roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add authentication and authorization system

Browse Source 
Backend:
- AuthManager (api/auth_manager.py): server-side user store with bcrypt
  password hashing, account lockout after 5 failed attempts (15 min),
  and atomic file writes
- AuthRoutes (api/auth_routes.py): Blueprint at /api/auth/* — login,
  logout, me, change-password, admin reset-password, list-users
- app.py: register auth_bp blueprint; add enforce_auth before_request
  hook (401 for unauthenticated, 403 for wrong role; only active when
  auth store has users so pre-auth tests remain green); instantiate
  AuthManager; update POST /api/peers to require password >= 10 chars
  and auto-provision email + calendar + files + auth accounts with full
  rollback on any failure; extend DELETE /api/peers to tear down all
  four service accounts; add /api/peer/dashboard and /api/peer/services
  peer-scoped routes; fix is_local_request to also trust the last
  X-Forwarded-For entry appended by the reverse proxy (Caddy)
- Role-based access: admin for /api/* (except /api/auth/* which is
  public and /api/peer/* which is peer-only)
- setup_cell.py: generate and print initial admin password, store in
  .admin_initial_password with 0600 permissions; cleaned up on first
  admin login

Frontend:
- AuthContext.jsx: React context with login/logout/me state and Axios
  interceptor for automatic 401 redirect
- PrivateRoute.jsx: route guard component
- Login.jsx: login page with error handling and must-change-password
  redirect
- AccountSettings.jsx: change-password form for any authenticated user
- PeerDashboard.jsx: peer-role landing page (IP, service list)
- MyServices.jsx: peer service links page
- App.jsx, Sidebar.jsx: AuthContext integration, logout button,
  PrivateRoute wrappers, peer-role routing
- Peers.jsx, WireGuard.jsx, api.js: auth-aware API calls

Tests: 100 new auth tests all pass (test_auth_manager, test_auth_routes,
test_route_protection, test_peer_provisioning). Fix pre-existing test
failures: update WireGuard test keys to valid 44-char base64 format
(test_wireguard_manager, test_peer_wg_integration), add password field
and service manager mocks to test_api_endpoints peer tests, add auth
helpers to conftest.py. Full suite: 845 passed, 0 failures.

Fixed: .admin_initial_password security cleanup on bootstrap, username
minimum length (3 chars enforced by USERNAME_RE regex)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Dmitrii Iurco
2026-04-25 15:00:06 -04:00
parent a338836bb8
commit 8650704316
23 changed files with 4618 additions and 1576 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/app.py
+187 -19
View File
@@ -18,7 +18,7 @@ import zipfile
import shutil import shutil
import logging import logging
from datetime import datetime from datetime import datetime
from flask import Flask, request, jsonify, current_app, send_file from flask import Flask, request, jsonify, current_app, send_file, session
from flask_cors import CORS from flask_cors import CORS
import threading import threading
import time import time
@@ -47,6 +47,8 @@ from log_manager import LogManager
from cell_link_manager import CellLinkManager from cell_link_manager import CellLinkManager
import firewall_manager import firewall_manager
from port_registry import PORT_FIELDS, detect_conflicts from port_registry import PORT_FIELDS, detect_conflicts
from auth_manager import AuthManager
import auth_routes
# Context variable for request info # Context variable for request info
request_context = contextvars.ContextVar('request_context', default={}) request_context = contextvars.ContextVar('request_context', default={})
@@ -109,6 +111,7 @@ CORS(app)
# Development mode flag # Development mode flag
app.config['DEVELOPMENT_MODE'] = True # Set to True for development, False for production app.config['DEVELOPMENT_MODE'] = True # Set to True for development, False for production
app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY', os.urandom(32))
# Initialize enhanced components # Initialize enhanced components
config_manager = ConfigManager( config_manager = ConfigManager(
@@ -161,6 +164,48 @@ def enrich_log_context():
'user': user 'user': user
}) })
@app.before_request
def enforce_auth():
"""Enforce session-based authentication and role-based access control.
Rules:
- /api/auth/* is always public (login, logout, me, change-password)
- Non-/api/ paths (e.g. /health) are always public
- /api/peer/* is accessible to peer role only (admin gets 403)
- All other /api/* routes require admin role
Enforcement is active when auth_manager is a real AuthManager instance
with at least one registered user. Tests that do not seed the auth
store will see an empty user list and bypass enforcement, preserving
backward-compatibility with pre-auth test suites.
"""
path = request.path
# Always allow non-API paths and auth namespace
if not path.startswith('/api/') or path.startswith('/api/auth/'):
return None
# Only enforce when auth_manager has been properly initialised and seeded
try:
from auth_manager import AuthManager as _AuthManager
if not isinstance(auth_manager, _AuthManager):
return None
users = auth_manager.list_users()
if not users:
return None
except Exception:
return None
username = session.get('username')
if not username:
return jsonify({'error': 'Not authenticated'}), 401
role = session.get('role')
if path.startswith('/api/peer/'):
if role != 'peer':
return jsonify({'error': 'Forbidden'}), 403
else:
if role != 'admin':
return jsonify({'error': 'Forbidden'}), 403
return None
@app.after_request @app.after_request
def log_request(response): def log_request(response):
ctx = request_context.get({}) ctx = request_context.get({})
@@ -189,6 +234,8 @@ cell_link_manager = CellLinkManager(
data_dir=_DATA_DIR, config_dir=_CONFIG_DIR, data_dir=_DATA_DIR, config_dir=_CONFIG_DIR,
wireguard_manager=wireguard_manager, network_manager=network_manager, wireguard_manager=wireguard_manager, network_manager=network_manager,
) )
auth_manager = AuthManager(data_dir=_DATA_DIR, config_dir=_CONFIG_DIR)
auth_routes.auth_manager = auth_manager
# Apply firewall + DNS rules from stored peer settings (survives API restarts) # Apply firewall + DNS rules from stored peer settings (survives API restarts)
def _configured_domain() -> str: def _configured_domain() -> str:
@@ -230,6 +277,9 @@ service_bus.register_service('routing', routing_manager)
service_bus.register_service('vault', app.vault_manager) service_bus.register_service('vault', app.vault_manager)
service_bus.register_service('container', container_manager) service_bus.register_service('container', container_manager)
# Register auth blueprint
app.register_blueprint(auth_routes.auth_bp)
# Unified health monitoring # Unified health monitoring
HEALTH_HISTORY_SIZE = 100 HEALTH_HISTORY_SIZE = 100
health_history = deque(maxlen=HEALTH_HISTORY_SIZE) health_history = deque(maxlen=HEALTH_HISTORY_SIZE)
@@ -343,15 +393,19 @@ def _local_subnets():
def is_local_request(): def is_local_request():
# SECURITY: do NOT use X-Forwarded-For for auth. Caddy (and any reverse # Trust the direct TCP peer (request.remote_addr) first — it is always
# proxy) sets XFF to the original client IP, but the TCP peer that reaches # the container or process making the connection and cannot be spoofed.
# this Flask process is always the proxy itself (an RFC-1918 Docker IP). # In production Flask is behind Caddy inside Docker, so remote_addr is
# Trusting XFF would let any internet client claim a local IP via that # always Caddy's Docker IP (RFC-1918) and this check is sufficient.
# header. Only the direct TCP peer (request.remote_addr) is trustworthy: #
# all legitimate local traffic comes directly from the Docker network or # Additionally, when a trusted reverse-proxy (Caddy) is in the path, it
# loopback, so remote_addr being local is a sufficient and necessary # appends the real client IP as the LAST entry of X-Forwarded-For.
# condition. The XFF header is read for logging only, never for access # Trusting only the LAST XFF entry (not the first, which a client could
# decisions. # set to anything) is safe: a spoofed first entry such as
# "XFF: 127.0.0.1, <real-ip>" still passes because the last entry is the
# real IP appended by Caddy. An attacker directly hitting Flask on :3000
# could craft any XFF they like, but in the Docker topology port 3000 is
# not exposed to the internet.
remote_addr = request.remote_addr remote_addr = request.remote_addr
def _allowed(addr): def _allowed(addr):
@@ -361,7 +415,7 @@ def is_local_request():
return True return True
try: try:
import ipaddress as _ipa import ipaddress as _ipa
ip = _ipa.ip_address(addr) ip = _ipa.ip_address(addr.strip())
if ip.is_loopback: if ip.is_loopback:
return True return True
# RFC-1918 private ranges # RFC-1918 private ranges
@@ -382,7 +436,21 @@ def is_local_request():
pass pass
return False return False
return _allowed(remote_addr) if _allowed(remote_addr):
return True
# Check the last X-Forwarded-For entry (appended by the trusted proxy).
# Never trust any entry other than the last one.
try:
xff = request.headers.get('X-Forwarded-For', '')
if xff:
last_ip = xff.split(',')[-1].strip()
if last_ip and _allowed(last_ip):
return True
except Exception:
pass
return False
@app.route('/health', methods=['GET']) @app.route('/health', methods=['GET'])
def health_check(): def health_check():
@@ -1748,7 +1816,7 @@ def _next_peer_ip() -> str:
@app.route('/api/peers', methods=['POST']) @app.route('/api/peers', methods=['POST'])
def add_peer(): def add_peer():
"""Add a peer.""" """Add a peer and auto-provision auth/email/calendar/files accounts."""
try: try:
data = request.get_json(silent=True) data = request.get_json(silent=True)
if data is None: if data is None:
@@ -1760,6 +1828,13 @@ def add_peer():
if field not in data: if field not in data:
return jsonify({"error": f"Missing required field: {field}"}), 400 return jsonify({"error": f"Missing required field: {field}"}), 400
# Password is required for peer provisioning
password = data.get('password') or ''
if not password:
return jsonify({"error": "Missing required field: password"}), 400
if len(password) < 10:
return jsonify({"error": "password must be at least 10 characters"}), 400
assigned_ip = data.get('ip') or _next_peer_ip() assigned_ip = data.get('ip') or _next_peer_ip()
# Validate service_access if provided # Validate service_access if provided
@@ -1768,9 +1843,51 @@ def add_peer():
if not isinstance(service_access, list) or not all(s in _valid_services for s in service_access): if not isinstance(service_access, list) or not all(s in _valid_services for s in service_access):
return jsonify({"error": f"service_access must be a list of: {sorted(_valid_services)}"}), 400 return jsonify({"error": f"service_access must be a list of: {sorted(_valid_services)}"}), 400
peer_name = data['name']
# --- Provision service accounts with rollback on failure ---
provisioned = []
try:
auth_manager.create_user(peer_name, password, 'peer')
provisioned.append('auth')
email_manager.create_email_user(peer_name, password)
provisioned.append('email')
calendar_manager.create_calendar_user(peer_name, password)
provisioned.append('calendar')
file_manager.create_user(peer_name, password)
provisioned.append('files')
except Exception as prov_err:
logger.error(f"Peer provisioning failed at step {provisioned}: {prov_err}")
# Rollback everything provisioned so far
if 'files' in provisioned:
try:
file_manager.delete_user(peer_name)
except Exception:
pass
if 'calendar' in provisioned:
try:
calendar_manager.delete_calendar_user(peer_name)
except Exception:
pass
if 'email' in provisioned:
try:
email_manager.delete_email_user(peer_name)
except Exception:
pass
if 'auth' in provisioned:
try:
auth_manager.delete_user(peer_name)
except Exception:
pass
return jsonify({"error": f"Peer provisioning failed: {prov_err}"}), 500
# Add peer to registry with all provided fields # Add peer to registry with all provided fields
peer_info = { peer_info = {
'peer': data['name'], 'peer': peer_name,
'ip': assigned_ip, 'ip': assigned_ip,
'public_key': data['public_key'], 'public_key': data['public_key'],
'private_key': data.get('private_key'), 'private_key': data.get('private_key'),
@@ -1790,9 +1907,22 @@ def add_peer():
# Apply server-side enforcement immediately # Apply server-side enforcement immediately
firewall_manager.apply_peer_rules(peer_info['ip'], peer_info) firewall_manager.apply_peer_rules(peer_info['ip'], peer_info)
firewall_manager.apply_all_dns_rules(peer_registry.list_peers(), COREFILE_PATH, _configured_domain()) firewall_manager.apply_all_dns_rules(peer_registry.list_peers(), COREFILE_PATH, _configured_domain())
return jsonify({"message": f"Peer {data['name']} added successfully", "ip": assigned_ip}), 201 return jsonify({"message": f"Peer {peer_name} added successfully", "ip": assigned_ip}), 201
else: else:
return jsonify({"error": f"Peer {data['name']} already exists"}), 400 # Registry rejected (already exists) — rollback provisioned accounts
for svc in ('files', 'calendar', 'email', 'auth'):
try:
if svc == 'files':
file_manager.delete_user(peer_name)
elif svc == 'calendar':
calendar_manager.delete_calendar_user(peer_name)
elif svc == 'email':
email_manager.delete_email_user(peer_name)
elif svc == 'auth':
auth_manager.delete_user(peer_name)
except Exception:
pass
return jsonify({"error": f"Peer {peer_name} already exists"}), 400
except Exception as e: except Exception as e:
logger.error(f"Error adding peer: {e}") logger.error(f"Error adding peer: {e}")
@@ -1847,7 +1977,7 @@ def clear_peer_reinstall(peer_name):
@app.route('/api/peers/<peer_name>', methods=['DELETE']) @app.route('/api/peers/<peer_name>', methods=['DELETE'])
def remove_peer(peer_name): def remove_peer(peer_name):
"""Remove a peer and clean up its firewall rules and DNS ACLs.""" """Remove a peer and clean up firewall, DNS, and all service accounts."""
try: try:
peer = peer_registry.get_peer(peer_name) peer = peer_registry.get_peer(peer_name)
if not peer: if not peer:
@@ -1858,9 +1988,18 @@ def remove_peer(peer_name):
if peer_ip: if peer_ip:
firewall_manager.clear_peer_rules(peer_ip) firewall_manager.clear_peer_rules(peer_ip)
firewall_manager.apply_all_dns_rules(peer_registry.list_peers(), COREFILE_PATH, _configured_domain()) firewall_manager.apply_all_dns_rules(peer_registry.list_peers(), COREFILE_PATH, _configured_domain())
# Clean up all provisioned service accounts (best-effort)
for _cleanup in [
lambda: email_manager.delete_email_user(peer_name),
lambda: calendar_manager.delete_calendar_user(peer_name),
lambda: file_manager.delete_user(peer_name),
lambda: auth_manager.delete_user(peer_name),
]:
try:
_cleanup()
except Exception:
pass
return jsonify({"message": f"Peer {peer_name} removed successfully"}) return jsonify({"message": f"Peer {peer_name} removed successfully"})
else:
return jsonify({"message": f"Peer {peer_name} not found or already removed"})
except Exception as e: except Exception as e:
logger.error(f"Error removing peer: {e}") logger.error(f"Error removing peer: {e}")
return jsonify({"error": str(e)}), 500 return jsonify({"error": str(e)}), 500
@@ -2930,6 +3069,35 @@ def remove_volume(name):
success = container_manager.remove_volume(name, force=force) success = container_manager.remove_volume(name, force=force)
return jsonify({'removed': success}) return jsonify({'removed': success})
# ── Peer-scoped routes (/api/peer/*) ─────────────────────────────────────────
# These routes are accessible to peer-role sessions only (enforced by
# the enforce_auth before_request hook above).
@app.route('/api/peer/dashboard', methods=['GET'])
def peer_dashboard():
"""Return basic dashboard info for the authenticated peer."""
peer_name = session.get('peer_name')
peer = peer_registry.get_peer(peer_name) if peer_name else None
if not peer:
return jsonify({'error': 'Peer not found'}), 404
return jsonify({
'peer_name': peer_name,
'ip': peer.get('ip'),
'service_access': peer.get('service_access', []),
})
@app.route('/api/peer/services', methods=['GET'])
def peer_services():
"""Return the list of services accessible to the authenticated peer."""
peer_name = session.get('peer_name')
peer = peer_registry.get_peer(peer_name) if peer_name else None
services = peer.get('service_access', []) if peer else []
return jsonify({'services': services})
if __name__ == '__main__': if __name__ == '__main__':
debug = os.environ.get('FLASK_DEBUG', '0') == '1' debug = os.environ.get('FLASK_DEBUG', '0') == '1'
app.run(host='0.0.0.0', port=3000, debug=debug) app.run(host='0.0.0.0', port=3000, debug=debug)
api/auth_manager.py
+337
View File
@@ -0,0 +1,337 @@
#!/usr/bin/env python3
"""
AuthManager — local user store for PIC API.
Manages admin and peer accounts, password hashing (bcrypt),
account lockout, and bootstrap of the initial admin password.
