luci-app-privoxy: add support for https inspection#8689
Conversation
Enables the user to create a custom ca and enable https inspection Signed-off-by: Richard Schneidt <ricsc@t-online.de>
openwrt-ai
left a comment
openwrt-ai
left a comment
There was a problem hiding this comment.
Reviewed the HTTPS-inspection changes (1 commit, 2 files). A few issues to address; see inline comments. The backend dependency on openwrt/packages#29660 is disclosed in the checklist, so the new UCI options not yet existing in a consumer is expected and not flagged.
Generated by Claude Code
| "file": { | ||
| "/etc/config/privoxy": ["write"], | ||
| "/etc/privoxy/regenerate_ca": ["write"] | ||
| } |
There was a problem hiding this comment.
The view calls callRcInit('privoxy', 'reload') (the rc ubus object's init method) in both handleSaveApply and the regenerate handler, but this ACL never grants access to it. Without a "ubus": { "rc": ["init"] } entry, non-root ACL groups will get an access-denied error on the reload call. Peer apps that use rc init grant it in both scopes (see luci-app-unbound and luci-app-ocserv).
| } | |
| "file": { | |
| "/etc/config/privoxy": ["write"], | |
| "/etc/privoxy/regenerate_ca": ["write"] | |
| }, | |
| "ubus": { | |
| "rc": [ "init" ] | |
| } |
Generated by Claude Code
| downloadBtn.inputstyle = 'primary'; | ||
| downloadBtn.inputtitle = _('Download CA Certificate'); | ||
| downloadBtn.onclick = L.bind(function() { | ||
| var certDir = document.querySelector('input[name="w.-privoxy.-privoxy.certdir"]'); |
There was a problem hiding this comment.
This selector will never match any element, so the download always silently falls back to the default /etc/privoxy/ssl. LuCI form widgets do not emit a name="w.-..." attribute. For a form.Value, the <input> carries id="widget.cbid.privoxy.privoxy.certdir" and no name attribute at all (see form.js renderWidget passing only id, and ui.js Textfield.render setting name from options.name, which is undefined here).
Use the form API instead of DOM scraping, e.g. read the live value via the option's formvalue:
var dir = certdir.formvalue('privoxy') || '/etc/privoxy/ssl';The same broken selector is used in the updateCertPath() post-render handler (lines 467, 468, 476), so the dynamic path display and the input listener never attach either; please convert those to the form API as well.
Generated by Claude Code
| if (confirm(_('Are you sure you want to regenerate the CA certificate? This will cause SSL warnings on all clients until the new certificate is installed.'))) { | ||
| // Create marker file to trigger certificate regeneration | ||
| return fs.write('/etc/privoxy/regenerate_ca', '1').then(function() { | ||
| console.log('UCI: marker file created successfully'); |
There was a problem hiding this comment.
nit: leftover debug logging. console.log('UCI: marker file created successfully') here and console.error('UCI error:', err) on line 306 should be removed before merge; the user-facing notifications already cover both the success and error paths.
Generated by Claude Code
Enables the user to create a custom ca and enable https inspection Signed-off-by: Richard Schneidt <ricsc@t-online.de>
2 participants
Enables the user to create a custom ca and enable https inspection
Pull request details
Description
Add support for https inspection
Screenshot or video of changes (if applicable)
Maintainer
@hnyman
Tested on
OpenWrt version: TRUNK and 25.12
LuCI version: openwrt-25.12 branch 26.155.67407
Web browser(s): Chrome,Firefox
Checklist