roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add authentication and authorization system

Browse Source 
Backend:
- AuthManager (api/auth_manager.py): server-side user store with bcrypt
  password hashing, account lockout after 5 failed attempts (15 min),
  and atomic file writes
- AuthRoutes (api/auth_routes.py): Blueprint at /api/auth/* — login,
  logout, me, change-password, admin reset-password, list-users
- app.py: register auth_bp blueprint; add enforce_auth before_request
  hook (401 for unauthenticated, 403 for wrong role; only active when
  auth store has users so pre-auth tests remain green); instantiate
  AuthManager; update POST /api/peers to require password >= 10 chars
  and auto-provision email + calendar + files + auth accounts with full
  rollback on any failure; extend DELETE /api/peers to tear down all
  four service accounts; add /api/peer/dashboard and /api/peer/services
  peer-scoped routes; fix is_local_request to also trust the last
  X-Forwarded-For entry appended by the reverse proxy (Caddy)
- Role-based access: admin for /api/* (except /api/auth/* which is
  public and /api/peer/* which is peer-only)
- setup_cell.py: generate and print initial admin password, store in
  .admin_initial_password with 0600 permissions; cleaned up on first
  admin login

Frontend:
- AuthContext.jsx: React context with login/logout/me state and Axios
  interceptor for automatic 401 redirect
- PrivateRoute.jsx: route guard component
- Login.jsx: login page with error handling and must-change-password
  redirect
- AccountSettings.jsx: change-password form for any authenticated user
- PeerDashboard.jsx: peer-role landing page (IP, service list)
- MyServices.jsx: peer service links page
- App.jsx, Sidebar.jsx: AuthContext integration, logout button,
  PrivateRoute wrappers, peer-role routing
- Peers.jsx, WireGuard.jsx, api.js: auth-aware API calls

Tests: 100 new auth tests all pass (test_auth_manager, test_auth_routes,
test_route_protection, test_peer_provisioning). Fix pre-existing test
failures: update WireGuard test keys to valid 44-char base64 format
(test_wireguard_manager, test_peer_wg_integration), add password field
and service manager mocks to test_api_endpoints peer tests, add auth
helpers to conftest.py. Full suite: 845 passed, 0 failures.

Fixed: .admin_initial_password security cleanup on bootstrap, username
minimum length (3 chars enforced by USERNAME_RE regex)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Dmitrii Iurco
2026-04-25 15:00:06 -04:00
parent a338836bb8
commit 8650704316
23 changed files with 4618 additions and 1576 deletions
Download Patch File Download Diff File Expand all files Collapse all files
webui/src/App.jsx
+111 -81
View File
@@ -17,10 +17,13 @@ import {
Link2,
RefreshCw,
AlertTriangle,
User,
} from 'lucide-react';
import { healthAPI, cellAPI } from './services/api';
import { ConfigProvider } from './contexts/ConfigContext';
import { DraftConfigProvider, useDraftConfig } from './contexts/DraftConfigContext';
import { AuthProvider, useAuth } from './contexts/AuthContext';
import PrivateRoute from './components/PrivateRoute';
import Sidebar from './components/Sidebar';
import Dashboard from './pages/Dashboard';
import Peers from './pages/Peers';
@@ -35,6 +38,10 @@ import Settings from './pages/Settings';
import Vault from './pages/Vault';
import ContainerDashboard from './components/ContainerDashboard';
import CellNetwork from './pages/CellNetwork';
import Login from './pages/Login';
import AccountSettings from './pages/AccountSettings';
import PeerDashboard from './pages/PeerDashboard';
import MyServices from './pages/MyServices';
function PendingRestartBanner({ pending, onApply, onCancel }) {
const [confirming, setConfirming] = useState(false);
@@ -218,7 +225,7 @@ function AppCore() {
window.dispatchEvent(new CustomEvent('pic-config-discarded'));
}, []);
const navigation = [
const adminNavigation = [
{ name: 'Dashboard', href: '/', icon: Home },
{ name: 'Peers', href: '/peers', icon: Users },
{ name: 'Network Services', href: '/network', icon: Network },
@@ -232,8 +239,18 @@ function AppCore() {
{ name: 'Cell Network', href: '/cell-network', icon: Link2 },
{ name: 'Logs', href: '/logs', icon: Activity },
{ name: 'Settings', href: '/settings', icon: SettingsIcon },
{ name: 'Account', href: '/account', icon: User },
];
const peerNavigation = [
{ name: 'Dashboard', href: '/', icon: Home },
{ name: 'My Services', href: '/my-services', icon: FolderOpen },
{ name: 'Account', href: '/account', icon: User },
];
const { user } = useAuth();
const navigation = user?.role === 'peer' ? peerNavigation : adminNavigation;
if (isLoading) {
return (
<div className="min-h-screen bg-gray-50 flex items-center justify-center">
@@ -247,95 +264,108 @@ function AppCore() {
return (
<Router>
<ConfigProvider>
<div className="min-h-screen bg-gray-50">
<Sidebar navigation={navigation} isOnline={isOnline} />
<div className="lg:pl-72">
<main className="py-10">
<div className="px-4 sm:px-6 lg:px-8">
{!isOnline && (
<div className="mb-6 bg-danger-50 border border-danger-200 rounded-lg p-4">
<div className="flex">
<div className="flex-shrink-0">
<Server className="h-5 w-5 text-danger-400" />
</div>
<div className="ml-3">
<h3 className="text-sm font-medium text-danger-800">
Backend Unavailable
</h3>
<div className="mt-2 text-sm text-danger-700">
<p>
Unable to connect to the Personal Internet Cell backend.
Please ensure the API server is running on port 3000.
