gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
650 Commits 4 Branches 293 Tags 320 MiB
283f2567be
Commit Graph

7 Commits

Author SHA1 Message Date
CyberMind-FR
5b55ab3ef9 feat: Dashboard reorganization and auth security fixes 
- Move Debug Console from Client Guardian to System Hub
- Add Auto-Zoning Rules dedicated view in Client Guardian
- Add public pages for Bug Bounty and Crowdfunding (no ACL)
- Fix auth-logger to only detect real login attempts
- Add private IP whitelist for CrowdSec (RFC1918 ranges)
- Update navigation menus across all apps
- Bump secubox-auth-logger to v1.2.2

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-14 09:32:14 +01:00
CyberMind-FR
ed52af6ab9 feat(theming): Add custom navigation tabs to Client Guardian and CrowdSec dashboards 
- Create nav.js for Client Guardian with SecuBox themed tabs
- Create nav.js for CrowdSec dashboard with themed navigation
- Update all Client Guardian views to use CgNav.renderTabs()
- Update all CrowdSec views to use CsNav.renderTabs()
- Update Client Guardian menu.json paths from /client-guardian/ to /guardian/
- Hide default LuCI tabs via CSS injection for both dashboards

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-09 13:44:11 +01:00
CyberMind-FR
d8f5fcd6e4 fix: Client Guardian remove_client_rules now uses section names (v0.6.0-r32) 
- Fix duplicate firewall rules issue by using section names instead of indices
- UCI section deletion now properly handles all rules for a MAC address
- Prevents index shifting problems when deleting multiple rules

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-08 16:54:23 +01:00
CyberMind-FR
179224296a fix: Client Guardian zone changes now properly apply firewall rules (v0.6.0-r31) 
- Remove duplicate apply_client_rules function (second definition was overriding first)
- Improve zone-based firewall rule application:
  - Proper MAC address normalization (uppercase)
  - Clean rule names without colons (CG_BLOCK_AABBCCDD)
  - Quarantine zone blocks WAN but allows DNS/DHCP
  - Zone settings (internet_access, local_access) properly applied
  - Firewall reload is now synchronous for immediate effect
- Improve remove_client_rules to find and delete all CG_ prefixed rules
- Add debug logging for troubleshooting

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-08 16:25:10 +01:00
CyberMind-FR
b610239551 ok 2026-01-08 09:08:46 +01:00
CyberMind-FR
0564de0811 feat: Remove captive portal and add auto-zoning to Client Guardian (v0.6.0-r24) 
Major enhancements to Client Guardian:

**Removed Captive Portal:**
- Deleted portal.js and captive.js views
- Removed portal configuration from UCI
- Removed portal RPC methods (get_portal, update_portal, list_sessions, authorize_client, deauthorize_client)
- Cleaned menu and ACL definitions
- Updated default policy from 'captive' to 'quarantine'

**Added Auto-Zoning System:**
- Implemented get_vendor_from_mac() for OUI lookups
- Added apply_auto_zoning() with rule-based zone assignment
- Support for vendor, hostname pattern, and MAC prefix matching
- 8 pre-configured auto-zoning rules (IoT devices, mobile, guests)
- Auto-parking zone for unmatched clients
- GridSection UI for managing auto-zoning rules

**Threat Intelligence Integration:**
- Added threat_policy UCI section
- Auto-ban/quarantine based on threat score thresholds
- Threat indicators on client displays
- Integration with Security Threats Dashboard

**Dashboard Improvements:**
- Fixed boolean conversion (UCI "true"/"false" to JSON 0/1)
- Fixed RPC expect parameter issues causing empty arrays
- Added real-time polling with configurable intervals
- Removed all window.location.reload() calls
- Smooth DOM updates without page flickers

**Settings Enhancements:**
- Added reactiveness section (auto-refresh toggle, interval)
- Added threat intelligence settings
- Removed captive portal settings section
- Updated policy descriptions

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-08 08:44:39 +01:00
CyberMind-FR
31a87c5d7a feat(structure): reorganize luci-app packages into package/secubox/ + appstore migration 
Major structural reorganization and feature additions:

## Folder Reorganization
- Move 17 luci-app-* packages to package/secubox/ (except luci-app-secubox core hub)
- Update all tooling to support new structure:
  - secubox-tools/quick-deploy.sh: search both locations
  - secubox-tools/validate-modules.sh: validate both directories
  - secubox-tools/fix-permissions.sh: fix permissions in both locations
  - .github/workflows/test-validate.yml: build from both paths
- Update README.md links to new package/secubox/ paths

## AppStore Migration (Complete)
- Add catalog entries for all remaining luci-app packages:
  - network-tweaks.json: Network optimization tools
  - secubox-bonus.json: Documentation & demos hub
- Total: 24 apps in AppStore catalog (22 existing + 2 new)
- New category: 'documentation' for docs/demos/tutorials

## VHost Manager v2.0 Enhancements
- Add profile activation system for Internal Services and Redirects
- Implement createVHost() API wrapper for template-based deployment
- Fix Virtual Hosts view rendering with proper LuCI patterns
- Fix RPCD backend shell script errors (remove invalid local declarations)
- Extend backend validation for nginx return directives (redirect support)
- Add section_id parameter for named VHost profiles
- Add Remove button to Redirects page for feature parity
- Update README to v2.0 with comprehensive feature documentation

## Network Tweaks Dashboard
- Close button added to component details modal

Files changed: 340+ (336 renames with preserved git history)
Packages affected: 19 luci-app, 2 secubox-app, 1 theme, 4 tools

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-01 14:59:38 +01:00