roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
975d05eef3f2608487795103ce481d9f730b13fe
pic/webui/src/services/api.js
T
roof 8650704316 feat: add authentication and authorization system 
Backend:
- AuthManager (api/auth_manager.py): server-side user store with bcrypt
  password hashing, account lockout after 5 failed attempts (15 min),
  and atomic file writes
- AuthRoutes (api/auth_routes.py): Blueprint at /api/auth/* — login,
  logout, me, change-password, admin reset-password, list-users
- app.py: register auth_bp blueprint; add enforce_auth before_request
  hook (401 for unauthenticated, 403 for wrong role; only active when
  auth store has users so pre-auth tests remain green); instantiate
  AuthManager; update POST /api/peers to require password >= 10 chars
  and auto-provision email + calendar + files + auth accounts with full
  rollback on any failure; extend DELETE /api/peers to tear down all
  four service accounts; add /api/peer/dashboard and /api/peer/services
  peer-scoped routes; fix is_local_request to also trust the last
  X-Forwarded-For entry appended by the reverse proxy (Caddy)
- Role-based access: admin for /api/* (except /api/auth/* which is
  public and /api/peer/* which is peer-only)
- setup_cell.py: generate and print initial admin password, store in
  .admin_initial_password with 0600 permissions; cleaned up on first
  admin login

Frontend:
- AuthContext.jsx: React context with login/logout/me state and Axios
  interceptor for automatic 401 redirect
- PrivateRoute.jsx: route guard component
- Login.jsx: login page with error handling and must-change-password
  redirect
- AccountSettings.jsx: change-password form for any authenticated user
- PeerDashboard.jsx: peer-role landing page (IP, service list)
- MyServices.jsx: peer service links page
- App.jsx, Sidebar.jsx: AuthContext integration, logout button,
  PrivateRoute wrappers, peer-role routing
- Peers.jsx, WireGuard.jsx, api.js: auth-aware API calls

Tests: 100 new auth tests all pass (test_auth_manager, test_auth_routes,
test_route_protection, test_peer_provisioning). Fix pre-existing test
failures: update WireGuard test keys to valid 44-char base64 format
(test_wireguard_manager, test_peer_wg_integration), add password field
and service manager mocks to test_api_endpoints peer tests, add auth
helpers to conftest.py. Full suite: 845 passed, 0 failures.

Fixed: .admin_initial_password security cleanup on bootstrap, username
minimum length (3 chars enforced by USERNAME_RE regex)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-25 15:00:06 -04:00

