Skip to content

feat: proxy password security - encryption at rest and elevation-gated peek#172

Open
miguelAngelo1999 wants to merge 10 commits into
igoogolx:mainfrom
miguelAngelo1999:feat/proxy-password-security
Open

feat: proxy password security - encryption at rest and elevation-gated peek#172
miguelAngelo1999 wants to merge 10 commits into
igoogolx:mainfrom
miguelAngelo1999:feat/proxy-password-security

Conversation

@miguelAngelo1999

Copy link
Copy Markdown

Summary

This PR adds two layers of security for proxy passwords in Lux.

1. Encryption at rest (lux_core)

Proxy passwords in config.json are now encrypted using AES-GCM with a machine-derived key (Windows MachineGuid + SHA-256). The core decrypts on read and encrypts on write transparently — existing connections are unaffected.

The GET /proxies list endpoint now strips passwords from the response, so the web dashboard can no longer expose them.

2. Elevation-gated password peek (Flutter)

A new Show Password option is added to each proxy action menu. Clicking it:

  • On a newly created proxy (same session): shows the password immediately, once
  • On an existing proxy: prompts for the user Windows login password via LogonUser API

The password is fetched via a new GET /proxies/{id} endpoint which returns the decrypted password.

Flutter changes

  • lib/const/const.dart - add peekPassword to ProxyItemAction enum
  • lib/core/core_config.dart - add ProxyDetail model
  • lib/core/core_manager.dart - add getProxyDetail(), increase ping timeout 15s to 30s
  • lib/widget/proxy_item_action_menu.dart - add Show Password menu item
  • lib/widget/app_body.dart - handle peekPassword action
  • lib/widget/password_peek_dialog.dart - new: credential dialog + password reveal UI
  • lib/util/elevation_helper.dart - new: Windows LogonUser credential verification
  • lib/util/config_encryptor.dart - new: helper to read proxy password from config
  • lib/l10n/ - new i18n strings (en + zh)
  • windows/CMakeLists.txt - add cppwinrt/ATL paths for ARM64 build compatibility

lux_core changes (igoogolx/itun2socks - companion PR needed)

  • internal/configuration/crypto.go - new: AES-GCM encrypt/decrypt
  • internal/configuration/file.go - encrypt on Write(), decrypt on Read()
  • api/routes/proxy.go - add GET /{proxyId} endpoint, strip passwords from list

Notes

  • Requires companion PR to igoogolx/itun2socks for the core changes
  • windows/CMakeLists.txt change only affects ARM64 host builds, no-op on x64
  • checksum.dart updated for the patched lux_core binary

@JeromeNelsonC

Copy link
Copy Markdown

can you share a test build so that I can see if it works well?

@miguelAngelo1999 miguelAngelo1999 force-pushed the feat/proxy-password-security branch from 24a916d to ad20e75 Compare May 28, 2026 13:40
miguelAngelo1999 added a commit to miguelAngelo1999/itun2socks that referenced this pull request May 28, 2026
…dpoint

- Add AES-GCM encryption for proxy passwords in config.json using a
  machine-derived key (Windows MachineGuid + SHA-256 salt)
- Transparently decrypt on Read() and encrypt on Write() so all
  existing proxy connections continue to work unchanged
- Add GET /proxies/{id} endpoint that returns the full proxy config
  including the decrypted password (used by Flutter after credential
  verification)
- Strip passwords from GET /proxies list response so the web dashboard
  can no longer expose plaintext credentials
- Backward compatible: plaintext passwords in existing configs are
  encrypted on the next write

Companion PR: igoogolx/lux#172
@miguelAngelo1999 miguelAngelo1999 force-pushed the feat/proxy-password-security branch from ad20e75 to fcc3540 Compare June 5, 2026 12:59
@miguelAngelo1999

Copy link
Copy Markdown
Author

@JeromeNelsonC I'm just doing some finishing touches and as soons as its done ill send you the binary. Please test it and tell me your feedback.

@miguelAngelo1999 miguelAngelo1999 force-pushed the feat/proxy-password-security branch 6 times, most recently from 1c35d29 to 8c1ec15 Compare June 6, 2026 20:47
@JeromeNelsonC

Copy link
Copy Markdown

@miguelAngelo1999 I understand you might not want to make a release. but if you could put the installer in this public Gdrive folder, https://drive.google.com/drive/folders/1mm7sTaHvnrmMOjBM1arYFwKhO4ANlXVK, I would appreciate it. I'll the beta testing, if you wish.

