyz'
def get(path, **kw):
return requests.get(f"{API_BASE}{path}", **kw)
def post(path, **kw):
return requests.post(f"{API_BASE}{path}", **kw)
# Skip the entire module if the container endpoint is access-denied.
# This happens when the running API image pre-dates the cell_net check in
# is_local_request(). Run `make update` to rebuild and re-enable these tests.
def _containers_accessible():
try:
return requests.get(f"{API_BASE}/api/containers", timeout=3).status_code != 403
except Exception:
return False
pytestmark = pytest.mark.skipif(
not _containers_accessible(),
reason="Container endpoints return 403 — run `make update` to deploy current API image",
)
# ---------------------------------------------------------------------------
# GET /api/containers
# ---------------------------------------------------------------------------
class TestListContainers:
def test_list_containers_returns_200(self):
r = get('/api/containers')
assert r.status_code == 200
def test_list_containers_returns_list(self):
data = get('/api/containers').json()
assert isinstance(data, list)
assert len(data) > 0, "Expected at least one container in the list"
def test_each_container_has_name_field(self):
data = get('/api/containers').json()
for c in data:
assert 'name' in c, f"Container entry missing 'name': {c}"
def test_each_container_has_status_field(self):
data = get('/api/containers').json()
for c in data:
assert 'status' in c, f"Container entry missing 'status': {c}"
def test_safe_to_restart_container_is_present(self):
data = get('/api/containers').json()
names = {c['name'] for c in data}
assert _SAFE_TO_RESTART in names, (
f"Expected container '{_SAFE_TO_RESTART}' in list; found: {names}"
)
def test_safe_to_restart_container_is_running(self):
data = get('/api/containers').json()
container = next((c for c in data if c['name'] == _SAFE_TO_RESTART), None)
assert container is not None
assert container['status'] == 'running', (
f"Container '{_SAFE_TO_RESTART}' is not running: {container['status']}"
)
# ---------------------------------------------------------------------------
# POST /api/containers/<name>/restart
# ---------------------------------------------------------------------------
class TestRestartContainer:
def test_restart_safe_container_returns_200(self):
r = post(f'/api/containers/{_SAFE_TO_RESTART}/restart')
assert r.status_code == 200
def test_restart_safe_container_response_has_restarted_key(self):
r = post(f'/api/containers/{_SAFE_TO_RESTART}/restart')
assert r.status_code == 200
data = r.json()
assert 'restarted' in data, f"Response missing 'restarted' key: {data}"
def test_restart_safe_container_reports_success(self):
r = post(f'/api/containers/{_SAFE_TO_RESTART}/restart')
assert r.status_code == 200
assert r.json().get('restarted') is True
def test_container_recovers_after_restart(self):
"""After a restart the container should be running within ~15 seconds."""
r = post(f'/api/containers/{_SAFE_TO_RESTART}/restart')
assert r.status_code == 200
deadline = time.time() + 20
while time.time() < deadline:
containers = get('/api/containers').json()
container = next((c for c in containers if c['name'] == _SAFE_TO_RESTART), None)
if container and container.get('status') == 'running':
return
time.sleep(2)
pytest.fail(
f"Container '{_SAFE_TO_RESTART}' did not return to 'running' within 20 s"
)
def test_restart_nonexistent_container_does_not_return_200(self):
"""Restarting a container that doesn't exist should not silently succeed."""
r = post(f'/api/containers/{_NONEXISTENT}/restart')
# The API may return 404, 400, or 500 for an unknown container — anything
# but a 200 with restarted=True is acceptable.
if r.status_code == 200:
assert r.json().get('restarted') is not True, (
"restart of non-existent container should not claim restarted=True"
)
# ---------------------------------------------------------------------------
# GET /api/containers/<name>/logs
# ---------------------------------------------------------------------------
class TestContainerLogs:
def test_get_logs_returns_200(self):
r = get(f'/api/containers/{_SAFE_TO_RESTART}/logs')
assert r.status_code == 200
def test_get_logs_has_logs_key(self):
data = get(f'/api/containers/{_SAFE_TO_RESTART}/logs').json()
assert 'logs' in data, f"Response missing 'logs' key: {data}"
def test_get_logs_logs_is_string_or_list(self):
logs = get(f'/api/containers/{_SAFE_TO_RESTART}/logs').json()['logs']
assert isinstance(logs, (str, list)), (
f"'logs' should be a string or list, got {type(logs)}"
)
def test_get_logs_tail_param_respected(self):
"""tail=5 should return at most 5 lines (if log output is a list)."""
