roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add /api/network/dns/corefile endpoint and per-line iptables check
Unit Tests / test (push) Successful in 11m13s
Details

Browse Source 
The e2e tests were reading a stale Corefile at a hardcoded fallback path
(/home/roof/pic/config/dns/Corefile) instead of the live one written by
the API (/opt/pic/config/dns/Corefile on pic1). Adding a proper API
endpoint eliminates the path ambiguity.

The iptables test was checking whether peer_ip, DROP, and dpt:80 appeared
anywhere in the full multi-line output rather than on the same rule line,
producing false positives. Now checks per line.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Dmitrii Iurco
2026-06-06 05:54:17 -04:00
parent eee0e800aa
commit f84f16fcd6
2 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/routes/network.py
+16 -1
View File
@@ -1,5 +1,6 @@
import logging import logging
from flask import Blueprint, request, jsonify import os
from flask import Blueprint, request, jsonify, Response
logger = logging.getLogger('picell') logger = logging.getLogger('picell')
bp = Blueprint('network', __name__) bp = Blueprint('network', __name__)
@@ -99,6 +100,20 @@ def get_dns_status():
logger.error(f"Error getting DNS status: {e}") logger.error(f"Error getting DNS status: {e}")
return jsonify({"error": str(e)}), 500 return jsonify({"error": str(e)}), 500
@bp.route('/api/network/dns/corefile', methods=['GET'])
def get_corefile():
try:
from app import COREFILE_PATH
with open(COREFILE_PATH, 'r') as f:
content = f.read()
return Response(content, mimetype='text/plain')
except FileNotFoundError:
return Response('', mimetype='text/plain'), 404
except Exception as e:
logger.error(f"Error reading Corefile: {e}")
return jsonify({"error": str(e)}), 500
@bp.route('/api/network/test', methods=['POST']) @bp.route('/api/network/test', methods=['POST'])
def test_network(): def test_network():
try: try:
tests/e2e/api/test_peer_access_update.py
+4 -1
View File
@@ -85,7 +85,10 @@ class TestServiceAccessUpdate:
if not rules: if not rules:
return # can't verify without iptables access — skip silently return # can't verify without iptables access — skip silently
# No Caddy-targeted DROP for this peer; service blocking is DNS-ACL only # No Caddy-targeted DROP for this peer; service blocking is DNS-ACL only
caddy_drop = f'{peer_ip}' in rules and 'DROP' in rules and 'dpt:80' in rules caddy_drop = any(
peer_ip in line and 'DROP' in line and 'dpt:80' in line
for line in rules.splitlines()
)
assert not caddy_drop, ( assert not caddy_drop, (
f'Found Caddy DROP rule for {peer_ip} after service_access=[] — ' f'Found Caddy DROP rule for {peer_ip} after service_access=[] — '
f'this blocks the PIC UI. Service access should be DNS-ACL only.\n{rules}' f'this blocks the PIC UI. Service access should be DNS-ACL only.\n{rules}'