supabase #107
Open
supabase #107
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Trueasync
- Dockerfile & Nuitka.Dockerfile: Auto-fetch latest Go version (removed hardcoded 1.24.x) - Security (CSP) - fastapi_middleware.py: - Added default-src, base-uri, worker-src, child-src directives - Added upgrade-insecure-requests & block-all-mixed-content (prod) - Removed redundant script-src 'self' - Added middleware to block JS files outside /assets/ and backup directories - Frontend: - Converted 5 Vue components to dynamic imports (defineAsyncComponent) - Fixed Vite code-splitting warnings, reduced initial bundle size
Commits Since Last Push (3 commits, 128 files, +20.5k/-2k lines) 0a4b88a carbide Security hardening: SRI plugin, CSRF/CSP middleware, ModSecurity configs, privacy page, fetch security layer, auth improvements, docs reorg 51ccd9f a bit much Major feature batch: AWG CPS pattern system, Go healthcheck, metrics module, structured logging, startup validation, job system refactor, health/metrics/CPS APIs, UI config enhancements, wiregate.sh overhaul 78371ac 1 Mesh networking: topology builder UI, network visualizer component, mesh backend API, config selector, peer mesh tests Uncommitted Changes (14 modified + 3 untracked, +515 lines) New Feature: udptlspipe TLS Tunneling UdpTlsPipeManager.py — new module for TLS pipe server management Core.py — peer/config models extended with TLS pipe fields (enabled, password, tls_server_name, secure, proxy, fingerprint_profile) core_api.py — endpoints: start/stop/status udptlspipe server; peer add/update with TLS settings peerSettings.vue — UI accordion for per-peer TLS pipe config (password, SNI, secure mode, proxy, fingerprint) peersDefaultSettingsSwitch.vue — new component for default peer settings toggle settings.vue — integrate default TLS pipe settings UI requests.py — Pydantic models for TLS pipe fields in peer/config create Build System Dockerfile — add udptlspipe Go build stage, copy binary to final image Makefile — udptlspipe build target, install rules Misc DataBaseManager.py / AsyncDataBaseManager.py — minor async fixes SecureCommand.py / restricted_shell.sh — shell hardening tweaks DashboardConfig.py — config key additions for TLS defaults
feat: add TLS pipe port config, improve Go build system, update deps Build System: - Fix Go version URL quoting for shell compatibility - Add Go minimum version validation in Dockerfiles - Update Go fallback version to 1.25.5 - Add `go get -u && go mod tidy` before Go binary builds Frontend: - Add TLS Pipe server status indicator in peer list - Show TLS badge on peers with udptlspipe enabled - Add udptlspipe_port field support in peer settings Backend: - Add udptlspipe_port field to Configuration and Peer classes - Improve DashboardLogger and database managers Dependencies: - Update udptlspipe Go module dependencies
Removed all references to udptlspipe and its Go implementation, including build steps, Makefile targets, and shell restrictions. Integrated wg-tcp-tunnel as the new TCP tunneling backend, added build steps for it in the Dockerfile, and updated the frontend to support per-peer TCP tunneling configuration. The UI and API calls were refactored to manage TCP tunnels instead of TLS pipes, and all related peer and configuration components were updated accordingly.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.