feat(security): add trusted proxies and abuse event cleanup

- Add `WARPBOX_TRUSTED_PROXIES` configuration to restrict accepted forwarded client IP headers to specific proxy IPs/CIDRs, securing client IP resolution. - Integrate `BanService` into the background cleanup job to automatically purge expired abuse and ban evidence events. - Update documentation with reverse proxy security guidelines and a production systemd deployment guide.
2026-05-31 21:52:56 +03:00
parent 2d04a42736
commit 10ed806153
38 changed files with 2310 additions and 43 deletions
--- a/backend/static/css/50-admin.css
+++ b/backend/static/css/50-admin.css
@@ -106,6 +106,75 @@
  margin: 0;
 }

+.logs-filter-card {
+  display: grid;
+  grid-template-columns: repeat(6, minmax(0, 1fr));
+  gap: 0.7rem;
+  align-items: end;
+  margin-top: 1rem;
+  padding: 1rem;
+  border: 1px solid var(--border);
+  border-radius: var(--radius);
+  background: var(--card);
+}
+
+.logs-filter-card label {
+  display: grid;
+  gap: 0.25rem;
+  min-width: 0;
+}
+
+.logs-filter-card label span {
+  color: var(--muted-foreground);
+  font-size: 0.72rem;
+}
+
+.logs-table td {
+  vertical-align: top;
+}
+
+.logs-table code {
+  white-space: pre-wrap;
+  word-break: break-word;
+}
+
+.log-time {
+  white-space: nowrap;
+}
+
+.admin-grid-two {
+  display: grid;
+  grid-template-columns: repeat(2, minmax(0, 1fr));
+  gap: 1rem;
+  margin-top: 1rem;
+}
+
+.compact-form {
+  display: grid;
+  gap: 0.75rem;
+}
+
+.compact-form textarea {
+  width: 100%;
+  resize: vertical;
+}
+
+@media (max-width: 980px) {
+  .admin-grid-two {
+    grid-template-columns: 1fr;
+  }
+
+  .logs-filter-card {
+    grid-template-columns: repeat(2, minmax(0, 1fr));
+  }
+}
+
+@media (max-width: 620px) {
+  .logs-filter-card {
+    grid-template-columns: 1fr;
+  }
+}
+

 /* Inline row edit (details/summary in table cells) */
 .row-edit {