CI/CD: Add GitLab CI/CD pipeline for Hostinger deployment

- Updated .gitlab-ci.yml with complete build, test, and deploy stages
- Added authentication redirect fix in Program.cs (302 redirect for admin routes)
- Fixed Cookie vs Bearer authentication conflict for admin panel
- Configure pipeline to build from .NET 9.0 source
- Deploy to Hostinger VPS with proper environment variables
- Include rollback capability for production deployments

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>

TeleBot/Scripts/verify-tor-traffic.sh

@@ -0,0 +1,342 @@
+#!/bin/bash
+
+################################################################################
+# TOR Traffic Verification Script
+#
+# Purpose: Verify that TeleBot is routing ALL traffic through TOR
+# Usage: sudo ./verify-tor-traffic.sh [duration_seconds]
+# Output: Report showing traffic analysis and TOR usage
+#
+# Security Level: CRITICAL
+# Author: Mr Tickles, Security Consultant
+# Date: 2025-10-01
+################################################################################
+
+set -euo pipefail
+
+# Configuration
+DURATION=${1:-60}  # Default 60 seconds
+OUTPUT_DIR="/tmp/telebot-tor-verification"
+TIMESTAMP=$(date +%Y%m%d_%H%M%S)
+REPORT_FILE="${OUTPUT_DIR}/tor-verification-${TIMESTAMP}.txt"
+PCAP_FILE="${OUTPUT_DIR}/traffic-${TIMESTAMP}.pcap"
+TOR_SOCKS_PORT=9050
+SUSPICIOUS_IPS_FILE="${OUTPUT_DIR}/suspicious-ips-${TIMESTAMP}.txt"
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Create output directory
+mkdir -p "$OUTPUT_DIR"
+
+################################################################################
+# Helper Functions
+################################################################################
+
+log_info() {
+    echo -e "${BLUE}[INFO]${NC} $1" | tee -a "$REPORT_FILE"
+}
+
+log_success() {
+    echo -e "${GREEN}[✓]${NC} $1" | tee -a "$REPORT_FILE"
+}
+
+log_warning() {
+    echo -e "${YELLOW}[⚠]${NC} $1" | tee -a "$REPORT_FILE"
+}
+
+log_error() {
+    echo -e "${RED}[✗]${NC} $1" | tee -a "$REPORT_FILE"
+}
+
+check_root() {
+    if [[ $EUID -ne 0 ]]; then
+        log_error "This script must be run as root (for tcpdump)"
+        echo "Usage: sudo $0 [duration_seconds]"
+        exit 1
+    fi
+}
+
+check_dependencies() {
+    local missing_deps=()
+
+    for cmd in tcpdump netstat ss lsof grep awk; do
+        if ! command -v $cmd &> /dev/null; then
+            missing_deps+=("$cmd")
+        fi
+    done
+
+    if [ ${#missing_deps[@]} -gt 0 ]; then
+        log_error "Missing dependencies: ${missing_deps[*]}"
+        log_info "Install with: apt-get install ${missing_deps[*]}"
+        exit 1
+    fi
+}
+
+################################################################################
+# TOR Service Checks
+################################################################################
+
+check_tor_service() {
+    log_info "Checking TOR service status..."
+
+    if systemctl is-active --quiet tor; then
+        log_success "TOR service is running"
+    else
+        log_error "TOR service is NOT running"
+        systemctl status tor || true
+        return 1
+    fi
+
+    # Check SOCKS port
+    if netstat -tlnp | grep -q ":${TOR_SOCKS_PORT}"; then
+        log_success "TOR SOCKS5 proxy listening on port ${TOR_SOCKS_PORT}"
+    else
+        log_error "TOR SOCKS5 proxy NOT listening on port ${TOR_SOCKS_PORT}"
+        return 1
+    fi
+}
+
+check_tor_circuits() {
+    log_info "Checking TOR circuits..."