data = get(f'/api/containers/{_SAFE_TO_RESTART}/logs', params={'tail': 5}).json()
assert 'logs' in data
logs = data['logs']
if isinstance(logs, list):
assert len(logs) <= 5, f"Expected ≤5 log lines with tail=5, got {len(logs)}"
def test_get_logs_nonexistent_container_returns_error(self):
r = get(f'/api/containers/{_NONEXISTENT}/logs')
# Should be 404/500 with an error body, not 200 with empty logs
if r.status_code == 200:
data = r.json()
assert 'error' in data or not data.get('logs'), (
"Expected error for non-existent container logs, got successful response"
)
else:
assert r.status_code in (404, 500)
# ---------------------------------------------------------------------------
# GET /api/containers/<name>/stats
# ---------------------------------------------------------------------------
class TestContainerStats:
def test_get_stats_returns_200(self):
r = get(f'/api/containers/{_SAFE_TO_RESTART}/stats')
assert r.status_code == 200
def test_get_stats_returns_dict(self):
data = get(f'/api/containers/{_SAFE_TO_RESTART}/stats').json()
assert isinstance(data, dict)
def test_get_stats_nonexistent_container_does_not_crash(self):
r = get(f'/api/containers/{_NONEXISTENT}/stats')
# Any response other than an unhandled exception is acceptable
assert r.status_code in (200, 404, 500)
r.json() # must still be valid JSON
tests/integration/test_live_api.py
+11
View File
@@ -83,22 +83,33 @@ EXPECTED_CONTAINERS = [
'cell-api', 'cell-webui', 'cell-rainloop', 'cell-filegator',
]
def _containers_accessible():
try:
return get('/api/containers').status_code != 403
except Exception:
return False
class TestContainers:
@pytest.mark.skipif(not _containers_accessible(), reason="Container endpoint returns 403 — run `make update`")
def test_containers_endpoint_reachable(self):
r = get('/api/containers')
assert r.status_code == 200
@pytest.mark.skipif(not _containers_accessible(), reason="Container endpoint returns 403 — run `make update`")
def test_containers_returns_list(self):
data = get('/api/containers').json()
assert isinstance(data, list)
assert len(data) > 0
@pytest.mark.skipif(not _containers_accessible(), reason="Container endpoint returns 403 — run `make update`")
def test_all_expected_containers_present(self):
data = get('/api/containers').json()
running = {c['name'] for c in data}
missing = set(EXPECTED_CONTAINERS) - running
assert not missing, f"Containers not found: {missing}"
@pytest.mark.skipif(not _containers_accessible(), reason="Container endpoint returns 403 — run `make update`")
def test_all_expected_containers_running(self):
data = get('/api/containers').json()
by_name = {c['name']: c for c in data}
tests/integration/test_negative_scenarios.py
+336
View File
@@ -0,0 +1,336 @@
"""
Negative and error-path integration tests.
These tests verify that the API:
1. Rejects malformed or missing inputs with appropriate 4xx status codes
2. Returns JSON with an 'error' key on failure (never a raw exception traceback)
3. Returns 404 (or a 200 with a "not found" message) for unknown resource IDs
4. Does not crash (500) on bad Content-Type or oversized payloads
Endpoints covered:
- /api/peers (POST, PUT, DELETE)
- /api/config (PUT)
- /api/dns/records (DELETE)
- /api/dhcp/reservations (POST, DELETE)
- /api/containers/<name>/restart
- /api/wireguard/keys/peer
Run with: pytest tests/integration/test_negative_scenarios.py -v
"""
import pytest
import requests
import sys
import os
sys.path.insert(0, os.path.dirname(__file__))
from conftest import API_BASE
# Sentinel peer name that should never exist in the registry
_GHOST_PEER = 'ghost-peer-that-does-not-exist-xyz'
_GHOST_CONTAINER = 'cell-container-does-not-exist-xyz'
def get(path, **kw):
return requests.get(f"{API_BASE}{path}", **kw)
def post(path, **kw):
return requests.post(f"{API_BASE}{path}", **kw)
def put(path, **kw):
return requests.put(f"{API_BASE}{path}", **kw)
def delete(path, **kw):
return requests.delete(f"{API_BASE}{path}", **kw)
# ---------------------------------------------------------------------------
# Helpers
# ---------------------------------------------------------------------------
def _assert_error_response(r, expected_status):
"""Assert status code and that the body is valid JSON containing 'error'."""
assert r.status_code == expected_status, (
f"Expected {expected_status}, got {r.status_code}: {r.text}"
)
data = r.json()
assert 'error' in data, f"Expected 'error' key in response body: {data}"
def _assert_json_error(r):
"""Assert that whatever the status code, the body is JSON and has 'error'."""
body = r.json()
assert 'error' in body, f"Expected 'error' key in error response body: {body}"
# ---------------------------------------------------------------------------
# Peer endpoints — missing / invalid fields
# ---------------------------------------------------------------------------
class TestPeerNegative:
def test_create_peer_missing_name_returns_400(self):
r = post('/api/peers', json={'public_key': 'somefakekey=='})
_assert_error_response(r, 400)
def test_create_peer_missing_public_key_returns_400(self):
r = post('/api/peers', json={'name': _GHOST_PEER})
_assert_error_response(r, 400)
def test_create_peer_empty_body_returns_400(self):
r = requests.post(
f"{API_BASE}/api/peers",
data='',
headers={'Content-Type': 'application/json'},
)
assert r.status_code == 400
def test_create_peer_invalid_service_access_returns_400(self):
r = post('/api/peers', json={
'name': _GHOST_PEER,
'public_key': 'somefakekey==',
'service_access': ['not_a_real_service'],
})
_assert_error_response(r, 400)
def test_create_peer_service_access_not_a_list_returns_400(self):
r = post('/api/peers', json={
'name': _GHOST_PEER,
'public_key': 'somefakekey==',
'service_access': 'calendar', # string instead of list
})
_assert_error_response(r, 400)
def test_update_nonexistent_peer_returns_404(self):
r = put(f'/api/peers/{_GHOST_PEER}', json={'service_access': ['calendar']})
assert r.status_code == 404
_assert_json_error(r)
def test_delete_nonexistent_peer_returns_200_with_message(self):
# app.py returns 200 + a "not found" message (not 404) for idempotent deletes
r = delete(f'/api/peers/{_GHOST_PEER}')
assert r.status_code == 200
data = r.json()
# Should have 'message', not 'error'
assert 'message' in data
assert 'not found' in data['message'].lower() or 'removed' in data['message'].lower()
def test_create_peer_plain_text_body_returns_400(self):
"""Sending plain text instead of JSON should produce a 400."""
