v2.1.0: Convert Flask to API-only backend with React WebUI#43
Open
PenguinzTech wants to merge 44 commits intomainfrom
Open
v2.1.0: Convert Flask to API-only backend with React WebUI#43PenguinzTech wants to merge 44 commits intomainfrom
PenguinzTech wants to merge 44 commits intomainfrom
Conversation
Version files added (all at v1.0.0):
- dns-client-go/.version - Go DNS client
- dns-server/.version - DNS server
- dns-client/.version - Python DNS client (docker-client)
- dns-server/flask_app/.version - Web console (webui)
Workflow updates:
- Go client workflow now uses dns-client-go/.version
- Build triggers only when component's .version changes
- Added Windows ARM64 to build targets (6 platforms total)
- Release tags now use format: v{VERSION}-go-client
Release notes reorganized with sections for each package:
- go-client, dns-server, docker-client, webui
- Each with independent versioning and changelogs
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add .version file monitoring to all build workflows - Implement epoch64 timestamp-based naming (alpha/beta-<epoch64>) - Add version-based release naming (vX.X.X-alpha/beta) - Add auto pre-release creation on .version changes - Add security scanning (gosec for Go, bandit for Python, npm audit for Node.js) - Create comprehensive docs/WORKFLOWS.md - Update docs/STANDARDS.md with CI/CD section - Update CLAUDE.md with CI/CD section and pre-commit checklist 🤖 Generated with Claude Code Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Backend: - Add DHCP models (pools, leases, reservations, servers) with PyDAL - Add Time models (servers, sync logs, clients, config) with PTP/NTP support - Add full REST API for DHCP pool management and lease tracking - Add full REST API for time server management and sync operations - Fix RBAC middleware: add check_team_access function - Fix team model: remove unsupported PyDAL unique constraint Frontend: - Add TypeScript types for DHCP and Time services - Add DHCPPools management component with utilization visualization - Add TimeServers management component with PTP/NTP protocol selection - Integrate new tabs into Management page Go Client: - Add NTP client package with automatic server failover - Add NTP forwarder to intercept OS time requests (port 123) - Add time configuration with environment variable support - Add CLI commands: time query, time forward, time status - Add comprehensive unit and integration tests Documentation: - Update API.md with DHCP and Time API endpoints - Update ARCHITECTURE.md with network services diagrams - Update STANDARDS.md with service-specific guidelines 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Restructure from server-side templates to a three-container architecture: - Flask backend serves JSON-only REST API with JWT + Flask-Login auth - React WebUI (Vite + TypeScript + Tailwind) as separate nginx container - DNS server unchanged Flask changes: add Flask-JWT-Extended, Flask-CORS, Flask-Limiter; convert all dashboard routes to /api/v1/ JSON endpoints; add safe PyDAL row serialization (exact type checks to exclude RecordUpdater/LazySet); enforce auth on all API endpoints. Docker: add Dockerfile.api for Flask, dns-webui service with nginx reverse proxy, update docker-compose.yml with new services. Tests: add comprehensive smoke test suite (130 tests) covering container health, API endpoints, JWT auth flows, pagination, and response formats. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fixes Dependabot alerts #33 and #34: - CVE: Next.js HTTP request deserialization DoS (high) - CVE: Next.js Image Optimizer DoS (medium) Also fixes js-yaml prototype pollution via npm audit fix. Remaining 2 moderate alerts (eslint stack overflow, Next.js PPR memory) require breaking major version upgrades and have no stable patches. quic-go alerts (#28-30) are already resolved on this branch (v0.59.0 includes all patches). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