+
+    if journalctl -u tor --since "5 minutes ago" | grep -q "Bootstrapped 100%"; then
+        log_success "TOR has established circuits"
+    else
+        log_warning "TOR may not have established circuits recently"
+    fi
+}
+
+################################################################################
+# TeleBot Process Checks
+################################################################################
+
+check_telebot_process() {
+    log_info "Checking TeleBot process..."
+
+    if pgrep -f "TeleBot" > /dev/null; then
+        local pid=$(pgrep -f "TeleBot" | head -1)
+        log_success "TeleBot is running (PID: $pid)"
+
+        # Check if TeleBot has connections to TOR
+        if lsof -p "$pid" 2>/dev/null | grep -q ":${TOR_SOCKS_PORT}"; then
+            log_success "TeleBot has active connections to TOR SOCKS5 proxy"
+        else
+            log_warning "TeleBot may not have active TOR connections yet"
+        fi
+    else
+        log_error "TeleBot is NOT running"
+        return 1
+    fi
+}
+
+################################################################################
+# Network Traffic Capture and Analysis
+################################################################################
+
+capture_traffic() {
+    log_info "Capturing network traffic for ${DURATION} seconds..."
+    log_info "Output: $PCAP_FILE"
+
+    # Capture all non-local traffic
+    timeout "$DURATION" tcpdump -i any -w "$PCAP_FILE" \
+        'not (host 127.0.0.1 or host ::1) and not (port 22)' \
+        2>&1 | head -10 || true
+
+    log_success "Traffic capture complete"
+}
+
+analyze_traffic() {
+    log_info "Analyzing captured traffic..."
+
+    # Check for direct connections (not through TOR)
+    local external_connections=$(tcpdump -n -r "$PCAP_FILE" 2>/dev/null | \
+        grep -v "127.0.0.1" | \
+        grep -E "(telegram|api|http)" | \
+        wc -l)
+
+    if [ "$external_connections" -eq 0 ]; then
+        log_success "NO external connections detected (all traffic through TOR)"
+    else
+        log_warning "Detected $external_connections external connection(s)"
+
+        # Extract suspicious IPs
+        tcpdump -n -r "$PCAP_FILE" 2>/dev/null | \
+            grep -E "(telegram|api)" | \
+            awk '{print $3, $5}' | \
+            sort -u > "$SUSPICIOUS_IPS_FILE"
+
+        log_warning "Suspicious IPs saved to: $SUSPICIOUS_IPS_FILE"
+    fi
+}
+
+analyze_dns_leaks() {
+    log_info "Checking for DNS leaks..."
+
+    # Check for DNS queries
+    local dns_queries=$(tcpdump -n -r "$PCAP_FILE" 'port 53' 2>/dev/null | wc -l)
+
+    if [ "$dns_queries" -eq 0 ]; then
+        log_success "NO DNS leaks detected (DNS through TOR)"
+    else
+        log_error "Detected $dns_queries DNS queries - DNS LEAK!"
+        log_error "DNS queries should go through TOR, not directly"
+    fi
+}
+
+################################################################################
+# Active Connection Analysis
+################################################################################
+
+analyze_active_connections() {
+    log_info "Analyzing active connections..."
+
+    if pgrep -f "TeleBot" > /dev/null; then
+        local pid=$(pgrep -f "TeleBot" | head -1)
+
+        # Check connections to TOR
+        local tor_connections=$(ss -tnp | grep "$pid" | grep ":${TOR_SOCKS_PORT}" | wc -l)
+        log_info "Active TOR SOCKS5 connections: $tor_connections"
+
+        # Check for direct external connections
+        local external_conns=$(ss -tnp | grep "$pid" | \
+            grep -v "127.0.0.1" | \
+            grep -v "::1" | \
+            grep -v ":${TOR_SOCKS_PORT}" | \
+            wc -l)
+
+        if [ "$external_conns" -eq 0 ]; then
+            log_success "NO direct external connections (all through TOR)"
+        else
+            log_error "Detected $external_conns direct external connections!"
+            log_error "These connections are NOT going through TOR:"
+            ss -tnp | grep "$pid" | grep -v "127.0.0.1" | grep -v "::1"
+        fi
+    fi
+}
+
+################################################################################
+# Configuration Verification
+################################################################################
+
+verify_configuration() {
+    log_info "Verifying TeleBot configuration..."