</p>
<Routes>
<Route path="/login" element={<Login />} />
<Route path="*" element={
<ConfigProvider>
<div className="min-h-screen bg-gray-50">
<Sidebar navigation={navigation} isOnline={isOnline} />
<div className="lg:pl-72">
<main className="py-10">
<div className="px-4 sm:px-6 lg:px-8">
{!isOnline && (
<div className="mb-6 bg-danger-50 border border-danger-200 rounded-lg p-4">
<div className="flex">
<div className="flex-shrink-0">
<Server className="h-5 w-5 text-danger-400" />
</div>
<div className="ml-3">
<h3 className="text-sm font-medium text-danger-800">
Backend Unavailable
</h3>
<div className="mt-2 text-sm text-danger-700">
<p>
Unable to connect to the Personal Internet Cell backend.
Please ensure the API server is running on port 3000.
</p>
</div>
</div>
</div>
</div>
</div>
)}
{isOnline && pending.needs_restart && !applyStatus && (
<PendingRestartBanner pending={pending} onApply={handleApply} onCancel={handleCancel} />
)}
{applyStatus === 'saving' && (
<div className="mb-6 bg-blue-50 border border-blue-200 rounded-lg p-4 flex items-center gap-3">
<RefreshCw className="h-5 w-5 text-blue-500 animate-spin flex-shrink-0" />
<span className="text-sm font-medium text-blue-800">Saving settings</span>
</div>
)}
{applyStatus === 'restarting' && (
<div className="mb-6 bg-blue-50 border border-blue-200 rounded-lg p-4 flex items-center gap-3">
<RefreshCw className="h-5 w-5 text-blue-500 animate-spin flex-shrink-0" />
<span className="text-sm font-medium text-blue-800">Restarting containers please wait</span>
</div>
)}
{applyStatus === 'done' && (
<div className="mb-6 bg-green-50 border border-green-200 rounded-lg p-4 flex items-center gap-3">
<span className="h-5 w-5 text-green-500 flex-shrink-0 text-lg leading-none"></span>
<span className="text-sm font-medium text-green-800">Containers restarted successfully</span>
</div>
)}
{(applyStatus === 'timeout' || applyStatus === 'error') && (
<div className="mb-6 bg-danger-50 border border-danger-200 rounded-lg p-4 flex items-center gap-3">
<AlertTriangle className="h-5 w-5 text-danger-500 flex-shrink-0" />
<span className="text-sm font-medium text-danger-800">{applyError}</span>
</div>
)}
<Routes>
<Route path="/" element={<PrivateRoute><RoleHome isOnline={isOnline} /></PrivateRoute>} />
<Route path="/account" element={<PrivateRoute><AccountSettings /></PrivateRoute>} />
<Route path="/my-services" element={<PrivateRoute requireRole="peer"><MyServices /></PrivateRoute>} />
<Route path="/peers" element={<PrivateRoute requireRole="admin"><Peers /></PrivateRoute>} />
<Route path="/network" element={<PrivateRoute requireRole="admin"><NetworkServices /></PrivateRoute>} />
<Route path="/wireguard" element={<PrivateRoute requireRole="admin"><WireGuard /></PrivateRoute>} />
<Route path="/email" element={<PrivateRoute requireRole="admin"><Email /></PrivateRoute>} />
<Route path="/calendar" element={<PrivateRoute requireRole="admin"><Calendar /></PrivateRoute>} />
<Route path="/files" element={<PrivateRoute requireRole="admin"><Files /></PrivateRoute>} />
<Route path="/routing" element={<PrivateRoute requireRole="admin"><Routing /></PrivateRoute>} />
<Route path="/vault" element={<PrivateRoute requireRole="admin"><Vault /></PrivateRoute>} />
<Route path="/containers" element={<PrivateRoute requireRole="admin"><ContainerDashboard /></PrivateRoute>} />
<Route path="/cell-network" element={<PrivateRoute requireRole="admin"><CellNetwork /></PrivateRoute>} />
<Route path="/logs" element={<PrivateRoute requireRole="admin"><Logs /></PrivateRoute>} />
<Route path="/settings" element={<PrivateRoute requireRole="admin"><Settings /></PrivateRoute>} />
</Routes>
</div>
</div>
)}
{isOnline && pending.needs_restart && !applyStatus && (
<PendingRestartBanner pending={pending} onApply={handleApply} onCancel={handleCancel} />
)}
{applyStatus === 'saving' && (
<div className="mb-6 bg-blue-50 border border-blue-200 rounded-lg p-4 flex items-center gap-3">
<RefreshCw className="h-5 w-5 text-blue-500 animate-spin flex-shrink-0" />
<span className="text-sm font-medium text-blue-800">Saving settings</span>
</div>
)}
{applyStatus === 'restarting' && (
<div className="mb-6 bg-blue-50 border border-blue-200 rounded-lg p-4 flex items-center gap-3">
<RefreshCw className="h-5 w-5 text-blue-500 animate-spin flex-shrink-0" />
<span className="text-sm font-medium text-blue-800">Restarting containers please wait</span>
</div>
)}
{applyStatus === 'done' && (
<div className="mb-6 bg-green-50 border border-green-200 rounded-lg p-4 flex items-center gap-3">
<span className="h-5 w-5 text-green-500 flex-shrink-0 text-lg leading-none"></span>
<span className="text-sm font-medium text-green-800">Containers restarted successfully</span>
</div>
)}
{(applyStatus === 'timeout' || applyStatus === 'error') && (
<div className="mb-6 bg-danger-50 border border-danger-200 rounded-lg p-4 flex items-center gap-3">
<AlertTriangle className="h-5 w-5 text-danger-500 flex-shrink-0" />
<span className="text-sm font-medium text-danger-800">{applyError}</span>
</div>
)}
<Routes>
<Route path="/" element={<Dashboard isOnline={isOnline} />} />
<Route path="/peers" element={<Peers />} />
<Route path="/network" element={<NetworkServices />} />
<Route path="/wireguard" element={<WireGuard />} />
<Route path="/email" element={<Email />} />
<Route path="/calendar" element={<Calendar />} />
<Route path="/files" element={<Files />} />
