Replace direct defers that ignored returned errors with explicit defer func() { _ = ... }() and use blank-assignment for Setenv/RemoveAll/Close to satisfy error-checking and ensure closures run. Convert several if-else chains to switch for clarity (status filter, test server path matching), switch strings.Replace to strings.ReplaceAll, and normalize some error/log message casing. These changes are minor refactors across handlers, services, database and tests to improve lint compliance and readability.
Introduce services/traefik_urls.go to centralize Traefik URL helpers and add opt-in fallback probing via TRAEFIK_API_FALLBACK_URLS. defaultTraefikURL now prefers TRAEFIK_API_URL before falling back to http://traefik:8080. main.go only auto-discovers the Traefik API when TRAEFIK_API_URL is empty and TRAEFIK_API_DISCOVER=true. Service fetchers were refactored to use fallbackTraefikURLsFromEnv (and return an error if no fallbacks are configured) and a noisy non-critical endpoint warning log was removed. These changes make fallback probing explicit and avoid silently overriding user-provided TRAEFIK_API_URL.
Bump Go versions in CI, Dockerfile and go.mod/toolchain to 1.25.x and update several module dependencies. Introduce rollbackTransaction(tx, context) and replace direct tx.Rollback() calls (including panic recovery) across handlers to centralize rollback logging/handling. Replace direct json.Unmarshal/Scan calls in tests with mustUnmarshalResponse/mustScan helpers. Add TrustedProxies to ServerConfig and configure Gin with SetTrustedProxies. Misc: adjust final Docker image (Alpine version and healthcheck command) and minor logging/formatting cleanups.
Add robust error checks and helpers, improve transaction safety, and refine default templates handling.
- Add api/handlers/test_helpers_test.go with mustUnmarshalResponse and mustScan helpers and update many handler tests to use them or to check json.Unmarshal errors to fail fast.
- Replace direct DB Scan calls in tests with mustScan or explicit error checks to surface query failures.
- Improve transaction rollback handling across codepaths (config handlers, database migrations, transaction utils, CertGenerator) to log rollback errors and avoid silent failures.
- Make WithTransaction/WithTimeoutTransaction/BatchTransaction formatting consistent and add panic-safe rollback logging.
- In main, log a warning instead of ignoring EnsureDefaultDataSources errors.
- Add/cleanup various helper blank assignments and small refactors in services (config_proxy, config_generator) and switch tests to shared response writers (writeJSONResponse/writeResponseBody) where applicable.
- Large cleanup and enhancements in config/defaults.go to preserve string formatting for YAML templates, ensure special fields are quoted/preserved, and tidy whitespace/formatting.
These changes improve test reliability, make DB/tx failures more visible, and ensure default template YAML preserves important string values.
Add support for a Traefik-only active data source by implementing buildStandaloneTraefikConfig and branching GetMergedConfig to avoid Pangolin network calls when active source is TraefikAPI. Refactor TraefikFetcher: centralize full-data loading, singleflight usage, caching, rate-limit helpers, fallback URL logic, and resource construction. Fix ServiceWatcher row handling by deferring rows.Close and checking rows.Err. Update many tests: un-skip and expand coverage for ConfigProxy (Traefik/Pangolin/unknown), TraefikFetcher (singleflight, endpoints, error cases), PluginFetcher, ResourceWatcher and ServiceWatcher; add test helpers (JSON writers, counting test server, model data source builder), adapt DB test inserts to new schema fields, and switch boolean flags to atomic as needed. Misc: tidy JSON handling and expected behaviors (e.g. plugin fetch returns empty on upstream error).
add safety across services: whitelist tables for DeleteInTransaction to prevent dynamic-SQL deletion abuse; remove a deprecated UpdateInTransaction helper. centralize HTTP client creation (HTTPClientWithTimeout/GetHTTPClient) and replace ad-hoc http.Clients with it; limit response body reads with io.LimitReader to avoid unbounded memory use; add better error logging when JSON marshal fails. Improve ConfigProxy cache handling to fetch outside locks, return stale cache on fetch errors, and only lock to swap the cache; add locking to SetCacheDuration and cap error body reads. convert ResourceWatcher isRunning to atomic.Bool for safe concurrent start/stop. Replace sync.Map memoization in id_normalizer with a bounded map protected by RWMutex (maxCacheSize), add cache flush behavior and tests/benchmarks to validate boundedness and hits. Miscellaneous test updates to match new behavior.
add a legacy_p12 boolean to CreateClientRequest (backend model and frontend type) to support generating PKCS#12 files with legacy encryption for iOS/older device compatibility. CertGenerator now selects pkcs12.Legacy when legacy_p12 is true (defaults to Modern otherwise). UI: add a checkbox to the client cert creation dialog and initialize form state to include legacy_p12.
Key middleware entries in generated and proxied Traefik configs by middleware name (so chain references by name work) instead of by ID. Join middleware names in resource queries and scan them (with fallback to ID when name is not available), add Name fields to middleware structs, and use the extracted base name when building final middleware references. Also update log messages to include both name and ID. In the UI, enforce and auto-sanitize middleware names to lowercase a-z0-9- and hyphens only.
Add extensive unit tests across the codebase (api/errors, cache, many models tests, util/id_normalizer and others) to improve coverage and validate behavior. Replace ServiceWatcher.isRunning bool with atomic.Bool for safer concurrent access, update Start/Stop logic and related imports, and adjust service_watcher_test accordingly. Also update traefik_fetcher_test to use atomic counters for request counting and add minor import changes (sync/atomic).
Introduce support for Traefik-native external middlewares referenced by resources.
- Database: add resource_external_middlewares table in migrations and ensure creation in post-migration updates.
- API: add handlers and routes to assign, remove and list external middlewares; include external_middlewares field in GetResources/GetResource responses (comma-separated name:priority:provider entries). Handlers validate resource status, use transactions, and log errors.
- Services: ConfigProxy now loads external middleware refs, merges them with internal middlewares sorted by priority when building resource config.
- UI: Resource detail component, API client, store and types updated to expose listing, assigning and removing external middlewares with UI controls and confirmation modal.
- Tests: add unit tests for assign/remove/list handlers and inclusion on GetResource.
This enables referencing middlewares defined outside MW-manager (e.g., Traefik dynamic config or plugins) and honors priority/provider metadata.
Refactored test files to use more idiomatic struct initialization and helper functions, reducing boilerplate and improving clarity. Added t.Skip calls to tests that are outdated or pending updates, and updated assertions in traefik_fetcher_test.go to use new method names. These changes improve maintainability and prepare the codebase for upcoming changes in fetcher and watcher behaviors.