r = requests.post(
f"{API_BASE}/api/peers",
data='name=foo&public_key=bar',
headers={'Content-Type': 'text/plain'},
)
assert r.status_code == 400
# ---------------------------------------------------------------------------
# Config endpoint — bad JSON, bad values
# ---------------------------------------------------------------------------
class TestConfigNegative:
def test_put_config_null_body_returns_400(self):
r = requests.put(
f"{API_BASE}/api/config",
data='null',
headers={'Content-Type': 'application/json'},
)
assert r.status_code == 400
def test_put_config_completely_invalid_json_returns_400(self):
r = requests.put(
f"{API_BASE}/api/config",
data='{bad json}}}',
headers={'Content-Type': 'application/json'},
)
assert r.status_code == 400
def test_put_config_ip_range_public_address_returns_400(self):
r = put('/api/config', json={'ip_range': '203.0.113.0/24'})
assert r.status_code == 400
_assert_json_error(r)
def test_put_config_ip_range_172_boundary_just_below_rejected(self):
# 172.15.0.0/24 is just below 172.16.0.0/12 — must be rejected
r = put('/api/config', json={'ip_range': '172.15.0.0/24'})
assert r.status_code == 400
def test_put_config_ip_range_172_boundary_just_inside_accepted(self):
# 172.16.0.0/24 is within 172.16.0.0/12 — must be accepted
current = get('/api/config').json()
current_range = current['ip_range']
try:
r = put('/api/config', json={'ip_range': '172.16.0.0/24'})
assert r.status_code == 200, (
f"172.16.0.0/24 is valid RFC-1918 but was rejected: {r.text}"
)
finally:
put('/api/config', json={'ip_range': current_range})
def test_put_config_port_string_value_returns_400(self):
r = put('/api/config', json={'calendar': {'port': 'not-a-number'}})
assert r.status_code == 400
def test_put_config_port_boundary_65535_accepted(self):
# 65535 is the maximum valid port — must not return 400
# Use a port field that is unlikely to conflict with existing ports
# We test the validation boundary only; we do not actually apply this
# port because that would require a container restart.
# NOTE: this may conflict with another service's port; accept 409 too.
r = put('/api/config', json={'calendar': {'port': 65535}})
assert r.status_code in (200, 409), (
f"Expected 200 or 409 for port=65535, got {r.status_code}: {r.text}"
)
def test_put_config_port_boundary_1_accepted(self):
r = put('/api/config', json={'calendar': {'port': 1}})
assert r.status_code in (200, 409), (
f"Expected 200 or 409 for port=1, got {r.status_code}: {r.text}"
)
def test_put_config_wireguard_address_bare_ip_returns_400(self):
r = put('/api/config', json={'wireguard': {'address': '10.0.0.1'}})
assert r.status_code == 400
def test_put_config_oversized_cell_name_does_not_crash(self):
"""A very long cell_name should not cause an unhandled 500."""
long_name = 'a' * 2048
r = put('/api/config', json={'cell_name': long_name})
# We don't mandate 400 here (the API may accept it), but it must not 500.
assert r.status_code != 500, (
f"Oversized cell_name caused a 500: {r.text}"
)
r.json() # must be valid JSON
# ---------------------------------------------------------------------------
# DNS records — negative
# ---------------------------------------------------------------------------
class TestDnsRecordsNegative:
def test_delete_dns_record_empty_body_does_not_crash(self):
"""Sending an empty JSON body to DELETE /api/dns/records must not 500."""
r = requests.delete(
f"{API_BASE}/api/dns/records",
json={},
headers={'Content-Type': 'application/json'},
)
# The endpoint calls network_manager.remove_dns_record(**{}) which will
# raise a TypeError; the API should catch it and return a 500 OR a 400.
assert r.status_code in (400, 500)
r.json() # must still be parseable JSON
def test_delete_dns_record_no_content_type_does_not_crash(self):
"""Sending DELETE with no body at all must return a parseable response."""
r = requests.delete(f"{API_BASE}/api/dns/records")
assert r.status_code in (200, 400, 404, 500)
r.json()
# ---------------------------------------------------------------------------
# DHCP reservations — negative
# ---------------------------------------------------------------------------
class TestDhcpReservationsNegative:
def test_add_reservation_no_body_returns_400(self):
r = requests.post(
f"{API_BASE}/api/dhcp/reservations",
data='',
headers={'Content-Type': 'application/json'},
)
assert r.status_code == 400
def test_add_reservation_missing_ip_returns_400(self):
r = post('/api/dhcp/reservations', json={'mac': 'aa:bb:cc:dd:ee:ff'})
assert r.status_code == 400
_assert_json_error(r)
def test_add_reservation_missing_mac_returns_400(self):
r = post('/api/dhcp/reservations', json={'ip': '10.0.0.250'})
assert r.status_code == 400
_assert_json_error(r)
def test_delete_reservation_no_mac_returns_400(self):
r = delete('/api/dhcp/reservations', json={'ip': '10.0.0.250'})
assert r.status_code == 400
_assert_json_error(r)
def test_delete_reservation_empty_body_returns_400(self):
r = requests.delete(
f"{API_BASE}/api/dhcp/reservations",
data='',
headers={'Content-Type': 'application/json'},
)
assert r.status_code == 400
# ---------------------------------------------------------------------------
# Container endpoints — negative
# ---------------------------------------------------------------------------
class TestContainersNegative:
def test_restart_nonexistent_container_returns_error(self):
r = post(f'/api/containers/{_GHOST_CONTAINER}/restart')
# 403 = local-only endpoint; 404/500 = not found; 200 with restarted=False = ok
assert r.status_code in (200, 403, 404, 500)
if r.status_code == 200:
assert r.json().get('restarted') is not True
r.json() # must be valid JSON
def test_get_logs_nonexistent_container_returns_error(self):
r = get(f'/api/containers/{_GHOST_CONTAINER}/logs')
assert r.status_code in (200, 403, 404, 500)
if r.status_code == 200:
data = r.json()
assert 'error' in data or not data.get('logs')
r.json()
def test_get_stats_nonexistent_container_returns_json(self):
r = get(f'/api/containers/{_GHOST_CONTAINER}/stats')
assert r.status_code in (200, 403, 404, 500)
r.json() # must always be parseable
# ---------------------------------------------------------------------------
# WireGuard key generation — negative
# ---------------------------------------------------------------------------
class TestWireGuardKeyGenNegative:
def test_generate_keys_empty_body_returns_400(self):
r = requests.post(
f"{API_BASE}/api/wireguard/keys/peer",
json={},
headers={'Content-Type': 'application/json'},
)
assert r.status_code == 400
_assert_json_error(r)
def test_generate_keys_missing_name_returns_400(self):
r = post('/api/wireguard/keys/peer', json={'other_field': 'value'})
assert r.status_code == 400
def test_generate_keys_null_name_returns_400(self):
r = post('/api/wireguard/keys/peer', json={'name': None})
assert r.status_code == 400
# ---------------------------------------------------------------------------
# Generic: all non-existent URL paths return 404 (Flask default)
# ---------------------------------------------------------------------------
class TestNotFoundRoutes:
def test_unknown_api_path_returns_404(self):
r = get('/api/this-route-does-not-exist-at-all')
assert r.status_code == 404
def test_peer_detail_nonexistent_returns_404(self):