@JeromeNelsonC

Copy link
Copy Markdown

If you could address some of my issues too it would be kind. I wanted to add sudoers rule for lux core on first run, I understand Igoogolx concern for not making it that way. But at least for test sake it would help.

Also Mail.app doesnt work in mixed mode on macOS.

Disabling rules would be nice from ui.

@miguelAngelo1999

Copy link
Copy Markdown
Author

i dropped some files into that folder. PLease share your feedback! @JeromeNelsonC

@JeromeNelsonC

Copy link
Copy Markdown

Oh! Great. Thanks. I will test for sure

igoogolx and others added 7 commits June 15, 2026 11:15
* chore: add device_info_plus dep

* fix: elevation not working on macOS-26

* chore: upgrade deps

* chore: update CHANGELOG

* feat: upgrade core

* feat: upgrade core

* chore: v1.40.3-beat.0

* ci: upgrade actions/setup-python

* ci: setup xcode version

* ci: upgrade flutter

* chore: v1.40.3-beat.1

* ci: setup xcode version

* chore: v1.40.3-beat.2

* ci: upgrade actions

* feat: upgrade core

* chore: v1.40.3-beat.3

* chore: update CHANGELOG

* feat: upgrade core

* chore: v1.40.3
…ted reveal

- AES-GCM encryption at rest for proxy passwords in config.json
- Lock Password: permanently prevent password from being revealed
- Unlock/Reset: clear locked password (requires admin verification)
- Show Password: admin credential verification before revealing
- Web dashboard: lock/reveal/unlock in proxy menu and edit form
- Eye icon in password field triggers admin verification flow
- Dio localhost proxy bypass for reliable core communication
- Direct lux_core process launch for faster startup
- Increased timeouts for autoconnect reliability
- Updated checksum and CMakeLists SDK paths
- i18n support (English + Chinese)
- Encryption at rest (AES-GCM with hardware UUID key)
- Auto-encrypt plaintext passwords on startup
- Admin elevation via osascript for password peek (Flutter)
- chmod 600 config file protection on macOS
- Lock password (hides from API, proxy keeps working)
- Reset password (wipes + unlocks, forces re-entry)
- Elevation bypass script (NOPASSWD sudoers)
- Localization strings for all security UI
- Check passwordLocked flag before showing 'no password configured'
- Update checksum for lux_core with one-time/timed password backend
@miguelAngelo1999 miguelAngelo1999 force-pushed the feat/proxy-password-security branch from 8c1ec15 to eef6846 Compare June 15, 2026 16:53
@miguelAngelo1999 miguelAngelo1999 marked this pull request as ready for review June 15, 2026 16:53
@miguelAngelo1999

Copy link
Copy Markdown
Author

@JeromeNelsonC Thanks for volunteering to test! Looking forward to your feedback.

@JeromeNelsonC

Copy link
Copy Markdown

The dmg isnt working. it says checksum error

@miguelAngelo1999

Copy link
Copy Markdown
Author

@JeromeNelsonC Sorry about that! The checksum verification was failing on the universal binary. Fixed now — dropping an updated DMG in the folder.

@jaubrey2019-design

Copy link
Copy Markdown

interested in this too.

@dlc-letelier

Copy link
Copy Markdown

Me too.

@miguelAngelo1999

Copy link
Copy Markdown
Author

I'm making siginificant changes, for my personal usecase, but if it interests any of you i would apreciate tesing and feedback. I just added things like home/office autodetect. switches to direct when at home. and also detects corporate ssl mitm cert and prompts to intsall. but that has nothing to do with password security, i will create new pr. Added optinos for pasasword type incase corporate admins rewquire to enter password so that it doesnt remain. Let me know if it all works. same gdrive folder cehck the latest file there. mac verison only for now. windows still on the password securty branch.

@igoogolx

Copy link
Copy Markdown
Owner

Thank you very much for your contribution. I’m currently busy with other things, but I’ll review the code as soon as I have time.

@igoogolx igoogolx self-requested a review June 24, 2026 17:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants