Merge pull request #23 from rxf-sys/claude/auth-accounts

fix: address audit findings — restart 500, drawer a11y, polling, erro…

Author: rxf-sys

backend/app/clients/cloudflare.py

@@ -94,7 +94,10 @@ async def _get_paginated(
 
 async def fetch_tunnel_status(settings: Settings) -> TunnelStatus:
     if not (settings.cf_api_token and settings.cf_account_id and settings.cf_tunnel_id):
-        return TunnelStatus()
+        return TunnelStatus(
+            reachable=False,
+            error="CF_API_TOKEN, CF_ACCOUNT_ID oder CF_TUNNEL_ID nicht konfiguriert",
+        )
     async with httpx.AsyncClient(timeout=8.0) as client:
         try:
             tunnel = await _get(
@@ -114,7 +117,12 @@ async def fetch_tunnel_status(settings: Settings) -> TunnelStatus:
                 error=str(e),
                 error_type=type(e).__name__,
             )
-            return TunnelStatus(id=settings.cf_tunnel_id, status="unknown")
+            return TunnelStatus(
+                id=settings.cf_tunnel_id,
+                status="unknown",
+                reachable=False,
+                error=f"Cloudflare-API nicht erreichbar: {type(e).__name__}",
+            )
 
     raw_status = (tunnel.get("status") if isinstance(tunnel, dict) else None) or "unknown"
     mapped = {"healthy": "healthy", "degraded": "degraded", "down": "down", "inactive": "down"}.get(
@@ -150,15 +158,17 @@ async def fetch_wan_ip() -> str | None:
             return None
 
 
-async def fetch_certs(settings: Settings) -> list[CertInfo]:
+async def fetch_certs(settings: Settings) -> tuple[list[CertInfo], str | None]:
+    """Return ``(certs, error)``. ``error`` is None on success, otherwise a
+    human-readable reason (unconfigured / API unreachable)."""
     if not (settings.cf_api_token and settings.cf_zone_id):
-        return []
+        return [], "CF_API_TOKEN oder CF_ZONE_ID nicht konfiguriert"
     async with httpx.AsyncClient(timeout=8.0) as client:
         try:
             packs = await _get(client, settings, f"/zones/{settings.cf_zone_id}/ssl/certificate_packs")
         except httpx.HTTPError as e:
             log.warning("cloudflare.certs_failed", zone=settings.cf_zone_id, error=str(e))
-            return []
+            return [], f"Cloudflare-API nicht erreichbar: {type(e).__name__}"
     out: list[CertInfo] = []
     now = datetime.now(timezone.utc)
     if isinstance(packs, list):
@@ -188,7 +198,7 @@ async def fetch_certs(settings: Settings) -> list[CertInfo]:
         key = (c.domain, c.issuer)
         if key not in dedup or dedup[key].days_left > c.days_left:
             dedup[key] = c
-    return sorted(dedup.values(), key=lambda c: c.days_left)
+    return sorted(dedup.values(), key=lambda c: c.days_left), None
 
 
 async def fetch_access_sessions(settings: Settings, hours: int = 24, limit: int = 100) -> dict:

backend/app/clients/proxmox.py

@@ -367,21 +367,29 @@ async def restart_guest(settings: Settings, vmid: int, gtype: str) -> bool:
     the reboot call alone just means the task was queued — for VMs/CTs that
     fail to shut down cleanly the actual reboot can still error out, and we
     want the dashboard's success toast to reflect that.
+
+    Any transport-level failure (PVE unreachable, timeout) is swallowed and
+    reported as ``False`` so the API never 500s on a restart request.
     """
     path_type = "lxc" if gtype.lower() in ("lxc", "ct") else "qemu"
-    async with httpx.AsyncClient(verify=settings.proxmox_verify_tls, timeout=10.0) as client:
-        r = await client.post(
-            f"{_base_url(settings)}/nodes/{settings.proxmox_node}/{path_type}/{vmid}/status/reboot",
-            headers=_auth_header(settings),
-        )
-        if r.status_code not in (200, 202):
-            return False
-        # PVE returns the UPID as the `data` field of a plain JSON envelope.
-        try:
-            upid = r.json().get("data")
-        except ValueError:
-            upid = None
-        if not isinstance(upid, str) or not upid.startswith("UPID:"):
-            # No UPID — fall back to the legacy "accepted == success" semantics.
-            return True
-        return await _wait_for_task(client, settings, upid)
+    try:
+        async with httpx.AsyncClient(verify=settings.proxmox_verify_tls, timeout=10.0) as client:
+            r = await client.post(
+                f"{_base_url(settings)}/nodes/{settings.proxmox_node}/{path_type}/{vmid}/status/reboot",
+                headers=_auth_header(settings),
+            )
+            if r.status_code not in (200, 202):
+                log.info("proxmox.restart_rejected", vmid=vmid, status=r.status_code)
+                return False
+            # PVE returns the UPID as the `data` field of a plain JSON envelope.
+            try:
+                upid = r.json().get("data")
+            except ValueError:
+                upid = None
+            if not isinstance(upid, str) or not upid.startswith("UPID:"):
+                # No UPID — fall back to the legacy "accepted == success" semantics.
+                return True
+            return await _wait_for_task(client, settings, upid)
+    except httpx.HTTPError as e:
+        log.warning("proxmox.restart_failed", vmid=vmid, error=str(e), error_type=type(e).__name__)
+        return False