+
+    # Look for appsettings.json
+    local config_file=$(find /opt /home /mnt -name "appsettings.json" -path "*/TeleBot/*" 2>/dev/null | head -1)
+
+    if [ -z "$config_file" ]; then
+        log_warning "Could not find appsettings.json for verification"
+        return
+    fi
+
+    log_info "Found config: $config_file"
+
+    # Check EnableTor setting
+    if grep -q '"EnableTor".*true' "$config_file"; then
+        log_success "Configuration: EnableTor = true"
+    else
+        log_error "Configuration: EnableTor is NOT set to true!"
+    fi
+
+    # Check UseTor setting
+    if grep -q '"UseTor".*true' "$config_file"; then
+        log_success "Configuration: UseTor = true"
+    else
+        log_error "Configuration: UseTor is NOT set to true!"
+    fi
+}
+
+################################################################################
+# Report Generation
+################################################################################
+
+generate_report() {
+    log_info "Generating final report..."
+
+    cat >> "$REPORT_FILE" << EOF
+
+================================================================================
+                    TOR TRAFFIC VERIFICATION REPORT
+================================================================================
+Timestamp: $(date)
+Duration: ${DURATION} seconds
+Report: $REPORT_FILE
+PCAP: $PCAP_FILE
+
+SUMMARY:
+EOF
+
+    # Count results
+    local total_checks=$(grep -c "\[✓\]" "$REPORT_FILE" 2>/dev/null || echo 0)
+    local warnings=$(grep -c "\[⚠\]" "$REPORT_FILE" 2>/dev/null || echo 0)
+    local errors=$(grep -c "\[✗\]" "$REPORT_FILE" 2>/dev/null || echo 0)
+
+    cat >> "$REPORT_FILE" << EOF
+✓ Successful checks: $total_checks
+⚠ Warnings: $warnings
+✗ Errors: $errors
+
+VERDICT:
+EOF
+
+    if [ "$errors" -eq 0 ] && [ "$warnings" -eq 0 ]; then
+        echo -e "${GREEN}✓ PASS${NC} - TeleBot is correctly routing ALL traffic through TOR" | tee -a "$REPORT_FILE"
+    elif [ "$errors" -eq 0 ]; then
+        echo -e "${YELLOW}⚠ PASS WITH WARNINGS${NC} - Review warnings above" | tee -a "$REPORT_FILE"
+    else
+        echo -e "${RED}✗ FAIL${NC} - TeleBot is NOT properly using TOR!" | tee -a "$REPORT_FILE"
+        echo -e "${RED}CRITICAL SECURITY ISSUE - Location privacy compromised!${NC}" | tee -a "$REPORT_FILE"
+    fi
+
+    echo "" | tee -a "$REPORT_FILE"
+    echo "Full report: $REPORT_FILE" | tee -a "$REPORT_FILE"
+}
+
+################################################################################
+# Main Execution
+################################################################################
+
+main() {
+    echo ""
+    echo "================================================================================"
+    echo "                     TeleBot TOR Traffic Verification"
+    echo "================================================================================"
+    echo ""
+
+    # Initialize report
+    echo "TeleBot TOR Traffic Verification Report" > "$REPORT_FILE"
+    echo "Started: $(date)" >> "$REPORT_FILE"
+    echo "" >> "$REPORT_FILE"
+
+    # Run checks
+    check_root
+    check_dependencies
+    check_tor_service || exit 1
+    check_tor_circuits
+    check_telebot_process || exit 1
+    verify_configuration
+
+    # Network analysis
+    analyze_active_connections
+    capture_traffic
+    analyze_traffic
+    analyze_dns_leaks
+
+    # Generate final report
+    generate_report
+
+    echo ""
+    echo "================================================================================"
+    echo "Verification complete. Review the full report:"
+    echo "$REPORT_FILE"
+    echo "================================================================================"
+    echo ""
+}
+
+# Run main function
+main "$@"