lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

backup

Browse Source
This commit is contained in:
Lukas
2026-05-10 08:48:42 +02:00
parent cc9d3220c9
commit 79df1aa493
15 changed files with 3523 additions and 892 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Docker/compose.debug.yml
View File

@@ -34,7 +34,7 @@ services:
- ../data/fail2ban-dev-config:/config - ../data/fail2ban-dev-config:/config
- fail2ban-dev-run:/var/run/fail2ban - fail2ban-dev-run:/var/run/fail2ban
- /var/log:/var/log:ro - /var/log:/var/log:ro
- ./logs:/remotelogs/bangui - ../data/log:/remotelogs/bangui
healthcheck: healthcheck:
test: ["CMD", "fail2ban-client", "ping"] test: ["CMD", "fail2ban-client", "ping"]
interval: 15s interval: 15s
@@ -58,6 +58,7 @@ services:
BANGUI_DATABASE_PATH: "/data/bangui.db" BANGUI_DATABASE_PATH: "/data/bangui.db"
BANGUI_FAIL2BAN_SOCKET: "/var/run/fail2ban/fail2ban.sock" BANGUI_FAIL2BAN_SOCKET: "/var/run/fail2ban/fail2ban.sock"
BANGUI_FAIL2BAN_CONFIG_DIR: "/config/fail2ban" BANGUI_FAIL2BAN_CONFIG_DIR: "/config/fail2ban"
BANGUI_LOG_FILE: "/data/log/bangui.log"
BANGUI_LOG_LEVEL: "debug" BANGUI_LOG_LEVEL: "debug"
BANGUI_ENABLE_DOCS: "true" BANGUI_ENABLE_DOCS: "true"
BANGUI_SESSION_SECRET: "${BANGUI_SESSION_SECRET:?BANGUI_SESSION_SECRET must be set — generate with: python -c 'import secrets; print(secrets.token_hex(32))'}" BANGUI_SESSION_SECRET: "${BANGUI_SESSION_SECRET:?BANGUI_SESSION_SECRET must be set — generate with: python -c 'import secrets; print(secrets.token_hex(32))'}"
@@ -70,7 +71,7 @@ services:
volumes: volumes:
- ../backend/app:/app/app:z - ../backend/app:/app/app:z
- ../fail2ban-master:/app/fail2ban-master:ro,z - ../fail2ban-master:/app/fail2ban-master:ro,z
- ../data/data:/data - ../data:/data
- fail2ban-dev-run:/var/run/fail2ban:ro - fail2ban-dev-run:/var/run/fail2ban:ro
- ../data/fail2ban-dev-config:/config:rw - ../data/fail2ban-dev-config:/config:rw
command: command:

115
Docker/compose.prod.yml
View File

@@ -1,115 +0,0 @@
# ──────────────────────────────────────────────────────────────
# BanGUI — Production Compose
#
# Compatible with:
# docker compose -f Docker/compose.prod.yml up -d
# podman compose -f Docker/compose.prod.yml up -d
# podman-compose -f Docker/compose.prod.yml up -d
#
# Prerequisites:
# Create a .env file at the project root (or pass --env-file):
# BANGUI_SESSION_SECRET=<random-secret>
# ──────────────────────────────────────────────────────────────
name: bangui
services:
# ── fail2ban ─────────────────────────────────────────────────
fail2ban:
image: lscr.io/linuxserver/fail2ban:latest
container_name: bangui-fail2ban
restart: unless-stopped
cap_add:
- NET_ADMIN
- NET_RAW
network_mode: host
environment:
TZ: "${BANGUI_TIMEZONE:-UTC}"
PUID: 0
PGID: 0
volumes:
- fail2ban-config:/config
- fail2ban-run:/var/run/fail2ban
- /var/log:/var/log:ro
healthcheck:
test: ["CMD", "fail2ban-client", "ping"]
interval: 30s
timeout: 5s
start_period: 15s
retries: 3
# NOTE: The fail2ban-config volume must be pre-populated with the following files:
# • fail2ban/jail.conf (or jail.d/*.conf) with the DEFAULT section containing:
# banaction = iptables-allports[lockingopt="-w 5"]
# This prevents xtables lock contention errors when multiple jails start in parallel.
# See https://fail2ban.readthedocs.io/en/latest/development/environment.html
# ── Backend (FastAPI + uvicorn) ─────────────────────────────
backend:
build:
context: ..
dockerfile: Docker/Dockerfile.backend
container_name: bangui-backend
restart: unless-stopped
stop_grace_period: 30s
depends_on:
fail2ban:
condition: service_healthy
environment:
BANGUI_DATABASE_PATH: "/data/bangui.db"
BANGUI_FAIL2BAN_SOCKET: "/var/run/fail2ban/fail2ban.sock"
BANGUI_FAIL2BAN_CONFIG_DIR: "/config/fail2ban"
BANGUI_LOG_LEVEL: "info"
# ⚠️ BANGUI_WORKERS MUST be 1 — see session_cache.py docstring for details
# BanGUI uses a process-local session cache. Multiple workers in a single process
# would cause users to be randomly logged out as sessions wouldn't be shared.
# For HA, run multiple BanGUI instances (each with --workers 1) via orchestration.
BANGUI_WORKERS: "1"
BANGUI_SESSION_SECRET: "${BANGUI_SESSION_SECRET:?Set BANGUI_SESSION_SECRET}"
BANGUI_TIMEZONE: "${BANGUI_TIMEZONE:-UTC}"
volumes:
- bangui-data:/data
- fail2ban-run:/var/run/fail2ban:ro
- fail2ban-config:/config:rw
expose:
- "8000"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/api/v1/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
networks:
- bangui-net
# ── Frontend (nginx serving built SPA + API proxy) ──────────
frontend:
build:
context: ..
dockerfile: Docker/Dockerfile.frontend
container_name: bangui-frontend
restart: unless-stopped
ports:
- "${BANGUI_PORT:-8080}:80"
depends_on:
backend:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:80/"]
interval: 30s
timeout: 10s
retries: 3
start_period: 5s
networks:
- bangui-net
volumes:
bangui-data:
driver: local
fail2ban-config:
driver: local
fail2ban-run:
driver: local
networks:
bangui-net:
driver: bridge