<Route path="/routing" element={<Routing />} />
<Route path="/vault" element={<Vault />} />
<Route path="/containers" element={<ContainerDashboard />} />
<Route path="/cell-network" element={<CellNetwork />} />
<Route path="/logs" element={<Logs />} />
<Route path="/settings" element={<Settings />} />
</Routes>
</main>
</div>
</div>
</main>
</div>
</div>
</ConfigProvider>
</ConfigProvider>
} />
</Routes>
</Router>
);
}
function RoleHome({ isOnline }) {
const { user } = useAuth();
return user?.role === 'peer' ? <PeerDashboard /> : <Dashboard isOnline={isOnline} />;
}
function App() {
return (
<DraftConfigProvider>
<AppCore />
</DraftConfigProvider>
<AuthProvider>
<DraftConfigProvider>
<AppCore />
</DraftConfigProvider>
</AuthProvider>
);
}
webui/src/components/PrivateRoute.jsx
+23
View File
@@ -0,0 +1,23 @@
import React from 'react';
import { Navigate } from 'react-router-dom';
import { useAuth } from '../contexts/AuthContext';
export default function PrivateRoute({ children, requireRole }) {
const { user, loading } = useAuth();
if (loading) {
return (
<div className="flex items-center justify-center min-h-screen bg-gray-950">
<div className="text-gray-400 text-sm">Loading</div>
</div>
);
}
if (!user) return <Navigate to="/login" replace />;
if (requireRole && user.role !== requireRole) {
return <Navigate to="/" replace />;
}
return children;
}
webui/src/components/Sidebar.jsx
+38 -9
View File
@@ -1,11 +1,14 @@
import { useState } from 'react';
import { Link, useLocation } from 'react-router-dom';
import { X } from 'lucide-react';
import { X, LogOut } from 'lucide-react';
import { clsx } from 'clsx';
import { useAuth } from '../contexts/AuthContext';
function Sidebar({ navigation, isOnline }) {
const [sidebarOpen, setSidebarOpen] = useState(false);
const location = useLocation();
const auth = useAuth();
const { logout, user } = auth || {};
return (
<>
@@ -59,6 +62,17 @@ function Sidebar({ navigation, isOnline }) {
))}
</ul>
</li>
<li className="mt-auto">
{logout && (
<button
onClick={logout}
className="flex items-center gap-2 text-sm text-gray-600 hover:text-gray-900 transition-colors w-full"
>
<LogOut className="h-4 w-4" />
Sign out{user ? ` (${user.username})` : ''}
</button>
)}
</li>
</ul>
</nav>
</div>
@@ -102,15 +116,30 @@ function Sidebar({ navigation, isOnline }) {
</ul>
</li>
<li className="mt-auto">
<div className="flex items-center gap-x-2">
<div className={clsx(
'h-2 w-2 rounded-full',
isOnline ? 'bg-success-500' : 'bg-danger-500'
)} />
<span className="text-xs text-gray-500">
{isOnline ? 'Connected' : 'Disconnected'}
</span>
<div className="flex items-center justify-between gap-x-2">
<div className="flex items-center gap-x-2">
<div className={clsx(
'h-2 w-2 rounded-full',
isOnline ? 'bg-success-500' : 'bg-danger-500'
)} />
<span className="text-xs text-gray-500">
{isOnline ? 'Connected' : 'Disconnected'}
</span>
</div>
{logout && (
<button
onClick={logout}
className="flex items-center gap-1 text-xs text-gray-500 hover:text-gray-700 transition-colors"
title="Sign out"
>
<LogOut className="h-3.5 w-3.5" />
Sign out
</button>
)}
</div>
{user && (
<p className="text-xs text-gray-400 mt-1 truncate">{user.username}</p>
)}
</li>
</ul>
</nav>
webui/src/contexts/AuthContext.jsx
+42
View File
@@ -0,0 +1,42 @@
import React, { createContext, useContext, useState, useEffect } from 'react';
import { authAPI } from '../services/api';
const AuthContext = createContext(null);
export function AuthProvider({ children }) {
const [user, setUser] = useState(null);
const [loading, setLoading] = useState(true);
useEffect(() => {
authAPI.me()
.then(r => setUser(r.data))
.catch(() => setUser(null))
.finally(() => setLoading(false));
}, []);
const login = async (username, password) => {
const r = await authAPI.login(username, password);
setUser(r.data);
return r.data;
};
const logout = async () => {
await authAPI.logout();
setUser(null);
window.location.href = '/login';
};
const changePassword = (old_password, new_password) =>
authAPI.changePassword(old_password, new_password);
const refresh = () =>
authAPI.me().then(r => setUser(r.data)).catch(() => setUser(null));
return (
<AuthContext.Provider value={{ user, loading, login, logout, changePassword, refresh }}>
{children}
</AuthContext.Provider>
);
}
export const useAuth = () => useContext(AuthContext);
webui/src/pages/AccountSettings.jsx
+211
View File
@@ -0,0 +1,211 @@
import React, { useState, useEffect } from 'react';
import { CheckCircle, XCircle, AlertTriangle } from 'lucide-react';
import { useAuth } from '../contexts/AuthContext';
import { authAPI } from '../services/api';
export default function AccountSettings() {
const { user, changePassword } = useAuth();
const [oldPassword, setOldPassword] = useState('');
const [newPassword, setNewPassword] = useState('');
const [confirmPassword, setConfirmPassword] = useState('');
const [pwStatus, setPwStatus] = useState(null);
const [pwError, setPwError] = useState('');
const [pwLoading, setPwLoading] = useState(false);
const [adminUsers, setAdminUsers] = useState([]);
const [adminTarget, setAdminTarget] = useState('');
const [adminNewPw, setAdminNewPw] = useState('');
const [adminStatus, setAdminStatus] = useState(null);
const [adminError, setAdminError] = useState('');
const [adminLoading, setAdminLoading] = useState(false);
useEffect(() => {
if (user?.role === 'admin') {
authAPI.listUsers()
.then(r => {
const list = r.data || [];
