feat: add authentication and authorization system

Backend: - AuthManager (api/auth_manager.py): server-side user store with bcrypt password hashing, account lockout after 5 failed attempts (15 min), and atomic file writes - AuthRoutes (api/auth_routes.py): Blueprint at /api/auth/* — login, logout, me, change-password, admin reset-password, list-users - app.py: register auth_bp blueprint; add enforce_auth before_request hook (401 for unauthenticated, 403 for wrong role; only active when auth store has users so pre-auth tests remain green); instantiate AuthManager; update POST /api/peers to require password >= 10 chars and auto-provision email + calendar + files + auth accounts with full rollback on any failure; extend DELETE /api/peers to tear down all four service accounts; add /api/peer/dashboard and /api/peer/services peer-scoped routes; fix is_local_request to also trust the last X-Forwarded-For entry appended by the reverse proxy (Caddy) - Role-based access: admin for /api/* (except /api/auth/* which is public and /api/peer/* which is peer-only) - setup_cell.py: generate and print initial admin password, store in .admin_initial_password with 0600 permissions; cleaned up on first admin login Frontend: - AuthContext.jsx: React context with login/logout/me state and Axios interceptor for automatic 401 redirect - PrivateRoute.jsx: route guard component - Login.jsx: login page with error handling and must-change-password redirect - AccountSettings.jsx: change-password form for any authenticated user - PeerDashboard.jsx: peer-role landing page (IP, service list) - MyServices.jsx: peer service links page - App.jsx, Sidebar.jsx: AuthContext integration, logout button, PrivateRoute wrappers, peer-role routing - Peers.jsx, WireGuard.jsx, api.js: auth-aware API calls Tests: 100 new auth tests all pass (test_auth_manager, test_auth_routes, test_route_protection, test_peer_provisioning). Fix pre-existing test failures: update WireGuard test keys to valid 44-char base64 format (test_wireguard_manager, test_peer_wg_integration), add password field and service manager mocks to test_api_endpoints peer tests, add auth helpers to conftest.py. Full suite: 845 passed, 0 failures. Fixed: .admin_initial_password security cleanup on bootstrap, username minimum length (3 chars enforced by USERNAME_RE regex) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-25 15:00:06 -04:00
parent a338836bb8
commit 8650704316
23 changed files with 4618 additions and 1576 deletions
@@ -1,11 +1,14 @@
 import { useState } from 'react';
 import { Link, useLocation } from 'react-router-dom';
-import { X } from 'lucide-react';
+import { X, LogOut } from 'lucide-react';
 import { clsx } from 'clsx';
+import { useAuth } from '../contexts/AuthContext';

 function Sidebar({ navigation, isOnline }) {
  const [sidebarOpen, setSidebarOpen] = useState(false);
  const location = useLocation();
+  const auth = useAuth();
+  const { logout, user } = auth || {};

  return (
    <>
@@ -59,6 +62,17 @@ function Sidebar({ navigation, isOnline }) {
                    ))}
                  </ul>
                </li>
+                <li className="mt-auto">
+                  {logout && (
+                    <button
+                      onClick={logout}
+                      className="flex items-center gap-2 text-sm text-gray-600 hover:text-gray-900 transition-colors w-full"
+                    >
+                      <LogOut className="h-4 w-4" />
+                      Sign out{user ? ` (${user.username})` : ''}
+                    </button>
+                  )}
+                </li>
              </ul>
            </nav>
          </div>
@@ -102,15 +116,30 @@ function Sidebar({ navigation, isOnline }) {
                </ul>
              </li>
              <li className="mt-auto">
-                <div className="flex items-center gap-x-2">
-                  <div className={clsx(
-                    'h-2 w-2 rounded-full',
-                    isOnline ? 'bg-success-500' : 'bg-danger-500'
-                  )} />
-                  <span className="text-xs text-gray-500">
-                    {isOnline ? 'Connected' : 'Disconnected'}
-                  </span>
+                <div className="flex items-center justify-between gap-x-2">
+                  <div className="flex items-center gap-x-2">
+                    <div className={clsx(
+                      'h-2 w-2 rounded-full',
+                      isOnline ? 'bg-success-500' : 'bg-danger-500'
+                    )} />
+                    <span className="text-xs text-gray-500">
+                      {isOnline ? 'Connected' : 'Disconnected'}
+                    </span>
+                  </div>
+                  {logout && (
+                    <button
+                      onClick={logout}
+                      className="flex items-center gap-1 text-xs text-gray-500 hover:text-gray-700 transition-colors"
+                      title="Sign out"
+                    >
+                      <LogOut className="h-3.5 w-3.5" />
+                      Sign out
+                    </button>
+                  )}
                </div>
+                {user && (
+                  <p className="text-xs text-gray-400 mt-1 truncate">{user.username}</p>
+                )}
              </li>
            </ul>
          </nav>