271 lines
12 KiB
JavaScript
Raw Blame History

import axios from 'axios';
// Create axios instance with base configuration
const api = axios.create({
baseURL: import.meta.env.VITE_API_URL || '',
timeout: 10000,
withCredentials: true,
headers: {
'Content-Type': 'application/json',
},
});
// Request interceptor for logging
api.interceptors.request.use(
(config) => {
console.log(`API Request: ${config.method?.toUpperCase()} ${config.url}`);
return config;
},
(error) => {
console.error('API Request Error:', error);
return Promise.reject(error);
}
);
// Response interceptor for error handling
api.interceptors.response.use(
(response) => {
return response;
},
(error) => {
console.error('API Response Error:', error.response?.data || error.message);
if (error.response?.status === 401 && !error.config.url.includes('/auth/login')) {
window.location.href = '/login';
}
return Promise.reject(error);
}
);
// Cell Status API
export const cellAPI = {
getStatus: () => api.get('/api/status'),
getConfig: () => api.get('/api/config'),
updateConfig: (config) => api.put('/api/config', config),
createBackup: () => api.post('/api/config/backup'),
listBackups: () => api.get('/api/config/backups'),
restoreBackup: (id, services = null) => api.post(`/api/config/restore/${id}`, services ? { services } : {}),
deleteBackup: (id) => api.delete(`/api/config/backups/${id}`),
downloadBackup: (id) => api.get(`/api/config/backups/${id}/download`, { responseType: 'blob' }),
uploadBackup: (file) => {
const form = new FormData();
form.append('file', file);
return api.post('/api/config/backup/upload', form, { headers: { 'Content-Type': 'multipart/form-data' } });
},
exportConfig: (format = 'json', services = null) => {
const params = { format };
if (services) params.services = services.join(',');
return api.get('/api/config/export', { params });
},
importConfig: (config, format = 'json', services = null) =>
api.post('/api/config/import', { config, format, ...(services ? { services } : {}) }),
getPending: () => api.get('/api/config/pending'),
cancelPending: () => api.delete('/api/config/pending'),
applyPending: () => api.post('/api/config/apply'),
};
// Network Services API
export const networkAPI = {
getDNSRecords: () => api.get('/api/dns/records'),
addDNSRecord: (record) => api.post('/api/dns/records', record),
removeDNSRecord: (record) => api.delete('/api/dns/records', { data: record }),
getDHCPLeases: () => api.get('/api/dhcp/leases'),
addDHCPReservation: (reservation) => api.post('/api/dhcp/reservations', reservation),
removeDHCPReservation: (reservation) => api.delete('/api/dhcp/reservations', { data: reservation }),
getNTPStatus: () => api.get('/api/ntp/status'),
testNetwork: (data) => api.post('/api/network/test', data),
};
// WireGuard API
export const wireguardAPI = {
getKeys: () => api.get('/api/wireguard/keys'),
generatePeerKeys: (data) => api.post('/api/wireguard/keys/peer', data),
getConfig: () => api.get('/api/wireguard/config'),
getPeers: () => api.get('/api/wireguard/peers'),
addPeer: (peer) => api.post('/api/wireguard/peers', peer),
removePeer: (peer) => api.delete('/api/wireguard/peers', { data: peer }),
getStatus: () => api.get('/api/wireguard/status'),
testConnectivity: (data) => api.post('/api/wireguard/connectivity', data),
updatePeerIP: (data) => api.put('/api/wireguard/peers/ip', data),
getPeerConfig: (data) => api.post('/api/wireguard/peers/config', data),
getPeerStatuses: () => api.get('/api/wireguard/peers/statuses'),
};
// Peer Registry API
export const peerRegistryAPI = {
getPeers: () => api.get('/api/peers'),
addPeer: (peer) => api.post('/api/peers', peer),
removePeer: (peerName) => api.delete(`/api/peers/${peerName}`),
registerPeer: (data) => api.post('/api/peers/register', data),
unregisterPeer: (peerName) => api.delete(`/api/peers/${peerName}/unregister`),
updatePeerIP: (peerName, data) => api.put(`/api/peers/${peerName}/update-ip`, data),
};
// Auth API
export const authAPI = {
login: (username, password) => api.post('/api/auth/login', { username, password }),
logout: () => api.post('/api/auth/logout'),
me: () => api.get('/api/auth/me'),
changePassword: (old_password, new_password) => api.post('/api/auth/change-password', { old_password, new_password }),
adminResetPassword: (username, new_password) => api.post('/api/auth/admin/reset-password', { username, new_password }),
listUsers: () => api.get('/api/auth/users'),
};
// Peer-facing dashboard API
export const peerAPI = {
dashboard: () => api.get('/api/peer/dashboard'),
services: () => api.get('/api/peer/services'),
};
// Email Services API
export const emailAPI = {
getUsers: () => api.get('/api/email/users'),
createUser: (user) => api.post('/api/email/users', user),
deleteUser: (username) => api.delete(`/api/email/users/${username}`),
getStatus: () => api.get('/api/email/status'),
testConnectivity: () => api.get('/api/email/connectivity'),
sendEmail: (data) => api.post('/api/email/send', data),
getMailboxInfo: (username) => api.get(`/api/email/mailbox/${username}`),
};
// Calendar Services API
export const calendarAPI = {
getUsers: () => api.get('/api/calendar/users'),
createUser: (user) => api.post('/api/calendar/users', user),
deleteUser: (username) => api.delete(`/api/calendar/users/${username}`),
createCalendar: (data) => api.post('/api/calendar/calendars', data),
addEvent: (data) => api.post('/api/calendar/events', data),
getEvents: (username, calendarName, params) =>
api.get(`/api/calendar/events/${username}/${calendarName}`, { params }),
getStatus: () => api.get('/api/calendar/status'),
testConnectivity: () => api.get('/api/calendar/connectivity'),
};
// File Services API
export const fileAPI = {
getUsers: () => api.get('/api/files/users'),
createUser: (user) => api.post('/api/files/users', user),
deleteUser: (username) => api.delete(`/api/files/users/${username}`),