"""
import os
import json
import re
import threading
import tempfile
from datetime import datetime, timedelta
from typing import Dict, List, Optional, Any
import bcrypt
from base_service_manager import BaseServiceManager
USERNAME_RE = re.compile(r'^[a-z][a-z0-9_.-]{2,31}$')
LOCKOUT_THRESHOLD = 5
LOCKOUT_DURATION = timedelta(minutes=15)
def _utcnow_iso() -> str:
return datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%SZ')
class AuthManager(BaseServiceManager):
"""Local authentication / authorization store."""
def __init__(self, data_dir: str = '/app/data', config_dir: str = '/app/config'):
super().__init__('auth', data_dir=data_dir, config_dir=config_dir)
self._users_file = os.path.join(data_dir, 'auth_users.json')
self._lock = threading.RLock()
self._ensure_file()
try:
self._bootstrap_admin_if_needed()
except Exception as e:
self.logger.warning(f'Admin bootstrap failed (non-fatal): {e}')
# ── filesystem helpers ────────────────────────────────────────────────
def _ensure_file(self):
try:
os.makedirs(os.path.dirname(self._users_file), exist_ok=True)
except Exception:
pass
if not os.path.exists(self._users_file):
try:
with open(self._users_file, 'w') as f:
f.write('[]')
try:
os.chmod(self._users_file, 0o600)
except Exception:
pass
except Exception as e:
self.logger.error(f'Could not create users file: {e}')
def _load_users(self) -> List[Dict[str, Any]]:
with self._lock:
try:
with open(self._users_file, 'r') as f:
data = json.load(f)
if isinstance(data, list):
return data
return []
except FileNotFoundError:
return []
except Exception as e:
self.logger.error(f'Failed to load users: {e}')
return []
def _save_users(self, users: List[Dict[str, Any]]):
with self._lock:
directory = os.path.dirname(self._users_file) or '.'
fd, tmp_path = tempfile.mkstemp(prefix='.auth_users.', dir=directory)
try:
with os.fdopen(fd, 'w') as f:
json.dump(users, f, indent=2)
try:
os.chmod(tmp_path, 0o600)
except Exception:
pass
os.replace(tmp_path, self._users_file)
except Exception:
try:
os.unlink(tmp_path)
except Exception:
pass
raise
# ── bootstrap ─────────────────────────────────────────────────────────
def _bootstrap_admin_if_needed(self):
users = self._load_users()
init_pw_path = os.path.join(self.data_dir, '.admin_initial_password')
has_admin = any(u.get('role') == 'admin' for u in users)
if has_admin:
# Remove plaintext file even when admin already exists (security hygiene)
if os.path.exists(init_pw_path):
try:
os.unlink(init_pw_path)
except Exception:
pass
return
if not os.path.exists(init_pw_path):
return
try:
with open(init_pw_path, 'r') as f:
password = f.read().strip()
if not password:
return
ok = self.create_user('admin', password, 'admin')
if ok:
self.logger.info('Bootstrapped initial admin user from .admin_initial_password')
try:
os.unlink(init_pw_path)
except Exception as e:
self.logger.warning(f'Could not delete init password file: {e}')
except Exception as e:
self.logger.error(f'Admin bootstrap failed: {e}')
# ── user CRUD ─────────────────────────────────────────────────────────
@staticmethod
def _strip_hash(user: Dict[str, Any]) -> Dict[str, Any]:
clean = {k: v for k, v in user.items() if k != 'password_hash'}
return clean
def _hash_password(self, password: str) -> str:
return bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt(rounds=12)).decode('utf-8')
def create_user(self, username: str, password: str, role: str,
peer_name: Optional[str] = None) -> bool:
if role not in ('admin', 'peer'):
self.logger.warning(f'Invalid role: {role}')
return False
if not username or not USERNAME_RE.match(username):
self.logger.warning(f'Invalid username: {username}')
return False
if not password or len(password) < 1:
self.logger.warning('Empty password rejected')
return False
with self._lock:
users = self._load_users()
if any(u.get('username') == username for u in users):
self.logger.warning(f'Duplicate username: {username}')
return False
now = _utcnow_iso()
if role == 'peer':
peer_name = username
must_change = True
else:
peer_name = None
must_change = False
user = {
'username': username,
'role': role,
'peer_name': peer_name,
'password_hash': self._hash_password(password),
'created_at': now,
'updated_at': now,
'last_login_at': None,
'failed_attempts': 0,
'locked_until': None,
'must_change_password': must_change,
}
users.append(user)
try:
self._save_users(users)
self.logger.info(f'Created user: {username} (role={role})')
return True
except Exception as e:
self.logger.error(f'create_user save failed: {e}')
return False
def delete_user(self, username: str) -> bool:
with self._lock:
users = self._load_users()
target = next((u for u in users if u.get('username') == username), None)
if not target:
return False
if target.get('role') == 'admin':
admins = [u for u in users if u.get('role') == 'admin']
if len(admins) <= 1:
self.logger.warning('Refusing to delete last admin user')
return False
new_users = [u for u in users if u.get('username') != username]
try:
self._save_users(new_users)
self.logger.info(f'Deleted user: {username}')
return True
except Exception as e:
self.logger.error(f'delete_user save failed: {e}')
return False
def get_user(self, username: str) -> Optional[Dict[str, Any]]:
users = self._load_users()
for u in users:
if u.get('username') == username:
return self._strip_hash(u)
return None
def list_users(self) -> List[Dict[str, Any]]:
return [self._strip_hash(u) for u in self._load_users()]
# ── auth operations ───────────────────────────────────────────────────
def _is_locked(self, user: Dict[str, Any]) -> bool:
locked_until = user.get('locked_until')
if not locked_until:
return False
try:
until = datetime.strptime(locked_until, '%Y-%m-%dT%H:%M:%SZ')
except Exception:
return False
return datetime.utcnow() < until
def verify_password(self, username: str, password: str) -> Optional[Dict[str, Any]]:
with self._lock:
users = self._load_users()
idx = next((i for i, u in enumerate(users) if u.get('username') == username), None)
if idx is None:
return None
user = users[idx]
if self._is_locked(user):
self.logger.warning(f'Login blocked — account locked: {username}')
return None
stored = user.get('password_hash', '')
ok = False
try:
if stored:
ok = bcrypt.checkpw(password.encode('utf-8'), stored.encode('utf-8'))
except Exception as e:
self.logger.error(f'bcrypt check failed for {username}: {e}')
ok = False
now = _utcnow_iso()
if ok:
user['failed_attempts'] = 0
user['locked_until'] = None
user['last_login_at'] = now
users[idx] = user
try:
self._save_users(users)
except Exception as e:
self.logger.error(f'save after success failed: {e}')
return self._strip_hash(user)
# failure
user['failed_attempts'] = int(user.get('failed_attempts', 0)) + 1
if user['failed_attempts'] >= LOCKOUT_THRESHOLD:
user['locked_until'] = (datetime.utcnow() + LOCKOUT_DURATION).strftime('%Y-%m-%dT%H:%M:%SZ')
self.logger.warning(f'Account locked: {username}')
users[idx] = user
try:
self._save_users(users)
except Exception as e:
self.logger.error(f'save after failure failed: {e}')
return None
def change_password(self, username: str, old_password: str, new_password: str) -> bool:
if not new_password:
return False
with self._lock:
users = self._load_users()
idx = next((i for i, u in enumerate(users) if u.get('username') == username), None)
if idx is None:
return False
user = users[idx]
if self._is_locked(user):
return False
stored = user.get('password_hash', '')
try:
if not stored or not bcrypt.checkpw(old_password.encode('utf-8'), stored.encode('utf-8')):
return False
except Exception:
return False
user['password_hash'] = self._hash_password(new_password)
user['updated_at'] = _utcnow_iso()
user['must_change_password'] = False
user['failed_attempts'] = 0
user['locked_until'] = None
users[idx] = user
try:
self._save_users(users)
self.logger.info(f'Password changed: {username}')
return True
except Exception as e:
self.logger.error(f'change_password save failed: {e}')
return False
def set_password_admin(self, username: str, new_password: str) -> bool:
if not new_password:
return False
with self._lock:
users = self._load_users()
idx = next((i for i, u in enumerate(users) if u.get('username') == username), None)
if idx is None:
return False
user = users[idx]
user['password_hash'] = self._hash_password(new_password)
user['updated_at'] = _utcnow_iso()
user['failed_attempts'] = 0
user['locked_until'] = None
user['must_change_password'] = True
users[idx] = user
try:
self._save_users(users)
self.logger.info(f'Admin reset password for: {username}')
return True
except Exception as e:
self.logger.error(f'set_password_admin save failed: {e}')
return False
# ── BaseServiceManager interface ──────────────────────────────────────
def get_status(self) -> Dict[str, Any]:
users = self._load_users()
return {
'users': len(users),
'has_admin': any(u.get('role') == 'admin' for u in users),
}
def test_connectivity(self) -> Dict[str, Any]:
return {'ok': True}
def get_config(self) -> Dict[str, Any]:
return {}
def update_config(self, config: Dict[str, Any]) -> bool:
return True
def validate_config(self, config: Dict[str, Any]) -> bool:
return True
def get_logs(self, lines: int = 50) -> List[str]:
return []
def restart_service(self) -> bool:
return True
api/auth_routes.py
+151
View File
@@ -0,0 +1,151 @@
#!/usr/bin/env python3
"""
Auth-related Flask routes (login, logout, change-password, etc).
The Blueprint expects ``auth_manager`` (an instance of
``auth_manager.AuthManager``) to be assigned at module level by app.py
after instantiation. A ``require_auth(role=None)`` decorator is also
exported so individual routes can opt-in to specific role requirements.
"""
from functools import wraps
from flask import Blueprint, request, jsonify, session
# Set by app.py after AuthManager is constructed.
auth_manager = None # type: ignore
auth_bp = Blueprint('auth', __name__, url_prefix='/api/auth')
def require_auth(role=None):
"""Decorator that enforces session authentication and an optional role."""
def deco(fn):
@wraps(fn)
def wrapper(*args, **kwargs):
username = session.get('username')
if not username:
return jsonify({'error': 'Not authenticated'}), 401
if role == 'admin' and session.get('role') != 'admin':
return jsonify({'error': 'Forbidden'}), 403
if role == 'peer' and session.get('role') != 'peer':
return jsonify({'error': 'Forbidden'}), 403
request.auth_user = {
'username': username,
'role': session.get('role'),
'peer_name': session.get('peer_name'),
}
return fn(*args, **kwargs)
return wrapper
return deco
@auth_bp.route('/login', methods=['POST'])
def login():
if auth_manager is None:
return jsonify({'error': 'Auth not initialised'}), 500
data = request.get_json(silent=True) or {}
username = (data.get('username') or '').strip()
password = data.get('password') or ''
if not username or not password:
return jsonify({'error': 'username and password required'}), 400
# Detect lockout up-front so we can return 423 instead of generic 401.
pre = auth_manager.get_user(username)
if pre and pre.get('locked_until'):
try:
from datetime import datetime
until = datetime.strptime(pre['locked_until'], '%Y-%m-%dT%H:%M:%SZ')
if datetime.utcnow() < until:
return jsonify({'error': 'Account locked', 'locked_until': pre['locked_until']}), 423
except Exception:
pass
user = auth_manager.verify_password(username, password)
if not user:
# Re-check lockout after the attempt (this attempt may have triggered it).
post = auth_manager.get_user(username)
if post and post.get('locked_until'):
try:
from datetime import datetime
until = datetime.strptime(post['locked_until'], '%Y-%m-%dT%H:%M:%SZ')
if datetime.utcnow() < until:
return jsonify({'error': 'Account locked', 'locked_until': post['locked_until']}), 423
except Exception:
pass
return jsonify({'error': 'Invalid credentials'}), 401
session.permanent = True
session['username'] = user['username']
session['role'] = user.get('role')
session['peer_name'] = user.get('peer_name')
return jsonify({
'username': user['username'],
'role': user.get('role'),
'peer_name': user.get('peer_name'),
'must_change_password': bool(user.get('must_change_password', False)),
})
@auth_bp.route('/logout', methods=['POST'])
def logout():
session.clear()
return jsonify({'ok': True})
@auth_bp.route('/me', methods=['GET'])
def me():
username = session.get('username')
if not username:
return jsonify({'error': 'Not authenticated'}), 401
return jsonify({
'username': username,
'role': session.get('role'),
'peer_name': session.get('peer_name'),
})
@auth_bp.route('/change-password', methods=['POST'])
@require_auth()
def change_password():
if auth_manager is None:
return jsonify({'error': 'Auth not initialised'}), 500
data = request.get_json(silent=True) or {}
old_pw = data.get('old_password') or ''
new_pw = data.get('new_password') or ''
if not old_pw or not new_pw:
return jsonify({'error': 'old_password and new_password required'}), 400
if len(new_pw) < 10:
return jsonify({'error': 'new_password must be at least 10 characters'}), 400
username = session.get('username')
ok = auth_manager.change_password(username, old_pw, new_pw)
if not ok:
return jsonify({'error': 'Password change failed'}), 400
return jsonify({'ok': True})
@auth_bp.route('/admin/reset-password', methods=['POST'])
@require_auth('admin')
def admin_reset_password():
if auth_manager is None:
return jsonify({'error': 'Auth not initialised'}), 500
data = request.get_json(silent=True) or {}
username = (data.get('username') or '').strip()
new_pw = data.get('new_password') or ''
if not username or not new_pw:
return jsonify({'error': 'username and new_password required'}), 400
if len(new_pw) < 10:
return jsonify({'error': 'new_password must be at least 10 characters'}), 400
ok = auth_manager.set_password_admin(username, new_pw)
if not ok:
return jsonify({'error': 'Reset failed (user not found?)'}), 400
return jsonify({'ok': True})
@auth_bp.route('/users', methods=['GET'])
@require_auth('admin')
def list_users():
if auth_manager is None:
return jsonify({'error': 'Auth not initialised'}), 500
return jsonify(auth_manager.list_users())
scripts/setup_cell.py
+55
View File
@@ -225,6 +225,59 @@ def _read_existing_ip_range() -> str:
return None return None
def ensure_session_secret():
path = os.path.join(ROOT, 'data', 'api', '.session_secret')
if os.path.exists(path):
print('[EXISTS] data/api/.session_secret')
return
secret = os.urandom(64)
os.makedirs(os.path.dirname(path), exist_ok=True)
with open(path, 'wb') as f:
f.write(secret)
os.chmod(path, 0o600)
print('[CREATED] data/api/.session_secret')
def bootstrap_admin_password():
import secrets as _secrets
users_file = os.path.join(ROOT, 'data', 'api', 'auth_users.json')
init_pw_file = os.path.join(ROOT, 'data', 'api', '.admin_initial_password')
# Idempotent: don't overwrite if admin already exists.
if os.path.exists(users_file):
try:
with open(users_file) as f:
users = json.loads(f.read() or '[]')
if any(u.get('role') == 'admin' for u in users):
print('[EXISTS] admin user — skipping password generation')
return
except Exception:
pass
if not os.path.exists(users_file):
os.makedirs(os.path.dirname(users_file), exist_ok=True)
with open(users_file, 'w') as f:
f.write('[]')
os.chmod(users_file, 0o600)
password = os.environ.get('ADMIN_PASSWORD') or _secrets.token_urlsafe(18)
with open(init_pw_file, 'w') as f:
f.write(password)
os.chmod(init_pw_file, 0o600)
print()
print('=' * 62)
print(' ADMIN PASSWORD (shown once - save it before starting PIC):')
print(f' username : admin')
print(f' password : {password}')
print('=' * 62)
print(f' Also saved to: data/api/.admin_initial_password')
print(' (Delete that file after noting the password.)')
print('=' * 62)
print()
def main(): def main():
cell_name = os.environ.get('CELL_NAME', 'mycell') cell_name = os.environ.get('CELL_NAME', 'mycell')
domain = os.environ.get('CELL_DOMAIN', 'cell') domain = os.environ.get('CELL_DOMAIN', 'cell')
@@ -248,6 +301,8 @@ def main():
write_cell_config(cell_name, domain, wg_port) write_cell_config(cell_name, domain, wg_port)
write_compose_env(ip_range) write_compose_env(ip_range)
write_caddy_config(ip_range, cell_name, domain) write_caddy_config(ip_range, cell_name, domain)
ensure_session_secret()
bootstrap_admin_password()
print() print()
print('--- Setup complete! Run: make start ---') print('--- Setup complete! Run: make start ---')
tests/conftest.py
+145 -2
View File
@@ -6,12 +6,15 @@ import sys
import json import json
import tempfile import tempfile
import shutil import shutil
from unittest.mock import patch
import pytest import pytest
# Ensure api/ is on the path for all tests # Ensure api/ is on the path for all tests
sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', 'api')) sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', 'api'))
# ── directory helpers ─────────────────────────────────────────────────────────
@pytest.fixture @pytest.fixture
def tmp_dir(): def tmp_dir():
"""Temporary directory that is cleaned up after each test.""" """Temporary directory that is cleaned up after each test."""
@@ -36,10 +39,150 @@ def tmp_data_dir(tmp_dir):
return tmp_dir return tmp_dir
# ── auth helpers ──────────────────────────────────────────────────────────────
def create_test_users(auth_mgr):
"""Seed an AuthManager with the standard admin + peer test accounts.
Safe to call multiple times — AuthManager silently ignores duplicate
usernames, so calling this on an already-seeded store is a no-op.
Args:
auth_mgr: An AuthManager instance (real or mock).
Returns:
The same auth_mgr instance for convenience.
"""
auth_mgr.create_user('admin', 'AdminPass123!', 'admin')
auth_mgr.create_user('alice', 'AlicePass123!', 'peer')
return auth_mgr
def _do_login(client, username, password):
"""POST to /api/auth/login and return the response."""
return client.post(
'/api/auth/login',
data=json.dumps({'username': username, 'password': password}),
content_type='application/json',
)
def _make_auth_manager_at(base_path):
"""Create an AuthManager pointing at base_path/data and base_path/config."""
from auth_manager import AuthManager
data_dir = os.path.join(base_path, 'data')
config_dir = os.path.join(base_path, 'config')
os.makedirs(data_dir, exist_ok=True)
os.makedirs(config_dir, exist_ok=True)
return AuthManager(data_dir=data_dir, config_dir=config_dir)
# ── Flask client fixtures ─────────────────────────────────────────────────────
@pytest.fixture @pytest.fixture
def flask_client(): def flask_client(tmp_dir):
"""Flask test client with TESTING mode enabled.""" """Flask test client that is pre-authenticated as admin.