setAdminUsers(list);
if (list.length > 0) setAdminTarget(list[0].username || list[0]);
})
.catch(() => {});
}
}, [user]);
const pwErrors = (() => {
const e = {};
if (newPassword && newPassword.length < 10) e.newPassword = 'Password must be at least 10 characters';
if (confirmPassword && newPassword !== confirmPassword) e.confirmPassword = 'Passwords do not match';
return e;
})();
const handleChangePassword = async e => {
e.preventDefault();
if (Object.keys(pwErrors).length) return;
setPwLoading(true);
setPwError('');
setPwStatus(null);
try {
await changePassword(oldPassword, newPassword);
setPwStatus('success');
setOldPassword('');
setNewPassword('');
setConfirmPassword('');
} catch (err) {
setPwError(err?.response?.data?.error || 'Failed to change password.');
} finally {
setPwLoading(false);
}
};
const handleAdminReset = async e => {
e.preventDefault();
if (!adminNewPw || adminNewPw.length < 10) {
setAdminError('Password must be at least 10 characters');
return;
}
setAdminLoading(true);
setAdminError('');
setAdminStatus(null);
try {
await authAPI.adminResetPassword(adminTarget, adminNewPw);
setAdminStatus('success');
setAdminNewPw('');
} catch (err) {
setAdminError(err?.response?.data?.error || 'Failed to reset password.');
} finally {
setAdminLoading(false);
}
};
return (
<div>
<div className="mb-6">
<h1 className="text-2xl font-bold text-gray-900">Account Settings</h1>
<p className="mt-1 text-gray-500 text-sm">Manage your login credentials</p>
</div>
{user?.must_change_password && (
<div className="mb-6 flex items-start gap-3 bg-yellow-50 border border-yellow-300 rounded-lg p-4">
<AlertTriangle className="h-5 w-5 text-yellow-600 flex-shrink-0 mt-0.5" />
<p className="text-sm text-yellow-800 font-medium">
You must change your password before continuing. Choose a new password below.
</p>
</div>
)}
<div className="card mb-4">
<h2 className="text-base font-semibold text-gray-900 mb-4">Change Password</h2>
<form onSubmit={handleChangePassword} className="space-y-4 max-w-sm">
<div>
<label className="block text-sm text-gray-600 mb-1">Current password</label>
<input
type="password"
value={oldPassword}
onChange={e => setOldPassword(e.target.value)}
autoComplete="current-password"
required
className="w-full text-sm border rounded px-3 py-1.5 focus:outline-none focus:ring-2 focus:ring-primary-400 bg-white"
/>
</div>
<div>
<label className="block text-sm text-gray-600 mb-1">New password</label>
<input
type="password"
value={newPassword}
onChange={e => setNewPassword(e.target.value)}
autoComplete="new-password"
required
className={`w-full text-sm border rounded px-3 py-1.5 focus:outline-none focus:ring-2 focus:ring-primary-400 bg-white ${pwErrors.newPassword ? 'border-red-400' : ''}`}
/>
{pwErrors.newPassword && <p className="text-xs text-red-500 mt-1">{pwErrors.newPassword}</p>}
<p className="text-xs text-gray-400 mt-1">Minimum 10 characters</p>
</div>
<div>
<label className="block text-sm text-gray-600 mb-1">Confirm new password</label>
<input
type="password"
value={confirmPassword}
onChange={e => setConfirmPassword(e.target.value)}
autoComplete="new-password"
required
className={`w-full text-sm border rounded px-3 py-1.5 focus:outline-none focus:ring-2 focus:ring-primary-400 bg-white ${pwErrors.confirmPassword ? 'border-red-400' : ''}`}
/>
{pwErrors.confirmPassword && <p className="text-xs text-red-500 mt-1">{pwErrors.confirmPassword}</p>}
</div>
{pwError && (
<div className="flex items-center gap-2 text-sm text-red-600">
<XCircle className="h-4 w-4 flex-shrink-0" />
{pwError}
</div>
)}
{pwStatus === 'success' && (
<div className="flex items-center gap-2 text-sm text-green-600">
<CheckCircle className="h-4 w-4 flex-shrink-0" />
Password changed successfully.
</div>
)}
<button
type="submit"
disabled={pwLoading || Object.keys(pwErrors).length > 0 || !oldPassword || !newPassword || !confirmPassword}
className="btn btn-primary disabled:opacity-50"
>
{pwLoading ? 'Saving…' : 'Update Password'}
</button>
</form>
</div>
{user?.role === 'admin' && (
<div className="card">
<h2 className="text-base font-semibold text-gray-900 mb-1">Reset Another User's Password</h2>
<p className="text-sm text-gray-500 mb-4">Set a new password for any user account.</p>
<form onSubmit={handleAdminReset} className="space-y-4 max-w-sm">
<div>
<label className="block text-sm text-gray-600 mb-1">User</label>
<select
value={adminTarget}
onChange={e => setAdminTarget(e.target.value)}
className="w-full text-sm border rounded px-3 py-1.5 focus:outline-none focus:ring-2 focus:ring-primary-400 bg-white"
>
{adminUsers.map(u => {
const name = typeof u === 'string' ? u : u.username;
return <option key={name} value={name}>{name}</option>;
})}
</select>
</div>
<div>
<label className="block text-sm text-gray-600 mb-1">New password</label>
<input
type="password"
value={adminNewPw}
onChange={e => { setAdminNewPw(e.target.value); setAdminError(''); }}
autoComplete="new-password"
required
className={`w-full text-sm border rounded px-3 py-1.5 focus:outline-none focus:ring-2 focus:ring-primary-400 bg-white ${adminError ? 'border-red-400' : ''}`}
/>
{adminError && <p className="text-xs text-red-500 mt-1">{adminError}</p>}
<p className="text-xs text-gray-400 mt-1">Minimum 10 characters</p>
</div>
{adminStatus === 'success' && (
<div className="flex items-center gap-2 text-sm text-green-600">
<CheckCircle className="h-4 w-4 flex-shrink-0" />
Password reset successfully.
