gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,321 Commits 4 Branches 293 Tags 320 MiB
57ff4de960
Commit Graph

20 Commits

Author SHA1 Message Date
CyberMind-FR
e58f479cd4 feat(waf): Update WAF scenarios with 2024-2025 CVEs and OWASP threats 
Add detection patterns for latest actively exploited vulnerabilities:
- CVE-2025-55182 (React2Shell, CVSS 10.0)
- CVE-2025-8110 (Gogs RCE), CVE-2025-53770 (SharePoint)
- CVE-2025-52691 (SmarterMail), CVE-2025-40551 (SolarWinds)
- CVE-2024-47575 (FortiManager), CVE-2024-21887 (Ivanti)
- CVE-2024-3400, CVE-2024-0012, CVE-2024-9474 (PAN-OS)

New attack categories based on OWASP Top 10 2025:
- HTTP Request Smuggling (TE.CL/CL.TE conflicts)
- AI/LLM Prompt Injection (ChatML, instruction markers)
- WAF Bypass techniques (Unicode normalization, double encoding)
- Supply Chain attacks (CI/CD poisoning, dependency confusion)
- Extended SSTI (Jinja2, Freemarker, Velocity, Thymeleaf)
- API Abuse (BOLA/IDOR, mass assignment)

CrowdSec scenarios split into 11 separate files for reliability.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-12 05:02:57 +01:00
CyberMind-FR
02126aa7d3 feat(wireguard-dashboard): Persist server endpoints in UCI for reuse across views 
Server endpoints were stored only in browser sessionStorage, lost on tab
close/refresh. Now endpoints are saved in a dedicated UCI config file
(wireguard_dashboard) with RPCD methods to manage them. The wizard
auto-saves the endpoint after tunnel creation, and peers/QR views use a
dropdown of saved endpoints instead of requiring manual re-entry.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-03 18:32:36 +01:00
CyberMind-FR
2ed00d1967 fix(wireguard-dashboard): Fix RPC expect unwrapping, wizard interface naming and key persistence 
- Change generateConfig/generateQR RPC declarations to use empty expect
  so error responses are not silently discarded by LuCI's RPC unwrapper
- Simplify handleShowQR to always check backend for stored key first
- Auto-detect next available interface name in wizard (wg1 if wg0 exists)
- Pass private key to addPeer in wizard's createPeers for QR persistence

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-03 17:35:44 +01:00
CyberMind-FR
75e3f59207 fix(wireguard-dashboard): Bypass jshn for QR code output to avoid argument size limit 
The base64-encoded SVG QR code exceeded jshn's argument list limit,
causing "Argument list too long" errors. Build the JSON response
manually via file I/O so the large string is never passed as a
command argument.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-03 16:57:53 +01:00
CyberMind-FR
2ab0965917 feat(wireguard-dashboard): Persist peer private keys in UCI for QR code generation 
Store the client private key in UCI config (_client_private_key) when a
peer is created, so QR codes and config files can be generated after
page refresh without prompting the user to manually re-enter the key.
Old peers without stored keys still get the manual entry fallback.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-03 16:54:26 +01:00
CyberMind-FR
dcc000c55d fix(wireguard-dashboard): Fix QR code generation 
- Use SVG output instead of PNG (PNG disabled in OpenWrt qrencode)
- Fix endpoint port duplication when port already in endpoint string

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-01 08:56:25 +01:00
CyberMind-FR
3aa4f8d6f9 refactor(menu): Move WireGuard to Services menu 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-30 19:46:26 +01:00
CyberMind-FR
329d5febb9 fix(mitmproxy,tor-shield): Add transparent mode firewall support 
- Add RPCD methods to mitmproxy: settings, save_settings, set_mode,
  setup_firewall, clear_firewall
- Add apply_now parameter to tor-shield save_settings to restart
  service and apply iptables rules immediately
- Update ACL files with new permissions
- Add Save & Apply button to tor-shield settings page
- Update api.js files to use correct RPCD method signatures

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-30 19:46:26 +01:00
CyberMind-FR
b7edc32695 fix: Add restart to services and fix wireguard qrcode module 
- haproxy: Add explicit restart_service function
- tor-shield: Add explicit restart_service function
- wireguard-dashboard/qrcode.js: Use baseclass.extend() pattern
  to fix "factory yields invalid constructor" error

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 14:40:46 +01:00
CyberMind-FR
785ba9eb4c fix(wireguard): Handle RPC expect unwrapping in API and views 
The RPC expect clause unwraps responses - when `expect: { peers: [] }`
is used, the response `{peers: [...]}` gets unwrapped to just `[...]`.

