ab8e0c44bc
9 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
| 4eaf1cb27f |
fix: Simplify WAN access to DMZ-style open ports (v0.6.0-r36)
- Rewrite secubox-wan-access to use src="*" (all zones, DMZ style) - Remove firewall include script (was causing loops) - Keep only hotplug script for WAN interface up events - Rules saved in UCI persist across reboots - Firewall reload runs in background (&) to avoid blocking - secubox-core bumped to 0.9.0-3 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
|||
| 512ed12178 |
fix: Prevent infinite loop in secubox-wan-access (v0.6.0-r35)
- Add apply-noreload command that skips firewall reload - Firewall include now uses apply-noreload to avoid loop - apply command still reloads firewall for manual use Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
|||
| e6749f1b54 |
feat: Make WAN access rules persistent across firewall/network restarts (v0.6.0-r34)
- Add firewall include script (/etc/firewall.secubox-wan) for fw4 compatibility - Add hotplug script (/etc/hotplug.d/iface/99-secubox-wan) for WAN interface events - Configure firewall include in postinst (type=script for fw4) - secubox-core bumped to 0.9.0-2 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
|||
| b7fb268f71 |
feat: Fix Client Guardian RPC, redesign Netifyd devices UI (v0.6.0-r26)
- Fix Client Guardian JS files: replace invalid 'require X as Y' syntax with direct RPC declarations (LuCI doesn't support as alias) - Add factory default profile to Client Guardian profiles.json - Redesign Netifyd devices page with modern card-based UI: - Device type detection with emoji icons - Gradient summary cards for stats - Responsive grid layout - Traffic distribution bars - Real-time refresh with pulse animation - Fix Netifyd RPC calls: use correct luci.secubox-netifyd object name - Add WAN access control feature to secubox-admin Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
|||
| e13a3f5b84 | hello | |||
| 4b8d72b6f6 |
feat: add cyberpunk theme to Apps Manager with debug logging and UCI config
SecuBox Core (v0.8.0-7): - Added UCI config /etc/config/secubox-appstore with multi-source catalog - Sources: GitHub (priority 1), Local Web, USB, Embedded fallback LuCI Admin Apps Manager (v1.0.0-11): - Cyberpunk UI transformation with debug logging - Neon terminal aesthetic with animated status indicators - Enhanced error handling with empty state messaging 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> |
|||
| 77dbd3d499 |
feat: Multi-source AppStore with version management and updates UI (Phases 1-3)
Implement comprehensive multi-source catalog system with automatic fallback,
advanced version tracking, and rich update management interfaces.
## Phase 1: Backend Infrastructure (COMPLETE)
### UCI Configuration
- **New**: `/etc/config/secubox-appstore`
- 4 source types: GitHub (remote), local web (remote), USB (local), embedded (fallback)
- Priority-based fallback (1=highest, 999=embedded last resort)
- Settings: auto_sync, force_source, check_updates_on_boot, notify_updates
- Update checking with configurable intervals
### Catalog Sync Script
- **New**: `/usr/sbin/secubox-catalog-sync` (364 lines)
- Automatic multi-source fallback by priority
- Download tools: uclient-fetch, wget, curl (auto-detect)
- HTTP caching: ETag support, 304 Not Modified handling
- JSON validation before use
- Metadata tracking with jq
- Logging to syslog
- Source types: remote (HTTPS/HTTP), local (filesystem), embedded (ROM)
### CLI Enhancement
- **Modified**: `/usr/sbin/secubox-appstore`
- New commands: `sync [source]`, `check-updates [--json]`, `changelog <app> [version]`
- `get_active_catalog()`: Reads from cache or embedded
- `sync_catalog()`: Wrapper for secubox-catalog-sync
- `check_updates()`: Version comparison with opkg
- `get_changelog()`: Extracts from catalog JSON
### Metadata Structure
- **New**: `/usr/share/secubox/catalog-metadata.json.example`
- Active source tracking
- Source status (online/offline/error)
- ETag cache for HTTP sources
