kato/warpbox-dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(storage): support deleting backends and improve admin UI
All checks were successful
Build and Publish Docker Image / deploy (push) Successful in 1m41s
Details

Browse Source 
- Implement storage backend deletion, which automatically resets default storage settings and user-specific overrides when a backend is removed.
- Add unit tests covering the delete action and its cleanup side effects.
- Improve admin UI responsiveness, fixing table scrolling, flex wrapping, and text truncation for long storage backend names.
- Update security documentation to clarify trusted proxy configurations and explain how trusted proxies are protected from automatic bans.
This commit is contained in:
Daniel Legt
2026-06-01 02:24:51 +03:00
parent 4eacb4cde2
commit 73bd14572d
27 changed files with 1124 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
backend/libs/middleware/bans_test.go
View File

@@ -99,6 +99,55 @@ func TestBansMiddlewareSkipsAutoBanWhenDisabled(t *testing.T) {
}
}
func TestBansMiddlewareDoesNotBlockProtectedProxyIP(t *testing.T) {
bans := newMiddlewareBanService(t)
if _, err := bans.CreateManualBan("127.0.0.1", "bad historical ban", "admin", time.Now().UTC().Add(time.Hour)); err != nil {
t.Fatalf("CreateManualBan returned error: %v", err)
}
called := false
handler := Chain(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
called = true
_, _ = io.WriteString(w, "ok")
}), Bans(slog.New(slog.NewTextHandler(io.Discard, nil)), bans, []string{"127.0.0.1"}))
request := httptest.NewRequest(http.MethodGet, "/", nil)
request.RemoteAddr = "127.0.0.1:6070"
response := httptest.NewRecorder()
handler.ServeHTTP(response, request)
if !called || response.Code != http.StatusOK {
t.Fatalf("protected proxy response = called %v code %d", called, response.Code)
}
}
func TestBansMiddlewareDoesNotAutoBanProtectedProxyIP(t *testing.T) {
bans := newMiddlewareBanService(t)
settings, err := bans.Settings()
if err != nil {
t.Fatalf("Settings returned error: %v", err)
}
settings.AutoBanEnabled = true
settings.MaliciousPathThreshold = 1
if err := bans.UpdateSettings(settings); err != nil {
t.Fatalf("UpdateSettings returned error: %v", err)
}
handler := Chain(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
http.NotFound(w, r)
}), Bans(slog.New(slog.NewTextHandler(io.Discard, nil)), bans, []string{"127.0.0.1"}))
request := httptest.NewRequest(http.MethodGet, "/.env", nil)
request.RemoteAddr = "127.0.0.1:6070"
response := httptest.NewRecorder()
handler.ServeHTTP(response, request)
if response.Code == http.StatusForbidden {
t.Fatalf("protected proxy was auto-banned")
}
if _, ok, err := bans.Match("127.0.0.1", time.Now().UTC()); err != nil || ok {
t.Fatalf("protected proxy Match = %v, %v", ok, err)
}
}
func newMiddlewareBanService(t *testing.T) *services.BanService {
t.Helper()
root := t.TempDir()