Add connection profile and pangolin/proxy support

Introduce a unified ConnectionProfile system and UI for mobile: add lib/connection utilities, a ConnectionProfileForm component, and persistable profile handling. Refactor ApiContext to store a full connection profile (migrating legacy baseUrl/allowInsecure keys), validate drafts, build connection candidates, and attempt connections across candidates. Update API layer to accept a ConnectionProfile: ApiClient now supports proxy-basic (Basic auth + websocket credentials) and Pangolin (HTTP headers + websocket token param), adds verifyConnection, improved response parsing, and decorated websocket URLs. Update OfflineConnectionBanner, LoginPage, and MorePage to use the new profile flow and form. Add and adapt tests for client, context, services, routes, and connection helpers. Bump mobile package version to 2.3.2.

Author: hhftechnology

mobile/package-lock.json

@@ -2,7 +2,7 @@
   "name": "crowdsec-manager-mobile",
   "private": true,
   "description": "Mobile companion app for Crowdsec",
-  "version": "2.3.1",
+  "version": "2.3.2",
   "type": "module",
   "scripts": {
     "dev": "vite",

mobile/package.json

@@ -0,0 +1,214 @@
+import { useState } from 'react';
+import { Button } from '@/components/ui/button';
+import { Input } from '@/components/ui/input';
+import { Switch } from '@/components/ui/switch';
+import { Tabs, TabsList, TabsTrigger } from '@/components/ui/tabs';
+import {
+  DEFAULT_PANGOLIN_TOKEN_PARAM,
+  type ConnectionMode,
+  type ConnectionProfileDraft,
+} from '@/lib/connection';
+
+interface ConnectionProfileFormProps {
+  value: ConnectionProfileDraft;
+  onChange: (next: ConnectionProfileDraft) => void;
+  disabled?: boolean;
+}
+
+export function ConnectionProfileForm({
+  value,
+  onChange,
+  disabled = false,
+}: ConnectionProfileFormProps) {
+  const [showAdvanced, setShowAdvanced] = useState(
+    value.pangolinTokenParam !== DEFAULT_PANGOLIN_TOKEN_PARAM,
+  );
+  const shouldShowAdvanced =
+    showAdvanced || value.pangolinTokenParam !== DEFAULT_PANGOLIN_TOKEN_PARAM;
+
+  const update = <K extends keyof ConnectionProfileDraft>(
+    key: K,
+    nextValue: ConnectionProfileDraft[K],
+  ) => {
+    onChange({
+      ...value,
+      [key]: nextValue,
+    });
+  };
+
+  const updateMode = (mode: string) => {
+    onChange({
+      ...value,
+      mode: mode as ConnectionMode,
+    });
+  };
+
+  const urlPlaceholder =
+    value.mode === 'pangolin'
+      ? 'pangolin.example.com'
+      : value.allowInsecure
+        ? '192.168.1.10:8080'
+        : 'your-server.example.com';
+
+  return (
+    <div className="space-y-4">
+      <div className="space-y-2">
+        <div className="text-sm font-medium">Connection type</div>
+        <Tabs value={value.mode} onValueChange={updateMode} className="w-full">
+          <TabsList className="grid w-full grid-cols-3">
+            <TabsTrigger value="direct" disabled={disabled}>
+              Direct
+            </TabsTrigger>
+            <TabsTrigger value="proxy-basic" disabled={disabled}>
+              Proxy
+            </TabsTrigger>
+            <TabsTrigger value="pangolin" disabled={disabled}>
+              Pangolin
+            </TabsTrigger>
+          </TabsList>
+        </Tabs>
+      </div>
+
+      <div className="space-y-2">
+        <label htmlFor="connection-url" className="text-sm font-medium">
+          {value.mode === 'pangolin' ? 'Pangolin URL' : 'Server URL'}
+        </label>
+        <Input
+          id="connection-url"
+          type="text"
+          inputMode="url"
+          autoCapitalize="none"
+          autoCorrect="off"
+          spellCheck={false}
+          placeholder={urlPlaceholder}
+          value={value.baseUrl}
+          onChange={(event) => update('baseUrl', event.target.value)}
+          className="h-12 rounded-lg bg-card"
+          disabled={disabled}
+        />
+        <p className="text-xs text-muted-foreground">
+          Domain, IP, or host:port. Include http:// or https:// only if you want
+          to force the scheme.
+        </p>
+      </div>
+
+      {value.mode === 'proxy-basic' && (