- Installed apps version tracking
- Update statistics
### Makefile Updates
- **Modified**: `secubox-core/Makefile`
- PKG_RELEASE: 5 → 6
- Added conffiles: `/etc/config/secubox-appstore`
- Install secubox-catalog-sync binary
- Install catalog-metadata.json.example
- Added dependency: +jq
- postinst: Create cache directories (/var/cache/secubox/catalogs, /var/lib/secubox)
## Phase 2: RPCD Backend (COMPLETE)
### New RPC Methods
- **Modified**: `/usr/libexec/rpcd/luci.secubox`
- `get_catalog_sources()`: List configured sources from UCI, status from metadata
- `set_catalog_source(source)`: Configure force_source in UCI
- `sync_catalog([source])`: Trigger catalog sync (auto-fallback or specific)
- `check_updates()`: Compare installed vs catalog versions
- `get_app_versions(app_id)`: Detailed version info (pkg, app, installed, catalog)
- `get_changelog(app_id, from, to)`: Extract changelog from catalog
- `get_widget_data(app_id)`: Widget metrics (Phase 5 prep)
All methods integrate with:
- UCI config parsing (`config_load`, `config_foreach`)
- Metadata file reading (`/var/lib/secubox/catalog-metadata.json`)
- Catalog reading (`/var/cache/secubox/catalogs/*.json` or embedded)
- opkg version checking
## Phase 3: Frontend LuCI Views (COMPLETE)
### API Module Enhancement
- **Modified**: `secubox-admin/api.js`
- New RPC declarations: 7 new methods
- Exports: `getCatalogSources`, `setCatalogSource`, `syncCatalog`,
`checkUpdates`, `getAppVersions`, `getChangelog`, `getWidgetData`
### Catalog Sources Management
- **New**: `view/secubox-admin/catalog-sources.js` (370 lines)
- Live source status display (online/offline/error)
- Priority-based ordering
- Active source indicator
- Per-source actions: Sync, Test, Set Active, Enable/Disable
- Summary stats: Total sources, active source, updates available
- Auto-refresh every 30 seconds
- Timestamp formatting (relative: "5 minutes ago", "2 days ago")
### Updates Manager
- **New**: `view/secubox-admin/updates.js` (380 lines)
- Available updates list with version comparison
- Changelog preview in update cards
- Version arrows: "0.3.0-1 → 0.4.0-2"
- Per-app actions: Update Now, View Full Changelog, Skip Version
- Batch update: "Update All" button
- Check for Updates: Sync + check flow
- Auto-refresh every 60 seconds
- No updates state: Checkmark with message
### Apps Manager Enhancement
- **Modified**: `view/secubox-admin/apps.js`
- Load update info on page load
- Update available badges (warning style)
- Version display with tooltip (installed → available)
- Visual indicators: `.has-update`, `.version-outdated` classes
- New filter: "Updates Available" / "Installed" / "Not Installed"
- Changelog button on all apps (installed or not)
- Update button for apps with available updates
- `updateApp()`: Shows changelog before update
- `viewChangelog()`: Modal with version history
- `filterByStatus()`: Filter by update/install status
### Menu Integration
- **Modified**: `menu.d/luci-app-secubox-admin.json`
- New entries:
- "Updates" (order: 25) → `/admin/secubox/admin/updates`
- "Catalog Sources" (order: 27) → `/admin/secubox/admin/catalog-sources`
- Placed between Apps Manager and App Settings
## Data Flow Architecture
```
User Action (Web UI)
↓
LuCI View (catalog-sources.js, updates.js, apps.js)
↓
API Module (api.js RPC calls)
↓
RPCD Backend (luci.secubox)
↓
CLI Scripts (secubox-appstore, secubox-catalog-sync)
↓
Data Layer
├── UCI Config (/etc/config/secubox-appstore)
├── Cache (/var/cache/secubox/catalogs/*.json)
├── Metadata (/var/lib/secubox/catalog-metadata.json)
└── Embedded (/usr/share/secubox/catalog.json)
```
## Fallback Logic
1. User triggers sync (or auto-sync)
2. secubox-catalog-sync reads UCI config
3. Sorts sources by priority (1 = GitHub, 2 = Local Web, 3 = USB, 999 = Embedded)
4. Attempts each source in order:
- GitHub HTTPS → timeout/fail → Next
- Local Web → unreachable → Next
- USB → not mounted → Next
- Embedded → Always succeeds (ROM)
5. First successful source becomes active
