Commit Graph

1895 Commits

Author SHA1 Message Date
yusing
4e5ded13fb fix(api/proxmox): add websocket validation to journalctl and tail endpoints
Add required websocket check at the beginning of both journalctl and tail endpoint handlers to ensure these endpoints only accept websocket connections.
2026-02-22 19:54:09 +08:00
yusing
2305eca90b feat(cli): add CLI application with automatic command generation from swagger
Add a new CLI application (`cmd/cli/`) that generates command-line interface commands from the API swagger specification. Includes:
- Main CLI entry point with command parsing and execution
- Code generator that reads swagger.json and generates typed command handlers
- Makefile targets (`gen-cli`, `build-cli`) for generating and building the CLI
- GitHub Actions workflow to build cross-platform CLI binaries (linux/amd64, linux/arm64)
2026-02-22 19:51:49 +08:00
yusing
4580543693 refactor(icons): improve favicon fetching with custom HTTP client and content-type validation
Replace the existing HTTP client with a custom-configured client that skips TLS verification for favicon fetching,
and add explicit Content-Type validation to ensure only valid image responses are accepted.

This fixes potential issues with SSL certificate validation and prevents processing of non-image responses.
2026-02-22 16:06:13 +08:00
yusing
bf54b51036 chore(http): remove stale default_client.go 2026-02-22 16:05:30 +08:00
yusing
8ba937ec4a refactor(middleware): replace sensitive fields with redacted types 2026-02-22 16:05:02 +08:00
yusing
0f78158c64 refactor: fix lint errors; improve error handling 2026-02-22 16:04:25 +08:00
yusing
3a7d1f8b18 refactor: modernize code with go fix 2026-02-21 13:03:21 +08:00
yusing
64ffe44a2d refactor(systeminfo): correct field usage regarding update to gopsutil submodule 2026-02-21 13:00:00 +08:00
yusing
dea37a437b chore: apply golangci-lint fmt 2026-02-21 12:56:51 +08:00
yusing
ee973f7997 chore(deps): upgrade dependencies and submodules 2026-02-21 12:53:34 +08:00
yusing
8756baf7fc fix(docs): remove application/json from /file/content API 2026-02-18 19:13:00 +08:00
yusing
a12bdeaf55 refactor(middleware): replace path prefix checks with function-based approach
Replace simple path prefix-based enforcement/bypass mechanism with a more
flexible function-based approach. This allows for more complex conditions
to determine when middleware should be enforced or bypassed.

- Add checkReqFunc and checkRespFunc types for flexible condition checking
- Replace enforcedPathPrefixes with separate enforce and bypass check functions
- Add static asset path detection for automatic bypassing
- Separate request and response check logic for better granularity
2026-02-18 19:12:07 +08:00
yusing
f7676b2dbd chore(go.mod): add backoff library for retrying operations 2026-02-18 18:17:29 +08:00
yusing
add7884a36 feat(icons): improve search ranking with priority-based matching
Restructure icon search to use a tiered ranking system:
- Exact matches get highest priority (rank 0)
- Prefix matches ranked by name length (rank 100+)
- Contains matches ranked by relevance (rank 500+)
- Fuzzy matches as fallback (rank 1000+)

Also refactors InitCache to use switch statements for clarity
and updates goutils submodule.
2026-02-18 18:13:34 +08:00
yusing
115fba4ff4 feat(route): allow empty listening port in port specification
Support the ":proxy" format where only the proxy port is specified.
When the listening port part is empty, it defaults to 0 instead of
returning a parse error.
2026-02-18 14:37:23 +08:00
yusing
bb757b2432 refactor: replace custom helper with stdlib strings.* 2026-02-18 14:26:29 +08:00
yusing
c2d8cca3b4 refactor(docs): migrate wiki generation to MDX format
- Convert markdown output to  fumadocs MDX
- Add api-md2mdx.ts for markdown to MDX transformation
- Remove sidebar auto-update functionality
- Change output directory from src/impl to content/docs/impl
- Update DOCS_DIR path in Makefile to local wiki directory
- Copy swagger.json directly instead of generating markdown
- Add argparse dependency for CLI argument parsing
2026-02-18 14:05:40 +08:00
yusing
20695c52e8 docs: unify header to import path for package docs 2026-02-18 03:25:32 +08:00
yusing
7baf0b6fe5 refactor(metrics): reorganize system info collection into separate functions
Split the monolithic AllSystemInfo handler into smaller, focused functions:
- Extract streamSystemInfo for channel consumption
- Add queueSystemInfo for safe non-blocking queue operations
- Create collectSystemInfoRound for parallel agent data collection
- Implement handleRoundResult for consistent round result processing
- Replace custom exponential backoff with cenkalti/backoff/v5 library