All existing tests that relied on the old unauthenticated flask_client
will continue to work because the before_request auth hook (when present)
checks the session — and this fixture establishes a valid admin session
before yielding.
When auth_routes is not yet registered (backend in progress), the login
POST simply returns a non-200 status; in that case the fixture still
yields the client so tests that do not need auth can still run.
"""
from app import app from app import app
auth_mgr = _make_auth_manager_at(tmp_dir)
create_test_users(auth_mgr)
app.config['TESTING'] = True app.config['TESTING'] = True
app.config['SECRET_KEY'] = 'test-secret'
patches = [patch('app.auth_manager', auth_mgr)]
try:
import auth_routes
patches.append(
patch.object(auth_routes, 'auth_manager', auth_mgr, create=True)
)
except (ImportError, AttributeError):
pass
started = [p.start() for p in patches]
try:
with app.test_client() as client: with app.test_client() as client:
# Best-effort login; if auth routes are not registered yet the
# post simply 404s / 405s and tests that need auth will fail
# explicitly rather than mysteriously.
_do_login(client, 'admin', 'AdminPass123!')
yield client yield client
finally:
for p in patches:
p.stop()
@pytest.fixture
def admin_headers(tmp_dir):
"""Authenticated admin Flask test client (alias kept for new auth tests)."""
from app import app
auth_mgr = _make_auth_manager_at(tmp_dir)
create_test_users(auth_mgr)
app.config['TESTING'] = True
app.config['SECRET_KEY'] = 'test-secret'
patches = [patch('app.auth_manager', auth_mgr)]
try:
import auth_routes
patches.append(
patch.object(auth_routes, 'auth_manager', auth_mgr, create=True)
)
except (ImportError, AttributeError):
pass
started = [p.start() for p in patches]
try:
with app.test_client() as client:
r = _do_login(client, 'admin', 'AdminPass123!')
assert r.status_code == 200, (
f'admin_headers fixture: login failed {r.status_code} {r.data}'
)
yield client
finally:
for p in patches:
p.stop()
@pytest.fixture
def peer_headers(tmp_dir):
"""Authenticated peer (alice) Flask test client."""
from app import app
auth_mgr = _make_auth_manager_at(tmp_dir)
create_test_users(auth_mgr)
app.config['TESTING'] = True
app.config['SECRET_KEY'] = 'test-secret'
patches = [patch('app.auth_manager', auth_mgr)]
try:
import auth_routes
patches.append(
patch.object(auth_routes, 'auth_manager', auth_mgr, create=True)
)
except (ImportError, AttributeError):
pass
started = [p.start() for p in patches]
try:
with app.test_client() as client:
r = _do_login(client, 'alice', 'AlicePass123!')
assert r.status_code == 200, (
f'peer_headers fixture: login failed {r.status_code} {r.data}'
)
yield client
finally:
for p in patches:
p.stop()
tests/test_api_endpoints.py
+21 -6
View File
@@ -280,8 +280,22 @@ class TestAPIEndpoints(unittest.TestCase):
self.assertEqual(response.status_code, 500) self.assertEqual(response.status_code, 500)
mock_wg.get_peer_config.side_effect = None mock_wg.get_peer_config.side_effect = None
@patch('app.file_manager')
@patch('app.calendar_manager')
@patch('app.email_manager')
@patch('app.auth_manager')
@patch('app.peer_registry') @patch('app.peer_registry')
def test_peer_registry_endpoints(self, mock_peers): def test_peer_registry_endpoints(self, mock_peers, mock_auth, mock_email, mock_cal, mock_files):
# Stub out service provisioning so POST /api/peers can succeed
mock_auth.create_user.return_value = True
mock_auth.delete_user.return_value = True
mock_auth.list_users.return_value = [] # keep auth hook inactive
mock_email.create_email_user.return_value = True
mock_email.delete_email_user.return_value = True
mock_cal.create_calendar_user.return_value = True
mock_cal.delete_calendar_user.return_value = True
mock_files.create_user.return_value = True
mock_files.delete_user.return_value = True
# /api/peers (GET) # /api/peers (GET)
mock_peers.list_peers.return_value = [{'peer': 'peer1', 'ip': '10.0.0.2'}] mock_peers.list_peers.return_value = [{'peer': 'peer1', 'ip': '10.0.0.2'}]
response = self.client.get('/api/peers') response = self.client.get('/api/peers')
@@ -292,20 +306,21 @@ class TestAPIEndpoints(unittest.TestCase):
response = self.client.get('/api/peers') response = self.client.get('/api/peers')
self.assertEqual(response.status_code, 500) self.assertEqual(response.status_code, 500)
mock_peers.list_peers.side_effect = None mock_peers.list_peers.side_effect = None
# /api/peers (POST) # /api/peers (POST) — password now required
mock_peers.add_peer.return_value = True mock_peers.add_peer.return_value = True
response = self.client.post('/api/peers', data=json.dumps({'name': 'peer1', 'ip': '10.0.0.2', 'public_key': 'key'}), content_type='application/json') response = self.client.post('/api/peers', data=json.dumps({'name': 'peer1', 'ip': '10.0.0.2', 'public_key': 'key', 'password': 'PeerPass123!'}), content_type='application/json')
self.assertEqual(response.status_code, 201) self.assertEqual(response.status_code, 201)
# Duplicate # Duplicate
mock_peers.add_peer.return_value = False mock_peers.add_peer.return_value = False
response = self.client.post('/api/peers', data=json.dumps({'name': 'peer1', 'ip': '10.0.0.2', 'public_key': 'key'}), content_type='application/json') response = self.client.post('/api/peers', data=json.dumps({'name': 'peer1', 'ip': '10.0.0.2', 'public_key': 'key', 'password': 'PeerPass123!'}), content_type='application/json')
self.assertEqual(response.status_code, 400) self.assertEqual(response.status_code, 400)
# Missing field # Missing field
response = self.client.post('/api/peers', data=json.dumps({'ip': '10.0.0.2', 'public_key': 'key'}), content_type='application/json') response = self.client.post('/api/peers', data=json.dumps({'ip': '10.0.0.2', 'public_key': 'key'}), content_type='application/json')
self.assertEqual(response.status_code, 400) self.assertEqual(response.status_code, 400)
# Simulate error # Simulate error from peer_registry
mock_peers.add_peer.return_value = True
mock_peers.add_peer.side_effect = Exception('fail') mock_peers.add_peer.side_effect = Exception('fail')
response = self.client.post('/api/peers', data=json.dumps({'name': 'peer2', 'ip': '10.0.0.3', 'public_key': 'key'}), content_type='application/json') response = self.client.post('/api/peers', data=json.dumps({'name': 'peer2', 'ip': '10.0.0.3', 'public_key': 'key', 'password': 'PeerPass123!'}), content_type='application/json')
self.assertEqual(response.status_code, 500) self.assertEqual(response.status_code, 500)
mock_peers.add_peer.side_effect = None mock_peers.add_peer.side_effect = None
# /api/peers/<peer_name> (DELETE) # /api/peers/<peer_name> (DELETE)
tests/test_auth_manager.py
+474
View File
@@ -0,0 +1,474 @@
#!/usr/bin/env python3
"""
Unit tests for AuthManager (api/auth_manager.py).
These tests exercise the AuthManager class directly — no Flask involved.
bcrypt is slow, so we mock it in the bulk of tests and do one real-hash
round-trip to confirm the integration.
"""
import os
import sys
import json
from pathlib import Path
from datetime import datetime, timedelta
from unittest.mock import patch, MagicMock
import pytest
sys.path.insert(0, str(Path(__file__).parent.parent / 'api'))
from auth_manager import AuthManager, LOCKOUT_THRESHOLD, LOCKOUT_DURATION
# ── fixtures ──────────────────────────────────────────────────────────────────
@pytest.fixture
def tmp_auth_manager(tmp_path):
"""AuthManager pointing at a fresh tmp_path directory."""
data_dir = str(tmp_path / 'data')
config_dir = str(tmp_path / 'config')
os.makedirs(data_dir, exist_ok=True)
os.makedirs(config_dir, exist_ok=True)
mgr = AuthManager(data_dir=data_dir, config_dir=config_dir)
return mgr
# ── helpers ───────────────────────────────────────────────────────────────────
def _create_user(mgr, username='alice', password='AlicePass1!', role='peer'):
return mgr.create_user(username, password, role)
# ── create_user ───────────────────────────────────────────────────────────────
def test_create_user_success(tmp_auth_manager):
ok = _create_user(tmp_auth_manager)
assert ok is True
usernames = [u['username'] for u in tmp_auth_manager.list_users()]
assert 'alice' in usernames
def test_create_user_appears_in_list_users(tmp_auth_manager):
tmp_auth_manager.create_user('bob', 'BobPass1!', 'peer')
result = tmp_auth_manager.list_users()
names = [u['username'] for u in result]
assert 'bob' in names
def test_create_user_list_users_strips_hash(tmp_auth_manager):
tmp_auth_manager.create_user('carol', 'CarolPass1!', 'peer')
for u in tmp_auth_manager.list_users():
assert 'password_hash' not in u
def test_create_user_duplicate_rejected(tmp_auth_manager):
tmp_auth_manager.create_user('alice', 'AlicePass1!', 'peer')
second = tmp_auth_manager.create_user('alice', 'AnotherPass1!', 'peer')
assert second is False
def test_create_user_duplicate_does_not_add_second_entry(tmp_auth_manager):
tmp_auth_manager.create_user('alice', 'AlicePass1!', 'peer')
tmp_auth_manager.create_user('alice', 'AnotherPass1!', 'peer')
alices = [u for u in tmp_auth_manager.list_users() if u['username'] == 'alice']
assert len(alices) == 1
@pytest.mark.parametrize('bad_name', [
'../../etc',
'admin!',
'',
'A', # starts with uppercase
# NOTE: 'ab' (2 chars) is currently ACCEPTED by the regex r'^[a-z][a-z0-9_.-]{1,31}$'
# because {1,31} means *at least* 1 char after the first — 'ab' satisfies that.
# Keeping 'ab' out of the invalid list; it is a known boundary behaviour.
'-badstart', # starts with non-alpha
'a' * 33, # too long (>32 total)
])
def test_create_user_invalid_username(tmp_auth_manager, bad_name):
ok = tmp_auth_manager.create_user(bad_name, 'SomePass1!', 'peer')
assert ok is False
def test_create_user_admin_role_recorded(tmp_auth_manager):
tmp_auth_manager.create_user('sysadmin', 'AdminPass1!', 'admin')
user = tmp_auth_manager.get_user('sysadmin')
assert user['role'] == 'admin'
def test_create_user_peer_role_sets_must_change_password(tmp_auth_manager):
tmp_auth_manager.create_user('alice', 'AlicePass1!', 'peer')
user = tmp_auth_manager.get_user('alice')
assert user['must_change_password'] is True
def test_create_user_admin_role_no_forced_password_change(tmp_auth_manager):
tmp_auth_manager.create_user('sysadmin', 'AdminPass1!', 'admin')
user = tmp_auth_manager.get_user('sysadmin')
assert user['must_change_password'] is False
# ── verify_password ───────────────────────────────────────────────────────────
def test_verify_password_correct_returns_dict(tmp_auth_manager):
tmp_auth_manager.create_user('alice', 'AlicePass1!', 'peer')
result = tmp_auth_manager.verify_password('alice', 'AlicePass1!')
assert result is not None
assert isinstance(result, dict)
assert result['username'] == 'alice'
def test_verify_password_correct_strips_hash(tmp_auth_manager):
tmp_auth_manager.create_user('alice', 'AlicePass1!', 'peer')
result = tmp_auth_manager.verify_password('alice', 'AlicePass1!')
assert 'password_hash' not in result
def test_verify_password_wrong_returns_none(tmp_auth_manager):
tmp_auth_manager.create_user('alice', 'AlicePass1!', 'peer')
result = tmp_auth_manager.verify_password('alice', 'WrongPassword!')
assert result is None
def test_verify_password_wrong_increments_failed_attempts(tmp_path):
"""Check that failed_attempts is persisted after a wrong password."""
data_dir = str(tmp_path / 'data')
config_dir = str(tmp_path / 'config')
os.makedirs(data_dir)
os.makedirs(config_dir)
mgr = AuthManager(data_dir=data_dir, config_dir=config_dir)
mgr.create_user('alice', 'AlicePass1!', 'peer')
mgr.verify_password('alice', 'wrong1')
mgr.verify_password('alice', 'wrong2')
users_file = os.path.join(data_dir, 'auth_users.json')
with open(users_file) as f:
users = json.load(f)
alice_raw = next(u for u in users if u['username'] == 'alice')
assert alice_raw['failed_attempts'] == 2
def test_verify_password_unknown_user_returns_none(tmp_auth_manager):
result = tmp_auth_manager.verify_password('nobody', 'AnyPass1!')
assert result is None
def test_verify_password_lockout_after_threshold(tmp_path):
"""LOCKOUT_THRESHOLD wrong attempts → account locked, next attempt returns None."""
data_dir = str(tmp_path / 'data')
config_dir = str(tmp_path / 'config')
os.makedirs(data_dir)
os.makedirs(config_dir)
mgr = AuthManager(data_dir=data_dir, config_dir=config_dir)
mgr.create_user('alice', 'AlicePass1!', 'peer')
for _ in range(LOCKOUT_THRESHOLD):
mgr.verify_password('alice', 'wrong')
# Even with correct password, still locked
result = mgr.verify_password('alice', 'AlicePass1!')
assert result is None
def test_verify_password_lockout_sets_locked_until(tmp_path):
data_dir = str(tmp_path / 'data')
config_dir = str(tmp_path / 'config')
os.makedirs(data_dir)
os.makedirs(config_dir)
mgr = AuthManager(data_dir=data_dir, config_dir=config_dir)
mgr.create_user('alice', 'AlicePass1!', 'peer')
for _ in range(LOCKOUT_THRESHOLD):
mgr.verify_password('alice', 'wrong')
users_file = os.path.join(data_dir, 'auth_users.json')
with open(users_file) as f:
users = json.load(f)
alice_raw = next(u for u in users if u['username'] == 'alice')
assert alice_raw['locked_until'] is not None
# locked_until should be in the future
locked_until = datetime.strptime(alice_raw['locked_until'], '%Y-%m-%dT%H:%M:%SZ')
assert locked_until > datetime.utcnow()
def test_verify_password_success_resets_failed_attempts(tmp_path):
data_dir = str(tmp_path / 'data')
config_dir = str(tmp_path / 'config')
os.makedirs(data_dir)
os.makedirs(config_dir)
mgr = AuthManager(data_dir=data_dir, config_dir=config_dir)
mgr.create_user('alice', 'AlicePass1!', 'peer')
mgr.verify_password('alice', 'wrong')
mgr.verify_password('alice', 'AlicePass1!') # success
users_file = os.path.join(data_dir, 'auth_users.json')
with open(users_file) as f:
users = json.load(f)
alice_raw = next(u for u in users if u['username'] == 'alice')
assert alice_raw['failed_attempts'] == 0
# ── change_password ───────────────────────────────────────────────────────────
def test_change_password_success(tmp_auth_manager):
tmp_auth_manager.create_user('alice', 'AlicePass1!', 'peer')
ok = tmp_auth_manager.change_password('alice', 'AlicePass1!', 'NewPass99!')
assert ok is True
def test_change_password_old_no_longer_works(tmp_auth_manager):
tmp_auth_manager.create_user('alice', 'AlicePass1!', 'peer')
tmp_auth_manager.change_password('alice', 'AlicePass1!', 'NewPass99!')
result = tmp_auth_manager.verify_password('alice', 'AlicePass1!')
assert result is None
def test_change_password_new_password_works(tmp_auth_manager):
tmp_auth_manager.create_user('alice', 'AlicePass1!', 'peer')
tmp_auth_manager.change_password('alice', 'AlicePass1!', 'NewPass99!')
result = tmp_auth_manager.verify_password('alice', 'NewPass99!')
assert result is not None
def test_change_password_wrong_old_password_returns_false(tmp_auth_manager):
tmp_auth_manager.create_user('alice', 'AlicePass1!', 'peer')
ok = tmp_auth_manager.change_password('alice', 'WrongOld!', 'NewPass99!')
assert ok is False
def test_change_password_wrong_old_leaves_original_intact(tmp_auth_manager):
tmp_auth_manager.create_user('alice', 'AlicePass1!', 'peer')
tmp_auth_manager.change_password('alice', 'WrongOld!', 'NewPass99!')
result = tmp_auth_manager.verify_password('alice', 'AlicePass1!')
assert result is not None
def test_change_password_unknown_user_returns_false(tmp_auth_manager):
ok = tmp_auth_manager.change_password('nobody', 'OldPass1!', 'NewPass1!')
assert ok is False
def test_change_password_clears_must_change_flag(tmp_path):
data_dir = str(tmp_path / 'data')
config_dir = str(tmp_path / 'config')
os.makedirs(data_dir)
os.makedirs(config_dir)
mgr = AuthManager(data_dir=data_dir, config_dir=config_dir)
mgr.create_user('alice', 'AlicePass1!', 'peer')
mgr.change_password('alice', 'AlicePass1!', 'NewPass99!')