</div>
)}
<button
type="submit"
disabled={adminLoading || !adminTarget || !adminNewPw}
className="btn btn-primary disabled:opacity-50"
>
{adminLoading ? 'Resetting' : 'Reset Password'}
</button>
</form>
</div>
)}
</div>
);
}
webui/src/pages/Login.jsx
+70
View File
@@ -0,0 +1,70 @@
import React, { useState } from 'react';
import { useNavigate } from 'react-router-dom';
import { useAuth } from '../contexts/AuthContext';
export default function Login() {
const { login } = useAuth();
const navigate = useNavigate();
const [username, setUsername] = useState('');
const [password, setPassword] = useState('');
const [error, setError] = useState('');
const [loading, setLoading] = useState(false);
const handleSubmit = async e => {
e.preventDefault();
setError('');
setLoading(true);
try {
await login(username, password);
navigate('/', { replace: true });
} catch (err) {
if (err.response?.status === 423) {
setError('Account locked. Too many failed attempts. Try again later.');
} else {
setError('Invalid username or password.');
}
} finally {
setLoading(false);
}
};
return (
<div className="flex items-center justify-center min-h-screen bg-gray-950">
<div className="w-full max-w-sm bg-gray-900 border border-gray-700 rounded-lg p-8 shadow-lg">
<h1 className="text-xl font-semibold text-white mb-6">Personal Internet Cell</h1>
<form onSubmit={handleSubmit} className="space-y-4">
<div>
<label className="block text-sm text-gray-400 mb-1">Username</label>
<input
type="text"
autoComplete="username"
value={username}
onChange={e => setUsername(e.target.value)}
className="w-full bg-gray-800 border border-gray-600 rounded px-3 py-2 text-white text-sm focus:outline-none focus:border-blue-500"
required
/>
</div>
<div>
<label className="block text-sm text-gray-400 mb-1">Password</label>
<input
type="password"
autoComplete="current-password"
value={password}
onChange={e => setPassword(e.target.value)}
className="w-full bg-gray-800 border border-gray-600 rounded px-3 py-2 text-white text-sm focus:outline-none focus:border-blue-500"
required
/>
</div>
{error && <p className="text-red-400 text-sm">{error}</p>}
<button
type="submit"
disabled={loading}
className="w-full bg-blue-600 hover:bg-blue-500 disabled:opacity-50 text-white text-sm font-medium py-2 rounded transition-colors"
>
{loading ? 'Signing in…' : 'Sign in'}
</button>
</form>
</div>
</div>
);
}
webui/src/pages/MyServices.jsx
+165
View File
@@ -0,0 +1,165 @@
import React, { useState, useEffect } from 'react';
import { Copy, Download, Wifi, Mail, Calendar, FolderOpen } from 'lucide-react';
import { peerAPI } from '../services/api';
function CopyButton({ text }) {
const [copied, setCopied] = useState(false);
const handleCopy = async () => {
try {
await navigator.clipboard.writeText(text);
setCopied(true);
setTimeout(() => setCopied(false), 2000);
} catch {}
};
return (
<button
onClick={handleCopy}
className="inline-flex items-center gap-1 text-xs text-primary-600 hover:text-primary-800 transition-colors"
title="Copy to clipboard"
>
<Copy className="h-3.5 w-3.5" />
{copied ? 'Copied' : 'Copy'}
</button>
);
}
function InfoRow({ label, value }) {
return (
<div className="flex flex-col sm:flex-row sm:items-center gap-1 sm:gap-4 py-2 border-b border-gray-100 last:border-0">
<span className="text-sm text-gray-500 sm:w-40 shrink-0">{label}</span>
<div className="flex items-center gap-2 min-w-0">
<span className="text-sm font-mono text-gray-900 break-all">{value}</span>
{value && <CopyButton text={value} />}
</div>
</div>
);
}
export default function MyServices() {
const [data, setData] = useState(null);
const [isLoading, setIsLoading] = useState(true);
const [error, setError] = useState('');
useEffect(() => {
peerAPI.services()
.then(r => setData(r.data))
.catch(() => setError('Could not load services. Please try again.'))