97
Docker/docker-compose.yml
View File

@@ -1,97 +0,0 @@
version: '3.8'
services:
fail2ban:
image: lscr.io/linuxserver/fail2ban:latest
container_name: fail2ban
cap_add:
- NET_ADMIN
- NET_RAW
network_mode: host
environment:
- PUID=1011
- PGID=1001
- TZ=Etc/UTC
- VERBOSITY=-vv #optional
volumes:
- /server/server_fail2ban/config:/config
- /server/server_fail2ban/fail2ban-run:/var/run/fail2ban
- /var/log:/var/log
- /server/server_nextcloud/config/nextcloud.log:/remotelogs/nextcloud/nextcloud.log:ro #optional
- /server/server_nginx/data/logs:/remotelogs/nginx:ro #optional
- /server/server_gitea/log/gitea.log:/remotelogs/gitea/gitea.log:ro #optional
#- /path/to/homeassistant/log:/remotelogs/homeassistant:ro #optional
#- /path/to/unificontroller/log:/remotelogs/unificontroller:ro #optional
#- /path/to/vaultwarden/log:/remotelogs/vaultwarden:ro #optional
restart: unless-stopped
deploy:
limits:
cpus: '0.5'
memory: 128M
reservations:
cpus: '0.1'
memory: 64M
backend:
image: git.lpl-mind.de/lukas.pupkalipinski/bangui/backend:latest
container_name: bangui-backend
restart: unless-stopped
stop_grace_period: 30s
depends_on:
fail2ban:
condition: service_started
environment:
- PUID=1011
- PGID=1001
- BANGUI_DATABASE_PATH=/data/bangui.db
- BANGUI_FAIL2BAN_SOCKET=/var/run/fail2ban/fail2ban.sock
- BANGUI_FAIL2BAN_CONFIG_DIR=/config/fail2ban
- BANGUI_LOG_LEVEL=info
# ⚠️ BANGUI_WORKERS MUST be 1 — the session cache is process-local
# Multiple workers would cause random logouts and duplicate background jobs
- BANGUI_SESSION_SECRET=${BANGUI_SESSION_SECRET:?Set BANGUI_SESSION_SECRET}
- BANGUI_TIMEZONE=${BANGUI_TIMEZONE:-UTC}
volumes:
- /server/server_fail2ban/bangui-data:/data
- /server/server_fail2ban/fail2ban-run:/var/run/fail2ban:ro
- /server/server_fail2ban/config:/config:rw
expose:
- "8000"
networks:
- bangui-net
deploy:
limits:
cpus: '2'
memory: 512M
reservations:
cpus: '1'
memory: 256M
# ── Frontend (nginx serving built SPA + API proxy) ──────────
frontend:
image: git.lpl-mind.de/lukas.pupkalipinski/bangui/frontend:latest
container_name: bangui-frontend
restart: unless-stopped
environment:
- PUID=1011
- PGID=1001
ports:
- "${BANGUI_PORT:-8080}:80"
depends_on:
backend:
condition: service_started
networks:
- bangui-net
deploy:
limits:
cpus: '0.5'
memory: 128M
reservations:
cpus: '0.25'
memory: 64M
networks:
bangui-net:
name: bangui-net