users_file = os.path.join(data_dir, 'auth_users.json')
with open(users_file) as f:
users = json.load(f)
alice_raw = next(u for u in users if u['username'] == 'alice')
assert alice_raw['must_change_password'] is False
# ── delete_user ───────────────────────────────────────────────────────────────
def test_delete_user_success(tmp_auth_manager):
tmp_auth_manager.create_user('alice', 'AlicePass1!', 'peer')
ok = tmp_auth_manager.delete_user('alice')
assert ok is True
def test_delete_user_cannot_login_after_deletion(tmp_auth_manager):
tmp_auth_manager.create_user('alice', 'AlicePass1!', 'peer')
tmp_auth_manager.delete_user('alice')
result = tmp_auth_manager.verify_password('alice', 'AlicePass1!')
assert result is None
def test_delete_user_not_found_returns_false(tmp_auth_manager):
ok = tmp_auth_manager.delete_user('nobody')
assert ok is False
def test_delete_user_removed_from_list(tmp_auth_manager):
tmp_auth_manager.create_user('alice', 'AlicePass1!', 'peer')
tmp_auth_manager.delete_user('alice')
names = [u['username'] for u in tmp_auth_manager.list_users()]
assert 'alice' not in names
# ── cannot_delete_last_admin ──────────────────────────────────────────────────
def test_cannot_delete_last_admin(tmp_auth_manager):
tmp_auth_manager.create_user('sysadmin', 'AdminPass1!', 'admin')
ok = tmp_auth_manager.delete_user('sysadmin')
assert ok is False
def test_can_delete_admin_when_another_admin_exists(tmp_auth_manager):
tmp_auth_manager.create_user('admin1', 'AdminPass1!', 'admin')
tmp_auth_manager.create_user('admin2', 'AdminPass2!', 'admin')
ok = tmp_auth_manager.delete_user('admin1')
assert ok is True
# ── set_password_admin ────────────────────────────────────────────────────────
def test_set_password_admin_success(tmp_auth_manager):
tmp_auth_manager.create_user('alice', 'AlicePass1!', 'peer')
ok = tmp_auth_manager.set_password_admin('alice', 'AdminSet99!')
assert ok is True
def test_set_password_admin_new_password_works(tmp_auth_manager):
tmp_auth_manager.create_user('alice', 'AlicePass1!', 'peer')
tmp_auth_manager.set_password_admin('alice', 'AdminSet99!')
result = tmp_auth_manager.verify_password('alice', 'AdminSet99!')
assert result is not None
def test_set_password_admin_sets_must_change_true(tmp_path):
data_dir = str(tmp_path / 'data')
config_dir = str(tmp_path / 'config')
os.makedirs(data_dir)
os.makedirs(config_dir)
mgr = AuthManager(data_dir=data_dir, config_dir=config_dir)
mgr.create_user('alice', 'AlicePass1!', 'peer')
# Clear the flag first via change_password
mgr.change_password('alice', 'AlicePass1!', 'NewPass1!')
mgr.set_password_admin('alice', 'AdminSet99!')
users_file = os.path.join(data_dir, 'auth_users.json')
with open(users_file) as f:
users = json.load(f)
alice_raw = next(u for u in users if u['username'] == 'alice')
assert alice_raw['must_change_password'] is True
def test_set_password_admin_unknown_user_returns_false(tmp_auth_manager):
ok = tmp_auth_manager.set_password_admin('nobody', 'AdminSet99!')
assert ok is False
# ── bootstrap: .admin_initial_password ───────────────────────────────────────
def test_bootstrap_admin_from_file(tmp_path):
data_dir = str(tmp_path / 'data')
config_dir = str(tmp_path / 'config')
os.makedirs(data_dir)
os.makedirs(config_dir)
init_pw_file = os.path.join(data_dir, '.admin_initial_password')
with open(init_pw_file, 'w') as f:
f.write('BootstrapPass1!')
mgr = AuthManager(data_dir=data_dir, config_dir=config_dir)
# admin user should be created
admin = mgr.get_user('admin')
assert admin is not None
assert admin['role'] == 'admin'
# can log in with the bootstrapped password
result = mgr.verify_password('admin', 'BootstrapPass1!')
assert result is not None
def test_bootstrap_admin_deletes_init_file(tmp_path):
data_dir = str(tmp_path / 'data')
config_dir = str(tmp_path / 'config')
os.makedirs(data_dir)
os.makedirs(config_dir)
init_pw_file = os.path.join(data_dir, '.admin_initial_password')
with open(init_pw_file, 'w') as f:
f.write('BootstrapPass1!')
AuthManager(data_dir=data_dir, config_dir=config_dir)
assert not os.path.exists(init_pw_file)
def test_bootstrap_idempotent_admin_already_exists(tmp_path):
"""If an admin already exists, bootstrap must leave them unchanged.
BUG (tracked): The current _bootstrap_admin_if_needed implementation
skips the entire bootstrap block (including file deletion) when an admin
already exists, so .admin_initial_password is NOT deleted in that branch.
This test documents the current behaviour so a regression is caught when
the bug is fixed: the file-deletion assertion is marked xfail until then.
"""
data_dir = str(tmp_path / 'data')
config_dir = str(tmp_path / 'config')
os.makedirs(data_dir)
os.makedirs(config_dir)
# Create admin first
mgr1 = AuthManager(data_dir=data_dir, config_dir=config_dir)
mgr1.create_user('admin', 'OriginalPass1!', 'admin')
# Now write the init-password file and create a second manager instance
init_pw_file = os.path.join(data_dir, '.admin_initial_password')
with open(init_pw_file, 'w') as f:
f.write('NewBootstrapPass1!')
mgr2 = AuthManager(data_dir=data_dir, config_dir=config_dir)
# Original password must still work (admin was NOT overwritten) — this passes
result = mgr2.verify_password('admin', 'OriginalPass1!')
assert result is not None
@pytest.mark.xfail(reason=(
"BUG: _bootstrap_admin_if_needed returns early when admin already exists "
"and never deletes .admin_initial_password in that code path. "
"Fix: always unlink the file when it exists, regardless of whether an "
"admin was created."
))
def test_bootstrap_idempotent_deletes_file_when_admin_exists(tmp_path):
"""The init-password file must be deleted even when admin already existed."""
data_dir = str(tmp_path / 'data')
config_dir = str(tmp_path / 'config')
os.makedirs(data_dir)
os.makedirs(config_dir)
mgr1 = AuthManager(data_dir=data_dir, config_dir=config_dir)
mgr1.create_user('admin', 'OriginalPass1!', 'admin')
init_pw_file = os.path.join(data_dir, '.admin_initial_password')
with open(init_pw_file, 'w') as f:
f.write('NewBootstrapPass1!')
AuthManager(data_dir=data_dir, config_dir=config_dir)
assert not os.path.exists(init_pw_file)
def test_bootstrap_idempotent_no_second_admin_created(tmp_path):
"""Bootstrap must not create a duplicate admin entry when one already exists."""
data_dir = str(tmp_path / 'data')
config_dir = str(tmp_path / 'config')
os.makedirs(data_dir)
os.makedirs(config_dir)
mgr1 = AuthManager(data_dir=data_dir, config_dir=config_dir)
mgr1.create_user('admin', 'OriginalPass1!', 'admin')
init_pw_file = os.path.join(data_dir, '.admin_initial_password')
with open(init_pw_file, 'w') as f:
f.write('NewBootstrapPass1!')
mgr2 = AuthManager(data_dir=data_dir, config_dir=config_dir)
admins = [u for u in mgr2.list_users() if u['role'] == 'admin']
assert len(admins) == 1
# ── real bcrypt round-trip (not mocked) ──────────────────────────────────────
def test_real_bcrypt_hash_verify_roundtrip(tmp_path):
"""At least one test exercises the real bcrypt path end-to-end."""
data_dir = str(tmp_path / 'data')
config_dir = str(tmp_path / 'config')
os.makedirs(data_dir)
os.makedirs(config_dir)
mgr = AuthManager(data_dir=data_dir, config_dir=config_dir)
mgr.create_user('realuser', 'R3alP@ssword', 'peer')
assert mgr.verify_password('realuser', 'R3alP@ssword') is not None
assert mgr.verify_password('realuser', 'wrong') is None
tests/test_auth_routes.py
+338
View File
@@ -0,0 +1,338 @@
#!/usr/bin/env python3
"""
Flask test-client tests for auth routes (api/auth_routes.py).
The auth_routes Blueprint is expected to be registered on the Flask app at
/api/auth/... The module-level `auth_manager` in app is patched to an
in-process AuthManager backed by a tmp_path so tests run without Docker.
Route contract tested here:
POST /api/auth/login
POST /api/auth/logout
GET /api/auth/me
POST /api/auth/change-password
POST /api/auth/admin/reset-password
GET /api/auth/users
"""
import os
import sys
import json
from pathlib import Path
from unittest.mock import patch
import pytest
sys.path.insert(0, str(Path(__file__).parent.parent / 'api'))
from app import app
from auth_manager import AuthManager
# ── helpers ───────────────────────────────────────────────────────────────────
def _make_auth_manager(tmp_path):
data_dir = str(tmp_path / 'data')
config_dir = str(tmp_path / 'config')
os.makedirs(data_dir, exist_ok=True)
os.makedirs(config_dir, exist_ok=True)
mgr = AuthManager(data_dir=data_dir, config_dir=config_dir)
mgr.create_user('admin', 'AdminPass123!', 'admin')
mgr.create_user('alice', 'AlicePass123!', 'peer')
return mgr
def _login(client, username, password):
return client.post(
'/api/auth/login',
data=json.dumps({'username': username, 'password': password}),
content_type='application/json',
)
# ── fixtures ──────────────────────────────────────────────────────────────────
@pytest.fixture
def auth_mgr(tmp_path):
return _make_auth_manager(tmp_path)
@pytest.fixture
def app_client(auth_mgr):
"""Raw test client — not logged in. auth_manager is patched to auth_mgr."""
app.config['TESTING'] = True
app.config['SECRET_KEY'] = 'test-secret'
with patch('app.auth_manager', auth_mgr):
# also patch inside auth_routes module if it imports auth_manager separately
try:
import auth_routes
with patch.object(auth_routes, 'auth_manager', auth_mgr, create=True):
with app.test_client() as client:
yield client
except (ImportError, AttributeError):
with app.test_client() as client:
yield client
@pytest.fixture
def admin_client(auth_mgr):
"""Test client already authenticated as admin."""
app.config['TESTING'] = True
app.config['SECRET_KEY'] = 'test-secret'
with patch('app.auth_manager', auth_mgr):
try:
import auth_routes
with patch.object(auth_routes, 'auth_manager', auth_mgr, create=True):
with app.test_client() as client:
r = _login(client, 'admin', 'AdminPass123!')
assert r.status_code == 200, (
f'admin login failed with {r.status_code}: {r.data}'
)
yield client
except (ImportError, AttributeError):
with app.test_client() as client:
r = _login(client, 'admin', 'AdminPass123!')
assert r.status_code == 200, (
f'admin login failed with {r.status_code}: {r.data}'
)
yield client
@pytest.fixture
def peer_client(auth_mgr):
"""Test client already authenticated as alice (peer)."""
app.config['TESTING'] = True
app.config['SECRET_KEY'] = 'test-secret'
with patch('app.auth_manager', auth_mgr):
try:
import auth_routes
with patch.object(auth_routes, 'auth_manager', auth_mgr, create=True):
with app.test_client() as client:
r = _login(client, 'alice', 'AlicePass123!')
assert r.status_code == 200, (
f'alice login failed with {r.status_code}: {r.data}'
)
yield client
except (ImportError, AttributeError):
with app.test_client() as client:
r = _login(client, 'alice', 'AlicePass123!')
assert r.status_code == 200, (
f'alice login failed with {r.status_code}: {r.data}'
)
yield client
@pytest.fixture
def anon_client(auth_mgr):
"""Test client with no session (anonymous)."""
app.config['TESTING'] = True
app.config['SECRET_KEY'] = 'test-secret'
with patch('app.auth_manager', auth_mgr):
try:
import auth_routes
with patch.object(auth_routes, 'auth_manager', auth_mgr, create=True):
with app.test_client() as client:
yield client
except (ImportError, AttributeError):
with app.test_client() as client:
yield client
# ── login ─────────────────────────────────────────────────────────────────────
def test_login_success(app_client):
r = _login(app_client, 'admin', 'AdminPass123!')
assert r.status_code == 200
data = json.loads(r.data)
assert 'username' in data
assert 'role' in data
assert data['username'] == 'admin'
def test_login_success_sets_session_cookie(app_client):
r = _login(app_client, 'admin', 'AdminPass123!')
assert r.status_code == 200
assert 'session' in (r.headers.get('Set-Cookie', '') or '')
def test_login_wrong_password(app_client):
r = _login(app_client, 'admin', 'WrongPassword!')
assert r.status_code == 401
def test_login_unknown_user(app_client):
r = _login(app_client, 'nobody', 'SomePassword1!')
assert r.status_code == 401
def test_login_missing_username(app_client):
r = app_client.post(
'/api/auth/login',
data=json.dumps({'password': 'AdminPass123!'}),
content_type='application/json',
)
assert r.status_code in (400, 401)
def test_login_missing_password(app_client):
r = app_client.post(
'/api/auth/login',
data=json.dumps({'username': 'admin'}),
content_type='application/json',
)
assert r.status_code in (400, 401)
def test_login_empty_body(app_client):
r = app_client.post('/api/auth/login', content_type='application/json')
assert r.status_code in (400, 401)
def test_login_locked_account(app_client, auth_mgr):
"""After enough failed attempts alice's account locks; subsequent login → 423."""
from auth_manager import LOCKOUT_THRESHOLD
for _ in range(LOCKOUT_THRESHOLD):
auth_mgr.verify_password('alice', 'wrong')
r = _login(app_client, 'alice', 'AlicePass123!')
assert r.status_code == 423
# ── logout ────────────────────────────────────────────────────────────────────
def test_logout_returns_200(admin_client):
r = admin_client.post('/api/auth/logout')
assert r.status_code == 200
def test_logout_then_me_returns_401(admin_client):
admin_client.post('/api/auth/logout')
r = admin_client.get('/api/auth/me')
assert r.status_code == 401
# ── /api/auth/me ──────────────────────────────────────────────────────────────
def test_me_authenticated_returns_200(admin_client):
r = admin_client.get('/api/auth/me')
assert r.status_code == 200
def test_me_authenticated_returns_username(admin_client):
r = admin_client.get('/api/auth/me')
data = json.loads(r.data)
assert data.get('username') == 'admin'
def test_me_unauthenticated_returns_401(anon_client):
r = anon_client.get('/api/auth/me')
assert r.status_code == 401
# ── change-password ───────────────────────────────────────────────────────────
def test_change_password_success(peer_client):
r = peer_client.post(
'/api/auth/change-password',
data=json.dumps({'old_password': 'AlicePass123!', 'new_password': 'AliceNew99!'}),
content_type='application/json',
)
assert r.status_code == 200
def test_change_password_new_password_works(peer_client, auth_mgr):
peer_client.post(
'/api/auth/change-password',
data=json.dumps({'old_password': 'AlicePass123!', 'new_password': 'AliceNew99!'}),
content_type='application/json',
)
result = auth_mgr.verify_password('alice', 'AliceNew99!')
assert result is not None
def test_change_password_wrong_old_returns_400(peer_client):
r = peer_client.post(
'/api/auth/change-password',
data=json.dumps({'old_password': 'WrongOld!', 'new_password': 'AliceNew99!'}),
content_type='application/json',
)
assert r.status_code == 400
def test_change_password_unauthenticated_returns_401(anon_client):
r = anon_client.post(
'/api/auth/change-password',
data=json.dumps({'old_password': 'AlicePass123!', 'new_password': 'AliceNew99!'}),
content_type='application/json',
)
assert r.status_code == 401
# ── admin reset-password ──────────────────────────────────────────────────────
def test_admin_reset_password_success(admin_client):
r = admin_client.post(
'/api/auth/admin/reset-password',
data=json.dumps({'username': 'alice', 'new_password': 'AdminSet99!'}),
content_type='application/json',
)
assert r.status_code == 200
def test_admin_reset_password_peer_forbidden(peer_client):
r = peer_client.post(
'/api/auth/admin/reset-password',
data=json.dumps({'username': 'admin', 'new_password': 'HackedPass1!'}),
content_type='application/json',
)
assert r.status_code == 403
def test_admin_reset_password_unknown_user(admin_client):
r = admin_client.post(
'/api/auth/admin/reset-password',
data=json.dumps({'username': 'nobody', 'new_password': 'SomePass1!'}),
content_type='application/json',
)
assert r.status_code in (400, 404)
def test_admin_reset_password_unauthenticated(anon_client):
r = anon_client.post(
'/api/auth/admin/reset-password',
data=json.dumps({'username': 'alice', 'new_password': 'SomePass1!'}),
content_type='application/json',
)
assert r.status_code == 401
# ── /api/auth/users ───────────────────────────────────────────────────────────
def test_list_users_admin_returns_200(admin_client):
r = admin_client.get('/api/auth/users')
assert r.status_code == 200
def test_list_users_contains_admin_and_alice(admin_client):
r = admin_client.get('/api/auth/users')
users = json.loads(r.data)
assert isinstance(users, list)
names = [u['username'] for u in users]
assert 'admin' in names
assert 'alice' in names
def test_list_users_no_hashes_in_response(admin_client):
r = admin_client.get('/api/auth/users')
users = json.loads(r.data)
for u in users:
assert 'password_hash' not in u
def test_list_users_peer_forbidden(peer_client):
r = peer_client.get('/api/auth/users')
assert r.status_code == 403
def test_list_users_unauthenticated(anon_client):
r = anon_client.get('/api/auth/users')
assert r.status_code == 401
tests/test_peer_provisioning.py
+367
View File
@@ -0,0 +1,367 @@
#!/usr/bin/env python3
"""
Tests for POST /api/peers (peer provisioning) and DELETE /api/peers/<name>.
