github-starred/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-08 05:39:49 -05:00
Code Issues 564 Packages Projects Releases 72 Wiki Activity

[GH-ISSUE #825] [FEATURE REQUEST] Multiple quality-of-life feature requests #10415

New Issue
Closed
opened 2026-05-06 13:44:18 -05:00 by GiteaMirror · 6 comments
GiteaMirror commented 2026-05-06 13:44:18 -05:00
Owner
Copy Link

Originally created by @kmanwar89 on GitHub (Jun 2, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/825

Hi,

I'd like to request if the following features can be evaluated for their feasibility for implementation into Pangolin. I feel these features would add significant value and improve the product by adopting a security-first mindset.

  1. Ability to define rule "templates" to apply to multiple resources - I currently have 50+ resources in Pangolin, and it's a good bit of work to add the same rules to each resource (allow my WAN IP range, allow Tailscale IP range, allow my VPS IP, block all others). I'd like to see if the ability to "apply rule to selected" could be implemented as this would save time immensely. Alternatively, a "rules template" that could be selected and applied to a resource as it was created would accomplish the same effect.

  2. Edit user details after creation - currently, a Pangolin admin is not presented the option to edit optional details about a user (First/Last name, email) once the user is created. As an admin, I should be able to edit a user's details, generate a password reset or one-time login code, etc. to help a user who gets locked out regain access to their resources.

  3. Implement a configurable session timeout - this is a security issue, and means that if a bad actor gets access to Pangolin, it will never timeout. A configurable session timeout is a standard security feature and should be implemented to prevent unlimited access to the admin interface in case of a credentials breach/exposure.

  4. List, or allow a user to select, resources assigned to them. Currently, if a user logs into Pangolin as a non-admin account, they are presented with a count of sites, users, and resources, but cannot "do" anything with this information. I think there would be value in allowing a user to see which resources they can access. If the "sites" count for a user always lists 0, then perhaps there is value in removing that from the UI as it's not something a user can interact with or provides them anything worthwhile.

Image

Again, thank you for this awesome project. I wish I were more of a developer and could contribute PR's, but alas, I can just try to raise the issues and hope the rationale/justification is valid. Thanks again!

Originally created by @kmanwar89 on GitHub (Jun 2, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/825 Hi, I'd like to request if the following features can be evaluated for their feasibility for implementation into Pangolin. I feel these features would add significant value and improve the product by adopting a security-first mindset. 1. Ability to define rule "templates" to apply to multiple resources - I currently have 50+ resources in Pangolin, and it's a good bit of work to add the same rules to each resource (allow my WAN IP range, allow Tailscale IP range, allow my VPS IP, block all others). I'd like to see if the ability to "apply rule to selected" could be implemented as this would save time immensely. Alternatively, a "rules template" that could be selected and applied to a resource as it was created would accomplish the same effect. 2. Edit user details after creation - currently, a Pangolin admin is not presented the option to edit optional details about a user (First/Last name, email) once the user is created. As an admin, I should be able to edit a user's details, generate a password reset or one-time login code, etc. to help a user who gets locked out regain access to their resources. 3. Implement a configurable session timeout - this is a security issue, and means that if a bad actor gets access to Pangolin, it will never timeout. A configurable session timeout is a standard security feature and should be implemented to prevent unlimited access to the admin interface in case of a credentials breach/exposure. 4. List, or allow a user to select, resources assigned to them. Currently, if a user logs into Pangolin as a non-admin account, they are presented with a count of sites, users, and resources, but cannot "do" anything with this information. I think there would be value in allowing a user to see which resources they can access. If the "sites" count for a user always lists 0, then perhaps there is value in removing that from the UI as it's not something a user can interact with or provides them anything worthwhile. <img width="632" alt="Image" src="https://github.com/user-attachments/assets/d6597ac1-0d18-4c8b-94e1-efc3450a794e" /> Again, thank you for this awesome project. I wish I were more of a developer and could contribute PR's, but alas, I can just try to raise the issues and hope the rationale/justification is valid. Thanks again!
GiteaMirror added the enhancementhelp wanted labels 2026-05-06 13:44:21 -05:00
GiteaMirror commented 2026-05-06 13:44:22 -05:00
Author
Owner
Copy Link

