pic/tests at 28a193e43020d32518214c30b4f9f48bfa170772 - pic - Gitea: Git with a cup of tea

roof/pic

Files

T

History

roof 28a193e430 Fix ensure_postup_dnat to strip-and-replace all DNAT rules idempotently

_get_dnat_container_ips() used a concatenating docker inspect format that
produced "invalid IP" when containers had multiple network attachments.
The old ensure_postup_dnat appended rather than replacing, so each update
call added a broken duplicate set of rules causing iptables to fail on
startup and tear down wg0 entirely.

Fix _get_dnat_container_ips to use a space separator in the format string
and validate each token as a real IP before accepting it.

Rewrite ensure_postup_dnat with _is_dnat_rule() helper: strips every
managed DNAT/FORWARD rule (any IP, port 53/80) on semicolon-split and
appends a single correct set — fully idempotent regardless of prior state.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-04 06:54:20 -04:00

..

fix: UI always accessible; fix exit-relay AllowedIPs not updating

2026-05-02 05:41:22 -04:00

fix: e2e/integration test infrastructure and Makefile test targets

2026-04-26 08:27:27 -04:00

__init__.py

init

2025-09-12 23:04:52 +03:00

.coverage

init

2025-09-12 23:04:52 +03:00

conftest.py

feat: add authentication and authorization system

2026-04-25 15:00:06 -04:00

run_tests.py

init

2025-09-12 23:04:52 +03:00

test_api_endpoints.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_app_misc.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_auth_manager.py

feat: add authentication and authorization system

2026-04-25 15:00:06 -04:00

test_auth_routes.py

feat: add authentication and authorization system

2026-04-25 15:00:06 -04:00

test_calendar_endpoints.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_calendar_manager.py

init

2025-09-12 23:04:52 +03:00

test_cell_link_dns.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_cell_link_manager.py

feat: Phase 4 hardening — retry/backoff, loop detection, sync status UI + tests

2026-05-04 04:18:36 -04:00

test_cell_manager.py

fix: all 214 tests passing (from 36 failures)

2026-04-19 16:43:07 -04:00

test_cells_endpoints.py

feat: Phase 4 hardening — retry/backoff, loop detection, sync status UI + tests

2026-05-04 04:18:36 -04:00

test_cli_tool.py

fix: all 214 tests passing (from 36 failures)

2026-04-19 16:43:07 -04:00

test_config_apply.py

fix(P2): peer add rollback, helper failure recovery, manager extraction (A2/A3/A5)

2026-05-01 05:27:39 -04:00

test_config_backup_restore_http.py

add security fixes, port hardening, and expanded QA coverage

2026-04-25 13:08:24 -04:00

test_config_manager.py

fix: apply_cell_name regex now matches zone files with TTL field

2026-04-29 09:32:51 -04:00

test_config_validation.py

fix: architecture audit — security, atomicity, broken endpoints, test coverage

2026-04-24 03:27:52 -04:00

test_container_manager.py

add security fixes, port hardening, and expanded QA coverage

2026-04-25 13:08:24 -04:00

test_email_endpoints.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_email_manager.py

init

2025-09-12 23:04:52 +03:00

test_enforce_auth_configured.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_file_endpoints.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_file_manager.py

init

2025-09-12 23:04:52 +03:00

test_firewall_manager.py

fix: UI always accessible; fix exit-relay AllowedIPs not updating

2026-05-02 05:41:22 -04:00

test_identity_validation.py

fix: autosave, cell name overflow, length validation, apply-and-verify tests

2026-04-24 05:29:09 -04:00

test_input_validation.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_integration.py

init

2025-09-12 23:04:52 +03:00

test_ip_utils_caddyfile.py

fix: architecture audit — security, atomicity, broken endpoints, test coverage

2026-04-24 03:27:52 -04:00

test_ip_utils.py

fix: port changes now propagate to containers via env file in-place writes

2026-04-26 15:00:43 -04:00

test_is_local_request_per_endpoint.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_log_manager.py

init

2025-09-12 23:04:52 +03:00

test_logs_endpoints.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_network_endpoints.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_network_manager.py

feat: fix cross-cell service access — DNS DNAT, service DNAT, Caddy routing

2026-05-02 03:12:09 -04:00

test_peer_dashboard_services.py

feat: fix cross-cell service access — DNS DNAT, service DNAT, Caddy routing

2026-05-02 03:12:09 -04:00

test_peer_management_edge_cases.py

A5: Extract all route groups into Flask blueprints (app.py -1735 lines)

2026-05-01 06:11:21 -04:00

test_peer_management_update.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_peer_provisioning.py

fix(P2): peer add rollback, helper failure recovery, manager extraction (A2/A3/A5)

2026-05-01 05:27:39 -04:00

test_peer_registry.py

feat: Phase 3 - per-peer internet routing via exit cell

2026-05-01 16:23:31 -04:00

test_peer_route_via.py

test: add loop detection tests for PUT /api/peers/<peer>/route-via

2026-05-04 04:24:02 -04:00

test_peer_wg_integration.py

feat: add authentication and authorization system

2026-04-25 15:00:06 -04:00

test_pending_restart.py

test: add .env write verification for port changes

2026-04-22 14:06:20 -04:00

test_port_conflicts.py

feat: port conflict validation, autosave on Apply, extended integration tests

2026-04-24 04:45:47 -04:00

test_route_protection.py

fix: whitelist peer-sync endpoint from session auth + CSRF

2026-05-01 14:59:57 -04:00

test_routing_endpoints.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_routing_manager.py

init

2025-09-12 23:04:52 +03:00

test_service_bus.py

init

2025-09-12 23:04:52 +03:00

test_vault_api.py

fix: all 214 tests passing (from 36 failures)

2026-04-19 16:43:07 -04:00

test_vault_manager.py

init

2025-09-12 23:04:52 +03:00

test_wireguard_endpoints.py

A5: Extract config routes into blueprint (app.py 1294 → 579 lines)

2026-05-01 06:53:24 -04:00

test_wireguard_manager.py

Fix ensure_postup_dnat to strip-and-replace all DNAT rules idempotently

2026-05-04 06:54:20 -04:00

test_wireguard_vpn_routing.py

feat: fix cross-cell service access — DNS DNAT, service DNAT, Caddy routing

2026-05-02 03:12:09 -04:00