# GET is not defined for /api/peers/<peer_name> in app.py —
# only PUT and DELETE exist. Flask should return 405 Method Not Allowed.
r = get(f'/api/peers/{_GHOST_PEER}')
assert r.status_code in (404, 405)
def test_update_nonexistent_peer_gives_404_not_500(self):
r = put(f'/api/peers/{_GHOST_PEER}', json={'description': 'test'})
assert r.status_code == 404
r.json() # must be valid JSON with 'error' key
tests/integration/test_network_services.py
+216
View File
@@ -0,0 +1,216 @@
"""
Network services integration tests: DNS records, DHCP leases, DHCP reservations.
Note on endpoint shapes discovered from app.py:
- DELETE /api/dns/records takes a JSON body (not a URL param)
- DELETE /api/dhcp/reservations takes JSON body with 'mac' field
- POST /api/dhcp/reservations requires 'mac' and 'ip' fields
Run with: pytest tests/integration/test_network_services.py -v
"""
import pytest
import requests
import sys
import os
sys.path.insert(0, os.path.dirname(__file__))
from conftest import API_BASE
# Test DNS hostname to use — must be cleaned up after tests
_TEST_DNS_HOSTNAME = 'inttest-dns-record'
def get(path, **kw):
return requests.get(f"{API_BASE}{path}", **kw)
def post(path, **kw):
return requests.post(f"{API_BASE}{path}", **kw)
def delete(path, **kw):
return requests.delete(f"{API_BASE}{path}", **kw)
# ---------------------------------------------------------------------------
# GET /api/dns/records
# ---------------------------------------------------------------------------
class TestDnsRecordsRead:
def test_get_dns_records_returns_200(self):
r = get('/api/dns/records')
assert r.status_code == 200
def test_get_dns_records_returns_list_or_dict(self):
# The network_manager may return a list of records or a dict keyed by hostname
data = get('/api/dns/records').json()
assert isinstance(data, (list, dict))
def test_get_dns_status_returns_200(self):
r = get('/api/dns/status')
assert r.status_code == 200
def test_get_dns_status_returns_dict(self):
data = get('/api/dns/status').json()
assert isinstance(data, dict)
# ---------------------------------------------------------------------------
# POST /api/dns/records + DELETE /api/dns/records (round-trip)
# ---------------------------------------------------------------------------
class TestDnsRecordsWrite:
"""Create a DNS A record then delete it. The test is self-cleaning."""
def test_add_dns_record_returns_non_error(self):
"""Adding a well-formed A record should not return a 4xx or 5xx."""
r = post('/api/dns/records', json={
'zone': 'cell',
'name': _TEST_DNS_HOSTNAME,
'record_type': 'A',
'value': '10.0.0.99',
})
# Accept 200 or 201; clean up regardless
try:
assert r.status_code in (200, 201), (
f"Expected 200/201 for DNS record creation, got {r.status_code}: {r.text}"
)
finally:
delete('/api/dns/records', json={'zone': 'cell', 'name': _TEST_DNS_HOSTNAME, 'record_type': 'A'})
def test_add_and_delete_dns_record_round_trip(self):
"""Create a record, verify it appears in the list, then delete it."""
add_r = post('/api/dns/records', json={
'zone': 'cell',
'name': _TEST_DNS_HOSTNAME,
'record_type': 'A',
'value': '10.0.0.98',
})
assert add_r.status_code in (200, 201), (
f"Could not create test DNS record: {add_r.text}"
)
try:
records = get('/api/dns/records').json()
if isinstance(records, list):
names = [r.get('name', r.get('hostname', '')) for r in records]
else:
names = list(records.keys())
assert any(_TEST_DNS_HOSTNAME in n for n in names), (
f"Added record '{_TEST_DNS_HOSTNAME}' not found in records: {records}"
)
finally:
del_r = delete('/api/dns/records', json={'zone': 'cell', 'name': _TEST_DNS_HOSTNAME, 'record_type': 'A'})
assert del_r.status_code in (200, 204), (
f"DNS record delete failed: {del_r.status_code} {del_r.text}"
)
def test_delete_nonexistent_dns_record_does_not_crash(self):
"""Deleting a record that doesn't exist should return 200/404, not 500."""
r = delete('/api/dns/records', json={'zone': 'cell', 'name': 'does-not-exist-xyz', 'record_type': 'A'})
assert r.status_code in (200, 404), (
f"Unexpected status {r.status_code} deleting non-existent DNS record"
)
def test_add_dns_record_missing_name_is_handled(self):
"""Omitting required fields should not cause an unhandled 500."""
