From 61b873451f140ddce2e539315bad287e06ff73a1 Mon Sep 17 00:00:00 2001
From: Krzysztof Jagosz <k.jagosz@kjkgroup.cloud>
Date: Tue, 29 Apr 2025 01:05:48 +0200
Subject: [PATCH 1/7] Added OAuth2 support for SSO

---
 .gitignore                              |   6 +
 src/api.go                              |   1 +
 src/def.go                              |   2 +
 src/go.mod                              |   2 +-
 src/mod/auth/sso/authentik/authentik.go |   2 +-
 src/mod/auth/sso/oauth2/oauth2.go       | 297 ++++++++++++++++++++++++
 src/mod/dynamicproxy/authProviders.go   |  10 +
 src/mod/dynamicproxy/typedef.go         |   4 +-
 src/mod/sshprox/embed.go                |   8 +-
 src/reverseproxy.go                     |   3 +-
 src/start.go                            |   6 +
 src/web/components/httprp.html          |   8 +-
 src/web/components/sso.html             | 140 ++++++++---
 src/web/index.html                      |   2 +-
 14 files changed, 454 insertions(+), 37 deletions(-)
 create mode 100644 src/mod/auth/sso/oauth2/oauth2.go

diff --git a/.gitignore b/.gitignore
index 5c9767d..fabfcb3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -50,3 +50,9 @@ src/log/
 example/plugins/ztnc/ztnc.db
 example/plugins/ztnc/authtoken.secret
 example/plugins/ztnc/ztnc.db.lock
+.idea
+conf
+log
+tmp
+sys.*
+www/html/index.html
diff --git a/src/api.go b/src/api.go
index 01adf20..a997737 100644
--- a/src/api.go
+++ b/src/api.go
@@ -84,6 +84,7 @@ func RegisterTLSAPIs(authRouter *auth.RouterDef) {
 func RegisterAuthenticationHandlerAPIs(authRouter *auth.RouterDef) {
 	authRouter.HandleFunc("/api/sso/Authelia", autheliaRouter.HandleSetAutheliaURLAndHTTPS)
 	authRouter.HandleFunc("/api/sso/Authentik", authentikRouter.HandleSetAuthentikURLAndHTTPS)
+	authRouter.HandleFunc("/api/sso/OAuth2", oauth2Router.HandleSetOAuth2Settings)
 }
 
 // Register the APIs for redirection rules management functions
diff --git a/src/def.go b/src/def.go
index 7efd638..60aacdd 100644
--- a/src/def.go
+++ b/src/def.go
@@ -10,6 +10,7 @@ package main
 import (
 	"embed"
 	"flag"
+	"imuslab.com/zoraxy/mod/auth/sso/oauth2"
 	"net/http"
 	"time"
 
@@ -146,6 +147,7 @@ var (
 	//Authentication Provider
 	autheliaRouter  *authelia.AutheliaRouter   //Authelia router for Authelia authentication
 	authentikRouter *authentik.AuthentikRouter //Authentik router for Authentik authentication
+	oauth2Router    *oauth2.OAuth2Router       //OAuth2Router router for OAuth2Router authentication
 
 	//Helper modules
 	EmailSender       *email.Sender         //Email sender that handle email sending
diff --git a/src/go.mod b/src/go.mod
index e722aa9..3b0d5e4 100644
--- a/src/go.mod
+++ b/src/go.mod
@@ -16,6 +16,7 @@ require (
 	github.com/grandcat/zeroconf v1.0.0
 	github.com/likexian/whois v1.15.1
 	github.com/microcosm-cc/bluemonday v1.0.26
+	github.com/monperrus/crawler-user-agents v1.1.0
 	github.com/shirou/gopsutil/v4 v4.25.1
 	github.com/syndtr/goleveldb v1.0.0
 	golang.org/x/net v0.33.0
@@ -32,7 +33,6 @@ require (
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/snappy v0.0.1 // indirect
 	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.128 // indirect
-	github.com/monperrus/crawler-user-agents v1.1.0 // indirect
 	github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
 	github.com/peterhellberg/link v1.2.0 // indirect
 	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
diff --git a/src/mod/auth/sso/authentik/authentik.go b/src/mod/auth/sso/authentik/authentik.go
index 795b0b3..a4abbc6 100644
--- a/src/mod/auth/sso/authentik/authentik.go
+++ b/src/mod/auth/sso/authentik/authentik.go
@@ -56,7 +56,7 @@ func (ar *AuthentikRouter) HandleSetAuthentikURLAndHTTPS(w http.ResponseWriter,
 			return
 		}
 
-		useHTTPS, err := utils.PostBool(r, "useHTTPS")
+		useHTTPS, err := utils.PostBool(r, "authentikUseHttps")
 		if err != nil {
 			useHTTPS = false
 		}
diff --git a/src/mod/auth/sso/oauth2/oauth2.go b/src/mod/auth/sso/oauth2/oauth2.go
new file mode 100644
index 0000000..e036d6f
--- /dev/null
+++ b/src/mod/auth/sso/oauth2/oauth2.go
@@ -0,0 +1,297 @@
+package oauth2
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"golang.org/x/oauth2"
+	"imuslab.com/zoraxy/mod/database"
+	"imuslab.com/zoraxy/mod/info/logger"
+	"imuslab.com/zoraxy/mod/utils"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+type OAuth2RouterOptions struct {
+	OAuth2ServerURL    string //The URL of the OAuth 2.0 server server
+	OAuth2TokenURL     string //The URL of the OAuth 2.0 token server
+	OAuth2RedirectUrl  string //The redirect URL of the OAuth 2.0 token server
+	OAuth2ClientId     string //The client id for OAuth 2.0 Application
+	OAuth2ClientSecret string //The client secret for OAuth 2.0 Application
+	OAuth2WellKnownUrl string //The well-known url for OAuth 2.0 server
+	OAuth2UserInfoUrl  string //The URL of the OAuth 2.0 user info endpoint
+	OAuth2Scopes       string //The scopes for OAuth 2.0 Application
+	Logger             *logger.Logger
+	Database           *database.Database
+}
+
+type OIDCDiscoveryDocument struct {
+	AuthorizationEndpoint             string   `json:"authorization_endpoint"`
+	ClaimsSupported                   []string `json:"claims_supported"`
+	CodeChallengeMethodsSupported     []string `json:"code_challenge_methods_supported"`
+	GrantTypesSupported               []string `json:"grant_types_supported"`
+	IDTokenSigningAlgValuesSupported  []string `json:"id_token_signing_alg_values_supported"`
+	Issuer                            string   `json:"issuer"`
+	JwksURI                           string   `json:"jwks_uri"`
+	ResponseTypesSupported            []string `json:"response_types_supported"`
+	ScopesSupported                   []string `json:"scopes_supported"`
+	SubjectTypesSupported             []string `json:"subject_types_supported"`
+	TokenEndpoint                     string   `json:"token_endpoint"`
+	TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
+	UserinfoEndpoint                  string   `json:"userinfo_endpoint"`
+}
+
+type OAuth2Router struct {
+	options *OAuth2RouterOptions
+}
+
+// NewOAuth2Router creates a new OAuth2Router object
+func NewOAuth2Router(options *OAuth2RouterOptions) *OAuth2Router {
+	options.Database.NewTable("oauth2")
+
+	//Read settings from database, if exists
+	options.Database.Read("oauth2", "oauth2WellKnownUrl", &options.OAuth2WellKnownUrl)
+	options.Database.Read("oauth2", "oauth2ServerUrl", &options.OAuth2ServerURL)
+	options.Database.Read("oauth2", "oauth2TokenUrl", &options.OAuth2TokenURL)
+	options.Database.Read("oauth2", "oauth2ClientId", &options.OAuth2ClientId)
+	options.Database.Read("oauth2", "oauth2ClientSecret", &options.OAuth2ClientSecret)
+	options.Database.Read("oauth2", "oauth2RedirectURL", &options.OAuth2RedirectUrl)
+	options.Database.Read("oauth2", "oauth2UserInfoUrl", &options.OAuth2UserInfoUrl)
+	options.Database.Read("oauth2", "oauth2Scopes", &options.OAuth2Scopes)
+
+	return &OAuth2Router{
+		options: options,
+	}
+}
+
+// HandleSetOAuth2Settings is the internal handler for setting the OAuth URL and HTTPS
+func (ar *OAuth2Router) HandleSetOAuth2Settings(w http.ResponseWriter, r *http.Request) {
+	if r.Method == http.MethodGet {
+		//Return the current settings
+		js, _ := json.Marshal(map[string]interface{}{
+			"oauth2WellKnownUrl": ar.options.OAuth2WellKnownUrl,
+			"oauth2ServerUrl":    ar.options.OAuth2ServerURL,
+			"oauth2TokenUrl":     ar.options.OAuth2TokenURL,
+			"oauth2Scopes":       ar.options.OAuth2Scopes,
+			"oauth2ClientSecret": ar.options.OAuth2ClientSecret,
+			"oauth2RedirectURL":  ar.options.OAuth2RedirectUrl,
+			"oauth2UserInfoURL":  ar.options.OAuth2UserInfoUrl,
+			"oauth2ClientId":     ar.options.OAuth2ClientId,
+		})
+
+		utils.SendJSONResponse(w, string(js))
+		return
+	} else if r.Method == http.MethodPost {
+		//Update the settings
+		var oauth2ServerUrl, oauth2TokenURL, oauth2Scopes, oauth2UserInfoUrl string
+		oauth2WellKnownUrl, err := utils.PostPara(r, "oauth2WellKnownUrl")
+		if err != nil {
+			oauth2ServerUrl, err = utils.PostPara(r, "oauth2ServerUrl")
+			if err != nil {
+				utils.SendErrorResponse(w, "oauth2ServerUrl not found")
+				return
+			}
+
+			oauth2TokenURL, err = utils.PostPara(r, "oauth2TokenUrl")
+			if err != nil {
+				utils.SendErrorResponse(w, "oauth2TokenUrl not found")
+				return
+			}
+
+			oauth2Scopes, err = utils.PostPara(r, "oauth2Scopes")
+			if err != nil {
+				utils.SendErrorResponse(w, "oauth2Scopes not found")
+				return
+			}
+
+			oauth2UserInfoUrl, err = utils.PostPara(r, "oauth2UserInfoUrl")
+			if err != nil {
+				utils.SendErrorResponse(w, "oauth2UserInfoUrl not found")
+				return
+			}
+		}
+
+		oauth2RedirectUrl, err := utils.PostPara(r, "oauth2RedirectUrl")
+		if err != nil {
+			utils.SendErrorResponse(w, "oauth2RedirectUrl not found")
+			return
+		}
+
+		oauth2ClientId, err := utils.PostPara(r, "oauth2ClientId")
+		if err != nil {
+			utils.SendErrorResponse(w, "oauth2ClientId not found")
+			return
+		}
+
+		oauth2ClientSecret, err := utils.PostPara(r, "oauth2ClientSecret")
+		if err != nil {
+			utils.SendErrorResponse(w, "oauth2ClientSecret not found")
+			return
+		}
+
+		//Write changes to runtime
+		ar.options.OAuth2WellKnownUrl = oauth2WellKnownUrl
+		ar.options.OAuth2ServerURL = oauth2ServerUrl
+		ar.options.OAuth2TokenURL = oauth2TokenURL
+		ar.options.OAuth2RedirectUrl = oauth2RedirectUrl
+		ar.options.OAuth2UserInfoUrl = oauth2UserInfoUrl
+		ar.options.OAuth2ClientId = oauth2ClientId
+		ar.options.OAuth2ClientSecret = oauth2ClientSecret
+		ar.options.OAuth2Scopes = oauth2Scopes
+
+		//Write changes to database
+		ar.options.Database.Write("oauth2", "oauth2WellKnownUrl", oauth2WellKnownUrl)
+		ar.options.Database.Write("oauth2", "oauth2ServerUrl", oauth2ServerUrl)
+		ar.options.Database.Write("oauth2", "oauth2TokenUrl", oauth2TokenURL)
+		ar.options.Database.Write("oauth2", "oauth2RedirectUrl", oauth2RedirectUrl)
+		ar.options.Database.Write("oauth2", "oauth2UserInfoUrl", oauth2UserInfoUrl)
+		ar.options.Database.Write("oauth2", "oauth2ClientId", oauth2ClientId)
+		ar.options.Database.Write("oauth2", "oauth2ClientSecret", oauth2ClientSecret)
+		ar.options.Database.Write("oauth2", "oauth2Scopes", oauth2Scopes)
+
+		utils.SendOK(w)
+	} else {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+}
+
+func (ar *OAuth2Router) fetchOAuth2Configuration(config *oauth2.Config) (*oauth2.Config, error) {
+	req, err := http.NewRequest("GET", ar.options.OAuth2WellKnownUrl, nil)
+	if err != nil {
+		return nil, err
+	}
+	client := &http.Client{}
+	if resp, err := client.Do(req); err != nil {
+		return nil, err
+	} else {
+		defer resp.Body.Close()
+
+		oidcDiscoveryDocument := OIDCDiscoveryDocument{}
+		if err := json.NewDecoder(resp.Body).Decode(&oidcDiscoveryDocument); err != nil {
+			return nil, err
+		}
+
+		if len(config.Scopes) == 0 {
+			config.Scopes = oidcDiscoveryDocument.ScopesSupported
+		}
+
+		if config.Endpoint.AuthURL == "" {
+			config.Endpoint.AuthURL = oidcDiscoveryDocument.AuthorizationEndpoint
+		}
+
+		if config.Endpoint.TokenURL == "" {
+			config.Endpoint.TokenURL = oidcDiscoveryDocument.TokenEndpoint
+		}
+
+		if ar.options.OAuth2UserInfoUrl == "" {
+			ar.options.OAuth2UserInfoUrl = oidcDiscoveryDocument.UserinfoEndpoint
+		}
+
+	}
+	return config, nil
+}
+
+func (ar *OAuth2Router) newOAuth2Conf(redirectUrl string) (*oauth2.Config, error) {
+	config := &oauth2.Config{
+		ClientID:     ar.options.OAuth2ClientId,
+		ClientSecret: ar.options.OAuth2ClientSecret,
+		RedirectURL:  redirectUrl,
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  ar.options.OAuth2ServerURL,
+			TokenURL: ar.options.OAuth2TokenURL,
+		},
+	}
+	if ar.options.OAuth2Scopes != "" {
+		config.Scopes = strings.Split(ar.options.OAuth2Scopes, ",")
+	}
+	if ar.options.OAuth2WellKnownUrl != "" && (config.Endpoint.AuthURL == "" || config.Endpoint.TokenURL == "" ||
+		ar.options.OAuth2UserInfoUrl == "") {
+		return ar.fetchOAuth2Configuration(config)
+	}
+	return config, nil
+}
+
+// HandleOAuth2Auth is the internal handler for OAuth authentication
+// Set useHTTPS to true if your OAuth server is using HTTPS
+// Set OAuthURL to the URL of the OAuth server, e.g. OAuth.example.com
+func (ar *OAuth2Router) HandleOAuth2Auth(w http.ResponseWriter, r *http.Request) error {
+	const callbackPrefix = "/internal/oauth2"
+	const tokenCookie = "z-token"
+	scheme := "http"
+	if r.TLS != nil {
+		scheme = "https"
+	}
+	reqUrl := scheme + "://" + r.Host + r.RequestURI
+	oauthConfig, err := ar.newOAuth2Conf(scheme + "://" + r.Host + callbackPrefix)
+	if err != nil {
+		ar.options.Logger.PrintAndLog("OAuth2Router", "Failed to fetch OIDC configuration:", err)
+		w.WriteHeader(500)
+		return errors.New("failed to fetch OIDC configuration")
+	}
+
+	if oauthConfig.Endpoint.AuthURL == "" || oauthConfig.Endpoint.TokenURL == "" || ar.options.OAuth2UserInfoUrl == "" {
+		ar.options.Logger.PrintAndLog("OAuth2Router", "Invalid OAuth2 configuration", nil)
+		w.WriteHeader(500)
+		return errors.New("invalid OAuth2 configuration")
+	}
+
+	code := r.URL.Query().Get("code")
+	state := r.URL.Query().Get("state")
+	if r.Method == http.MethodGet && strings.HasPrefix(r.RequestURI, callbackPrefix) && code != "" && state != "" {
+		ctx := context.Background()
+		token, err := oauthConfig.Exchange(ctx, code)
+		if err != nil {
+			ar.options.Logger.PrintAndLog("OAuth2", "Token exchange failed", err)
+			w.WriteHeader(401)
+			return errors.New("unauthorized")
+		}
+
+		if !token.Valid() {
+			ar.options.Logger.PrintAndLog("OAuth2", "Invalid token", err)
+			w.WriteHeader(401)
+			return errors.New("unauthorized")
+		}
+
+		cookie := http.Cookie{Name: tokenCookie, Value: token.AccessToken, Path: "/"}
+		if scheme == "https" {
+			cookie.Secure = true
+			cookie.SameSite = http.SameSiteLaxMode
+		}
+		w.Header().Add("Set-Cookie", cookie.String())
+		http.Redirect(w, r, state, http.StatusTemporaryRedirect)
+		return errors.New("authorized")
+	}
+	unauthorized := false
+	cookie, err := r.Cookie(tokenCookie)
+	if err == nil {
+		if cookie.Value == "" {
+			unauthorized = true
+		} else {
+			ctx := context.Background()
+			client := oauthConfig.Client(ctx, &oauth2.Token{AccessToken: cookie.Value})
+			req, err := client.Get(ar.options.OAuth2UserInfoUrl)
+			if err != nil {
+				ar.options.Logger.PrintAndLog("OAuth2", "Failed to get user info", err)
+				unauthorized = true
+			}
+			defer req.Body.Close()
+			if req.StatusCode != http.StatusOK {
+				ar.options.Logger.PrintAndLog("OAuth2", "Failed to get user info", err)
+				unauthorized = true
+			}
+		}
+	} else {
+		unauthorized = true
+	}
+	if unauthorized {
+		state := url.QueryEscape(reqUrl)
+		url := oauthConfig.AuthCodeURL(state, oauth2.AccessTypeOffline)
+		http.Redirect(w, r, url, http.StatusFound)
+
+		return errors.New("unauthorized")
+	}
+	return nil
+}
diff --git a/src/mod/dynamicproxy/authProviders.go b/src/mod/dynamicproxy/authProviders.go
index 8099b55..a296e14 100644
--- a/src/mod/dynamicproxy/authProviders.go
+++ b/src/mod/dynamicproxy/authProviders.go
@@ -50,6 +50,12 @@ func handleAuthProviderRouting(sep *ProxyEndpoint, w http.ResponseWriter, r *htt
 			h.Parent.Option.Logger.LogHTTPRequest(r, "host-http", 401, requestHostname, "")
 			return true
 		}
+	} else if sep.AuthenticationProvider.AuthMethod == AuthMethodOAuth2 {
+		err := h.handleOAuth2Auth(w, r)
+		if err != nil {
+			h.Parent.Option.Logger.LogHTTPRequest(r, "host-http", 401, requestHostname, "")
+			return true
+		}
 	}
 
 	//No authentication provider, do not need to handle
@@ -116,3 +122,7 @@ func (h *ProxyHandler) handleAutheliaAuth(w http.ResponseWriter, r *http.Request
 func (h *ProxyHandler) handleAuthentikAuth(w http.ResponseWriter, r *http.Request) error {
 	return h.Parent.Option.AuthentikRouter.HandleAuthentikAuth(w, r)
 }
+
+func (h *ProxyHandler) handleOAuth2Auth(w http.ResponseWriter, r *http.Request) error {
+	return h.Parent.Option.OAuth2Router.HandleOAuth2Auth(w, r)
+}
diff --git a/src/mod/dynamicproxy/typedef.go b/src/mod/dynamicproxy/typedef.go
index 29d20ad..d7fdb9e 100644
--- a/src/mod/dynamicproxy/typedef.go
+++ b/src/mod/dynamicproxy/typedef.go
@@ -10,6 +10,7 @@ package dynamicproxy
 import (
 	_ "embed"
 	"imuslab.com/zoraxy/mod/auth/sso/authentik"
+	"imuslab.com/zoraxy/mod/auth/sso/oauth2"
 	"net"
 	"net/http"
 	"sync"
@@ -66,6 +67,7 @@ type RouterOption struct {
 	/* Authentication Providers */
 	AutheliaRouter  *authelia.AutheliaRouter   //Authelia router for Authelia authentication
 	AuthentikRouter *authentik.AuthentikRouter //Authentik router for Authentik authentication
+	OAuth2Router    *oauth2.OAuth2Router       //OAuth2Router router for OAuth2Router authentication
 
