From 356dc5f52994955df78a6e0be8698f00e1ef06cc Mon Sep 17 00:00:00 2001
From: CyberMind-FR <gandalf@Gk2.net>
Date: Sat, 7 Mar 2026 14:35:40 +0100
Subject: [PATCH] fix(haproxyctl): Fix duplicate userlist and path ACL
 indentation

- Skip UCI userlists already defined in AUTH_USERLIST_FILE to avoid
  duplicate 'secubox_users' userlist warning
- Fix indentation of nocache http-request rules in _emit_sorted_path_acls
- Use correct ACL names for path-based nocache rules

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .../files/usr/sbin/haproxyctl                 | 24 ++++++++++++++-----
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl b/package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl
index 3d81d997..a12e7bd5 100644
--- a/package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl
+++ b/package/secubox/secubox-app-haproxy/files/usr/sbin/haproxyctl
@@ -528,6 +528,11 @@ _print_uci_userlist() {
 	config_get name "$section" name
 	[ -z "$name" ] && return
 
+	# Skip userlists already defined in AUTH_USERLIST_FILE to avoid duplicates
+	if [ -f "$AUTH_USERLIST_FILE" ] && grep -q "^userlist $name\$" "$AUTH_USERLIST_FILE" 2>/dev/null; then
+		return
+	fi
+
 	echo "userlist $name"
 	# Handle list of users
 	config_list_foreach "$section" user _print_userlist_user
@@ -826,12 +831,19 @@ _emit_sorted_path_acls() {
 		# Generate use_backend rule (use WAF backend if enabled)
 		local effective_backend="$backend"
 		config_get waf_bypass "$section" waf_bypass "0"
-	[ "$waf_enabled" = "1" ] && [ "$waf_bypass" != "1" ] && effective_backend="$waf_backend"
-	# Set nocache flag during request for checking during response
-	config_get no_cache "$section" no_cache "0"
-	if [ "$no_cache" = "1" ]; then
-		echo "    http-request set-var(txn.nocache) str(yes) if host_${acl_name}"
-	fi
+		[ "$waf_enabled" = "1" ] && [ "$waf_bypass" != "1" ] && effective_backend="$waf_backend"
+
+		# Set nocache flag during request for checking during response
+		# Note: http-request rules must come BEFORE use_backend
+		config_get no_cache "$section" no_cache "0"
+		if [ "$no_cache" = "1" ]; then
+			if [ -n "$host_acl_name" ]; then
+				echo "    http-request set-var(txn.nocache) str(yes) if host_${host_acl_name} ${acl_name}"
+			else
+				echo "    http-request set-var(txn.nocache) str(yes) if ${acl_name}"
+			fi
+		fi
+
 		if [ -n "$host_acl_name" ]; then
 			echo "    use_backend $effective_backend if host_${host_acl_name} ${acl_name}"
 		else