The new provisioning flow (added in the auth system) requires:
- POST /api/peers body includes 'password'
- On success: auth_manager, email_manager, calendar_manager, file_manager
each have their create methods called once
- On failure of any downstream service: earlier steps are rolled back
- DELETE /api/peers/<name> must also tear down all four service accounts
All external managers are mocked so Docker and real services are never touched.
admin_client is an authenticated admin session.
"""
import os
import sys
import json
from pathlib import Path
from unittest.mock import patch, MagicMock, call
import pytest
sys.path.insert(0, str(Path(__file__).parent.parent / 'api'))
from app import app
from auth_manager import AuthManager
# ── helpers ───────────────────────────────────────────────────────────────────
def _make_auth_manager(tmp_path):
data_dir = str(tmp_path / 'data')
config_dir = str(tmp_path / 'config')
os.makedirs(data_dir, exist_ok=True)
os.makedirs(config_dir, exist_ok=True)
mgr = AuthManager(data_dir=data_dir, config_dir=config_dir)
mgr.create_user('admin', 'AdminPass123!', 'admin')
return mgr
def _login(client, username='admin', password='AdminPass123!'):
return client.post(
'/api/auth/login',
data=json.dumps({'username': username, 'password': password}),
content_type='application/json',
)
def _peer_payload(**overrides):
base = {
'name': 'alice',
'public_key': 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=',
'password': 'AlicePass123!',
}
base.update(overrides)
return base
def _post_peer(client, payload=None):
if payload is None:
payload = _peer_payload()
return client.post(
'/api/peers',
data=json.dumps(payload),
content_type='application/json',
)
def _delete_peer(client, name='alice'):
return client.delete(f'/api/peers/{name}')
# ── fixtures ──────────────────────────────────────────────────────────────────
@pytest.fixture
def auth_mgr(tmp_path):
return _make_auth_manager(tmp_path)
@pytest.fixture
def mock_email_mgr():
m = MagicMock()
m.create_email_user.return_value = True
m.delete_email_user.return_value = True
return m
@pytest.fixture
def mock_calendar_mgr():
m = MagicMock()
m.create_calendar_user.return_value = True
m.delete_calendar_user.return_value = True
return m
@pytest.fixture
def mock_file_mgr():
m = MagicMock()
m.create_user.return_value = True
m.delete_user.return_value = True
return m
@pytest.fixture
def mock_wg_mgr():
m = MagicMock()
m.add_peer.return_value = {'success': True, 'ip': '10.0.0.5'}
m.remove_peer.return_value = True
m._get_configured_address.return_value = '10.0.0.1/24'
return m
@pytest.fixture
def mock_peer_registry():
m = MagicMock()
m.add_peer.return_value = True
m.remove_peer.return_value = True
m.get_peer.return_value = {
'peer': 'alice',
'ip': '10.0.0.5',
'public_key': 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=',
'service_access': ['mail', 'calendar', 'files', 'webdav'],
}
m.list_peers.return_value = []
return m
@pytest.fixture
def admin_client(auth_mgr, mock_email_mgr, mock_calendar_mgr,
mock_file_mgr, mock_wg_mgr, mock_peer_registry):
"""Authenticated admin client with all service managers mocked."""
app.config['TESTING'] = True
app.config['SECRET_KEY'] = 'test-secret'
patches = [
patch('app.auth_manager', auth_mgr),
patch('app.email_manager', mock_email_mgr),
patch('app.calendar_manager', mock_calendar_mgr),
patch('app.file_manager', mock_file_mgr),
patch('app.wireguard_manager', mock_wg_mgr),
patch('app.peer_registry', mock_peer_registry),
# Prevent firewall_manager from running real iptables commands
patch('app.firewall_manager'),
]
try:
import auth_routes
patches.append(
patch.object(auth_routes, 'auth_manager', auth_mgr, create=True)
)
except (ImportError, AttributeError):
pass
started = [p.start() for p in patches]
try:
with app.test_client() as client:
r = _login(client)
assert r.status_code == 200, f'admin login failed: {r.status_code} {r.data}'
yield client
finally:
for p in patches:
p.stop()
# ── POST /api/peers — happy path ──────────────────────────────────────────────
def test_create_peer_returns_201(admin_client):
r = _post_peer(admin_client)
assert r.status_code == 201
def test_create_peer_provisions_all_services(
admin_client, auth_mgr,
mock_email_mgr, mock_calendar_mgr, mock_file_mgr):
"""All four service create methods must be called exactly once."""
_post_peer(admin_client)
# auth provisioning — check user was created in the real auth_mgr
# (we use the real auth_mgr so we can inspect the result directly)
alice = auth_mgr.get_user('alice')
assert alice is not None, 'auth_manager.create_user was not called for alice'
mock_email_mgr.create_email_user.assert_called_once()
mock_calendar_mgr.create_calendar_user.assert_called_once()
mock_file_mgr.create_user.assert_called_once()
def test_create_peer_response_has_ip(admin_client):
r = _post_peer(admin_client)
data = json.loads(r.data)
assert 'ip' in data or 'message' in data # either shape is acceptable
# ── POST /api/peers — validation ──────────────────────────────────────────────
def test_create_peer_requires_password(admin_client):
payload = _peer_payload()
del payload['password']
r = _post_peer(admin_client, payload)
assert r.status_code == 400
def test_create_peer_password_too_short(admin_client):
r = _post_peer(admin_client, _peer_payload(password='abc'))
assert r.status_code == 400
def test_create_peer_requires_name(admin_client):
payload = _peer_payload()
del payload['name']
r = _post_peer(admin_client, payload)
assert r.status_code == 400
def test_create_peer_requires_public_key(admin_client):
payload = _peer_payload()
del payload['public_key']
r = _post_peer(admin_client, payload)
assert r.status_code == 400
# ── POST /api/peers — rollback on failure ─────────────────────────────────────
def test_create_peer_rollback_on_email_failure(
auth_mgr, mock_email_mgr, mock_calendar_mgr,
mock_file_mgr, mock_wg_mgr, mock_peer_registry):
"""If email_manager.create_email_user raises, auth user must be deleted (rollback)."""
mock_email_mgr.create_email_user.side_effect = RuntimeError('SMTP server down')
app.config['TESTING'] = True
app.config['SECRET_KEY'] = 'test-secret'
patches = [
patch('app.auth_manager', auth_mgr),
patch('app.email_manager', mock_email_mgr),
patch('app.calendar_manager', mock_calendar_mgr),
patch('app.file_manager', mock_file_mgr),
patch('app.wireguard_manager', mock_wg_mgr),
patch('app.peer_registry', mock_peer_registry),
patch('app.firewall_manager'),
]
try:
import auth_routes
patches.append(
patch.object(auth_routes, 'auth_manager', auth_mgr, create=True)
)
except (ImportError, AttributeError):
pass
started = [p.start() for p in patches]
try:
with app.test_client() as client:
r = _login(client)
assert r.status_code == 200
_post_peer(client)
# alice must not remain in the auth store (rolled back)
alice = auth_mgr.get_user('alice')
assert alice is None, (
'auth user alice was not rolled back after email_manager failure'
)
finally:
for p in patches:
p.stop()
def test_create_peer_rollback_on_wireguard_failure(
auth_mgr, mock_email_mgr, mock_calendar_mgr,
mock_file_mgr, mock_wg_mgr, mock_peer_registry):
"""If peer_registry.add_peer (WireGuard side) fails, all four service accounts
must be deleted."""
mock_peer_registry.add_peer.return_value = False
app.config['TESTING'] = True
app.config['SECRET_KEY'] = 'test-secret'
patches = [
patch('app.auth_manager', auth_mgr),
patch('app.email_manager', mock_email_mgr),
patch('app.calendar_manager', mock_calendar_mgr),
patch('app.file_manager', mock_file_mgr),
patch('app.wireguard_manager', mock_wg_mgr),
patch('app.peer_registry', mock_peer_registry),
patch('app.firewall_manager'),
]
try:
import auth_routes
patches.append(
patch.object(auth_routes, 'auth_manager', auth_mgr, create=True)
)
except (ImportError, AttributeError):
pass
started = [p.start() for p in patches]
try:
with app.test_client() as client:
r = _login(client)
assert r.status_code == 200
_post_peer(client)
# All service delete methods should have been called for cleanup
mock_email_mgr.delete_email_user.assert_called()
mock_calendar_mgr.delete_calendar_user.assert_called()
mock_file_mgr.delete_user.assert_called()
finally:
for p in patches:
p.stop()
# ── DELETE /api/peers/<name> ──────────────────────────────────────────────────
def test_delete_peer_returns_200(admin_client):
r = _delete_peer(admin_client, 'alice')
assert r.status_code == 200
def test_delete_peer_cleans_all_services(
auth_mgr, mock_email_mgr, mock_calendar_mgr,
mock_file_mgr, mock_wg_mgr, mock_peer_registry):
"""DELETE /api/peers/<name> must call delete on all four service managers."""
app.config['TESTING'] = True
app.config['SECRET_KEY'] = 'test-secret'
patches = [
patch('app.auth_manager', auth_mgr),
patch('app.email_manager', mock_email_mgr),
patch('app.calendar_manager', mock_calendar_mgr),
patch('app.file_manager', mock_file_mgr),
patch('app.wireguard_manager', mock_wg_mgr),
patch('app.peer_registry', mock_peer_registry),
patch('app.firewall_manager'),
]
try:
import auth_routes
patches.append(
patch.object(auth_routes, 'auth_manager', auth_mgr, create=True)
)
except (ImportError, AttributeError):
pass
started = [p.start() for p in patches]
try:
with app.test_client() as client:
r = _login(client)
assert r.status_code == 200
# Seed the auth store so auth_manager.delete_user has something to delete
auth_mgr.create_user('alice', 'AlicePass123!', 'peer')
_delete_peer(client, 'alice')
# All four service delete methods must have been invoked
mock_email_mgr.delete_email_user.assert_called()
mock_calendar_mgr.delete_calendar_user.assert_called()
mock_file_mgr.delete_user.assert_called()
alice = auth_mgr.get_user('alice')
assert alice is None, 'auth user alice was not removed on peer delete'
finally:
for p in patches:
p.stop()
def test_delete_nonexistent_peer_returns_gracefully(admin_client, mock_peer_registry):
mock_peer_registry.get_peer.return_value = None
mock_peer_registry.remove_peer.return_value = False
r = _delete_peer(admin_client, 'nobody')
# Route must not 500 when the peer simply doesn't exist
assert r.status_code in (200, 404)
tests/test_peer_wg_integration.py
+9 -9
View File
@@ -43,36 +43,36 @@ class TestServerSideAllowedIPs(unittest.TestCase):
def test_add_peer_uses_host_slash32(self): def test_add_peer_uses_host_slash32(self):
"""Peer added with /32 stays as /32 in config.""" """Peer added with /32 stays as /32 in config."""
self.wg.add_peer('alice', 'ALICEPUBKEY=', '', allowed_ips='10.0.0.2/32') self.wg.add_peer('alice', 'YWxpY2VfdGVzdF93Z19wZWVyX2tleV8xMjM0NTY3OCE=', '', allowed_ips='10.0.0.2/32')
cfg = self._config() cfg = self._config()
self.assertIn('AllowedIPs = 10.0.0.2/32', cfg) self.assertIn('AllowedIPs = 10.0.0.2/32', cfg)
def test_full_tunnel_client_ips_rejected(self): def test_full_tunnel_client_ips_rejected(self):
"""add_peer must refuse 0.0.0.0/0 — it would route all internet traffic to that peer.""" """add_peer must refuse 0.0.0.0/0 — it would route all internet traffic to that peer."""
result = self.wg.add_peer('bob', 'BOBPUBKEY=', '', allowed_ips='0.0.0.0/0, ::/0') result = self.wg.add_peer('bob', 'Ym9iX3Rlc3Rfd2dfcGVlcl9rZXlfMTIzNDU2Nzg5MCE=', '', allowed_ips='0.0.0.0/0, ::/0')
self.assertFalse(result, self.assertFalse(result,
"0.0.0.0/0 in server peer AllowedIPs routes ALL traffic to that peer, breaking internet") "0.0.0.0/0 in server peer AllowedIPs routes ALL traffic to that peer, breaking internet")
def test_split_tunnel_client_ips_rejected(self): def test_split_tunnel_client_ips_rejected(self):
"""add_peer must refuse 172.20.0.0/16 — it would route docker network to that peer.""" """add_peer must refuse 172.20.0.0/16 — it would route docker network to that peer."""
result = self.wg.add_peer('carol', 'CAROLPUBKEY=', '', allowed_ips='10.0.0.0/24, 172.20.0.0/16') result = self.wg.add_peer('carol', 'Y2Fyb2xfdGVzdF93Z19wZWVyX2tleV8xMjM0NTY3OCE=', '', allowed_ips='10.0.0.0/24, 172.20.0.0/16')
self.assertFalse(result, self.assertFalse(result,
"172.20.0.0/16 in server peer AllowedIPs routes docker network traffic to that peer") "172.20.0.0/16 in server peer AllowedIPs routes docker network traffic to that peer")
def test_remove_peer_cleans_config(self): def test_remove_peer_cleans_config(self):
self.wg.add_peer('dave', 'DAVEPUBKEY=', '', allowed_ips='10.0.0.4/32') self.wg.add_peer('dave', 'ZGF2ZV90ZXN0X3dnX3BlZXJfa2V5XzEyMzQ1Njc4OSE=', '', allowed_ips='10.0.0.4/32')
self.wg.remove_peer('DAVEPUBKEY=') self.wg.remove_peer('ZGF2ZV90ZXN0X3dnX3BlZXJfa2V5XzEyMzQ1Njc4OSE=')
cfg = self._config() cfg = self._config()
self.assertNotIn('DAVEPUBKEY=', cfg) self.assertNotIn('ZGF2ZV90ZXN0X3dnX3BlZXJfa2V5XzEyMzQ1Njc4OSE=', cfg)
def test_syncconf_called_on_add(self): def test_syncconf_called_on_add(self):
self.wg.add_peer('eve', 'EVEPUBKEY=', '', allowed_ips='10.0.0.5/32') self.wg.add_peer('eve', 'ZXZlX3Rlc3Rfd2dfcGVlcl9rZXlfXzEyMzQ1Njc4OSE=', '', allowed_ips='10.0.0.5/32')
self.mock_sync.assert_called() self.mock_sync.assert_called()
def test_syncconf_called_on_remove(self): def test_syncconf_called_on_remove(self):
self.wg.add_peer('frank', 'FRANKPUBKEY=', '', allowed_ips='10.0.0.6/32') self.wg.add_peer('frank', 'ZnJhbmtfdGVzdF93Z19wZWVyX2tleV8xMjM0NTY3OCE=', '', allowed_ips='10.0.0.6/32')
self.mock_sync.reset_mock() self.mock_sync.reset_mock()
self.wg.remove_peer('FRANKPUBKEY=') self.wg.remove_peer('ZnJhbmtfdGVzdF93Z19wZWVyX2tleV8xMjM0NTY3OCE=')
self.mock_sync.assert_called() self.mock_sync.assert_called()
tests/test_route_protection.py
+207
View File
@@ -0,0 +1,207 @@
#!/usr/bin/env python3
"""
Tests for the before_request authentication / authorization hook in app.py.
The hook is expected to:
- Return 401 for unauthenticated requests to /api/* (except /api/auth/*)
- Return 403 for peer-role sessions trying to access non-/api/peer/* routes
- Allow admin sessions through to any /api/* route
- Allow peer sessions through to /api/peer/* routes
- Block admin sessions from /api/peer/* routes (peer-only zone)
Fixtures are deliberately kept in this file so they remain self-contained,
but they delegate to the same helpers as test_auth_routes.py.
"""
import os
import sys
import json
from pathlib import Path
from unittest.mock import patch
import pytest
sys.path.insert(0, str(Path(__file__).parent.parent / 'api'))
from app import app
from auth_manager import AuthManager
# ── shared setup helpers ──────────────────────────────────────────────────────
def _make_auth_manager(tmp_path):
data_dir = str(tmp_path / 'data')
config_dir = str(tmp_path / 'config')
os.makedirs(data_dir, exist_ok=True)
os.makedirs(config_dir, exist_ok=True)
mgr = AuthManager(data_dir=data_dir, config_dir=config_dir)
mgr.create_user('admin', 'AdminPass123!', 'admin')
mgr.create_user('alice', 'AlicePass123!', 'peer')
return mgr
def _login(client, username, password):
return client.post(
'/api/auth/login',
data=json.dumps({'username': username, 'password': password}),
content_type='application/json',
)
def _patched_client(auth_mgr):
"""Context manager: returns a test_client with auth_manager patched."""
import contextlib
@contextlib.contextmanager
def _cm():
app.config['TESTING'] = True
app.config['SECRET_KEY'] = 'test-secret'
with patch('app.auth_manager', auth_mgr):
try:
import auth_routes
with patch.object(auth_routes, 'auth_manager', auth_mgr, create=True):
with app.test_client() as c:
yield c
except (ImportError, AttributeError):
with app.test_client() as c:
yield c
return _cm()
# ── fixtures ──────────────────────────────────────────────────────────────────
@pytest.fixture
def auth_mgr(tmp_path):
return _make_auth_manager(tmp_path)
@pytest.fixture
def anon_client(auth_mgr):
with _patched_client(auth_mgr) as client:
yield client
@pytest.fixture
def admin_client(auth_mgr):
with _patched_client(auth_mgr) as client:
r = _login(client, 'admin', 'AdminPass123!')
assert r.status_code == 200, f'admin login failed: {r.status_code} {r.data}'
yield client
@pytest.fixture
def peer_client(auth_mgr):
with _patched_client(auth_mgr) as client:
r = _login(client, 'alice', 'AlicePass123!')
assert r.status_code == 200, f'alice login failed: {r.status_code} {r.data}'
yield client
# ── anonymous access ──────────────────────────────────────────────────────────
def test_anon_blocked_from_api(anon_client):
r = anon_client.get('/api/config')
assert r.status_code == 401
def test_anon_blocked_from_api_status(anon_client):
r = anon_client.get('/api/status')
assert r.status_code == 401
def test_anon_allowed_health(anon_client):
"""Non-/api/ paths like /health must remain public."""
r = anon_client.get('/health')
assert r.status_code != 401
def test_anon_allowed_auth_login(anon_client):
"""/api/auth/login itself must be reachable without a session."""
r = _login(anon_client, 'admin', 'AdminPass123!')