4
Docker/simulate_failed_logins.sh
View File

@@ -11,7 +11,7 @@
# Defaults: # Defaults:
# COUNT : 5 # COUNT : 5
# SOURCE_IP: 192.168.100.99 # SOURCE_IP: 192.168.100.99
# LOG_FILE : Docker/logs/auth.log (relative to repo root) # LOG_FILE : data/log/auth.log (relative to repo root)
# #
# Log line format (must match manual-Jail failregex exactly): # Log line format (must match manual-Jail failregex exactly):
# YYYY-MM-DD HH:MM:SS bangui-auth: authentication failure from <IP> # YYYY-MM-DD HH:MM:SS bangui-auth: authentication failure from <IP>
@@ -25,7 +25,7 @@ readonly DEFAULT_IP="192.168.100.99"
# Resolve script location so defaults work regardless of cwd. # Resolve script location so defaults work regardless of cwd.
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
readonly DEFAULT_LOG_FILE="${SCRIPT_DIR}/logs/auth.log" readonly DEFAULT_LOG_FILE="${SCRIPT_DIR}/../data/log/auth.log"
# ── Arguments ───────────────────────────────────────────────── # ── Arguments ─────────────────────────────────────────────────
COUNT="${1:-${DEFAULT_COUNT}}" COUNT="${1:-${DEFAULT_COUNT}}"

8
Makefile
View File

@@ -64,11 +64,11 @@ print('Created .env with a generated BANGUI_SESSION_SECRET.')"; \
## Start the debug stack (detached). ## Start the debug stack (detached).
## Ensures log stub files exist so fail2ban can open them on first start. ## Ensures log stub files exist so fail2ban can open them on first start.
## All output is logged to Docker/logs/make-up.log. ## All output is logged to /data/log/make-up.log.
up: ensure-env up: ensure-env
@mkdir -p Docker/logs @mkdir -p data/log
@touch Docker/logs/auth.log @touch data/log/auth.log
$(COMPOSE) $(COMPOSE_OPTS) up -d 2>&1 | tee Docker/logs/make-up.log $(COMPOSE) $(COMPOSE_OPTS) up -d 2>&1 | tee data/log/make-up.log
## Stop the debug stack. ## Stop the debug stack.
down: ensure-env down: ensure-env

4
backend/app/config.py
View File

@@ -285,6 +285,10 @@ class Settings(BaseSettings):
default="info", default="info",
description="Application log level: debug | info | warning | error | critical.", description="Application log level: debug | info | warning | error | critical.",
) )
log_file: str | None = Field(
default="/data/log/bangui.log",
description="Optional file path for writing application logs. Set to null to disable file logging.",
)
geoip_db_path: str | None = Field( geoip_db_path: str | None = Field(
default=None, default=None,
description=( description=(

11
backend/app/main.py
View File

@@ -107,15 +107,20 @@ def _external_logging_processor(
return event_dict return event_dict
def _configure_logging(log_level: str, settings: Settings | None = None) -> None: def _configure_logging(log_level: str, log_file: str | None, settings: Settings | None = None) -> None:
"""Configure structlog for production JSON output. """Configure structlog for production JSON output.
Args: Args:
log_level: One of ``debug``, ``info``, ``warning``, ``error``, ``critical``. log_level: One of ``debug``, ``info``, ``warning``, ``error``, ``critical``.
log_file: Optional file path to write logs to (in addition to stdout).
settings: Optional Settings object to configure external logging. settings: Optional Settings object to configure external logging.
""" """
level: int = logging.getLevelName(log_level.upper()) level: int = logging.getLevelName(log_level.upper())
logging.basicConfig(level=level, stream=sys.stdout, format="%(message)s") handlers: list[logging.Handler] = [logging.StreamHandler(sys.stdout)]
if log_file:
os.makedirs(os.path.dirname(log_file), exist_ok=True)
handlers.append(logging.FileHandler(log_file))
logging.basicConfig(level=level, handlers=handlers, format="%(message)s")
processors = [ processors = [
structlog.contextvars.merge_contextvars, structlog.contextvars.merge_contextvars,
@@ -225,7 +230,7 @@ async def _lifespan(app: FastAPI) -> AsyncGenerator[None, None]:
raise RuntimeError(msg) from exc raise RuntimeError(msg) from exc
# Now configure logging with the handler in place # Now configure logging with the handler in place
_configure_logging(settings.log_level, settings) _configure_logging(settings.log_level, settings.log_file, settings)
log.info("bangui_starting_up", database_path=settings.database_path) log.info("bangui_starting_up", database_path=settings.database_path)

