Coderabit

.devcontainer/devcontainer.json

@@ -37,7 +37,12 @@
         "jeff-hykin.better-dockerfile-syntax",
         "GitHub.codespaces",
         "ms-azuretools.vscode-containers",
-        "ms-python.vscode-python-envs"
+        "ms-python.vscode-python-envs",
+        "dbaeumer.vscode-eslint",
+        "esbenp.prettier-vscode",
+        "eamodio.gitlens",
+        "alexcvzz.vscode-sqlite",
+        "yzhang.markdown-all-in-one"
       ]
       ,
       "settings": {

.devcontainer/resources/devcontainer-overlay/services/config/nginx/netalertx.conf

@@ -10,7 +10,6 @@ server {
     index index.php;
 
     add_header X-Forwarded-Prefix "/netalertx" always;
-    proxy_set_header X-Forwarded-Prefix "/netalertx";
 
     location ~* \.php$ {
         add_header Cache-Control "no-store";

.devcontainer/resources/devcontainer-overlay/services/config/nginx/python/backend-extra-launch-parameters

@@ -1 +1 @@
--m debugpy --listen 0.0.0.0:5678 
+-m debugpy --listen 0.0.0.0:5678

.devcontainer/scripts/setup.sh

@@ -79,10 +79,9 @@ configure_source() {
     sudo mount -o uid=$(id -u netalertx),gid=$(id -g netalertx),mode=775 -t tmpfs -o size=256M tmpfs "${NETALERTX_API}"
     mkdir -p ${NETALERTX_PLUGINS_LOG}
     touch ${NETALERTX_PLUGINS_LOG}/.git-placeholder ${NETALERTX_API}/.git-placeholder
-    # mount tmpfs with root:root ownership and 755 permissions
+    # tmpfs mounts configured with netalertx ownership and 775 permissions above
+
     touch /app/log/nginx_error.log
-
-
     echo "  -> Empty log"|tee ${INSTALL_DIR}/log/app.log \
         ${INSTALL_DIR}/log/app_front.log \
         ${INSTALL_DIR}/log/stdout.log

.devcontainer/scripts/start-nginx.sh

@@ -1,4 +1,5 @@
+#!/bin/bash
 
-#create /services/nginx directory for nginx system files
 
-nginx -c "/services/nginx/nginx.conf" -g "daemon off;" 2>&1 >/app/log/app_front.log
+#Logging handled in nginx.conf
+nginx -c "/services/nginx/nginx.conf" -g "daemon off;" 2>&1 >/dev/null 

.gitignore

@@ -2,7 +2,7 @@
 .dotnet
 .vscode-server
 .gitconfig
-\.*CommandMarker
+.*CommandMarker
 deviceid
 .DS_Store
 .cache

.vscode/settings.json

@@ -11,6 +11,10 @@
     // Let the Python extension invoke pytest via the interpreter; avoid hardcoded paths
     // Removed python.testing.pytestPath and legacy pytest.command overrides
     
-    "terminal.integrated.defaultProfile.linux": "bash",
-    "terminal.integrated.profiles.linux": { "bash": { "path": "/bin/fish" } }
+    "terminal.integrated.defaultProfile.linux": null,
+    "terminal.integrated.profiles.linux": {
+      "ash": {
+        "path": "/bin/fish"
+      }
+    }
 }

front/plugins/avahi_scan/avahi_orig.py

@@ -4,7 +4,7 @@ import os
 import pathlib
 import sys
 import json
-import sqlite3
+
 import subprocess
 
 # Define the installation path and extend the system path for plugin imports
@@ -43,8 +43,18 @@ plugin_objects = Plugin_Objects(RESULT_FILE)
 def main():
     mylog('verbose', [f'[{pluginName}] In script']) 
 
-    # timeout = get_setting_value('AVAHI_RUN_TIMEOUT')
-    timeout = 20
+    # Retrieve timeout from settings (use AVAHISCAN_RUN_TIMEOUT), fall back to 20
+    try:
+        _timeout_val = get_setting_value('AVAHISCAN_RUN_TIMEOUT')
+        if _timeout_val is None or _timeout_val == '':
+            timeout = 20
+        else:
+            try:
+                timeout = int(_timeout_val)
+            except (ValueError, TypeError):
+                timeout = 20
+    except Exception:
+        timeout = 20
     
     # Create a database connection
     db = DB()  # instance of class DB
@@ -139,8 +149,11 @@ def execute_name_lookup(ip, timeout):
     except subprocess.CalledProcessError as e:
         mylog('none', [f'[{pluginName}] ⚠ ERROR - {e.output}'])                    
 
-    except subprocess.TimeoutExpired:
-        mylog('none', [f'[{pluginName}] TIMEOUT - the process forcefully terminated as timeout reached']) 
+    except subprocess.TimeoutExpired as e:
+        # Return a distinct value that main() checks for when a timeout occurs
+        # Keep logging for telemetry/debugging
+        mylog('none', [f'[{pluginName}] TIMEOUT - the process forcefully terminated as timeout reached{": " + str(getattr(e, "output", "")) if getattr(e, "output", None) else ""}'])
+        return 'to'
 
     if output == "":
         mylog('none', [f'[{pluginName}] Scan: FAIL - check logs']) 
@@ -163,8 +176,12 @@ def ensure_avahi_running(attempt=1, max_retries=2):
         mylog('none', [f'[{pluginName}] ⚠ ERROR - Failed to check rc-status: {e.output}'])
         return
 
