security+feat: v1.3.0 — pentest remediation, container reliability, UI overhaul
Security (33 pentest findings addressed):
- CRITICAL: backend binds 127.0.0.1, path traversal in tor.rs/dwn fixed
- HIGH: federation requires signatures, XSS login redirect, RBAC viewer restricted
- HIGH: tar slip prevention, S3 SSRF validation, backup ID validation
- MEDIUM: remember-me random secret, TOTP session rotation, password re-auth
- LOW: CSP unsafe-inline removed, CORS dev-only, onion/webhook validation
Container reliability:
- Memory limits on all 37 containers (OOM prevention)
- Exited vs stopped state distinction with health-aware status badges
- Crash recovery coordination (no more restart cascade)
- User-stopped tracking survives reboots
- Tiered boot recovery (databases → core → services → apps)
UI:
- Wallet TransactionsModal, health-aware app status badges
- Restart button on containers, exited/crashed red state
- Mesh view overhaul, glass button updates, BaseModal/ToggleSwitch
- Apps sticky header removed, dev faucet, mutable mock wallet
Infrastructure:
- LND REST port 8080 exposed over Tor (LND Connect fix)
- Nginx cookie_session fix, deploy script Tor config updated
- Dev environment: podman auto-start, boot mode simulation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 12:44:31 +00:00
|
|
|
---
|
2026-03-22 03:30:21 +00:00
|
|
|
name: v1.3.0 Session Status (March 20)
|
|
|
|
|
description: Tor management system, bug fixes, federation name sync — cloud files working both ways
|
security+feat: v1.3.0 — pentest remediation, container reliability, UI overhaul
Security (33 pentest findings addressed):
- CRITICAL: backend binds 127.0.0.1, path traversal in tor.rs/dwn fixed
- HIGH: federation requires signatures, XSS login redirect, RBAC viewer restricted
- HIGH: tar slip prevention, S3 SSRF validation, backup ID validation
- MEDIUM: remember-me random secret, TOTP session rotation, password re-auth
- LOW: CSP unsafe-inline removed, CORS dev-only, onion/webhook validation
Container reliability:
- Memory limits on all 37 containers (OOM prevention)
- Exited vs stopped state distinction with health-aware status badges
- Crash recovery coordination (no more restart cascade)
- User-stopped tracking survives reboots
- Tiered boot recovery (databases → core → services → apps)
UI:
- Wallet TransactionsModal, health-aware app status badges
- Restart button on containers, exited/crashed red state
- Mesh view overhaul, glass button updates, BaseModal/ToggleSwitch
- Apps sticky header removed, dev faucet, mutable mock wallet
Infrastructure:
- LND REST port 8080 exposed over Tor (LND Connect fix)
- Nginx cookie_session fix, deploy script Tor config updated
- Dev environment: podman auto-start, boot mode simulation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 12:44:31 +00:00
|
|
|
type: project
|
|
|
|
|
---
|
|
|
|
|
|
2026-03-19 23:03:11 +00:00
|
|
|
## Deployed to .228 + .198
|
2026-03-19 16:12:01 +00:00
|
|
|
|
2026-03-19 23:03:11 +00:00
|
|
|
### What's Live
|
2026-03-22 03:30:21 +00:00
|
|
|
- Full Tor hidden service management (systemd path unit pattern — tor-helper.sh)
|
|
|
|
|
- Container doctor: system Tor preferred, archy-tor container removed
|
|
|
|
|
- Federation name sync: server rename pushes to peers
|
|
|
|
|
- Cloud files working both ways over Tor
|
|
|
|
|
- Arch channel local echo for sent messages
|
|
|
|
|
- Web5 Message button → Mesh redirect
|
|
|
|
|
- Node names in federation/peers
|
|
|
|
|
- PeerFiles header shows name + DID (not onion)
|
|
|
|
|
- Connected Nodes flex height
|
|
|
|
|
- Server name persistence (root-owned file fixed)
|
|
|
|
|
- Tor services UI: add from installed apps, delete, restart, auth/protocol badges
|
|
|
|
|
- Layout: Network Interfaces + Tor Services stack on normal screens
|
2026-03-19 16:12:01 +00:00
|
|
|
|
2026-03-22 03:30:21 +00:00
|
|
|
### Architecture: Tor Management
|
|
|
|
|
- Backend writes staged torrc + action file to /var/lib/archipelago/tor-config/
|
|
|
|
|
- systemd path unit (archipelago-tor-helper.path) triggers root-level service
|
|
|
|
|
- tor-helper.sh processes actions: write-torrc-and-restart, restart, delete-service, sync-hostnames
|
|
|
|
|
- NoNewPrivileges=yes safe — no sudo from backend
|
|
|
|
|
- Container doctor ensures system Tor stays running after deploys
|
|
|
|
|
- Web apps: port 80 on .onion → local app port; Protocol services: direct port
|
2026-03-19 16:12:01 +00:00
|
|
|
|
2026-03-22 03:30:21 +00:00
|
|
|
### Onion Addresses (current)
|
|
|
|
|
- .228 archipelago: r33p5uzk2vxhdte4a5pfqgeax44a7b2lx57q32dxmx5llzyfz42lwnyd.onion
|
|
|
|
|
- .198 archipelago: mxn62m4odavwctlpsq2ozvhy3ibjpenlzemumwtkev7wviikttxvjhyd.onion
|
2026-03-19 16:12:01 +00:00
|
|
|
|
2026-03-22 03:30:21 +00:00
|
|
|
### Still TODO
|
|
|
|
|
1. **Tor channel chat** — messages via Archipelago channel need testing/polish
|
|
|
|
|
2. **ISO build** — update build-auto-installer-iso.sh with tor-helper, systemd units, container doctor changes
|
|
|
|
|
3. **Better error messaging** — when nodes are down, addresses changed, all situations
|
|
|
|
|
4. **File access permissions** — public (no auth), federated (full access), peer-set (specific files)
|
|
|
|
|
5. **Auth on Tor app access** — login before accessing app via .onion (post-beta candidate)
|
|
|
|
|
6. **.198 health check** — deploy health check times out on .198 (backend works, likely timing)
|
2026-03-19 16:12:01 +00:00
|
|
|
|
2026-03-22 03:30:21 +00:00
|
|
|
**Why:** Session continuity for v1.3.0 beta stabilization effort.
|
|
|
|
|
**How to apply:** Read at start of next session. Work on TODO items in order.
|