feat(admin): Implement admin panel with user management and traffic tracking#74
Merged
ryanbekhen merged 17 commits intomasterfrom Mar 26, 2026
Merged
feat(admin): Implement admin panel with user management and traffic tracking#74ryanbekhen merged 17 commits intomasterfrom
ryanbekhen merged 17 commits intomasterfrom
Conversation
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
Add a dedicated `normalizeProxyTargetURL` function that validates the scheme, host, port, and path of incoming proxy requests. This replaces the previous simple scheme check with proper URL parsing and error handling. The change also tightens directory permissions for Bolt stores and adds validation for SOCKS5 domain length.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Standardize test comments from Indonesian to English for clarity and consistency. Replace `#nosec G704` with `#nosec G107` inline suppression to align with current gosec rule identifiers. Optimize SOCKS5 domain length lookup by using a pre‑computed static array instead of a runtime cast.
…ling Replace high-level HTTP client usage with direct TCP/TLS dialing and request/response writing. This improves control over connection timeouts, error handling, and reduces overhead. Add comprehensive unit tests for URL normalization, DNS resolution, and connection failures.
Add `--chmod=0755` flag to COPY instructions to ensure the nanoproxy binary has proper execute permissions. Remove unnecessary `mkdir -p /etc/nanoproxy` commands since the directory is not used for file storage. This simplifies the Dockerfiles while ensuring correct file permissions for the binary.
Update USER_STORE_PATH from /etc/nanoproxy to /var/lib/nanoproxy for better filesystem hierarchy compliance. This change affects configuration files, Dockerfiles, and documentation examples. The volume mounts are also updated to include the new data directory while maintaining backward compatibility with existing /etc/nanoproxy mounts.
Remove ADMIN_USERNAME and ADMIN_PASSWORD environment variables in favor of a secure initial setup flow. Admin credentials are now stored hashed in the user database and created via a web interface on first launch. This eliminates hardcoded credentials and improves security by using bcrypt for password hashing. The admin console is always enabled, with a setup page guiding users through initial account creation.
Add input validation for admin setup form including password mismatch detection, username format restrictions, and password length requirements. Implement proper redirect logic for already configured systems and prevent double setup attempts. The changes include extensive test coverage for various setup scenarios and edge cases, ensuring robust security and user experience.
Change INFO logs for successful connections to DEBUG level and suppress logging for expected network errors like EOF, connection resets, and timeouts. This makes the logs cleaner while preserving important error visibility. The new `shouldLogRequestError` helper filters out common transient network issues, and error wrapping is improved for better debugging context.
Introduce a new LOG_LEVEL configuration option to control the verbosity of debug logs. The default level is set to 'info', which suppresses debug messages that were previously logged for successful proxy connections. This reduces log noise in production environments while maintaining error visibility. The log level can be adjusted via the environment variable to enable debug output when needed.
The `-coverpkg=./...` flag was unnecessary as it defaults to testing all packages. This simplifies the test command while maintaining the same coverage behavior. Removing the redundant flag makes the workflow configuration cleaner and easier to maintain.
… management Mark authentication management as completed in the features checklist and remove the planned IP rotation API feature. The dashboard now supports managing authentication settings directly. This reflects current implementation status while keeping the documentation accurate and up-to-date.
Add traffic tracking methods to Session for byte count retrieval and enhance logging across HTTP and SOCKS5 proxies. HTTP proxy now logs authentication, resolution, and request completion details with traffic statistics. SOCKS5 proxy includes similar structured logging with username context and resolution information. Test coverage is expanded with new logging verification for both successful operations and debug-level details.
This was
linked to
issues
Apr 12, 2026
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces a persistent admin console and proxy user management system to NanoProxy, along with several related improvements to configuration, deployment, and testing. The most significant changes are the addition of a BoltDB-backed admin and user store, new configuration options for the admin interface and user persistence, and updates to Docker and documentation to support these features.
Admin Console and Persistent User Management:
ADDR_ADMIN(default:9090), with a BoltDB-backed admin account and persistent proxy user storage (USER_STORE_PATH). This includes a newpkg/adminpackage withBoltAdminStorefor admin credentials, and updates to usebboltfor storing users and traffic data. [1] [2] [3] [4]Configuration and Environment Variables:
ADDR_ADMIN,USER_STORE_PATH,ADMIN_COOKIE_SECURE,ADMIN_MAX_LOGIN_ATTEMPTS,ADMIN_LOGIN_WINDOW,ADMIN_LOCKOUT_DURATION,ADMIN_ALLOWED_ORIGINS) and updated documentation and config files to reflect these changes. Environment variables are now the preferred way to configure NanoProxy, and the legacy config file approach has been deprecated. [1] [2] [3] [4]Docker and Deployment:
9090), and set the default user store path. The Docker images now use Alpine 3.21 and improved file permissions. [1] [2]Testing and Quality Assurance:
Build and Coverage Pipeline:
-coverpkgflag for compatibility with the new user store logic. [1] [2] [3]These changes lay the groundwork for robust, persistent, and secure user and admin management in NanoProxy, making deployments more flexible and production-ready.