roof
a43f9fbf0d
P0 — Broken functionality: - Fix 12+ endpoints with wrong manager method signatures (email/calendar/file/routing) - Fix email_manager.delete_email_user() missing domain arg - Fix cell-link DNS forwarding wiped on every peer change (generate_corefile now accepts cell_links param; add/remove_cell_dns_forward no longer clobber the file) - Fix Flask SECRET_KEY regenerating on every restart (persisted to DATA_DIR) - Fix _next_peer_ip exhaustion returning 500 instead of 409 - Fix ConfigManager Caddyfile path (/app/config-caddy/) - Fix UI double-add and wrong-key peer bugs in Peers.jsx / WireGuard.jsx - Remove hardcoded credentials from Dashboard.jsx P1 — Security: - CSRF token validation on all POST/PUT/DELETE/PATCH to /api/* (double-submit pattern) - enforce_auth: 503 only when users file readable but empty; never bypass on IOError - WireGuard add_cell_peer: validate pubkey, name, endpoint against strict regexes - DNS add_cell_dns_forward: validate IP and domain; reject injection chars - DNS zone write: realpath containment + record content validation - iptables comment /32 suffix prevents substring match deleting wrong peer rules - is_local_request() trusts only loopback + 172.16.0.0/12 (Docker bridge) - POST /api/containers: volume allow-list prevents arbitrary host mounts - file_manager: bcrypt ($2b→$2y) for WebDAV; realpath containment in delete_user - email/calendar: stop persisting plaintext passwords in user records - routing_manager: validate IPs, networks, and interface names - peer_registry: write peers.json at mode 0o600 - vault_manager: Fernet key file at mode 0o600 - CORS: lock down to explicit origin list - domain/cell_name validation: reject newline, brace, semicolon injection chars P2 — Architecture: - Peer add: rollback registry entry if firewall rules fail post-add - restart_service(): base class now calls _restart_container(); email and calendar managers call cell-mail / cell-radicale respectively - email/calendar managers sync user list (no passwords) to cell_config.json - Pending-restart flag cleared only after helper subprocess exits with code 0 - docker-compose.yml: add config-caddy volume to API container P3 — Tests (854 → 1020): - Fill test_email_endpoints.py, test_calendar_endpoints.py, test_network_endpoints.py, test_routing_endpoints.py - New: test_peer_management_update.py, test_peer_management_edge_cases.py, test_input_validation.py, test_enforce_auth_configured.py, test_cell_link_dns.py, test_logs_endpoints.py, test_cells_endpoints.py, test_is_local_request_per_endpoint.py, test_caddy_routing.py - E2E conftest: skip WireGuard suite when wg-quick absent - Update existing tests to match fixed signatures and comment formats Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Personal Internet Cell - Web UI
A modern React-based web interface for managing your Personal Internet Cell.
Features
- Dashboard: Overview of cell status and services
- Peer Management: Add, remove, and configure WireGuard peers
- Network Services: DNS, DHCP, and NTP management
- WireGuard: VPN configuration and status
- Email Services: Postfix and Dovecot management
- Calendar Services: Radicale CalDAV/CardDAV management
- File Storage: WebDAV file storage management
- Routing: Advanced VPN gateway and routing configuration
- Logs: System logs and monitoring
- Settings: Cell configuration and security settings
Tech Stack
- React 19: Modern React with hooks
- Vite: Fast build tool and dev server
- Tailwind CSS: Utility-first CSS framework
- Lucide React: Beautiful icons
- React Router: Client-side routing
- Axios: HTTP client for API communication
Development
Prerequisites
- Node.js 18+ and npm
- Personal Internet Cell backend running on port 3000
Setup
-
Install dependencies:
bun install -
Start the development server:
npm run dev -
Open your browser to
http://localhost:5173
Development Features
- Hot Reload: Changes reflect immediately
- API Proxy: Requests to
/api/*are proxied tohttp://localhost:3000 - TypeScript Support: Full TypeScript support available
- ESLint: Code linting and formatting
Building for Production
Build
npm run build
This creates a dist/ directory with optimized production files.
Preview
npm run preview
This serves the built files locally for testing.
API Integration
The Web UI communicates with the Personal Internet Cell backend API:
- Base URL:
http://localhost:3000(development) - Health Check:
/health - API Endpoints:
/api/*
Environment Variables
Create a .env file to customize the API URL:
VITE_API_URL=http://localhost:3000
Project Structure
src/
├── components/ # Reusable UI components
│ └── Sidebar.jsx # Navigation sidebar
├── pages/ # Page components
│ ├── Dashboard.jsx # Main dashboard
│ ├── Peers.jsx # Peer management
│ ├── NetworkServices.jsx
│ ├── WireGuard.jsx # VPN configuration
│ ├── Email.jsx # Email services
│ ├── Calendar.jsx # Calendar services
│ ├── Files.jsx # File storage
│ ├── Routing.jsx # Routing configuration
│ ├── Logs.jsx # System logs
│ └── Settings.jsx # Cell settings
├── services/ # API services
│ └── api.js # API client and endpoints
├── App.jsx # Main app component
├── main.jsx # App entry point
└── index.css # Global styles
Styling
The Web UI uses Tailwind CSS with custom components:
- Cards:
.cardfor content containers - Buttons:
.btn,.btn-primary,.btn-secondary, etc. - Inputs:
.inputfor form fields - Status Indicators:
.status-indicator,.status-online, etc.
Browser Support
- Chrome 90+
- Firefox 88+
- Safari 14+
- Edge 90+
Contributing
- Follow the existing code style
- Use TypeScript for new components
- Add tests for new features
- Update documentation as needed
License
Part of the Personal Internet Cell project.