This improves code maintainability and separates concerns within the metrics API endpoint.
2026-02-16 20:19:18 +08:00
yusing
863f16862b chore: update screenshots 2026-02-16 10:48:41 +08:00
yusing
b4a9f44f4e fix(makefile): correct minify-js receipe syntax v0.26.0 2026-02-16 08:33:55 +08:00
yusing
ae45854977 fix(makefile): update minify-js target to conditionally skip based on agent and socket-proxy flags 2026-02-16 08:24:14 +08:00
yusing
b272f3ffb7 refactor(scripts): enhance update-wiki script directory link resolution with parent fallback
Add fallback logic to rewriteImplMarkdown to traverse parent directories when resolving directory links, allowing paths like "internal/watcher/events" to resolve via their parent "internal/watcher" if no exact match exists. Also update built-in import to use explicit "node:" protocol.
2026-02-16 08:13:47 +08:00
yusing
9064a37d62 fix(rules): update webui rules manifest path from webmanifest to json
- Changed the path for the manifest from /manifest.webmanifest to /manifest.json in both webui_dev.yml and webui.yml.
2026-02-16 07:44:51 +08:00
yusing
a8f4b8afee chore(makefile): suppress git describe stderr in VERSION variable 2026-02-15 20:08:10 +08:00
yusing
f8bc8dddb6 refactor(icons): hasIcon always return true in tests 2026-02-15 20:08:10 +08:00
yusing
54ea4d8790 refactor(entrypoint): enhance Entrypoint interface with detailed comments 2026-02-15 20:08:10 +08:00
yusing
fbb8a1fca4 refactor(middleware): emit OIDC blocked event at specific error points 2026-02-15 20:08:10 +08:00
yusing
af62ac98d3 refactor(middleware): clone middleware definitions before modification
- This change enhances the integrity of middleware configurations by ensuring original definitions remain unchanged.
2026-02-15 20:08:10 +08:00
yusing
cc516d23db refactor(health): allow connection reuse in HTTP pinger
- Commented out the SetConnectionClose method to enable connection reuse for HTTP requests, improving performance.
- This is a follow up commit to be9af03a1e setting MaxConnsPerHost to 1000
2026-02-15 20:08:10 +08:00
yusing
f92e96831c fix(auth): reorder password validation to enhance security against timing attacks
- Always perform bcrypt comparison before checking the username to mitigate potential timing attack vulnerabilities.
2026-02-15 20:08:10 +08:00
yusing
154149b06d refactor: minor styling fixes; deadcode cleanup and correct log level 2026-02-15 20:08:09 +08:00
yusing
35b8a60edb chore(makefile): improve benchmark cleanup and update api types path
Add automatic container cleanup for benchmark target using trap to ensure
containers are torn down after benchmarking completes. Also update the
gen-api-types output directory to src/lib and remove the prettier step.
2026-02-15 17:34:30 +08:00
yusing
d54f0c1411 chore(lint): update golangci-lint configuration
- Exclude gin.Context.Error from errcheck for error handler pattern
- Add godoclint with ignore pattern for internal/api/v1
- Remove gomoddirectives replace-allow-list
- Disable govet fieldalignment check
- Add QF1008 to staticcheck exceptions for embedded field clarity
- Simplify exclusion paths and disable test running
2026-02-15 17:33:17 +08:00
yusing
a9aabc0a20 chore(trunk): add linter configs and update versions
- Add .markdownlint.yaml with prettier-friendly config
- Add .yamllint.yaml with custom rules
- Enable yamllint and markdownlint in trunk.yaml
- Update Go runtime to 1.26.0
- Update linter versions (checkov, golangci-lint2, osv-scanner, trufflehog)
- Enable pre-push and pre-commit hooks
- Update .gitignore to track .trunk/configs directory
2026-02-15 17:31:36 +08:00
yusing
0a139067b8 fix(acl): add logging for unexpected remote address types in TCP and UDP listeners 2026-02-15 17:22:53 +08:00
yusing
be9af03a1e fix(health): increase MaxConnsPerHost for HTTP pinger
Updated the MaxConnsPerHost setting from 1 to 1000 in the HTTP pinger configuration.