r = post('/api/dns/records', json={'zone': 'cell', 'record_type': 'A', 'value': '10.0.0.97'})
assert r.status_code != 200 or 'error' in r.json()
# ---------------------------------------------------------------------------
# GET /api/dhcp/leases
# ---------------------------------------------------------------------------
class TestDhcpLeases:
def test_get_dhcp_leases_returns_200(self):
r = get('/api/dhcp/leases')
assert r.status_code == 200
def test_get_dhcp_leases_returns_list_or_dict(self):
data = get('/api/dhcp/leases').json()
assert isinstance(data, (list, dict))
# ---------------------------------------------------------------------------
# POST /api/dhcp/reservations + DELETE /api/dhcp/reservations
# ---------------------------------------------------------------------------
_TEST_MAC = 'de:ad:be:ef:11:22'
_TEST_RESERVATION_IP = '10.0.0.200'
class TestDhcpReservations:
def _cleanup(self):
delete('/api/dhcp/reservations', json={'mac': _TEST_MAC})
def test_add_dhcp_reservation_returns_non_error(self):
try:
r = post('/api/dhcp/reservations', json={
'mac': _TEST_MAC,
'ip': _TEST_RESERVATION_IP,
'hostname': 'inttest-dhcp-host',
})
assert r.status_code in (200, 201), (
f"Expected 200/201 for DHCP reservation, got {r.status_code}: {r.text}"
)
finally:
self._cleanup()
def test_add_dhcp_reservation_missing_mac_returns_400(self):
r = post('/api/dhcp/reservations', json={'ip': _TEST_RESERVATION_IP})
assert r.status_code == 400
assert 'error' in r.json()
def test_add_dhcp_reservation_missing_ip_returns_400(self):
r = post('/api/dhcp/reservations', json={'mac': _TEST_MAC})
assert r.status_code == 400
assert 'error' in r.json()
def test_add_dhcp_reservation_empty_body_returns_400(self):
r = requests.post(
f"{API_BASE}/api/dhcp/reservations",
data='',
headers={'Content-Type': 'application/json'},
)
assert r.status_code == 400
def test_delete_dhcp_reservation_missing_mac_returns_400(self):
r = delete('/api/dhcp/reservations', json={})
assert r.status_code == 400
assert 'error' in r.json()
def test_add_and_delete_dhcp_reservation_round_trip(self):
add_r = post('/api/dhcp/reservations', json={
'mac': _TEST_MAC,
'ip': _TEST_RESERVATION_IP,
})
assert add_r.status_code in (200, 201), (
f"Could not create DHCP reservation: {add_r.text}"
)
try:
del_r = delete('/api/dhcp/reservations', json={'mac': _TEST_MAC})
assert del_r.status_code in (200, 204), (
f"DHCP reservation delete failed: {del_r.status_code} {del_r.text}"
)
except Exception:
self._cleanup()
raise
# ---------------------------------------------------------------------------
# GET /api/ntp/status + GET /api/network/info
# ---------------------------------------------------------------------------
class TestNtpAndNetworkInfo:
def test_ntp_status_returns_200(self):
r = get('/api/ntp/status')
assert r.status_code == 200
def test_ntp_status_is_dict(self):
assert isinstance(get('/api/ntp/status').json(), dict)
def test_network_info_returns_200(self):
r = get('/api/network/info')
assert r.status_code == 200
def test_network_info_is_dict(self):
assert isinstance(get('/api/network/info').json(), dict)
tests/test_port_conflicts.py
+265
View File
@@ -0,0 +1,265 @@
"""
Unit tests for api/port_registry.py port conflict detection.
"""
import sys
import os
import pytest
sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', 'api'))
from port_registry import PORT_FIELDS, detect_conflicts
# ---------------------------------------------------------------------------
# Helpers
# ---------------------------------------------------------------------------
def _make_config(**sections):
"""Build a minimal effective_config dict from keyword args."""
return dict(sections)
# ---------------------------------------------------------------------------
# No-conflict cases
# ---------------------------------------------------------------------------
class TestNoConflict:
def test_empty_config_and_patch(self):
"""Both inputs empty → no conflicts."""
assert detect_conflicts({}, {}) == []
def test_all_different_ports(self):
effective = {
'network': {'dns_port': 53},
'wireguard': {'port': 51820},
'email': {'smtp_port': 25, 'submission_port': 587,
'imap_port': 993, 'webmail_port': 8888},
'calendar': {'port': 5232},
'files': {'port': 8080, 'manager_port': 8082},
}
assert detect_conflicts(effective, {}) == []
def test_patch_with_unique_port(self):
"""Updating a port to a value nobody else uses → no conflict."""
effective = {
'network': {'dns_port': 53},
'wireguard': {'port': 51820},
}
patch = {'wireguard': {'port': 9999}}
assert detect_conflicts(effective, patch) == []
def test_missing_sections_are_ignored(self):
"""Sections absent from both config and patch are silently skipped."""
# Only 'network' is present; others are absent entirely.
effective = {'network': {'dns_port': 53}}
assert detect_conflicts(effective, {}) == []
def test_none_and_empty_string_values_are_skipped(self):
"""None or '' port values must not be included in conflict detection."""
effective = {
'network': {'dns_port': None},
'wireguard': {'port': ''},
'calendar': {'port': 5232},
}
# No actual usable ports clash → no conflict
assert detect_conflicts(effective, {}) == []
# ---------------------------------------------------------------------------
# Conflict detection
# ---------------------------------------------------------------------------
class TestConflictDetected:
def test_two_sections_same_port(self):
"""Two sections sharing a port must produce one conflict entry."""
effective = {
'network': {'dns_port': 5232},
'calendar': {'port': 5232},
}
result = detect_conflicts(effective, {})
assert len(result) == 1
assert result[0]['port'] == 5232
slots = result[0]['conflicts']
assert ('network', 'dns_port') in slots
assert ('calendar', 'port') in slots
def test_three_sections_same_port(self):
"""Three sections sharing a port → one conflict entry with 3 slots."""