backend/app/main.py

@@ -76,9 +76,10 @@ async def _gather_notify_snapshot() -> dict:
             if not isinstance(backup_summary, BaseException)
             else None
         ),
+        # fetch_certs returns a (certs, error) tuple; unwrap the list half.
         "certs": [
             {"domain": c.domain, "days_left": c.days_left}
-            for c in (certs_list if isinstance(certs_list, list) else [])
+            for c in (certs_list[0] if isinstance(certs_list, tuple) else [])
         ],
     }
 

backend/app/models.py

@@ -91,6 +91,11 @@ class TunnelStatus(BaseModel):
     regions: list[str] = Field(default_factory=list)
     cloudflared_version: str | None = None
     wan_ip: str | None = None
+    # ``reachable`` is False both when Cloudflare credentials are missing and
+    # when the API call fails — ``error`` carries the reason so the UI can
+    # tell "not configured" apart from a real outage.
+    reachable: bool = True
+    error: str | None = None
 
 
 # ---------- Backups ----------
@@ -178,3 +183,7 @@ class DNSRecordCheck(BaseModel):
 class CertsSnapshot(BaseModel):
     certs: list[CertInfo]
     dns: list[DNSRecordCheck]
+    # False when the Cloudflare API is unconfigured or unreachable, so the UI
+    # can tell "no certs" apart from "couldn't ask Cloudflare".
+    reachable: bool = True
+    error: str | None = None

backend/app/routers/certs.py

@@ -16,10 +16,16 @@
 @router.get("", response_model=CertsSnapshot)
 async def get_certs(settings: Settings = Depends(get_settings)) -> CertsSnapshot:
     async def loader() -> CertsSnapshot:
-        certs, dns = await asyncio.gather(
+        certs_result, dns = await asyncio.gather(
             cloudflare.fetch_certs(settings),
             cloudflare.fetch_dns_consistency(settings),
         )
-        return CertsSnapshot(certs=certs, dns=dns)
+        certs, cert_error = certs_result
+        return CertsSnapshot(
+            certs=certs,
+            dns=dns,
+            reachable=cert_error is None,
+            error=cert_error,
+        )
 
     return await cache.get_or_set("certs", settings.cache_ttl_certs, loader)

backend/tests/test_cloudflare.py

@@ -107,8 +107,9 @@ async def test_certs_dedupes_and_sorts(settings):
         },
     )
 
-    certs = await cloudflare.fetch_certs(settings)
+    certs, error = await cloudflare.fetch_certs(settings)
 
+    assert error is None
     assert len(certs) == 1
     assert certs[0].domain == "example.test"
     assert certs[0].days_left <= 10

backend/tests/test_proxmox.py

@@ -294,3 +294,17 @@ async def test_restart_guest_lxc_without_upid_falls_back_to_http_status(settings
     ok = await proxmox.restart_guest(settings, 101, "lxc")
 
     assert ok is True
+
+
+@pytest.mark.asyncio
+@respx.mock
+async def test_restart_guest_returns_false_when_pve_unreachable(settings):
+    """A transport error must degrade to False, not bubble up as a 500."""
+    base = f"https://{settings.proxmox_host}:{settings.proxmox_port}/api2/json"
+    respx.post(f"{base}/nodes/{settings.proxmox_node}/lxc/101/status/reboot").mock(
+        side_effect=httpx.ConnectError("connection refused")
+    )
+
+    ok = await proxmox.restart_guest(settings, 101, "lxc")
+
+    assert ok is False

frontend/src/App.tsx

@@ -28,6 +28,17 @@ import type { Account, BackupSnapshot, Guest } from './types';
 
 const SECTION_KEYS: Section[] = ['overview', 'server', 'network', 'backup', 'cloudflare', 'settings'];
 