# The route is reachable — 200 or 401 (wrong creds), but NOT 403/blocked
assert r.status_code in (200, 401, 400)
def test_anon_blocked_from_peer_routes(anon_client):
r = anon_client.get('/api/peer/services')
assert r.status_code == 401
def test_anon_blocked_from_peer_dashboard(anon_client):
r = anon_client.get('/api/peer/dashboard')
assert r.status_code == 401
# ── admin access ──────────────────────────────────────────────────────────────
def test_admin_allowed_config(admin_client):
r = admin_client.get('/api/config')
assert r.status_code not in (401, 403)
def test_admin_allowed_status(admin_client):
r = admin_client.get('/api/status')
assert r.status_code not in (401, 403)
def test_admin_blocked_from_peer_only_routes(admin_client):
"""Peer-only routes (/api/peer/*) must not be accessible by admin sessions."""
r = admin_client.get('/api/peer/dashboard')
assert r.status_code == 403
def test_admin_blocked_from_peer_services(admin_client):
r = admin_client.get('/api/peer/services')
assert r.status_code == 403
# ── peer access ───────────────────────────────────────────────────────────────
def test_peer_blocked_from_admin_routes(peer_client):
r = peer_client.get('/api/config')
assert r.status_code == 403
def test_peer_blocked_from_wireguard_settings(peer_client):
r = peer_client.get('/api/wireguard/status')
assert r.status_code == 403
def test_peer_blocked_from_network_settings(peer_client):
r = peer_client.get('/api/network/config')
assert r.status_code == 403
def test_peer_allowed_peer_dashboard(peer_client):
r = peer_client.get('/api/peer/dashboard')
# Not 403 — either 200, 404 (not yet implemented), or 500 (backend error)
assert r.status_code != 403
def test_peer_allowed_peer_services(peer_client):
r = peer_client.get('/api/peer/services')
assert r.status_code != 403
# ── auth endpoints exempt from session requirement ────────────────────────────
def test_anon_auth_login_not_blocked_by_hook(anon_client):
"""The before_request hook must whitelist /api/auth/* so login is accessible."""
r = anon_client.post(
'/api/auth/login',
data=json.dumps({'username': 'doesnotmatter', 'password': 'x'}),
content_type='application/json',
)
# Hook must not return 401 for /api/auth/login; the route itself may return 401
# for bad credentials but that is a different 401 (from the route, not the hook).
# The key contract: we must NOT get a 403 "Forbidden" from the hook.
assert r.status_code != 403
def test_anon_can_reach_auth_namespace(anon_client):
"""GET /api/auth/me returns 401 from the route (unauthenticated) not from hook."""
r = anon_client.get('/api/auth/me')
# 401 is expected here but it must originate from the route, not a redirect/block
# on a non-auth path. The response should be JSON, not a redirect (3xx).
assert r.status_code not in (301, 302, 403)
tests/test_wireguard_manager.py
+10 -10
View File
@@ -311,7 +311,7 @@ PersistentKeepalive = 30
self.assertFalse(success, "Wide CIDR must be rejected") self.assertFalse(success, "Wide CIDR must be rejected")
# Valid /32 with any key string is accepted (key format not validated at this layer) # Valid /32 with any key string is accepted (key format not validated at this layer)
success = self.wg_manager.add_peer('testpeer', 'any_key_string=', '', '10.0.0.2/32') success = self.wg_manager.add_peer('testpeer', 'YW55X2tleV9zdHJpbmdfZm9yX3Rlc3RzX3dnMTIzISE=', '', '10.0.0.2/32')
self.assertTrue(success) self.assertTrue(success)
# Removing non-existent peer is a no-op, not an error # Removing non-existent peer is a no-op, not an error
@@ -341,31 +341,31 @@ class TestWireGuardCellPeer(unittest.TestCase):
shutil.rmtree(self.test_dir) shutil.rmtree(self.test_dir)
def test_add_cell_peer_allows_subnet_cidr(self): def test_add_cell_peer_allows_subnet_cidr(self):
ok = self.wg.add_cell_peer('remote', 'remotepubkey=', '5.6.7.8:51821', '10.1.0.0/24') ok = self.wg.add_cell_peer('remote', 'cmVtb3RlcHVia2V5X2Zvcl90ZXN0c193Z3Rlc3QxMiE=', '5.6.7.8:51821', '10.1.0.0/24')
self.assertTrue(ok) self.assertTrue(ok)
content = self.wg._read_config() content = self.wg._read_config()
self.assertIn('10.1.0.0/24', content) self.assertIn('10.1.0.0/24', content)
def test_add_cell_peer_writes_full_endpoint(self): def test_add_cell_peer_writes_full_endpoint(self):
self.wg.add_cell_peer('remote', 'remotepubkey=', '5.6.7.8:51821', '10.1.0.0/24') self.wg.add_cell_peer('remote', 'cmVtb3RlcHVia2V5X2Zvcl90ZXN0c193Z3Rlc3QxMiE=', '5.6.7.8:51821', '10.1.0.0/24')
content = self.wg._read_config() content = self.wg._read_config()
self.assertIn('Endpoint = 5.6.7.8:51821', content) self.assertIn('Endpoint = 5.6.7.8:51821', content)
def test_add_cell_peer_comment_has_cell_prefix(self): def test_add_cell_peer_comment_has_cell_prefix(self):
self.wg.add_cell_peer('remote', 'remotepubkey=', '5.6.7.8:51821', '10.1.0.0/24') self.wg.add_cell_peer('remote', 'cmVtb3RlcHVia2V5X2Zvcl90ZXN0c193Z3Rlc3QxMiE=', '5.6.7.8:51821', '10.1.0.0/24')
content = self.wg._read_config() content = self.wg._read_config()
self.assertIn('# cell:remote', content) self.assertIn('# cell:remote', content)
def test_add_cell_peer_invalid_cidr_returns_false(self): def test_add_cell_peer_invalid_cidr_returns_false(self):
ok = self.wg.add_cell_peer('remote', 'remotepubkey=', '5.6.7.8:51821', 'not-a-cidr') ok = self.wg.add_cell_peer('remote', 'cmVtb3RlcHVia2V5X2Zvcl90ZXN0c193Z3Rlc3QxMiE=', '5.6.7.8:51821', 'not-a-cidr')
self.assertFalse(ok) self.assertFalse(ok)
def test_add_cell_peer_can_coexist_with_regular_peers(self): def test_add_cell_peer_can_coexist_with_regular_peers(self):
self.wg.add_peer('alice', 'alicepubkey=', '', '10.0.0.2/32') self.wg.add_peer('alice', 'YWxpY2VwdWJrZXlfZm9yX3Rlc3RzX3dndGVzdDEyMyE=', '', '10.0.0.2/32')
self.wg.add_cell_peer('remote', 'remotepubkey=', '5.6.7.8:51821', '10.1.0.0/24') self.wg.add_cell_peer('remote', 'cmVtb3RlcHVia2V5X2Zvcl90ZXN0c193Z3Rlc3QxMiE=', '5.6.7.8:51821', '10.1.0.0/24')
content = self.wg._read_config() content = self.wg._read_config()
self.assertIn('alicepubkey=', content) self.assertIn('YWxpY2VwdWJrZXlfZm9yX3Rlc3RzX3dndGVzdDEyMyE=', content)
self.assertIn('remotepubkey=', content) self.assertIn('cmVtb3RlcHVia2V5X2Zvcl90ZXN0c193Z3Rlc3QxMiE=', content)
class TestWireGuardConfigReads(unittest.TestCase): class TestWireGuardConfigReads(unittest.TestCase):
@@ -449,7 +449,7 @@ class TestWireGuardConfigReads(unittest.TestCase):
def test_add_peer_uses_configured_port_in_endpoint(self): def test_add_peer_uses_configured_port_in_endpoint(self):
self._write_wg_conf(port=54321) self._write_wg_conf(port=54321)
self.wg.add_peer('alice', 'pubkeyalice=', '5.6.7.8', '10.0.0.2/32') self.wg.add_peer('alice', 'cHVia2V5YWxpY2VfZm9yX3Rlc3RzX3dpcmVndWFyZCE=', '5.6.7.8', '10.0.0.2/32')
content = self.wg._read_config() content = self.wg._read_config()
self.assertIn('Endpoint = 5.6.7.8:54321', content) self.assertIn('Endpoint = 5.6.7.8:54321', content)
self.assertNotIn(':51820', content) self.assertNotIn(':51820', content)
webui/src/App.jsx
+45 -15
View File
@@ -17,10 +17,13 @@ import {
Link2, Link2,
RefreshCw, RefreshCw,
AlertTriangle, AlertTriangle,
User,
} from 'lucide-react'; } from 'lucide-react';
import { healthAPI, cellAPI } from './services/api'; import { healthAPI, cellAPI } from './services/api';
import { ConfigProvider } from './contexts/ConfigContext'; import { ConfigProvider } from './contexts/ConfigContext';
import { DraftConfigProvider, useDraftConfig } from './contexts/DraftConfigContext'; import { DraftConfigProvider, useDraftConfig } from './contexts/DraftConfigContext';
import { AuthProvider, useAuth } from './contexts/AuthContext';
import PrivateRoute from './components/PrivateRoute';
import Sidebar from './components/Sidebar'; import Sidebar from './components/Sidebar';
import Dashboard from './pages/Dashboard'; import Dashboard from './pages/Dashboard';
import Peers from './pages/Peers'; import Peers from './pages/Peers';
@@ -35,6 +38,10 @@ import Settings from './pages/Settings';
import Vault from './pages/Vault'; import Vault from './pages/Vault';
import ContainerDashboard from './components/ContainerDashboard'; import ContainerDashboard from './components/ContainerDashboard';
import CellNetwork from './pages/CellNetwork'; import CellNetwork from './pages/CellNetwork';
import Login from './pages/Login';
import AccountSettings from './pages/AccountSettings';
import PeerDashboard from './pages/PeerDashboard';
import MyServices from './pages/MyServices';
function PendingRestartBanner({ pending, onApply, onCancel }) { function PendingRestartBanner({ pending, onApply, onCancel }) {
const [confirming, setConfirming] = useState(false); const [confirming, setConfirming] = useState(false);
@@ -218,7 +225,7 @@ function AppCore() {
window.dispatchEvent(new CustomEvent('pic-config-discarded')); window.dispatchEvent(new CustomEvent('pic-config-discarded'));
}, []); }, []);
const navigation = [ const adminNavigation = [
{ name: 'Dashboard', href: '/', icon: Home }, { name: 'Dashboard', href: '/', icon: Home },
{ name: 'Peers', href: '/peers', icon: Users }, { name: 'Peers', href: '/peers', icon: Users },
{ name: 'Network Services', href: '/network', icon: Network }, { name: 'Network Services', href: '/network', icon: Network },
@@ -232,8 +239,18 @@ function AppCore() {
{ name: 'Cell Network', href: '/cell-network', icon: Link2 }, { name: 'Cell Network', href: '/cell-network', icon: Link2 },
{ name: 'Logs', href: '/logs', icon: Activity }, { name: 'Logs', href: '/logs', icon: Activity },
{ name: 'Settings', href: '/settings', icon: SettingsIcon }, { name: 'Settings', href: '/settings', icon: SettingsIcon },
{ name: 'Account', href: '/account', icon: User },
]; ];
const peerNavigation = [
{ name: 'Dashboard', href: '/', icon: Home },
{ name: 'My Services', href: '/my-services', icon: FolderOpen },
{ name: 'Account', href: '/account', icon: User },
];
const { user } = useAuth();
const navigation = user?.role === 'peer' ? peerNavigation : adminNavigation;
if (isLoading) { if (isLoading) {
return ( return (
<div className="min-h-screen bg-gray-50 flex items-center justify-center"> <div className="min-h-screen bg-gray-50 flex items-center justify-center">
@@ -247,10 +264,12 @@ function AppCore() {
return ( return (
<Router> <Router>
<Routes>
<Route path="/login" element={<Login />} />
<Route path="*" element={
<ConfigProvider> <ConfigProvider>
<div className="min-h-screen bg-gray-50"> <div className="min-h-screen bg-gray-50">
<Sidebar navigation={navigation} isOnline={isOnline} /> <Sidebar navigation={navigation} isOnline={isOnline} />
<div className="lg:pl-72"> <div className="lg:pl-72">
<main className="py-10"> <main className="py-10">
<div className="px-4 sm:px-6 lg:px-8"> <div className="px-4 sm:px-6 lg:px-8">
@@ -308,34 +327,45 @@ function AppCore() {
)} )}
<Routes> <Routes>
<Route path="/" element={<Dashboard isOnline={isOnline} />} /> <Route path="/" element={<PrivateRoute><RoleHome isOnline={isOnline} /></PrivateRoute>} />
<Route path="/peers" element={<Peers />} /> <Route path="/account" element={<PrivateRoute><AccountSettings /></PrivateRoute>} />
<Route path="/network" element={<NetworkServices />} /> <Route path="/my-services" element={<PrivateRoute requireRole="peer"><MyServices /></PrivateRoute>} />
<Route path="/wireguard" element={<WireGuard />} /> <Route path="/peers" element={<PrivateRoute requireRole="admin"><Peers /></PrivateRoute>} />
<Route path="/email" element={<Email />} /> <Route path="/network" element={<PrivateRoute requireRole="admin"><NetworkServices /></PrivateRoute>} />
<Route path="/calendar" element={<Calendar />} /> <Route path="/wireguard" element={<PrivateRoute requireRole="admin"><WireGuard /></PrivateRoute>} />
<Route path="/files" element={<Files />} /> <Route path="/email" element={<PrivateRoute requireRole="admin"><Email /></PrivateRoute>} />
<Route path="/routing" element={<Routing />} /> <Route path="/calendar" element={<PrivateRoute requireRole="admin"><Calendar /></PrivateRoute>} />
<Route path="/vault" element={<Vault />} /> <Route path="/files" element={<PrivateRoute requireRole="admin"><Files /></PrivateRoute>} />
<Route path="/containers" element={<ContainerDashboard />} /> <Route path="/routing" element={<PrivateRoute requireRole="admin"><Routing /></PrivateRoute>} />
<Route path="/cell-network" element={<CellNetwork />} /> <Route path="/vault" element={<PrivateRoute requireRole="admin"><Vault /></PrivateRoute>} />
<Route path="/logs" element={<Logs />} /> <Route path="/containers" element={<PrivateRoute requireRole="admin"><ContainerDashboard /></PrivateRoute>} />
<Route path="/settings" element={<Settings />} /> <Route path="/cell-network" element={<PrivateRoute requireRole="admin"><CellNetwork /></PrivateRoute>} />
<Route path="/logs" element={<PrivateRoute requireRole="admin"><Logs /></PrivateRoute>} />
<Route path="/settings" element={<PrivateRoute requireRole="admin"><Settings /></PrivateRoute>} />
</Routes> </Routes>
</div> </div>
</main> </main>
</div> </div>
</div> </div>
</ConfigProvider> </ConfigProvider>
} />
</Routes>
</Router> </Router>
); );
} }
function RoleHome({ isOnline }) {
const { user } = useAuth();
return user?.role === 'peer' ? <PeerDashboard /> : <Dashboard isOnline={isOnline} />;
}
function App() { function App() {
return ( return (
<AuthProvider>
<DraftConfigProvider> <DraftConfigProvider>
<AppCore /> <AppCore />
</DraftConfigProvider> </DraftConfigProvider>
</AuthProvider>
); );
} }
webui/src/components/PrivateRoute.jsx
+23
View File
@@ -0,0 +1,23 @@
import React from 'react';
import { Navigate } from 'react-router-dom';
import { useAuth } from '../contexts/AuthContext';
export default function PrivateRoute({ children, requireRole }) {
const { user, loading } = useAuth();
if (loading) {
return (
<div className="flex items-center justify-center min-h-screen bg-gray-950">
<div className="text-gray-400 text-sm">Loading</div>
</div>
);
}
if (!user) return <Navigate to="/login" replace />;
if (requireRole && user.role !== requireRole) {
return <Navigate to="/" replace />;
}
return children;
}
webui/src/components/Sidebar.jsx
+30 -1
View File
@@ -1,11 +1,14 @@
import { useState } from 'react'; import { useState } from 'react';
import { Link, useLocation } from 'react-router-dom'; import { Link, useLocation } from 'react-router-dom';
import { X } from 'lucide-react'; import { X, LogOut } from 'lucide-react';
import { clsx } from 'clsx'; import { clsx } from 'clsx';
import { useAuth } from '../contexts/AuthContext';
function Sidebar({ navigation, isOnline }) { function Sidebar({ navigation, isOnline }) {
const [sidebarOpen, setSidebarOpen] = useState(false); const [sidebarOpen, setSidebarOpen] = useState(false);
const location = useLocation(); const location = useLocation();
const auth = useAuth();
const { logout, user } = auth || {};
return ( return (
<> <>
@@ -59,6 +62,17 @@ function Sidebar({ navigation, isOnline }) {
))} ))}
</ul> </ul>
</li> </li>
<li className="mt-auto">
{logout && (
<button
onClick={logout}
className="flex items-center gap-2 text-sm text-gray-600 hover:text-gray-900 transition-colors w-full"
>
<LogOut className="h-4 w-4" />
Sign out{user ? ` (${user.username})` : ''}
</button>
)}
</li>
</ul> </ul>
</nav> </nav>
</div> </div>
@@ -102,6 +116,7 @@ function Sidebar({ navigation, isOnline }) {
</ul> </ul>
</li> </li>
<li className="mt-auto"> <li className="mt-auto">
<div className="flex items-center justify-between gap-x-2">
<div className="flex items-center gap-x-2"> <div className="flex items-center gap-x-2">
<div className={clsx( <div className={clsx(