Fixed:
- api.js: getAllData and getMonitoringData now handle both array
  and object formats for peers, interfaces, and rates
- overview.js: render and polling functions now safely unwrap
  data that may be array or nested object

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 10:45:25 +01:00
CyberMind-FR
14690ebe9e fix(wireguard-dashboard): Use qrcode module in wizard.js 
The wizard.js was looking for a global QRCode object that doesn't exist.
Updated to import and use our qrcode module like other views do.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-23 12:42:16 +01:00
CyberMind-FR
2a4423d036 fix(wireguard-dashboard): Fix QR library module export pattern 
Changed from baseclass.extend() to simple object return pattern
to match other libraries (chart.js). The baseclass dependency
was causing the module to fail loading.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-23 12:39:20 +01:00
CyberMind-FR
2f16875c4b fix(wireguard-dashboard): Upgrade QR code generator to support larger configs 
The JavaScript QR code fallback was limited to Version 5 (106 bytes max),
but WireGuard configs are typically 200-250 bytes. This caused QR code
generation to fail when the backend qrencode binary is not installed.

Changes:
- Auto-select optimal QR version (1-20) based on data length
- Support up to 858 bytes (Version 20)
- Proper Reed-Solomon error correction with dynamic generator polynomials
- Data interleaving for multiple EC blocks
- Alignment patterns for all versions
- Version info encoding for version 7+
- Quiet zone in SVG output

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-23 12:35:34 +01:00
CyberMind-FR
6f713b1041 chore: Bump release versions for require syntax fix 
- luci-app-auth-guardian: r3
- luci-app-glances: r2
- luci-app-localai: r10
- luci-app-magicmirror2: r6
- luci-app-mitmproxy: r6
- luci-app-mmpm: r3
- luci-app-mqtt-bridge: r4
- luci-app-ndpid: r2
- luci-app-network-modes: r3
- luci-app-secubox-admin: r17
- luci-app-secubox-portal: r7
- luci-app-wireguard-dashboard: r2

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-21 17:18:06 +01:00
CyberMind-FR
db3a41928e fix(luci): Fix require syntax in all LuCI views - use slashes instead of dots 
All 'require module.submodule' directives changed to 'require module/submodule'
to match LuCI's module loading convention.

Affected packages:
- luci-app-auth-guardian
- luci-app-glances
- luci-app-localai
- luci-app-magicmirror2
- luci-app-mitmproxy
- luci-app-mmpm
- luci-app-mqtt-bridge
- luci-app-ndpid
- luci-app-network-modes
- luci-app-secubox-admin
- luci-app-secubox-portal
- luci-app-wireguard-dashboard

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-21 17:15:21 +01:00
CyberMind-FR
5e29599682 feat(wireguard-dashboard,webapp): Add setup wizard, admin sessions, and blocking stats 
WireGuard Dashboard v0.7.0:
- Add zone-based setup wizard with 4-step flow
- Add tunnel presets (road-warrior, site-to-site, iot-tunnel)
- Add zone presets (home-user, remote-worker, mobile, iot, guest, server)
- Add interface control (up/down/restart)
- Add peer ping functionality
- Add bandwidth rates monitoring
- Comprehensive wizard CSS styles

SecuBox Webapp v1.5.0:
- Add admin sessions list showing authenticated LuCI users with IP source
- Add blocking statistics (today's bans, blocked attempts, top scenario, unique IPs)
- Integrate stats from CrowdSec decisions and alerts

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-21 15:40:46 +01:00
CyberMind-FR
9ef0b6db18 feat: WireGuard Dashboard v0.5.0 - Bug fixes and enhancements 
Bug fixes:
- Fix QR code generation with JavaScript fallback library
- Add missing API helper functions (getPeerStatusClass, shortenKey)
- Fix traffic stats subshell variable scope bug
- Fix peer add/remove UCI handling with unique section names

Enhancements:
- Add real-time auto-refresh with poll.add() (5s default)
- Add SVG-based traffic charts component
- Add peer configuration wizard with IP auto-suggestion
- Add multi-interface management with tabs

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-09 09:32:31 +01:00
CyberMind-FR
e7c9411d79 feat: Release v0.8.2 - Admin Control Center, Documentation Mirror & Docker Automation 
This release adds major new features for SecuBox management and deployment:

## New Features

### 1. LuCI Admin Control Center (luci-app-secubox-admin)
- Unified admin dashboard for managing all SecuBox appstore plugins
- **Control Panel**: Real-time stats, system health, alerts, quick actions
- **Apps Manager**: Browse catalog, install/remove apps with search & filtering
- **App Settings**: Per-app configuration, start/stop controls
- **System Health**: Live monitoring (CPU, RAM, disk) with auto-refresh
- **System Logs**: Centralized log viewer with download capability
- Fully integrated with existing RPCD backend (luci.secubox)
- Mobile-responsive design with polished UI components

### 2. Documentation Mirror in SecuBox Bonus
- Integrated complete development documentation into luci-app-secubox-bonus
- 64+ documentation files now available offline at /luci-static/secubox/docs/
- Beautiful landing page (index-main.html) with 4 sections:
  - Development guides & references
  - Live module demos
  - Tutorials & blog posts
  - Marketing campaign pages
- Accessible locally on router without internet connection

### 3. Automated Docker Plugin Installation
- Enhanced secubox-appstore CLI with full Docker automation
- One-click installation from web UI now fully automated:
  - Auto-detects Docker runtime from catalog
  - Discovers and executes control scripts (*ctl install)
  - Pulls Docker images automatically
  - Creates directories and configures UCI
  - Enables init services
- No manual CLI steps required for Docker apps
- Works for all Docker apps: AdGuard Home, Mail-in-a-Box, Nextcloud, etc.

