diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 8ac7cfff..a7640f26 100755 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -137,7 +137,7 @@ ENV LANG=C.UTF-8 RUN apk add --no-cache bash mtr libbsd zip lsblk tzdata curl arp-scan iproute2 iproute2-ss nmap fping \ nmap-scripts traceroute nbtscan net-tools net-snmp-tools bind-tools awake ca-certificates \ sqlite php83 php83-fpm php83-cgi php83-curl php83-sqlite3 php83-session python3 envsubst \ - nginx supercronic shadow su-exec && \ + nginx supercronic shadow su-exec jq && \ rm -Rf /var/cache/apk/* && \ rm -Rf /etc/nginx && \ addgroup -g ${NETALERTX_GID} ${NETALERTX_GROUP} && \ diff --git a/.devcontainer/scripts/generate-configs.sh b/.devcontainer/scripts/generate-configs.sh index 745f9633..987137ed 100755 --- a/.devcontainer/scripts/generate-configs.sh +++ b/.devcontainer/scripts/generate-configs.sh @@ -31,4 +31,17 @@ cat "${DEVCONTAINER_DIR}/resources/devcontainer-Dockerfile" echo "Generated $OUT_FILE using root dir $ROOT_DIR" +# Passive Gemini MCP config +TOKEN=$(grep '^API_TOKEN=' /data/config/app.conf 2>/dev/null | cut -d"'" -f2) +if [ -n "${TOKEN}" ]; then + mkdir -p "${ROOT_DIR}/.gemini" + [ -f "${ROOT_DIR}/.gemini/settings.json" ] || echo "{}" > "${ROOT_DIR}/.gemini/settings.json" + jq --arg t "$TOKEN" '.mcpServers["netalertx-devcontainer"] = {url: "http://127.0.0.1:20212/mcp/sse", headers: {Authorization: ("Bearer " + $t)}}' "${ROOT_DIR}/.gemini/settings.json" > "${ROOT_DIR}/.gemini/settings.json.tmp" && mv "${ROOT_DIR}/.gemini/settings.json.tmp" "${ROOT_DIR}/.gemini/settings.json" + + # VS Code MCP config + mkdir -p "${ROOT_DIR}/.vscode" + [ -f "${ROOT_DIR}/.vscode/mcp.json" ] || echo "{}" > "${ROOT_DIR}/.vscode/mcp.json" + jq --arg t "$TOKEN" '.servers["netalertx-devcontainer"] = {type: "sse", url: "http://127.0.0.1:20212/mcp/sse", headers: {Authorization: ("Bearer " + $t)}}' "${ROOT_DIR}/.vscode/mcp.json" > "${ROOT_DIR}/.vscode/mcp.json.tmp" && mv "${ROOT_DIR}/.vscode/mcp.json.tmp" "${ROOT_DIR}/.vscode/mcp.json" +fi + echo "Done." \ No newline at end of file diff --git a/.devcontainer/scripts/run-tests.sh b/.devcontainer/scripts/run-tests.sh deleted file mode 100755 index 80eaf013..00000000 --- a/.devcontainer/scripts/run-tests.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -# shellcheck shell=sh -# Simple helper to run pytest inside the devcontainer with correct paths -set -eu - -# Ensure we run from the workspace root -cd /workspaces/NetAlertX - -# Make sure PYTHONPATH includes server and workspace -export PYTHONPATH="/workspaces/NetAlertX:/workspaces/NetAlertX/server:/app:/app/server:${PYTHONPATH:-}" - -# Default to running the full test suite under /workspaces/NetAlertX/test -pytest -q --maxfail=1 --disable-warnings test "$@" diff --git a/.devcontainer/scripts/setup.sh b/.devcontainer/scripts/setup.sh index f766bd0e..2a9df319 100755 --- a/.devcontainer/scripts/setup.sh +++ b/.devcontainer/scripts/setup.sh @@ -32,7 +32,6 @@ LOG_FILES=( LOG_DB_IS_LOCKED LOG_NGINX_ERROR ) - sudo chmod 666 /var/run/docker.sock 2>/dev/null || true sudo chown "$(id -u)":"$(id -g)" /workspaces sudo chmod 755 /workspaces @@ -55,6 +54,9 @@ sudo install -d -m 777 /tmp/log/plugins sudo rm -rf /entrypoint.d sudo ln -s "${SOURCE_DIR}/install/production-filesystem/entrypoint.d" /entrypoint.d +sudo rm -rf /services +sudo ln -s "${SOURCE_DIR}/install/production-filesystem/services" /services + sudo rm -rf "${NETALERTX_APP}" sudo ln -s "${SOURCE_DIR}/" "${NETALERTX_APP}" @@ -88,8 +90,6 @@ sudo chmod 777 "${LOG_DB_IS_LOCKED}" sudo pkill -f python3 2>/dev/null || true -sudo chmod -R 777 "${PY_SITE_PACKAGES}" "${NETALERTX_DATA}" 2>/dev/null || true - sudo chown -R "${NETALERTX_USER}:${NETALERTX_GROUP}" "${NETALERTX_APP}" date +%s | sudo tee "${NETALERTX_FRONT}/buildtimestamp.txt" >/dev/null diff --git a/.gemini/GEMINI.md b/.gemini/GEMINI.md deleted file mode 100644 index c55c6c3f..00000000 --- a/.gemini/GEMINI.md +++ /dev/null @@ -1,59 +0,0 @@ -# Gemini-CLI Agent Instructions for NetAlertX - -## 1. Environment & Devcontainer - -When starting a session, always identify the active development container. - -### Finding the Container -Run `docker ps` to list running containers. Look for an image name containing `vsc-netalertx` or similar. - -```bash -docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Status}}\t{{.Names}}" | grep netalertx -``` - -- **If no container is found:** Inform the user. You cannot run integration tests or backend logic without it. -- **If multiple containers are found:** Ask the user to clarify which one to use (e.g., provide the Container ID). - -### Running Commands in the Container -Prefix commands with `docker exec ` to run them inside the environment. Use the scripts in `/services/` to control backend and other processes. -```bash -docker exec bash /workspaces/NetAlertX/.devcontainer/scripts/setup.sh -``` -*Note: This script wipes `/tmp` ramdisks, resets DBs, and restarts services (python server, cron,php-fpm, nginx).* - -## 2. Codebase Structure & Key Paths - -- **Source Code:** `/workspaces/NetAlertX` (mapped to `/app` in container via symlink). -- **Backend Entry:** `server/api_server/api_server_start.py` (Flask) and `server/__main__.py`. -- **Frontend:** `front/` (PHP/JS). -- **Plugins:** `front/plugins/`. -- **Config:** `/data/config/app.conf` (runtime) or `back/app.conf` (default). -- **Database:** `/data/db/app.db` (SQLite). - -## 3. Testing Workflow - -**Crucial:** Tests MUST be run inside the container to access the correct runtime environment (DB, Config, Dependencies). - -### Running Tests -Use `pytest` with the correct PYTHONPATH. - -```bash -docker exec bash -c "cd /workspaces/NetAlertX && pytest " -``` - -*Example:* -```bash -docker exec bash -c "cd /workspaces/NetAlertX && pytest test/api_endpoints/test_mcp_extended_endpoints.py" -``` - -### Authentication in Tests -The test environment uses `API_TOKEN`. The most reliable way to retrieve the current token from a running container is: -```bash -docker exec python3 -c "from helper import get_setting_value; print(get_setting_value('API_TOKEN'))" -``` - -*Troubleshooting:* If tests fail with 403 Forbidden or empty tokens: -1. Verify server is running and use the aforementioned setup.sh if required. -2. Verify `app.conf` inside the container: `docker exec cat /data/config/app.conf` -23 Verify Python can read it: `docker exec python3 -c "from helper import get_setting_value; print(get_setting_value('API_TOKEN'))"` - diff --git a/.gemini/skills/devcontainer-management/SKILL.md b/.gemini/skills/devcontainer-management/SKILL.md new file mode 100644 index 00000000..5c3f54fb --- /dev/null +++ b/.gemini/skills/devcontainer-management/SKILL.md @@ -0,0 +1,31 @@ +--- +name: devcontainer-management +description: Guide for identifying, managing, and running commands within the NetAlertX development container. Use this when asked to run commands, testing, setup scripts, or troubleshoot container issues. +--- + +# Devcontainer Management + +When starting a session or performing tasks requiring the runtime environment, you must identify and use the active development container. + +## Finding the Container + +Run `docker ps` to list running containers. Look for an image name containing `vsc-netalertx` or similar. + +```bash +docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Status}}\t{{.Names}}" | grep netalertx +``` + +- **If no container is found:** Inform the user. You cannot run integration tests or backend logic without it. +- **If multiple containers are found:** Ask the user to clarify which one to use (e.g., provide the Container ID). + +## Running Commands in the Container + +Prefix commands with `docker exec ` to run them inside the environment. Use the scripts in `/services/` to control backend and other processes. + +```bash +docker exec bash /workspaces/NetAlertX/.devcontainer/scripts/setup.sh +``` + +*Note: This script wipes `/tmp` ramdisks, resets DBs, and restarts services (python server, cron,php-fpm, nginx).* + +``` diff --git a/.gemini/skills/mcp-activation/SKILL.md b/.gemini/skills/mcp-activation/SKILL.md new file mode 100644 index 00000000..6938a7b9 --- /dev/null +++ b/.gemini/skills/mcp-activation/SKILL.md @@ -0,0 +1,52 @@ +--- +name: mcp-activation +description: Enables live interaction with the NetAlertX runtime. This skill configures the Model Context Protocol (MCP) connection, granting full API access for debugging, troubleshooting, and real-time operations including database queries, network scans, and device management. +--- + +# MCP Activation Skill + +This skill configures the NetAlertX development environment to expose the Model Context Protocol (MCP) server to AI agents. + +## Why use this? + +By default, agents only have access to the static codebase (files). To perform dynamic actions—such as: +- **Querying the database** (e.g., getting device lists, events) +- **Triggering actions** (e.g., network scans, Wake-on-LAN) +- **Validating runtime state** (e.g., checking if a fix actually works) + +...you need access to the **MCP Server** running inside the container. This skill sets up the necessary authentication tokens and connection configs to bridge your agent to that live server. + +## Prerequisites + +1. **Devcontainer:** You must be connected to the NetAlertX devcontainer. +2. **Server Running:** The backend server must be running (to generate `app.conf` with the API token). + +## Activation Steps + +1. **Activate Devcontainer Skill:** + If