-    # Create OpenRC soft level
-    subprocess.run(['touch', '/run/openrc/softlevel'], check=True)
+    # Create OpenRC soft level (wrap in try/except to keep error handling consistent)
+    try:
+        subprocess.run(['touch', '/run/openrc/softlevel'], check=True, capture_output=True, text=True)
+    except subprocess.CalledProcessError as e:
+        mylog('none', [f'[{pluginName}] ⚠ ERROR - Failed to create OpenRC soft level: {e.stderr if e.stderr else str(e)}'])
+        return
 
     # Add Avahi daemon to runlevel
     try:

front/plugins/avahi_scan/avahi_scan.py

@@ -4,7 +4,6 @@ import os
 import pathlib
 import sys
 import json
-import time
 import dns.resolver
 
 # Define the installation path and extend the system path for plugin imports
@@ -52,8 +51,8 @@ def resolve_ips_with_zeroconf(ips, timeout):
             # Construct the reverse IP for PTR query (e.g., 8.1.168.192.in-addr.arpa.)
             reverse_ip = '.'.join(reversed(ip.split('.'))) + '.in-addr.arpa.'
             
-            # Query PTR record with timeout
-            answers = dns.resolver.resolve(reverse_ip, 'PTR', lifetime=max(1, min(timeout, 5)))
+            # Query PTR record with timeout; respect the passed timeout per query
+            answers = dns.resolver.resolve(reverse_ip, 'PTR', lifetime=max(1, timeout))
             
             if answers:
                 # For PTR records, the hostname is in the target field

front/plugins/dhcp_servers/script.py

@@ -41,7 +41,7 @@ def main():
     plugin_objects = Plugin_Objects(RESULT_FILE)
     timeoutSec = get_setting_value('DHCPSRVS_RUN_TIMEOUT')
 
-    nmapArgs = ['sudo', 'nmap', '--privileged' '--script', 'broadcast-dhcp-discover']
+    nmapArgs = ['sudo', 'nmap', '--privileged', '--script', 'broadcast-dhcp-discover']
 
     try:
         dhcp_probes = 1

install/production-filesystem/README.md

@@ -3,18 +3,18 @@ This is the default filesystem for NetAlertX. it contains
 
 - `/app` - The main application location.  This structure is where the source code (back, front and server directories) is copied and executed in read-only form. It also provides default structures for the working directories, such as: config, db, and log. All other directories are not required in the production image and are not tracked.
 - `/build` - a place where services can be initialized during docker container build. This folder is copied in, executed near the end of the build before the system is locked down, and then deleted.  It is only available during build time.
-- `/opt/venv/lib/pthon3.12/site-acakges/aiofreebox` - this holds a certificate used by aiofreebox package, which interacts with freebox OS.
+- `/opt/venv/lib/python3.12/site-packages/aiofreebox` - this holds a certificate used by aiofreebox package, which interacts with freebox OS.
 - `/services` - a directory where all scripts which control system executions are held
     - `/services/config` - a directory which holds all configuration files and `conf.d` folders used in the production image.
         - `/services/config/cond` - `crond` daemon config.
         - `/services/config/nginx` - `nginx` conf files.
         - `/services/config/php` - php conf file.
-            `/services/config/php/php-fmp.d` - a `.d` style directory, debugger parameters or other configurations can be dropped in here.
+            - `/services/config/php/php-fpm.d` - a `.d` style directory, debugger parameters or other configurations can be dropped in here.
         - `/services/config/python-backend-extra-launch-parameters` - the contents of this file are added to launch params. It can be used to add debugging capabilities.
-    - `/services/capcheck.sh` - This is run at startup to warn the user if the container does not hold requried permissions to operate certain raw-packet tools.
+    - `/services/capcheck.sh` - This is run at startup to warn the user if the container does not hold required permissions to operate certain raw-packet tools.
     - `/services/healthcheck.sh` - The system healthcheck. This script tests the services and reports if something fails.
     - `/services/start-backend.sh` - The launcher for python services. This is called at startup by `entrypoint.sh`.
     - `/services/start-crond.sh` - The launcher for crond task scheduler. This is called at startup by `entrypoint.sh`.
     - `/services/start-nginx.sh` - The launcher for nginx frontend/website services. This is called at startup by `entrypoint.sh`.
     - `/services/start-php-fpm.sh` - The launcher for php-fpm, used to interpret php for the frontend website. This is called at startup by `entrypoint.sh`.
-- `/entrypoint.sh` - Called at system startup to launch all services and servers requried by NetAlertX.
+- `/entrypoint.sh` - Called at system startup to launch all services and servers required by NetAlertX.

install/production-filesystem/services/config/nginx/netalertx.conf

@@ -13,7 +13,6 @@ server {
     root /app/front;
     index index.php;
     add_header X-Forwarded-Prefix "/app" always;
-    proxy_set_header X-Forwarded-Prefix "/app";
 
     # # Authentication endpoint
     # location = /auth {

install/production-filesystem/services/config/nginx/nginx.conf

@@ -49,7 +49,7 @@ http {
 
 	# Enables the specified protocols. Default is TLSv1 TLSv1.1 TLSv1.2.
 	# TIP: If you're not obligated to support ancient clients, remove TLSv1.1.
-	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+	ssl_protocols TLSv1.2 TLSv1.3;
 
 	# Path of the file with Diffie-Hellman parameters for EDH ciphers.
 	# TIP: Generate with: `openssl dhparam -out /etc/ssl/nginx/dh2048.pem 2048`