Pulse/cmd/pulse-sensor-proxy
rcourtman e2bd514899 Fix HTTP mode for pulse-sensor-proxy and improve installer safety
## HTTP Server Fixes
- Add source IP middleware to enforce allowed_source_subnets
- Fix missing source subnet validation for external HTTP requests
- HTTP health endpoint now respects subnet restrictions

## Installer Improvements
- Auto-configure allowed_source_subnets with Pulse server IP
- Add cluster node hostnames to allowed_nodes (not just IPs)
- Fix node validation to accept both hostnames and IPs
- Add Pulse server reachability check before installation
- Add port availability check for HTTP mode
- Add automatic rollback on service startup failure
- Add HTTP endpoint health check after installation
- Fix config backup and deduplication (prevent duplicate keys)
- Fix IPv4 validation with loopback rejection
- Improve registration retry logic with detailed errors
- Add automatic LXC bind mount cleanup on uninstall

## Temperature Collection Fixes
- Add local temperature collection for self-monitoring nodes
- Fix node identifier matching (use hostname not SSH host)
- Fix JSON double-encoding in HTTP client response

Related to #XXX (temperature monitoring fixes)
2025-11-13 18:22:36 +00:00
..
audit.go Add HTTP mode to pulse-sensor-proxy for multi-instance temperature monitoring 2025-11-13 16:13:53 +00:00
audit_test.go Make pulse-sensor-proxy resilient to read-only filesystems 2025-11-06 00:18:51 +00:00
auth.go feat(security): Implement range-based rate limiting 2025-11-07 17:08:45 +00:00
auth_test.go feat(security): Implement GID authorization enforcement 2025-11-07 17:09:16 +00:00
capabilities.go feat(security): Add capability-based authorization 2025-11-07 17:09:32 +00:00
cleanup.go feat: add comprehensive node cleanup system 2025-10-17 18:53:45 +00:00
config.example.yaml feat(security): Add node allowlist validation to prevent SSRF attacks 2025-11-07 17:08:28 +00:00
config.go Add HTTP mode to pulse-sensor-proxy for multi-instance temperature monitoring 2025-11-13 16:13:53 +00:00
http_server.go Fix HTTP mode for pulse-sensor-proxy and improve installer safety 2025-11-13 18:22:36 +00:00
main.go Add HTTP mode to pulse-sensor-proxy for multi-instance temperature monitoring 2025-11-13 16:13:53 +00:00
main_test.go feat(security): Add capability-based authorization 2025-11-07 17:09:32 +00:00
metrics.go feat(security): Add node allowlist validation to prevent SSRF attacks 2025-11-07 17:08:28 +00:00
ssh.go Fix HTTP mode for pulse-sensor-proxy and improve installer safety 2025-11-13 18:22:36 +00:00
ssh_test.go Add critical safety guards to temperature proxy installation 2025-11-13 10:26:46 +00:00
throttle.go Increase rate limiting for startup bursts 2025-11-13 15:42:26 +00:00
throttle_test.go feat(security): Implement range-based rate limiting 2025-11-07 17:08:45 +00:00
validation.go Fix security regression: use localhost-only fallback instead of permissive mode 2025-11-13 14:15:51 +00:00
validation_fuzz_test.go security: complete Phase 1 sensor proxy hardening 2025-10-20 15:13:37 +00:00
validation_test.go Improve sensor proxy cluster validation (Related to #703) 2025-11-12 19:17:45 +00:00