fix: use real agent ID in challenge pages (first 8 chars for security)

Previously challenge pages showed random placeholder like "DEF-CJW5" instead of
the real agent ID. This was confusing and inconsistent with D-Agent-ID headers.

Changes:
- Added agentID field to ChallengeManager struct
- Added SetAgentID() method to set real agent ID from config
- Added GetAgentID() method to return first 8 chars (security)
- Updated all ChallengeTemplateData to use cm.GetAgentID()
- Added SetAgentID(agentID) call in main.go after config initialization
- Updated getShortAgentID() as fallback for tests

Security consideration:
- Only first 8 characters of agent ID are displayed (matches D-Agent-ID format)
- Full agent ID is never exposed in challenge pages
- Consistent with HTTP header format: GEO+First8Chars

Example:
- Real agent ID: "agent-a1b2c3d4-e5f6-7890-abcd-ef1234567890"
- Challenge page shows: "a1b2c3d4"
- HTTP header shows: "US+a1b2c3d4"

Logs: [ChallengeManager] Agent ID set for challenge pages: a1b2c3d4

Author: Rxflex

firewall/challenges.go

@@ -38,6 +38,7 @@ type ChallengeManager struct {
 	captchaCache map[string]*CaptchaData
 	stopChan     chan struct{}
 	template     *template.Template
+	agentID      string // Real agent ID from config (first 8 chars used for display)
 }
 
 type CaptchaData struct {
@@ -165,7 +166,7 @@ func (cm *ChallengeManager) IssueCookieChallenge(w http.ResponseWriter, r *http.
 		ShowLoader: true,
 		RayID:      rayID,
 		ClientIP:   clientIP,
-		AgentID:    getShortAgentID(),
+		AgentID:    cm.GetAgentID(),
 		JSCode:     template.JS(redirectScript),
 	}
 
@@ -1520,3 +1521,32 @@ func (cm *ChallengeManager) CreateSessionCookie(sessionID string, secure bool) *
 		MaxAge:   86400, // 24 hours
 	}
 }
+
+// SetAgentID sets the real agent ID for display in challenge pages
+// This should be called once during initialization with the actual agent ID from config
+func (cm *ChallengeManager) SetAgentID(agentID string) {
+	cm.mu.Lock()
+	defer cm.mu.Unlock()
+
+	// Store only first 8 characters for security (matches D-Agent-ID format: GEO+ID)
+	if len(agentID) > 8 {
+		cm.agentID = agentID[:8]
+	} else {
+		cm.agentID = agentID
+	}
+
+	log.Printf("[ChallengeManager] Agent ID set for challenge pages: %s", cm.agentID)
+}
+
+// GetAgentID returns the stored agent ID (first 8 chars) for challenge pages
+func (cm *ChallengeManager) GetAgentID() string {
+	cm.mu.RLock()
+	defer cm.mu.RUnlock()
+
+	if cm.agentID != "" {
+		return cm.agentID
+	}
+
+	// Fallback to old behavior if not set
+	return getShortAgentID()
+}

main.go

@@ -53,6 +53,10 @@ func main() {
 
 	configMgr := config.NewConfigManager(coreURL, agentID, agentKey)
 
+	// Set agent ID for challenge pages (used in D-Agent-ID header format: GEO+ID[:8])
+	challengeMgr := firewall.GetChallengeManager()
+	challengeMgr.SetAgentID(agentID)
+
 	// Set up connection limit updater callback
 	configMgr.SetConnectionLimitUpdater(func(maxConnPerIP int) {
 		connLimiter := firewall.GetConnectionLimiter()