roof/pic - pic - Gitea: Git with a cup of tea

roof/pic

Fork 0

Commit Graph

Author	SHA1	Message	Date
roof	8b50fb1036	feat: audit/change log — owner-visible record of who changed what Unit Tests / test (push) Successful in 12m47s Details Add AuditManager (api/audit_manager.py): JSONL append-only log at data/api/audit/audit.log with SHA-256 hash chain for tamper detection, verify endpoint, size-based rotation, and automatic redaction of secret fields before any entry is written. Supports structured query (actor, action, date range) and CSV export. Wire an @app.after_request hook in app.py that fires on every mutating /api/* request: captures actor, role, remote IP, and maps the route + method to a human-readable action via ROUTE_ACTION_MAP. Explicit audit entries for password_change and password_reset are added in auth_routes.py so those events record the actor without logging secret values. Expose an admin-only blueprint (api/routes/audit.py): GET /api/audit — paginated query GET /api/audit/export — CSV download GET /api/audit/verify — hash-chain integrity check Register AuditManager in managers.py and add api/audit to config_manager.py critical_data_paths so it is included in backups and restored with other persistent state. Add Activity page (webui/src/pages/Activity.jsx, admin-only) reachable from the nav in App.jsx. New auditAPI helper in api.js covers all three endpoints. Tests: test_audit_manager.py (unit: hash chain, redaction, rotation, query, csv, verify) and test_audit_hook_routes.py (integration: hook fires on mutating routes, skips safe methods, records actor/ip/action, backup-inclusion assertion). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>	2026-06-10 20:19:38 -04:00
roof	82a0c0e9bd	fix: overhaul backup/restore — full secrets coverage, ordered reapply, optional passphrase encryption Unit Tests / test (push) Successful in 12m25s Details P0 — backups previously omitted peers/keys/vault(CA+fernet)/auth/cell-links/ddns/connectivity configs (a restore lost everything incl admin login + CA) and included logs/trash; restore did file-copies only with no reapply. Changes: - api/config_manager.py: backup_config now includes auth_users.json, .flask_secret_key, peers.json, peer_service_credentials.json, WireGuard keys + wg_confs + api/wireguard/keys, vault/ (incl fernet.key), api/services + service configs, cell_links.json, ddns_token, caddy/; new _is_excluded() drops logs/config_backups/.test_admin_pass/.gitkeep/.tmp/ .partial/__pycache__; restore_config reordered (vault/fernet → config → wg keys/peers → cell_links → caddy/dns → service configs → auth/ddns → volumes) + new _reapply_runtime_state() (regenerate Caddyfile/Corefile, reapply services, connectivity apply_routes, replay cell pushes) - api/backup_crypto.py (new): optional passphrase encryption via scrypt-derived key + Fernet; encrypted archives written 0600 - api/routes/config.py: backup/restore accept optional {passphrase}; wrong/missing passphrase returns 400; backup response warns it contains secrets - Makefile: backup target applies same excludes + chmod 0600 + secrets warning - webui/src/services/api.js + webui/src/pages/Settings.jsx: passphrase field on create backup, restore prompt, "contains secrets" banner - tests/test_config_backup_overhaul.py (new, 18 tests) + tests/test_config_backup_restore_http.py (2 assertions updated) Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>	2026-06-10 15:41:10 -04:00

Author

SHA1

Message

Date

roof

8b50fb1036

feat: audit/change log — owner-visible record of who changed what

Unit Tests / test (push) Successful in 12m47s

Details

Add AuditManager (api/audit_manager.py): JSONL append-only log at
data/api/audit/audit.log with SHA-256 hash chain for tamper detection,
verify endpoint, size-based rotation, and automatic redaction of secret
fields before any entry is written. Supports structured query (actor,
action, date range) and CSV export.

Wire an @app.after_request hook in app.py that fires on every mutating
/api/* request: captures actor, role, remote IP, and maps the route +
method to a human-readable action via ROUTE_ACTION_MAP. Explicit audit
entries for password_change and password_reset are added in
auth_routes.py so those events record the actor without logging secret
values.

Expose an admin-only blueprint (api/routes/audit.py):
  GET /api/audit          — paginated query
  GET /api/audit/export   — CSV download
  GET /api/audit/verify   — hash-chain integrity check

Register AuditManager in managers.py and add api/audit to
config_manager.py critical_data_paths so it is included in backups and
restored with other persistent state.

Add Activity page (webui/src/pages/Activity.jsx, admin-only) reachable
from the nav in App.jsx. New auditAPI helper in api.js covers all three
endpoints.

Tests: test_audit_manager.py (unit: hash chain, redaction, rotation,
query, csv, verify) and test_audit_hook_routes.py (integration: hook
fires on mutating routes, skips safe methods, records actor/ip/action,
backup-inclusion assertion).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

2026-06-10 20:19:38 -04:00

roof

82a0c0e9bd

fix: overhaul backup/restore — full secrets coverage, ordered reapply, optional passphrase encryption

Unit Tests / test (push) Successful in 12m25s

Details

P0 — backups previously omitted peers/keys/vault(CA+fernet)/auth/cell-links/ddns/connectivity
configs (a restore lost everything incl admin login + CA) and included logs/trash; restore did
file-copies only with no reapply.

Changes:
- api/config_manager.py: backup_config now includes auth_users.json, .flask_secret_key,
  peers.json, peer_service_credentials.json, WireGuard keys + wg_confs + api/wireguard/keys,
  vault/** (incl fernet.key), api/services + service configs, cell_links.json, ddns_token,
  caddy/**; new _is_excluded() drops logs/config_backups/.test_admin_pass/.gitkeep/*.tmp/
  *.partial/__pycache__; restore_config reordered (vault/fernet → config → wg keys/peers →
  cell_links → caddy/dns → service configs → auth/ddns → volumes) + new _reapply_runtime_state()
  (regenerate Caddyfile/Corefile, reapply services, connectivity apply_routes, replay cell pushes)
- api/backup_crypto.py (new): optional passphrase encryption via scrypt-derived key + Fernet;
  encrypted archives written 0600
- api/routes/config.py: backup/restore accept optional {passphrase}; wrong/missing passphrase
  returns 400; backup response warns it contains secrets
- Makefile: backup target applies same excludes + chmod 0600 + secrets warning
- webui/src/services/api.js + webui/src/pages/Settings.jsx: passphrase field on create backup,
  restore prompt, "contains secrets" banner
- tests/test_config_backup_overhaul.py (new, 18 tests) + tests/test_config_backup_restore_http.py
  (2 assertions updated)

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

2026-06-10 15:41:10 -04:00

2 Commits