createFolder: (data) => api.post('/api/files/folders', data),
deleteFolder: (username, folderPath) => api.delete(`/api/files/folders/${username}/${folderPath}`),
uploadFile: (username, file, path) => {
const formData = new FormData();
formData.append('file', file);
formData.append('path', path);
return api.post(`/api/files/upload/${username}`, formData, {
headers: { 'Content-Type': 'multipart/form-data' },
});
},
downloadFile: (username, filePath) => api.get(`/api/files/download/${username}/${filePath}`),
deleteFile: (username, filePath) => api.delete(`/api/files/delete/${username}/${filePath}`),
listFiles: (username, folder = '') => api.get(`/api/files/list/${username}`, { params: { folder } }),
getStatus: () => api.get('/api/files/status'),
testConnectivity: () => api.get('/api/files/connectivity'),
};
// Routing API
export const routingAPI = {
getStatus: () => api.get('/api/routing/status'),
// NAT
getNatRules: () => api.get('/api/routing/nat'),
addNatRule: (rule) => api.post('/api/routing/nat', rule),
deleteNatRule: (ruleId) => api.delete(`/api/routing/nat/${ruleId}`),
// Peer Routes
getPeerRoutes: () => api.get('/api/routing/peers'),
addPeerRoute: (route) => api.post('/api/routing/peers', route),
deletePeerRoute: (peerName) => api.delete(`/api/routing/peers/${peerName}`),
// Firewall
getFirewallRules: () => api.get('/api/routing/firewall'),
addFirewallRule: (rule) => api.post('/api/routing/firewall', rule),
deleteFirewallRule: (ruleId) => api.delete(`/api/routing/firewall/${ruleId}`),
getLiveIptables: () => api.get('/api/routing/live-iptables'),
// Other
addExitNode: (node) => api.post('/api/routing/exit-nodes', node),
addBridgeRoute: (route) => api.post('/api/routing/bridge', route),
addSplitRoute: (route) => api.post('/api/routing/split', route),
testConnectivity: (data) => api.post('/api/routing/connectivity', data),
getLogs: (lines = 50) => api.get('/api/routing/logs', { params: { lines } }),
};
// Vault & Trust API
export const vaultAPI = {
getStatus: () => api.get('/api/vault/status'),
getCertificates: () => api.get('/api/vault/certificates'),
generateCertificate: (data) => api.post('/api/vault/certificates', data),
revokeCertificate: (commonName) => api.delete(`/api/vault/certificates/${commonName}`),
getCACertificate: () => api.get('/api/vault/ca/certificate'),
getAgePublicKey: () => api.get('/api/vault/age/public-key'),
getTrustedKeys: () => api.get('/api/vault/trust/keys'),
addTrustedKey: (data) => api.post('/api/vault/trust/keys', data),
removeTrustedKey: (name) => api.delete(`/api/vault/trust/keys/${name}`),
verifyTrustChain: (data) => api.post('/api/vault/trust/verify', data),
getTrustChains: () => api.get('/api/vault/trust/chains'),
// Secrets management
listSecrets: () => api.get('/api/vault/secrets'),
storeSecret: (name, value) => api.post('/api/vault/secrets', { name, value }),
getSecret: (name) => api.get(`/api/vault/secrets/${name}`),
deleteSecret: (name) => api.delete(`/api/vault/secrets/${name}`),
};
// Services API
export const servicesAPI = {
getAllStatus: () => api.get('/api/services/status'),
testAllConnectivity: () => api.get('/api/services/connectivity'),
startService: (serviceName) => api.post(`/api/services/bus/services/${serviceName}/start`),
stopService: (serviceName) => api.post(`/api/services/bus/services/${serviceName}/stop`),
restartService: (serviceName) => api.post(`/api/services/bus/services/${serviceName}/restart`),
};
// Cell-to-cell connections API
export const cellLinkAPI = {
getInvite: () => api.get('/api/cells/invite'),
listConnections: () => api.get('/api/cells'),
addConnection: (invite) => api.post('/api/cells', invite),
removeConnection: (name) => api.delete(`/api/cells/${name}`),
getStatus: (name) => api.get(`/api/cells/${name}/status`),
};
// Health check
export const healthAPI = {
check: () => api.get('/health'),
};
// Monitoring API
export const monitoringAPI = {
getBackendLogs: (lines = 100) => api.get('/api/logs', { params: { lines } }),
getHealthHistory: () => api.get('/api/health/history'),
clearHealthHistory: () => api.post('/api/health/history/clear'),
};
// Logs API
export const logsAPI = {
getServiceLogs: (service, level = 'ALL', lines = 100) =>
api.get(`/api/logs/services/${service}`, { params: { level, lines } }),
searchLogs: (data) => api.post('/api/logs/search', data),
getLogFiles: () => api.get('/api/logs/files'),
rotateLogs: (service) => api.post('/api/logs/rotate', service ? { service } : {}),
getVerbosity: () => api.get('/api/logs/verbosity'),
setVerbosity: (levels) => api.put('/api/logs/verbosity', levels),
};
// Container Management API
export const containerAPI = {
// Containers
listContainers: () => api.get('/api/containers'),
startContainer: (name) => api.post(`/api/containers/${name}/start`),
stopContainer: (name) => api.post(`/api/containers/${name}/stop`),
restartContainer: (name) => api.post(`/api/containers/${name}/restart`),
getContainerLogs: (name, tail = 100) => api.get(`/api/containers/${name}/logs`, { params: { tail } }),
getContainerStats: (name) => api.get(`/api/containers/${name}/stats`),
createContainer: (data) => api.post('/api/containers', data), // data may include 'secrets' array
removeContainer: (name, force = false) => api.delete(`/api/containers/${name}`, { params: { force } }),
// Images
listImages: () => api.get('/api/images'),
pullImage: (image) => api.post('/api/images/pull', { image }),
removeImage: (image, force = false) => api.delete(`/api/images/${image}`, { params: { force } }),
// Volumes
listVolumes: () => api.get('/api/volumes'),
createVolume: (name) => api.post('/api/volumes', { name }),
removeVolume: (name, force = false) => api.delete(`/api/volumes/${name}`, { params: { force } }),
};
export default api;
Reference in New Issue View Git Blame Copy Permalink