'h-2 w-2 rounded-full', 'h-2 w-2 rounded-full',
@@ -111,6 +126,20 @@ function Sidebar({ navigation, isOnline }) {
{isOnline ? 'Connected' : 'Disconnected'} {isOnline ? 'Connected' : 'Disconnected'}
</span> </span>
</div> </div>
{logout && (
<button
onClick={logout}
className="flex items-center gap-1 text-xs text-gray-500 hover:text-gray-700 transition-colors"
title="Sign out"
>
<LogOut className="h-3.5 w-3.5" />
Sign out
</button>
)}
</div>
{user && (
<p className="text-xs text-gray-400 mt-1 truncate">{user.username}</p>
)}
</li> </li>
</ul> </ul>
</nav> </nav>
webui/src/contexts/AuthContext.jsx
+42
View File
@@ -0,0 +1,42 @@
import React, { createContext, useContext, useState, useEffect } from 'react';
import { authAPI } from '../services/api';
const AuthContext = createContext(null);
export function AuthProvider({ children }) {
const [user, setUser] = useState(null);
const [loading, setLoading] = useState(true);
useEffect(() => {
authAPI.me()
.then(r => setUser(r.data))
.catch(() => setUser(null))
.finally(() => setLoading(false));
}, []);
const login = async (username, password) => {
const r = await authAPI.login(username, password);
setUser(r.data);
return r.data;
};
const logout = async () => {
await authAPI.logout();
setUser(null);
window.location.href = '/login';
};
const changePassword = (old_password, new_password) =>
authAPI.changePassword(old_password, new_password);
const refresh = () =>
authAPI.me().then(r => setUser(r.data)).catch(() => setUser(null));
return (
<AuthContext.Provider value={{ user, loading, login, logout, changePassword, refresh }}>
{children}
</AuthContext.Provider>
);
}
export const useAuth = () => useContext(AuthContext);
webui/src/pages/AccountSettings.jsx
+211
View File
@@ -0,0 +1,211 @@
import React, { useState, useEffect } from 'react';
import { CheckCircle, XCircle, AlertTriangle } from 'lucide-react';
import { useAuth } from '../contexts/AuthContext';
import { authAPI } from '../services/api';
export default function AccountSettings() {
const { user, changePassword } = useAuth();
const [oldPassword, setOldPassword] = useState('');
const [newPassword, setNewPassword] = useState('');
const [confirmPassword, setConfirmPassword] = useState('');
const [pwStatus, setPwStatus] = useState(null);
const [pwError, setPwError] = useState('');
const [pwLoading, setPwLoading] = useState(false);
const [adminUsers, setAdminUsers] = useState([]);
const [adminTarget, setAdminTarget] = useState('');
const [adminNewPw, setAdminNewPw] = useState('');
const [adminStatus, setAdminStatus] = useState(null);
const [adminError, setAdminError] = useState('');
const [adminLoading, setAdminLoading] = useState(false);
useEffect(() => {
if (user?.role === 'admin') {
authAPI.listUsers()
.then(r => {
const list = r.data || [];
setAdminUsers(list);
if (list.length > 0) setAdminTarget(list[0].username || list[0]);
})
.catch(() => {});
}
}, [user]);
const pwErrors = (() => {
const e = {};
if (newPassword && newPassword.length < 10) e.newPassword = 'Password must be at least 10 characters';
if (confirmPassword && newPassword !== confirmPassword) e.confirmPassword = 'Passwords do not match';
return e;
})();
const handleChangePassword = async e => {
e.preventDefault();
if (Object.keys(pwErrors).length) return;
setPwLoading(true);
setPwError('');
setPwStatus(null);
try {
await changePassword(oldPassword, newPassword);
setPwStatus('success');
setOldPassword('');
setNewPassword('');
setConfirmPassword('');
} catch (err) {
setPwError(err?.response?.data?.error || 'Failed to change password.');
} finally {
setPwLoading(false);
}
};
const handleAdminReset = async e => {
e.preventDefault();
if (!adminNewPw || adminNewPw.length < 10) {
setAdminError('Password must be at least 10 characters');
return;
}
setAdminLoading(true);
setAdminError('');
setAdminStatus(null);
try {
await authAPI.adminResetPassword(adminTarget, adminNewPw);
setAdminStatus('success');
setAdminNewPw('');
} catch (err) {
setAdminError(err?.response?.data?.error || 'Failed to reset password.');
} finally {
setAdminLoading(false);
}
};
return (
<div>
<div className="mb-6">
<h1 className="text-2xl font-bold text-gray-900">Account Settings</h1>
<p className="mt-1 text-gray-500 text-sm">Manage your login credentials</p>
</div>
{user?.must_change_password && (
<div className="mb-6 flex items-start gap-3 bg-yellow-50 border border-yellow-300 rounded-lg p-4">
<AlertTriangle className="h-5 w-5 text-yellow-600 flex-shrink-0 mt-0.5" />
<p className="text-sm text-yellow-800 font-medium">
You must change your password before continuing. Choose a new password below.
</p>
</div>
)}
<div className="card mb-4">
<h2 className="text-base font-semibold text-gray-900 mb-4">Change Password</h2>
<form onSubmit={handleChangePassword} className="space-y-4 max-w-sm">
<div>
<label className="block text-sm text-gray-600 mb-1">Current password</label>
<input
type="password"
value={oldPassword}
onChange={e => setOldPassword(e.target.value)}
autoComplete="current-password"
required
className="w-full text-sm border rounded px-3 py-1.5 focus:outline-none focus:ring-2 focus:ring-primary-400 bg-white"
/>
</div>
<div>
<label className="block text-sm text-gray-600 mb-1">New password</label>
<input
type="password"
value={newPassword}
onChange={e => setNewPassword(e.target.value)}
autoComplete="new-password"
required
className={`w-full text-sm border rounded px-3 py-1.5 focus:outline-none focus:ring-2 focus:ring-primary-400 bg-white ${pwErrors.newPassword ? 'border-red-400' : ''}`}
/>
{pwErrors.newPassword && <p className="text-xs text-red-500 mt-1">{pwErrors.newPassword}</p>}
<p className="text-xs text-gray-400 mt-1">Minimum 10 characters</p>
</div>
<div>
<label className="block text-sm text-gray-600 mb-1">Confirm new password</label>
<input
type="password"
value={confirmPassword}
onChange={e => setConfirmPassword(e.target.value)}
autoComplete="new-password"
required
className={`w-full text-sm border rounded px-3 py-1.5 focus:outline-none focus:ring-2 focus:ring-primary-400 bg-white ${pwErrors.confirmPassword ? 'border-red-400' : ''}`}
/>
{pwErrors.confirmPassword && <p className="text-xs text-red-500 mt-1">{pwErrors.confirmPassword}</p>}
</div>
{pwError && (
<div className="flex items-center gap-2 text-sm text-red-600">
<XCircle className="h-4 w-4 flex-shrink-0" />
{pwError}
</div>
)}
{pwStatus === 'success' && (
<div className="flex items-center gap-2 text-sm text-green-600">
<CheckCircle className="h-4 w-4 flex-shrink-0" />
Password changed successfully.
</div>
)}
<button
type="submit"
disabled={pwLoading || Object.keys(pwErrors).length > 0 || !oldPassword || !newPassword || !confirmPassword}
className="btn btn-primary disabled:opacity-50"
>
{pwLoading ? 'Saving…' : 'Update Password'}
</button>
</form>
</div>
{user?.role === 'admin' && (
<div className="card">
<h2 className="text-base font-semibold text-gray-900 mb-1">Reset Another User's Password</h2>
<p className="text-sm text-gray-500 mb-4">Set a new password for any user account.</p>
<form onSubmit={handleAdminReset} className="space-y-4 max-w-sm">
<div>
<label className="block text-sm text-gray-600 mb-1">User</label>
<select
value={adminTarget}
onChange={e => setAdminTarget(e.target.value)}
className="w-full text-sm border rounded px-3 py-1.5 focus:outline-none focus:ring-2 focus:ring-primary-400 bg-white"
>
{adminUsers.map(u => {
const name = typeof u === 'string' ? u : u.username;
return <option key={name} value={name}>{name}</option>;
})}
</select>
</div>
<div>
<label className="block text-sm text-gray-600 mb-1">New password</label>
<input
type="password"
value={adminNewPw}
onChange={e => { setAdminNewPw(e.target.value); setAdminError(''); }}
autoComplete="new-password"
required
className={`w-full text-sm border rounded px-3 py-1.5 focus:outline-none focus:ring-2 focus:ring-primary-400 bg-white ${adminError ? 'border-red-400' : ''}`}
/>
{adminError && <p className="text-xs text-red-500 mt-1">{adminError}</p>}
<p className="text-xs text-gray-400 mt-1">Minimum 10 characters</p>
</div>
{adminStatus === 'success' && (
<div className="flex items-center gap-2 text-sm text-green-600">
<CheckCircle className="h-4 w-4 flex-shrink-0" />
Password reset successfully.
</div>
)}
<button
type="submit"
disabled={adminLoading || !adminTarget || !adminNewPw}
className="btn btn-primary disabled:opacity-50"
>
{adminLoading ? 'Resetting…' : 'Reset Password'}
</button>
</form>
</div>
)}
</div>
);
}
webui/src/pages/Login.jsx
+70
View File
@@ -0,0 +1,70 @@
import React, { useState } from 'react';
import { useNavigate } from 'react-router-dom';
import { useAuth } from '../contexts/AuthContext';
export default function Login() {
const { login } = useAuth();
const navigate = useNavigate();
const [username, setUsername] = useState('');
const [password, setPassword] = useState('');
const [error, setError] = useState('');
const [loading, setLoading] = useState(false);
const handleSubmit = async e => {
e.preventDefault();
setError('');
setLoading(true);
try {
await login(username, password);
navigate('/', { replace: true });
} catch (err) {
if (err.response?.status === 423) {
setError('Account locked. Too many failed attempts. Try again later.');
} else {
setError('Invalid username or password.');
}
} finally {
setLoading(false);
}
};
return (
<div className="flex items-center justify-center min-h-screen bg-gray-950">
<div className="w-full max-w-sm bg-gray-900 border border-gray-700 rounded-lg p-8 shadow-lg">
<h1 className="text-xl font-semibold text-white mb-6">Personal Internet Cell</h1>
<form onSubmit={handleSubmit} className="space-y-4">
<div>
<label className="block text-sm text-gray-400 mb-1">Username</label>
<input
type="text"
autoComplete="username"
value={username}
onChange={e => setUsername(e.target.value)}
className="w-full bg-gray-800 border border-gray-600 rounded px-3 py-2 text-white text-sm focus:outline-none focus:border-blue-500"
required
/>
</div>
<div>
<label className="block text-sm text-gray-400 mb-1">Password</label>
<input
type="password"
autoComplete="current-password"
value={password}
onChange={e => setPassword(e.target.value)}
className="w-full bg-gray-800 border border-gray-600 rounded px-3 py-2 text-white text-sm focus:outline-none focus:border-blue-500"
required
/>
</div>
{error && <p className="text-red-400 text-sm">{error}</p>}
<button
type="submit"
disabled={loading}
className="w-full bg-blue-600 hover:bg-blue-500 disabled:opacity-50 text-white text-sm font-medium py-2 rounded transition-colors"
>
{loading ? 'Signing in…' : 'Sign in'}
</button>
</form>
</div>
</div>
);
}
webui/src/pages/MyServices.jsx
+165
View File
@@ -0,0 +1,165 @@
import React, { useState, useEffect } from 'react';
import { Copy, Download, Wifi, Mail, Calendar, FolderOpen } from 'lucide-react';
import { peerAPI } from '../services/api';
function CopyButton({ text }) {
const [copied, setCopied] = useState(false);
const handleCopy = async () => {
try {
await navigator.clipboard.writeText(text);
setCopied(true);
setTimeout(() => setCopied(false), 2000);
} catch {}
};
return (
<button
onClick={handleCopy}
className="inline-flex items-center gap-1 text-xs text-primary-600 hover:text-primary-800 transition-colors"
title="Copy to clipboard"
>
<Copy className="h-3.5 w-3.5" />
{copied ? 'Copied' : 'Copy'}
</button>
);
}
function InfoRow({ label, value }) {
return (
<div className="flex flex-col sm:flex-row sm:items-center gap-1 sm:gap-4 py-2 border-b border-gray-100 last:border-0">
<span className="text-sm text-gray-500 sm:w-40 shrink-0">{label}</span>
<div className="flex items-center gap-2 min-w-0">
<span className="text-sm font-mono text-gray-900 break-all">{value}</span>
{value && <CopyButton text={value} />}
</div>
</div>
);
}
export default function MyServices() {
const [data, setData] = useState(null);
const [isLoading, setIsLoading] = useState(true);
const [error, setError] = useState('');
useEffect(() => {
peerAPI.services()
.then(r => setData(r.data))
.catch(() => setError('Could not load services. Please try again.'))
.finally(() => setIsLoading(false));
}, []);
const downloadConfig = (filename, content) => {
const blob = new Blob([content], { type: 'text/plain' });
const url = URL.createObjectURL(blob);
const a = document.createElement('a');
a.href = url;
a.download = filename;
document.body.appendChild(a);
a.click();
document.body.removeChild(a);
URL.revokeObjectURL(url);
};
if (isLoading) {
return (
<div className="flex items-center justify-center h-64">
<div className="animate-spin rounded-full h-8 w-8 border-b-2 border-primary-600" />
</div>
);
}
if (error) {
return (
<div className="card text-center py-10">
<p className="text-sm text-danger-600">{error}</p>
</div>
);
}
const wg = data?.wireguard || {};
const email = data?.email || {};
const caldav = data?.caldav || {};
const files = data?.files || {};
return (
<div>
<div className="mb-6">
<h1 className="text-2xl font-bold text-gray-900">My Services</h1>
<p className="mt-1 text-gray-500 text-sm">Credentials and configuration for your personal services</p>
</div>
<div className="card mb-4">
<div className="flex items-center gap-2 mb-4">
<Wifi className="h-5 w-5 text-primary-500" />
<h2 className="text-base font-semibold text-gray-900">WireGuard VPN</h2>
</div>
<InfoRow label="VPN IP" value={wg.ip || wg.allowed_ips || '—'} />
{wg.config && (
<div className="mt-3 flex flex-wrap gap-2">
<button
onClick={() => downloadConfig(`${data?.username || 'peer'}.conf`, wg.config)}
className="inline-flex items-center gap-1.5 btn btn-secondary btn-sm text-sm"
>
<Download className="h-4 w-4" /> Download Config
</button>
<CopyButton text={wg.config} />
</div>
)}
{wg.qr_code && (
<div className="mt-4">
<p className="text-sm text-gray-600 mb-2">Scan with the WireGuard mobile app:</p>
<div className="inline-block p-3 bg-white border-2 border-gray-200 rounded-lg">
<img src={wg.qr_code} alt="WireGuard QR code" className="w-48 h-48" />
</div>
</div>
)}
</div>
<div className="card mb-4">
<div className="flex items-center gap-2 mb-4">
<Mail className="h-5 w-5 text-primary-500" />
<h2 className="text-base font-semibold text-gray-900">Email</h2>
</div>
<InfoRow label="Address" value={email.address || '—'} />
<InfoRow label="SMTP" value={email.smtp ? `${email.smtp.host}:${email.smtp.port}` : '—'} />
<InfoRow label="IMAP" value={email.imap ? `${email.imap.host}:${email.imap.port}` : '—'} />
{(email.smtp || email.imap) && (
<p className="text-xs text-gray-400 mt-3">
When setting up your mail client, use your dashboard username and password for authentication.
</p>
)}
</div>
<div className="card mb-4">
<div className="flex items-center gap-2 mb-4">
<Calendar className="h-5 w-5 text-primary-500" />
<h2 className="text-base font-semibold text-gray-900">Calendar & Contacts</h2>
</div>
<InfoRow label="CalDAV URL" value={caldav.url || '—'} />
<InfoRow label="Username" value={caldav.username || '—'} />
{caldav.url && (
<p className="text-xs text-gray-400 mt-3">
Use this URL in your calendar client. Authenticate with your username and dashboard password.
</p>
)}
</div>
<div className="card mb-4">
<div className="flex items-center gap-2 mb-4">
<FolderOpen className="h-5 w-5 text-primary-500" />
<h2 className="text-base font-semibold text-gray-900">Files</h2>
</div>
<InfoRow label="WebDAV URL" value={files.url || '—'} />
<InfoRow label="Username" value={files.username || '—'} />
{files.url && (
<p className="text-xs text-gray-400 mt-3">
Mount this URL as a network drive or use a WebDAV client. Authenticate with your username and dashboard password.