you are not already inside the container, activate the management skill: + ```text + activate_skill("devcontainer-management") + ``` + +2. **Generate Configurations:** + Run the configuration generation script *inside* the container. This script extracts the API Token and creates the necessary settings files (`.gemini/settings.json` and `.vscode/mcp.json`). + + ```bash + # Run inside the container + /workspaces/NetAlertX/.devcontainer/scripts/generate-configs.sh + ``` + +3. **Apply Changes:** + + * **For Gemini CLI:** + The agent session must be **restarted** to load the new `.gemini/settings.json`. + > "I have generated the MCP configuration. Please **restart this session** to activate the `netalertx-devcontainer` tools." + + * **For VS Code (GitHub Copilot / Cline):** + The VS Code window must be **reloaded** to pick up the new `.vscode/mcp.json`. + > "I have generated the MCP configuration. Please run **'Developer: Reload Window'** in VS Code to activate the MCP server." + +## Verification + +After restarting, you should see new tools available (e.g., `netalertx-devcontainer__get_devices`). diff --git a/.gemini/skills/project-navigation/SKILL.md b/.gemini/skills/project-navigation/SKILL.md new file mode 100644 index 00000000..24ef258a --- /dev/null +++ b/.gemini/skills/project-navigation/SKILL.md @@ -0,0 +1,15 @@ +--- +name: project-navigation +description: Reference for the NetAlertX codebase structure, key file paths, and configuration locations. Use this when exploring the codebase or looking for specific components like the backend entry point, frontend files, or database location. +--- + +# Project Navigation & Structure + +## Codebase Structure & Key Paths + +- **Source Code:** `/workspaces/NetAlertX` (mapped to `/app` in container via symlink). +- **Backend Entry:** `server/api_server/api_server_start.py` (Flask) and `server/__main__.py`. +- **Frontend:** `front/` (PHP/JS). +- **Plugins:** `front/plugins/`. +- **Config:** `/data/config/app.conf` (runtime) or `back/app.conf` (default). +- **Database:** `/data/db/app.db` (SQLite). diff --git a/.gemini/skills/testing-workflow/SKILL.md b/.gemini/skills/testing-workflow/SKILL.md new file mode 100644 index 00000000..debf7983 --- /dev/null +++ b/.gemini/skills/testing-workflow/SKILL.md @@ -0,0 +1,78 @@ +--- +name: testing-workflow +description: Read before running tests. Detailed instructions for single, standard unit tests (fast), full suites (slow), handling authentication, and obtaining the API Token. Tests must be run when a job is complete. +--- + +# Testing Workflow +After code is developed, tests must be run to ensure the integrity of the final result. + +**Crucial:** Tests MUST be run inside the container to access the correct runtime environment (DB, Config, Dependencies). + +## 0. Pre-requisites: Environment Check + +Before running any tests, verify you are inside the development container: + +```bash +ls -d /workspaces/NetAlertX +``` + +**IF** this directory does not exist, you are likely on the host machine. You **MUST** immediately activate the `devcontainer-management` skill to enter the container or run commands inside it. + +```text +activate_skill("devcontainer-management") +``` + +## 1. Full Test Suite (MANDATORY DEFAULT) + +Unless the user **explicitly** requests "fast" or "quick" tests, you **MUST** run the full test suite. **Do not** optimize for time. Comprehensive coverage is the priority over speed. + +```bash +cd /workspaces/NetAlertX; pytest test/ +``` + +## 2. Fast Unit Tests (Conditional) + +**ONLY** use this if the user explicitly asks for "fast tests", "quick tests", or "unit tests only". This **excludes** slow tests marked with `docker` or `feature_complete`. + +```bash +cd /workspaces/NetAlertX; pytest test/ -m 'not docker and not feature_complete' +``` + +## 3. Running Specific Tests + +To run a specific file or folder: + +```bash +cd /workspaces/NetAlertX; pytest test/ +``` + +*Example:* +```bash +cd /workspaces/NetAlertX; pytest test/api_endpoints/test_mcp_extended_endpoints.py +``` + +## Authentication & Environment Reset + +Authentication tokens are required to perform certain operations such as manual testing or crafting expressions to work with the web APIs. After making code changes, you MUST reset the environment to ensure the new code is running and verify you have the latest `API_TOKEN`. + +1. **Reset Environment:** Run the setup script inside the container. + ```bash + bash /workspaces/NetAlertX/.devcontainer/scripts/setup.sh + ``` +2. **Wait for Stabilization:** Wait at least 5 seconds for services (nginx, python server, etc.) to start. + ```bash + sleep 5 + ``` +3. **Obtain Token:** Retrieve the current token from the container. + ```bash + python3 -c "from helper import get_setting_value; print(get_setting_value('API_TOKEN'))" + ``` + +The retrieved token MUST be used in all subsequent API or test calls requiring authentication. + +### Troubleshooting + +If tests fail with 403 Forbidden or empty tokens: +1. Verify server is running and use the setup script (`/workspaces/NetAlertX/.devcontainer/scripts/setup.sh`) if required. +2. Verify `app.conf` inside the container: `cat /data/config/app.conf` +3. Verify Python can read it: `python3 -c "from helper import get_setting_value; print(get_setting_value('API_TOKEN'))"` \ No newline at end of file diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 61f29310..8fc779fd 100755 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,3 +1,2 @@ github: jokob-sk -patreon: netalertx buy_me_a_coffee: jokobsk diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 00000000..c315bc81 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,8 @@ +blank_issues_enabled: false +contact_links: + - name: 💬 Discussions + url: https://github.com/netalertx/NetAlertX/discussions + about: Ask questions or start discussions here. + - name: 🗯 Discord + url: https://discord.com/invite/NczTUTWyRr + about: Ask the community for help. \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/documentation-feedback.yml b/.github/ISSUE_TEMPLATE/documentation-feedback.yml index fac8b58a..a53939b9 100755 --- a/.github/ISSUE_TEMPLATE/documentation-feedback.yml +++ b/.github/ISSUE_TEMPLATE/documentation-feedback.yml @@ -1,7 +1,11 @@ -name: Documentation Feedback 📝 +name: ✍ Documentation Feedback description: Suggest improvements, clarify inconsistencies, or report issues related to the documentation. labels: ['documentation 📚'] body: +- type: markdown + attributes: + value: | + - type: checkboxes attributes: label: Is there an existing issue for this? diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature-request.yml old mode 100755 new mode 100644 similarity index 95% rename from .github/ISSUE_TEMPLATE/feature_request.yml rename to .github/ISSUE_TEMPLATE/feature-request.yml index 8ee485c3..078026ce --- a/.github/ISSUE_TEMPLATE/feature_request.yml +++ b/.github/ISSUE_TEMPLATE/feature-request.yml @@ -1,7 +1,11 @@ -name: Feature Request +name: 🎁 Feature Request description: 'Suggest an idea for NetAlertX' labels: ['Feature request ➕'] body: +- type: markdown + attributes: + value: | + - type: checkboxes attributes: label: Is there an existing issue for this? diff --git a/.github/ISSUE_TEMPLATE/i-have-an-issue.yml b/.github/ISSUE_TEMPLATE/i-have-an-issue.yml index 63bbe77d..66312cce 100755 --- a/.github/ISSUE_TEMPLATE/i-have-an-issue.yml +++ b/.github/ISSUE_TEMPLATE/i-have-an-issue.yml @@ -1,7 +1,11 @@ -name: Bug Report +name: 🐛 Bug Report description: 'When submitting an issue enable LOG_LEVEL="trace" and have a look at the docs.' labels: ['bug 🐛'] body: +- type: markdown + attributes: + value: | + - type: dropdown id: installation_type attributes: diff --git a/.github/ISSUE_TEMPLATE/security-report.yml b/.github/ISSUE_TEMPLATE/security-report.yml index 6653dd92..ae0cf915 100755 --- a/.github/ISSUE_TEMPLATE/security-report.yml +++ b/.github/ISSUE_TEMPLATE/security-report.yml @@ -1,13 +1,17 @@ -name: Security Report 🔐 +name: 🔐 Security Report description: Report a security vulnerability or concern privately. labels: ['security 🔐'] body: +- type: markdown + attributes: + value: | + - type: markdown attributes: value: | **Important:** For security reasons, please do **not** post sensitive security issues publicly in the issue tracker. Instead, send details to our security contact email: [jokob@duck.com](mailto:jokob@duck.com). - + We appreciate your responsible disclosure. - type: textarea attributes: diff --git a/.github/ISSUE_TEMPLATE/setup-help.yml b/.github/ISSUE_TEMPLATE/setup-help.yml index 44ac630e..7b1a9bf7 100755 --- a/.github/ISSUE_TEMPLATE/setup-help.yml +++ b/.github/ISSUE_TEMPLATE/setup-help.yml @@ -1,7 +1,11 @@ -name: Setup help +name: 📥 Setup help description: 'When submitting an issue enable LOG_LEVEL="trace" and re-search first.' labels: ['Setup 📥'] body: +- type: markdown + attributes: + value: | + - type: dropdown id: installation_type attributes: diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md old mode 100755 new mode 100644 index 04a75ad6..187da1a8 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -1,89 +1,49 @@ ### ROLE: NETALERTX ARCHITECT & STRICT CODE AUDITOR -You are a cynical Security Engineer and Core Maintainer of NetAlertX. Your goal is not just to "help," but to "deliver verified, secure, and production-ready solutions." +You are a cynical Security Engineer and Core Maintainer of NetAlertX. Your goal is to deliver verified, secure, and