### 4. Mail-in-a-Box Plugin
- New Docker-based email server plugin (secubox-app-mailinabox)
- Complete package with:
  - UCI configuration (8 port mappings, feature flags)
  - Control script (mailinaboxctl) with install/check/update/status/logs
  - Procd init script with auto-restart
  - Catalog manifest (category: hosting, maturity: beta)
- Network mode: host (required for mail server)
- Persistent storage: mail, SSL, data, DNS volumes

## Improvements

### Build System
- Updated local-build.sh to include luci-app-* packages from package/secubox/
- Now automatically discovers and builds luci-app-secubox-admin and similar packages
- Fixed Makefile include paths for feed structure

### Package Releases
- Incremented PKG_RELEASE for all 31 SecuBox packages
- Ensures clean upgrade path from previous versions

### Catalog Updates
- Mail-in-a-Box entry moved from "productivity" to "hosting" category
- Status changed to "beta" reflecting community Docker image maturity
- Storage requirement increased: 1024MB → 2048MB
- Added port 25 accessibility note

## Files Changed

### New Packages (2)
- package/secubox/luci-app-secubox-admin/ (12 files)
- package/secubox/secubox-app-mailinabox/ (4 files)

### Enhanced Packages (1)
- package/secubox/luci-app-secubox-bonus/ (65 new docs files)

### Modified Core (3)
- package/secubox/secubox-core/root/usr/sbin/secubox-appstore
- package/secubox/secubox-core/root/usr/share/secubox/catalog.json
- secubox-tools/local-build.sh

### All Makefiles (31 packages)
- Incremented PKG_RELEASE for clean upgrade path

## Technical Details

**Admin Control Center Architecture:**
- Frontend: 5 views (dashboard, apps, settings, health, logs)
- API: Wrapper around luci.secubox RPCD methods
- Components: Reusable UI library (cards, badges, alerts, loaders)
- Styling: Common + admin-specific CSS with responsive design
- Auto-refresh: Polling for live updates (5-30s intervals)

**Docker Automation Flow:**
```
Web UI → RPCD → secubox-appstore CLI → opkg install → *ctl install →
docker pull → directories → UCI config → init enable → ✓ Ready
```

**Access Points:**
- Admin Control: http://router/cgi-bin/luci/admin/secubox/admin/
- Documentation: http://router/luci-static/secubox/index-main.html
- Demos: http://router/luci-static/secubox/demo-*.html

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-04 08:29:31 +01:00
CyberMind-FR
4325197e35 fix(packages): add PKG_ARCH:=all and resolve build conflicts 
- Add PKG_ARCH:=all to all 29 SecuBox packages for architecture independence
- Fix secubox-core: remove /var directory creation (conflicts with OpenWRT symlink)
- Fix luci-app-secubox: remove PKG_FILE_MODES causing build errors
- Refactor luci-app-network-tweaks: migrate files/ to root/ structure
- Set correct permissions on fix-permissions.sh (755)

Fixes:
- secubox-core now builds successfully (no /var conflict)
- luci-app-secubox installs without file conflicts
- All packages properly marked as architecture-independent

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-02 07:45:37 +01:00
CyberMind-FR
31a87c5d7a feat(structure): reorganize luci-app packages into package/secubox/ + appstore migration 
Major structural reorganization and feature additions:

## Folder Reorganization
- Move 17 luci-app-* packages to package/secubox/ (except luci-app-secubox core hub)
- Update all tooling to support new structure:
  - secubox-tools/quick-deploy.sh: search both locations
  - secubox-tools/validate-modules.sh: validate both directories
  - secubox-tools/fix-permissions.sh: fix permissions in both locations
  - .github/workflows/test-validate.yml: build from both paths
- Update README.md links to new package/secubox/ paths

## AppStore Migration (Complete)
- Add catalog entries for all remaining luci-app packages:
  - network-tweaks.json: Network optimization tools
  - secubox-bonus.json: Documentation & demos hub
- Total: 24 apps in AppStore catalog (22 existing + 2 new)
- New category: 'documentation' for docs/demos/tutorials

## VHost Manager v2.0 Enhancements
- Add profile activation system for Internal Services and Redirects
- Implement createVHost() API wrapper for template-based deployment
- Fix Virtual Hosts view rendering with proper LuCI patterns
- Fix RPCD backend shell script errors (remove invalid local declarations)
- Extend backend validation for nginx return directives (redirect support)
- Add section_id parameter for named VHost profiles
- Add Remove button to Redirects page for feature parity
- Update README to v2.0 with comprehensive feature documentation

## Network Tweaks Dashboard
- Close button added to component details modal

Files changed: 340+ (336 renames with preserved git history)
Packages affected: 19 luci-app, 2 secubox-app, 1 theme, 4 tools

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
 2026-01-01 14:59:38 +01:00