vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-04-28 19:41:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
3334 commits 5 branches 426 tags 376 MiB
Commit graph

10 commits

Author SHA1 Message Date
rcourtman
225da6eb39 security: strengthen public URL capture to enforce scope and admin checks 2026-02-03 18:49:42 +00:00
rcourtman
3e2824a7ff feat: remove Enterprise badges, simplify Pro upgrade prompts 
- Replace barrel import in AuditLogPanel.tsx to fix ad-blocker crash
- Remove all Enterprise/Pro badges from nav and feature headers
- Simplify upgrade CTAs to clean 'Upgrade to Pro' links
- Update docs: PULSE_PRO.md, API.md, README.md, SECURITY.md
- Align terminology: single Pro tier, no separate Enterprise tier

Also includes prior refactoring:
- Move auth package to pkg/auth for enterprise reuse
- Export server functions for testability
- Stabilize CLI tests
 2026-01-09 16:51:08 +00:00
rcourtman
4f824ab148 style: Apply gofmt to 37 files 
Standardize code formatting across test files and monitor.go.
No functional changes.
 2025-12-02 17:21:48 +00:00
rcourtman
08e47c5849 test: Add isRequestAuthenticated tests for API package 
Add comprehensive tests for the isRequestAuthenticated function covering:
- Nil inputs (config, request, both)
- Basic auth (valid, invalid password, invalid username, malformed base64, missing colon)
- API token via X-API-Token header
- API token via Bearer authorization header (case insensitive)
- Invalid/empty/whitespace API tokens
- No auth configured scenarios
- Empty session cookie handling

Coverage: isRequestAuthenticated 26.1% → 82.6%
Coverage: API package 30.7% → 30.9%
 2025-12-02 12:59:18 +00:00
rcourtman
52e4e36504 test: Add resolvePublicURL tests for API package 
Add comprehensive tests for the resolvePublicURL function covering:
- Configured PublicURL (simple, trailing slashes, ports, whitespace)
- Request-derived URL (HTTP, HTTPS via TLS, X-Forwarded-Proto)
- No host fallback (with/without frontend port)
- Nil request handling

Coverage: resolvePublicURL 12.5% → 100%
Coverage: API package 30.3% → 30.5%
 2025-12-02 12:45:04 +00:00
rcourtman
ad646e3923 test: Add tests for hostAgentSearchCandidates parameter variants 
Tests all code paths: strict mode (both params), platform only,
and no params (generic paths).
 2025-12-02 00:03:19 +00:00
rcourtman
a685ba26b4 test: Add edge case for capturePublicURLFromRequest nil inputs 
Tests the early return paths when router, request, or config are nil.
 2025-12-01 23:59:17 +00:00
rcourtman
7cbb5c061d test: Add edge case for canCapturePublicURL nil inputs 
Tests the early return paths when config or request are nil.
 2025-12-01 23:56:59 +00:00
rcourtman
14081a0aaf Add unit tests for router.go proxy header utility functions (api) 
Add 77 test cases for 4 previously untested utility functions:
- firstForwardedValue: 14 cases for X-Forwarded-For header parsing
- sanitizeForwardedHost: 27 cases for host sanitization with scheme/port handling
- isLoopbackHost: 20 cases for loopback detection (localhost, 127.x, ::1)
- shouldAppendForwardedPort: 16 cases for port appending decisions

Key edge cases covered:
- IPv6 address bracket handling in sanitizeForwardedHost
- Case-insensitive localhost detection
- Full 127.0.0.0/8 loopback range validation
- strconv.Atoi accepts negative port strings (documented as current behavior)
 2025-11-30 15:34:32 +00:00
rcourtman
0a623bee41 ADA: Add unit tests for isDirectLoopbackRequest 2025-11-29 20:07:59 +00:00