+        <div className="grid grid-cols-1 gap-3 sm:grid-cols-2">
+          <div className="space-y-2">
+            <label htmlFor="proxy-username" className="text-sm font-medium">
+              Proxy username
+            </label>
+            <Input
+              id="proxy-username"
+              type="text"
+              autoCapitalize="none"
+              autoCorrect="off"
+              spellCheck={false}
+              autoComplete="username"
+              value={value.proxyUsername}
+              onChange={(event) => update('proxyUsername', event.target.value)}
+              disabled={disabled}
+            />
+          </div>
+          <div className="space-y-2">
+            <label htmlFor="proxy-password" className="text-sm font-medium">
+              Proxy password
+            </label>
+            <Input
+              id="proxy-password"
+              type="password"
+              autoComplete="current-password"
+              value={value.proxyPassword}
+              onChange={(event) => update('proxyPassword', event.target.value)}
+              disabled={disabled}
+            />
+          </div>
+        </div>
+      )}
+
+      {value.mode === 'pangolin' && (
+        <div className="space-y-3 rounded-lg border border-border bg-card p-3">
+          <div className="space-y-2">
+            <label htmlFor="pangolin-token" className="text-sm font-medium">
+              Pangolin access token
+            </label>
+            <Input
+              id="pangolin-token"
+              type="password"
+              autoCapitalize="none"
+              autoCorrect="off"
+              spellCheck={false}
+              placeholder="tokenId.tokenSecret"
+              value={value.pangolinToken}
+              onChange={(event) => update('pangolinToken', event.target.value)}
+              disabled={disabled}
+            />
+            <p className="text-xs text-muted-foreground">
+              Use the format <code>tokenId.tokenSecret</code>.
+            </p>
+          </div>
+
+          <div className="flex items-center justify-between gap-3">
+            <div>
+              <div className="text-sm font-medium">
+                Advanced token parameter
+              </div>
+              <div className="text-xs text-muted-foreground">
+                Default is {DEFAULT_PANGOLIN_TOKEN_PARAM}; WebSockets use this
+                query parameter.
+              </div>
+            </div>
+            <Button
+              type="button"
+              variant="ghost"
+              size="sm"
+              onClick={() => setShowAdvanced((open) => !open)}
+              disabled={disabled}
+            >
+              {shouldShowAdvanced ? 'Hide' : 'Show'}
+            </Button>
+          </div>
+
+          {shouldShowAdvanced && (
+            <div className="space-y-2">
+              <label
+                htmlFor="pangolin-token-param"
+                className="text-sm font-medium"
+              >
+                Token query parameter
+              </label>
+              <Input
+                id="pangolin-token-param"
+                type="text"
+                autoCapitalize="none"
+                autoCorrect="off"
+                spellCheck={false}
+                value={value.pangolinTokenParam}
+                onChange={(event) =>
+                  update('pangolinTokenParam', event.target.value)
+                }
+                disabled={disabled}
+              />
+            </div>
+          )}
+        </div>
+      )}
+
+      <div className="flex items-center justify-between gap-3 rounded-lg border border-border bg-card p-3">
+        <div>
+          <div className="text-sm font-medium">Insecure/LAN Mode</div>
+          <div className="text-xs text-muted-foreground">
+            {value.allowInsecure
+              ? 'HTTP and LAN URLs allowed'
+              : 'HTTPS required unless explicitly enabled'}
+          </div>
+        </div>
+        <Switch
+          checked={value.allowInsecure}
+          onCheckedChange={(checked) => update('allowInsecure', checked)}
+          disabled={disabled}
+        />
+      </div>
+    </div>
+  );
+}