6. Metadata updated with status, ETag, timestamp
7. Cache written to `/var/cache/secubox/catalogs/<source>.json`
## Version Tracking
- **PKG_VERSION**: OpenWrt package version (e.g., "0.4.0")
- **PKG_RELEASE**: Build release number (e.g., "2")
- **pkg_version**: Full package string "0.4.0-2" (in catalog)
- **app_version**: Underlying app version (e.g., "0.4.0")
- **installed_version**: From `opkg list-installed`
- **catalog_version**: From active catalog JSON
- **Comparison**: Uses `opkg compare-versions` for semantic versioning
## Storage Layout
```
/etc/config/secubox-appstore # UCI configuration
/var/cache/secubox/catalogs/ # Downloaded catalogs (755/644)
├── github.json
├── local_web.json
└── usb.json
/var/lib/secubox/ # Runtime metadata (700/600)
└── catalog-metadata.json
/usr/share/secubox/catalog.json # Embedded fallback (ROM)
```
## Key Features
✅ **Multi-source support**: GitHub + Web + USB + Embedded
✅ **Automatic fallback**: Priority-based with retry logic
✅ **HTTP optimization**: ETag caching, 304 Not Modified
✅ **Version management**: PKG + App versions, changelog tracking
✅ **Update notifications**: Badges, filters, dedicated updates page
✅ **Offline capable**: USB and embedded sources work without internet
✅ **Live status**: Auto-refresh, real-time source health
✅ **User control**: Manual sync, force specific source, enable/disable sources
## Files Modified (8)
- package/secubox/secubox-core/Makefile
- package/secubox/secubox-core/root/usr/libexec/rpcd/luci.secubox
- package/secubox/secubox-core/root/usr/sbin/secubox-appstore
- package/secubox/luci-app-secubox-admin/htdocs/luci-static/resources/secubox-admin/api.js
- package/secubox/luci-app-secubox-admin/htdocs/luci-static/resources/view/secubox-admin/apps.js
- package/secubox/luci-app-secubox-admin/root/usr/share/luci/menu.d/luci-app-secubox-admin.json
## Files Created (4)
- package/secubox/secubox-core/root/etc/config/secubox-appstore
- package/secubox/secubox-core/root/usr/sbin/secubox-catalog-sync
- package/secubox/secubox-core/root/usr/share/secubox/catalog-metadata.json.example
- package/secubox/luci-app-secubox-admin/htdocs/luci-static/resources/view/secubox-admin/catalog-sources.js
- package/secubox/luci-app-secubox-admin/htdocs/luci-static/resources/view/secubox-admin/updates.js
## Next Steps (Phase 4-5)
- Phase 4: Enrich catalog.json with changelog sections
- Phase 5: Widget system (renderer + templates for security/network/monitoring)
- Phase 6: Auto-sync service with cron
- Phase 7: Optimizations (signature validation, compression, CDN)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|||
| dd588e0520 |
fix(secubox): complete LuCI interface fixes - all views now functional
Fixed 5 major issues in SecuBox LuCI interface:
1. AppStore Empty (secubox-core v0.8.0-r3)
- Simplified get_appstore_apps RPCD method
- Removed complex error handling that was failing silently
- Added catalog.json (38 KB, 37 plugins) to Makefile installation
- Result: AppStore now displays 37 plugins in 8 categories
2. Dashboard/Components Empty (secubox-core v0.8.0-r3)
- Implemented 3 new RPCD methods:
* get_dashboard_data - Module counts and system uptime
* get_system_health - CPU, memory, disk metrics with health score
* get_alerts - System threshold alerts
- Result: Dashboard shows health score 93/100, system metrics
3. Modules View Empty (luci-app-secubox v0.7.1-r1)
- Fixed API method name mismatches in api.js:
* modules → getModules
* status → getStatus
* module_info → getModuleInfo
* health → getHealth
- Updated ACL with all new RPCD method names
- Added debug logging to modules.js
- Removed conflicting config files
- Result: 61 modules displayed with working filters
4. System Hub Components Empty (luci-app-system-hub v0.5.1-r3)
- Fixed RPCD backend call: modules → getModules
- Updated ACL to allow new SecuBox method names
- Result: 61 components displayed
5. Catalog/Profile/Template Files
- Added 39 individual plugin catalog files
- Added 5 profile JSON files (enterprise, home-office, etc.)