 	/* Utilities */
 	Logger *logger.Logger //Logger for reverse proxy requets
@@ -144,7 +146,7 @@ const (
 	AuthMethodNone     AuthMethod = iota //No authentication required
 	AuthMethodBasic                      //Basic Auth
 	AuthMethodAuthelia                   //Authelia
-	AuthMethodOauth2                     //Oauth2
+	AuthMethodOAuth2                     //Oauth2
 	AuthMethodAuthentik
 )
 
diff --git a/src/mod/sshprox/embed.go b/src/mod/sshprox/embed.go
index 4c5fe2d..b5ac80d 100644
--- a/src/mod/sshprox/embed.go
+++ b/src/mod/sshprox/embed.go
@@ -1,14 +1,14 @@
-//go:build (windows && amd64) || (linux && mipsle) || (linux && riscv64) || (freebsd && amd64)
-// +build windows,amd64 linux,mipsle linux,riscv64 freebsd,amd64
+//go:build (windows && amd64) || (linux && mipsle) || (linux && riscv64) || (freebsd && amd64) || (darwin && arm64)
+// +build windows,amd64 linux,mipsle linux,riscv64 freebsd,amd64 darwin,arm64
 
 package sshprox
 
 import "embed"
 
 /*
-	Binary embedding
+Binary embedding
 
-	Make sure when compile, gotty binary exists in static.gotty
+Make sure when compile, gotty binary exists in static.gotty
 */
 var (
 	//go:embed gotty/LICENSE
diff --git a/src/reverseproxy.go b/src/reverseproxy.go
index d00b606..83e3d21 100644
--- a/src/reverseproxy.go
+++ b/src/reverseproxy.go
@@ -117,6 +117,7 @@ func ReverseProxtInit() {
 		AccessController:   accessController,
 		AutheliaRouter:     autheliaRouter,
 		AuthentikRouter:    authentikRouter,
+		OAuth2Router:       oauth2Router,
 		LoadBalancer:       loadBalancer,
 		PluginManager:      pluginManager,
 		/* Utilities */
@@ -587,7 +588,7 @@ func ReverseProxyHandleEditEndpoint(w http.ResponseWriter, r *http.Request) {
 	} else if authProviderType == 2 {
 		newProxyEndpoint.AuthenticationProvider.AuthMethod = dynamicproxy.AuthMethodAuthelia
 	} else if authProviderType == 3 {
-		newProxyEndpoint.AuthenticationProvider.AuthMethod = dynamicproxy.AuthMethodOauth2
+		newProxyEndpoint.AuthenticationProvider.AuthMethod = dynamicproxy.AuthMethodOAuth2
 	} else if authProviderType == 4 {
 		newProxyEndpoint.AuthenticationProvider.AuthMethod = dynamicproxy.AuthMethodAuthentik
 	} else {
diff --git a/src/start.go b/src/start.go
index 0fadc05..16ab97e 100644
--- a/src/start.go
+++ b/src/start.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"imuslab.com/zoraxy/mod/auth/sso/oauth2"
 	"log"
 	"net/http"
 	"os"
@@ -157,6 +158,11 @@ func startupSequence() {
 		Database:     sysdb,
 	})
 
+	oauth2Router = oauth2.NewOAuth2Router(&oauth2.OAuth2RouterOptions{
+		Logger:   SystemWideLogger,
+		Database: sysdb,
+	})
+
 	//Create a statistic collector
 	statisticCollector, err = statistic.NewStatisticCollector(statistic.CollectorOption{
 		Database: sysdb,
diff --git a/src/web/components/httprp.html b/src/web/components/httprp.html
index 1a9d653..a7afa4e 100644
--- a/src/web/components/httprp.html
+++ b/src/web/components/httprp.html
@@ -186,7 +186,7 @@
                         <td data-label="" editable="true" datatype="advanced" style="width: 350px;">
                             ${subd.AuthenticationProvider.AuthMethod == 0x1?`<i class="ui grey key icon"></i> Basic Auth`:``}
                             ${subd.AuthenticationProvider.AuthMethod == 0x2?`<i class="ui blue key icon"></i> Authelia`:``}
-                            ${subd.AuthenticationProvider.AuthMethod == 0x3?`<i class="ui yellow key icon"></i> Oauth2`:``}
+                            ${subd.AuthenticationProvider.AuthMethod == 0x3?`<i class="ui yellow key icon"></i> OAuth2`:``}
                             ${subd.AuthenticationProvider.AuthMethod == 0x4?`<i class="ui blue key icon"></i> Authentik`:``}
                             ${subd.AuthenticationProvider.AuthMethod != 0x0 && subd.RequireRateLimit?"<br>":""}
                             ${subd.RequireRateLimit?`<i class="ui green check icon"></i> Rate Limit @ ${subd.RateLimit} req/s`:``}
@@ -396,6 +396,12 @@
                                 <label>Authelia</label>
                             </div>
                         </div>
+                        <div class="field">
+                            <div class="ui radio checkbox">
+                                <input type="radio" value="3" name="authProviderType" ${authProvider==0x3?"checked":""}>
+                                <label>OAuth2</label>
+                            </div>
+                        </div>
                         <div class="field">
                             <div class="ui radio checkbox">
                                 <input type="radio" value="4" name="authProviderType" ${authProvider==0x4?"checked":""}>
diff --git a/src/web/components/sso.html b/src/web/components/sso.html
index 820735a..5061ebc 100644
--- a/src/web/components/sso.html
+++ b/src/web/components/sso.html
@@ -17,10 +17,10 @@
         <h3>Authelia</h3>
         <p>Configuration settings for Authelia authentication provider.</p>
 
-        <form class="ui form">
+        <form class="ui form" action="#" id="autheliaSettings">
             <div class="field">
-                <label for="autheliaServerUrl">Authelia Server URL</label>
-                <input type="text" id="autheliaServerUrl" name="autheliaServerUrl" placeholder="Enter Authelia Server URL">
+                <label for="autheliaURL">Authelia Server URL</label>
+                <input type="text" id="autheliaURL" name="autheliaURL" placeholder="Enter Authelia Server URL">
                 <small>Example: auth.example.com</small>
             </div>
             <div class="field">
@@ -30,7 +30,61 @@
                     <small>Check this if your authelia server uses HTTPS</small>
                 </div>
             </div>
-            <button class="ui basic button" onclick="event.preventDefault(); updateAutheliaSettings();"><i class="green check icon"></i> Apply Change</button>
+            <button class="ui basic button"><i class="green check icon"></i> Apply Change</button>
+        </form>
+    </div>
+    <div class="ui divider"></div>
+    <div class="ui basic segment">
+        <h3>OAuth 2.0</h3>
+        <p>Configuration settings for OAuth 2.0 authentication provider.</p>
+
+        <form class="ui form" action="#" id="oauth2Settings">
+            <div class="field">
+                <label for="oauth2ClientId">Client ID</label>
+                <input type="text" id="oauth2ClientId" name="oauth2ClientId" placeholder="Enter Client ID">
+                <small>Public identifier of the OAuth2 application</small>
+            </div>
+            <div class="field">
+                <label for="oauth2ClientId">Client Secret</label>
+                <input type="password" id="oauth2ClientSecret" name="oauth2ClientSecret" placeholder="Enter Client Secret">
+                <small>Secret key of the OAuth2 application</small>
+            </div>
+            <div class="field">
+                <label for="oauth2WellKnownUrl">OIDC well-known URL</label>
+                <input type="text" id="oauth2WellKnownUrl" name="oauth2WellKnownUrl" placeholder="Enter Well-Known URL">
+                <small>URL to the OIDC discovery document (usually ending with /.well-known/openid-configuration). Used to automatically fetch provider settings.</small>
+            </div>
+
+            <div class="field">
+                <label for="oauth2ServerUrl">Authorization URL</label>
+                <input type="text" id="oauth2ServerUrl" name="oauth2ServerUrl" placeholder="Enter Authorization URL">
+                <small>URL used to authenticate against the OAuth2 provider. Will redirect the user to the OAuth2 provider login view. Optional if Well-Known url is configured.</small>
+            </div>
+
+            <div class="field">
+                <label for="oauth2TokenUrl">Token URL</label>
+                <input type="text" id="oauth2TokenUrl" name="oauth2TokenUrl" placeholder="Enter Token URL">
+                <small>URL used by Zoraxy to exchange a valid OAuth2 authentication code for an access token. Optional if Well-Known url is configured.</small>
+            </div>
+
+            <div class="field">
+                <label for="oauth2RedirectUrl">Redirect URL</label>
+                <input type="text" id="oauth2RedirectUrl" name="oauth2RedirectUrl" placeholder="Enter Token URL">
+                <small>URL used by the OAuth2 provider to redirect the user after successful authentication. Should be set to your Zoraxy instance URL</small>
+            </div>
+
+            <div class="field">
+                <label for="oauth2UserInfoURL">Redirect URL</label>
+                <input type="text" id="oauth2UserInfoURL" name="oauth2UserInfoURL" placeholder="Enter User Info URL">
+                <small>URL used by the OAuth2 provider to validate generated token. Optional if Well-Known url is configured.</small>
+            </div>
+
+            <div class="field">
+                <label for="oauth2Scopes">Scopes</label>
+                <input type="text" id="oauth2Scopes" name="oauth2Scopes" placeholder="Enter Scopes">
+                <small>Scopes required by the OAuth2 provider to retrieve information about the authenticated user. Refer to your OAuth2 provider documentation for more information about this. Optional if Well-Known url is configured.</small>
+            </div>
+            <button class="ui basic button" type="submit"><i class="green check icon"></i> Apply Change</button>
         </form>
     </div>
     <div class="ui divider"></div>
@@ -38,10 +92,10 @@
         <h3>Authentik</h3>
         <p>Configuration settings for Authentik authentication provider.</p>
 
-        <form class="ui form">
+        <form class="ui form" action="#" id="authentikSettings">
             <div class="field">
-                <label for="authentikServerUrl">Authentik Server URL</label>
-                <input type="text" id="authentikServerUrl" name="authentikServerUrl" placeholder="Enter Authentik Server URL">
+                <label for="authentikURL">Authentik Server URL</label>
+                <input type="text" id="authentikURL" name="authentikURL" placeholder="Enter Authentik Server URL">
                 <small>Example: auth.example.com</small>
             </div>
             <div class="field">
@@ -51,7 +105,7 @@
                     <small>Check this if your Authentik server uses HTTPS</small>
                 </div>
             </div>
-            <button class="ui basic button" onclick="event.preventDefault(); updateAuthentikSettings();"><i class="green check icon"></i> Apply Change</button>
+            <button class="ui basic button" type="submit"><i class="green check icon"></i> Apply Change</button>
         </form>
     </div>
     <div class="ui divider"></div>
@@ -83,22 +137,35 @@
                 console.error('Error fetching SSO settings:', textStatus, errorThrown);
             }
         });
+        $.cjax({
+            url: '/api/sso/OAuth2',
+            method: 'GET',
+            dataType: 'json',
+            success: function(data) {
+                $('#oauth2WellKnownUrl').val(data.oauth2WellKnownUrl);
+                $('#oauth2ServerUrl').val(data.oauth2ServerUrl);
+                $('#oauth2TokenUrl').val(data.oauth2TokenUrl);
+                $('#oauth2RedirectUrl').val(data.oauth2RedirectUrl);
+                $('#oauth2UserInfoUrl').val(data.oauth2UserInfoUrl);
+                $('#oauth2ClientId').val(data.oauth2ClientId);
+                $('#oauth2ClientSecret').val(data.oauth2ClientSecret);
+                $('#oauth2Scopes').val(data.oauth2Scopes);
+            },
+            error: function(jqXHR, textStatus, errorThrown) {
+                console.error('Error fetching SSO settings:', textStatus, errorThrown);
+            }
+        });
     });
 
-    function updateAutheliaSettings(){
-        var autheliaServerUrl = $('#autheliaServerUrl').val();
-        var useHttps = $('#useHttps').prop('checked');
-
+    $( "#autheliaSettings" ).on( "submit", function( event ) {
+        event.preventDefault();
         $.cjax({
             url: '/api/sso/Authelia',
             method: 'POST',
-            data: {
-                autheliaURL: autheliaServerUrl,
-                useHTTPS: useHttps
-            },
+            data: $( this ).serialize(),
             success: function(data) {
                 if (data.error != undefined) {
-                    $.msgbox(data.error, false);
+                    msgbox(data.error, false);
                     return;
                 }
                 msgbox('Authelia settings updated', true);
@@ -106,23 +173,20 @@
             },
             error: function(jqXHR, textStatus, errorThrown) {
                 console.error('Error updating Authelia settings:', textStatus, errorThrown);
+                msgbox('Error updating Authelia settings, check console', false);
             }
         });
-    }
-    function updateAuthentikSettings(){
-        var authentikServerUrl = $('#authentikServerUrl').val();
-        var useHttps = $('#authentikUseHttps').prop('checked');
+    });
 
+    $( "#authentikSettings" ).on( "submit", function( event ) {
+        event.preventDefault();
         $.cjax({
             url: '/api/sso/Authentik',
             method: 'POST',
-            data: {
-                authentikURL: authentikServerUrl,
-                useHTTPS: useHttps
-            },
+            data: $( this ).serialize(),
             success: function(data) {
                 if (data.error != undefined) {
-                    $.msgbox(data.error, false);
+                    msgbox(data.error, false);
                     return;
                 }
                 msgbox('Authentik settings updated', true);
@@ -130,7 +194,29 @@
             },
             error: function(jqXHR, textStatus, errorThrown) {
                 console.error('Error updating Authentik settings:', textStatus, errorThrown);
+                msgbox('Error updating Authentik settings, check console', false);
             }
         });
-    }
+    });
+
+    $( "#oauth2Settings" ).on( "submit", function( event ) {
+        event.preventDefault();
+        $.cjax({
+            url: '/api/sso/OAuth2',
+            method: 'POST',
+            data: $( this ).serialize(),
+            success: function(data) {
+                if (data.error != undefined) {
+                    msgbox(data.error, false);
+                    return;
+                }
+                msgbox('OAuth2 settings updated', true);
+                console.log('OAuth2 settings updated:', data);
+            },
+            error: function(jqXHR, textStatus, errorThrown) {
+                console.error('Error updating OAuth2 settings:', textStatus, errorThrown);
+                msgbox('Error updating OAuth2 settings, check console', false);
+            }
+        });
+    });
 </script>
\ No newline at end of file
diff --git a/src/web/index.html b/src/web/index.html
index 98ea85b..fb8df92 100644
--- a/src/web/index.html
+++ b/src/web/index.html
@@ -72,7 +72,7 @@
                         <i class="simplistic lock icon"></i> TLS / SSL certificates
                     </a>
                     <a class="item" tag="sso">
-                        <i class="simplistic user circle icon"></i> SSO / Oauth
+                        <i class="simplistic user circle icon"></i> SSO / OAuth2
                     </a>
                     <div class="ui divider menudivider">Others</div>
                     <a class="item" tag="webserv">

From e2882b64366567ff1d4584d8348d6373612c3f28 Mon Sep 17 00:00:00 2001
From: Krzysztof Jagosz <k.jagosz@kjkgroup.cloud>
Date: Tue, 29 Apr 2025 14:46:18 +0200
Subject: [PATCH 2/7] Some cleanup for unused things

---
 src/mod/auth/sso/oauth2/oauth2.go | 13 +------------
 src/web/components/sso.html       |  9 +--------
 2 files changed, 2 insertions(+), 20 deletions(-)

diff --git a/src/mod/auth/sso/oauth2/oauth2.go b/src/mod/auth/sso/oauth2/oauth2.go
index e036d6f..449c44e 100644
--- a/src/mod/auth/sso/oauth2/oauth2.go
+++ b/src/mod/auth/sso/oauth2/oauth2.go
@@ -16,7 +16,6 @@ import (
 type OAuth2RouterOptions struct {
 	OAuth2ServerURL    string //The URL of the OAuth 2.0 server server
 	OAuth2TokenURL     string //The URL of the OAuth 2.0 token server
-	OAuth2RedirectUrl  string //The redirect URL of the OAuth 2.0 token server
 	OAuth2ClientId     string //The client id for OAuth 2.0 Application
 	OAuth2ClientSecret string //The client secret for OAuth 2.0 Application
 	OAuth2WellKnownUrl string //The well-known url for OAuth 2.0 server
@@ -56,7 +55,6 @@ func NewOAuth2Router(options *OAuth2RouterOptions) *OAuth2Router {
 	options.Database.Read("oauth2", "oauth2TokenUrl", &options.OAuth2TokenURL)
 	options.Database.Read("oauth2", "oauth2ClientId", &options.OAuth2ClientId)
 	options.Database.Read("oauth2", "oauth2ClientSecret", &options.OAuth2ClientSecret)
-	options.Database.Read("oauth2", "oauth2RedirectURL", &options.OAuth2RedirectUrl)
 	options.Database.Read("oauth2", "oauth2UserInfoUrl", &options.OAuth2UserInfoUrl)
 	options.Database.Read("oauth2", "oauth2Scopes", &options.OAuth2Scopes)
 
@@ -73,10 +71,9 @@ func (ar *OAuth2Router) HandleSetOAuth2Settings(w http.ResponseWriter, r *http.R
 			"oauth2WellKnownUrl": ar.options.OAuth2WellKnownUrl,
 			"oauth2ServerUrl":    ar.options.OAuth2ServerURL,
 			"oauth2TokenUrl":     ar.options.OAuth2TokenURL,
+			"oauth2UserInfoUrl":  ar.options.OAuth2UserInfoUrl,
 			"oauth2Scopes":       ar.options.OAuth2Scopes,
 			"oauth2ClientSecret": ar.options.OAuth2ClientSecret,
-			"oauth2RedirectURL":  ar.options.OAuth2RedirectUrl,
-			"oauth2UserInfoURL":  ar.options.OAuth2UserInfoUrl,
 			"oauth2ClientId":     ar.options.OAuth2ClientId,
 		})
 
@@ -112,12 +109,6 @@ func (ar *OAuth2Router) HandleSetOAuth2Settings(w http.ResponseWriter, r *http.R
 			}
 		}
 
-		oauth2RedirectUrl, err := utils.PostPara(r, "oauth2RedirectUrl")
-		if err != nil {
-			utils.SendErrorResponse(w, "oauth2RedirectUrl not found")
-			return
-		}
-
 		oauth2ClientId, err := utils.PostPara(r, "oauth2ClientId")
 		if err != nil {
 			utils.SendErrorResponse(w, "oauth2ClientId not found")
@@ -134,7 +125,6 @@ func (ar *OAuth2Router) HandleSetOAuth2Settings(w http.ResponseWriter, r *http.R
 		ar.options.OAuth2WellKnownUrl = oauth2WellKnownUrl
 		ar.options.OAuth2ServerURL = oauth2ServerUrl
 		ar.options.OAuth2TokenURL = oauth2TokenURL
-		ar.options.OAuth2RedirectUrl = oauth2RedirectUrl
 		ar.options.OAuth2UserInfoUrl = oauth2UserInfoUrl
 		ar.options.OAuth2ClientId = oauth2ClientId
 		ar.options.OAuth2ClientSecret = oauth2ClientSecret
@@ -144,7 +134,6 @@ func (ar *OAuth2Router) HandleSetOAuth2Settings(w http.ResponseWriter, r *http.R
 		ar.options.Database.Write("oauth2", "oauth2WellKnownUrl", oauth2WellKnownUrl)
 		ar.options.Database.Write("oauth2", "oauth2ServerUrl", oauth2ServerUrl)
 		ar.options.Database.Write("oauth2", "oauth2TokenUrl", oauth2TokenURL)
-		ar.options.Database.Write("oauth2", "oauth2RedirectUrl", oauth2RedirectUrl)
 		ar.options.Database.Write("oauth2", "oauth2UserInfoUrl", oauth2UserInfoUrl)
 		ar.options.Database.Write("oauth2", "oauth2ClientId", oauth2ClientId)
 		ar.options.Database.Write("oauth2", "oauth2ClientSecret", oauth2ClientSecret)
diff --git a/src/web/components/sso.html b/src/web/components/sso.html
index 5061ebc..981afea 100644
--- a/src/web/components/sso.html
+++ b/src/web/components/sso.html
@@ -68,13 +68,7 @@
             </div>
 