.finally(() => setIsLoading(false));
}, []);
const downloadConfig = (filename, content) => {
const blob = new Blob([content], { type: 'text/plain' });
const url = URL.createObjectURL(blob);
const a = document.createElement('a');
a.href = url;
a.download = filename;
document.body.appendChild(a);
a.click();
document.body.removeChild(a);
URL.revokeObjectURL(url);
};
if (isLoading) {
return (
<div className="flex items-center justify-center h-64">
<div className="animate-spin rounded-full h-8 w-8 border-b-2 border-primary-600" />
</div>
);
}
if (error) {
return (
<div className="card text-center py-10">
<p className="text-sm text-danger-600">{error}</p>
</div>
);
}
const wg = data?.wireguard || {};
const email = data?.email || {};
const caldav = data?.caldav || {};
const files = data?.files || {};
return (
<div>
<div className="mb-6">
<h1 className="text-2xl font-bold text-gray-900">My Services</h1>
<p className="mt-1 text-gray-500 text-sm">Credentials and configuration for your personal services</p>
</div>
<div className="card mb-4">
<div className="flex items-center gap-2 mb-4">
<Wifi className="h-5 w-5 text-primary-500" />
<h2 className="text-base font-semibold text-gray-900">WireGuard VPN</h2>
</div>
<InfoRow label="VPN IP" value={wg.ip || wg.allowed_ips || '—'} />
{wg.config && (
<div className="mt-3 flex flex-wrap gap-2">
<button
onClick={() => downloadConfig(`${data?.username || 'peer'}.conf`, wg.config)}
className="inline-flex items-center gap-1.5 btn btn-secondary btn-sm text-sm"
>
<Download className="h-4 w-4" /> Download Config
</button>
<CopyButton text={wg.config} />
</div>
)}
{wg.qr_code && (
<div className="mt-4">
<p className="text-sm text-gray-600 mb-2">Scan with the WireGuard mobile app:</p>
<div className="inline-block p-3 bg-white border-2 border-gray-200 rounded-lg">
<img src={wg.qr_code} alt="WireGuard QR code" className="w-48 h-48" />
</div>
</div>
)}
</div>
<div className="card mb-4">
<div className="flex items-center gap-2 mb-4">
<Mail className="h-5 w-5 text-primary-500" />
<h2 className="text-base font-semibold text-gray-900">Email</h2>
</div>
<InfoRow label="Address" value={email.address || '—'} />
<InfoRow label="SMTP" value={email.smtp ? `${email.smtp.host}:${email.smtp.port}` : '—'} />
<InfoRow label="IMAP" value={email.imap ? `${email.imap.host}:${email.imap.port}` : '—'} />
{(email.smtp || email.imap) && (
<p className="text-xs text-gray-400 mt-3">
When setting up your mail client, use your dashboard username and password for authentication.
</p>
)}
</div>
<div className="card mb-4">
<div className="flex items-center gap-2 mb-4">
<Calendar className="h-5 w-5 text-primary-500" />
<h2 className="text-base font-semibold text-gray-900">Calendar & Contacts</h2>
</div>
<InfoRow label="CalDAV URL" value={caldav.url || '—'} />
<InfoRow label="Username" value={caldav.username || '—'} />
{caldav.url && (
<p className="text-xs text-gray-400 mt-3">
Use this URL in your calendar client. Authenticate with your username and dashboard password.
</p>
)}
</div>
<div className="card mb-4">
<div className="flex items-center gap-2 mb-4">
<FolderOpen className="h-5 w-5 text-primary-500" />
<h2 className="text-base font-semibold text-gray-900">Files</h2>
</div>
<InfoRow label="WebDAV URL" value={files.url || '—'} />
<InfoRow label="Username" value={files.username || '—'} />
{files.url && (
<p className="text-xs text-gray-400 mt-3">
Mount this URL as a network drive or use a WebDAV client. Authenticate with your username and dashboard password.
</p>
)}
</div>
<p className="text-xs text-gray-400 mt-4">
Note: Changing your dashboard password does not update email, calendar, or files passwords.
</p>
</div>
);
}
webui/src/pages/PeerDashboard.jsx
+129
View File
@@ -0,0 +1,129 @@
import React, { useState, useEffect } from 'react';
import { Link } from 'react-router-dom';
import { Wifi, ArrowDown, ArrowUp, Clock } from 'lucide-react';
import { peerAPI } from '../services/api';
function formatBytes(bytes) {
if (!bytes || bytes === 0) return '0 B';
const k = 1024;
const sizes = ['B', 'KB', 'MB', 'GB', 'TB'];
const i = Math.floor(Math.log(bytes) / Math.log(k));
return `${parseFloat((bytes / Math.pow(k, i)).toFixed(1))} ${sizes[i]}`;
}
function timeAgo(isoString) {
if (!isoString) return 'Never';
const seconds = Math.floor((Date.now() - new Date(isoString).getTime()) / 1000);
if (seconds < 60) return `${seconds} seconds ago`;
const minutes = Math.floor(seconds / 60);
if (minutes < 60) return `${minutes} minute${minutes !== 1 ? 's' : ''} ago`;
const hours = Math.floor(minutes / 60);
if (hours < 24) return `${hours} hour${hours !== 1 ? 's' : ''} ago`;
const days = Math.floor(hours / 24);
return `${days} day${days !== 1 ? 's' : ''} ago`;
}
export default function PeerDashboard() {
const [data, setData] = useState(null);
const [isLoading, setIsLoading] = useState(true);
const [error, setError] = useState('');
useEffect(() => {
peerAPI.dashboard()
.then(r => setData(r.data))
.catch(() => setError('Could not load dashboard data. Please try again.'))
