feat(admin): add security and activity management features
This commit is contained in:
114
TO-DO.md
Normal file
114
TO-DO.md
Normal file
@@ -0,0 +1,114 @@
|
||||
# WarpBox Security TO-DO
|
||||
|
||||
## 1) High Priority (Do Next)
|
||||
|
||||
- [ ] Persist IP bans across restarts
|
||||
- Current: bans stored in-memory (`lib/security/guard.go`)
|
||||
- Target: durable store in `DBDir` (similar style to `activity`/`alerts`)
|
||||
- Include: startup load, expiry cleanup, atomic writes, corruption-safe fallback
|
||||
|
||||
- [ ] Add trusted proxy CIDR config
|
||||
- Current: forwarded headers trusted only when remote hop is private/local (`lib/server/ip.go`)
|
||||
- Risk: heuristic-only trust model
|
||||
- Target:
|
||||
- `WARPBOX_TRUSTED_PROXY_CIDRS` setting
|
||||
- trust `X-Forwarded-For` only when `RemoteAddr` in trusted CIDR
|
||||
- fallback to direct remote IP otherwise
|
||||
|
||||
- [ ] Add CIDR/range support for whitelists
|
||||
- Current: exact IP match only (`WARPBOX_SECURITY_IP_WHITELIST`, `WARPBOX_SECURITY_ADMIN_IP_WHITELIST`)
|
||||
- Target: support exact IP + CIDR entries
|
||||
- Include strict parser + validation errors in settings save
|
||||
|
||||
- [ ] Add unban / ban edit API audit trail hardening
|
||||
- Ensure all manual ban/unban/ban-until actions always write:
|
||||
- activity event
|
||||
- alert (or policy-based selective alerting)
|
||||
- Add tests for these paths
|
||||
|
||||
## 2) Medium Priority
|
||||
|
||||
- [ ] GeoIP integration for security detail pane
|
||||
- Current: placeholder fields in `/admin/security`
|
||||
- Target: wire geoipfast provider for country/region/ASN fields
|
||||
- Add caching + timeout/failure-safe behavior
|
||||
|
||||
- [ ] Expand malicious path detection rules
|
||||
- Current: simple substring checks in `handleNoRoute`
|
||||
- Target:
|
||||
- rule list/pattern config
|
||||
- normalize URL + decode checks
|
||||
- classify severity by signature group
|
||||
|
||||
- [ ] Add global abuse score per IP
|
||||
- Combine signals:
|
||||
- failed admin auth
|
||||
- malicious path scans
|
||||
- upload abuse
|
||||
- Use score to escalate ban duration automatically
|
||||
|
||||
- [ ] Ban duration policy ladder
|
||||
- Current: fixed `WARPBOX_SECURITY_BAN_SECONDS`
|
||||
- Target:
|
||||
- progressive durations (e.g., 30m, 2h, 24h)
|
||||
- reset after quiet period
|
||||
|
||||
- [ ] Add security settings validation UX
|
||||
- Ensure invalid values (negative, malformed lists, invalid CIDR) rejected with clear UI errors
|
||||
- Add server tests for malformed security override payloads
|
||||
|
||||
## 3) Admin UX Follow-Ups
|
||||
|
||||
- [ ] Add dedicated “Active Bans” page-level controls
|
||||
- bulk unban
|
||||
- filter/sort by expiry and IP
|
||||
- copy IP and quick search in activity/alerts
|
||||
|
||||
- [ ] Add “why banned” detail
|
||||
- link ban entry to latest triggering events and alerts
|
||||
- show counts in active windows (login/scan/upload)
|
||||
|
||||
- [ ] Add optional confirmation modal for destructive security actions
|
||||
- unban all / bulk unban / long custom bans
|
||||
|
||||
## 4) Testing & QA
|
||||
|
||||
- [ ] Add unit tests for `lib/security/guard.go`
|
||||
- `Ban`, `BanUntil`, `Unban`, `BanList` expiry pruning
|
||||
- login/scan threshold behavior
|
||||
- upload rate limiting behavior
|
||||
|
||||
- [ ] Add tests for real-IP resolution edge cases (`lib/server/ip.go`)
|
||||
- direct client
|
||||
- trusted proxy chain
|
||||
- spoofed forwarding headers from untrusted remote
|
||||
|
||||
- [ ] Add integration tests for security endpoints
|
||||
- `/admin/security/actions` ban/ban_until/unban
|
||||
- `/admin/alerts/actions`
|
||||
- admin login brute-force auto-ban flow
|
||||
|
||||
- [ ] Add concurrency/race test pass in CI
|
||||
- run `go test ./... -race` in workflow (where Go toolchain available)
|
||||
|
||||
## 5) Operational / Deployment
|
||||
|
||||
- [ ] Document reverse-proxy setup requirements
|
||||
- Caddy / ingress config examples for forwarding headers
|
||||
- guidance for trusted proxy CIDRs
|
||||
|
||||
- [ ] Add security runbook
|
||||
- how to investigate alerts
|
||||
- how to ban/unban safely
|
||||
- how to tune thresholds for low/high traffic environments
|
||||
|
||||
- [ ] Add metrics hooks (future)
|
||||
- counts: blocked requests, bans issued, unbans, alert volume
|
||||
- expose to Prometheus-compatible endpoint later
|
||||
|
||||
## 6) Nice-to-Have (Later)
|
||||
|
||||
- [ ] Optional external enforcement bridge (fail2ban-compatible log format)
|
||||
- [ ] Webhook notifications for high-severity security alerts
|
||||
- [ ] Per-account/API-key limits once account system matures
|
||||
|
||||
Reference in New Issue
Block a user