effective = {
'network': {'dns_port': 8080},
'calendar': {'port': 8080},
'files': {'port': 8080, 'manager_port': 9000},
}
result = detect_conflicts(effective, {})
assert len(result) == 1
assert result[0]['port'] == 8080
assert len(result[0]['conflicts']) == 3
def test_two_separate_conflicts(self):
"""Two distinct port values each shared by two sections."""
effective = {
'network': {'dns_port': 53},
'wireguard': {'port': 53}, # conflict on 53
'calendar': {'port': 8080},
'files': {'port': 8080}, # conflict on 8080
}
result = detect_conflicts(effective, {})
ports_with_conflict = {c['port'] for c in result}
assert 53 in ports_with_conflict
assert 8080 in ports_with_conflict
assert len(result) == 2
def test_email_fields_conflict_with_other_section(self):
"""An email sub-port conflicting with another section."""
effective = {
'email': {'smtp_port': 25, 'submission_port': 5232,
'imap_port': 993, 'webmail_port': 8888},
'calendar': {'port': 5232},
}
result = detect_conflicts(effective, {})
assert len(result) == 1
assert result[0]['port'] == 5232
slots = result[0]['conflicts']
assert ('email', 'submission_port') in slots
assert ('calendar', 'port') in slots
# ---------------------------------------------------------------------------
# Patch overrides stored config
# ---------------------------------------------------------------------------
class TestPatchOverride:
def test_patch_resolves_existing_conflict(self):
"""If the patch moves a port away from a conflict, no conflict remains."""
effective = {
'network': {'dns_port': 5232},
'calendar': {'port': 5232},
}
# Patch moves calendar to a free port
patch = {'calendar': {'port': 9000}}
assert detect_conflicts(effective, patch) == []
def test_patch_introduces_conflict(self):
"""If the patch sets a port that collides with stored config, detect it."""
effective = {
'network': {'dns_port': 53},
'calendar': {'port': 5232},
}
# Patch changes calendar port to match DNS
patch = {'calendar': {'port': 53}}
result = detect_conflicts(effective, patch)
assert len(result) == 1
assert result[0]['port'] == 53
slots = result[0]['conflicts']
assert ('network', 'dns_port') in slots
assert ('calendar', 'port') in slots
def test_patch_partial_section_merges_with_stored(self):
"""A partial patch for a section merges with stored fields (not replaces)."""
effective = {
'email': {
'smtp_port': 25,
'submission_port': 587,
'imap_port': 993,
'webmail_port': 8888,
},
'calendar': {'port': 5232},
}
# Patch only changes imap_port; other email ports remain from stored config
patch = {'email': {'imap_port': 5232}}
result = detect_conflicts(effective, patch)
assert len(result) == 1
assert result[0]['port'] == 5232
slots = result[0]['conflicts']
assert ('email', 'imap_port') in slots
assert ('calendar', 'port') in slots
def test_patch_only_affects_patched_section(self):
"""Fields NOT in the patch are still read from effective_config."""
effective = {
'wireguard': {'port': 51820},
'files': {'port': 8080, 'manager_port': 8082},
}
# Patch changes files.manager_port but leaves files.port alone
patch = {'files': {'manager_port': 51820}}
result = detect_conflicts(effective, patch)
assert len(result) == 1
assert result[0]['port'] == 51820
slots = result[0]['conflicts']
assert ('wireguard', 'port') in slots
assert ('files', 'manager_port') in slots
# ---------------------------------------------------------------------------
# Self-conflict: same (section, field) should not flag itself
# ---------------------------------------------------------------------------
class TestNoSelfConflict:
def test_same_field_in_effective_and_patch_no_duplicate(self):
"""
When the patch sets the same value as the stored config for the same
(section, field), there must be no self-conflict.
"""
effective = {'calendar': {'port': 5232}}
patch = {'calendar': {'port': 5232}} # same value, same slot
assert detect_conflicts(effective, patch) == []
def test_only_one_section_one_field(self):
"""A single unique port cannot conflict with itself."""
effective = {'network': {'dns_port': 53}}
patch = {'network': {'dns_port': 53}}
assert detect_conflicts(effective, patch) == []
# ---------------------------------------------------------------------------
# Real-world default ports from PORT_DEFAULTS in ip_utils.py
# ---------------------------------------------------------------------------
class TestRealWorldDefaults:
DEFAULT_CONFIG = {
'network': {'dns_port': 53},
'wireguard': {'port': 51820},
'email': {'smtp_port': 25, 'submission_port': 587,
'imap_port': 993, 'webmail_port': 8888},
'calendar': {'port': 5232},
'files': {'port': 8080, 'manager_port': 8082},
}
def test_defaults_have_no_conflicts(self):
"""All out-of-the-box defaults must be conflict-free."""
assert detect_conflicts(self.DEFAULT_CONFIG, {}) == []
def test_changing_wireguard_to_dns_port_conflicts(self):
patch = {'wireguard': {'port': 53}}
result = detect_conflicts(self.DEFAULT_CONFIG, patch)
assert len(result) == 1
assert result[0]['port'] == 53
def test_changing_files_port_to_calendar_port_conflicts(self):
patch = {'files': {'port': 5232}}
result = detect_conflicts(self.DEFAULT_CONFIG, patch)
assert len(result) == 1
assert result[0]['port'] == 5232
def test_integer_string_ports_are_treated_as_ints(self):
"""Port values supplied as strings (as from JSON) must still work."""
effective = {
'network': {'dns_port': '53'},
'calendar': {'port': '53'},
}
result = detect_conflicts(effective, {})
assert len(result) == 1
assert result[0]['port'] == 53
def test_non_integer_port_values_are_skipped(self):
"""Malformed values that can't be cast to int must not crash."""