production-ready solutions. -### MANDATORY BEHAVIORAL OVERRIDES: -1. **Obsessive Verification:** Never provide a solution without a corresponding proof of correctness. If you write a function, you MUST write a test case or validation step immediately after. -2. **Anti-Laziness Protocol:** You are forbidden from using placeholders (e.g., `// ... rest of code`, ``). You must output the full, functional block every time to ensure context is preserved. -3. **Priority Hierarchy:** Priority 1 is Correctness. Priority 2 is Completeness. Priority 3 is Speed. -4. **Mantra:** "Job's not done 'till unit tests run." +### MANDATORY BEHAVIORAL OVERRIDES +1. **Obsessive Verification:** Never provide a solution without proof of correctness. Write test cases or validation immediately after writing functions. +2. **Anti-Laziness Protocol:** No placeholders. Output full, functional blocks every time. +3. **Priority Hierarchy:** Correctness > Completeness > Speed. +4. **Mantra:** "Job's not done 'till unit tests run." --- -# NetAlertX AI Assistant Instructions -This is NetAlertX — network monitoring & alerting. NetAlertX provides Network inventory, awareness, insight, categorization, intruder and presence detection. This is a heavily community-driven project, welcoming of all contributions. +# NetAlertX -## Architecture (what runs where) -- Backend (Python): main loop + GraphQL/REST endpoints orchestrate scans, plugins, workflows, notifications, and JSON export. - - Key: `server/__main__.py`, `server/plugin.py`, `server/initialise.py`, `server/api_server/api_server_start.py` -- Data (SQLite): persistent state in `db/app.db`; helpers in `server/database.py` and `server/db/*`. -- Frontend (Nginx + PHP + JS): UI reads JSON, triggers execution queue events. - - Key: `front/`, `front/js/common.js`, `front/php/server/*.php` -- Plugins (Python): acquisition/enrichment/publishers under `front/plugins/*` with `config.json` manifests. -- Messaging/Workflows: `server/messaging/*`, `server/workflows/*` -- API JSON Cache for UI: generated under `api/*.json` +Network monitoring & alerting. Provides inventory, awareness, insight, categorization, intruder and presence detection. -Backend loop phases (see `server/__main__.py` and `server/plugin.py`): `once`, `schedule`, `always_after_scan`, `before_name_updates`, `on_new_device`, `on_notification`, plus ad‑hoc `run` via execution queue. Plugins execute as scripts that write result logs for ingestion. +## Architecture -## Plugin patterns that matter -- Manifest lives at `front/plugins//config.json`; `code_name` == folder, `unique_prefix` drives settings and filenames (e.g., `ARPSCAN`). -- Control via settings: `_RUN` (phase), `_RUN_SCHD` (cron-like), `_CMD` (script path), `_RUN_TIMEOUT`, `_WATCH` (diff columns). -- Data contract: scripts write `/tmp/log/plugins/last_result..log` (pipe‑delimited: 9 required cols + optional 4). Use `front/plugins/plugin_helper.py`’s `Plugin_Objects` to sanitize text and normalize MACs, then `write_result_file()`. -- Device import: define `database_column_definitions` when creating/updating devices; watched fields trigger notifications. +- **Backend (Python):** `server/__main__.py`, `server/plugin.py`, `server/api_server/api_server_start.py` +- **Backend Config:** `/data/config/app.conf` +- **Data (SQLite):** `/data/db/app.db`; helpers in `server/db/*` +- **Frontend (Nginx + PHP + JS):** `front/` +- **Plugins (Python):** `front/plugins/*` with `config.json` manifests -### Standard Plugin Formats -* publisher: Sends notifications to services. Runs `on_notification`. Data source: self. -* dev scanner: Creates devices and manages online/offline status. Runs on `schedule`. Data source: self / SQLite DB. -* name discovery: Discovers device names via various protocols. Runs `before_name_updates` or on `schedule`. Data source: self. -* importer: Imports devices from another service. Runs on `schedule`. Data source: self / SQLite DB. -* system: Provides core system functionality. Runs on `schedule` or is always on. Data source: self / Template. -* other: Miscellaneous plugins. Runs at various times. Data source: self / Template. +## Skills -### Plugin logging & outputs -- Always check relevant logs first. -- Use logging as shown in other plugins. -- Collect results with `Plugin_Objects.add_object(...)` during processing and call `plugin_objects.write_result_file()` exactly once at the end of the script. -- Prefer to log a brief summary before writing (e.g., total objects added) to aid troubleshooting; keep logs concise at `info` level and use `verbose` or `debug` for extra context. -- Do not write ad‑hoc files for results; the only consumable output is `last_result..log` generated by `Plugin_Objects`. +Procedural knowledge lives in `.github/skills/`. Load the appropriate skill when performing these tasks: -## API/Endpoints quick map -- Flask app: `server/api_server/api_server_start.py` exposes routes like `/device/`, `/devices`, `/devices/export/{csv,json}`, `/devices/import`, `/devices/totals`, `/devices/by-status`, plus `nettools`, `events`, `sessions`, `dbquery`, `metrics`, `sync`. -- Authorization: all routes expect header `Authorization: Bearer ` via `get_setting_value('API_TOKEN')`. -- All responses need to return `"success":` and if `False` an "error" message needs to be returned, e.g. `{"success": False, "error": f"No stored open ports for Device"}` +| Task | Skill | +|------|-------| +| Run tests, check failures | `testing-workflow` | +| Start/stop/restart services | `devcontainer-services` | +| Wipe database, fresh start | `database-reset` | +| Load sample devices | `sample-data` | +| Build Docker images | `docker-build` | +| Reprovision devcontainer | `devcontainer-setup` | +| Create or run plugins | `plugin-run-development` | +| Analyze PR comments | `pr-analysis` | +| Clean Docker resources | `docker-prune` | +| Generate devcontainer configs | `devcontainer-configs` | +| Create API endpoints | `api-development` | +| Logging conventions | `logging-standards` | +| Settings and config | `settings-management` | +| Find files and paths | `project-navigation` | +| Coding standards | `code-standards` | -## Conventions & helpers to reuse -- Settings: add/modify via `ccd()` in `server/initialise.py` or per‑plugin manifest. Never hardcode ports or secrets; use `get_setting_value()`. -- Logging: use `mylog(level, [message])`; levels: none/minimal/verbose/debug/trace. `none` is used for most important messages that should always appear, such as exceptions. Do NOT use `error` as level. -- Time/MAC/strings: `server/utils/datetime_utils.py` (`timeNowDB`), `front/plugins/plugin_helper.py` (`normalize_mac`), `server/helper.py` (sanitizers). Validate MACs before DB writes. -- DB helpers: prefer `server/db/db_helper.py` functions (e.g., `get_table_json`, device condition helpers) over raw SQL in new paths. +## Execution Protocol -## Dev workflow (devcontainer) -- **Devcontainer philosophy: brutal simplicity.** One user, everything writable, completely idempotent. No permission checks, no conditional logic, no sudo needed. If something doesn't work, tear down the wall and rebuild - don't patch. We unit test permissions in the hardened build. -- **Permissions:** Never `chmod` or `chown` during operations. Everything is already writable. If you need permissions, the devcontainer setup is broken - fix `.devcontainer/scripts/setup.sh` or `.devcontainer/resources/devcontainer-Dockerfile` instead. -- **Files & Paths:** Use environment variables (`NETALERTX_DB`, `NETALERTX_LOG`, etc.) everywhere. `/data` for persistent config/db, `/tmp` for runtime logs/api/nginx state. Never hardcode `/data/db` or relative paths. -- **Database reset:** Use the `[Dev Container] Wipe and Regenerate Database` task. Kills backend, deletes `/data/{db,config}/*`, runs first-time setup scripts. Clean slate, no questions. -- Services: use tasks to (re)start backend and nginx/PHP-FPM. Backend runs with debugpy on 5678; attach a Python debugger if needed. -- Run a plugin manually: `python3 front/plugins//script.py` (ensure `sys.path` includes `/app/front/plugins` and `/app/server` like the template). -- Testing: pytest available via Alpine packages. Tests live in `test/`; app code is under `server/`. PYTHONPATH is preconfigured to include workspace and `/opt/venv` site‑packages. -- **Subprocess calls:** ALWAYS set explicit timeouts. Default to 60s minimum unless plugin config specifies otherwise. Nested subprocess calls (e.g., plugins calling external tools) need their own timeout - outer plugin timeout won't save you. -- you need to set the BACKEND_API_URL setting (e.g. in teh app.conf file or via the APP_CONF_OVERRIDE env variable) to the backend api port url , e.g. https://something-20212.app.github.dev/ depending on your github codespace url. - -## What “done right” looks like -- When adding a plugin, start from `front/plugins/__template`, implement with `plugin_helper`, define manifest settings, and wire phase via `_RUN`. Verify logs in `/tmp/log/plugins/` and data in `api/*.json`. -- When introducing new config, define it once (core `ccd()` or plugin manifest) and read it via helpers everywhere. -- When exposing new server functionality, add endpoints in `server/api_server/*` and keep authorization consistent; update UI by reading/writing JSON cache rather than bypassing the pipeline. -- Always try following the DRY principle, do not re-implement functionality, but re-use existing methods where possible, or