             <div class="field">
-                <label for="oauth2RedirectUrl">Redirect URL</label>
-                <input type="text" id="oauth2RedirectUrl" name="oauth2RedirectUrl" placeholder="Enter Token URL">
-                <small>URL used by the OAuth2 provider to redirect the user after successful authentication. Should be set to your Zoraxy instance URL</small>
-            </div>
-
-            <div class="field">
-                <label for="oauth2UserInfoURL">Redirect URL</label>
+                <label for="oauth2UserInfoURL">User Info URL</label>
                 <input type="text" id="oauth2UserInfoURL" name="oauth2UserInfoURL" placeholder="Enter User Info URL">
                 <small>URL used by the OAuth2 provider to validate generated token. Optional if Well-Known url is configured.</small>
             </div>
@@ -145,7 +139,6 @@
                 $('#oauth2WellKnownUrl').val(data.oauth2WellKnownUrl);
                 $('#oauth2ServerUrl').val(data.oauth2ServerUrl);
                 $('#oauth2TokenUrl').val(data.oauth2TokenUrl);
-                $('#oauth2RedirectUrl').val(data.oauth2RedirectUrl);
                 $('#oauth2UserInfoUrl').val(data.oauth2UserInfoUrl);
                 $('#oauth2ClientId').val(data.oauth2ClientId);
                 $('#oauth2ClientSecret').val(data.oauth2ClientSecret);

From f0fa71c5b4df96a4f87d09d45e3373864277f393 Mon Sep 17 00:00:00 2001
From: Toby Chui <tobychui@users.noreply.github.com>
Date: Sat, 7 Jun 2025 12:08:45 +0800
Subject: [PATCH 3/7] Update .gitignore

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index fabfcb3..d6cb379 100644
--- a/.gitignore
+++ b/.gitignore
@@ -56,3 +56,4 @@ log
 tmp
 sys.*
 www/html/index.html
+*.exe
\ No newline at end of file

From 0e74ff69c3cf838446d44c8fee81b13458ae82a6 Mon Sep 17 00:00:00 2001
From: Toby Chui <tobychui@users.noreply.github.com>
Date: Sat, 7 Jun 2025 12:20:09 +0800
Subject: [PATCH 4/7] Fixed build error after merge

- Fixed buid error in new merge for Oauth2
- Updated version no.
- Optimized css in sso page
---
 src/def.go                            | 2 +-
 src/mod/dynamicproxy/authProviders.go | 2 +-
 src/reverseproxy.go                   | 2 +-
 src/web/components/sso.html           | 4 +++-
 4 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/def.go b/src/def.go
index 7d1f616..45a008b 100644
--- a/src/def.go
+++ b/src/def.go
@@ -44,7 +44,7 @@ import (
 const (
 	/* Build Constants */
 	SYSTEM_NAME       = "Zoraxy"
-	SYSTEM_VERSION    = "3.2.2"
+	SYSTEM_VERSION    = "3.2.3"
 	DEVELOPMENT_BUILD = false
 
 	/* System Constants */
diff --git a/src/mod/dynamicproxy/authProviders.go b/src/mod/dynamicproxy/authProviders.go
index 295add6..cfaafa2 100644
--- a/src/mod/dynamicproxy/authProviders.go
+++ b/src/mod/dynamicproxy/authProviders.go
@@ -46,7 +46,7 @@ func handleAuthProviderRouting(sep *ProxyEndpoint, w http.ResponseWriter, r *htt
 			h.Parent.Option.Logger.LogHTTPRequest(r, "host-http", 401, requestHostname, "")
 			return true
 		}
-	} else if sep.AuthenticationProvider.AuthMethod == AuthMethodOAuth2 {
+	case AuthMethodOauth2:
 		err := h.handleOAuth2Auth(w, r)
 		if err != nil {
 			h.Parent.Option.Logger.LogHTTPRequest(r, "host-http", 401, requestHostname, "")
diff --git a/src/reverseproxy.go b/src/reverseproxy.go
index 9585de8..abb4e79 100644
--- a/src/reverseproxy.go
+++ b/src/reverseproxy.go
@@ -587,7 +587,7 @@ func ReverseProxyHandleEditEndpoint(w http.ResponseWriter, r *http.Request) {
 	} else if authProviderType == 2 {
 		newProxyEndpoint.AuthenticationProvider.AuthMethod = dynamicproxy.AuthMethodForward
 	} else if authProviderType == 3 {
-		newProxyEndpoint.AuthenticationProvider.AuthMethod = dynamicproxy.AuthMethodOAuth2
+		newProxyEndpoint.AuthenticationProvider.AuthMethod = dynamicproxy.AuthMethodOauth2
 	} else {
 		newProxyEndpoint.AuthenticationProvider.AuthMethod = dynamicproxy.AuthMethodNone
 	}
diff --git a/src/web/components/sso.html b/src/web/components/sso.html
index 9327649..605ccdd 100644
--- a/src/web/components/sso.html
+++ b/src/web/components/sso.html
@@ -1,4 +1,4 @@
-<div class="standardContainer">
+<div class="sso standardContainer">
     <div class="ui basic segment">
         <h2>SSO</h2>
         <p>Single Sign-On (SSO) and authentication providers settings </p>
@@ -253,4 +253,6 @@
         });
     });
 
+    /* Bind UI events */
+    $(".sso .advanceSettings").accordion();
 </script>
\ No newline at end of file

From 1f8684481af50abdefd31c808e132a0616131a5f Mon Sep 17 00:00:00 2001
From: Toby Chui <tobychui@users.noreply.github.com>
Date: Sun, 8 Jun 2025 21:56:51 +0800
Subject: [PATCH 5/7] New UI for proxy editor

---
 src/web/components/httprp.html     | 640 ++++++++++++++++++++---
 src/web/components/httprp.html.bak | 797 +++++++++++++++++++++++++++++
 2 files changed, 1370 insertions(+), 67 deletions(-)
 create mode 100644 src/web/components/httprp.html.bak

diff --git a/src/web/components/httprp.html b/src/web/components/httprp.html
index 484eb37..eea543f 100644
--- a/src/web/components/httprp.html
+++ b/src/web/components/httprp.html
@@ -9,7 +9,7 @@
         }
 
         .subdEntry td:not(.ignoremw){
-            min-width: 200px;
+            min-width: 100px;
         }
 
         .httpProxyListTools{
@@ -20,10 +20,86 @@
             cursor: pointer;
         }
 
+        th.no-sort{
+            cursor: default !important;
+        }
+
         .tag-select:hover{
             text-decoration: underline;
             opacity: 0.8;
         }
+
+        .inlineEditActionBtn{
+            border: 0px solid transparent !important;
+            box-shadow: none !important;
+            background-color: transparent !important;
+        }
+
+        body.darkTheme .ui.basic.small.icon.circular.button.inlineEditActionBtn{
+            border: 0px solid transparent !important;
+        }
+
+        /* Custom, non overlaying modal for proxy rule editing */
+        #httprpEditModal{
+            position: fixed;
+            top: 50%;
+            left: 50%;
+            transform: translate(-50%, -50%);
+            width: 68vw;
+            height: 50vh;
+            background-color: var(--theme_bg_primary);
+            padding: 1.4em;
+            border-radius: .6em;
+            box-shadow: 0px 4px 8px rgba(0, 0, 0, 0.2), 0px 8px 16px rgba(0, 0, 0, 0.2);
+            z-index: 9;
+            max-width: 840px;
+        }
+
+        @media screen and (max-width: 1024px) {
+            #httprpEditModal {
+                width: 85vw;
+            }
+        }
+
+        @media screen and (max-width: 768px) {
+            #httprpEditModal {
+                width: 95vw;
+                height: 80vh;
+                border-radius: 0;
+            }
+
+            .httpProxyEditClosePC{
+                display:none !important;
+            }
+            .httpProxyEditCloseMobile{
+                display:block !important;
+            }
+        }
+
+        @media screen and (min-width: 769px) {
+            .httpProxyEditClosePC{
+                display:block !important;
+            }
+            .httpProxyEditCloseMobile{
+                display:none !important;
+            }
+        }
+
+
+
+        #httprpEditDarkenLayer {
+            position: fixed;
+            top: 0;
+            left: 0;
+            width: 100%;
+            height: 100%;
+            background-color: rgba(0, 0, 0, 0.5);
+            z-index: 8;
+        }
+
+        #httprpEditModalWrapper {
+            display: none; /* Hidden by default */
+        }
     </style>
     <div class="httpProxyListTools" style="margin-bottom: 1em;">
         <div id="tagFilterDropdown" class="ui floating basic dropdown labeled icon button" style="min-width: 150px;">
@@ -55,15 +131,15 @@
     </div>
     
     <div style="width: 100%; overflow-x: auto; margin-bottom: 1em; min-height: 300px;">
-        <table class="ui celled sortable unstackable compact table">
+        <table class="ui unstackable sortable compact celled definition table">
             <thead>
                 <tr>
+                    <th></th>
                     <th>Host</th>
                     <th>Destination</th>
                     <th>Virtual Directory</th>
-                    <th>Tags</th>
-                    <th style="max-width: 300px;">Advanced Settings</th>
-                    <th class="no-sort" style="min-width:150px;">Actions</th>
+                    <th class="no-sort">Tags</th>
+                    <th class="no-sort" style="width:50px; cursor: default !important;"></th>
                 </tr>
             </thead>
             <tbody id="httpProxyList">
@@ -76,7 +152,219 @@
     <br><br>
 </div>
 
+<!-- Modal for editing a HTTP Proxy Rule -->
+<div id="httprpEditModalWrapper">
+    <div id="httprpEditModal" editing-host="">
+        <div class="ui stackable grid">
+            <div class="four wide column">
+                <div class="ui secondary fluid vertical menu">
+                    <a class="active item hrpedit_menu_item" cfgpage="downstream">
+                        <i class="angle double white right icon"></i> Downstream
+                    </a>
+                    <a class="item hrpedit_menu_item" cfgpage="upstream">
+                        <i class="angle double left icon"></i> Upstream
+                    </a>
+                    <a class="item hrpedit_menu_item" cfgpage="vdirs">
+                        <i class="angle folder icon"></i> Virtual Directory
+                    </a>
+                    <a class="item hrpedit_menu_item" cfgpage="ssl">
+                        <i class="lock icon"></i> TLS / SSL
+                    </a>
+                    <a class="item hrpedit_menu_item" cfgpage="headers">
+                        <i class="heading icon"></i> Headers
+                    </a>
+                    <a class="item hrpedit_menu_item" cfgpage="security">
+                        <i class="key icon"></i> Security
+                    </a>
+                    <a class="item hrpedit_menu_item" cfgpage="tags">
+                        <i class="tags icon"></i> Tags
+                    </a>
+                </div>
+
+                <button class="ui basic fluid button httpProxyEditClosePC" onclick="closeHttpRuleEditor();">Close</button>
+            </div>
+            <div class="twelve wide column">
+                <div class="ui segment">
+                    <!-- Downstream -->
+                    <div class="rpconfig_content" rpcfg="downstream">
+                        <h3 class="downstream_primary_hostname">
+                            
+                        </h3>
+                        <div class="downstream_alias_hostname">
+
+                        </div>
+                        <div class="ui divider"></div>
+                        <div class="downstream_action_list">
+                            <div class="ui checkbox" style="margin-top: 0.4em;">
+                                <input type="checkbox" class="BypassGlobalTLS" ${subd.BypassGlobalTLS?"checked":""}>
+                                <label>Allow plain HTTP access<br>
+                                    <small>Allow inbound connections without TLS/SSL</small></label>
+                            </div>
+                            <br>
+                            <button class="ui basic compact tiny button editAliasHostnameBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="blue at icon"></i> Alias Hostnames</button>
+                            <button class="ui basic compact tiny button editAccessRuleBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="ui filter icon"></i> Access Rule</button>
+                        </div>
+                    </div>
+                    <!-- Upstream -->
+                    <div class="rpconfig_content" rpcfg="upstream">
+                        <div class="upstream_list">
+
+                        </div>
+                        <button class="ui basic compact button editUpstreamButton" style="margin-left: 0.4em; margin-top: 1em;"><i class="grey server icon"></i> Edit Upstreams</button>
+                        <div class="ui divider"></div>
+                        <div class="ui checkbox" style="margin-top: 0.4em;">
+                            <input type="checkbox" class="EnableUptimeMonitor">
+                            <label>Monitor Uptime<br>
+                                <small>Enable active uptime monitor and auto disable upstreams that are offline</small></label>
+                        </div>
+                        <div class="ui basic advance segment" style="padding: 0.4em !important; border-radius: 0.4em;">
+                            <div class="ui endpointAdvanceConfig accordion" style="padding-right: 0.6em;">
+                                <div class="title">
+                                    <i class="dropdown icon"></i>
+                                    Advanced Settings
+                                </div>
+                                <div class="content">
+                                    <div class="ui checkbox" style="margin-top: 0.4em;">
+                                        <input type="checkbox" class="UseStickySession">
+                                        <label>Use Sticky Session<br>
+                                            <small>Enable stick session on load balancing</small></label>
+                                    </div>
+                                    <br>
+                                    <div class="ui disabled checkbox" style="margin-top: 0.4em;">
+                                        <input type="checkbox" class="DisableChunkedTransferEncoding">
+                                        <label>Disable Chunked Transfer Encoding<br>
+                                            <small>Enable this option if your upstream uses a legacy HTTP server implementation</small></label>
+                                    </div>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                    <!-- Virtual Directories-->
+                    <div class="rpconfig_content" rpcfg="vdirs">
+                        <div class="vdir_list">
+
+                        </div>
+                        <div class="ui divider"></div>
+                        <button class="ui basic tiny button editVdirBtn" style="margin-left: 0.4em; margin-top: 0.4em;">
+                            <i class="ui yellow folder icon"></i> Edit Virtual Directories
+                        </button>
+                    </div>
+                    <div class="rpconfig_content" rpcfg="headers">
+                        Headers
+                        <button class="ui basic compact tiny button editHeaderBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="heading icon"></i> Custom Headers</button>
+                    </div>
+                    <!-- Security -->
+                    <div class="rpconfig_content" rpcfg="security">
+                        <div class="grouped fields authProviderPicker">
+                            <!-- Auth Providers -->
+                            <label><b>Authentication Provider</b></label>
+                            <div class="field">
+                                <div class="ui radio checkbox">
+                                    <input type="radio" value="0" name="authProviderType">
+                                    <label>None (Anyone can access)</label>
+                                </div>
+                            </div>
+                            <div class="field">
+                                <div class="ui radio checkbox">
+                                    <input type="radio" value="1" name="authProviderType">
+                                    <label>Basic Auth</label>
+                                </div>
+                            </div>
+                            <div class="field">
+                                <div class="ui radio checkbox">
+                                    <input type="radio" value="2" name="authProviderType">
+                                    <label>Forward Auth</label>
+                                </div>
+                            </div>
+                            <div class="field">
+                                <div class="ui radio checkbox">
+                                    <input type="radio" value="3" name="authProviderType">
+                                    <label>OAuth2</label>
+                                </div>
+                            </div>
+                        </div>
+                        <br>
+                        <button class="ui basic compact tiny button editBasicAuthCredentialsBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="ui blue user circle icon"></i> Basic Auth Credentials</button>
+                        
+                        <div class="ui divider"></div>
+                        <!-- Rate Limits-->
+                        <div class="ui checkbox" style="margin-top: 0.4em;">
+                            <input type="checkbox" onchange="handleToggleRateLimitInput();" class="RequireRateLimit" ${rateLimitCheckState}>
+                            <label>Require Rate Limit<br>
+                            <small>Check this to enable rate limit on this inbound hostname</small></label>
+                        </div><br>
+                        <div class="ui small right labeled fluid input" style="margin-top: 0.4em;">
+                            <input type="number" class="RateLimit" value="0" min="1" >
+                            <label class="ui basic label">
+                                req / sec / IP
+                            </label>
+                        </div>
+                    </div>
+                    <!-- TLS / SSL -->
+                    <div class="rpconfig_content" rpcfg="ssl">
+                        SSL
+                        <button class="ui basic compact small button getCertificateBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="green lock icon"></i> Get Certificate</button>
+                    </div>
+                    <!-- Tags -->
+                    <div class="rpconfig_content" rpcfg="tags">
+                        Tags
+                        <button class="ui basic compact small button editTagsBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="ui purple tag icon"></i> Edit tags</button>
+                    </div>
+                </div>
+                <p><em>Note: All changes will be automatically saved.</em></p>
+                <br><br>
+                <button class="ui basic fluid button httpProxyEditCloseMobile" onclick="closeHttpRuleEditor();">Close</button>
+            </div>
+        </div>
+    </div>
+    <div id="httprpEditDarkenLayer"></div>
+</div>
+
+
 <script>
+    var httpProxyList = []; //Proxy list of the current node
+
+    $('#httprpEditModal .tabular.menu .item').tab();
+
+    /* Renderers */
+    function renderUpstreamList(subd){
+        //Build the upstream list
+        let upstreams = "";
+        if (subd.ActiveOrigins.length == 0){
+            //Invalid config
+            upstreams = `<i class="ui yellow exclamation triangle icon"></i> No Active Upstream Origin<br>`;
+        }else{
+            subd.ActiveOrigins.forEach(upstream => {
+                //console.log(upstream);
+                //Check if the upstreams require TLS connections
+                let tlsIcon = "";
+                if (upstream.RequireTLS){
+                    tlsIcon = `<i class="green lock icon" title="TLS Mode"></i>`;
+                    if (upstream.SkipCertValidations){
+                        tlsIcon = `<i class="yellow lock icon" title="TLS/SSL mode without verification"></i>`
+                    }
+                }
+
+                let upstreamLink = `${upstream.RequireTLS?"https://":"http://"}${upstream.OriginIpOrDomain}`;
+
+                upstreams += `<a href="${upstreamLink}" target="_blank">${upstream.OriginIpOrDomain} ${tlsIcon}</a><br>`;
+            })
+        }
+        return upstreams;
+    }
+
+    function renderVirtualDirectoryList(subd){
+        let vdList = `<div class="ui list">`;
+        subd.VirtualDirectories.forEach(vdir => {
+            vdList += `<div class="item">${vdir.MatchingPath} <i class="green angle double right icon"></i> ${vdir.Domain}</div>`;
+        });
+        vdList += `</div>`
+        if (subd.VirtualDirectories.length == 0){
+            vdList = `<small style="opacity: 0.3; pointer-events: none; user-select: none;">No Virtual Directory</small>`;
+        }
+
+        return vdList;
+    }
 
     /* List all proxy endpoints */
     function listProxyEndpoints(){
@@ -93,31 +381,12 @@
             }else{
                 //Sort by RootOrMatchingDomain field
                 data.sort((a,b) => (a.RootOrMatchingDomain > b.RootOrMatchingDomain) ? 1 : ((b.RootOrMatchingDomain > a.RootOrMatchingDomain) ? -1 : 0))
+                httpProxyList = data;
                 data.forEach(subd => {
                     let subdData = encodeURIComponent(JSON.stringify(subd));
                     
                     //Build the upstream list
-                    let upstreams = "";
-                    if (subd.ActiveOrigins.length == 0){
-                        //Invalid config
-                        upstreams = `<i class="ui yellow exclamation triangle icon"></i> No Active Upstream Origin<br>`;
-                    }else{
-                        subd.ActiveOrigins.forEach(upstream => {
-                            console.log(upstream);
-                            //Check if the upstreams require TLS connections
-                            let tlsIcon = "";
-                            if (upstream.RequireTLS){
-                                tlsIcon = `<i class="green lock icon" title="TLS Mode"></i>`;
-                                if (upstream.SkipCertValidations){
-                                    tlsIcon = `<i class="yellow lock icon" title="TLS/SSL mode without verification"></i>`
-                                }
-                            }
-
-                            let upstreamLink = `${upstream.RequireTLS?"https://":"http://"}${upstream.OriginIpOrDomain}`;
-
-                            upstreams += `<a href="${upstreamLink}" target="_blank">${upstream.OriginIpOrDomain} ${tlsIcon}</a><br>`;
-                        })
-                    }
+                    let upstreams = renderUpstreamList(subd);
 
                     let inboundTlsIcon = "";
                     if ($("#tls").checkbox("is checked")){
@@ -130,20 +399,16 @@
                     }
                     
