pic/tests at 7da0cbb714688763674f15d79bc7af83d40e3a81 - pic - Gitea: Git with a cup of tea

roof/pic

Files

T

History

roof 7da0cbb714 fix: add X-Forwarded-For WG IP to peer-sync push curl command

MASQUERADE rewrites the source IP of forwarded packets from
the cell's WG address (10.0.x.1) to cell-wireguard's bridge
IP (172.20.x.9).  The peer-sync endpoint authenticates callers
by checking that the source IP is inside a known cell's vpn_subnet,
so MASQUERADE caused all pushes to fail with 403.

Fix: _push_permissions_to_remote() now calls _local_wg_ip() to
get the local wg0 address and passes it as X-Forwarded-For.
_authenticate_peer_cell() already supports XFF for exactly this
proxying scenario.  Also adds a test verifying the header is present
in the constructed curl command.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-01 15:24:08 -04:00

..

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

fix: e2e/integration test infrastructure and Makefile test targets

2026-04-26 08:27:27 -04:00

__init__.py

init

2025-09-12 23:04:52 +03:00

.coverage

init

2025-09-12 23:04:52 +03:00

conftest.py

feat: add authentication and authorization system

2026-04-25 15:00:06 -04:00

run_tests.py

init

2025-09-12 23:04:52 +03:00

test_api_endpoints.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_app_misc.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_auth_manager.py

feat: add authentication and authorization system

2026-04-25 15:00:06 -04:00

test_auth_routes.py

feat: add authentication and authorization system

2026-04-25 15:00:06 -04:00

test_calendar_endpoints.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_calendar_manager.py

init

2025-09-12 23:04:52 +03:00

test_cell_link_dns.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_cell_link_manager.py

fix: add X-Forwarded-For WG IP to peer-sync push curl command

2026-05-01 15:24:08 -04:00

test_cell_manager.py

fix: all 214 tests passing (from 36 failures)

2026-04-19 16:43:07 -04:00

test_cells_endpoints.py

feat(cells): Phase 1 — permission sync between connected PICs

2026-05-01 13:12:30 -04:00

test_cli_tool.py

fix: all 214 tests passing (from 36 failures)

2026-04-19 16:43:07 -04:00

test_config_apply.py

fix(P2): peer add rollback, helper failure recovery, manager extraction (A2/A3/A5)

2026-05-01 05:27:39 -04:00

test_config_backup_restore_http.py

add security fixes, port hardening, and expanded QA coverage

2026-04-25 13:08:24 -04:00

test_config_manager.py

fix: apply_cell_name regex now matches zone files with TTL field

2026-04-29 09:32:51 -04:00

test_config_validation.py

fix: architecture audit — security, atomicity, broken endpoints, test coverage

2026-04-24 03:27:52 -04:00

test_container_manager.py

add security fixes, port hardening, and expanded QA coverage

2026-04-25 13:08:24 -04:00

test_email_endpoints.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_email_manager.py

init

2025-09-12 23:04:52 +03:00

test_enforce_auth_configured.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_file_endpoints.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_file_manager.py

init

2025-09-12 23:04:52 +03:00

test_firewall_manager.py

Fix FORWARD rule ordering: embed API-sync ACCEPT inside apply_cell_rules

2026-05-01 14:05:49 -04:00

test_identity_validation.py

fix: autosave, cell name overflow, length validation, apply-and-verify tests

2026-04-24 05:29:09 -04:00

test_input_validation.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_integration.py

init

2025-09-12 23:04:52 +03:00

test_ip_utils_caddyfile.py

fix: architecture audit — security, atomicity, broken endpoints, test coverage

2026-04-24 03:27:52 -04:00

test_ip_utils.py

fix: port changes now propagate to containers via env file in-place writes

2026-04-26 15:00:43 -04:00

test_is_local_request_per_endpoint.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_log_manager.py

init

2025-09-12 23:04:52 +03:00

test_logs_endpoints.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_network_endpoints.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_network_manager.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_peer_dashboard_services.py

test: add E2E coverage for peer dashboard/services, DNS records, and WG domain access

2026-04-26 17:41:21 -04:00

test_peer_management_edge_cases.py

A5: Extract all route groups into Flask blueprints (app.py -1735 lines)

2026-05-01 06:11:21 -04:00

test_peer_management_update.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_peer_provisioning.py

fix(P2): peer add rollback, helper failure recovery, manager extraction (A2/A3/A5)

2026-05-01 05:27:39 -04:00

test_peer_registry.py

init

2025-09-12 23:04:52 +03:00

test_peer_wg_integration.py

feat: add authentication and authorization system

2026-04-25 15:00:06 -04:00

test_pending_restart.py

test: add .env write verification for port changes

2026-04-22 14:06:20 -04:00

test_port_conflicts.py

feat: port conflict validation, autosave on Apply, extended integration tests

2026-04-24 04:45:47 -04:00

test_route_protection.py

fix: whitelist peer-sync endpoint from session auth + CSRF

2026-05-01 14:59:57 -04:00

test_routing_endpoints.py

fix: full security audit remediation — P0/P1/P2/P3 fixes + 1020 passing tests

2026-04-27 11:30:21 -04:00

test_routing_manager.py

init

2025-09-12 23:04:52 +03:00

test_service_bus.py

init

2025-09-12 23:04:52 +03:00

test_vault_api.py

fix: all 214 tests passing (from 36 failures)

2026-04-19 16:43:07 -04:00

test_vault_manager.py

init

2025-09-12 23:04:52 +03:00

test_wireguard_endpoints.py

A5: Extract config routes into blueprint (app.py 1294 → 579 lines)

2026-05-01 06:53:24 -04:00

test_wireguard_manager.py

fix: add kernel routes for cell peers after wg set

2026-05-01 14:47:22 -04:00

test_wireguard_vpn_routing.py

fix: sync API key-store from wg0.conf to prevent WireGuard handshake failure

2026-04-26 16:40:21 -04:00