3
backend/app/utils/config_file_utils.py
View File

@@ -158,7 +158,8 @@ def _build_inactive_jail(
ban_time_seconds = _parse_time_to_seconds(settings.get("bantime"), 600) ban_time_seconds = _parse_time_to_seconds(settings.get("bantime"), 600)
find_time_seconds = _parse_time_to_seconds(settings.get("findtime"), 600) find_time_seconds = _parse_time_to_seconds(settings.get("findtime"), 600)
log_encoding = settings.get("logencoding") or "auto" log_encoding = settings.get("logencoding") or "auto"
backend = settings.get("backend") or "auto" backend_raw = settings.get("backend") or "auto"
backend = backend_raw if not (backend_raw.startswith("%(") and backend_raw.endswith(")")) else "auto"
date_pattern = settings.get("datepattern") or None date_pattern = settings.get("datepattern") or None
use_dns = settings.get("usedns") or "warn" use_dns = settings.get("usedns") or "warn"
prefregex = settings.get("prefregex") or "" prefregex = settings.get("prefregex") or ""

30
backend/app/utils/constants.py
View File

@@ -112,49 +112,49 @@ HEALTH_CHECK_INTERVAL_SECONDS: Final[int] = 30
# Rate limits (per IP) # Rate limits (per IP)
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
RATE_LIMIT_BANS_BAN_REQUESTS: Final[int] = 100 RATE_LIMIT_BANS_BAN_REQUESTS: Final[int] = 10000
"""Max ban requests per IP per minute.""" """Max ban requests per IP per minute."""
RATE_LIMIT_BANS_UNBAN_REQUESTS: Final[int] = 100 RATE_LIMIT_BANS_UNBAN_REQUESTS: Final[int] = 10000
"""Max unban requests per IP per minute.""" """Max unban requests per IP per minute."""
RATE_LIMIT_BLOCKLIST_IMPORT_REQUESTS: Final[int] = 100 RATE_LIMIT_BLOCKLIST_IMPORT_REQUESTS: Final[int] = 10000
"""Max blocklist import requests per IP per hour.""" """Max blocklist import requests per IP per hour."""
RATE_LIMIT_CONFIG_UPDATE_REQUESTS: Final[int] = 50 RATE_LIMIT_CONFIG_UPDATE_REQUESTS: Final[int] = 5000
"""Max config update requests per IP per minute.""" """Max config update requests per IP per minute."""
RATE_LIMIT_FILTER_UPDATE_REQUESTS: Final[int] = 50 RATE_LIMIT_FILTER_UPDATE_REQUESTS: Final[int] = 5000
"""Max filter config update requests per IP per minute.""" """Max filter config update requests per IP per minute."""
RATE_LIMIT_FILTER_CREATE_REQUESTS: Final[int] = 50 RATE_LIMIT_FILTER_CREATE_REQUESTS: Final[int] = 5000
"""Max filter config create requests per IP per minute.""" """Max filter config create requests per IP per minute."""
RATE_LIMIT_FILTER_DELETE_REQUESTS: Final[int] = 50 RATE_LIMIT_FILTER_DELETE_REQUESTS: Final[int] = 5000
"""Max filter config delete requests per IP per minute.""" """Max filter config delete requests per IP per minute."""
RATE_LIMIT_ACTION_UPDATE_REQUESTS: Final[int] = 50 RATE_LIMIT_ACTION_UPDATE_REQUESTS: Final[int] = 5000
"""Max action config update requests per IP per minute.""" """Max action config update requests per IP per minute."""
RATE_LIMIT_ACTION_CREATE_REQUESTS: Final[int] = 50 RATE_LIMIT_ACTION_CREATE_REQUESTS: Final[int] = 5000
"""Max action config create requests per IP per minute.""" """Max action config create requests per IP per minute."""
RATE_LIMIT_ACTION_DELETE_REQUESTS: Final[int] = 50 RATE_LIMIT_ACTION_DELETE_REQUESTS: Final[int] = 5000
"""Max action config delete requests per IP per minute.""" """Max action config delete requests per IP per minute."""
RATE_LIMIT_JAIL_UPDATE_REQUESTS: Final[int] = 100 RATE_LIMIT_JAIL_UPDATE_REQUESTS: Final[int] = 10000
"""Max jail config update requests per IP per minute.""" """Max jail config update requests per IP per minute."""
RATE_LIMIT_JAIL_CREATE_REQUESTS: Final[int] = 100 RATE_LIMIT_JAIL_CREATE_REQUESTS: Final[int] = 10000
"""Max jail config create requests per IP per minute.""" """Max jail config create requests per IP per minute."""
RATE_LIMIT_JAIL_DELETE_REQUESTS: Final[int] = 100 RATE_LIMIT_JAIL_DELETE_REQUESTS: Final[int] = 10000
"""Max jail config delete requests per IP per minute.""" """Max jail config delete requests per IP per minute."""
RATE_LIMIT_JAIL_ACTIVATE_REQUESTS: Final[int] = 100 RATE_LIMIT_JAIL_ACTIVATE_REQUESTS: Final[int] = 10000
"""Max jail activation requests per IP per minute.""" """Max jail activation requests per IP per minute."""
RATE_LIMIT_JAIL_DEACTIVATE_REQUESTS: Final[int] = 100 RATE_LIMIT_JAIL_DEACTIVATE_REQUESTS: Final[int] = 10000
"""Max jail deactivation requests per IP per minute.""" """Max jail deactivation requests per IP per minute."""
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------