@kmanwar89 commented on GitHub (Jun 12, 2025):

Hi @oschwartz10612 or @miloschwartz , I'd love your thoughts on this FR. The lack of a session timeout is particularly concerning as a bad actor would have unlimited access to a session if the credentials were somehow exposed or breached. Since Pangolin can't itself be protected by PocketID, this presents a security issue. Is the session timeout possibly something that could be implemented? Thank you for your time on this project, it really doesn't go unappreciated!

<!-- gh-comment-id:2968116323 --> @kmanwar89 commented on GitHub (Jun 12, 2025): Hi @oschwartz10612 or @miloschwartz , I'd love your thoughts on this FR. The lack of a session timeout is particularly concerning as a bad actor would have unlimited access to a session if the credentials were somehow exposed or breached. Since Pangolin can't itself be protected by PocketID, this presents a security issue. Is the session timeout possibly something that could be implemented? Thank you for your time on this project, it really doesn't go unappreciated!
GiteaMirror commented 2026-05-06 13:44:22 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Jun 13, 2025):

Hi! In a similar vein to #906 this is an awesome write up of great UI / usability improvements we should absolutely do! I am going to mark this as help wanted in case anyone wants to take up some of these ideas in the UI because I think they would be pretty straight forward and good first issues.

Otherwise we will try to tackle these ASAP!

<!-- gh-comment-id:2970408669 --> @oschwartz10612 commented on GitHub (Jun 13, 2025): Hi! In a similar vein to #906 this is an awesome write up of great UI / usability improvements we should absolutely do! I am going to mark this as help wanted in case anyone wants to take up some of these ideas in the UI because I think they would be pretty straight forward and good first issues. Otherwise we will try to tackle these ASAP!
GiteaMirror commented 2026-05-06 13:44:23 -05:00
Author
Owner
Copy Link

@kmanwar89 commented on GitHub (Jun 14, 2025):

Thank you! I do wish I were more of a developer to contribute, but I hope the community can help the product grow!

<!-- gh-comment-id:2972730504 --> @kmanwar89 commented on GitHub (Jun 14, 2025): Thank you! I do wish I were more of a developer to contribute, but I hope the community can help the product grow!
GiteaMirror commented 2026-05-06 13:44:23 -05:00
Author
Owner
Copy Link

@adrianeastles commented on GitHub (Jun 26, 2025):

Hi everyone,

Based on the feedback from point 4, I wanted to have this enhancement as it would make my life super simple. The screenshots attached shows how it greatly improves how non-admin users can view their resources that's been granted via the current mechanisms. My goal here is to provide them with much more actionable information right when they log in.

You'll see that when a member is logged in, a new menu called "Account" is now shown, with a dedicated submenu for "Resources". This allows users to quickly find the information most relevant to them.

I've also simplified the main dashboard, removing what I believe was unnecessary information for regular members. Don't worry, if any of that unnecessary information proves useful, I have ideas on where I can reintroduce it. However, a member generally doesn't need to know things like the total user count or the number of sites.

