warpbox/TO-DO.md

WarpBox Security TO-DO

1) High Priority (Do Next)

• Persist IP bans across restarts

  • Current: bans stored in-memory (lib/security/guard.go)
  • Target: durable store in DBDir (similar style to activity/alerts)
  • Include: startup load, expiry cleanup, atomic writes, corruption-safe fallback

• Add trusted proxy CIDR config

  • Current: forwarded headers trusted only when remote hop is private/local (lib/server/ip.go)
  • Risk: heuristic-only trust model
  • Target:
    • WARPBOX_TRUSTED_PROXY_CIDRS setting
    • trust X-Forwarded-For only when RemoteAddr in trusted CIDR
    • fallback to direct remote IP otherwise

• Add CIDR/range support for whitelists

  • Current: exact IP match only (WARPBOX_SECURITY_IP_WHITELIST, WARPBOX_SECURITY_ADMIN_IP_WHITELIST)
  • Target: support exact IP + CIDR entries
  • Include strict parser + validation errors in settings save

• Add unban / ban edit API audit trail hardening

  • Ensure all manual ban/unban/ban-until actions always write:
    • activity event
    • alert (or policy-based selective alerting)
  • Add tests for these paths

2) Medium Priority

• GeoIP integration for security detail pane

  • Current: placeholder fields in /admin/security
  • Target: wire geoipfast provider for country/region/ASN fields
  • Add caching + timeout/failure-safe behavior

• Expand malicious path detection rules

  • Current: simple substring checks in handleNoRoute
  • Target:
    • rule list/pattern config
    • normalize URL + decode checks
    • classify severity by signature group

• Add global abuse score per IP

  • Combine signals:
    • failed admin auth
    • malicious path scans
    • upload abuse
  • Use score to escalate ban duration automatically

• Ban duration policy ladder

  • Current: fixed WARPBOX_SECURITY_BAN_SECONDS
  • Target:
    • progressive durations (e.g., 30m, 2h, 24h)
    • reset after quiet period

• Add security settings validation UX

  • Ensure invalid values (negative, malformed lists, invalid CIDR) rejected with clear UI errors
  • Add server tests for malformed security override payloads

3) Admin UX Follow-Ups

• Add dedicated “Active Bans” page-level controls

  • bulk unban
  • filter/sort by expiry and IP
  • copy IP and quick search in activity/alerts

• Add “why banned” detail

  • link ban entry to latest triggering events and alerts
  • show counts in active windows (login/scan/upload)

• Add optional confirmation modal for destructive security actions

  • unban all / bulk unban / long custom bans

4) Testing & QA

• Add unit tests for lib/security/guard.go

  • Ban, BanUntil, Unban, BanList expiry pruning
  • login/scan threshold behavior
  • upload rate limiting behavior

• Add tests for real-IP resolution edge cases (lib/server/ip.go)

  • direct client
  • trusted proxy chain
  • spoofed forwarding headers from untrusted remote

• Add integration tests for security endpoints

  • /admin/security/actions ban/ban_until/unban
  • /admin/alerts/actions
  • admin login brute-force auto-ban flow

• Add concurrency/race test pass in CI

  • run go test ./... -race in workflow (where Go toolchain available)

5) Operational / Deployment

• Document reverse-proxy setup requirements

  • Caddy / ingress config examples for forwarding headers
  • guidance for trusted proxy CIDRs

• Add security runbook

  • how to investigate alerts
  • how to ban/unban safely
  • how to tune thresholds for low/high traffic environments

• Add metrics hooks (future)

  • counts: blocked requests, bans issued, unbans, alert volume
  • expose to Prometheus-compatible endpoint later

6) Nice-to-Have (Later)

• Optional external enforcement bridge (fail2ban-compatible log format)
• Webhook notifications for high-severity security alerts
• Per-account/API-key limits once account system matures