a564830abb
Fix blocklist service injection and centralize session cookie name
2026-04-14 09:21:38 +02:00
e6df045e5e
Fix startup runtime settings ordering and use effective database path for request DB connections
2026-04-12 20:02:40 +02:00
ee880e6296
Introduce explicit ApplicationContext and remove raw request.app.state usage
2026-04-12 19:56:01 +02:00
3371ff8324
Introduce service/repository dependency protocols and tests
2026-04-10 19:51:19 +02:00
3b6e39ddad
Separate bootstrap settings from runtime overrides with a dedicated runtime settings manager
2026-04-10 19:31:51 +02:00
1dfc17f4f5
Replace process-local session cache with pluggable session cache backend
2026-04-10 19:22:02 +02:00
ff92733f90
Move runtime application state into a dedicated runtime state manager
2026-04-10 19:07:35 +02:00
e1d741956e
Disable session cache by default and make it opt-in for single-process deployments
2026-04-09 21:52:57 +02:00
208f98dc97
Use session_secret for signed auth session tokens
2026-04-09 21:30:08 +02:00
effcc65e1b
Document process-local auth session cache semantics
...
Clarify that dependencies.py session cache is process-local and not cluster-safe, and document the limitation in architecture docs.
2026-04-07 20:42:31 +02:00
ed3aa61c35
Refactor routers to use explicit FastAPI app dependencies
2026-04-07 20:27:06 +02:00
30e0dd71c9
Use explicit AppState dependency in config router and update task status
2026-04-07 20:15:28 +02:00
594f55d157
Refactor router dependency wiring to explicit app state providers
2026-04-06 20:12:04 +02:00
f0ee466603
backup
2026-04-06 19:49:53 +02:00
42c030c706
Refactor backend to use request-scoped SQLite connections
2026-04-05 23:14:46 +02:00
1c0bac1353
refactor: improve backend type safety and import organization
...
- Add TYPE_CHECKING guards for runtime-expensive imports (aiohttp, aiosqlite)
- Reorganize imports to follow PEP 8 conventions
- Convert TypeAlias to modern PEP 695 type syntax (where appropriate)
- Use Sequence/Mapping from collections.abc for type hints (covariant)
- Replace string literals with cast() for improved type inference
- Fix casting of Fail2BanResponse and TypedDict patterns
- Add IpLookupResult TypedDict for precise return type annotation
- Reformat overlong lines for readability (120 char limit)
- Add asyncio_mode and filterwarnings to pytest config
- Update test fixtures with improved type hints
This improves mypy type checking and makes type relationships explicit.
2026-03-22 14:24:24 +01:00
bdcdd5d672
Fix geo_re_resolve async mocks and mark tasks complete
2026-03-22 14:24:24 +01:00
d931e8c6a3
Reduce per-request DB overhead (Task 4)
...
- Cache setup_completed flag in app.state._setup_complete_cached after
first successful is_setup_complete() call; all subsequent API requests
skip the DB query entirely (one-way transition, cleared on restart).
- Add in-memory session token TTL cache (10 s) in require_auth; the second
request with the same token within the window skips session_repo.get_session.
- Call invalidate_session_cache() on logout so revoked tokens are evicted
immediately rather than waiting for TTL expiry.
- Add clear_session_cache() for test isolation.
- 5 new tests covering the cached fast-path for both optimisations.
- 460 tests pass, 83% coverage, zero ruff/mypy warnings.
2026-03-10 19:16:00 +01:00
750785680b
feat: Stage 2 — authentication and setup flow
...
Backend (tasks 2.1–2.6, 2.10):
- settings_repo: get/set/delete/get_all CRUD for the key-value settings table
- session_repo: create/get/delete/delete_expired for session rows
- setup_service: bcrypt password hashing, one-time-only enforcement,
run_setup() / is_setup_complete() / get_password_hash()
- auth_service: login() with bcrypt verify + token creation,
validate_session() with expiry check, logout()
- setup router: GET /api/setup (status), POST /api/setup (201 / 409)
- auth router: POST /api/auth/login (token + HttpOnly cookie),
POST /api/auth/logout (clears cookie, idempotent)
- SetupRedirectMiddleware: 307 → /api/setup for all API paths until setup done
- require_auth dependency: cookie or Bearer token → Session or 401
- conftest.py: manually bootstraps app.state.db for router tests
(ASGITransport does not trigger ASGI lifespan)
- 85 tests pass; ruff 0 errors; mypy --strict 0 errors
Frontend (tasks 2.7–2.9):
- types/auth.ts, types/setup.ts, api/auth.ts, api/setup.ts
- AuthProvider: sessionStorage-backed context (isAuthenticated, login, logout)
- RequireAuth: guard component → /login?next=<path> when unauthenticated
- SetupPage: Fluent UI form, client-side validation, inline errors
- LoginPage: single password input, ?next= redirect after success
- DashboardPage: placeholder (full impl Stage 5)
- App.tsx: full route tree (/setup, /login, /, *)
2026-02-28 21:33:30 +01:00
7392c930d6
feat: Stage 1 — backend and frontend scaffolding
...
Backend (tasks 1.1, 1.5–1.8):
- pyproject.toml with FastAPI, Pydantic v2, aiosqlite, APScheduler 3.x,
structlog, bcrypt; ruff + mypy strict configured
- Pydantic Settings (BANGUI_ prefix env vars, fail-fast validation)
- SQLite schema: settings, sessions, blocklist_sources, import_log;
WAL mode + foreign keys; idempotent init_db()
- FastAPI app factory with lifespan (DB, aiohttp session, scheduler),
CORS, unhandled-exception handler, GET /api/health
- Fail2BanClient: async Unix-socket wrapper using run_in_executor,
custom error types, async context manager
- Utility modules: ip_utils, time_utils, constants
- 47 tests; ruff 0 errors; mypy --strict 0 errors
Frontend (tasks 1.2–1.4):
- Vite + React 18 + TypeScript strict; Fluent UI v9; ESLint + Prettier
- Custom brand theme (#0F6CBD, WCAG AA contrast) with light/dark variants
- Typed fetch API client (ApiError, get/post/put/del) + endpoints constants
- tsc --noEmit 0 errors
2026-02-28 21:15:01 +01:00