Fixes "no free connections available to host" error
2026-02-15 17:22:10 +08:00
yusing
898002a38e feat(acl): add reason field to ACL logging for decision tracking
Add a reason parameter throughout the ACL system to track and log why
each IP was allowed or denied. This provides better visibility into
ACL decisions by recording specific reasons such as "allowed by
allow_local rule", "blocked by deny rule: [rule]", or "deny by default".

Changes include:
- Add reason field to checkCache and ipLog structs
- Update LogACL interface and implementations to accept reason
- Generate descriptive reasons for all ACL decision paths
- Include reason in console log output
2026-02-15 17:20:54 +08:00
yusing
0acedb034a feat: add event emission for blocked requests and provider changes
- Emit ACL blocked events with matched rule information
- Emit HTTP blocked events from CIDR whitelist, ForwardAuth, and OIDC middlewares
- Emit global events for provider file/docker changes
- Add MatchedIndex method to ACL matchers for rule identification
- Update goutils submodule for events package update
2026-02-15 16:48:39 +08:00
yusing
1244af0e38 refactor(watcher): rename events package to watcherEvents
- Updated import paths and references from events to watcherEvents across multiple files
2026-02-15 14:35:23 +08:00
yusing
d619562f00 refactor(health): remove incorrect field comment 2026-02-15 14:33:43 +08:00
yusing
6fcd570be6 fix(config): return the criticalErr and modernize errors.As 2026-02-14 19:54:55 +08:00
yusing
8b2da08ec1 fix(oidc): allow requests to proceed when OIDC is not enabled
fix(oidc): ignore OIDC middleware when OIDC is not enabled

The OIDC middleware now gracefully handles the case when OIDC is not enabled by:
- Returning early in the before() hook when IsOIDCEnabled() is false
- Logging an error instead of returning an error in finalize() when OIDC is not configured
2026-02-14 19:54:00 +08:00
yusing
679045eb29 feat(forwardAuth): add blocked log like 95ac659b1f 2026-02-13 23:56:14 +08:00
yusing
95ac659b1f feat(oidc): restrict OIDC middleware to GET requests
Block non-GET and WebSocket requests through the OIDC middleware with a 403 Forbidden response.
This avoids API clients receiving unexpected redirect and HTML response.

Added a log to hint user to add bypass rule if needed.

Also fix logout handler to not short-circuit middleware chain.
2026-02-13 23:48:18 +08:00
yusing
b4eb714553 chore(deps): upgrade dependencies 2026-02-13 22:17:44 +08:00
yusing
322bb70f02 feat(monitor): add display name support for health monitor logging
Add a DisplayNameKey struct to pass display names from routes through the task
parent hierarchy to the health monitor. This allows the health monitor to use
more descriptive names for logging instead of internal task names.

BREAKING CHANGE: The monitor.DisplayNameKey struct is now part of the public API
2026-02-13 22:12:19 +08:00
yusing
fa9239f5eb refactor: update pool initialization to include pool key 2026-02-13 22:10:46 +08:00
yusing
91f2c4993c fix(api/event): change websocket message type from BinaryMessage to TextMessage 2026-02-13 21:44:46 +08:00
yusing
1a33c0079d fix(api): update health endpoint to return detailed health info
- Changed the response type of the health endpoint to use a new HealthMap type for better clarity.
- Updated the health information retrieval method to GetHealthInfoWithoutDetail for improved accuracy in the response.
- Adjusted Swagger documentation to reflect the new response structure.
2026-02-13 21:44:22 +08:00