                     //Build the virtual directory list
-                    var vdList = `<div class="ui list">`;
-                    subd.VirtualDirectories.forEach(vdir => {
-                        vdList += `<div class="item">${vdir.MatchingPath} <i class="green angle double right icon"></i> ${vdir.Domain}</div>`;
-                    });
-                    vdList += `</div>`;
-
-                    if (subd.VirtualDirectories.length == 0){
-                        vdList = `<small style="opacity: 0.3; pointer-events: none; user-select: none;">No Virtual Directory</small>`;
-                    }
+                    let vdList = renderVirtualDirectoryList(subd);
+                    let vdIsEmpty = (subd.VirtualDirectories.length == 0);
 
+                    //Build the Subdomain enable checkbox
                     let enableChecked = "checked";
                     if (subd.Disabled){
                         enableChecked = "";
                     }
+
+                    //Generate a  the TLS lock icons
                     let httpProto = "http://";
                     if ($("#tls").checkbox("is checked")) {
                         httpProto = "https://";
@@ -156,6 +421,8 @@
                     }else{
                         hostnameRedirectPort = ":" + hostnameRedirectPort;
                     }
+
+                    //Generate alias domain list
                     let aliasDomains = ``;
                     if (subd.MatchingDomainAlias != undefined && subd.MatchingDomainAlias.length > 0){
                         aliasDomains = `<small class="aliasDomains" eptuuid="${subd.RootOrMatchingDomain}" style="color: #636363;">Alias: `;
@@ -166,7 +433,23 @@
                         aliasDomains += `</small><br>`;
                     }
 
+                    //Build tag list
+                    let tagList = "";
+                    let tagListEmpty = false;
+                    if (subd.Tags.length > 0){
+                        tagList = subd.Tags.map(tag => `<span class="ui tiny label tag-select" style="background-color: ${getTagColorByName(tag)}; color: ${getTagTextColor(tag)}">${tag}</span>`).join("");
+                    }else{
+                        tagList = "<small style='opacity: 0.3; pointer-events: none; user-select: none;'>No Tags</small>";
+                        tagListEmpty = true;
+                    }
+                    
                     $("#httpProxyList").append(`<tr eptuuid="${subd.RootOrMatchingDomain}" payload="${subdData}" class="subdEntry">
+                        <td class="collapsing ignoremw" datatype="enable">
+                            <div class="ui toggle tiny fitted checkbox" style="margin-bottom: -0.5em; margin-right: 0.4em;" title="Enable / Disable Rule">
+                                <input type="checkbox" class="enableToggle" name="active" ${enableChecked} eptuuid="${subd.RootOrMatchingDomain}" onchange="handleProxyRuleToggle(this);">
+                                <label></label>
+                            </div>
+                        </td>
                         <td data-label="" editable="true" datatype="inbound">
                             <a href="${httpProto}${subd.RootOrMatchingDomain}${hostnameRedirectPort}" target="_blank">${subd.RootOrMatchingDomain}</a> ${inboundTlsIcon}<br>
                             ${aliasDomains}
@@ -177,27 +460,23 @@
                                 ${upstreams}        
                             </div>
                         </td>
-                        <td data-label="" editable="true" datatype="vdir">${vdList}</td>
-                        <td data-label="tags" payload="${encodeURIComponent(JSON.stringify(subd.Tags))}" datatype="tags">
+                        <td data-label="" editable="true" datatype="vdir" style="${vdIsEmpty?"text-align: center;":""}">${vdList}</td>
+                        <td data-label="tags" payload="${encodeURIComponent(JSON.stringify(subd.Tags))}" datatype="tags" style="${tagListEmpty?"text-align: center;":""}">
                             <div class="tags-list">
-                            ${subd.Tags.length >0 ? subd.Tags.map(tag => `<span class="ui tiny label tag-select" style="background-color: ${getTagColorByName(tag)}; color: ${getTagTextColor(tag)}">${tag}</span>`).join(""):"<small style='opacity: 0.3; pointer-events: none; user-select: none;'>No Tags</small>"}
+                            ${tagList}
                             </div>
                         </td>
-                        <td data-label="" editable="true" datatype="advanced" style="width: 350px;">
+                        <!-- <td data-label="" editable="true" datatype="advanced" style="width: 350px;">
                             ${subd.AuthenticationProvider.AuthMethod == 0x1?`<i class="ui grey key icon"></i> Basic Auth`:``}
                             ${subd.AuthenticationProvider.AuthMethod == 0x2?`<i class="ui blue key icon"></i> Forward Auth`:``}
                             ${subd.AuthenticationProvider.AuthMethod == 0x3?`<i class="ui yellow key icon"></i> OAuth2`:``}
                             ${subd.AuthenticationProvider.AuthMethod != 0x0 && subd.RequireRateLimit?"<br>":""}
                             ${subd.RequireRateLimit?`<i class="ui green check icon"></i> Rate Limit @ ${subd.RateLimit} req/s`:``}
                             ${subd.AuthenticationProvider.AuthMethod == 0x0 && !subd.RequireRateLimit?`<small style="opacity: 0.3; pointer-events: none; user-select: none;">No Special Settings</small>`:""}
-                        </td>
+                        </td> -->
                         <td class="center aligned ignoremw" editable="true" datatype="action" data-label="">
-                            <div class="ui toggle tiny fitted checkbox" style="margin-bottom: -0.5em; margin-right: 0.4em;" title="Enable / Disable Rule">
-                                <input type="checkbox" class="enableToggle" name="active" ${enableChecked} eptuuid="${subd.RootOrMatchingDomain}" onchange="handleProxyRuleToggle(this);">
-                                <label></label>
-                            </div>
-                            <button title="Edit Proxy Rule" class="ui circular mini basic icon button editBtn inlineEditActionBtn" onclick='editEndpoint("${(subd.RootOrMatchingDomain).hexEncode()}")'><i class="edit icon"></i></button>
-                            <button title="Remove Proxy Rule" class="ui circular mini red basic icon button inlineEditActionBtn" onclick='deleteEndpoint("${(subd.RootOrMatchingDomain).hexEncode()}")'><i class="trash icon"></i></button>
+                            <button title="Edit Proxy Rule" class="ui circular small basic icon button editBtn inlineEditActionBtn" onclick='editEndpoint("${(subd.RootOrMatchingDomain).hexEncode()}")'><i class="ellipsis vertical icon"></i></button>
+                            <!-- <button title="Remove Proxy Rule" class="ui circular mini red basic icon button inlineEditActionBtn" onclick='deleteEndpoint("${(subd.RootOrMatchingDomain).hexEncode()}")'><i class="trash icon"></i></button> -->
                         </td>
                     </tr>`);
                 });
@@ -297,9 +576,12 @@
     function editEndpoint(uuid) {
         uuid = uuid.hexDecode();
         var row = $('tr[eptuuid="' + uuid + '"]');
-        var columns = row.find('td[data-label]');
         var payload = $(row).attr("payload");
         payload = JSON.parse(decodeURIComponent(payload));
+        initHttpProxyRuleEditorModal(payload);
+        return;
+        /*
+        var columns = row.find('td[data-label]');
         console.log(payload);
         columns.each(function(index) {
             var column = $(this);
@@ -495,6 +777,7 @@
 
         $(".endpointAdvanceConfig").accordion();
         $("#httpProxyList").find(".editBtn").addClass("disabled");
+    */
     }
 
     //handleToggleRateLimitInput will get trigger if the "require rate limit" checkbox
@@ -514,25 +797,35 @@
     }
 
     function saveProxyInlineEdit(uuid){
-        uuid = uuid.hexDecode();
-        var row = $('tr[eptuuid="' + uuid + '"]');
-        if (row.length == 0){
-            return;
-        }
+        let editor = $("#httprpEditModal");
         
-        var epttype = "host";
-        let useStickySession =  $(row).find(".UseStickySession")[0].checked;
-        let DisableUptimeMonitor = !$(row).find(".EnableUptimeMonitor")[0].checked;
-        let authProviderType = $(row).find(".authProviderPicker input[type='radio']:checked").val();
-        let requireRateLimit = $(row).find(".RequireRateLimit")[0].checked;
-        let rateLimit = $(row).find(".RateLimit").val();
-        let bypassGlobalTLS = $(row).find(".BypassGlobalTLS")[0].checked;
+        let epttype = "host";
+        let useStickySession =  $(editor).find(".UseStickySession")[0].checked;
+        let DisableUptimeMonitor = !$(editor).find(".EnableUptimeMonitor")[0].checked;
+        let authProviderType = $(editor).find(".authProviderPicker input[type='radio']:checked").val();
+        let requireRateLimit = $(editor).find(".RequireRateLimit")[0].checked;
+        let rateLimit = $(editor).find(".RateLimit").val();
+        let bypassGlobalTLS = $(editor).find(".BypassGlobalTLS")[0].checked;
         let tags = getTagsArrayFromEndpoint(uuid);
         if (tags.length > 0){
             tags = tags.join(",");
         }else{
             tags = "";
         }
+
+        console.log({
+                "type": epttype,
+                "rootname": uuid,
+                "ss":useStickySession,
+                "dutm": DisableUptimeMonitor,
+                "bpgtls": bypassGlobalTLS,
+                "authprovider" :authProviderType,
+                "rate" :requireRateLimit,
+                "ratenum" :rateLimit,
+                "tags": tags,
+        });
+        alert("save function wip, see console.log");
+        return;
         $.cjax({
             url: "/api/proxy/edit",
             method: "POST",
@@ -681,14 +974,6 @@
         renewCertificate(renewDomainKey, false, btn);
     }
 
-    //Bind on tab switch events
-    tabSwitchEventBind["httprp"] = function(){
-        listProxyEndpoints();
-
-        //Reset the tag filter
-        $("#tagFilterDropdown").dropdown('set selected', "");
-    }
-
     /* Tags & Search */
     function handleSearchInput(event){
         if (event.key == "Escape"){
@@ -778,10 +1063,217 @@
     }
 
     function getTagsArrayFromEndpoint(endpoint){
+        console.log("wip");
+        return [];
         let targetProxyRuleEle = $(".subdEntry[eptuuid='" + endpoint + "'] td[data-label='tags']");
         let tags = $(targetProxyRuleEle).attr("payload");
         return JSON.parse(decodeURIComponent(tags));
     }
+    
+    /* Modal Events */
+    $("#httprpEditDarkenLayer").on("click", function() {
+        closeHttpRuleEditor();
+    });
+
+    function closeHttpRuleEditor(){
+        $("#httprpEditModalWrapper").hide();
+        exitProxyInlineEdit();
+    }
+
+    //Get the current editing http hostname, return null if errors
+    function getEditingHttpProxyHostname(){
+        let hostname = $("#httprpEditModal").attr("editing-host");
+        if (hostname == ""){
+            return null;
+        }
+
+        return decodeURIComponent(hostname);
+    }
+
+    //Initialize the http proxy rule editor
+    function initHttpProxyRuleEditorModal(rulepayload){
+        let subd = JSON.parse(JSON.stringify(rulepayload));
+
+        //Populate all the information in the proxy editor
+        populateAndBindEventsToHTTPProxyEditor(subd);
+
+        //Show the first rpconfig
+        $("#httprpEditModal .rpconfig_content").hide();
+        $("#httprpEditModal .rpconfig_content[rpcfg='downstream']").show();
+        $("#httprpEditModal .hrpedit_menu_item.active").removeClass("active");
+        $("#httprpEditModal .hrpedit_menu_item[cfgpage='downstream']").addClass("active");
+        $("#httprpEditModalWrapper").show();
+    }
+
+    // This function populate the bind all the events required for the proxy editor
+    // pass a copy of the data structure of subd to prevent modification to the original one
+    function populateAndBindEventsToHTTPProxyEditor(subd){
+        //Assign the editing host to DOM element
+        let uuid = subd.RootOrMatchingDomain; //Each matching hostname as uuid
+        $("#httprpEditModal").attr("editing-host", encodeURIComponent(uuid));
+
+        /* ------------ Downstream ------------ */
+        let editor = $("#httprpEditModalWrapper");
+        
+        //Check if the domain is wildcard domain, if yes do not render as a link
+        if (subd.RootOrMatchingDomain.indexOf("*") > -1){
+            editor.find(".downstream_primary_hostname").html(subd.RootOrMatchingDomain);
+        }else{
+            editor.find(".downstream_primary_hostname").html(`<a href="//${subd.RootOrMatchingDomain}" target="_blank">${subd.RootOrMatchingDomain}</a>`);
+        }
+        editor.find(".BypassGlobalTLS").off('change');
+        editor.find(".BypassGlobalTLS").prop("checked", subd.BypassGlobalTLS);
+        editor.find(".BypassGlobalTLS").on("change", function() {
+            saveProxyInlineEdit(uuid);
+        });
+        
+        
+        //Build the alias hostname list
+        let aliasHTML = "";
+        subd.MatchingDomainAlias.forEach(alias => {
+            if (alias.indexOf("*") > -1){
+                //Wildcard alias
+                aliasHTML += `<span class="ui tiny label">${alias}</span> `;
+            }else{
+                //Normal alias
+                aliasHTML += `<span class="ui tiny label"><a href="//${alias}" target="_blank">${alias}</a></span> `;
+            }
+            
+        });
+        editor.find(".downstream_alias_hostname").html(aliasHTML);
+        
+       
+        let enableQuickRequestButton = true;
+        let domains = [subd.RootOrMatchingDomain]; //Domain for getting certificate if needed
+        for (var i = 0; i < subd.MatchingDomainAlias.length; i++){
+            let thisAliasName = subd.MatchingDomainAlias[i];
+            domains.push(thisAliasName);
+        }
+
+        //Check if the domain or alias contains wildcard, if yes, disabled the get certificate button
+        if (subd.RootOrMatchingDomain.indexOf("*") > -1){
+            enableQuickRequestButton = false;
+        }
+        
+        if (subd.MatchingDomainAlias != undefined){
+            for (var i = 0; i < subd.MatchingDomainAlias.length; i++){
+                if (subd.MatchingDomainAlias[i].indexOf("*") > -1){
+                    enableQuickRequestButton = false;
+                    break;
+                }
+            }
+        }
+
+        let certificateDomains = encodeURIComponent(JSON.stringify(domains));
+        if (enableQuickRequestButton){
+            editor.find(".getCertificateBtn").removeClass("disabled");
+        }else{
+            editor.find(".getCertificateBtn").addClass("disabled");
+        }
+
+        //Bind events for action buttons
+        editor.find(".editAliasHostnameBtn").off("click").on("click", function(){
+            editAliasHostnames(uuid);
+        });
+        editor.find(".editAccessRuleBtn").off("click").on("click", function(){
+            editAccessRule(uuid);
+        });
+        editor.find(".getCertificateBtn").off("click").on("click", function(){
+            requestCertificateForExistingHost(uuid, certificateDomains, this);
+        });
+
+        /* ------------ Upstreams ------------ */
+        editor.find(".upstream_list").html(renderUpstreamList(subd));
+        editor.find(".editUpstreamButton").off("click").on("click", function(){
+            editUpstreams(uuid);
+        })
+
+        /* ------------ Vdirs ------------ */
+        editor.find(".vdir_list").html(renderVirtualDirectoryList(subd));
+        editor.find(".editVdirBtn").off("click").on("click", function(){
+            quickEditVdir(uuid);
+        });
+
+        /* Headers */ 
+        editor.find(".editHeaderBtn").off("click").on("click", function(){
+            editCustomHeaders(uuid);
+        });
+
+        /* ------------ Security ------------ */
+    
+        let authMethodContent = "";
+        switch (subd.AuthenticationProvider.AuthMethod) {
+        case 0x1:
+            editor.find(".authProviderPicker input[value='1']").prop("checked", true);
+            break;
+        case 0x2:
+            editor.find(".authProviderPicker input[value='2']").prop("checked", true);
+            break;
+        case 0x3:
+            editor.find(".authProviderPicker input[value='3']").prop("checked", true);
+            break;
+        default:
+            editor.find(".authProviderPicker input[value='0']").prop("checked", true);
+            break;
+        }
+
+        editor.find(".editBasicAuthCredentialsBtn").off("click").on("click", function(){
+            editBasicAuthCredentials(uuid);
+        });
+
+        //Rate limit
+        if (subd.RequireRateLimit) {
+            editor.find(".RequireRateLimit").prop("checked", true);
+            editor.find(".RateLimit").parent().removeClass("disabled");
+        } else {
+            editor.find(".RequireRateLimit").prop("checked", false);
+            editor.find(".RateLimit").parent().addClass("disabled");
+        }
+
+        editor.find(".RequireRateLimit").off("change").on("change", function() {
+            if ($(this).is(":checked")) {
+                editor.find(".RateLimit").parent().removeClass("disabled");
+            } else {
+                editor.find(".RateLimit").parent().addClass("disabled");
+            }
+        });
+        editor.find(".RateLimit").attr("value", subd.RateLimit);
+
+        /* ------------ TLS ------------ */
+
+        /* ------------ Tags ------------ */
+        editor.find(".editTagsBtn").off("click").on("click", function(){
+            editTags(uuid);
+        });
+
+        console.log(subd);
+    }
+
+    function updateVdirInProxyEditor(){
+        // When page switch from Vdir and back to this page
+        // there is a chance where the user has modified the Vdir
+        // we need to get the latest setting from server side and 
+        // render it again
+        let currentEditingHostname = getEditingHttpProxyHostname();
+        $.get("/api/proxy/list?type=host", function(data){
+            data.sort((a,b) => (a.RootOrMatchingDomain > b.RootOrMatchingDomain) ? 1 : ((b.RootOrMatchingDomain > a.RootOrMatchingDomain) ? -1 : 0));
+            let editingHost = data.find(subd => subd.RootOrMatchingDomain === currentEditingHostname);
+            if (editingHost) {
+                populateAndBindEventsToHTTPProxyEditor(editingHost);
+            } else {
+                closeHttpRuleEditor();
+            }
+        });
+    }
+
+    //bind events to hrpedit_menu_item
+    $(".hrpedit_menu_item").on("click", function() {
+        $(".hrpedit_menu_item.active").removeClass("active");
+        $(this).addClass("active");
+        let cfgPageId = $(this).attr("cfgpage");
+        $("#httprpEditModal .rpconfig_content").hide();
+        $(`#httprpEditModal .rpconfig_content[rpcfg='${cfgPageId}']`).show();
+    });
 