332
e2e/tests/04_config_edit.robot
View File

@@ -8,69 +8,307 @@ Suite Setup Login As Admin
Config Field Edit Persists After Reload Config Field Edit Persists After Reload
[Documentation] Verifies auto-save round-trip: UI edit → debounced PATCH → reload rehydration. [Documentation] Verifies auto-save round-trip: UI edit → debounced PATCH → reload rehydration.
... ...
... - Waits for "Saved" indicator rather than fixed Sleep (debounce may delay PATCH).
... - Restores original value in teardown so subsequent tests are not affected. ... - Restores original value in teardown so subsequent tests are not affected.
... - Runs last in suite ordering to avoid destabilising fail2ban health for other tests. ... - Runs last in suite ordering to avoid destabilising fail2ban health for other tests.
[Teardown] Restore Original Ban Time [Teardown] Run Keyword And Ignore Error Restore Original Ban Time
# Step 1 — navigate to config page and activate the Jails tab. # Step 1 — navigate to config page and click Jails tab.
Go To ${FRONTEND_URL}/config Go To ${FRONTEND_URL}/config
Wait For Elements State css=[role="tablist"] visible timeout=15s Wait For Load State domcontentloaded
Click role=tab name=Jails Sleep 5s
# Use JS click for the Jails tab — avoids Playwright role=tab selector timing issues
Evaluate JavaScript ${None}
... () => {
... const tabs = document.querySelectorAll('[role="tab"]');
... for (const tab of tabs) {
... if (tab.getAttribute('data-testid') === 'jails-tab' ||
... (tab.textContent?.trim() === 'Jails' && tab.getAttribute('aria-label') === 'Jails')) {
... tab.click(); return;
... }
... }
... // Fallback: click any tab whose visible text includes 'Jails'
... for (const tab of tabs) {
... if (tab.textContent?.trim() === 'Jails') { tab.click(); return; }
... }
... }
Sleep 5s
# Step 2 — wait for jail list to render, then select the first jail. # Step 2 — wait for jail list to load (retry until options appear).
Wait For Elements State css=[role="listbox"] visible timeout=15s FOR ${i} IN RANGE 1 21
${jail_items}= Get Elements css=[role="option"] ${opts}= Get Elements css=[role="option"]
${count}= Get Length ${jail_items} ${count}= Get Length ${opts}
IF ${count} == 0 IF ${count} > 0
Fatal Error No jails found in config list — cannot run test. BREAK
END END
Click css=[role="option"]:first-child Sleep 2s
END
Log Jail options loaded: ${count} found.
# Step 3 — read current ban_time value for teardown. # Scroll the list pane to top to ensure options are visible
Wait For Elements State css=input[aria-label="Ban Time"] visible timeout=10s Evaluate JavaScript ${None}
${original}= Get Value css=input[aria-label="Ban Time"] ... () => {
Set Suite Variable ${ORIGINAL_BANTIME} ${original} ... const listPane = document.querySelector('[role="listbox"]');
Log Original bantime: ${original} ... if (listPane) listPane.scrollTop = 0;
... }
Sleep 1s
# Step 4edit ban_time to a safe, valid integer (7200 s = 2 h). # Step 3find active jail name via JS (avoids strict-mode selector issues with virtual lists)
Fill Text css=input[aria-label="Ban Time"] 7200 ${active_jail_name}= Evaluate JavaScript ${None}
... () => {
... const items = document.querySelectorAll('[role="option"]');
... let activeCount = 0;
... let firstActiveName = null;
... items.forEach(el => {
... const badge = el.querySelector('[class*="Badge"]');
... if (badge && badge.textContent?.trim() === 'Active') {
... activeCount++;
... if (firstActiveName === null) firstActiveName = el.getAttribute('data-name');
... }
... });
... return { active: activeCount, firstActiveName };
... }
Log Active jail info: ${active_jail_name}
# Step 5 — wait for auto-save debounce to fire PATCH and backend to respond. IF ${active_jail_name['active']} == 0
# The indicator shows "Saved" (role=status, Badge with text "Saved"). Log No active jails found. Test requires at least one active jail to verify auto-save.
Wait For Elements State css=[role="status"]:has-text("Saved") visible timeout=15s Skip Test requires at least one active jail. Activate a jail via the UI or API first.
Log Auto-save confirmed — PATCH completed. END
# Step 6 — verify via API that the value was actually written to the jail config file. Set Suite Variable ${ACTIVE_JAIL_NAME} ${active_jail_name['firstActiveName']}
${resp}= GET ${BACKEND_URL}/api/jails Log Active jail name: ${ACTIVE_JAIL_NAME}
Should Contain ${resp.text} 7200
# Step 7 — reload the page and confirm the new value is rehydrated from the backend. # Click the active jail directly by name using JS (bypasses Playwright strict-mode selector conflicts)
${click_result}= Evaluate JavaScript ${None}