refactor to use a common method that is called multiple times -- If new functionality needs to be added, look at impenting it into existing handlers (e.g. `DeviceInstance` in `server/models/device_instance.py`) or create a new one if it makes sense. Do not access the DB from otehr application layers. -- Code files shoudln't be longer than 500 lines of code - -## Useful references -- Docs: `docs/PLUGINS_DEV.md`, `docs/SETTINGS_SYSTEM.md`, `docs/API_*.md`, `docs/DEBUG_*.md` -- Logs: All logs are under `/tmp/log/`. Plugin logs are very shortly under `/tmp/log/plugins/` until picked up by the server. - - plugin logs: `/tmp/log/plugins/*.log` - - backend logs: `/tmp/log/stdout.log` and `/tmp/log/stderr.log` - - php errors: `/tmp/log/app.php_errors.log` - - nginx logs: `/tmp/log/nginx-access.log` and `/tmp/log/nginx-error.log` - -## Execution Protocol (Strict) -- Always run the `testFailure` tool before executing any tests to gather current failure information and avoid redundant runs. -- Always prioritize using the appropriate tools in the environment first. Example: if a test is failing use `testFailure` then `runTests`. -- Docker tests take an extremely long time to run. Avoid changes to docker or tests until you've examined the existing `testFailure`s and `runTests` results. \ No newline at end of file +- **Before running tests:** Always use `testFailure` tool first to gather current failures. +- **Docker tests are slow.** Examine existing failures before changing tests or Dockerfiles. diff --git a/.github/skills/api-development/SKILL.md b/.github/skills/api-development/SKILL.md new file mode 100644 index 00000000..2133a29b --- /dev/null +++ b/.github/skills/api-development/SKILL.md @@ -0,0 +1,69 @@ +--- +name: api-development +description: Develop and extend NetAlertX REST API endpoints. Use this when asked to create endpoint, add API route, implement API, or modify API responses. +--- + +# API Development + +## Entry Point + +Flask app: `server/api_server/api_server_start.py` + +## Existing Routes + +- `/device/` - Single device operations +- `/devices` - Device list +- `/devices/export/{csv,json}` - Export devices +- `/devices/import` - Import devices +- `/devices/totals` - Device counts +- `/devices/by-status` - Devices grouped by status +- `/nettools` - Network utilities +- `/events` - Event log +- `/sessions` - Session management +- `/dbquery` - Database queries +- `/metrics` - Prometheus metrics +- `/sync` - Synchronization + +## Authorization + +All routes require header: + +``` +Authorization: Bearer +``` + +Retrieve token via `get_setting_value('API_TOKEN')`. + +## Response Contract + +**MANDATORY:** All responses must include `"success": true|false` + +```python +return {"success": False, "error": "Description of what went wrong"} +``` + +On success: + +```python +return {"success": True, "data": result} +``` + +```python +return {"success": False, "error": "Description of what went wrong"} +``` + +On success: + +```python +return {"success": True, "data": result} +``` + + +**Exception:** The legacy `/device/` GET endpoint does not follow this contract to maintain backward compatibility with the UI. + +## Adding New Endpoints + +1. Add route in `server/api_server/` directory +2. Follow authorization pattern +3. Return proper response contract +4. Update UI to read/write JSON cache (don't bypass pipeline) diff --git a/.github/skills/authentication/SKILL.md b/.github/skills/authentication/SKILL.md new file mode 100644 index 00000000..16ae1ac1 --- /dev/null +++ b/.github/skills/authentication/SKILL.md @@ -0,0 +1,60 @@ +--- +name: netalertx-authentication-tokens +description: Manage and troubleshoot API tokens and authentication-related secrets. Use this when you need to find, rotate, verify, or debug authentication issues (401/403) in NetAlertX. +--- + +# Authentication + +## Purpose ✅ +Explain how to locate, validate, rotate, and troubleshoot API tokens and related authentication settings used by NetAlertX. + +## Pre-Flight Check (MANDATORY) ⚠️ +1. Ensure the backend is running (use devcontainer services or `ps`/systemd checks). +2. Verify the `API_TOKEN` setting can be read with Python (see below). +3. If a token-related error occurs, gather logs (`/tmp/log/app.log`, nginx logs) before changing secrets. + +## Retrieve the API token (Python — preferred) 🐍 +Always use Python helpers to read secrets to avoid accidental exposure in shells or logs: + +```python +from helper import get_setting_value +token = get_setting_value("API_TOKEN") +``` + +If you must inspect from a running container (read-only), use: + +```bash +docker exec python3 -c "from helper import get_setting_value; print(get_setting_value('API_TOKEN'))" +``` + +You can also check the runtime config file: + +```bash +docker exec grep API_TOKEN /data/config/app.conf +``` + +## Rotate / Generate a new token 🔁 +- Preferred: Use the web UI (Settings / System) and click **Generate** for the `API_TOKEN` field — this updates the value safely and immediately. +- Manual: Edit `/data/config/app.conf` and restart the backend if required (use the existing devcontainer service tasks). +- After rotation: verify the value with `get_setting_value('API_TOKEN')` and update any clients or sync nodes to use the new token. + +## Troubleshooting 401 / 403 Errors 🔍 +1. Confirm backend is running and reachable. +2. Confirm `get_setting_value('API_TOKEN')` returns a non-empty value. +3. Ensure client requests send the header exactly: `Authorization: Bearer `. +4. Check `/tmp/log/app.log` and plugin logs (e.g., sync plugin) for "Incorrect API Token" messages. +5. If using multiple nodes, ensure the token matches across nodes for sync operations. +6. If token appears missing or incorrect, rotate via UI or update `app.conf` and re-verify. + +## Best Practices & Security 🔐 +- Never commit tokens to source control or paste them in public issues. Redact tokens when sharing logs. +- Rotate tokens when a secret leak is suspected or per your security policy. +- Use `get_setting_value()` in tests and scripts — do not hardcode secrets. + +## Related Skills & Docs 📚 +- `testing-workflow` — how to use `API_TOKEN` in tests +- `settings-management` — where settings live and how they are managed +- Docs: `docs/API.md`, `docs/API_OLD.md`, `docs/API_SSE.md` + +--- +_Last updated: 2026-01-23_ diff --git a/.github/skills/code-standards/SKILL.md b/.github/skills/code-standards/SKILL.md new file mode 100644 index 00000000..7257e8be --- /dev/null +++ b/.github/skills/code-standards/SKILL.md @@ -0,0 +1,65 @@ +--- +name: netalertx-code-standards +description: NetAlertX coding standards and conventions. Use this when writing code, reviewing code, or implementing features. +--- + +# Code Standards + +## File Length + +Keep code files under 500 lines. Split larger files into modules. + +## DRY Principle + +Do not re-implement functionality. Reuse existing methods or refactor to create shared methods. + +## Database Access + +- Never access DB directly from application layers +- Use `server/db/db_helper.py` functions (e.g., `get_table_json`) +- Implement new functionality in handlers (e.g., `DeviceInstance` in `server/models/device_instance.py`) + +## MAC Address Handling + +Always validate and normalize MACs before DB writes: + +```python +from plugin_helper import normalize_mac + +mac = normalize_mac(raw_mac) +``` + +## Subprocess Safety + +**MANDATORY:** All subprocess calls must set explicit timeouts. + +```python +result = subprocess.run(cmd, timeout=60) # Minimum 60s +``` + +Nested subprocess calls need their own timeout—outer timeout won't save you. + +## Time Utilities + +```python +from utils.datetime_utils import timeNowDB + +timestamp = timeNowDB() +``` + +## String Sanitization + +Use sanitizers from `server/helper.py` before storing user input. + +## Devcontainer Constraints + +- Never `chmod` or `chown` during operations +- Everything is already writable +- If permissions needed, fix `.devcontainer/scripts/setup.sh` + +## Path Hygiene + +- Use environment variables for runtime paths +- `/data` for persistent config/db +- `/tmp` for runtime logs/api/nginx state +- Never hardcode `/data/db` or use relative paths diff --git a/.github/skills/database-reset/SKILL.md b/.github/skills/database-reset/SKILL.md new file mode 100644 index 00000000..8cc47c4a --- /dev/null +++ b/.github/skills/database-reset/SKILL.md @@ -0,0 +1,38 @@ +--- +name: reset-netalertx-database +description: Wipe and regenerate the NetAlertX database and config. Use this when asked to reset database, wipe db, fresh database, clean slate, or start fresh. +--- + +# Database Reset + +Completely wipes devcontainer database and config, then regenerates from scratch. + +## Command + +```bash +killall 'python3' || true +sleep 1 +rm -rf /data/db/* /data/config/* +bash /entrypoint.d/15-first-run-config.sh +bash /entrypoint.d/20-first-run-db.sh +``` + +## What This Does + +1. Kills backend to release database locks +2. Deletes all files in `/data/db/` and `/data/config/` +3. Runs first-run config provisioning +4. Runs first-run database initialization + +## After Reset + +Run the startup script to restart services: + +```bash +/workspaces/NetAlertX/.devcontainer/scripts/setup.sh +``` + +## Database Location + +- Runtime: `/data/db/app.db` (SQLite) +- Config: `/data/config/app.conf` diff --git a/.github/skills/devcontainer-configs/SKILL.md b/.github/skills/devcontainer-configs/SKILL.md new file mode 100644 index 