- Added 2 template files (firewall-zone, nginx-vhost)
- Updated Makefile to install all catalog files
Version bumps:
- secubox-core: 0.8.0-r1 → 0.8.0-r3
- luci-app-secubox: 0.7.0-r6 → 0.7.1-r1
- luci-app-system-hub: 0.5.1-r2 → 0.5.1-r3
Files modified: 13 modified, 46 added, 2 deleted
Lines of code: ~300+ added
RPCD methods: 3 added, 5 fixed
ACL files: 2 updated
Status: Production ready - all backend tests passing
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
|||
| d2f56e0aab |
feat(secubox-core): implement modular framework foundation v0.8.0
Add comprehensive SecuBox Core Framework - production-ready modular infrastructure for OpenWrt-based security appliances. ## Core Components ### Service Infrastructure - procd-managed secubox-core daemon - UCI configuration schema (/etc/config/secubox) - First-boot provisioning system - Automatic directory structure creation - Device ID generation ### CLI Interface (secubox) Complete command-line interface with 6 main commands: - app: Module/AppStore management - profile: Profile and template engine - device: Device operations and info - net: Network management tools - diag: Diagnostics and health checks - ai: AI copilot stub (experimental) ### Module Management (AppStore) - Catalog-based module discovery (22 modules) - Installation/removal workflows - Dependency resolution via opkg - Lifecycle hooks (pre/post install/remove) - Module health monitoring - JSON and table output formats ### Profile Engine - Declarative configuration (YAML/JSON) - Module orchestration - UCI override system - Dry-run validation - Configuration export ### Diagnostics System - CPU, memory, storage monitoring - Network connectivity tests - Service health checks - Configurable thresholds - Color-coded output - Diagnostic report generation ### Recovery System - Automatic snapshot creation - Configuration backup/restore - Rollback capability - Interactive recovery mode - Snapshot management (keep last 5) ### ubus RPC API (luci.secubox) Complete RPC interface with 20+ methods: - getStatus, getVersion, reload - getModules, installModule, removeModule - listProfiles, applyProfile, validateProfile - runDiagnostics, getHealth, getLogs - createSnapshot, restoreSnapshot, listSnapshots ### Supporting Tools - secubox-verify: Module signature verification - common.sh: Shared helper functions - Example profiles ## Technical Details **Package**: secubox-core v0.8.0 **Dependencies**: bash, libubox, libubus, libuci, rpcd, jsonfilter **Size**: ~85KB (source) **Memory**: ~16MB footprint **Files**: 16 files total ## Architecture Native OpenWrt integration: - procd for service management - ubus for RPC communication - UCI for configuration - opkg for package management - BusyBox-compatible scripts ## Module Discovery Automatically discovers 22 existing SecuBox modules: - adguardhome, auth-guardian, bandwidth-manager - cdn-cache, client-guardian, crowdsec-dashboard - domoticz, ksm-manager, lyrion, magicmirror - media-flow, mqtt-bridge, netdata-dashboard - netifyd-dashboard, network-modes, nextcloud - secubox-hub, system-hub, traffic-shaper - vhost-manager, wireguard-dashboard, zigbee2mqtt ## Deployment Status ✅ Tested on router (root@192.168.8.191) ✅ All core functionality verified ✅ Module discovery working (22/22) ✅ ubus API operational ✅ Health checks passing ✅ Recovery system functional ## Documentation - README.md: Comprehensive user documentation (11KB) - IMPLEMENTATION.md: Technical implementation details (16KB) - Example profile: home-basic.json ## Next Phase (v0.9.0) - LuCI WebUI integration - Enhanced profile templating - Module installation workflows - Dashboard views 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> |