+// Human-readable section names for the tabpanel's aria-label.
+const SECTION_LABELS: Record<Section, string> = {
+  overview: 'Übersicht',
+  server: 'Server',
+  network: 'Netzwerk',
+  backup: 'Backup',
+  cloudflare: 'Cloudflare',
+  admin: 'Konten',
+  settings: 'Einstellungen',
+};
+
 export function App() {
   const auth = useAuth();
 
@@ -54,6 +65,7 @@ function Dashboard({ user, onLogout }: DashboardProps) {
   const [selectedSvc, setSelectedSvc] = useState<string | null>(null);
   const [logsGuest, setLogsGuest] = useState<Guest | null>(null);
   const [confirmGuest, setConfirmGuest] = useState<Guest | null>(null);
+  const [verifyTarget, setVerifyTarget] = useState<BackupSnapshot | null>(null);
   const [toasts, setToasts] = useState<Toast[]>([]);
   const [paletteOpen, setPaletteOpen] = useState(false);
   const [helpOpen, setHelpOpen] = useState(false);
@@ -191,22 +203,19 @@ function Dashboard({ user, onLogout }: DashboardProps) {
     }
   };
 
-  const onVerifyBackup = useCallback(
-    async (snap: BackupSnapshot) => {
-      const ok = window.confirm(
-        `Verifikation für ${snap.target} (${new Date(snap.backup_time * 1000).toLocaleString()}) starten?`,
-      );
-      if (!ok) return;
-      try {
-        const r = await api.verifyBackup(snap.backup_type, snap.backup_id, snap.backup_time);
-        pushToast({ level: 'ok', title: `Verify gestartet · ${snap.target}`, body: `UPID: ${r.upid.slice(0, 32)}…` });
-        setTimeout(bkp.refresh, 2000);
-      } catch (e) {
-        pushToast({ level: 'err', title: 'Verify fehlgeschlagen', body: (e as Error).message });
-      }
-    },
-    [pushToast, bkp],
-  );
+  // Backup verification routes through the ConfirmModal (no native window.confirm).
+  const confirmVerify = useCallback(async () => {
+    const snap = verifyTarget;
+    if (!snap) return;
+    setVerifyTarget(null);
+    try {
+      const r = await api.verifyBackup(snap.backup_type, snap.backup_id, snap.backup_time);
+      pushToast({ level: 'ok', title: `Verify gestartet · ${snap.target}`, body: `UPID: ${r.upid.slice(0, 32)}…` });
+      setTimeout(bkp.refresh, 2000);
+    } catch (e) {
+      pushToast({ level: 'err', title: 'Verify fehlgeschlagen', body: (e as Error).message });
+    }
+  }, [verifyTarget, pushToast, bkp]);
 
   const onSnapshot = useCallback(async () => {
     const snapshot = {
@@ -234,15 +243,28 @@ function Dashboard({ user, onLogout }: DashboardProps) {
   useEffect(() => {
     if (errSig === lastErrSig.current) return;
     lastErrSig.current = errSig;
-    const errs: { name: string; err: Error | null }[] = [
+    const failed = [
       { name: 'System', err: sys.error },
       { name: 'Services', err: svc.error },
       { name: 'Tunnel', err: tun.error },
       { name: 'Backups', err: bkp.error },
       { name: 'Netzwerk', err: net.error },
-    ];
-    for (const { name, err } of errs) {
-      if (err) pushToast({ level: 'err', title: `${name}-API Fehler`, body: err.message });
+    ].filter((e) => e.err);
+    if (failed.length === 0) return;
+    // Bundle simultaneous failures into a single toast instead of flooding
+    // the user with one per endpoint.
+    if (failed.length === 1) {
+      pushToast({
+        level: 'err',
+        title: `${failed[0].name}-API Fehler`,
+        body: failed[0].err!.message,
+      });
+    } else {
+      pushToast({
+        level: 'err',
+        title: `${failed.length} API-Endpunkte nicht erreichbar`,
+        body: failed.map((e) => e.name).join(', '),
+      });
     }
   }, [errSig, sys.error, svc.error, tun.error, bkp.error, net.error, pushToast]);
 
