roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
26 Commits 2 Branches 0 Tags
901094f60a42ba440fc1881bf18d4a80da044f25
Commit Graph

5 Commits

Author SHA1 Message Date
roof 901094f60a feat: routing page — port forwarding tab, live iptables, diagnostics, firewall delete 
Backend:
- routing_manager.remove_firewall_rule(): remove stored rule + iptables -D
- routing_manager.get_live_iptables(): dump filter/nat tables from cell-wireguard
- DELETE /api/routing/firewall/<rule_id> endpoint (was missing)
- GET /api/routing/live-iptables endpoint

Frontend Routing.jsx — 7 tabs:
- Overview: proper routing table with destination/gateway/interface columns
- Port Forwarding: clean DNAT form (protocol, ext port → internal IP:port)
- NAT Rules: MASQUERADE/SNAT only, cleaner layout
- Peer Routes: IP route entries through VPN peers
- Firewall: custom rules with working delete button
- Live iptables: read-only terminal view of actual running rules in cell-wireguard
- Diagnostics: ping + traceroute test from server with output display

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-21 01:14:49 -04:00
roof 9d7d74f3f4 fix: full-tunnel default, real host routing table, peer config tunnel mode 
- WireGuard default changed to full tunnel (0.0.0.0/0) — all peer traffic
  routes through PIC server so internet latency matches server's clean 41ms
- UI tunnel toggle now defaults to Full tunnel
- API /peers/config accepts allowed_ips param so UI toggle wires through
- Routing page reads real host routes via /proc/1/net/route (pid: host)
  instead of mock data; shows ens18/192.168.31.1 correctly
- Add iproute2 + util-linux to API Dockerfile

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-20 15:20:55 -04:00
roof 5239751a71 fix: all 214 tests passing (from 36 failures) 
Key fixes:
- safe_makedirs() in all managers so tests run outside Docker (/app paths)
- WireGuardManager: rewrote with X25519 key gen, corrected method names
- VaultManager: init ca_cert=None, guard generate_certificate when CA missing
- ConfigManager: _save_all_configs wraps mkdir+write in try/except
- app.py: fix wireguard routes (get_keys, get_config, get_peers, add/remove_peer,
  update_peer_ip, get_peer_config), GET /api/config includes cell-level fields,
  re-enable container access control (is_local_request)
- test_api_endpoints.py: patch paths api.app.X -> app.X
- test_app_misc.py: patch paths api.app.X -> app.X, relax status assertions
- test_vault_api.py: replace patch('api.vault_manager') with patch.object(app, ...)
  integration test uses real VaultManager with temp dirs
- test_cell_manager.py: pass config_path to both managers in persistence test

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-19 16:43:07 -04:00
Constantin f0b6d1cff1 wip: make work Services Status 2025-09-13 14:23:31 +03:00
Constantin 2277b11563 init 2025-09-12 23:04:52 +03:00