gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,482 Commits 4 Branches 293 Tags 320 MiB
fd54253f66
Commit Graph

12 Commits

Author SHA1 Message Date
CyberMind-FR
1bbd345cee refactor(luci): Mass KissTheme UI rework across all LuCI apps 
Convert 90+ LuCI view files from legacy cbi-button-* classes to
KissTheme kiss-btn-* classes for consistent dark theme styling.

Pattern conversions applied:
- cbi-button-positive → kiss-btn-green
- cbi-button-negative/remove → kiss-btn-red
- cbi-button-apply → kiss-btn-cyan
- cbi-button-action → kiss-btn-blue
- cbi-button (plain) → kiss-btn

Also replaced hardcoded colors (#080, #c00, #888, etc.) with
CSS variables (--kiss-green, --kiss-red, --kiss-muted, etc.)
for proper dark theme compatibility.

Apps updated include: ai-gateway, auth-guardian, bandwidth-manager,
cloner, config-advisor, crowdsec-dashboard, dns-provider, exposure,
glances, haproxy, hexojs, iot-guard, jellyfin, ksm-manager,
mac-guardian, magicmirror2, master-link, meshname-dns, metablogizer,
metabolizer, mqtt-bridge, netdata-dashboard, picobrew, routes-status,
secubox-admin, secubox-mirror, secubox-p2p, secubox-security-threats,
service-registry, simplex, streamlit, system-hub, tor-shield,
traffic-shaper, vhost-manager, vortex-dns, vortex-firewall,
webradio, wireguard-dashboard, zigbee2mqtt, zkp, and more.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-03-12 11:09:34 +01:00
CyberMind-FR
d01828d632 feat(avatar-tap): Add session capture and replay package 
New packages for passive network tap with session replay capabilities:

secubox-avatar-tap:
- Mitmproxy-based passive session capture
- Captures authenticated sessions (cookies, auth headers, tokens)
- SQLite database for session storage
- CLI tool (avatar-tapctl) for management
- Transparent proxy mode support
- Runs inside streamlit LXC container

luci-app-avatar-tap:
- KISS-style dashboard for session management
- Real-time stats (sessions, domains, replays)
- Replay/Label/Delete actions per session
- Start/Stop controls

Designed for SecuBox Avatar authentication relay system
with future Nitrokey/GPG integration.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-03-06 20:41:21 +01:00
CyberMind-FR
af1564821f feat(metablogizer): Add "Set as index" checkbox to upload modal 
- Upload modal now defaults to replacing index.html
- "Set as index" checkbox checked by default
- Uncheck to use original filename (shows destination field)
- Fixes issue where uploads weren't updating main page

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-25 12:16:23 +01:00
CyberMind-FR
ed0c95f8da fix(metablogizer): Use emancipated flag for Expose/Unpublish button 
- Changed button logic from exp.vhost_exists to exp.emancipated
- Non-emancipated sites now correctly show "Expose" button
- Emancipated sites show "Unpublish" button
- vhost_exists was incorrectly true for some non-emancipated sites

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-25 12:14:26 +01:00
CyberMind-FR
36fbff3958 fix(metablogizer): Resolve HAProxy stability and add WAF status display 
- Fixed random 404 errors caused by multiple HAProxy instances (container + host)
- Disabled host HAProxy service, container HAProxy now sole traffic handler
- Added auto-republish on upload for emancipated sites
- Added waf_enabled and emancipated fields to list_sites RPCD response
- Added WAF badge in LuCI dashboard Exposure column

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-25 10:19:33 +01:00
CyberMind-FR
0da6c125a8 feat(metablogizer): Add Edit button to site dashboard 
Add inline Edit button for each site in the dashboard allowing users
to modify site name, domain, description, and enabled status directly
from the overview page without navigating to settings.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-23 08:19:12 +01:00
CyberMind-FR
5a1276590e feat(metablogizer): Add KISS one-click features matching Streamlit 
- Add upload_and_create_site: one-click deploy with auto HAProxy setup
- Add unpublish_site: remove HAProxy vhost while preserving content
- Add set_auth_required: toggle authentication requirement per site
- Add get_sites_exposure_status: exposure/cert status for all sites
- Simplify dashboard to KISS UI pattern with status badges
- Action buttons: Share, Upload, Expose/Unpublish, Lock/Unlock, Delete