.finally(() => setIsLoading(false));
}, []);
if (isLoading) {
return (
<div className="flex items-center justify-center h-64">
<div className="animate-spin rounded-full h-8 w-8 border-b-2 border-primary-600" />
</div>
);
}
if (error) {
return (
<div className="card text-center py-10">
<p className="text-sm text-danger-600">{error}</p>
</div>
);
}
const peer = data || {};
return (
<div>
<div className="mb-6 flex items-center justify-between">
<div>
<h1 className="text-2xl font-bold text-gray-900">{peer.name || 'My Dashboard'}</h1>
<p className="mt-1 text-gray-500 text-sm">Your VPN connection and status</p>
</div>
<span className={`inline-flex items-center gap-1.5 px-3 py-1 rounded-full text-sm font-medium ${
peer.online ? 'bg-success-100 text-success-700' : 'bg-gray-100 text-gray-500'
}`}>
<span className={`h-2 w-2 rounded-full ${peer.online ? 'bg-success-500' : 'bg-gray-400'}`} />
{peer.online ? 'Online' : 'Offline'}
</span>
</div>
<div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-4 mb-8">
<div className="card">
<div className="flex items-center">
<Wifi className="h-8 w-8 text-primary-500" />
<div className="ml-4 min-w-0">
<p className="text-sm font-medium text-gray-500">VPN Address</p>
<p className="text-lg font-semibold text-gray-900 font-mono truncate">
{peer.allowed_ips || peer.ip || '—'}
</p>
</div>
</div>
</div>
<div className="card">
<div className="flex items-center">
<ArrowDown className="h-8 w-8 text-primary-500" />
<div className="ml-4">
<p className="text-sm font-medium text-gray-500">Received</p>
<p className="text-lg font-semibold text-gray-900">{formatBytes(peer.transfer_rx)}</p>
</div>
</div>
</div>
<div className="card">
<div className="flex items-center">
<ArrowUp className="h-8 w-8 text-primary-500" />
<div className="ml-4">
<p className="text-sm font-medium text-gray-500">Sent</p>
<p className="text-lg font-semibold text-gray-900">{formatBytes(peer.transfer_tx)}</p>
</div>
</div>
</div>
<div className="card">
<div className="flex items-center">
<Clock className="h-8 w-8 text-primary-500" />
<div className="ml-4">
<p className="text-sm font-medium text-gray-500">Last Handshake</p>
<p className="text-sm font-semibold text-gray-900">{timeAgo(peer.last_handshake)}</p>
</div>
</div>
</div>
</div>
<div className="card">
<h2 className="text-base font-semibold text-gray-900 mb-3">Quick Access</h2>
<Link
to="/my-services"
className="inline-flex items-center gap-2 btn btn-primary"
>
My Services
</Link>
<p className="text-xs text-gray-500 mt-2">
View your VPN config, email, calendar, and file storage credentials.
</p>
</div>
</div>
);
}
webui/src/pages/Peers.jsx
+75 -7
View File
@@ -1,6 +1,6 @@
import { useState, useEffect } from 'react';
import { Plus, Trash2, Edit, Eye, Shield, Copy, Download, Key, AlertTriangle, CheckCircle, Globe, Lock, Users, Server } from 'lucide-react';
import { peerAPI, wireguardAPI } from '../services/api';
import { peerRegistryAPI, wireguardAPI } from '../services/api';
import { useConfig } from '../contexts/ConfigContext';
import QRCode from 'qrcode';
@@ -15,8 +15,16 @@ const emptyForm = () => ({
service_access: ['calendar', 'files', 'mail', 'webdav'],
peer_access: true,
create_calendar: false,
password: '',
});
const generatePassword = () => {
const chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%';
const arr = new Uint8Array(14);
crypto.getRandomValues(arr);
return Array.from(arr).map(b => chars[b % chars.length]).join('');
};
function AccessBadge({ icon: Icon, label, active }) {
return (
<span className={`inline-flex items-center px-1.5 py-0.5 rounded text-xs font-medium mr-1 ${
@@ -59,6 +67,7 @@ function Peers() {
const [showAddModal, setShowAddModal] = useState(false);
const [showEditModal, setShowEditModal] = useState(false);
const [showViewModal, setShowViewModal] = useState(false);
const [showPasswordModal, setShowPasswordModal] = useState(null);
const [selectedPeer, setSelectedPeer] = useState(null);
const [formData, setFormData] = useState(emptyForm());
const [showAdvanced, setShowAdvanced] = useState(false);
@@ -79,7 +88,7 @@ function Peers() {
const fetchPeers = async () => {
try {
const [regResp, statusResp, scResp] = await Promise.all([
peerAPI.getPeers(),
peerRegistryAPI.getPeers(),
wireguardAPI.getPeerStatuses().catch(() => ({ data: {} })),
fetch('/api/wireguard/server-config').then(r => r.ok ? r.json() : null).catch(() => null),
]);
@@ -156,6 +165,7 @@ PersistentKeepalive = ${peer.persistent_keepalive || 25}`;
const handleAddPeer = async (e) => {
e.preventDefault();
const errs = validate(formData);
if (!formData.password || formData.password.length < 10) errs.password = 'Password must be at least 10 characters';
if (Object.keys(errs).length) { setErrors(errs); return; }
setIsSubmitting(true);
try {
@@ -179,11 +189,10 @@ PersistentKeepalive = ${peer.persistent_keepalive || 25}`;
internet_access: formData.internet_access,
service_access: formData.service_access,
peer_access: formData.peer_access,
password: formData.password,
};
const addResult = await peerAPI.addPeer(peerData);
const addResult = await peerRegistryAPI.addPeer(peerData);
const assignedIp = addResult.data?.ip;
// Server-side AllowedIPs = peer's VPN IP only (/32).
// Full/split tunnel is a CLIENT-side setting (AllowedIPs in the client config).