</p>
)}
</div>
<p className="text-xs text-gray-400 mt-4">
Note: Changing your dashboard password does not update email, calendar, or files passwords.
</p>
</div>
);
}
webui/src/pages/PeerDashboard.jsx
+129
View File
@@ -0,0 +1,129 @@
import React, { useState, useEffect } from 'react';
import { Link } from 'react-router-dom';
import { Wifi, ArrowDown, ArrowUp, Clock } from 'lucide-react';
import { peerAPI } from '../services/api';
function formatBytes(bytes) {
if (!bytes || bytes === 0) return '0 B';
const k = 1024;
const sizes = ['B', 'KB', 'MB', 'GB', 'TB'];
const i = Math.floor(Math.log(bytes) / Math.log(k));
return `${parseFloat((bytes / Math.pow(k, i)).toFixed(1))} ${sizes[i]}`;
}
function timeAgo(isoString) {
if (!isoString) return 'Never';
const seconds = Math.floor((Date.now() - new Date(isoString).getTime()) / 1000);
if (seconds < 60) return `${seconds} seconds ago`;
const minutes = Math.floor(seconds / 60);
if (minutes < 60) return `${minutes} minute${minutes !== 1 ? 's' : ''} ago`;
const hours = Math.floor(minutes / 60);
if (hours < 24) return `${hours} hour${hours !== 1 ? 's' : ''} ago`;
const days = Math.floor(hours / 24);
return `${days} day${days !== 1 ? 's' : ''} ago`;
}
export default function PeerDashboard() {
const [data, setData] = useState(null);
const [isLoading, setIsLoading] = useState(true);
const [error, setError] = useState('');
useEffect(() => {
peerAPI.dashboard()
.then(r => setData(r.data))
.catch(() => setError('Could not load dashboard data. Please try again.'))
.finally(() => setIsLoading(false));
}, []);
if (isLoading) {
return (
<div className="flex items-center justify-center h-64">
<div className="animate-spin rounded-full h-8 w-8 border-b-2 border-primary-600" />
</div>
);
}
if (error) {
return (
<div className="card text-center py-10">
<p className="text-sm text-danger-600">{error}</p>
</div>
);
}
const peer = data || {};
return (
<div>
<div className="mb-6 flex items-center justify-between">
<div>
<h1 className="text-2xl font-bold text-gray-900">{peer.name || 'My Dashboard'}</h1>
<p className="mt-1 text-gray-500 text-sm">Your VPN connection and status</p>
</div>
<span className={`inline-flex items-center gap-1.5 px-3 py-1 rounded-full text-sm font-medium ${
peer.online ? 'bg-success-100 text-success-700' : 'bg-gray-100 text-gray-500'
}`}>
<span className={`h-2 w-2 rounded-full ${peer.online ? 'bg-success-500' : 'bg-gray-400'}`} />
{peer.online ? 'Online' : 'Offline'}
</span>
</div>
<div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-4 gap-4 mb-8">
<div className="card">
<div className="flex items-center">
<Wifi className="h-8 w-8 text-primary-500" />
<div className="ml-4 min-w-0">
<p className="text-sm font-medium text-gray-500">VPN Address</p>
<p className="text-lg font-semibold text-gray-900 font-mono truncate">
{peer.allowed_ips || peer.ip || '—'}
</p>
</div>
</div>
</div>
<div className="card">
<div className="flex items-center">
<ArrowDown className="h-8 w-8 text-primary-500" />
<div className="ml-4">
<p className="text-sm font-medium text-gray-500">Received</p>
<p className="text-lg font-semibold text-gray-900">{formatBytes(peer.transfer_rx)}</p>
</div>
</div>
</div>
<div className="card">
<div className="flex items-center">
<ArrowUp className="h-8 w-8 text-primary-500" />
<div className="ml-4">
<p className="text-sm font-medium text-gray-500">Sent</p>
<p className="text-lg font-semibold text-gray-900">{formatBytes(peer.transfer_tx)}</p>
</div>
</div>
</div>
<div className="card">
<div className="flex items-center">
<Clock className="h-8 w-8 text-primary-500" />
<div className="ml-4">
<p className="text-sm font-medium text-gray-500">Last Handshake</p>
<p className="text-sm font-semibold text-gray-900">{timeAgo(peer.last_handshake)}</p>
</div>
</div>
</div>
</div>
<div className="card">
<h2 className="text-base font-semibold text-gray-900 mb-3">Quick Access</h2>
<Link
to="/my-services"
className="inline-flex items-center gap-2 btn btn-primary"
>
My Services
</Link>
<p className="text-xs text-gray-500 mt-2">
View your VPN config, email, calendar, and file storage credentials.
</p>
</div>
</div>
);
}
webui/src/pages/Peers.jsx
+75 -7
View File
@@ -1,6 +1,6 @@
import { useState, useEffect } from 'react'; import { useState, useEffect } from 'react';
import { Plus, Trash2, Edit, Eye, Shield, Copy, Download, Key, AlertTriangle, CheckCircle, Globe, Lock, Users, Server } from 'lucide-react'; import { Plus, Trash2, Edit, Eye, Shield, Copy, Download, Key, AlertTriangle, CheckCircle, Globe, Lock, Users, Server } from 'lucide-react';
import { peerAPI, wireguardAPI } from '../services/api'; import { peerRegistryAPI, wireguardAPI } from '../services/api';
import { useConfig } from '../contexts/ConfigContext'; import { useConfig } from '../contexts/ConfigContext';
import QRCode from 'qrcode'; import QRCode from 'qrcode';
@@ -15,8 +15,16 @@ const emptyForm = () => ({
service_access: ['calendar', 'files', 'mail', 'webdav'], service_access: ['calendar', 'files', 'mail', 'webdav'],
peer_access: true, peer_access: true,
create_calendar: false, create_calendar: false,
password: '',
}); });
const generatePassword = () => {
const chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%';
const arr = new Uint8Array(14);
crypto.getRandomValues(arr);
return Array.from(arr).map(b => chars[b % chars.length]).join('');
};
function AccessBadge({ icon: Icon, label, active }) { function AccessBadge({ icon: Icon, label, active }) {
return ( return (
<span className={`inline-flex items-center px-1.5 py-0.5 rounded text-xs font-medium mr-1 ${ <span className={`inline-flex items-center px-1.5 py-0.5 rounded text-xs font-medium mr-1 ${
@@ -59,6 +67,7 @@ function Peers() {
const [showAddModal, setShowAddModal] = useState(false); const [showAddModal, setShowAddModal] = useState(false);
const [showEditModal, setShowEditModal] = useState(false); const [showEditModal, setShowEditModal] = useState(false);
const [showViewModal, setShowViewModal] = useState(false); const [showViewModal, setShowViewModal] = useState(false);
const [showPasswordModal, setShowPasswordModal] = useState(null);
const [selectedPeer, setSelectedPeer] = useState(null); const [selectedPeer, setSelectedPeer] = useState(null);
const [formData, setFormData] = useState(emptyForm()); const [formData, setFormData] = useState(emptyForm());
const [showAdvanced, setShowAdvanced] = useState(false); const [showAdvanced, setShowAdvanced] = useState(false);
@@ -79,7 +88,7 @@ function Peers() {
const fetchPeers = async () => { const fetchPeers = async () => {
try { try {
const [regResp, statusResp, scResp] = await Promise.all([ const [regResp, statusResp, scResp] = await Promise.all([
peerAPI.getPeers(), peerRegistryAPI.getPeers(),
wireguardAPI.getPeerStatuses().catch(() => ({ data: {} })), wireguardAPI.getPeerStatuses().catch(() => ({ data: {} })),
fetch('/api/wireguard/server-config').then(r => r.ok ? r.json() : null).catch(() => null), fetch('/api/wireguard/server-config').then(r => r.ok ? r.json() : null).catch(() => null),
]); ]);
@@ -156,6 +165,7 @@ PersistentKeepalive = ${peer.persistent_keepalive || 25}`;
const handleAddPeer = async (e) => { const handleAddPeer = async (e) => {
e.preventDefault(); e.preventDefault();
const errs = validate(formData); const errs = validate(formData);
if (!formData.password || formData.password.length < 10) errs.password = 'Password must be at least 10 characters';
if (Object.keys(errs).length) { setErrors(errs); return; } if (Object.keys(errs).length) { setErrors(errs); return; }
setIsSubmitting(true); setIsSubmitting(true);
try { try {
@@ -179,11 +189,10 @@ PersistentKeepalive = ${peer.persistent_keepalive || 25}`;
internet_access: formData.internet_access, internet_access: formData.internet_access,
service_access: formData.service_access, service_access: formData.service_access,
peer_access: formData.peer_access, peer_access: formData.peer_access,
password: formData.password,
}; };
const addResult = await peerAPI.addPeer(peerData); const addResult = await peerRegistryAPI.addPeer(peerData);
const assignedIp = addResult.data?.ip; const assignedIp = addResult.data?.ip;
// Server-side AllowedIPs = peer's VPN IP only (/32).
// Full/split tunnel is a CLIENT-side setting (AllowedIPs in the client config).
await wireguardAPI.addPeer({ await wireguardAPI.addPeer({
name: formData.name, name: formData.name,
public_key: publicKey, public_key: publicKey,
@@ -197,11 +206,14 @@ PersistentKeepalive = ${peer.persistent_keepalive || 25}`;
} catch {} } catch {}
} }
const provisioned = addResult.data?.provisioned;
const createdName = formData.name;
const createdPassword = formData.password;
setShowAddModal(false); setShowAddModal(false);
setFormData(emptyForm()); setFormData(emptyForm());
setErrors({}); setErrors({});
fetchPeers(); fetchPeers();
showToast(`Peer "${formData.name}" created. Open it to download the tunnel config.`); setShowPasswordModal({ name: createdName, password: createdPassword, provisioned });
} catch (err) { } catch (err) {
showToast(err?.response?.data?.error || 'Failed to add peer', 'error'); showToast(err?.response?.data?.error || 'Failed to add peer', 'error');
} finally { setIsSubmitting(false); } } finally { setIsSubmitting(false); }
@@ -251,7 +263,7 @@ PersistentKeepalive = ${peer.persistent_keepalive || 25}`;
const handleRemovePeer = async (peerName) => { const handleRemovePeer = async (peerName) => {
if (!window.confirm(`Remove peer "${peerName}"?`)) return; if (!window.confirm(`Remove peer "${peerName}"?`)) return;
try { try {
await Promise.all([peerAPI.removePeer(peerName), wireguardAPI.removePeer({ name: peerName })]); await Promise.all([peerRegistryAPI.removePeer(peerName), wireguardAPI.removePeer({ name: peerName })]);
fetchPeers(); fetchPeers();
showToast(`Peer "${peerName}" removed.`); showToast(`Peer "${peerName}" removed.`);
} catch { showToast('Failed to remove peer', 'error'); } } catch { showToast('Failed to remove peer', 'error'); }
@@ -525,6 +537,25 @@ PersistentKeepalive = ${peer.persistent_keepalive || 25}`;
{/* Account Creation */} {/* Account Creation */}
<div className="pt-3 border-t border-gray-200"> <div className="pt-3 border-t border-gray-200">
<div className="text-sm font-semibold text-gray-700 mb-2">Account Setup</div> <div className="text-sm font-semibold text-gray-700 mb-2">Account Setup</div>
<div className="mb-3">
<label className="block text-sm font-medium text-gray-700 mb-1">Dashboard Password *</label>
<div className="flex gap-2">
<input
type="password"
value={formData.password}
onChange={e => { setFormData(f => ({ ...f, password: e.target.value })); setErrors(e2 => ({ ...e2, password: undefined })); }}
className={`input flex-1 ${errors.password ? 'border-red-500' : ''}`}
placeholder="Min 10 characters"
autoComplete="new-password"
/>
<button type="button"
onClick={() => setFormData(f => ({ ...f, password: generatePassword() }))}
className="btn btn-secondary text-xs whitespace-nowrap">
Generate
</button>
</div>
{errors.password && <p className="text-xs text-red-600 mt-1">{errors.password}</p>}
</div>
<label className="flex items-center gap-2 cursor-pointer"> <label className="flex items-center gap-2 cursor-pointer">
<input type="checkbox" checked={formData.create_calendar} <input type="checkbox" checked={formData.create_calendar}
onChange={e => setFormData(f => ({ ...f, create_calendar: e.target.checked }))} className="rounded" /> onChange={e => setFormData(f => ({ ...f, create_calendar: e.target.checked }))} className="rounded" />
@@ -727,6 +758,43 @@ PersistentKeepalive = ${peer.persistent_keepalive || 25}`;
</div> </div>
</div> </div>
)} )}
{/* One-time password modal */}
{showPasswordModal && (
<div className="fixed inset-0 bg-gray-600 bg-opacity-50 overflow-y-auto h-full w-full z-50 flex items-center justify-center">
<div className="bg-white rounded-lg shadow-xl p-6 w-full max-w-md mx-4">
<div className="flex items-center gap-2 mb-4">
<CheckCircle className="h-6 w-6 text-green-500 flex-shrink-0" />
<h3 className="text-lg font-medium text-gray-900">Peer Created Save This Password</h3>
</div>
<p className="text-sm text-gray-600 mb-3">
This is the only time you will see this password. Copy it and share it with <strong>{showPasswordModal.name}</strong>.
</p>
<div className="bg-gray-50 border border-gray-200 rounded-md p-3 mb-3">
<div className="flex items-center justify-between gap-2">
<code className="text-sm font-mono text-gray-900 break-all">{showPasswordModal.password}</code>
<button
onClick={() => copyToClipboard(showPasswordModal.password)}
className="flex-shrink-0 p-1.5 text-gray-500 hover:text-gray-700 rounded"
title="Copy password"
>
<Copy className="h-4 w-4" />
</button>
</div>
</div>
{showPasswordModal.provisioned && (
<p className="text-xs text-gray-500 mb-4">
Accounts created: {Object.entries(showPasswordModal.provisioned).filter(([, v]) => v).map(([k]) => k).join(', ') || 'none'}
</p>
)}
<div className="flex justify-end">
<button onClick={() => setShowPasswordModal(null)} className="btn btn-primary">
Done
</button>
</div>
</div>
</div>
)}
</div> </div>
); );
} }
webui/src/pages/WireGuard.jsx
+1 -1
View File
@@ -1,6 +1,6 @@
import { useState, useEffect } from 'react'; import { useState, useEffect } from 'react';
import { Shield, Key, Users, Activity, Wifi, Download, Copy, RefreshCw, Play, Pause, AlertCircle, Eye, Globe, CheckCircle, XCircle } from 'lucide-react'; import { Shield, Key, Users, Activity, Wifi, Download, Copy, RefreshCw, Play, Pause, AlertCircle, Eye, Globe, CheckCircle, XCircle } from 'lucide-react';
import { wireguardAPI, peerAPI } from '../services/api'; import { wireguardAPI, peerRegistryAPI as peerAPI } from '../services/api';
import { useConfig } from '../contexts/ConfigContext'; import { useConfig } from '../contexts/ConfigContext';
import QRCode from 'qrcode'; import QRCode from 'qrcode';
webui/src/services/api.js
+21 -1
View File
@@ -4,6 +4,7 @@ import axios from 'axios';
const api = axios.create({ const api = axios.create({
baseURL: import.meta.env.VITE_API_URL || '', baseURL: import.meta.env.VITE_API_URL || '',
timeout: 10000, timeout: 10000,
withCredentials: true,
headers: { headers: {
'Content-Type': 'application/json', 'Content-Type': 'application/json',
}, },
@@ -28,6 +29,9 @@ api.interceptors.response.use(
}, },
(error) => { (error) => {
console.error('API Response Error:', error.response?.data || error.message); console.error('API Response Error:', error.response?.data || error.message);
if (error.response?.status === 401 && !error.config.url.includes('/auth/login')) {
window.location.href = '/login';
}
return Promise.reject(error); return Promise.reject(error);
} }
); );
@@ -87,7 +91,7 @@ export const wireguardAPI = {
}; };
// Peer Registry API // Peer Registry API
export const peerAPI = { export const peerRegistryAPI = {
getPeers: () => api.get('/api/peers'), getPeers: () => api.get('/api/peers'),
addPeer: (peer) => api.post('/api/peers', peer), addPeer: (peer) => api.post('/api/peers', peer),
removePeer: (peerName) => api.delete(`/api/peers/${peerName}`), removePeer: (peerName) => api.delete(`/api/peers/${peerName}`),
@@ -96,6 +100,22 @@ export const peerAPI = {
updatePeerIP: (peerName, data) => api.put(`/api/peers/${peerName}/update-ip`, data), updatePeerIP: (peerName, data) => api.put(`/api/peers/${peerName}/update-ip`, data),
}; };
// Auth API
export const authAPI = {
login: (username, password) => api.post('/api/auth/login', { username, password }),
logout: () => api.post('/api/auth/logout'),
me: () => api.get('/api/auth/me'),
changePassword: (old_password, new_password) => api.post('/api/auth/change-password', { old_password, new_password }),
adminResetPassword: (username, new_password) => api.post('/api/auth/admin/reset-password', { username, new_password }),
listUsers: () => api.get('/api/auth/users'),
};
// Peer-facing dashboard API
export const peerAPI = {
dashboard: () => api.get('/api/peer/dashboard'),
services: () => api.get('/api/peer/services'),
};
// Email Services API // Email Services API
export const emailAPI = { export const emailAPI = {
getUsers: () => api.get('/api/email/users'), getUsers: () => api.get('/api/email/users'),