Tests were importing the production engine and dropping all tables on
teardown, corrupting topology.db in the Docker volume. Set DATABASE_URL
to sqlite:///:memory: before any import in the test file, and use
StaticPool in database.py when running against :memory: so all
connections share the same in-memory database.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add MAX_PING_IPS=4096 constant and validate list size in PingRequest
before spawning futures, returning 422 on overflow
- Add test_ping_too_many_ips_rejected to cover the new cap
- Pin httpx<0.28 in requirements-test.txt (0.28 broke TestClient API)
- Fix reset_db fixture to set a known admin password regardless of
INITIAL_ADMIN_PASSWORD env var (was causing 401 on all auth tests)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Added _validate_iface_vlans() helper that checks all non-null vlan_ids
against the DB before any insert or update, returning a 400 instead of
letting SQLite raise an IntegrityError 500.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
update_vlan now checks for vlan_id conflicts (excluding the current
record) before committing, matching the behaviour of create_vlan and
preventing an unhandled IntegrityError 500.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Reduces ICMP concurrency from 100 to 10 workers when soft_scan=true,
spreading out probes to avoid rate-limiting on managed switches and APs.
The option is hidden in the UI when TCP check is active (redundant).
Update README (en/fr/es), docs/backend.md with the new scan modes table
and a troubleshooting entry for ICMP rate-limiting.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Previously tcp_check required both ICMP and TCP to pass. This caused
two failure modes: hosts with ICMP rate-limiting under scan load were
missed (ICMP fails → TCP never tried), and the AND logic was confusing.
In TCP-only mode, proxy-ARP gateways are still filtered out because
they never spoof TCP replies. Hosts with rate-limited ICMP (e.g. some
WiFi APs during a full /24 sweep) are now correctly detected via TCP.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When the Docker container's DNS can resolve a target IP to a hostname,
ping formats the reply line as "from hostname (ip):" instead of the
plain "from ip:" format. The proxy-ARP source-IP guard only checked
for the plain format, causing those hosts to be incorrectly reported
as unreachable despite a valid ICMP response.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- DNS_SERVER env var configures the default DNS server for PTR lookups
- GET /api/discovery/config exposes it to the frontend
- DiscoveryModal fetches it on mount and pre-fills the field (editable)
- dns_server is now optional in ScanRequest (default empty string)
- PTR lookup is skipped when dns_server is empty — scan still proceeds
- Validator only runs when dns_server is non-empty
- .env.example, docker-compose.yml, READMEs (fr/en/es) updated
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Some gateways (e.g. UniFi) respond to ICMP for every IP in a subnet via
proxy-ARP, spoofing the source IP so the existing ICMP guard cannot help.
A secondary TCP probe (ports 22, 80, 443, 8080, 8443) distinguishes real
hosts (RST/connect on closed ports) from ghost IPs (gateway drops SYN →
timeout). The check is opt-in (disabled by default) to avoid missing
devices whose firewall DROPs all probed ports.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
When a VLAN/LAN is deleted, all non-gateway, non-livebox devices
with an interface in that network are deleted automatically.
Gateway and livebox devices are preserved; their interface is
unlinked (vlan_id set to NULL).
The confirmation dialog now shows the exact count of devices
that will be deleted (all three locales: fr/en/es).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Verify that the ICMP reply source IP matches the target before
reporting a host as alive. Prevents scan from returning the entire
CIDR range when a gateway answers ARP requests on behalf of all IPs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The backend validator was rejecting the three new device types added
in the previous commit, returning HTTP 422.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Application web d'inventaire réseau manuel avec FastAPI, Vue 3 et Docker.
Inclut l'authentification JWT, la découverte ICMP, et la topologie en cards CSS.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
olivier