mobile/src/components/ConnectionProfileForm.tsx

@@ -4,53 +4,64 @@ import { useApi } from '@/contexts/ApiContext';
 import { useMountEffect } from '@/hooks/useMountEffect';
 
 export function OfflineConnectionBanner() {
-  const { baseUrl, isAuthenticated } = useApi();
+  const { api, connectionProfile, isAuthenticated } = useApi();
   const [isOnline, setIsOnline] = useState(() => navigator.onLine);
   const [apiReachable, setApiReachable] = useState(true);
 
-  // Refs to avoid stale closures in the interval callback
-  const baseUrlRef = useRef(baseUrl);
+  const apiRef = useRef(api);
+  const baseUrlRef = useRef(connectionProfile?.baseUrl ?? '');
   const isAuthRef = useRef(isAuthenticated);
   const isOnlineRef = useRef(isOnline);
-  baseUrlRef.current = baseUrl;
+
+  apiRef.current = api;
+  baseUrlRef.current = connectionProfile?.baseUrl ?? '';
   isAuthRef.current = isAuthenticated;
   isOnlineRef.current = isOnline;
 
   useMountEffect(() => {
-    // Online/offline listeners
     const onOnline = () => setIsOnline(true);
     const onOffline = () => setIsOnline(false);
     window.addEventListener('online', onOnline);
     window.addEventListener('offline', onOffline);
 
-    // API reachability check
-    const controller = new AbortController();
+    let cancelled = false;
+
     const checkReachability = async () => {
-      if (!isAuthRef.current || !baseUrlRef.current || !isOnlineRef.current) {
-        setApiReachable(true);
+      if (!isAuthRef.current || !apiRef.current || !isOnlineRef.current) {
+        if (!cancelled) {
+          setApiReachable(true);
+        }
         return;
       }
+
       try {
-        const response = await fetch(`${baseUrlRef.current}/api/health/stack`, { signal: controller.signal });
-        setApiReachable(response.ok);
+        await apiRef.current.client.verifyConnection();
+        if (!cancelled) {
+          setApiReachable(true);
+        }
       } catch {
-        setApiReachable(false);
+        if (!cancelled) {
+          setApiReachable(false);
+        }
       }
     };
-    checkReachability();
-    const interval = window.setInterval(checkReachability, 15000);
+
+    void checkReachability();
+    const interval = window.setInterval(() => {
+      void checkReachability();
+    }, 15000);
 
     return () => {
+      cancelled = true;
       window.removeEventListener('online', onOnline);
       window.removeEventListener('offline', onOffline);
-      controller.abort();
       window.clearInterval(interval);
     };
   });
 
   if (!isOnline) {
     return (
-      <div className="sticky top-0 z-50 border-b border-warning/30 bg-warning/10 px-4 py-2 text-xs text-warning-foreground flex items-center gap-2">
+      <div className="sticky top-0 z-50 flex items-center gap-2 border-b border-warning/30 bg-warning/10 px-4 py-2 text-xs text-warning-foreground">
         <WifiOff className="h-3.5 w-3.5" />
         You are offline. Some actions may fail until connection is restored.
       </div>
@@ -59,9 +70,10 @@ export function OfflineConnectionBanner() {
 
   if (isAuthenticated && !apiReachable) {
     return (
-      <div className="sticky top-0 z-50 border-b border-destructive/30 bg-destructive/10 px-4 py-2 text-xs text-destructive flex items-center gap-2">
+      <div className="sticky top-0 z-50 flex items-center gap-2 border-b border-destructive/30 bg-destructive/10 px-4 py-2 text-xs text-destructive">
         <CloudOff className="h-3.5 w-3.5" />
-        API unreachable at {baseUrl}. Check server status or network path.
+        API unreachable at {baseUrlRef.current}. Check server status or network
+        path.
       </div>
     );
   }