00000000..bec8e250 --- /dev/null +++ b/.github/skills/devcontainer-configs/SKILL.md @@ -0,0 +1,28 @@ +--- +name: netalertx-devcontainer-configs +description: Generate devcontainer configuration files. Use this when asked to generate devcontainer configs, update devcontainer template, or regenerate devcontainer. +--- + +# Devcontainer Config Generation + +Generates devcontainer configs from the template. Must be run after changes to devcontainer configuration. + +## Command + +```bash +/workspaces/NetAlertX/.devcontainer/scripts/generate-configs.sh +``` + +## What It Does + +Combines and merges template configurations into the final config used by VS Code. + +## When to Run + +- After modifying `.devcontainer/` template files +- After changing devcontainer features or settings +- Before committing devcontainer changes + +## Note + +This affects only the devcontainer configuration. It has no bearing on the production or test Docker image. diff --git a/.github/skills/devcontainer-services/SKILL.md b/.github/skills/devcontainer-services/SKILL.md new file mode 100644 index 00000000..e96202a1 --- /dev/null +++ b/.github/skills/devcontainer-services/SKILL.md @@ -0,0 +1,50 @@ +--- +name: restarting-netalertx-services +description: Control NetAlertX services inside the devcontainer. Use this when asked to start backend, start frontend, start nginx, start php-fpm, start crond, stop services, restart services, or check if services are running. +--- + +# Devcontainer Services + +You operate inside the devcontainer. Do not use `docker exec`. + +## Start Backend (Python) + +```bash +/services/start-backend.sh +``` + +Backend runs with debugpy on port 5678 for debugging. Takes ~5 seconds to be ready. + +## Start Frontend (nginx + PHP-FPM) + +```bash +/services/start-php-fpm.sh & +/services/start-nginx.sh & +``` + +Launches almost instantly. + +## Start Scheduler (CronD) + +```bash +/services/start-crond.sh +``` + +## Stop All Services + +```bash +pkill -f 'php-fpm83|nginx|crond|python3' || true +``` + +## Check Running Services + +```bash +pgrep -a 'python3|nginx|php-fpm|crond' +``` + +## Service Ports + +- Frontend (nginx): 20211 +- Backend API: 20212 +- GraphQL: 20212 +- Debugpy: 5678 diff --git a/.github/skills/devcontainer-setup/SKILL.md b/.github/skills/devcontainer-setup/SKILL.md new file mode 100644 index 00000000..9b554d62 --- /dev/null +++ b/.github/skills/devcontainer-setup/SKILL.md @@ -0,0 +1,36 @@ +--- +name: netalertx-idempotent-setup +description: Reprovision and reset the devcontainer environment. Use this when asked to re-run startup, reprovision, setup devcontainer, fix permissions, or reset runtime state. +--- + +# Devcontainer Setup + +The setup script forcefully resets all runtime state. It is idempotent—every run wipes and recreates all relevant folders, symlinks, and files. + +## Command + +```bash +/workspaces/NetAlertX/.devcontainer/scripts/setup.sh +``` + +## What It Does + +1. Kills all services (php-fpm, nginx, crond, python3) +2. Mounts tmpfs ramdisks for `/tmp/log`, `/tmp/api`, `/tmp/run`, `/tmp/nginx` +3. Creates critical subdirectories +4. Links `/entrypoint.d` and `/app` symlinks +5. Creates `/data`, `/data/config`, `/data/db` directories +6. Creates all log files +7. Runs `/entrypoint.sh` to start services +8. Writes version to `.VERSION` + +## When to Use + +- After modifying setup scripts +- After container rebuild +- When environment is in broken state +- After database reset + +## Philosophy + +No conditional logic. Everything is recreated unconditionally. If something doesn't work, run setup again. diff --git a/.github/skills/docker-build/SKILL.md b/.github/skills/docker-build/SKILL.md new file mode 100644 index 00000000..f66374ab --- /dev/null +++ b/.github/skills/docker-build/SKILL.md @@ -0,0 +1,38 @@ +--- +name: netalertx-docker-build +description: Build Docker images for testing or production. Use this when asked to build container, build image, docker build, build test image, or launch production container. +--- + +# Docker Build + +## Build Unit Test Image + +Required after container/Dockerfile changes. Tests won't see changes until image is rebuilt. + +```bash +docker buildx build -t netalertx-test . +``` + +Build time: ~30 seconds (or ~90s if venv stage changes) + +## Build and Launch Production Container + +Before launching, stop devcontainer services first to free ports. + +```bash +cd /workspaces/NetAlertX +docker compose up -d --build --force-recreate +``` + +## Pre-Launch Checklist + +1. Stop devcontainer services: `pkill -f 'php-fpm83|nginx|crond|python3'` +2. Close VS Code forwarded ports +3. Run the build command + +## Production Container Details + +- Image: `netalertx:latest` +- Container name: `netalertx` +- Network mode: host +- Ports: 20211 (UI), 20212 (API/GraphQL) diff --git a/.github/skills/docker-prune/SKILL.md b/.github/skills/docker-prune/SKILL.md new file mode 100644 index 00000000..14571813 --- /dev/null +++ b/.github/skills/docker-prune/SKILL.md @@ -0,0 +1,32 @@ +--- +name: netalertx-docker-prune +description: Clean up unused Docker resources. Use this when asked to prune docker, clean docker, remove unused images, free disk space, or docker cleanup. DANGEROUS operation. Requires human confirmation. +--- + +# Docker Prune + +**DANGER:** This destroys containers, images, volumes, and networks. Any stopped container will be wiped and data will be lost. + +## Command + +```bash +/workspaces/NetAlertX/.devcontainer/scripts/confirm-docker-prune.sh +``` + +## What Gets Deleted + +- All stopped containers +- All unused images +- All unused volumes +- All unused networks + +## When to Use + +- Disk space is low +- Build cache is corrupted +- Clean slate needed for testing +- After many image rebuilds + +## Safety + +The script requires explicit confirmation before proceeding. diff --git a/.github/skills/mcp-activation/SKILL.md b/.github/skills/mcp-activation/SKILL.md new file mode 100644 index 00000000..abbdb317 --- /dev/null +++ b/.github/skills/mcp-activation/SKILL.md @@ -0,0 +1,34 @@ +--- +name: mcp-activation +description: Enables live interaction with the NetAlertX runtime. This skill configures the Model Context Protocol (MCP) connection, granting full API access for debugging, troubleshooting, and real-time operations including database queries, network scans, and device management. +--- + +# MCP Activation Skill + +This skill configures the environment to expose the Model Context Protocol (MCP) server to AI agents running inside the devcontainer. + +## Usage + +This skill assumes you are already running within the NetAlertX devcontainer. + +1. **Generate Configurations:** + Run the configuration generation script to extract the API Token and update the VS Code MCP settings. + + ```bash + /workspaces/NetAlertX/.devcontainer/scripts/generate-configs.sh + ``` + +2. **Reload Window:** + Request the user to reload the VS Code window to activate the new tools. + > I have generated the MCP configuration. Please run the **'Developer: Reload Window'** command to activate the MCP server tools. + > In VS Code: open the Command Palette (Windows/Linux: Ctrl+Shift+P, macOS: Cmd+Shift+P), type Developer: Reload Window, press Enter — or click the Reload button if a notification appears. 🔁 + > After you reload, tell me “Window reloaded” (or just “reloaded”) and I’ll continue. + + +## Why use this? + +Access the live runtime API to perform operations that are not possible through static file analysis: +- **Query the database** +- **Trigger network scans** +- **Manage devices and events** +- **Troubleshoot real-time system state** diff --git a/.github/skills/plugin-run-development/SKILL.md b/.github/skills/plugin-run-development/SKILL.md new file mode 100644 index 00000000..b7d6799f --- /dev/null +++ b/.github/skills/plugin-run-development/SKILL.md @@ -0,0 +1,85 @@ +--- +name: netalertx-plugin-run-development +description: Create and run NetAlertX plugins. Use this when asked to create plugin, run plugin, test plugin, plugin development, or execute plugin script. +--- + +# Plugin Development + +## Expected Workflow for Running Plugins + +1. Read this skill document for context and instructions. +2. Find the plugin in `front/plugins//`. +3. Read the plugin's `config.json` and `script.py` to understand its functionality and settings. +4. Formulate and run the command: `python3 front/plugins//script.py`. +5. Retrieve the result from the plugin log folder (`/tmp/log/plugins/last_result..log`) quickly, as the backend may delete it after processing. + +## Run a Plugin Manually + +```bash +python3 front/plugins//script.py +``` + +Ensure `sys.path` includes `/app/front/plugins` and `/app/server` (as in the template). + +## Plugin Structure + +```text +front/plugins// +├── config.json # Manifest with settings +├── script.py # Main script +└── ... +``` + +## Manifest Location + +`front/plugins//config.json` + +- `code_name` == folder name +- `unique_prefix` drives settings and filenames (e.g., `ARPSCAN`) + +## Settings Pattern + +- `_RUN`: execution phase +- `_RUN_SCHD`: cron-like schedule +- `_CMD`: script path +- `_RUN_TIMEOUT`: timeout in seconds +- `_WATCH`: columns to watch for changes + +## Data Contract + +Scripts write to `/tmp/log/plugins/last_result..log` + +**Important:** The backend will almost immediately process this result file and delete it after ingestion. If you need to inspect the output, run the plugin and immediately retrieve the result file before the