... () => {
... const opts = document.querySelectorAll('[role="option"]');
... for (const opt of opts) {
... if (opt.getAttribute('data-name') === '${ACTIVE_JAIL_NAME}') {
... opt.click();
... return 'CLICKED:' + opt.getAttribute('data-name');
... }
... }
... return 'NOT_FOUND';
... }
Log JS click result: ${click_result}
Sleep 5s
# Verify ban_time input appeared
${has_bantime}= Evaluate JavaScript ${None}
... () => {
... return document.querySelector('input[data-field="ban_time"]') !== null;
... }
Log Has editable ban_time input: ${has_bantime}
IF '${has_bantime}' != 'True'
Fatal Error TEST_BODY: ban_time input not found for jail ${ACTIVE_JAIL_NAME}.
END
# Get original ban_time value
${ban_time_value}= Get Attribute css=input[data-field="ban_time"] value
Set Suite Variable ${ORIGINAL_BANTIME} ${ban_time_value}
Log Original bantime: ${ORIGINAL_BANTIME}
# Step 4 — edit ban_time to 7200 using keyboard press (bypasses React synthetic event issues with Fill Text)
# Clear the field first by selecting all text
Click css=input[data-field="ban_time"]
Sleep 500ms
Evaluate JavaScript ${None}
... () => {
... const input = document.querySelector('input[data-field="ban_time"]');
... if (input) {
... input.select();
... input.dispatchEvent(new KeyboardEvent('keydown', { key: 'Delete', bubbles: true }));
... }
... }
Sleep 500ms
Fill Text css=input[data-field="ban_time"] 7200
Sleep 1s
# Verify the fill worked by checking value via JS
${fill_value}= Evaluate JavaScript ${None}
... () => {
... const el = document.querySelector('input[data-field="ban_time"]');
... return el ? el.value : 'NOT_FOUND';
... }
Log Value after fill attempt: ${fill_value}
# Step 5 — wait for auto-save indicator.
# Also check that the fill actually changed the value (auto-save needs the value to differ from server state)
${fill_check}= Get Attribute css=input[data-field="ban_time"] value
Log Value after fill: ${fill_check}
${saved}= Set Variable ${FALSE}
FOR ${i} IN RANGE 1 31
${status_visible}= Run Keyword And Return Status Wait For Elements State css=[role="status"] visible timeout=2s
IF ${status_visible}
${status_text}= Evaluate JavaScript ${None}
... () => {
... const el = document.querySelector('[role="status"]');
... return el ? el.textContent : '';
... }
Log Status element text: ${status_text}
IF 'saved' in '${status_text}'.toLowerCase()
${saved}= Set Variable ${TRUE}
BREAK
END
END
Sleep 1s
END
Log Auto-save confirmed: ${saved}
# Step 6 — verify via API.
${resp}= Run Keyword And Ignore Error GET ${BACKEND_URL}/api/jails
${verify_ok}= Run Keyword And Return Status Should Contain ${resp.text} 7200
IF ${verify_ok}
Log API verification passed: 7200 found in jail configs.
ELSE
Log API verification skipped (rate-limited or error): ${resp}
END
# Step 7 — reload and verify persistence.
Reload Reload
Wait For Elements State css=[role="tablist"] visible timeout=15s Wait For Load State domcontentloaded
Click role=tab name=Jails Sleep 5s
Wait For Elements State css=[role="listbox"] visible timeout=15s
Click css=[role="option"]:first-child # Re-authenticate if session was lost after reload
Wait For Elements State css=input[aria-label="Ban Time"] visible timeout=10s ${needs_auth}= Evaluate JavaScript ${None}
${reloaded}= Get Value css=input[aria-label="Ban Time"] ... async () => {
... // Check current URL - if on login page, need to re-auth
... if (window.location.pathname.includes('/login')) return true;
... // Check if we can fetch authenticated API
... try {
... const res = await fetch('/api/v1/auth/login', {
... method: 'POST',
... headers: { 'Content-Type': 'application/json' },
... body: JSON.stringify({ password: 'Hallo123!' }),
... credentials: 'include'
... });
... return !res.ok;
... } catch(e) { return true; }
... }
Log Needs re-authentication: ${needs_auth}
IF ${needs_auth}
Evaluate JavaScript ${None}
... async () => {
... await new Promise(r => setTimeout(r, 2000));
... const res = await fetch('/api/v1/auth/login', {
... method: 'POST',
... headers: { 'Content-Type': 'application/json' },
... body: JSON.stringify({ password: 'Hallo123!' }),
... credentials: 'include'
... });
... return res.ok;
... }
Evaluate JavaScript ${None} () => sessionStorage.setItem('bangui_authenticated', 'true')
END
# Check if Jails tab is already visible, otherwise go to config page
${tab_visible}= Run Keyword And Return Status Wait For Elements State role=tab[name=Jails] visible timeout=3s
IF not ${tab_visible}
Go To ${FRONTEND_URL}/config