     // Initialize the proxy list on page load
     $(document).ready(function() {
@@ -794,4 +1286,18 @@
             filterProxyList();
         });
     });
+
+    //Bind on tab switch events
+    tabSwitchEventBind["httprp"] = function(){
+        //Check if the proxy editor is opened
+        if ($("#httprpEditModalWrapper").is(":visible")) {
+            //Update the information in the modal
+            updateVdirInProxyEditor();
+        } else {
+            listProxyEndpoints();
+            //Reset the tag filter
+            $("#tagFilterDropdown").dropdown('set selected', "");
+        }
+    }
+        
 </script>
diff --git a/src/web/components/httprp.html.bak b/src/web/components/httprp.html.bak
new file mode 100644
index 0000000..484eb37
--- /dev/null
+++ b/src/web/components/httprp.html.bak
@@ -0,0 +1,797 @@
+<div class="standardContainer">
+    <div class="ui basic segment">
+        <h2>HTTP Proxy</h2>
+        <p>Proxy HTTP server with HTTP or HTTPS for multiple hosts. If you are only proxying for one host / domain, use Default Site instead.</p>
+    </div>
+    <style>
+        #httpProxyList .ui.toggle.checkbox input:checked ~ label::before{
+            background-color: #00ca52 !important;
+        }
+
+        .subdEntry td:not(.ignoremw){
+            min-width: 200px;
+        }
+
+        .httpProxyListTools{
+            width: 100%;
+        }
+
+        .tag-select{
+            cursor: pointer;
+        }
+
+        .tag-select:hover{
+            text-decoration: underline;
+            opacity: 0.8;
+        }
+    </style>
+    <div class="httpProxyListTools" style="margin-bottom: 1em;">
+        <div id="tagFilterDropdown" class="ui floating basic dropdown labeled icon button" style="min-width: 150px;">
+            <i class="filter icon"></i>
+            <span class="text">Filter by tags</span>
+            <div class="menu">
+              <div class="ui icon search input">
+                <i class="search icon"></i>
+                <input type="text" placeholder="Search tags...">
+              </div>
+              <div class="divider"></div>
+                <div class="scrolling menu tagList">
+                    <!--
+                    Example: 
+                    <div class="item">
+                        <div class="ui red empty circular label"></div>
+                        Important
+                    </div>
+                    -->
+                    <!-- Add more tag options dynamically -->
+                </div>
+            </div>
+        </div>
+        <div class="ui small input"  style="width: 300px; height: 38px;">
+            <!-- Prevent the browser from filling the saved Zoraxy login account into the  input searchInput below -->
+            <input type="password"  autocomplete="off" hidden/>
+            <input type="text" id="searchInput"  placeholder="Quick Search" onkeydown="handleSearchInput(event);" onchange="handleSearchInput(event);" onblur="handleSearchInput(event);">
+        </div>
+    </div>
+    
+    <div style="width: 100%; overflow-x: auto; margin-bottom: 1em; min-height: 300px;">
+        <table class="ui celled sortable unstackable compact table">
+            <thead>
+                <tr>
+                    <th>Host</th>
+                    <th>Destination</th>
+                    <th>Virtual Directory</th>
+                    <th>Tags</th>
+                    <th style="max-width: 300px;">Advanced Settings</th>
+                    <th class="no-sort" style="min-width:150px;">Actions</th>
+                </tr>
+            </thead>
+            <tbody id="httpProxyList">
+            
+            </tbody>
+        </table>
+    </div>
+
+    <button class="ui icon right floated basic button" onclick="listProxyEndpoints();"><i class="green refresh icon"></i> Refresh</button>
+    <br><br>
+</div>
+
+<script>
+
+    /* List all proxy endpoints */
+    function listProxyEndpoints(){
+        $.get("/api/proxy/list?type=host", function(data){
+            $("#httpProxyList").html(``);
+            if (data.error !== undefined){
+                    $("#httpProxyList").append(`<tr>
+                    <td data-label="" colspan="5"><i class="remove icon"></i> ${data.error}</td>
+                </tr>`);
+            }else if (data.length == 0){
+                $("#httpProxyList").append(`<tr>
+                    <td data-label="" colspan="5"><i class="green check circle icon"></i> No HTTP Proxy Record</td>
+                </tr>`);
+            }else{
+                //Sort by RootOrMatchingDomain field
+                data.sort((a,b) => (a.RootOrMatchingDomain > b.RootOrMatchingDomain) ? 1 : ((b.RootOrMatchingDomain > a.RootOrMatchingDomain) ? -1 : 0))
+                data.forEach(subd => {
+                    let subdData = encodeURIComponent(JSON.stringify(subd));
+                    
+                    //Build the upstream list
+                    let upstreams = "";
+                    if (subd.ActiveOrigins.length == 0){
+                        //Invalid config
+                        upstreams = `<i class="ui yellow exclamation triangle icon"></i> No Active Upstream Origin<br>`;
+                    }else{
+                        subd.ActiveOrigins.forEach(upstream => {
+                            console.log(upstream);
+                            //Check if the upstreams require TLS connections
+                            let tlsIcon = "";
+                            if (upstream.RequireTLS){
+                                tlsIcon = `<i class="green lock icon" title="TLS Mode"></i>`;
+                                if (upstream.SkipCertValidations){
+                                    tlsIcon = `<i class="yellow lock icon" title="TLS/SSL mode without verification"></i>`
+                                }
+                            }
+
+                            let upstreamLink = `${upstream.RequireTLS?"https://":"http://"}${upstream.OriginIpOrDomain}`;
+
+                            upstreams += `<a href="${upstreamLink}" target="_blank">${upstream.OriginIpOrDomain} ${tlsIcon}</a><br>`;
+                        })
+                    }
+
+                    let inboundTlsIcon = "";
+                    if ($("#tls").checkbox("is checked")){
+                        inboundTlsIcon = `<i class="green lock icon" title="TLS Mode"></i>`;
+                        if (subd.BypassGlobalTLS){
+                            inboundTlsIcon = `<i class="grey lock icon" title="TLS Bypass Enabled"></i>`;
+                        }
+                    }else{
+                        inboundTlsIcon = `<i class="yellow lock open icon" title="Plain Text Mode"></i>`;
+                    }
+                    
+                    //Build the virtual directory list
+                    var vdList = `<div class="ui list">`;
+                    subd.VirtualDirectories.forEach(vdir => {
+                        vdList += `<div class="item">${vdir.MatchingPath} <i class="green angle double right icon"></i> ${vdir.Domain}</div>`;
+                    });
+                    vdList += `</div>`;
+
+                    if (subd.VirtualDirectories.length == 0){
+                        vdList = `<small style="opacity: 0.3; pointer-events: none; user-select: none;">No Virtual Directory</small>`;
+                    }
+
+                    let enableChecked = "checked";
+                    if (subd.Disabled){
+                        enableChecked = "";
+                    }
+                    let httpProto = "http://";
+                    if ($("#tls").checkbox("is checked")) {
+                        httpProto = "https://";
+                    } else {
+                        httpProto = "http://";
+                    }
+                    let hostnameRedirectPort = currentListeningPort;
+                    if (hostnameRedirectPort == 80 || hostnameRedirectPort == 443){
+                        hostnameRedirectPort = "";
+                    }else{
+                        hostnameRedirectPort = ":" + hostnameRedirectPort;
+                    }
+                    let aliasDomains = ``;
+                    if (subd.MatchingDomainAlias != undefined && subd.MatchingDomainAlias.length > 0){
+                        aliasDomains = `<small class="aliasDomains" eptuuid="${subd.RootOrMatchingDomain}" style="color: #636363;">Alias: `;
+                        subd.MatchingDomainAlias.forEach(alias => {
+                            aliasDomains += `<a href="${httpProto}${alias}${hostnameRedirectPort}" target="_blank">${alias}</a>, `;
+                        });
+                        aliasDomains = aliasDomains.substr(0, aliasDomains.length - 2); //Remove the last tailing seperator
+                        aliasDomains += `</small><br>`;
+                    }
+
+                    $("#httpProxyList").append(`<tr eptuuid="${subd.RootOrMatchingDomain}" payload="${subdData}" class="subdEntry">
+                        <td data-label="" editable="true" datatype="inbound">
+                            <a href="${httpProto}${subd.RootOrMatchingDomain}${hostnameRedirectPort}" target="_blank">${subd.RootOrMatchingDomain}</a> ${inboundTlsIcon}<br>
+                            ${aliasDomains}
+                            <small class="accessRuleNameUnderHost" ruleid="${subd.AccessFilterUUID}"></small>
+                        </td>
+                        <td data-label="" editable="true" datatype="domain">
+                            <div class="upstreamList">
+                                ${upstreams}        
+                            </div>
+                        </td>
+                        <td data-label="" editable="true" datatype="vdir">${vdList}</td>
+                        <td data-label="tags" payload="${encodeURIComponent(JSON.stringify(subd.Tags))}" datatype="tags">
+                            <div class="tags-list">
+                            ${subd.Tags.length >0 ? subd.Tags.map(tag => `<span class="ui tiny label tag-select" style="background-color: ${getTagColorByName(tag)}; color: ${getTagTextColor(tag)}">${tag}</span>`).join(""):"<small style='opacity: 0.3; pointer-events: none; user-select: none;'>No Tags</small>"}
+                            </div>
+                        </td>
+                        <td data-label="" editable="true" datatype="advanced" style="width: 350px;">
+                            ${subd.AuthenticationProvider.AuthMethod == 0x1?`<i class="ui grey key icon"></i> Basic Auth`:``}
+                            ${subd.AuthenticationProvider.AuthMethod == 0x2?`<i class="ui blue key icon"></i> Forward Auth`:``}
+                            ${subd.AuthenticationProvider.AuthMethod == 0x3?`<i class="ui yellow key icon"></i> OAuth2`:``}
+                            ${subd.AuthenticationProvider.AuthMethod != 0x0 && subd.RequireRateLimit?"<br>":""}
+                            ${subd.RequireRateLimit?`<i class="ui green check icon"></i> Rate Limit @ ${subd.RateLimit} req/s`:``}
+                            ${subd.AuthenticationProvider.AuthMethod == 0x0 && !subd.RequireRateLimit?`<small style="opacity: 0.3; pointer-events: none; user-select: none;">No Special Settings</small>`:""}
+                        </td>
+                        <td class="center aligned ignoremw" editable="true" datatype="action" data-label="">
+                            <div class="ui toggle tiny fitted checkbox" style="margin-bottom: -0.5em; margin-right: 0.4em;" title="Enable / Disable Rule">
+                                <input type="checkbox" class="enableToggle" name="active" ${enableChecked} eptuuid="${subd.RootOrMatchingDomain}" onchange="handleProxyRuleToggle(this);">
+                                <label></label>
+                            </div>
+                            <button title="Edit Proxy Rule" class="ui circular mini basic icon button editBtn inlineEditActionBtn" onclick='editEndpoint("${(subd.RootOrMatchingDomain).hexEncode()}")'><i class="edit icon"></i></button>
+                            <button title="Remove Proxy Rule" class="ui circular mini red basic icon button inlineEditActionBtn" onclick='deleteEndpoint("${(subd.RootOrMatchingDomain).hexEncode()}")'><i class="trash icon"></i></button>
+                        </td>
+                    </tr>`);
+                });
+                populateTagFilterDropdown(data);
+            }
+
+            resolveAccessRuleNameOnHostRPlist();
+        });
+    }
+
+    //Perform realtime alias update without refreshing the whole page
+    function updateAliasListForEndpoint(endpointName, newAliasDomainList){
+        let targetEle = $(`.aliasDomains[eptuuid='${endpointName}']`);
+        console.log(targetEle);
+        if (targetEle.length == 0){
+            return;
+        }
+
+        let aliasDomains = ``;
+        if (newAliasDomainList != undefined && newAliasDomainList.length > 0){
+            aliasDomains = `Alias: `;
+            newAliasDomainList.forEach(alias => {
+                aliasDomains += `<a href="//${alias}" target="_blank">${alias}</a>, `;
+            });
+            aliasDomains = aliasDomains.substr(0, aliasDomains.length - 2); //Remove the last tailing seperator
+            $(targetEle).html(aliasDomains);
+            $(targetEle).show();
+        }else{
+            $(targetEle).hide();
+        }
+    }
+
+    //Resolve & Update all rule names on host PR list
+    function resolveAccessRuleNameOnHostRPlist(){
+        //Resolve the access filters
+        $.get("/api/access/list", function(data){
+            console.log(data);
+            if (data.error == undefined){
+                //Build a map base on the data
+                let accessRuleMap = {};
+                for (var i = 0; i < data.length; i++){
+                    accessRuleMap[data[i].ID] = data[i];
+                }
+                
+                
+                $(".accessRuleNameUnderHost").each(function(){
+                    let thisAccessRuleID = $(this).attr("ruleid");
+                    if (thisAccessRuleID== ""){
+                        thisAccessRuleID = "default"
+                    }
+
+                    if (thisAccessRuleID == "default"){
+                        //No need to label default access rules
+                        $(this).html("");
+                        return;
+                    }
+
+                    let rule = accessRuleMap[thisAccessRuleID];
+                    if (rule == undefined){
+                        //Missing config or config too old
+                        $(this).html(`<i class="ui red exclamation triangle icon"></i> <b style="color: #db2828;">Access Rule Error</b>`);
+                        return;
+                    }
+                    let icon = `<i class="ui grey filter icon"></i>`;
+                    if (rule.ID == "default"){
+                        icon = `<i class="ui yellow star icon"></i>`;
+                    }else if (rule.BlacklistEnabled && !rule.WhitelistEnabled){
+                        //This is a blacklist filter
+                        icon = `<i class="ui red filter icon"></i>`;
+                    }else if (rule.WhitelistEnabled && !rule.BlacklistEnabled){
+                        //This is a whitelist filter
+                        icon = `<i class="ui green filter icon"></i>`;
+                    }else if (rule.WhitelistEnabled && rule.BlacklistEnabled){
+                        //Whitelist and blacklist filter
+                        icon = `<i class="ui yellow filter icon"></i>`;
+                    }
+
+                    if (rule != undefined){
+                        $(this).html(`${icon} ${rule.Name}`);
+                    }
+                });
+            }
+        })
+    }
+
+    //Update the access rule name on given epuuid, call by hostAccessEditor.html
+    function updateAccessRuleNameUnderHost(epuuid, newruleUID){
+        $(`tr[eptuuid='${epuuid}'].subdEntry`).find(".accessRuleNameUnderHost").attr("ruleid", newruleUID);
+        resolveAccessRuleNameOnHostRPlist();
+    }
+
+    
+    /*
+        Inline editor for httprp.html
+    */
+
+    function editEndpoint(uuid) {
+        uuid = uuid.hexDecode();
+        var row = $('tr[eptuuid="' + uuid + '"]');
+        var columns = row.find('td[data-label]');
+        var payload = $(row).attr("payload");
+        payload = JSON.parse(decodeURIComponent(payload));
+        console.log(payload);
+        columns.each(function(index) {
+            var column = $(this);
+            var oldValue = column.text().trim();
+
+            if ($(this).attr("editable") == "false"){
+                //This col do not allow edit. Skip
+                return;
+            }
+
+            // Create an input element based on the column content
+            var input;
+            var datatype = $(this).attr("datatype");
+            if (datatype == "domain"){
+                let useStickySessionChecked = "";
+                if (payload.UseStickySession){
+                    useStickySessionChecked = "checked";
+                }
+
+                let enableUptimeMonitor = "";
+                //Note the config file store the uptime monitor as disable, so we need to reverse the logic
+                if (!payload.DisableUptimeMonitor){
+                    enableUptimeMonitor = "checked";
+                }
+
+                input = `<button class="ui basic compact tiny button" style="margin-left: 0.4em; margin-top: 1em;" onclick="editUpstreams('${uuid}');"><i class="grey server icon"></i> Edit Upstreams</button>
+                <div class="ui divider"></div>
+                <div class="ui checkbox" style="margin-top: 0.4em;">
+                    <input type="checkbox" class="UseStickySession" ${useStickySessionChecked}>
+                    <label>Use Sticky Session<br>
+                        <small>Enable stick session on load balancing</small></label>
+                </div>
+                <div class="ui checkbox" style="margin-top: 0.4em;">
+                    <input type="checkbox" class="EnableUptimeMonitor" ${enableUptimeMonitor}>
+                    <label>Monitor Uptime<br>
+                        <small>Enable active uptime monitor</small></label>
+                </div>
+                `;
+                column.append(input);
+                $(column).find(".upstreamList").addClass("editing");
+            }else if (datatype == "vdir"){
+                //Append a quick access button for vdir page
+                column.append(`<button class="ui basic tiny button" style="margin-left: 0.4em; margin-top: 0.4em;" onclick="quickEditVdir('${uuid}');">
+                    <i class="ui yellow folder icon"></i> Edit Virtual Directories
+                </button>`);
+            }else if (datatype == "tags"){
+                column.append(`
+                    <div class="ui divider"></div>
+                    <button class="ui basic compact fluid tiny button" style="margin-left: 0.4em; margin-top: 0.4em;" onclick="editTags('${uuid}');"><i class="ui purple tag icon"></i> Edit tags</button>
+                `);
+            }else if (datatype == "advanced"){
+                let authProvider = payload.AuthenticationProvider.AuthMethod;
+                
+                let skipWebSocketOriginCheck = payload.SkipWebSocketOriginCheck;
+                let wsCheckstate = "";
+                if (skipWebSocketOriginCheck){
+                    wsCheckstate = "checked";
+                }
+
+                let requireRateLimit = payload.RequireRateLimit;
+                let rateLimitCheckState = "";
+                if (requireRateLimit){
+                    rateLimitCheckState = "checked";
+                }
+                let rateLimit = payload.RateLimit;
+                if (rateLimit == 0){
+                    //This value is not set. Make it default to 100
+                    rateLimit = 100;
+                }
+                let rateLimitDisableState = "";
+                if (!payload.RequireRateLimit){
+                    rateLimitDisableState = "disabled";
+                }
+
+                column.empty().append(`
+                    <div class="grouped fields authProviderPicker">
+                        <label><b>Authentication Provider</b></label>
+                        <div class="field">
+                            <div class="ui radio checkbox">
+                                <input type="radio" value="0" name="authProviderType" ${authProvider==0x0?"checked":""}>
+                                <label>None (Anyone can access)</label>
+                            </div>
+                        </div>
+                        <div class="field">
+                            <div class="ui radio checkbox">
+                                <input type="radio" value="1" name="authProviderType" ${authProvider==0x1?"checked":""}>
+                                <label>Basic Auth</label>
+                            </div>
+                        </div>
+                        <div class="field">
+                            <div class="ui radio checkbox">
+                                <input type="radio" value="2" name="authProviderType" ${authProvider==0x2?"checked":""}>
+                                <label>Forward Auth</label>
+                            </div>
+                        </div>
+                        <div class="field">
+                            <div class="ui radio checkbox">
+                                <input type="radio" value="3" name="authProviderType" ${authProvider==0x3?"checked":""}>
+                                <label>OAuth2</label>
+                            </div>
+                        </div>
+                    </div>
+                    <button class="ui basic compact tiny button" style="margin-left: 0.4em; margin-top: 0.4em;" onclick="editBasicAuthCredentials('${uuid}');"><i class="ui blue user circle icon"></i> Edit Credentials</button>
+                    <button class="ui basic compact tiny button" style="margin-left: 0.4em; margin-top: 0.4em;" onclick="editCustomHeaders('${uuid}');"><i class="heading icon"></i> Custom Headers</button>
+
+                    <div class="ui basic advance segment" style="padding: 0.4em !important; border-radius: 0.4em;">
+                        <div class="ui endpointAdvanceConfig accordion" style="padding-right: 0.6em;">
+                            <div class="title">
+                                <i class="dropdown icon"></i>
+                                Security Options
+                            </div>
+                            <div class="content">
+                                <div class="ui checkbox" style="margin-top: 0.4em;">
+                                    <input type="checkbox" onchange="handleToggleRateLimitInput();" class="RequireRateLimit" ${rateLimitCheckState}>
+                                    <label>Require Rate Limit<br>
+                                    <small>Check this to enable rate limit on this inbound hostname</small></label>
+                                </div><br>
+                                <div class="ui mini right labeled fluid input ${rateLimitDisableState}" style="margin-top: 0.4em;">
+                                    <input type="number" class="RateLimit" value="${rateLimit}" min="1" >
+                                    <label class="ui basic label">
+                                        req / sec / IP
+                                    </label>
+                                </div>
+                            </div>
+                        </div>
+                    <div>
+                `);
+
+                $('.authProviderPicker .ui.checkbox').checkbox();
+            } else if (datatype == "ratelimit"){
+               
+                column.empty().append(`
+                    <div class="ui checkbox" style="margin-top: 0.4em;">
+                        <input type="checkbox" class="RequireRateLimit" ${checkstate}>
+                        <label>Require Rate Limit</label>
+                    </div>
+                    <div class="ui mini fluid input">
+                        <input type="number" class="RateLimit" value="${rateLimit}" placeholder="100" min="1" max="1000" >
+                    </div>
+                `);
+
+            }else if (datatype == 'action'){
+                column.empty().append(`
+                <button title="Save" onclick="saveProxyInlineEdit('${uuid.hexEncode()}');" class="ui basic small icon circular button inlineEditActionBtn"><i class="ui green save icon"></i></button>
+                <button title="Cancel" onclick="exitProxyInlineEdit();" class="ui basic small icon circular button inlineEditActionBtn"><i class="ui remove icon"></i></button>
+                
+                `);
+            }else if (datatype == "inbound"){
+                let originalContent = $(column).html();
+
+                //Check if this host is covered within one of the certificates. If not, show the icon
+                let enableQuickRequestButton = true;
+                let domains = [payload.RootOrMatchingDomain]; //Domain for getting certificate if needed
+                for (var i = 0; i < payload.MatchingDomainAlias.length; i++){
+                    let thisAliasName = payload.MatchingDomainAlias[i];
+                    domains.push(thisAliasName);
+                }
+
+                //Check if the domain or alias contains wildcard, if yes, disabled the get certificate button
+                if (payload.RootOrMatchingDomain.indexOf("*") > -1){
+                    enableQuickRequestButton = false;
+                }
+                
+                if (payload.MatchingDomainAlias != undefined){
+                    for (var i = 0; i < payload.MatchingDomainAlias.length; i++){
+                        if (payload.MatchingDomainAlias[i].indexOf("*") > -1){
+                            enableQuickRequestButton = false;
+                            break;
+                        }
+                    }
+                }
+
+                //encode the domain to DOM
+                let certificateDomains = encodeURIComponent(JSON.stringify(domains));
+                
+                column.empty().append(`${originalContent}
+                    <div class="ui divider"></div>
+                    <div class="ui checkbox" style="margin-top: 0.4em;">
+                        <input type="checkbox" class="BypassGlobalTLS" ${payload.BypassGlobalTLS?"checked":""}>
+                        <label>Allow plain HTTP access<br>
+                            <small>Allow inbound connections without TLS/SSL</small></label>
+                    </div><br>
+                    <button class="ui basic compact tiny button" style="margin-left: 0.4em; margin-top: 0.4em;" onclick="editAliasHostnames('${uuid}');"><i class=" blue at icon"></i> Alias</button>
+                    <button class="ui basic compact tiny button" style="margin-left: 0.4em; margin-top: 0.4em;" onclick="editAccessRule('${uuid}');"><i class="ui filter icon"></i> Access Rule</button>
+                    <button class="ui basic compact tiny ${enableQuickRequestButton?"":"disabled"} button" style="margin-left: 0.4em; margin-top: 0.4em;" onclick="requestCertificateForExistingHost('${uuid}', '${certificateDomains}', this);"><i class="green lock icon"></i> Get Certificate</button>
+                `);
+
+                $(".hostAccessRuleSelector").dropdown();
+            }else{
+                //Unknown field. Leave it untouched
+            }
+        });
+
+        $(".endpointAdvanceConfig").accordion();
+        $("#httpProxyList").find(".editBtn").addClass("disabled");
+    }
+
+    //handleToggleRateLimitInput will get trigger if the "require rate limit" checkbox
+    // is changed and toggle the disable state of the rate limit input field
+    function handleToggleRateLimitInput(){
+        let isRateLimitEnabled = $("#httpProxyList input.RequireRateLimit")[0].checked;
+        if (isRateLimitEnabled){
+            $("#httpProxyList input.RateLimit").parent().removeClass("disabled");
+        }else{
+            $("#httpProxyList input.RateLimit").parent().addClass("disabled");
+        }
+    }
+
+    function exitProxyInlineEdit(){
+        listProxyEndpoints();
+        $("#httpProxyList").find(".editBtn").removeClass("disabled");
+    }
+
+    function saveProxyInlineEdit(uuid){
+        uuid = uuid.hexDecode();
+        var row = $('tr[eptuuid="' + uuid + '"]');
+        if (row.length == 0){
+            return;
+        }
+        
+        var epttype = "host";
+        let useStickySession =  $(row).find(".UseStickySession")[0].checked;
+        let DisableUptimeMonitor = !$(row).find(".EnableUptimeMonitor")[0].checked;
+        let authProviderType = $(row).find(".authProviderPicker input[type='radio']:checked").val();
+        let requireRateLimit = $(row).find(".RequireRateLimit")[0].checked;
+        let rateLimit = $(row).find(".RateLimit").val();
+        let bypassGlobalTLS = $(row).find(".BypassGlobalTLS")[0].checked;
+        let tags = getTagsArrayFromEndpoint(uuid);
+        if (tags.length > 0){
+            tags = tags.join(",");
+        }else{
+            tags = "";
+        }
+        $.cjax({
+            url: "/api/proxy/edit",
+            method: "POST",
+            data: {
+                "type": epttype,
+                "rootname": uuid,
+                "ss":useStickySession,
+                "dutm": DisableUptimeMonitor,
+                "bpgtls": bypassGlobalTLS,
+                "authprovider" :authProviderType,
+                "rate" :requireRateLimit,
+                "ratenum" :rateLimit,
+                "tags": tags,
+            },
+            success: function(data){
+                if (data.error !== undefined){
+                    msgbox(data.error, false, 6000);
+                }else{
+                    msgbox("Proxy endpoint updated");
+                    listProxyEndpoints();
+                }
+            }
+        })
+    }
+
+    //Generic functions for delete rp endpoints 
+    function deleteEndpoint(epoint){
+        epoint = decodeURIComponent(epoint).hexDecode();
+        if (confirm("Confirm remove proxy for :" + epoint + "?")){
+            $.cjax({
+                url: "/api/proxy/del",
+                method: "POST",
+                data: {ep: epoint},
+                success: function(data){
+                    if (data.error == undefined){
+                        listProxyEndpoints();
+                        msgbox("Proxy Rule Deleted", true);
+                        reloadUptimeList();
+                    }else{
+                        msgbox(data.error, false);
+                    }
+                }
+            })
+        }
+    }
+
+    
+    /* button events */
+    function editBasicAuthCredentials(uuid){
+        let payload = encodeURIComponent(JSON.stringify({
+            ept: "host",
+            ep: uuid
+        }));
+        showSideWrapper("snippet/basicAuthEditor.html?t=" + Date.now() + "#" + payload);
+    }
+
+    function editAccessRule(uuid){
+        let payload = encodeURIComponent(JSON.stringify({
+            ept: "host",
+            ep: uuid
+        }));
+        showSideWrapper("snippet/hostAccessEditor.html?t=" + Date.now() + "#" + payload);
+    }
+
+    function editAliasHostnames(uuid){
+        let payload = encodeURIComponent(JSON.stringify({
+            ept: "host",
+            ep: uuid
+        }));
+        showSideWrapper("snippet/aliasEditor.html?t=" + Date.now() + "#" + payload);
+    }
+
+    function quickEditVdir(uuid){
+        openTabById("vdir");
+        $("#vdirBaseRoutingRule").parent().dropdown("set selected", uuid);
+    }
+
+    //Open the custom header editor
+    function editCustomHeaders(uuid){
+        let payload = encodeURIComponent(JSON.stringify({
+            ept: "host",
+            ep: uuid
+        }));
+        showSideWrapper("snippet/customHeaders.html?t=" + Date.now() + "#" + payload);
+    }
+
+    //Open the load balance option
+    function editUpstreams(uuid){
+        let payload = encodeURIComponent(JSON.stringify({
+            ept: "host",
+            ep: uuid
+        }));
+        showSideWrapper("snippet/upstreams.html?t=" + Date.now() + "#" + payload);
+    }
+
+    function handleProxyRuleToggle(object){
+        let endpointUUID = $(object).attr("eptuuid");
+        let isChecked = object.checked;
+        $.cjax({
+            url: "/api/proxy/toggle",
+            data: {
+                "ep": endpointUUID,
+                "enable": isChecked
+            },
+            success: function(data){
+                if (data.error != undefined){
+                    msgbox(data.error, false);
+                }else{
+                    if (isChecked){
+                        msgbox("Proxy Rule Enabled");
+                    }else{
+                        msgbox("Proxy Rule Disabled");
+                    }
+                    
+                }
+            }
+        })
+    }
+
+    /* 
+        Certificate Shortcut
+    */
+
+    function requestCertificateForExistingHost(hostUUID, RootAndAliasDomains, btn=undefined){
+        RootAndAliasDomains = JSON.parse(decodeURIComponent(RootAndAliasDomains))
+        let renewDomainKey = RootAndAliasDomains.join(",");
+        let preferedACMEEmail = $("#prefACMEEmail").val();
+        if (preferedACMEEmail == ""){
+            msgbox("Preferred email for ACME registration not set", false);
+            return;
+        }
+        let defaultCA = $("#defaultCA").dropdown("get value");
+        if (defaultCA == ""){
+            defaultCA = "Let's Encrypt";
+        }
+
+        //Check if the root or the alias domain contain wildcard character, if yes, return error
+        for (var i = 0; i < RootAndAliasDomains.length; i++){
+            if (RootAndAliasDomains[i].indexOf("*") != -1){
+                msgbox("Wildcard domain can only be setup via ACME tool", false);
+                return;
+            }
+        }
+        
+        //Renew the certificate
+        renewCertificate(renewDomainKey, false, btn);
+    }
+
+    //Bind on tab switch events
+    tabSwitchEventBind["httprp"] = function(){
+        listProxyEndpoints();
+
+        //Reset the tag filter
+        $("#tagFilterDropdown").dropdown('set selected', "");
+    }
+
+    /* Tags & Search */
+    function handleSearchInput(event){
+        if (event.key == "Escape"){
+            $("#searchInput").val("");
+        }
+        filterProxyList();
+    }
+
+     // Function to filter the proxy list
+     function filterProxyList() {
+        let searchInput = $("#searchInput").val().toLowerCase();
+        let selectedTag = $("#tagFilterDropdown").dropdown('get value');
+        $("#httpProxyList tr").each(function() {
+            let host = $(this).find("td[data-label='']").text().toLowerCase();
+            let tagElements = $(this).find("td[data-label='tags']");
+            let tags = tagElements.attr("payload");
+            tags = JSON.parse(decodeURIComponent(tags));
+            if ((host.includes(searchInput) || searchInput === "") && (tags.includes(selectedTag) || selectedTag === "")) {
+                $(this).show();
+            } else {
+                $(this).hide();
+            }
+        });
+    }
+
+    // Function to generate a color based on a tag name
+    function getTagColorByName(tagName) {
+        function hashCode(str) {
+            return str.split('').reduce((prevHash, currVal) =>
+                ((prevHash << 5) - prevHash) + currVal.charCodeAt(0), 0);
+        }
+        let hash = hashCode(tagName);
+        let color = '#' + ((hash >> 24) & 0xFF).toString(16).padStart(2, '0') +
+                            ((hash >> 16) & 0xFF).toString(16).padStart(2, '0') +
+                            ((hash >> 8) & 0xFF).toString(16).padStart(2, '0');
+        return color;
+    }
+
+    function getTagTextColor(tagName){
+        let color = getTagColorByName(tagName);
+        let r = parseInt(color.substr(1, 2), 16);
+        let g = parseInt(color.substr(3, 2), 16);
+        let b = parseInt(color.substr(5, 2), 16);
+        let brightness = Math.round(((r * 299) + (g * 587) + (b * 114)) / 1000);
+        return brightness > 125 ? "#000000" : "#ffffff";
+    }
+    
+     // Populate the tag filter dropdown
+     function populateTagFilterDropdown(data) {
+        let tags = new Set();
+        data.forEach(subd => {
+            subd.Tags.forEach(tag => tags.add(tag));
+        });
+        tags = Array.from(tags).sort((a, b) => a.localeCompare(b));
+        let dropdownMenu = $("#tagFilterDropdown .tagList");
+        dropdownMenu.html(`<div class="item tag-select" data-value="">
+            <div class="ui grey empty circular label"></div>
+            Show all
+        </div>`);
+        tags.forEach(tag => {
+            let thisTagColor = getTagColorByName(tag);
+            dropdownMenu.append(`<div class="item tag-select" data-value="${tag}">
+                <div class="ui empty circular label" style="background-color: ${thisTagColor}; border-color: ${thisTagColor};" ></div>
+                ${tag}
+            </div>`);
+        });
+    }
+
+    // Edit tags for a specific endpoint
+    function editTags(uuid){
+        let payload = encodeURIComponent(JSON.stringify({
+            ept: "host",
+            ep: uuid
+        }));
+        showSideWrapper("snippet/tagEditor.html?t=" + Date.now() + "#" + payload);
+    }
+
+    // Render the tags preview from tag editing snippet
+    function renderTagsPreview(endpoint, tags){
+        let targetProxyRuleEle = $(".subdEntry[eptuuid='" + endpoint + "'] td[data-label='tags']");
+        //Update the tag DOM
+        let newTagDOM = tags.map(tag => `<span class="ui tiny label tag-select" style="background-color: ${getTagColorByName(tag)}; color: ${getTagTextColor(tag)}">${tag}</span>`).join("");
+        $(targetProxyRuleEle).find(".tags-list").html(newTagDOM);
+
+        //Update the tag payload
+        $(targetProxyRuleEle).attr("payload", encodeURIComponent(JSON.stringify(tags)));
+    }
+
+    function getTagsArrayFromEndpoint(endpoint){
+        let targetProxyRuleEle = $(".subdEntry[eptuuid='" + endpoint + "'] td[data-label='tags']");
+        let tags = $(targetProxyRuleEle).attr("payload");
+        return JSON.parse(decodeURIComponent(tags));
+    }
+
+    // Initialize the proxy list on page load
+    $(document).ready(function() {
+        listProxyEndpoints();
+
+        // Event listener for clicking on tags
+        $(document).on('click', '.tag-select', function() {
+            let tag = $(this).text().trim();
+            $('#tagFilterDropdown').dropdown('set selected', tag);
+            filterProxyList();
+        });
+    });
+</script>