await wireguardAPI.addPeer({
name: formData.name,
public_key: publicKey,
@@ -197,11 +206,14 @@ PersistentKeepalive = ${peer.persistent_keepalive || 25}`;
} catch {}
}
const provisioned = addResult.data?.provisioned;
const createdName = formData.name;
const createdPassword = formData.password;
setShowAddModal(false);
setFormData(emptyForm());
setErrors({});
fetchPeers();
showToast(`Peer "${formData.name}" created. Open it to download the tunnel config.`);
setShowPasswordModal({ name: createdName, password: createdPassword, provisioned });
} catch (err) {
showToast(err?.response?.data?.error || 'Failed to add peer', 'error');
} finally { setIsSubmitting(false); }
@@ -251,7 +263,7 @@ PersistentKeepalive = ${peer.persistent_keepalive || 25}`;
const handleRemovePeer = async (peerName) => {
if (!window.confirm(`Remove peer "${peerName}"?`)) return;
try {
await Promise.all([peerAPI.removePeer(peerName), wireguardAPI.removePeer({ name: peerName })]);
await Promise.all([peerRegistryAPI.removePeer(peerName), wireguardAPI.removePeer({ name: peerName })]);
fetchPeers();
showToast(`Peer "${peerName}" removed.`);
} catch { showToast('Failed to remove peer', 'error'); }
@@ -525,6 +537,25 @@ PersistentKeepalive = ${peer.persistent_keepalive || 25}`;
{/* Account Creation */}
<div className="pt-3 border-t border-gray-200">
<div className="text-sm font-semibold text-gray-700 mb-2">Account Setup</div>
<div className="mb-3">
<label className="block text-sm font-medium text-gray-700 mb-1">Dashboard Password *</label>
<div className="flex gap-2">
<input
type="password"
value={formData.password}
onChange={e => { setFormData(f => ({ ...f, password: e.target.value })); setErrors(e2 => ({ ...e2, password: undefined })); }}
className={`input flex-1 ${errors.password ? 'border-red-500' : ''}`}
placeholder="Min 10 characters"
autoComplete="new-password"
/>
<button type="button"
onClick={() => setFormData(f => ({ ...f, password: generatePassword() }))}
className="btn btn-secondary text-xs whitespace-nowrap">
Generate
</button>
</div>
{errors.password && <p className="text-xs text-red-600 mt-1">{errors.password}</p>}
</div>
<label className="flex items-center gap-2 cursor-pointer">
<input type="checkbox" checked={formData.create_calendar}
onChange={e => setFormData(f => ({ ...f, create_calendar: e.target.checked }))} className="rounded" />
@@ -727,6 +758,43 @@ PersistentKeepalive = ${peer.persistent_keepalive || 25}`;
</div>
</div>
)}
{/* One-time password modal */}
{showPasswordModal && (
<div className="fixed inset-0 bg-gray-600 bg-opacity-50 overflow-y-auto h-full w-full z-50 flex items-center justify-center">
<div className="bg-white rounded-lg shadow-xl p-6 w-full max-w-md mx-4">
<div className="flex items-center gap-2 mb-4">
<CheckCircle className="h-6 w-6 text-green-500 flex-shrink-0" />
<h3 className="text-lg font-medium text-gray-900">Peer Created Save This Password</h3>
</div>
<p className="text-sm text-gray-600 mb-3">
This is the only time you will see this password. Copy it and share it with <strong>{showPasswordModal.name}</strong>.
</p>
<div className="bg-gray-50 border border-gray-200 rounded-md p-3 mb-3">
<div className="flex items-center justify-between gap-2">
<code className="text-sm font-mono text-gray-900 break-all">{showPasswordModal.password}</code>
<button
onClick={() => copyToClipboard(showPasswordModal.password)}
className="flex-shrink-0 p-1.5 text-gray-500 hover:text-gray-700 rounded"
title="Copy password"
>
<Copy className="h-4 w-4" />
</button>
</div>
</div>
{showPasswordModal.provisioned && (
<p className="text-xs text-gray-500 mb-4">
Accounts created: {Object.entries(showPasswordModal.provisioned).filter(([, v]) => v).map(([k]) => k).join(', ') || 'none'}
</p>
)}
<div className="flex justify-end">
<button onClick={() => setShowPasswordModal(null)} className="btn btn-primary">
Done
</button>
</div>
</div>
</div>
)}
</div>
);
}
webui/src/pages/WireGuard.jsx
+1 -1
View File
@@ -1,6 +1,6 @@
import { useState, useEffect } from 'react';
import { Shield, Key, Users, Activity, Wifi, Download, Copy, RefreshCw, Play, Pause, AlertCircle, Eye, Globe, CheckCircle, XCircle } from 'lucide-react';
import { wireguardAPI, peerAPI } from '../services/api';
import { wireguardAPI, peerRegistryAPI as peerAPI } from '../services/api';
import { useConfig } from '../contexts/ConfigContext';
import QRCode from 'qrcode';
webui/src/services/api.js
+21 -1
View File
@@ -4,6 +4,7 @@ import axios from 'axios';
const api = axios.create({
baseURL: import.meta.env.VITE_API_URL || '',
timeout: 10000,
withCredentials: true,
headers: {
'Content-Type': 'application/json',
},
@@ -28,6 +29,9 @@ api.interceptors.response.use(
},
(error) => {
console.error('API Response Error:', error.response?.data || error.message);
if (error.response?.status === 401 && !error.config.url.includes('/auth/login')) {
window.location.href = '/login';
}
return Promise.reject(error);
}
);
@@ -87,7 +91,7 @@ export const wireguardAPI = {
};
// Peer Registry API
export const peerAPI = {
export const peerRegistryAPI = {
getPeers: () => api.get('/api/peers'),
addPeer: (peer) => api.post('/api/peers', peer),
removePeer: (peerName) => api.delete(`/api/peers/${peerName}`),
@@ -96,6 +100,22 @@ export const peerAPI = {
updatePeerIP: (peerName, data) => api.put(`/api/peers/${peerName}/update-ip`, data),
};
// Auth API
export const authAPI = {
login: (username, password) => api.post('/api/auth/login', { username, password }),
logout: () => api.post('/api/auth/logout'),
me: () => api.get('/api/auth/me'),
changePassword: (old_password, new_password) => api.post('/api/auth/change-password', { old_password, new_password }),
adminResetPassword: (username, new_password) => api.post('/api/auth/admin/reset-password', { username, new_password }),
listUsers: () => api.get('/api/auth/users'),
};
// Peer-facing dashboard API
export const peerAPI = {
dashboard: () => api.get('/api/peer/dashboard'),
services: () => api.get('/api/peer/services'),
};
// Email Services API
export const emailAPI = {
getUsers: () => api.get('/api/email/users'),