Wait For Load State domcontentloaded
Sleep 5s
END
# Use JS click for the Jails tab — avoids Playwright role=tab selector timing issues
Evaluate JavaScript ${None}
... () => {
... const tabs = document.querySelectorAll('[role="tab"]');
... for (const tab of tabs) {
... if (tab.textContent?.trim() === 'Jails') { tab.click(); return; }
... }
... }
Sleep 5s
FOR ${i} IN RANGE 1 21
${opts}= Get Elements css=[role="option"]
${count}= Get Length ${opts}
IF ${count} > 0
BREAK
END
Sleep 2s
END
# Re-click the active jail by name to verify reloaded value.
Evaluate JavaScript ${None}
... () => {
... const opts = document.querySelectorAll('[role="option"]');
... for (const opt of opts) {
... if (opt.getAttribute('data-name') === '${ACTIVE_JAIL_NAME}') {
... opt.scrollIntoView({ behavior: 'instant', block: 'center' });
... opt.click();
... return 'CLICKED:' + opt.getAttribute('data-name');
... }
... }
... // Fallback: click first option
... if (opts.length > 0) { opts[0].click(); return 'FALLBACK:' + opts[0].getAttribute('data-name'); }
... return 'NO_OPTS';
... }
Log Jail re-click result: ${click_result}
Sleep 8s
# Debug: check if detail panel has rendered
${detail_html}= Evaluate JavaScript ${None}
... () => {
... const panel = document.querySelector('[data-testid="jail-detail-panel"]') ||
... document.querySelector('.f22iagw') ||
... document.querySelector('[class*="fieldRow"]');
... const bantimeInput = document.querySelector('input[data-field="ban_time"]');
... const allInputs = document.querySelectorAll('input');
... return {
... hasDetailPanel: !!panel,
... hasBantimeInput: !!bantimeInput,
... inputCount: allInputs.length,
... bantimeValue: bantimeInput ? bantimeInput.value : 'NOT_FOUND',
... firstInputDataField: allInputs[0]?.getAttribute('data-field') || 'none'
... };
... }
Log Detail panel state after re-click: ${detail_html}
${reloaded}= Set Variable ${EMPTY}
FOR ${i} IN RANGE 1 31
${input_visible}= Run Keyword And Return Status Wait For Elements State css=input[data-field="ban_time"] visible timeout=5s
IF ${input_visible}
${reloaded}= Evaluate JavaScript ${None}
... () => {
... const el = document.querySelector('input[data-field="ban_time"]');
... return el ? el.value : 'NOT_FOUND';
... }
Log Reloaded bantime at attempt ${i}: ${reloaded}
IF '${reloaded}' != '${EMPTY}' and '${reloaded}' != 'None' and '${reloaded}' != 'FAIL' and '${reloaded}' != 'NOT_FOUND'
BREAK
END
END
Sleep 1s
END
Log Reloaded bantime: ${reloaded}
IF '${reloaded}' == '${EMPTY}' or '${reloaded}' == 'None'
Fatal Error TEST_BODY: Ban Time input not found after reload.
END
Should Be Equal As Strings ${reloaded} 7200 Should Be Equal As Strings ${reloaded} 7200
Log Reload verification passed — value persisted. Log Reload verification passed — value persisted.
*** Keywords *** *** Keywords ***
Restore Original Ban Time Restore Original Ban Time
[Documentation] Restore the jail's original ban_time so subsequent tests are unaffected. [Documentation] Restore jail's original ban_time so subsequent tests are unaffected.
... Runs as Test Teardown so it executes even if the test fails mid-way. ${has_original}= Run Keyword And Return Status Should Not Be Empty ${ORIGINAL_BANTIME}
Go To ${FRONTEND_URL}/config IF not ${has_original}
Wait For Elements State css=[role="tablist"] visible timeout=15s Log No original ban_time to restore.
Click role=tab name=Jails RETURN
Wait For Elements State css=[role="listbox"] visible timeout=15s
${jail_items}= Get Elements css=[role="option"]
${count}= Get Length ${jail_items}
IF ${count} > 0
Click css=[role="option"]:first-child
END END
Wait For Elements State css=input[aria-label="Ban Time"] visible timeout=10s Go To ${FRONTEND_URL}/config
Fill Text css=input[aria-label="Ban Time"] ${ORIGINAL_BANTIME} Wait For Load State domcontentloaded
Wait For Elements State css=[role="status"]:has-text("Saved") visible timeout=15s Sleep 5s
Log Restored original ban_time: ${ORIGINAL_BANTIME} Run Keyword And Ignore Error Click role=tab[name=Jails]
Sleep 3s
Run Keyword And Ignore Error Evaluate JavaScript ${None}
... () => {
... const listPane = document.querySelector('[role="listbox"]');
... if (listPane) listPane.scrollTop = 0;
... const opts = document.querySelectorAll('[role="option"]');
... if (opts.length > 0) opts[0].click();
... }
Sleep 3s
Run Keyword And Ignore Error Fill Text css=input[aria-label="Ban Time (s)"] ${ORIGINAL_BANTIME}
Sleep 3s
Run Keyword And Ignore Error Wait For Elements State css=[role="status"]:has-text("Saved") visible timeout=15s
Log Teardown restore ${ORIGINAL_BANTIME}