effective = {
'network': {'dns_port': 'bogus'},
'calendar': {'port': 5232},
}
assert detect_conflicts(effective, {}) == []
webui/src/App.jsx
+22 -2
View File
@@ -20,6 +20,7 @@ import {
} from 'lucide-react';
import { healthAPI, cellAPI } from './services/api';
import { ConfigProvider } from './contexts/ConfigContext';
import { DraftConfigProvider, useDraftConfig } from './contexts/DraftConfigContext';
import Sidebar from './components/Sidebar';
import Dashboard from './pages/Dashboard';
import Peers from './pages/Peers';
@@ -164,11 +165,21 @@ function App() {
};
}, [checkHealth, checkPending]);
const [applyStatus, setApplyStatus] = useState(null); // null | 'restarting' | 'done' | 'timeout' | 'error'
const [applyStatus, setApplyStatus] = useState(null); // null | 'saving' | 'restarting' | 'done' | 'timeout' | 'error'
const [applyError, setApplyError] = useState('');
const { flushAll, hasDirty } = useDraftConfig();
const handleApply = useCallback(async () => {
setApplyError('');
if (hasDirty()) {
setApplyStatus('saving');
try {
await flushAll();
} catch {
// flush errors are shown via Settings toasts; continue with apply
}
}
try {
await cellAPI.applyPending();
} catch (err) {
@@ -197,7 +208,7 @@ function App() {
setApplyStatus('timeout');
setApplyError('Containers may still be starting — check docker logs if services are unavailable');
setTimeout(() => setApplyStatus(null), 8000);
}, []);
}, [flushAll, hasDirty]);
const handleCancel = useCallback(async () => {
await cellAPI.cancelPending();
@@ -232,6 +243,7 @@ function App() {
}
return (
<DraftConfigProvider>
<Router>
<ConfigProvider>
<div className="min-h-screen bg-gray-50">
@@ -265,6 +277,13 @@ function App() {
<PendingRestartBanner pending={pending} onApply={handleApply} onCancel={handleCancel} />
)}
{applyStatus === 'saving' && (
<div className="mb-6 bg-blue-50 border border-blue-200 rounded-lg p-4 flex items-center gap-3">
<RefreshCw className="h-5 w-5 text-blue-500 animate-spin flex-shrink-0" />
<span className="text-sm font-medium text-blue-800">Saving settings</span>
</div>
)}
{applyStatus === 'restarting' && (
<div className="mb-6 bg-blue-50 border border-blue-200 rounded-lg p-4 flex items-center gap-3">
<RefreshCw className="h-5 w-5 text-blue-500 animate-spin flex-shrink-0" />
@@ -307,6 +326,7 @@ function App() {
</div>
</ConfigProvider>
</Router>
</DraftConfigProvider>
);
}
webui/src/contexts/DraftConfigContext.jsx
+37
View File
@@ -0,0 +1,37 @@
import { createContext, useContext, useRef, useCallback } from 'react';
const DraftConfigContext = createContext(null);
export function DraftConfigProvider({ children }) {
const flushersRef = useRef({}); // key async flush fn
const registerFlusher = useCallback((key, fn) => {
flushersRef.current[key] = fn;
return () => { delete flushersRef.current[key]; }; // cleanup
}, []);
const hasDirtyRef = useRef({}); // key boolean
const setDirty = useCallback((key, isDirty) => {
hasDirtyRef.current[key] = isDirty;
}, []);
const hasDirty = useCallback(() => {
return Object.values(hasDirtyRef.current).some(Boolean);
}, []);
const flushAll = useCallback(async () => {
const flushers = Object.values(flushersRef.current);
await Promise.all(flushers.map(fn => fn()));
}, []);
return (
<DraftConfigContext.Provider value={{ registerFlusher, setDirty, hasDirty, flushAll }}>
{children}
</DraftConfigContext.Provider>
);
}
export function useDraftConfig() {
return useContext(DraftConfigContext);
}
webui/src/pages/Settings.jsx
+89 -10
View File
@@ -1,5 +1,6 @@
import { useState, useEffect, useCallback } from 'react';
import { useState, useEffect, useCallback, useRef, useMemo } from 'react';
import { useConfig } from '../contexts/ConfigContext';
import { useDraftConfig } from '../contexts/DraftConfigContext';
import {
Settings as SettingsIcon, Server, Shield, Network, Mail, Calendar,
HardDrive, GitBranch, Archive, Upload, Download, Trash2, RotateCcw,
@@ -76,6 +77,38 @@ function isValidPort(v) {
return Number.isInteger(n) && n >= 1 && n <= 65535;
}
// Mirror of api/port_registry.py PORT_FIELDS must stay in sync
const PORT_CONFLICT_FIELDS = {
network: ['dns_port'],
wireguard: ['port'],
email: ['smtp_port', 'submission_port', 'imap_port', 'webmail_port'],
calendar: ['port'],
files: ['port', 'manager_port'],
};
function detectPortConflicts(configs) {
const portMap = {};
for (const [section, fields] of Object.entries(PORT_CONFLICT_FIELDS)) {
const sec = configs[section] || {};
for (const field of fields) {
const raw = sec[field];
if (raw === undefined || raw === null || raw === '') continue;
const n = parseInt(raw, 10);
if (isNaN(n)) continue;
(portMap[n] = portMap[n] || []).push([section, field]);
}
}
const result = {};
for (const [port, slots] of Object.entries(portMap)) {
if (slots.length < 2) continue;
const others = slots.map(([s, f]) => `${s}.${f}`).join(', ');
for (const [section, field] of slots) {
result[`${section}|${field}`] = `Port ${port} conflicts with ${others}`;
}
}
return result;
}
function isValidIp(v) {
if (!v || !v.trim()) return false;
const m = v.trim().match(/^(\d+)\.(\d+)\.(\d+)\.(\d+)$/);