backend processes it. + +Use `front/plugins/plugin_helper.py`: + +```python +from plugin_helper import Plugin_Objects + +plugin_objects = Plugin_Objects() +plugin_objects.add_object(...) # During processing +plugin_objects.write_result_file() # Exactly once at end +``` + +## Execution Phases + +- `once`: runs once at startup +- `schedule`: runs on cron schedule +- `always_after_scan`: runs after every scan +- `before_name_updates`: runs before name resolution +- `on_new_device`: runs when new device detected +- `on_notification`: runs when notification triggered + +## Plugin Formats + +| Format | Purpose | Runs | +|--------|---------|------| +| publisher | Send notifications | `on_notification` | +| dev scanner | Create/manage devices | `schedule` | +| name discovery | Discover device names | `before_name_updates` | +| importer | Import from services | `schedule` | +| system | Core functionality | `schedule` | + +## Starting Point + +Copy from `front/plugins/__template` and customize. diff --git a/.github/skills/project-navigation/SKILL.md b/.github/skills/project-navigation/SKILL.md new file mode 100644 index 00000000..0c57a300 --- /dev/null +++ b/.github/skills/project-navigation/SKILL.md @@ -0,0 +1,59 @@ +--- +name: about-netalertx-project-structure +description: Navigate the NetAlertX codebase structure. Use this when asked about file locations, project structure, where to find code, or key paths. +--- + +# Project Navigation + +## Key Paths + +| Component | Path | +|-----------|------| +| Workspace root | `/workspaces/NetAlertX` | +| Backend entry | `server/__main__.py` | +| API server | `server/api_server/api_server_start.py` | +| Plugin system | `server/plugin.py` | +| Initialization | `server/initialise.py` | +| Frontend | `front/` | +| Frontend JS | `front/js/common.js` | +| Frontend PHP | `front/php/server/*.php` | +| Plugins | `front/plugins/` | +| Plugin template | `front/plugins/__template` | +| Database helpers | `server/db/db_helper.py` | +| Device model | `server/models/device_instance.py` | +| Messaging | `server/messaging/` | +| Workflows | `server/workflows/` | + +## Architecture + +NetAlertX uses a frontend–backend architecture: the frontend runs on **PHP + Nginx** (see `front/`), the backend is implemented in **Python** (see `server/`), and scheduled tasks are managed by a **supercronic** scheduler that runs periodic jobs. + +## Runtime Paths + +| Data | Path | +|------|------| +| Config (runtime) | `/data/config/app.conf` | +| Config (default) | `back/app.conf` | +| Database | `/data/db/app.db` | +| API JSON cache | `/tmp/api/*.json` | +| Logs | `/tmp/log/` | +| Plugin logs | `/tmp/log/plugins/` | + +## Environment Variables + +Use these NETALERTX_* instead of hardcoding paths. Examples: + +- `NETALERTX_DB` +- `NETALERTX_LOG` +- `NETALERTX_CONFIG` +- `NETALERTX_DATA` +- `NETALERTX_APP` + +## Documentation + +| Topic | Path | +|-------|------| +| Plugin development | `docs/PLUGINS_DEV.md` | +| System settings | `docs/SETTINGS_SYSTEM.md` | +| API docs | `docs/API_*.md` | +| Debug guides | `docs/DEBUG_*.md` | diff --git a/.github/skills/sample-data/SKILL.md b/.github/skills/sample-data/SKILL.md new file mode 100644 index 00000000..2dc22559 --- /dev/null +++ b/.github/skills/sample-data/SKILL.md @@ -0,0 +1,31 @@ +--- +name: netalertx-sample-data +description: Load synthetic device data into the devcontainer. Use this when asked to load sample devices, seed data, import test devices, populate database, or generate test data. +--- + +# Sample Data Loading + +Generates synthetic device inventory and imports it via the `/devices/import` API endpoint. + +## Command + +```bash +cd /workspaces/NetAlertX/.devcontainer/scripts +./load-devices.sh +``` + +## Environment + +- `CSV_PATH`: defaults to `/tmp/netalertx-devices.csv` + +## Prerequisites + +- Backend must be running +- API must be accessible + +## What It Does + +1. Generates synthetic device records (MAC addresses, IPs, names, vendors) +2. Creates CSV file at `$CSV_PATH` +3. POSTs to `/devices/import` endpoint +4. Devices appear in database and UI diff --git a/.github/skills/settings-management/SKILL.md b/.github/skills/settings-management/SKILL.md new file mode 100644 index 00000000..137ea4a2 --- /dev/null +++ b/.github/skills/settings-management/SKILL.md @@ -0,0 +1,47 @@ +--- +name: netalertx-settings-management +description: Manage NetAlertX configuration settings. Use this when asked to add setting, read config, get_setting_value, ccd, or configure options. +--- + +# Settings Management + +## Reading Settings + +```python +from helper import get_setting_value + +value = get_setting_value('SETTING_NAME') +``` + +Never hardcode ports, secrets, or configuration values. Always use `get_setting_value()`. + +## Adding Core Settings + +Use `ccd()` in `server/initialise.py`: + +```python +ccd('SETTING_NAME', 'default_value', 'description') +``` + +## Adding Plugin Settings + +Define in plugin's `config.json` manifest under the settings section. + +## Config Files + +| File | Purpose | +|------|---------| +| `/data/config/app.conf` | Runtime config (modified by app) | +| `back/app.conf` | Default config (template) | + +## Environment Override + +Use `APP_CONF_OVERRIDE` environment variable for settings that must be set before startup. + +## Backend API URL + +For Codespaces, set `BACKEND_API_URL` to your Codespace URL: + +``` +BACKEND_API_URL=https://something-20212.app.github.dev/ +``` diff --git a/.github/skills/testing-workflow/SKILL.md b/.github/skills/testing-workflow/SKILL.md new file mode 100644 index 00000000..d89b3be2 --- /dev/null +++ b/.github/skills/testing-workflow/SKILL.md @@ -0,0 +1,61 @@ +--- +name: netalertx-testing-workflow +description: Run and debug tests in the NetAlertX devcontainer. Use this when asked to run tests, check test failures, debug failing tests, or execute pytest. +--- + +# Testing Workflow + +## Pre-Flight Check (MANDATORY) + +Before running any tests, always check for existing failures first: + +1. Use the `testFailure` tool to gather current failure information +2. Review the failures to understand what's already broken +3. Only then proceed with test execution + +## Running Tests + +Use VS Code's testing interface or the `runTests` tool with appropriate parameters: + +- To run all tests: invoke runTests without file filter +- To run specific test file: invoke runTests with the test file path +- To run failed tests only: invoke runTests with `--lf` flag + +## Test Location + +Tests live in `test/` directory. App code is under `server/`. + +PYTHONPATH is preconfigured to include the following which should meet all needs: +- `/app` # the primary location where python runs in the production system +- `/app/server` # symbolic link to /wprkspaces/NetAlertX/server +- `/app/front/plugins` # symbolic link to /workspaces/NetAlertX/front/plugins +- `/opt/venv/lib/pythonX.Y/site-packages` +- `/workspaces/NetAlertX/test` +- `/workspaces/NetAlertX/server` +- `/workspaces/NetAlertX` +- `/usr/lib/pythonX.Y/site-packages` + +## Authentication in Tests + +Retrieve `API_TOKEN` using Python (not shell): + +```python +from helper import get_setting_value +token = get_setting_value("API_TOKEN") +``` + +## Troubleshooting 403 Forbidden + +1. Ensure backend is running (use devcontainer-services skill) +2. Verify config loaded: `get_setting_value("API_TOKEN")` returns non-empty +3. Re-run startup if needed (use devcontainer-setup skill) + +## Docker Test Image + +If container changes affect tests, rebuild the test image first: + +```bash +docker buildx build -t netalertx-test . +``` + +This takes ~30 seconds unless venv stage changes (~90s). diff --git a/.github/workflows/code_checks.yml b/.github/workflows/code-checks.yml old mode 100755 new mode 100644 similarity index 77% rename from .github/workflows/code_checks.yml rename to .github/workflows/code-checks.yml index e586b200..9087a570 --- a/.github/workflows/code_checks.yml +++ b/.github/workflows/code-checks.yml @@ -1,4 +1,4 @@ -name: Code checks +name: ✅ Code checks on: push: branches: @@ -17,6 +17,23 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + - name: 🚨 Ensure DELETE FROM CurrentScan is not commented out + run: | + echo "🔍 Checking that DELETE FROM CurrentScan is not commented out..." + + MATCHES=$(grep -RInE '^[[:space:]]*#[[:space:]]*db\.sql\.execute\("DELETE FROM CurrentScan"\)' \ + --include="*.py" .) || true + + if [ -n "$MATCHES" ]; then + echo "❌ Found commented-out DELETE FROM CurrentScan call:" + echo "$MATCHES" + echo + echo "This line must NOT be commented out in committed code." + exit 1 + else + echo "✅ DELETE FROM CurrentScan is active." + fi + - name: Check for incorrect absolute '/php/' URLs in frontend code run: | echo "🔍 Checking for incorrect absolute '/php/' URLs (should be 'php/' or './php/')..." @@ -95,5 +112,5 @@ jobs: - name: Run Docker-based tests run: | echo "🐳 Running Docker-based tests..." - chmod +x ./test/docker_tests/run_docker_tests.sh - ./test/docker_tests/run_docker_tests.sh + chmod +x ./scripts/run_tests_in_docker_environment.sh + ./scripts/run_tests_in_docker_environment.sh diff --git a/.github/workflows/docker_cache-cleaner.yml b/.github/workflows/docker_cache-cleaner.yml deleted file mode 100755 index 43573815..00000000 --- a/.github/workflows/docker_cache-cleaner.