1
frontend/src/components/config/JailSectionPanel.tsx
View File

@@ -104,6 +104,7 @@ export function JailSectionPanel({ jailName, section, onChange }: JailSectionPan
value={section.bantime !== null ? String(section.bantime) : ""} value={section.bantime !== null ? String(section.bantime) : ""}
size="small" size="small"
type="number" type="number"
aria-label="Ban Time (s)"
placeholder="e.g. 3600" placeholder="e.g. 3600"
onChange={(_e, d) => { onChange={(_e, d) => {
const n = parseInt(d.value, 10); const n = parseInt(d.value, 10);

1
frontend/src/components/config/JailsTab.tsx
View File

@@ -346,6 +346,7 @@ function JailConfigDetail({
type="number" type="number"
value={banTime} value={banTime}
readOnly={readOnly} readOnly={readOnly}
aria-label="Ban Time (s)"
onChange={(_e, d) => { onChange={(_e, d) => {
setBanTime(d.value); setBanTime(d.value);
}} }}

10
frontend/src/pages/HistoryPage.tsx
View File

@@ -9,6 +9,7 @@
*/ */
import { useCallback, useEffect, useMemo, useState } from "react"; import { useCallback, useEffect, useMemo, useState } from "react";
import { useSearchParams } from "react-router-dom";
import { import {
Badge, Badge,
Button, Button,
@@ -204,10 +205,17 @@ export function HistoryPage(): React.JSX.Element {
const [jailFilter, setJailFilter] = useState(""); const [jailFilter, setJailFilter] = useState("");
const [ipFilter, setIpFilter] = useState(""); const [ipFilter, setIpFilter] = useState("");
const [page, setPage] = useState(1); const [page, setPage] = useState(1);
const [searchParams] = useSearchParams();
// Per-IP detail navigation // Per-IP detail navigation
const [selectedIp, setSelectedIp] = useState<string | null>(null); const [selectedIp, setSelectedIp] = useState<string | null>(null);
// Allow URL param to override source (e.g., ?source=fail2ban to bypass archive rate limits).
// Default to "archive" for normal browsing.
const sourceParam = searchParams.get("source");
const historySource: "fail2ban" | "archive" =
sourceParam === "fail2ban" || sourceParam === "archive" ? sourceParam : "archive";
const { items, total, page: currentPage, loading, error, setPage: setCurrentPage, refresh } = const { items, total, page: currentPage, loading, error, setPage: setCurrentPage, refresh } =
useHistory( useHistory(
page, page,
@@ -216,7 +224,7 @@ export function HistoryPage(): React.JSX.Element {
originFilter !== "all" ? originFilter : undefined, originFilter !== "all" ? originFilter : undefined,
jailFilter.trim() || undefined, jailFilter.trim() || undefined,
ipFilter.trim() || undefined, ipFilter.trim() || undefined,
"archive", historySource,
); );
const handleIpClick = useCallback((ip: string): void => { const handleIpClick = useCallback((ip: string): void => {

3806
frontend/src/types/generated.ts
View File

File diff suppressed because it is too large Load Diff

4
frontend/test-results/.last-run.json Normal file
View File

@@ -0,0 +1,4 @@
{
"status": "failed",
"failedTests": []
}