From c7b5e0994e19b68bb99d0e8539d00bb05b71f658 Mon Sep 17 00:00:00 2001
From: Toby Chui <tobychui@users.noreply.github.com>
Date: Mon, 9 Jun 2025 22:01:30 +0800
Subject: [PATCH 6/7] Added more wip UI elements

---
 src/web/components/httprp.html        | 274 +++++++++++++++++---------
 src/web/index.html                    |  14 ++
 src/web/snippet/customHeaders.html    |  13 +-
 src/web/snippet/hostAccessEditor.html |   6 +-
 src/web/snippet/tagEditor.html        |  11 +-
 5 files changed, 202 insertions(+), 116 deletions(-)

diff --git a/src/web/components/httprp.html b/src/web/components/httprp.html
index eea543f..890d8cf 100644
--- a/src/web/components/httprp.html
+++ b/src/web/components/httprp.html
@@ -46,7 +46,7 @@
             left: 50%;
             transform: translate(-50%, -50%);
             width: 68vw;
-            height: 50vh;
+            height: 70vh;
             background-color: var(--theme_bg_primary);
             padding: 1.4em;
             border-radius: .6em;
@@ -55,6 +55,44 @@
             max-width: 840px;
         }
 
+        #httprpEditModal .rpconfig_content{
+            height: 100%;
+        }
+
+        #httprpEditModal .editor_side_wrapper{
+            position: absolute;
+            top: 0;
+            right: 0;
+            height:100%;
+            width: 100%;
+            background-color: var(--theme_bg_primary);
+        }
+
+        #httprpEditModal .wrapper_frame{
+            width: 100%;
+            border: 1px solid var(--divider_color);
+            border-radius: 0.5em;
+            height: calc(100%);
+        }
+
+        #httprpEditModal .editor_side_wrapper .wrapper_frame{
+            height: calc(100% - 30px);
+        }
+
+        #httprpEditModal .editor_back_button {
+            border: none;
+            background-color: transparent;
+            box-shadow: none;
+            color: var(--text_color);
+            font-size: 2.2em;
+            cursor: pointer;
+            padding-top: 20px;
+        }
+
+        #httprpEditModal .editor_back_button:hover{
+            opacity: 0.5;
+        }
+
         @media screen and (max-width: 1024px) {
             #httprpEditModal {
                 width: 85vw;
@@ -63,9 +101,9 @@
 
         @media screen and (max-width: 768px) {
             #httprpEditModal {
-                width: 95vw;
                 height: 80vh;
                 border-radius: 0;
+                overflow-y: scroll;
             }
 
             .httpProxyEditClosePC{
@@ -85,8 +123,6 @@
             }
         }
 
-
-
         #httprpEditDarkenLayer {
             position: fixed;
             top: 0;
@@ -95,6 +131,7 @@
             height: 100%;
             background-color: rgba(0, 0, 0, 0.5);
             z-index: 8;
+            backdrop-filter: blur(3px);
         }
 
         #httprpEditModalWrapper {
@@ -155,7 +192,7 @@
 <!-- Modal for editing a HTTP Proxy Rule -->
 <div id="httprpEditModalWrapper">
     <div id="httprpEditModal" editing-host="">
-        <div class="ui stackable grid">
+        <div class="ui stackable grid" style="height:100%;">
             <div class="four wide column">
                 <div class="ui secondary fluid vertical menu">
                     <a class="active item hrpedit_menu_item" cfgpage="downstream">
@@ -184,56 +221,60 @@
                 <button class="ui basic fluid button httpProxyEditClosePC" onclick="closeHttpRuleEditor();">Close</button>
             </div>
             <div class="twelve wide column">
-                <div class="ui segment">
+                <div style="height:100%;">
                     <!-- Downstream -->
                     <div class="rpconfig_content" rpcfg="downstream">
-                        <h3 class="downstream_primary_hostname">
-                            
-                        </h3>
-                        <div class="downstream_alias_hostname">
+                        <div class="ui segment">
+                            <h3 class="downstream_primary_hostname">
+                                
+                            </h3>
+                            <div class="downstream_alias_hostname">
 
-                        </div>
-                        <div class="ui divider"></div>
-                        <div class="downstream_action_list">
-                            <div class="ui checkbox" style="margin-top: 0.4em;">
-                                <input type="checkbox" class="BypassGlobalTLS" ${subd.BypassGlobalTLS?"checked":""}>
-                                <label>Allow plain HTTP access<br>
-                                    <small>Allow inbound connections without TLS/SSL</small></label>
                             </div>
-                            <br>
-                            <button class="ui basic compact tiny button editAliasHostnameBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="blue at icon"></i> Alias Hostnames</button>
-                            <button class="ui basic compact tiny button editAccessRuleBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="ui filter icon"></i> Access Rule</button>
+                            <div class="ui divider"></div>
+                            <div class="downstream_action_list">
+                                <div class="ui checkbox" style="margin-top: 0.4em;">
+                                    <input type="checkbox" class="BypassGlobalTLS" ${subd.BypassGlobalTLS?"checked":""}>
+                                    <label>Allow plain HTTP access<br>
+                                        <small>Allow inbound connections without TLS/SSL</small></label>
+                                </div>
+                                <br>
+                                <button class="ui basic compact tiny button editAliasHostnameBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="blue at icon"></i> Alias Hostnames</button>
+                                <button class="ui basic compact tiny button editAccessRuleBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="ui filter icon"></i> Access Rule</button>
+                            </div>
                         </div>
                     </div>
                     <!-- Upstream -->
                     <div class="rpconfig_content" rpcfg="upstream">
-                        <div class="upstream_list">
+                        <div class="ui segment">
+                            <div class="upstream_list">
 
-                        </div>
-                        <button class="ui basic compact button editUpstreamButton" style="margin-left: 0.4em; margin-top: 1em;"><i class="grey server icon"></i> Edit Upstreams</button>
-                        <div class="ui divider"></div>
-                        <div class="ui checkbox" style="margin-top: 0.4em;">
-                            <input type="checkbox" class="EnableUptimeMonitor">
-                            <label>Monitor Uptime<br>
-                                <small>Enable active uptime monitor and auto disable upstreams that are offline</small></label>
-                        </div>
-                        <div class="ui basic advance segment" style="padding: 0.4em !important; border-radius: 0.4em;">
-                            <div class="ui endpointAdvanceConfig accordion" style="padding-right: 0.6em;">
-                                <div class="title">
-                                    <i class="dropdown icon"></i>
-                                    Advanced Settings
-                                </div>
-                                <div class="content">
-                                    <div class="ui checkbox" style="margin-top: 0.4em;">
-                                        <input type="checkbox" class="UseStickySession">
-                                        <label>Use Sticky Session<br>
-                                            <small>Enable stick session on load balancing</small></label>
+                            </div>
+                            <button class="ui basic compact button editUpstreamButton" style="margin-left: 0.4em; margin-top: 1em;"><i class="grey server icon"></i> Edit Upstreams</button>
+                            <div class="ui divider"></div>
+                            <div class="ui checkbox" style="margin-top: 0.4em;">
+                                <input type="checkbox" class="EnableUptimeMonitor">
+                                <label>Monitor Uptime<br>
+                                    <small>Enable active uptime monitor and auto disable upstreams that are offline</small></label>
+                            </div>
+                            <div class="ui basic advance segment" style="padding: 0.4em !important; border-radius: 0.4em;">
+                                <div class="ui endpointAdvanceConfig accordion" style="padding-right: 0.6em;">
+                                    <div class="title">
+                                        <i class="dropdown icon"></i>
+                                        Advanced Settings
                                     </div>
-                                    <br>
-                                    <div class="ui disabled checkbox" style="margin-top: 0.4em;">
-                                        <input type="checkbox" class="DisableChunkedTransferEncoding">
-                                        <label>Disable Chunked Transfer Encoding<br>
-                                            <small>Enable this option if your upstream uses a legacy HTTP server implementation</small></label>
+                                    <div class="content">
+                                        <div class="ui checkbox" style="margin-top: 0.4em;">
+                                            <input type="checkbox" class="UseStickySession">
+                                            <label>Use Sticky Session<br>
+                                                <small>Enable stick session on load balancing</small></label>
+                                        </div>
+                                        <br>
+                                        <div class="ui disabled checkbox" style="margin-top: 0.4em;">
+                                            <input type="checkbox" class="DisableChunkedTransferEncoding">
+                                            <label>Disable Chunked Transfer Encoding<br>
+                                                <small>Enable this option if your upstream uses a legacy HTTP server implementation</small></label>
+                                        </div>
                                     </div>
                                 </div>
                             </div>
@@ -241,17 +282,21 @@
                     </div>
                     <!-- Virtual Directories-->
                     <div class="rpconfig_content" rpcfg="vdirs">
-                        <div class="vdir_list">
+                        <div class="ui segment">
+                            <div class="vdir_list">
 