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-21 10:23:18 +01:00
CyberMind-FR
e58f479cd4 feat(waf): Update WAF scenarios with 2024-2025 CVEs and OWASP threats 
Add detection patterns for latest actively exploited vulnerabilities:
- CVE-2025-55182 (React2Shell, CVSS 10.0)
- CVE-2025-8110 (Gogs RCE), CVE-2025-53770 (SharePoint)
- CVE-2025-52691 (SmarterMail), CVE-2025-40551 (SolarWinds)
- CVE-2024-47575 (FortiManager), CVE-2024-21887 (Ivanti)
- CVE-2024-3400, CVE-2024-0012, CVE-2024-9474 (PAN-OS)

New attack categories based on OWASP Top 10 2025:
- HTTP Request Smuggling (TE.CL/CL.TE conflicts)
- AI/LLM Prompt Injection (ChatML, instruction markers)
- WAF Bypass techniques (Unicode normalization, double encoding)
- Supply Chain attacks (CI/CD poisoning, dependency confusion)
- Extended SSTI (Jinja2, Freemarker, Velocity, Thymeleaf)
- API Abuse (BOLA/IDOR, mass assignment)

CrowdSec scenarios split into 11 separate files for reliability.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-12 05:02:57 +01:00
CyberMind-FR
df34698acb feat(metablogizer): Add LuCI Emancipate button with async workflow 
- Add Emancipate button to dashboard sites table
- Implement async RPC with job polling to avoid XHR timeout
- Add emancipate + emancipate_status RPCD methods
- Add ACL permissions for new RPC methods
- Change HAProxy reload to restart for clean state
- Document RPCD ACL requirements in CLAUDE.md

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-06 08:52:53 +01:00
CyberMind-FR
304ac7b9a1 feat: P2P App Store, Remote Access & Mesh Media packages 
P2P App Store Emancipation:
- secubox-p2p: Package distribution via mesh peers (CGI API, RPCD, CLI)
- packages.js: LuCI view with LOCAL/PEER badges, fetch/install actions
- devstatus.js: Dev Status widget with Gitea commits, v1.0 progress tracking
- secubox-feed: sync-content command for auto-installing content packages
- ACL fix for P2P feed RPCD methods

Remote Access:
- secubox-app-rustdesk: Native hbbs/hbbr relay server from GitHub releases
- secubox-app-guacamole: LXC Debian container with guacd + Tomcat (partial)

Content Distribution:
- secubox-content-pkg: Auto-package Metablogizer/Streamlit as IPKs
- Auto-publish hooks in metablogizerctl and streamlitctl

Mesh Media:
- secubox-app-ksmbd: In-kernel SMB3 server with ksmbdctl CLI
- Pre-configured shares for Jellyfin, Lyrion, Backup

UI Consistency:
- client-guardian: Ported to sh-page-header chip layout
- auth-guardian: Ported to sh-page-header chip layout

Fixes:
- services.js: RPC expect unwrapping bug fix
- metablogizer: Chunked upload for uhttpd 64KB limit

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-05 00:33:53 +01:00
CyberMind-FR
60ed796b5a fix(metablogizer): Fix require path and async hosting status load 
- Fix qrcode require path (slash to dot notation)
- Load hosting status asynchronously to prevent XHR timeout
- Dashboard now loads instantly with sites, HAProxy/IP populate after

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-01 08:33:30 +01:00
CyberMind-FR
163364843e feat(metablogizer): KISS UI redesign with backend status 
- Replace overview.js with dashboard.js using standard cbi-* classes
- Add api.js module for RPC declarations
- Show port, runtime, backend_running status in sites table
- Add sync_config, discover_vhosts, import_vhost RPC methods
- Update ACL with new method permissions
- Menu: Sites -> Dashboard

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-01 08:06:22 +01:00