From 93fcefa5c32eac02f7f756bdd3282fcb97a78f4f Mon Sep 17 00:00:00 2001
From: CyberMind-FR <gandalf@Gk2.net>
Date: Wed, 25 Feb 2026 11:12:29 +0100
Subject: [PATCH] fix(streamlit): Route CLI emancipate through WAF
 (mitmproxy_inspector)

- Update _emancipate_haproxy() to use mitmproxy_inspector backend
- Add mitmproxy route entries for domain -> streamlit port
- Aligns CLI behavior with RPCD emancipate_instance

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .../files/usr/sbin/streamlitctl                   | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/package/secubox/secubox-app-streamlit/files/usr/sbin/streamlitctl b/package/secubox/secubox-app-streamlit/files/usr/sbin/streamlitctl
index 7ab7be18..aeee48c5 100644
--- a/package/secubox/secubox-app-streamlit/files/usr/sbin/streamlitctl
+++ b/package/secubox/secubox-app-streamlit/files/usr/sbin/streamlitctl
@@ -1301,11 +1301,11 @@ _emancipate_haproxy() {
 	uci set haproxy.${server_name}.check="1"
 	uci set haproxy.${server_name}.enabled="1"
 
-	# Create vhost with SSL
+	# Create vhost with SSL - Route through mitmproxy_inspector for WAF protection
 	local vhost_name=$(echo "$domain" | tr '.-' '_')
 	uci set haproxy.${vhost_name}=vhost
 	uci set haproxy.${vhost_name}.domain="$domain"
-	uci set haproxy.${vhost_name}.backend="$backend_name"
+	uci set haproxy.${vhost_name}.backend="mitmproxy_inspector"
 	uci set haproxy.${vhost_name}.ssl="1"
 	uci set haproxy.${vhost_name}.ssl_redirect="1"
 	uci set haproxy.${vhost_name}.acme="1"
@@ -1313,6 +1313,17 @@ _emancipate_haproxy() {
 
 	uci commit haproxy
 
+	# Add mitmproxy route for this domain
+	local routes_file="/srv/mitmproxy/haproxy-routes.json"
+	local routes_file_in="/srv/mitmproxy-in/haproxy-routes.json"
+	if [ -f "$routes_file" ]; then
+		# Add route: "domain": ["192.168.255.1", port]
+		sed -i "s/}$/,\"${domain}\":[\"192.168.255.1\",${port}]}/" "$routes_file" 2>/dev/null || true
+	fi
+	if [ -f "$routes_file_in" ]; then
+		sed -i "s/}$/,\"${domain}\":[\"192.168.255.1\",${port}]}/" "$routes_file_in" 2>/dev/null || true
+	fi
+
 	# Generate HAProxy config
 	if command -v haproxyctl >/dev/null 2>&1; then
 		haproxyctl generate 2>/dev/null