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: 🤖Automation - ci-package-cleaner - -on: - - workflow_dispatch: # manual option - - # schedule: - # - cron: '15 22 * * 1' # every Monday 10.15pm UTC (~11.15am Tuesday NZT) - -jobs: - - package-cleaner: - name: package-cleaner - runs-on: ubuntu-latest - timeout-minutes: 5 - permissions: - packages: write - steps: - - - uses: actions/delete-package-versions@v4 - with: - package-name: netalertx - package-type: container - min-versions-to-keep: 0 - delete-only-untagged-versions: true \ No newline at end of file diff --git a/.github/workflows/docker_dev.yml b/.github/workflows/docker_dev.yml index fff07b5a..52eb4812 100755 --- a/.github/workflows/docker_dev.yml +++ b/.github/workflows/docker_dev.yml @@ -1,4 +1,4 @@ -name: docker +name: 🐳 👩‍💻 docker dev on: push: diff --git a/.github/workflows/docker_dev_unsafe.yml b/.github/workflows/docker_dev_unsafe.yml index 0caf8672..b1597a62 100644 --- a/.github/workflows/docker_dev_unsafe.yml +++ b/.github/workflows/docker_dev_unsafe.yml @@ -1,4 +1,4 @@ -name: docker-unsafe +name: 🐳 ⚠ docker-unsafe from next_release branch on: push: diff --git a/.github/workflows/docker_prod.yml b/.github/workflows/docker_prod.yml index df793e77..b8292054 100755 --- a/.github/workflows/docker_prod.yml +++ b/.github/workflows/docker_prod.yml @@ -6,7 +6,7 @@ # GitHub recommends pinning actions to a commit SHA. # To get a newer version, you will need to update the SHA. # You can also reference a tag or branch, but the action may change without warning. -name: Publish Docker image +name: 🐳 🚀 Publish Docker image on: release: diff --git a/.github/workflows/label-issues.yml b/.github/workflows/label-issues.yml index c7606423..94432364 100755 --- a/.github/workflows/label-issues.yml +++ b/.github/workflows/label-issues.yml @@ -1,4 +1,4 @@ -name: Label Issues by Installation Type +name: 🏷 Label Issues by Installation Type on: issues: @@ -15,21 +15,28 @@ jobs: uses: actions/github-script@v7 with: script: | - const body = context.payload.issue.body; + const body = (context.payload.issue.body || "").toLowerCase(); - const lowerBody = body.toLowerCase(); + // --- Check for template marker --- + const hasTemplate = body.includes('netalertx_template'); + if (!hasTemplate) { + console.log("No template marker found, skipping labeling."); + return; // skip labeling + } + + // --- Proceed with normal labeling --- let labelsToAdd = []; - if (lowerBody.includes('bare-metal') || lowerBody.includes('proxmox')) { + if (body.includes('bare-metal') || body.includes('proxmox')) { labelsToAdd.push('bare-metal ❗'); } - if (lowerBody.includes('home assistant')) { + if (body.includes('home assistant')) { labelsToAdd.push('Home Assistant 🏠'); } - if (lowerBody.includes('production (netalertx)') || lowerBody.includes('dev (netalertx-dev)')) { + if (body.includes('production (netalertx)') || body.includes('dev (netalertx-dev)')) { labelsToAdd.push('Docker 🐋'); } @@ -40,4 +47,6 @@ jobs: issue_number: context.issue.number, labels: labelsToAdd }); + + console.log(`Added labels: ${labelsToAdd.join(", ")}`); } diff --git a/.github/workflows/mkdocs.yml b/.github/workflows/mkdocs.yml index 76a41896..ab1ca052 100755 --- a/.github/workflows/mkdocs.yml +++ b/.github/workflows/mkdocs.yml @@ -1,4 +1,4 @@ -name: Deploy MkDocs +name: 📘 Deploy MkDocs on: push: diff --git a/.github/workflows/run-all-tests.yml b/.github/workflows/run-all-tests.yml new file mode 100644 index 00000000..45118577 --- /dev/null +++ b/.github/workflows/run-all-tests.yml @@ -0,0 +1,81 @@ +name: 🧪 Manual Test Suite Selector + +on: + workflow_dispatch: + inputs: + run_scan: + description: '📂 scan/ (Scan, Logic, Locks, IPs)' + type: boolean + default: true + run_api: + description: '📂 api_endpoints/ & server/ (Endpoints & Server)' + type: boolean + default: false + run_backend: + description: '📂 backend/ (SQL Builder & Security)' + type: boolean + default: false + run_docker_env: + description: '📂 docker_tests/ (Environment & PUID/PGID)' + type: boolean + default: false + run_ui: + description: '📂 ui/ (Selenium & Dashboard)' + type: boolean + default: false + run_root_files: + description: '📄 Root Test Files (WOL, Atomicity, etc.)' + type: boolean + default: false + +jobs: + comprehensive-test: + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Set up Environment + run: sudo apt-get update && sudo apt-get install -y sqlite3 + + - name: Build Test Path Command + id: builder + run: | + PATHS="" + # Folder Mapping with 'test/' prefix + if [ "${{ github.event.inputs.scan }}" == "true" ]; then PATHS="$PATHS test/scan/"; fi + if [ "${{ github.event.inputs.run_api }}" == "true" ]; then PATHS="$PATHS test/api_endpoints/ test/server/"; fi + if [ "${{ github.event.inputs.run_backend }}" == "true" ]; then PATHS="$PATHS test/backend/"; fi + if [ "${{ github.event.inputs.run_docker_env }}" == "true" ]; then PATHS="$PATHS test/docker_tests/"; fi + if [ "${{ github.event.inputs.run_ui }}" == "true" ]; then PATHS="$PATHS test/ui/"; fi + + # Root Files Mapping (files sitting directly in /test/) + if [ "${{ github.event.inputs.run_root_files }}" == "true" ]; then + PATHS="$PATHS test/test_device_atomicity.py test/test_mcp_disablement.py test/test_plugin_helper.py test/test_wol_validation.py" + fi + + # If nothing is selected, default to the whole test folder + if [ -z "$PATHS" ]; then PATHS="test/"; fi + + echo "final_paths=$PATHS" >> $GITHUB_OUTPUT + + - name: Run Docker Integration Script + run: | + chmod +x ./scripts/run_tests_in_docker_environment.sh + + # We update the pytest command to use the specific paths built above. + # Note: We still keep your 'not' filter to skip E2E tests unless you want them. + TARGET_PATHS="${{ steps.builder.outputs.final_paths }}" + SED_COMMAND="pytest $TARGET_PATHS -m 'not (docker or compose or feature_complete)'" + + echo "🚀 Targeted Pytest Command: $SED_COMMAND" + + sed -i "s|pytest -m 'not (docker or compose or feature_complete)'|$SED_COMMAND|g" ./scripts/run_tests_in_docker_environment.sh + + ./scripts/run_tests_in_docker_environment.sh + + - name: Cleanup + if: always() + run: | + docker stop netalertx-test-container || true + docker rm netalertx-test-container || true \ No newline at end of file diff --git a/.github/workflows/social_post_on_release.yml b/.github/workflows/social-post-on-release.yml old mode 100755 new mode 100644 similarity index 100% rename from .github/workflows/social_post_on_release.yml rename to .github/workflows/social-post-on-release.yml diff --git a/.gitignore b/.gitignore index 760bb78f..cf9ed162 100755 --- a/.gitignore +++ b/.gitignore @@ -24,6 +24,7 @@ front/api/* /api/* **/plugins/**/*.log **/plugins/cloud_services/* +**/plugins/cloud_connector/* **/%40eaDir/ **/@eaDir/ @@ -46,3 +47,5 @@ docker-compose.yml.ffsb42 .env.omada.ffsb42 .venv test_mounts/ +.gemini/settings.json +.vscode/mcp.json diff --git a/.vscode/settings.json b/.vscode/settings.json index 9bd7c413..f118d771 100755 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -31,5 +31,6 @@ "python.formatting.blackArgs": [ "--line-length=180" ], + "chat.useAgentSkills": true, } \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 6d308642..0836f7fd 100755 --- a/Dockerfile +++ b/Dockerfile @@ -134,7 +134,7 @@ ENV LANG=C.UTF-8 RUN apk add --no-cache bash mtr libbsd zip lsblk tzdata curl arp-scan iproute2 iproute2-ss nmap fping \ nmap-scripts traceroute nbtscan net-tools net-snmp-tools bind-tools awake ca-certificates \ sqlite php83 php83-fpm php83-cgi php83-curl php83-sqlite3 php83-session python3 envsubst \ - nginx supercronic shadow su-exec && \ + nginx supercronic shadow su-exec jq && \ rm -Rf /var/cache/apk/* && \ rm -Rf /etc/nginx && \ addgroup -g ${NETALERTX_GID} ${NETALERTX_GROUP} && \ diff --git a/Dockerfile.debian b/Dockerfile.debian index d393cf9f..da41aad0 100755 --- a/Dockerfile.debian +++ b/Dockerfile.debian @@ -1,57 +1,46 @@ -# Warning - use of this unhardened image is not recommended for production use. -# This image is provided for backward compatibility, development and testing purposes only. -# For production use, please use the hardened image built with Alpine. This image attempts to -# treat a container as an operating system, which is an anti-pattern and a common source of -# security issues. -# -# The default Dockerfile/docker-compose image contains the following security improvements -# over the Debian image: -# - read-only filesystem -# - no sudo access -# - least possible permissions on all files and folders -# - Root user has all permissions revoked and is unused -# - Secure umask applied so files are owner-only by default -# - non-privileged user runs the application -# - no shell access for non-privileged users -# - no unnecessary packages or services -# - reduced capabilities -# - tmpfs for writable folders -# - healthcheck -# - no package managers -# - no compilers or build tools -# - no systemd, uses lightweight init system -# - no persistent storage except for config and db volumes -# - minimal image size due to segmented build stages -# - minimal base image (Alpine Linux) -# - minimal python environment (venv, no pip) -# - minimal stripped web server -# - minimal stripped php environment -# - minimal services (nginx, php-fpm, crond, no unnecessary services or service managers) -# - minimal users and groups (netalertx and readonly only, no others) -# - minimal permissions (read-only for most files and folders, write-only for necessary folders) -# - minimal capabilities (NET_ADMIN and NET_RAW only, no others) -# - minimal environment variables (only necessary ones, no others) -# - minimal entrypoint (only necessary