The root Dockerfile's dns-server and dns-client stages both COPY docs/ into the image. The .dockerignore was excluding the docs directory, which would cause the CI docker-multi-build job to fail. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit addresses all identified security vulnerabilities across Python, Node.js, and Go components, and adds extensive smoke test coverage for both alpha (local) and beta (K8s) environments to ensure production readiness. Security Fixes: - Python: Update cryptography (41→44), PyMySQL (1.1.0→1.1.1), Pillow (10→11), aiohttp (3.9→3.11.11), add defusedxml for XXE prevention - Node.js: Update react-router-dom (6→7), eslint (8→9), vite (5→7), next (15→16) to fix XSS, DoS, and stack overflow vulnerabilities - Go: Fix integer overflow in NTP time handling, replace math/rand with crypto/rand, enforce TLS 1.2+ minimum, update quic-go to v0.59.0 New Features: - Add version management script (scripts/version/update-version.sh) supporting major/minor/patch/build version increments - Add 150 mock tests for isolated component testing (DNS client/server, Manager API, database operations) - Add 79 comprehensive smoke tests covering security, edge cases, integration, and user experience for alpha and beta environments Test Coverage: - Security: 32 tests (auth, authorization, input validation, injection prevention, CORS, TLS, data isolation) - Edge Cases: 37 tests (boundaries, special chars, concurrency, large datasets, error recovery) - Integration: 39 tests (component communication, data flow, K8s integration, monitoring) - User Experience: 24 tests (page loads, forms, navigation, error messages) - Mock Tests: 150 tests (fast, isolated, no network/database dependencies) Version: Bump to v2.1.1.1770072428 (patch increment for security fixes) Resolves: Critical PyMySQL SQL injection, XSS in react-router, integer overflow in Go NTP client, weak RNG in HTTP backoff, TLS misconfiguration Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Install shared/react_libs dependencies before webui build to resolve zod module import error during vite build. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Update dal2-beta cluster deployment to use the pre-existing penguintech-wildcard-tls certificate from cert-manager instead of generating a new certificate. Changes: - Create comprehensive K8s manifests in k8s/manifests/ - Configure ingress for squawk.penguintech.io with proper TLS - Use pre-existing Cloudflare wildcard certificate (penguintech-wildcard-tls) - Deploy DNS server, Flask API, WebUI, and Valkey services - Add health checks, resource limits, and HA configuration (2 replicas) - Configure proper routing: / → webui, /api/v1 → flask-api, /dns-query → dns-server Ingress Configuration: - Host: squawk.penguintech.io - TLS Secret: penguintech-wildcard-tls (Cloudflare wildcard cert) - SSL redirect enabled - NGINX ingress class Deployed to: dal2-beta cluster, squawk namespace Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Remove restrictive security contexts and add emptyDir volumes for directories that need write access (database logs, nginx cache). Fixes: - flask-api: Health check path /api/v1/health → /health - flask-api: Add volume mount for /app/flask_app/databases - webui: Add volume mounts for nginx cache and run directories - All: Remove runAsUser/runAsNonRoot to allow containers to start properly Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Change @penguin/react_libs reference from local file path to GitHub repository to ensure consistent versioning across all PenguinTech projects. - Update package.json to reference github:penguintechinc/penguin-libs#main - Install @penguintechinc/react-libs from main branch - Remove dependency on local shared/react_libs copy Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace local copies of shared libraries with git-referenced dependencies from github.com/penguintechinc/penguin-libs. This ensures consistent versioning across all PenguinTech projects. - Remove entire shared/ directory (react_libs, node_libs, go_libs, py_libs, licensing, database) including duplicate shared/shared/ nested copy - Update Dockerfile to remove COPY shared/react_libs build steps - Update tailwind.config.js content path to node_modules dist - Update all imports from @penguin/react_libs to @penguintechinc/react-libs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add Helm values-alpha/beta, Kustomize overlays (alpha/beta), manifests, and deploy-beta.sh script for consistent k8s deployment across all repos. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Clean up unnecessary README, quick-reference, and summary files from k8s/ directories. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The SquawkDNS website has been migrated to the centralized website repository at /home/penguin/code/website/squawkdns for unified deployment and management. Cloudflare Pages configuration is now centralized in the cloudflare repo. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
5 YAML form templates (bug, feature, chore, docs, security) with required labels, priority/component dropdowns, and acceptance criteria. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Test plan
🤖 Generated with Claude Code