@@ -364,6 +397,7 @@ const SERVICE_DEFS = [
function Settings() {
const toasts = useToasts();
const { refresh: refreshConfig } = useConfig();
const draftConfig = useDraftConfig();
// identity
const [identity, setIdentity] = useState({ cell_name: '', domain: '', ip_range: '' });
@@ -375,6 +409,8 @@ function Settings() {
const [serviceDirty, setServiceDirty] = useState({});
const [serviceSaving, setServiceSaving] = useState({});
const portConflicts = useMemo(() => detectPortConflicts(serviceConfigs), [serviceConfigs]);
// backups
const [backups, setBackups] = useState([]);
const [backupsLoading, setBackupsLoading] = useState(false);
@@ -427,10 +463,11 @@ function Settings() {
try {
const res = await cellAPI.updateConfig(identity);
setIdentityDirty(false);
draftConfig?.setDirty('identity', false);
_applyResult(res, 'Cell identity');
refreshConfig();
} catch {
toast('Failed to save identity', 'error');
} catch (err) {
toast(err.response?.data?.error || 'Failed to save identity', 'error');
} finally {
setIdentitySaving(false);
}
@@ -440,15 +477,18 @@ function Settings() {
const saveService = async (key) => {
const { defaults } = SERVICE_DEFS.find((d) => d.key === key) || {};
const data = { ...(defaults || {}), ...(serviceConfigs[key] || {}) };
if (Object.keys(validateServiceConfig(key, data)).length > 0) return;
const hasFieldErrors = Object.keys(validateServiceConfig(key, data)).length > 0;
const hasConflicts = (PORT_CONFLICT_FIELDS[key] || []).some(f => portConflicts[`${key}|${f}`]);
if (hasFieldErrors || hasConflicts) return;
setServiceSaving((s) => ({ ...s, [key]: true }));
try {
const res = await cellAPI.updateConfig({ [key]: serviceConfigs[key] });
setServiceDirty((d) => ({ ...d, [key]: false }));
draftConfig?.setDirty(key, false);
_applyResult(res, key);
refreshConfig();
} catch {
toast(`Failed to save ${key} config`, 'error');
} catch (err) {
toast(err.response?.data?.error || `Failed to save ${key} config`, 'error');
} finally {
setServiceSaving((s) => ({ ...s, [key]: false }));
}
@@ -457,8 +497,42 @@ function Settings() {
const updateServiceConfig = (key, data) => {
setServiceConfigs((prev) => ({ ...prev, [key]: data }));
setServiceDirty((d) => ({ ...d, [key]: true }));
draftConfig?.setDirty(key, true);
};
// Flusher registration (autosave on Apply)
// Use refs so flush functions always see current dirty/save state without stale closures.
const identityDirtyRef = useRef(identityDirty);
useEffect(() => { identityDirtyRef.current = identityDirty; }, [identityDirty]);
const serviceDirtyRef = useRef(serviceDirty);
useEffect(() => { serviceDirtyRef.current = serviceDirty; }, [serviceDirty]);
const saveIdentityRef = useRef(saveIdentity);
useEffect(() => { saveIdentityRef.current = saveIdentity; }, [saveIdentity]);
const saveServiceRef = useRef(saveService);
useEffect(() => { saveServiceRef.current = saveService; }, [saveService]);
useEffect(() => {
if (!draftConfig) return;
const unregister = draftConfig.registerFlusher('identity', async () => {
if (identityDirtyRef.current) await saveIdentityRef.current();
});
return unregister;
}, [draftConfig]);
useEffect(() => {
if (!draftConfig) return;
const unregisters = SERVICE_DEFS.map(({ key }) =>
draftConfig.registerFlusher(key, async () => {
if (serviceDirtyRef.current[key]) await saveServiceRef.current(key);
})
);
return () => unregisters.forEach((fn) => fn());
}, [draftConfig]);
//
// backups
const createBackup = async () => {
setBackupCreating(true);
@@ -551,21 +625,21 @@ function Settings() {
<Field label="Cell Name">
<TextInput
value={identity.cell_name}
onChange={(v) => { setIdentity((i) => ({ ...i, cell_name: v })); setIdentityDirty(true); }}
onChange={(v) => { setIdentity((i) => ({ ...i, cell_name: v })); setIdentityDirty(true); draftConfig?.setDirty('identity', true); }}
placeholder="mycell"
/>
</Field>
<Field label="Domain">
<TextInput
value={identity.domain}
onChange={(v) => { setIdentity((i) => ({ ...i, domain: v })); setIdentityDirty(true); }}
onChange={(v) => { setIdentity((i) => ({ ...i, domain: v })); setIdentityDirty(true); draftConfig?.setDirty('identity', true); }}
placeholder="cell.local"
/>
</Field>
<Field label="IP Range" hint="Docker bridge subnet" error={ipRangeError}>
<TextInput
value={identity.ip_range}
onChange={(v) => { setIdentity((i) => ({ ...i, ip_range: v })); setIdentityDirty(true); }}
onChange={(v) => { setIdentity((i) => ({ ...i, ip_range: v })); setIdentityDirty(true); draftConfig?.setDirty('identity', true); }}
placeholder="172.20.0.0/16"
/>
</Field>
@@ -592,7 +666,12 @@ function Settings() {
</div>
{SERVICE_DEFS.map(({ key, label, icon: Icon, Form, defaults }) => {
const data = { ...defaults, ...(serviceConfigs[key] || {}) };
const errors = validateServiceConfig(key, data);
const conflictErrors = {};
for (const field of (PORT_CONFLICT_FIELDS[key] || [])) {
const msg = portConflicts[`${key}|${field}`];
if (msg) conflictErrors[field] = msg;
}
const errors = { ...validateServiceConfig(key, data), ...conflictErrors };
const hasErrors = Object.keys(errors).length > 0;
const dirty = serviceDirty[key];
const saving = serviceSaving[key];