+                            </div>
+                            <div class="ui divider"></div>
+                            <button class="ui basic tiny button editVdirBtn" style="margin-left: 0.4em; margin-top: 0.4em;">
+                                <i class="ui yellow folder icon"></i> Edit Virtual Directories
+                            </button>
                         </div>
-                        <div class="ui divider"></div>
-                        <button class="ui basic tiny button editVdirBtn" style="margin-left: 0.4em; margin-top: 0.4em;">
-                            <i class="ui yellow folder icon"></i> Edit Virtual Directories
-                        </button>
                     </div>
+                    <!-- Custom Headers -->
                     <div class="rpconfig_content" rpcfg="headers">
-                        Headers
-                        <button class="ui basic compact tiny button editHeaderBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="heading icon"></i> Custom Headers</button>
+                        <iframe src="" class="wrapper_frame">
+
+                        </iframe>
                     </div>
                     <!-- Security -->
                     <div class="rpconfig_content" rpcfg="security">
@@ -303,17 +348,25 @@
                     <!-- TLS / SSL -->
                     <div class="rpconfig_content" rpcfg="ssl">
                         SSL
-                        <button class="ui basic compact small button getCertificateBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="green lock icon"></i> Get Certificate</button>
+                        <button class="ui basic small button getCertificateBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="green lock icon"></i> Get Certificate</button>
                     </div>
                     <!-- Tags -->
                     <div class="rpconfig_content" rpcfg="tags">
-                        Tags
-                        <button class="ui basic compact small button editTagsBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="ui purple tag icon"></i> Edit tags</button>
+                        <iframe src="" class="wrapper_frame">
+
+                        </iframe>
                     </div>
                 </div>
-                <p><em>Note: All changes will be automatically saved.</em></p>
-                <br><br>
                 <button class="ui basic fluid button httpProxyEditCloseMobile" onclick="closeHttpRuleEditor();">Close</button>
+                <!-- Editor Side Wrapper -->
+                <div class="editor_side_wrapper" style="display:none;">
+                    <a class="editor_back_button">
+                        <i class="chevron circle left icon" style="margin-top: 22px;"></i>
+                    </a>
+                    <iframe src="snippet/placeholder.html" class="wrapper_frame">
+
+                    </iframe>
+                </div>
             </div>
         </div>
     </div>
@@ -366,6 +419,17 @@
         return vdList;
     }
 
+    function renderTagList(subd){
+        let tagList = "";
+        if (subd.Tags.length > 0){
+            tagList = subd.Tags.map(tag => `<span class="ui tiny label tag-select" style="background-color: ${getTagColorByName(tag)}; color: ${getTagTextColor(tag)}">${tag}</span>`).join("");
+        }else{
+            tagList = "<small style='opacity: 0.3; pointer-events: none; user-select: none;'>No Tags</small>";
+            tagListEmpty = true;
+        }
+        return tagList;
+    }
+
     /* List all proxy endpoints */
     function listProxyEndpoints(){
         $.get("/api/proxy/list?type=host", function(data){
@@ -434,14 +498,8 @@
                     }
 
                     //Build tag list
-                    let tagList = "";
-                    let tagListEmpty = false;
-                    if (subd.Tags.length > 0){
-                        tagList = subd.Tags.map(tag => `<span class="ui tiny label tag-select" style="background-color: ${getTagColorByName(tag)}; color: ${getTagTextColor(tag)}">${tag}</span>`).join("");
-                    }else{
-                        tagList = "<small style='opacity: 0.3; pointer-events: none; user-select: none;'>No Tags</small>";
-                        tagListEmpty = true;
-                    }
+                    let tagList = renderTagList(subd);
+                    let tagListEmpty = (subd.Tags.length == 0);
                     
                     $("#httpProxyList").append(`<tr eptuuid="${subd.RootOrMatchingDomain}" payload="${subdData}" class="subdEntry">
                         <td class="collapsing ignoremw" datatype="enable">
@@ -879,7 +937,7 @@
             ept: "host",
             ep: uuid
         }));
-        showSideWrapper("snippet/basicAuthEditor.html?t=" + Date.now() + "#" + payload);
+        showEditorSideWrapper("snippet/basicAuthEditor.html?t=" + Date.now() + "#" + payload);
     }
 
     function editAccessRule(uuid){
@@ -887,7 +945,7 @@
             ept: "host",
             ep: uuid
         }));
-        showSideWrapper("snippet/hostAccessEditor.html?t=" + Date.now() + "#" + payload);
+        showEditorSideWrapper("snippet/hostAccessEditor.html?t=" + Date.now() + "#" + payload);
     }
 
     function editAliasHostnames(uuid){
@@ -895,7 +953,7 @@
             ept: "host",
             ep: uuid
         }));
-        showSideWrapper("snippet/aliasEditor.html?t=" + Date.now() + "#" + payload);
+        showEditorSideWrapper("snippet/aliasEditor.html?t=" + Date.now() + "#" + payload);
     }
 
     function quickEditVdir(uuid){
@@ -903,22 +961,13 @@
         $("#vdirBaseRoutingRule").parent().dropdown("set selected", uuid);
     }
 
-    //Open the custom header editor
-    function editCustomHeaders(uuid){
-        let payload = encodeURIComponent(JSON.stringify({
-            ept: "host",
-            ep: uuid
-        }));
-        showSideWrapper("snippet/customHeaders.html?t=" + Date.now() + "#" + payload);
-    }
-
     //Open the load balance option
     function editUpstreams(uuid){
         let payload = encodeURIComponent(JSON.stringify({
             ept: "host",
             ep: uuid
         }));
-        showSideWrapper("snippet/upstreams.html?t=" + Date.now() + "#" + payload);
+        showEditorSideWrapper("snippet/upstreams.html?t=" + Date.now() + "#" + payload);
     }
 
     function handleProxyRuleToggle(object){
@@ -1048,10 +1097,10 @@
             ept: "host",
             ep: uuid
         }));
-        showSideWrapper("snippet/tagEditor.html?t=" + Date.now() + "#" + payload);
+        showEditorSideWrapper("snippet/tagEditor.html?t=" + Date.now() + "#" + payload);
     }
 
-    // Render the tags preview from tag editing snippet
+    // Render the tags preview from tag editing snippet, callback from tags editor
     function renderTagsPreview(endpoint, tags){
         let targetProxyRuleEle = $(".subdEntry[eptuuid='" + endpoint + "'] td[data-label='tags']");
         //Update the tag DOM
@@ -1062,9 +1111,8 @@
         $(targetProxyRuleEle).attr("payload", encodeURIComponent(JSON.stringify(tags)));
     }
 
+
     function getTagsArrayFromEndpoint(endpoint){
-        console.log("wip");
-        return [];
         let targetProxyRuleEle = $(".subdEntry[eptuuid='" + endpoint + "'] td[data-label='tags']");
         let tags = $(targetProxyRuleEle).attr("payload");
         return JSON.parse(decodeURIComponent(tags));
@@ -1076,8 +1124,12 @@
     });
 
     function closeHttpRuleEditor(){
-        $("#httprpEditModalWrapper").hide();
-        exitProxyInlineEdit();
+        $(".ui.toggle.tiny.fitted.checkbox").css("z-index", 0);
+        $("#httprpEditModalWrapper").fadeOut("fast", function(){
+            $(".ui.toggle.tiny.fitted.checkbox").css("z-index", "auto");
+            $("body").css("overflow", "auto");
+            exitProxyInlineEdit();
+        }); 
     }
 
     //Get the current editing http hostname, return null if errors
@@ -1093,7 +1145,7 @@
     //Initialize the http proxy rule editor
     function initHttpProxyRuleEditorModal(rulepayload){
         let subd = JSON.parse(JSON.stringify(rulepayload));
-
+    
         //Populate all the information in the proxy editor
         populateAndBindEventsToHTTPProxyEditor(subd);
 
@@ -1102,7 +1154,13 @@
         $("#httprpEditModal .rpconfig_content[rpcfg='downstream']").show();
         $("#httprpEditModal .hrpedit_menu_item.active").removeClass("active");
         $("#httprpEditModal .hrpedit_menu_item[cfgpage='downstream']").addClass("active");
-        $("#httprpEditModalWrapper").show();
+        $("body").css("overflow", "hidden");
+        // Fixing a bug in semantic ui that when an element fade in/out on top of checkbox
+        // the checkbox suddently flash on top of the fading element
+        $(".ui.toggle.tiny.fitted.checkbox").css("z-index", 0);
+        $("#httprpEditModalWrapper").fadeIn("fast", function(){
+            $(".ui.toggle.tiny.fitted.checkbox").css("z-index", "auto");
+        });
     }
 
     // This function populate the bind all the events required for the proxy editor
@@ -1195,9 +1253,14 @@
         });
 
         /* Headers */ 
-        editor.find(".editHeaderBtn").off("click").on("click", function(){
-            editCustomHeaders(uuid);
-        });
+        (() => {
+            let payload = encodeURIComponent(JSON.stringify({
+                ept: "host",
+                ep: uuid
+            }));
+            let frameURL = "snippet/customHeaders.html?t=" + Date.now() + "#" + payload;
+            editor.find(".rpconfig_content[rpcfg='headers'] .wrapper_frame").attr('src', frameURL);
+        })();
 
         /* ------------ Security ------------ */
     
@@ -1242,9 +1305,14 @@
         /* ------------ TLS ------------ */
 
         /* ------------ Tags ------------ */
-        editor.find(".editTagsBtn").off("click").on("click", function(){
-            editTags(uuid);
-        });
+        (()=>{
+            let payload = encodeURIComponent(JSON.stringify({
+                ept: "host",
+                ep: uuid
+            }));
+            let frameURL = "snippet/tagEditor.html?t=" + Date.now() + "#" + payload;
+            editor.find(".rpconfig_content[rpcfg='tags'] .wrapper_frame").attr('src', frameURL);
+        })();
 
         console.log(subd);
     }
@@ -1273,8 +1341,30 @@
         let cfgPageId = $(this).attr("cfgpage");
         $("#httprpEditModal .rpconfig_content").hide();
         $(`#httprpEditModal .rpconfig_content[rpcfg='${cfgPageId}']`).show();
+        hideEditorSideWrapper(); //Always close the side wrapper on tab change
     });
 
+    $("#httprpEditModal .editor_back_button").on("click", function(event) {
+        // Prevent click event from propagating to the modal background
+        event.stopPropagation();
+        hideEditorSideWrapper();
+    });
+
+    function showEditorSideWrapper(url){
+        $("#httprpEditModal .editor_side_wrapper .wrapper_frame").attr('src', url);
+        $("#httprpEditModal .editor_side_wrapper").fadeIn("fast");
+    }
+
+    function hideEditorSideWrapper(){
+        $("#httprpEditModal .editor_side_wrapper").fadeOut("fast");
+        $("#httprpEditModal .editor_side_wrapper .wrapper_frame").attr('src', "snippet/placeholder.html");
+    }
+
+
+    /*
+        Page Initialization Functions 
+    */
+
     // Initialize the proxy list on page load
     $(document).ready(function() {
         listProxyEndpoints();
diff --git a/src/web/index.html b/src/web/index.html
index fb8df92..ac3480a 100644
--- a/src/web/index.html
+++ b/src/web/index.html
@@ -334,6 +334,7 @@
             }
 
             function toggleTheme(){
+                let editorSideWrapper = $("#httprpEditModal .wrapper_frame");
                 if ($("body").hasClass("darkTheme")){
                     setDarkTheme(false);
                     //Check if the snippet iframe is opened. If yes, set the dark theme to the iframe
@@ -341,6 +342,10 @@
                         $(".sideWrapper iframe")[0].contentWindow.setDarkTheme(false);
                     }
 
+                    if (editorSideWrapper.is(":visible")){
+                        editorSideWrapper[0].contentWindow.setDarkTheme(false);
+                    }
+
                     if ($("#pluginContextLoader").is(":visible")){
                         $("#pluginContextLoader")[0].contentWindow.setDarkTheme(false);
                     }
@@ -350,6 +355,9 @@
                     if ($(".sideWrapper").is(":visible")){
                         $(".sideWrapper iframe")[0].contentWindow.setDarkTheme(true);
                     }
+                    if (editorSideWrapper.is(":visible")){
+                        editorSideWrapper[0].contentWindow.setDarkTheme(true);
+                    }
                     if ($("#pluginContextLoader").is(":visible")){
                         $("#pluginContextLoader")[0].contentWindow.setDarkTheme(true);
                     }
@@ -515,6 +523,12 @@
             }
 
             function hideSideWrapper(discardFrameContent = false){
+                if ($("#httprpEditModal").length && $("#httprpEditModal").is(":visible")) {
+                    //HTTP Proxy Rule editor side wrapper implementation
+                    $("#httprpEditModal .editor_side_wrapper").hide();
+                } 
+
+                //Original side wrapper implementation
                 if (discardFrameContent){
                     $(".sideWrapper iframe").attr("src", "snippet/placeholder.html");
                 }
diff --git a/src/web/snippet/customHeaders.html b/src/web/snippet/customHeaders.html
index e7fcd4b..4944da9 100644
--- a/src/web/snippet/customHeaders.html
+++ b/src/web/snippet/customHeaders.html
@@ -34,13 +34,6 @@
         <script src="../script/darktheme.js"></script>
         <br>
         <div class="ui container">
-            <div class="ui header">
-                <div class="content">
-                    Custom Headers
-                    <div class="sub header" id="epname"></div>
-                </div>
-            </div>
-            <div class="ui divider"></div>
             <div class="ui small pointing secondary menu">
                 <a class="item active narrowpadding" data-tab="customheaders">Custom Headers</a>
                 <a class="item narrowpadding" data-tab="security">Security Headers</a>
@@ -171,10 +164,6 @@
                 <br><br>
                 <button class="ui basic button" onclick="savePermissionPolicy();"><i class="green save icon"></i> Save</button>
             </div>
-           
-            <div class="field" >
-                <button class="ui basic button"  style="float: right;" onclick="closeThisWrapper();">Close</button>
-            </div>
         </div>
         
         <br><br><br><br>
@@ -189,7 +178,7 @@
                 let payloadHash = window.location.hash.substr(1);
                 try{
                     payloadHash = JSON.parse(decodeURIComponent(payloadHash));
-                    $("#epname").text(payloadHash.ep);
+                    //$("#epname").text(payloadHash.ep);
                     editingEndpoint = payloadHash;
                 }catch(ex){
                     console.log("Unable to load endpoint data from hash")
diff --git a/src/web/snippet/hostAccessEditor.html b/src/web/snippet/hostAccessEditor.html
index 474775e..329e848 100644
--- a/src/web/snippet/hostAccessEditor.html
+++ b/src/web/snippet/hostAccessEditor.html
@@ -67,8 +67,10 @@
         <div class="ui container">
             <div class="ui header">
                 <div class="content">
-                    Host Access Settings
-                    <div class="sub header" id="epname"></div>
+                    <div class="content">
+                        Host Access Settings
+                        <div class="sub header" id="epname"></div>
+                    </div>
                 </div>
             </div>
             <div class="ui divider"></div>
diff --git a/src/web/snippet/tagEditor.html b/src/web/snippet/tagEditor.html
index 853207d..d5801fb 100644
--- a/src/web/snippet/tagEditor.html
+++ b/src/web/snippet/tagEditor.html
@@ -21,13 +21,6 @@
         <script src="../script/darktheme.js"></script>
         <br>
         <div class="ui container">
-            <div class="ui header">
-                <div class="content">
-                    Edit Tags
-                    <div class="sub header" id="epname"></div>
-                </div>
-            </div>
-            <div class="ui divider"></div>
             <p>Tags currently applied to this host name / proxy rule</p>
             <div style="max-height: 300px; overflow-y: scroll;">
                 <table class="ui compact basic unstackable celled table">
@@ -68,9 +61,7 @@
                 </div>
                 <button class="ui basic button" onclick="joinSelectedTagGroups();"><i class="ui blue plus icon"></i> Join tag group(s)</button>
             </div>
-            <div class="ui divider"></div>
-            <!-- <button class="ui basic button" onclick="saveTags();"><i class="ui green save icon"></i> Save Changes</button> -->
-            <button class="ui basic button" style="float: right;" onclick="parent.hideSideWrapper();"><i class="remove icon"></i> Close</button>
+            <br><br>
         </div>
         <script>
             let editingEndpoint = {};

From 809e1fa8153046869609837da14b75b599c0463a Mon Sep 17 00:00:00 2001
From: Toby Chui <tobychui@users.noreply.github.com>
Date: Tue, 10 Jun 2025 22:04:04 +0800
Subject: [PATCH 7/7] Flattened HTTP proxy rule edit menu

---
 src/web/components/httprp.html        | 238 ++++++++++++++++----------
 src/web/index.html                    |  12 +-
 src/web/snippet/accessRuleEditor.html |   1 -
 src/web/snippet/aliasEditor.html      |   7 +-
 src/web/snippet/customHeaders.html    |   5 +
 src/web/snippet/hostAccessEditor.html |  44 +++--
 src/web/snippet/upstreams.html        |  11 --
 7 files changed, 194 insertions(+), 124 deletions(-)

diff --git a/src/web/components/httprp.html b/src/web/components/httprp.html
index 890d8cf..e7b4f4f 100644
--- a/src/web/components/httprp.html
+++ b/src/web/components/httprp.html
@@ -46,7 +46,7 @@
             left: 50%;
             transform: translate(-50%, -50%);
             width: 68vw;
-            height: 70vh;
+            height: 75vh;
             background-color: var(--theme_bg_primary);
             padding: 1.4em;
             border-radius: .6em;
@@ -204,12 +204,18 @@
                     <a class="item hrpedit_menu_item" cfgpage="vdirs">
                         <i class="angle folder icon"></i> Virtual Directory
                     </a>
+                    <a class="item hrpedit_menu_item" cfgpage="alias">
+                        <i class="at icon"></i> Alias
+                    </a>
                     <a class="item hrpedit_menu_item" cfgpage="ssl">
                         <i class="lock icon"></i> TLS / SSL
                     </a>
                     <a class="item hrpedit_menu_item" cfgpage="headers">
                         <i class="heading icon"></i> Headers
                     </a>
+                    <a class="item hrpedit_menu_item" cfgpage="accessrule">
+                        <i class="star icon"></i> Access Rules
+                    </a>
                     <a class="item hrpedit_menu_item" cfgpage="security">
                         <i class="key icon"></i> Security
                     </a>
@@ -238,9 +244,6 @@
                                     <label>Allow plain HTTP access<br>
                                         <small>Allow inbound connections without TLS/SSL</small></label>
                                 </div>
-                                <br>
-                                <button class="ui basic compact tiny button editAliasHostnameBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="blue at icon"></i> Alias Hostnames</button>
-                                <button class="ui basic compact tiny button editAccessRuleBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="ui filter icon"></i> Access Rule</button>
                             </div>
                         </div>
                     </div>
@@ -292,63 +295,80 @@
                             </button>
                         </div>
                     </div>
+                    <!-- Alias -->
+                    <div class="rpconfig_content" rpcfg="alias">
+                        <iframe src="" class="wrapper_frame">
+
+                        </iframe>
+                    </div>
+                    <!-- TLS / SSL -->
+                    <div class="rpconfig_content" rpcfg="ssl">
+                        <div class="ui segment">
+                            <p>Work In Progress </p>
+                            <br>
+                            <button class="ui basic small button getCertificateBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="green lock icon"></i> Get Certificate</button>
+                        </div>
+                    </div>
                     <!-- Custom Headers -->
                     <div class="rpconfig_content" rpcfg="headers">
                         <iframe src="" class="wrapper_frame">
 