@@ -297,22 +319,23 @@ function Dashboard({ user, onLogout }: DashboardProps) {
           <button className="btn" type="button" onClick={() => setPaused(false)}>Fortsetzen</button>
         </div>
       )}
-      <main className="dash-main" id={`section-${section}`} role="tabpanel" aria-label={section}>
+      <main className="dash-main" id={`section-${section}`} role="tabpanel" aria-label={SECTION_LABELS[section]}>
         {section === 'overview' && (
           <>
             <AttentionHero
               guests={guests}
               services={services}
               certs={cer.data?.certs ?? []}
               backups={bkp.data}
+              tunnel={tun.data}
               certWarnDays={ui.certWarnDays}
               onInspectService={setSelectedSvc}
               onInspectGuest={onInspectGuest}
             />
             <HostPanel host={sys.data?.host ?? null} guests={guests} />
             <div className="quick-stats">
               <KpiStrip guests={guests} services={services} />
-              <AuditLog />
+              <AuditLog pollMs={pollFast} />
             </div>
             <ServiceGrid
               services={services}
@@ -327,7 +350,7 @@ function Dashboard({ user, onLogout }: DashboardProps) {
             <HostPanel host={sys.data?.host ?? null} guests={guests} />
             <div className="quick-stats">
               <KpiStrip guests={guests} services={services} />
-              <AuditLog />
+              <AuditLog pollMs={pollFast} />
             </div>
             <VMTable guests={guests} onLogs={onLogs} onRestart={onRestart} />
             <ServiceGrid
@@ -338,12 +361,14 @@ function Dashboard({ user, onLogout }: DashboardProps) {
             />
           </>
         )}
-        {section === 'network' && <NetworkPanel network={net.data} tunnel={tun.data} />}
+        {section === 'network' && (
+          <NetworkPanel network={net.data} tunnel={tun.data} pollMs={pollFast} />
+        )}
         {section === 'backup' && (
           <BackupsSection
             backups={bkp.data}
             guests={guests}
-            onVerify={onVerifyBackup}
+            onVerify={setVerifyTarget}
             onOpenGuest={onLogs}
           />
         )}
@@ -354,6 +379,7 @@ function Dashboard({ user, onLogout }: DashboardProps) {
             services={services}
             zoneName="rxf-sys.de"
             onSelectService={setSelectedSvc}
+            pollMs={pollCerts}
           />
         )}
         {section === 'admin' && isAdmin && (
@@ -392,10 +418,40 @@ function Dashboard({ user, onLogout }: DashboardProps) {
       />
       <ConfirmModal
         open={!!confirmGuest}
-        guest={confirmGuest}
+        title="Container neu starten?"
+        message={
+          confirmGuest && (
+            <>
+              <p style={{ margin: '0 0 8px' }}>
+                <strong>{confirmGuest.name}</strong> ({confirmGuest.type} {confirmGuest.id}) wird neu gestartet.
+              </p>
+              <p style={{ margin: 0, fontSize: 12, color: 'var(--text-3)' }}>
+                Die zugehörigen Services sind dabei ca. 30–60 Sekunden nicht erreichbar.
+              </p>
+            </>
+          )
+        }
+        confirmLabel="Restart"
+        danger
         onConfirm={confirmRestart}
         onCancel={() => setConfirmGuest(null)}
       />
+      <ConfirmModal
+        open={!!verifyTarget}
+        title="Backup verifizieren?"
+        message={
+          verifyTarget && (
+            <p style={{ margin: 0 }}>
+              Verifikation für <strong>{verifyTarget.target}</strong> (
+              {new Date(verifyTarget.backup_time * 1000).toLocaleString()}) starten? Der Job läuft
+              asynchron auf dem PBS.
+            </p>
+          )
+        }
+        confirmLabel="Verify starten"
+        onConfirm={confirmVerify}
+        onCancel={() => setVerifyTarget(null)}
+      />
       <CommandPalette
         open={paletteOpen}
         onClose={() => setPaletteOpen(false)}