fix: Update runtime config when toggling Docker update actions setting

The DisableDockerUpdateActions setting was being saved to disk but not updated in h.config, causing the UI toggle to appear to revert on page refresh since the API returned the stale runtime value. Related to #1023
2026-05-05 23:36:37 +00:00 · 2026-01-03 11:14:17 +00:00 · 2026-01-03 11:14:17 +00:00 · 9e339957c6
commit 9e339957c6
parent fbbefa4546
52 changed files with 4820 additions and 362 deletions
--- a/cmd/pulse-sensor-proxy/audit_test.go
+++ b/cmd/pulse-sensor-proxy/audit_test.go
@ -3,8 +3,10 @@ package main
 import (
 	"bufio"
 	"encoding/json"
+	"errors"
 	"os"
 	"testing"
+	"time"
 )

 type auditRecord map[string]interface{}
@ -68,3 +70,75 @@ func TestAuditLogValidationFailure(t *testing.T) {
 		t.Fatalf("expected event_hash to be set")
 	}
 }
+
+func TestAuditLoggerFallback(t *testing.T) {
+	// Try to open a file in a non-existent directory to trigger fallback
+	logger := newAuditLogger("/nonexistent/directory/audit.log")
+	if logger.file != nil {
+		t.Error("expected file to be nil for fallback")
+	}
+
+	// Should not panic when logging to fallback
+	logger.LogConnectionAccepted("corr-456", &peerCredentials{uid: 0}, "local")
+	logger.Close()
+}
+
+func TestAuditLoggerAllEvents(t *testing.T) {
+	tmp, err := os.CreateTemp("", "audit-test-all-*.log")
+	if err != nil {
+		t.Fatal(err)
+	}
+	path := tmp.Name()
+	tmp.Close()
+	defer os.Remove(path)
+
+	logger := newAuditLogger(path)
+	cred := &peerCredentials{uid: 1000, gid: 1000, pid: 4242}
+
+	logger.LogConnectionAccepted("c1", cred, "r1")
+	logger.LogConnectionDenied("c2", cred, "r2", "bad token")
+	logger.LogRateLimitHit("c3", cred, "r3", "global")
+	logger.LogCommandStart("c4", cred, "r4", "t4", "cmd4", []string{"arg4"})
+	logger.LogCommandResult("c5", cred, "r5", "t5", "cmd5", []string{"arg5"}, 0, time.Second, "h1", "h2", nil)
+	logger.LogCommandResult("c6", cred, "r6", "t6", "cmd6", []string{"arg6"}, 1, time.Second, "", "", errors.New("exec error"))
+	logger.LogHTTPRequest("r7", "GET", "/path", 200, "ok")
+
+	// Log with nil creds
+	logger.LogConnectionAccepted("c8", nil, "r8")
+
+	// Log with nil logger (should handle gracefully if possible, but it's a pointer receiver)
+	// logger.log(nil) // Already tested indirectly via internal calls if event is nil
+
+	logger.Close()
+	// Double close should be fine
+	logger.Close()
+
+	// Basic verification that all lines are present
+	file, err := os.Open(path)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer file.Close()
+	scanner := bufio.NewScanner(file)
+	count := 0
+	for scanner.Scan() {
+		count++
+	}
+	if count != 8 {
+		t.Errorf("expected 8 audit entries, got %d", count)
+	}
+}
+
+func TestAuditEvent_ApplyPeer_Nil(t *testing.T) {
+	e := &AuditEvent{}
+	e.applyPeer(nil)
+	if e.PeerUID != nil {
+		t.Error("expected PeerUID to be nil")
+	}
+}
+
+func TestAuditLogNilEvent(t *testing.T) {
+	logger := newAuditLogger("") // This might fail or use fallback
+	// Calling a.log(nil) directly to test the nil check
+	logger.log(nil)
+}