                         </iframe>
                     </div>
+                    <!-- Access Rule -->
+                    <div class="rpconfig_content" rpcfg="accessrule">
+                        <iframe src="" class="wrapper_frame">
+
+                        </iframe>
+                    </div>
                     <!-- Security -->
                     <div class="rpconfig_content" rpcfg="security">
-                        <div class="grouped fields authProviderPicker">
-                            <!-- Auth Providers -->
-                            <label><b>Authentication Provider</b></label>
-                            <div class="field">
-                                <div class="ui radio checkbox">
-                                    <input type="radio" value="0" name="authProviderType">
-                                    <label>None (Anyone can access)</label>
+                        <div class="ui segment">
+                            <div class="grouped fields authProviderPicker">
+                                <!-- Auth Providers -->
+                                <label><b>Authentication Provider</b></label>
+                                <div class="field">
+                                    <div class="ui radio checkbox">
+                                        <input type="radio" value="0" name="authProviderType">
+                                        <label>None (Anyone can access)</label>
+                                    </div>
+                                </div>
+                                <div class="field">
+                                    <div class="ui radio checkbox">
+                                        <input type="radio" value="1" name="authProviderType">
+                                        <label>Basic Auth</label>
+                                    </div>
+                                </div>
+                                <div class="field">
+                                    <div class="ui radio checkbox">
+                                        <input type="radio" value="2" name="authProviderType">
+                                        <label>Forward Auth</label>
+                                    </div>
+                                </div>
+                                <div class="field">
+                                    <div class="ui radio checkbox">
+                                        <input type="radio" value="3" name="authProviderType">
+                                        <label>OAuth2</label>
+                                    </div>
                                 </div>
                             </div>
-                            <div class="field">
-                                <div class="ui radio checkbox">
-                                    <input type="radio" value="1" name="authProviderType">
-                                    <label>Basic Auth</label>
-                                </div>
-                            </div>
-                            <div class="field">
-                                <div class="ui radio checkbox">
-                                    <input type="radio" value="2" name="authProviderType">
-                                    <label>Forward Auth</label>
-                                </div>
-                            </div>
-                            <div class="field">
-                                <div class="ui radio checkbox">
-                                    <input type="radio" value="3" name="authProviderType">
-                                    <label>OAuth2</label>
-                                </div>
+                            <br>
+                            <button class="ui basic compact tiny button editBasicAuthCredentialsBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="ui blue user circle icon"></i> Basic Auth Credentials</button>
+                            
+                            <div class="ui divider"></div>
+                            <!-- Rate Limits-->
+                            <div class="ui checkbox" style="margin-top: 0.4em;">
+                                <input type="checkbox" onchange="handleToggleRateLimitInput();" class="RequireRateLimit" ${rateLimitCheckState}>
+                                <label>Require Rate Limit<br>
+                                <small>Check this to enable rate limit on this inbound hostname</small></label>
+                            </div><br>
+                            <div class="ui small right labeled fluid input" style="margin-top: 0.4em;">
+                                <input type="number" class="RateLimit" value="0" min="1" >
+                                <label class="ui basic label">
+                                    req / sec / IP
+                                </label>
                             </div>
                         </div>
-                        <br>
-                        <button class="ui basic compact tiny button editBasicAuthCredentialsBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="ui blue user circle icon"></i> Basic Auth Credentials</button>
-                        
-                        <div class="ui divider"></div>
-                        <!-- Rate Limits-->
-                        <div class="ui checkbox" style="margin-top: 0.4em;">
-                            <input type="checkbox" onchange="handleToggleRateLimitInput();" class="RequireRateLimit" ${rateLimitCheckState}>
-                            <label>Require Rate Limit<br>
-                            <small>Check this to enable rate limit on this inbound hostname</small></label>
-                        </div><br>
-                        <div class="ui small right labeled fluid input" style="margin-top: 0.4em;">
-                            <input type="number" class="RateLimit" value="0" min="1" >
-                            <label class="ui basic label">
-                                req / sec / IP
-                            </label>
-                        </div>
-                    </div>
-                    <!-- TLS / SSL -->
-                    <div class="rpconfig_content" rpcfg="ssl">
-                        SSL
-                        <button class="ui basic small button getCertificateBtn" style="margin-left: 0.4em; margin-top: 0.4em;"><i class="green lock icon"></i> Get Certificate</button>
                     </div>
                     <!-- Tags -->
                     <div class="rpconfig_content" rpcfg="tags">
@@ -882,8 +902,7 @@
                 "ratenum" :rateLimit,
                 "tags": tags,
         });
-        alert("save function wip, see console.log");
-        return;
+
         $.cjax({
             url: "/api/proxy/edit",
             method: "POST",
@@ -940,21 +959,6 @@
         showEditorSideWrapper("snippet/basicAuthEditor.html?t=" + Date.now() + "#" + payload);
     }
 
-    function editAccessRule(uuid){
-        let payload = encodeURIComponent(JSON.stringify({
-            ept: "host",
-            ep: uuid
-        }));
-        showEditorSideWrapper("snippet/hostAccessEditor.html?t=" + Date.now() + "#" + payload);
-    }
-
-    function editAliasHostnames(uuid){
-        let payload = encodeURIComponent(JSON.stringify({
-            ept: "host",
-            ep: uuid
-        }));
-        showEditorSideWrapper("snippet/aliasEditor.html?t=" + Date.now() + "#" + payload);
-    }
 
     function quickEditVdir(uuid){
         openTabById("vdir");
@@ -1113,9 +1117,8 @@
 
 
     function getTagsArrayFromEndpoint(endpoint){
-        let targetProxyRuleEle = $(".subdEntry[eptuuid='" + endpoint + "'] td[data-label='tags']");
-        let tags = $(targetProxyRuleEle).attr("payload");
-        return JSON.parse(decodeURIComponent(tags));
+        let subd = getEditingHttpProxyCachedSubd();
+        return tags = subd.Tags || [];
     }
     
     /* Modal Events */
@@ -1138,10 +1141,18 @@
         if (hostname == ""){
             return null;
         }
-
         return decodeURIComponent(hostname);
     }
 
+    function getEditingHttpProxyCachedSubd(){
+        let hostname = getEditingHttpProxyHostname();
+        if (hostname == null){
+            return null;
+        }
+        let subd = httpProxyList.find(subd => subd.RootOrMatchingDomain === hostname);
+        return subd;
+    }
+
     //Initialize the http proxy rule editor
     function initHttpProxyRuleEditorModal(rulepayload){
         let subd = JSON.parse(JSON.stringify(rulepayload));
@@ -1200,7 +1211,7 @@
         });
         editor.find(".downstream_alias_hostname").html(aliasHTML);
         
-       
+        //TODO: Move this to SSL TLS section
         let enableQuickRequestButton = true;
         let domains = [subd.RootOrMatchingDomain]; //Domain for getting certificate if needed
         for (var i = 0; i < subd.MatchingDomainAlias.length; i++){
@@ -1229,13 +1240,6 @@
             editor.find(".getCertificateBtn").addClass("disabled");
         }
 
-        //Bind events for action buttons
-        editor.find(".editAliasHostnameBtn").off("click").on("click", function(){
-            editAliasHostnames(uuid);
-        });
-        editor.find(".editAccessRuleBtn").off("click").on("click", function(){
-            editAccessRule(uuid);
-        });
         editor.find(".getCertificateBtn").off("click").on("click", function(){
             requestCertificateForExistingHost(uuid, certificateDomains, this);
         });
@@ -1244,7 +1248,19 @@
         editor.find(".upstream_list").html(renderUpstreamList(subd));
         editor.find(".editUpstreamButton").off("click").on("click", function(){
             editUpstreams(uuid);
-        })
+        });
+
+        editor.find(".EnableUptimeMonitor").off("change");
+        editor.find(".EnableUptimeMonitor").prop("checked", !subd.DisableUptimeMonitor);
+        editor.find(".EnableUptimeMonitor").on("change", function() {
+            saveProxyInlineEdit(uuid);
+        });
+
+        editor.find(".UseStickySession").off("change");
+        editor.find(".UseStickySession").prop("checked", subd.UseStickySession);
+        editor.find(".UseStickySession").on("change", function() {
+            saveProxyInlineEdit(uuid);
+        });
 
         /* ------------ Vdirs ------------ */
         editor.find(".vdir_list").html(renderVirtualDirectoryList(subd));
@@ -1252,7 +1268,17 @@
             quickEditVdir(uuid);
         });
 
-        /* Headers */ 
+        /* ------------ Alias ------------ */ 
+        (() => {
+            let payload = encodeURIComponent(JSON.stringify({
+                ept: "host",
+                ep: uuid
+            }));
+            let frameURL = "snippet/aliasEditor.html?t=" + Date.now() + "#" + payload;
+            editor.find(".rpconfig_content[rpcfg='alias'] .wrapper_frame").attr('src', frameURL);
+        })();
+
+        /* ------------ Headers ------------ */ 
         (() => {
             let payload = encodeURIComponent(JSON.stringify({
                 ept: "host",
@@ -1262,6 +1288,16 @@
             editor.find(".rpconfig_content[rpcfg='headers'] .wrapper_frame").attr('src', frameURL);
         })();
 
+        /* ------------ Access Rule ------------ */
+        (()=>{
+            let payload = encodeURIComponent(JSON.stringify({
+                ept: "host",
+                ep: uuid
+            }));
+            let frameURL = "snippet/hostAccessEditor.html?t=" + Date.now() + "#" + payload;
+            editor.find(".rpconfig_content[rpcfg='accessrule'] .wrapper_frame").attr('src', frameURL);
+        })();
+
         /* ------------ Security ------------ */
     
         let authMethodContent = "";
@@ -1293,14 +1329,34 @@
             editor.find(".RateLimit").parent().addClass("disabled");
         }
 
+        function rateLimitChangeEvent(){
+            let rateLimitValue = $(this).val();
+            if (rateLimitValue < 0 || isNaN(rateLimitValue)) {
+                msgbox("Rate limit must be >= 0", false);
+                $(this).val(subd.RateLimit); // Reset to previous valid value
+                return;
+            }
+            saveProxyInlineEdit(uuid);
+        }
+
         editor.find(".RequireRateLimit").off("change").on("change", function() {
             if ($(this).is(":checked")) {
                 editor.find(".RateLimit").parent().removeClass("disabled");
             } else {
                 editor.find(".RateLimit").parent().addClass("disabled");
             }
+
+            if (subd.RateLimit === 0) {
+                subd.RateLimit = 100; // Set default rate limit to 100 if uninitialized
+                $(this).val(subd.RateLimit);
+                editor.find(".RateLimit").off("change"); // Temporarily disable the change event handler
+                editor.find(".RateLimit").val(100); // Set the value to 100
+                editor.find(".RateLimit").on("change", rateLimitChangeEvent); // Re-enable the change event handler
+            }
+            saveProxyInlineEdit(uuid);
         });
         editor.find(".RateLimit").attr("value", subd.RateLimit);
+        editor.find(".RateLimit").off("change").on("change", rateLimitChangeEvent);
 
         /* ------------ TLS ------------ */
 
@@ -1317,11 +1373,9 @@
         console.log(subd);
     }
 
-    function updateVdirInProxyEditor(){
-        // When page switch from Vdir and back to this page
-        // there is a chance where the user has modified the Vdir
-        // we need to get the latest setting from server side and 
-        // render it again
+    // Pull the latest proxy config from server side again and populate the editor
+    // with latest settings
+    function resyncProxyEditorConfig(){
         let currentEditingHostname = getEditingHttpProxyHostname();
         $.get("/api/proxy/list?type=host", function(data){
             data.sort((a,b) => (a.RootOrMatchingDomain > b.RootOrMatchingDomain) ? 1 : ((b.RootOrMatchingDomain > a.RootOrMatchingDomain) ? -1 : 0));
@@ -1341,13 +1395,14 @@
         let cfgPageId = $(this).attr("cfgpage");
         $("#httprpEditModal .rpconfig_content").hide();
         $(`#httprpEditModal .rpconfig_content[rpcfg='${cfgPageId}']`).show();
+        $("#httprpEditModal .wrapper_frame").contents().scrollTop(0);
         hideEditorSideWrapper(); //Always close the side wrapper on tab change
     });
 
     $("#httprpEditModal .editor_back_button").on("click", function(event) {
         // Prevent click event from propagating to the modal background
         event.stopPropagation();
-        hideEditorSideWrapper();
+        hideEditorSideWrapperViaBtn();
     });
 
     function showEditorSideWrapper(url){
@@ -1355,9 +1410,13 @@
         $("#httprpEditModal .editor_side_wrapper").fadeIn("fast");
     }
 
+    function hideEditorSideWrapperViaBtn(){
+        hideEditorSideWrapper();
+        resyncProxyEditorConfig();
+    }
+
     function hideEditorSideWrapper(){
         $("#httprpEditModal .editor_side_wrapper").fadeOut("fast");
-        $("#httprpEditModal .editor_side_wrapper .wrapper_frame").attr('src', "snippet/placeholder.html");
     }
 
 
@@ -1381,7 +1440,10 @@
     tabSwitchEventBind["httprp"] = function(){
         //Check if the proxy editor is opened
         if ($("#httprpEditModalWrapper").is(":visible")) {
-            //Update the information in the modal
+            // When page switch from Vdir and back to this page
+            // there is a chance where the user has modified the Vdir
+            // we need to get the latest setting from server side and 
+            // render it again
             updateVdirInProxyEditor();
         } else {
             listProxyEndpoints();
diff --git a/src/web/index.html b/src/web/index.html
index ac3480a..27cd438 100644
--- a/src/web/index.html
+++ b/src/web/index.html
@@ -342,9 +342,9 @@
                         $(".sideWrapper iframe")[0].contentWindow.setDarkTheme(false);
                     }
 
-                    if (editorSideWrapper.is(":visible")){
-                        editorSideWrapper[0].contentWindow.setDarkTheme(false);
-                    }
+                    $(editorSideWrapper).each(function(){
+                        $(this)[0].contentWindow.setDarkTheme(false);
+                    })
 
                     if ($("#pluginContextLoader").is(":visible")){
                         $("#pluginContextLoader")[0].contentWindow.setDarkTheme(false);
@@ -355,9 +355,9 @@
                     if ($(".sideWrapper").is(":visible")){
                         $(".sideWrapper iframe")[0].contentWindow.setDarkTheme(true);
                     }
-                    if (editorSideWrapper.is(":visible")){
-                        editorSideWrapper[0].contentWindow.setDarkTheme(true);
-                    }
+                    $(editorSideWrapper).each(function(){
+                        $(this)[0].contentWindow.setDarkTheme(true);
+                    })
                     if ($("#pluginContextLoader").is(":visible")){
                         $("#pluginContextLoader")[0].contentWindow.setDarkTheme(true);
                     }
diff --git a/src/web/snippet/accessRuleEditor.html b/src/web/snippet/accessRuleEditor.html
index aa92626..ae18548 100644
--- a/src/web/snippet/accessRuleEditor.html
+++ b/src/web/snippet/accessRuleEditor.html
@@ -264,7 +264,6 @@
         }
     }
 
-        
     document.getElementById('accessRuleSelector').addEventListener('change', handleSelectEditingAccessRule);
     document.getElementById('accessRuleForm').addEventListener('submit', handleCreateNewAccessRule);
 
diff --git a/src/web/snippet/aliasEditor.html b/src/web/snippet/aliasEditor.html
index 76a504e..ec8b092 100644
--- a/src/web/snippet/aliasEditor.html
+++ b/src/web/snippet/aliasEditor.html
@@ -14,13 +14,14 @@
         <script src="../script/darktheme.js"></script>
         <br>
         <div class="ui container">
+            <!-- 
             <div class="ui header">
                 <div class="content">
                     Alias Hostname
                     <div class="sub header epname"></div>
                 </div>
             </div>
-            <div class="ui divider"></div>
+            <div class="ui divider"></div>-->
             <div class="scrolling content ui form">
                 <div id="inlineEditBasicAuthCredentials" class="field">
                     <p>Enter alias hostname or wildcard matching keywords for <code class="epname"></code></p>
@@ -50,10 +51,6 @@
                     </div>
                 </div>
             </div>
-            <div class="ui divider"></div>
-            <div class="field" >
-                <button class="ui basic button"  style="float: right;" onclick="closeThisWrapper();">Close</button>
-            </div>
         </div>
             
         <br><br><br><br>
diff --git a/src/web/snippet/customHeaders.html b/src/web/snippet/customHeaders.html
index 4944da9..fe2af1e 100644
--- a/src/web/snippet/customHeaders.html
+++ b/src/web/snippet/customHeaders.html
@@ -27,6 +27,11 @@
             body.darkTheme #permissionPolicyEditor .experimental{
                 background-color: rgb(41, 41, 41);
             }
+
+            .advanceoptions{
+               background: var(--theme_advance) !important;
+               border-radius: 0.4em !important;
+            }
         </style>
     </head>
     <body>
diff --git a/src/web/snippet/hostAccessEditor.html b/src/web/snippet/hostAccessEditor.html
index 329e848..6413b30 100644
--- a/src/web/snippet/hostAccessEditor.html
+++ b/src/web/snippet/hostAccessEditor.html
@@ -35,7 +35,7 @@
 
             #accessRuleList{
                 padding: 0.6em;
-                border: 1px solid rgb(228, 228, 228);
+                /* border: 1px solid rgb(228, 228, 228); */
                 border-radius: 0.4em !important;
                 max-height: calc(100vh - 15em);
                 min-height: 300px;
@@ -65,15 +65,6 @@
         <script src="../script/darktheme.js"></script>
         <br>
         <div class="ui container">
-            <div class="ui header">
-                <div class="content">
-                    <div class="content">
-                        Host Access Settings
-                        <div class="sub header" id="epname"></div>
-                    </div>
-                </div>
-            </div>
-            <div class="ui divider"></div>
             <p>Select an access rule to apply blacklist / whitelist filtering</p>
             <div id="accessRuleList">
                 <div class="ui segment accessRule">
@@ -87,9 +78,7 @@
                 </div>
             </div>
             <br>
-            <button class="ui basic button" onclick="applyChangeAndClose()"><i class="ui green check icon"></i> Apply Change</button>
-            
-            <button class="ui basic button"  style="float: right;" onclick="parent.hideSideWrapper();"><i class="remove icon"></i> Close</button>
+            <!-- <button class="ui basic button" onclick="applyChange()"><i class="ui green check icon"></i> Apply Change</button> -->
             <br><br><br>
 
         </div>
@@ -176,6 +165,35 @@
                 let accessRuleID = $(accessRuleObject).attr("ruleid");
                 $(".accessRule").removeClass('active');
                 $(accessRuleObject).addClass('active');
+
+                //Updates 2025-06-10: Added auto save on change feature
+                applyChange();
+            }
+
+            
+            function applyChange(){
+                let newAccessRuleID = $(".accessRule.active").attr("ruleid");
+                let targetEndpoint = editingEndpoint.ep;
+                $.cjax({
+                    url: "/api/access/attach",
+                    method: "POST",
+                    data: {
+                        id: newAccessRuleID,
+                        host: targetEndpoint
+                    },
+                    success: function(data){
+                        if (data.error != undefined){
+                            parent.msgbox(data.error, false);
+                        }else{
+                            parent.msgbox("Access Rule Updated");
+
+                            //Modify the parent list if exists
+                            if (parent != undefined && parent.updateAccessRuleNameUnderHost){
+                                parent.updateAccessRuleNameUnderHost(targetEndpoint, newAccessRuleID);
+                            }
+                        }
+                    }
+                });
             }
 
             function applyChangeAndClose(){
diff --git a/src/web/snippet/upstreams.html b/src/web/snippet/upstreams.html
index 285d084..779d763 100644
--- a/src/web/snippet/upstreams.html
+++ b/src/web/snippet/upstreams.html
@@ -75,13 +75,6 @@
         <script src="../script/darktheme.js"></script>
         <br>
         <div class="ui container">
-            <div class="ui header">
-                <div class="content">
-                    Upstreams / Load Balance
-                    <div class="sub header epname"></div>
-                </div>
-            </div>
-            <div class="ui divider"></div>
             <div class="ui small pointing secondary menu">
                 <a class="item active narrowpadding" data-tab="upstreamlist">Upstreams</a>
                 <a class="item narrowpadding" data-tab="newupstream">Add Upstream</a>
@@ -159,10 +152,6 @@
                 <br><br>
                 <button class="ui basic button" onclick="addNewUpstream();"><i class="ui green circle add icon"></i> Create</button>
             </div>
-            <div class="ui divider"></div>
-            <div class="field" >
-                <button class="ui basic button"  style="float: right;" onclick="closeThisWrapper();">Close</button>
-            </div>
         </div>
         <br><br><br><br>