Member Section

Image Image Image

What was Added:

  1. New User Resources Dashboard
    New Page: /[orgId]/account/my-resources - A dedicated page where organization members can view all resources they have access to
    Card-based Layout: Modern, responsive grid displaying each resource with clear visual indicators
    Status Indicators: Color-coded shields showing resource protection levels (enabled/disabled, protected/unprotected)
    Interactive Elements: Direct links to access enabled resources, with links and buttons to navigate to the resource.
  2. Enhanced Navigation Structure
    New Navigation Item: Added "Resources" section under Account in the navigation menu. Seamlessly integrated into existing Layout component with proper navigation hierarchy.
    Enhanced organization landing page card to show resource count and provide quick access
  3. Resource Access Visualisation
    Enabled/Disabled States: Clear visual distinction between available and unavailable resources
    Empty State: User-friendly messaging when no resources are assigned
<!-- gh-comment-id:3008339175 --> @adrianeastles commented on GitHub (Jun 26, 2025): Hi everyone, Based on the feedback from point 4, I wanted to have this enhancement as it would make my life super simple. The screenshots attached shows how it greatly improves how **non-admin users** can view their resources that's been granted via the current mechanisms. My goal here is to provide them with much more actionable information right when they log in. You'll see that when a member is logged in, a new menu called **"Account"** is now shown, with a dedicated submenu for **"Resources"**. This allows users to quickly find the information most relevant to them. I've also simplified the main dashboard, removing what I believe was unnecessary information for regular members. Don't worry, if any of that unnecessary information proves useful, I have ideas on where I can reintroduce it. However, a member generally doesn't need to know things like the total user count or the number of sites. --- ### Member Section <img width="1789" alt="Image" src="https://github.com/user-attachments/assets/d9cd5c40-5bbf-4a0f-af78-cb00417eb68b" /> <img width="1788" alt="Image" src="https://github.com/user-attachments/assets/5c5f1605-1ff9-428e-9967-a8859f33520c" /> <img width="1782" alt="Image" src="https://github.com/user-attachments/assets/73d0f05b-5e98-48c8-a212-147616ae9af2" /> What was Added: 1. New User Resources Dashboard New Page: /[orgId]/account/my-resources - A dedicated page where organization members can view all resources they have access to Card-based Layout: Modern, responsive grid displaying each resource with clear visual indicators Status Indicators: Color-coded shields showing resource protection levels (enabled/disabled, protected/unprotected) Interactive Elements: Direct links to access enabled resources, with links and buttons to navigate to the resource. 2. Enhanced Navigation Structure New Navigation Item: Added "Resources" section under Account in the navigation menu. Seamlessly integrated into existing Layout component with proper navigation hierarchy. Enhanced organization landing page card to show resource count and provide quick access 3. Resource Access Visualisation Enabled/Disabled States: Clear visual distinction between available and unavailable resources Empty State: User-friendly messaging when no resources are assigned
GiteaMirror commented 2026-05-06 13:44:23 -05:00
Author
Owner
Copy Link

@miloschwartz commented on GitHub (Jun 26, 2025):

@adrianeastles Thanks, this looks good!

Can you open a PR so we can keep track of it in there? My initial thought is maybe we should remove the Overview since it's a placeholder and show the Account tab when the user first lands on the page?

<!-- gh-comment-id:3008877179 --> @miloschwartz commented on GitHub (Jun 26, 2025): @adrianeastles Thanks, this looks good! Can you open a PR so we can keep track of it in there? My initial thought is maybe we should remove the Overview since it's a placeholder and show the Account tab when the user first lands on the page?
GiteaMirror commented 2026-05-06 13:44:24 -05:00
Author
Owner
Copy Link

@miloschwartz commented on GitHub (Sep 27, 2025):

Thanks for all these requests. Closing this issue because there are many duplicate requests for 2 and 3. 1 is schedule in our roadmap, and 4 is complete.

<!-- gh-comment-id:3342088582 --> @miloschwartz commented on GitHub (Sep 27, 2025): Thanks for all these requests. Closing this issue because there are many duplicate requests for 2 and 3. 1 is schedule in our roadmap, and 4 is complete.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
authentication
bug
config
dependencies
docker
documentation
enhancement
good first issue
help wanted
Improvement
Look Into
needs investigating
networking
new feature
non-critical bug
potential bug
pull-request
Mirrored from GitHub Pull Request
 question
reverse proxy
Security
stale
ui
wontfix
No Label enhancement help wanted
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#10415
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?