commands, no others) -# - Uses the same base image as the development environmnment (Alpine Linux) -# - Uses the same services as the development environment (nginx, php-fpm, crond) -# - Uses the same environment variables as the development environment (only necessary ones, no others) -# - Uses the same file and folder structure as the development environment (only necessary ones, no others) -# NetAlertX is designed to be run as an unattended network security monitoring appliance, which means it -# should be able to operate without human intervention. Overall, the hardened image is designed to be as -# secure as possible while still being functional and is recommended because you cannot attack a surface -# that isn't there. +# Stage 1: Builder +# Install build dependencies and create virtual environment +FROM debian:bookworm-slim AS builder +ENV PYTHONUNBUFFERED=1 +ENV VIRTUAL_ENV=/opt/venv +ENV PATH="${VIRTUAL_ENV}/bin:${PATH}" -FROM debian:bookworm-slim +RUN apt-get update && apt-get install -y --no-install-recommends \ + python3 \ + python3-dev \ + python3-pip \ + python3-venv \ + gcc \ + git \ + libffi-dev \ + libssl-dev \ + rustc \ + cargo \ + && rm -rf /var/lib/apt/lists/* -#TZ=Europe/London +RUN python3 -m venv ${VIRTUAL_ENV} +ENV PATH="${VIRTUAL_ENV}/bin:${PATH}" + +COPY requirements.txt /tmp/requirements.txt +RUN pip install --upgrade pip setuptools wheel && \ + pip install --no-cache-dir -r /tmp/requirements.txt + +# Stage 2: Runner +# Main runtime stage with minimum requirements +FROM debian:bookworm-slim AS runner + +ARG INSTALL_DIR=/app +ARG NETALERTX_UID=20211 +ARG NETALERTX_GID=20211 +ARG READONLY_UID=20212 +ARG READONLY_GID=20212 -# NetAlertX app directories -ENV INSTALL_DIR=/app ENV NETALERTX_APP=${INSTALL_DIR} ENV NETALERTX_DATA=/data ENV NETALERTX_CONFIG=${NETALERTX_DATA}/config ENV NETALERTX_FRONT=${NETALERTX_APP}/front +ENV NETALERTX_PLUGINS=${NETALERTX_FRONT}/plugins ENV NETALERTX_SERVER=${NETALERTX_APP}/server ENV NETALERTX_API=/tmp/api ENV NETALERTX_DB=${NETALERTX_DATA}/db @@ -59,8 +48,8 @@ ENV NETALERTX_DB_FILE=${NETALERTX_DB}/app.db ENV NETALERTX_BACK=${NETALERTX_APP}/back ENV NETALERTX_LOG=/tmp/log ENV NETALERTX_PLUGINS_LOG=${NETALERTX_LOG}/plugins +ENV NETALERTX_CONFIG_FILE=${NETALERTX_CONFIG}/app.conf -# NetAlertX log files ENV LOG_IP_CHANGES=${NETALERTX_LOG}/IP_changes.log ENV LOG_APP=${NETALERTX_LOG}/app.log ENV LOG_APP_FRONT=${NETALERTX_LOG}/app_front.log @@ -75,102 +64,178 @@ ENV LOG_STDOUT=${NETALERTX_LOG}/stdout.log ENV LOG_CRON=${NETALERTX_LOG}/cron.log ENV LOG_NGINX_ERROR=${NETALERTX_LOG}/nginx-error.log -# System Services configuration files +ENV ENTRYPOINT_CHECKS=/entrypoint.d ENV SYSTEM_SERVICES=/services +ENV SYSTEM_SERVICES_SCRIPTS=${SYSTEM_SERVICES}/scripts ENV SYSTEM_SERVICES_CONFIG=${SYSTEM_SERVICES}/config -ENV SYSTEM_NGINIX_CONFIG=${SYSTEM_SERVICES_CONFIG}/nginx -ENV SYSTEM_NGINX_CONFIG_FILE=${SYSTEM_NGINIX_CONFIG}/nginx.conf +ENV SYSTEM_NGINX_CONFIG=${SYSTEM_SERVICES_CONFIG}/nginx +ENV SYSTEM_NGINX_CONFIG_TEMPLATE=${SYSTEM_NGINX_CONFIG}/netalertx.conf.template +ENV SYSTEM_SERVICES_CONFIG_CRON=${SYSTEM_SERVICES_CONFIG}/cron ENV SYSTEM_SERVICES_ACTIVE_CONFIG=/tmp/nginx/active-config -ENV NETALERTX_CONFIG_FILE=${NETALERTX_CONFIG}/app.conf +ENV SYSTEM_SERVICES_ACTIVE_CONFIG_FILE=${SYSTEM_SERVICES_ACTIVE_CONFIG}/nginx.conf ENV SYSTEM_SERVICES_PHP_FOLDER=${SYSTEM_SERVICES_CONFIG}/php ENV SYSTEM_SERVICES_PHP_FPM_D=${SYSTEM_SERVICES_PHP_FOLDER}/php-fpm.d -ENV SYSTEM_SERVICES_CROND=${SYSTEM_SERVICES_CONFIG}/crond ENV SYSTEM_SERVICES_RUN=/tmp/run ENV SYSTEM_SERVICES_RUN_TMP=${SYSTEM_SERVICES_RUN}/tmp ENV SYSTEM_SERVICES_RUN_LOG=${SYSTEM_SERVICES_RUN}/logs ENV PHP_FPM_CONFIG_FILE=${SYSTEM_SERVICES_PHP_FOLDER}/php-fpm.conf -#Python environment -ENV PYTHONPATH=${NETALERTX_SERVER} +ENV READ_ONLY_FOLDERS="${NETALERTX_BACK} ${NETALERTX_FRONT} ${NETALERTX_SERVER} ${SYSTEM_SERVICES} \ + ${SYSTEM_SERVICES_CONFIG} ${ENTRYPOINT_CHECKS}" +ENV READ_WRITE_FOLDERS="${NETALERTX_DATA} ${NETALERTX_CONFIG} ${NETALERTX_DB} ${NETALERTX_API} \ + ${NETALERTX_LOG} ${NETALERTX_PLUGINS_LOG} ${SYSTEM_SERVICES_RUN} \ + ${SYSTEM_SERVICES_RUN_TMP} ${SYSTEM_SERVICES_RUN_LOG} \ + ${SYSTEM_SERVICES_ACTIVE_CONFIG}" + ENV PYTHONUNBUFFERED=1 ENV VIRTUAL_ENV=/opt/venv ENV VIRTUAL_ENV_BIN=/opt/venv/bin -ENV PATH="${VIRTUAL_ENV}/bin:${PATH}:/services" -ENV VENDORSPATH=/app/back/ieee-oui.txt -ENV VENDORSPATH_NEWEST=${SYSTEM_SERVICES_RUN_TMP}/ieee-oui.txt +ENV PYTHONPATH=${NETALERTX_APP}:${NETALERTX_SERVER}:${NETALERTX_PLUGINS}:${VIRTUAL_ENV}/lib/python3.11/site-packages +ENV PATH="${SYSTEM_SERVICES}:${VIRTUAL_ENV_BIN}:$PATH" - -# App Environment ENV LISTEN_ADDR=0.0.0.0 ENV PORT=20211 ENV NETALERTX_DEBUG=0 - -#Container environment +ENV VENDORSPATH=/app/back/ieee-oui.txt +ENV VENDORSPATH_NEWEST=${SYSTEM_SERVICES_RUN_TMP}/ieee-oui.txt ENV ENVIRONMENT=debian -ENV USER=netalertx -ENV USER_ID=1000 -ENV USER_GID=1000 +ENV READ_ONLY_USER=readonly READ_ONLY_GROUP=readonly +ENV NETALERTX_USER=netalertx NETALERTX_GROUP=netalertx +ENV LANG=C.UTF-8 -# Todo, figure out why using a workdir instead of full paths don't work -# Todo, do we still need all these packages? I can already see sudo which isn't needed - - -# create pi user and group -# add root and www-data to pi group so they can r/w files and db -RUN groupadd --gid "${USER_GID}" "${USER}" && \ - useradd \ - --uid ${USER_ID} \ - --gid ${USER_GID} \ - --create-home \ - --shell /bin/bash \ - ${USER} && \ - usermod -a -G ${USER_GID} root && \ - usermod -a -G ${USER_GID} www-data - -COPY --chmod=775 --chown=${USER_ID}:${USER_GID} install/production-filesystem/ / -COPY --chmod=775 --chown=${USER_ID}:${USER_GID} . ${INSTALL_DIR}/ - - -# ❗ IMPORTANT - if you modify this file modify the /install/install_dependecies.debian.sh file as well ❗ -# hadolint ignore=DL3008,DL3027 +# Install dependencies +# Using sury.org for PHP 8.3 to match Alpine version RUN apt-get update && apt-get install -y --no-install-recommends \ - tini snmp ca-certificates curl libwww-perl arp-scan sudo gettext-base \ - nginx-light php php-cgi php-fpm php-sqlite3 php-curl sqlite3 dnsutils net-tools \ - python3 python3-dev iproute2 nmap fping python3-pip zip git systemctl usbutils traceroute nbtscan openrc \ - busybox nginx nginx-core mtr python3-venv && \ - rm -rf /var/lib/apt/lists/* - -# While php8.3 is in debian bookworm repos, php-fpm is not included so we need to add sury.org repo -# (Ondřej Surý maintains php packages for debian. This is temp until debian includes php-fpm in their -# repos. Likely it will be in Debian Trixie.). This keeps the image up-to-date with the alpine version. -# hadolint ignore=DL3008 -RUN apt-get install -y --no-install-recommends \ - apt-transport-https \ + tini \ + snmp \ ca-certificates \ + curl \ + libwww-perl \ + arp-scan \ + sudo \ + gettext-base \ + nginx-light \ + sqlite3 \ + dnsutils \ + net-tools \ + python3 \ + iproute2 \ + nmap \ + fping \ + zip \ + git \ + usbutils \ + traceroute \ + nbtscan \ lsb-release \ - wget && \ - wget -q -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg && \ - echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list && \ - apt-get update && \ - apt-get install -y --no-install-recommends php8.3-fpm php8.3-cli php8.3-sqlite3 php8.3-common php8.3-curl php8.3-cgi && \ - ln -s /usr/sbin/php-fpm8.3 /usr/sbin/php-fpm83 && \ - rm -rf /var/lib/apt/lists/* # make it compatible with alpine version + wget \ + apt-transport-https \ + gnupg2 \ + mtr \ + procps \ + gosu \ + jq \ + ipcalc \ + && wget -qO /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg \ + && echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list \ + && apt-get update \ + && apt-get install -y --no-install-recommends \ + php8.3-fpm \ + php8.3-cli \ + php8.3-sqlite3 \ + php8.3-common \ + php8.3-curl \ + && ln -s /usr/sbin/php-fpm8.3 /usr/sbin/php-fpm \ + && ln -s /usr/sbin/php-fpm8.3 /usr/sbin/php-fpm83 \ + && ln -s /usr/sbin/gosu /usr/sbin/su-exec \ + && rm -rf /var/lib/apt/lists/* -# Setup virtual python environment and use pip3 to install packages -RUN python3 -m venv ${VIRTUAL_ENV} && \ - /bin/bash -c "source ${VIRTUAL_ENV_BIN}/activate && update-alternatives --install /usr/bin/python python /usr/bin/python3 10 && pip3 install -r ${INSTALL_DIR}/requirements.txt" +# Fix permissions for /tmp BEFORE copying anything that might overwrite it with bad perms +RUN chmod 1777 /tmp -# Configure php-fpm -RUN chmod -R 755 /services && \ - chown -R ${USER}:${USER_GID} /services && \ - sed -i 's/^;listen.mode = .*/listen.mode = 0666/' ${SYSTEM_SERVICES_PHP_FPM_D}/www.conf && \ - printf "user = %s\ngroup = %s\n" "${USER}" "${USER_GID}" >> /services/config/php/php-fpm.d/www.conf +# User setup +RUN groupadd -g ${NETALERTX_GID} ${NETALERTX_GROUP} && \ + useradd -u ${NETALERTX_UID} -g ${NETALERTX_GID} -d ${NETALERTX_APP} -s /bin/bash ${NETALERTX_USER} +# Copy filesystem (excluding tmp if possible, or we just fix it after) +COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} install/production-filesystem/ / +# Re-apply sticky bit to /tmp in case COPY overwrote it +RUN chmod 1777 /tmp +COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} --chmod=755 back ${NETALERTX_BACK} +COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} --chmod=755 front ${NETALERTX_FRONT} +COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} --chmod=755 server ${NETALERTX_SERVER} -# Create a buildtimestamp.txt to later check if a new version was released -RUN date +%s > ${INSTALL_DIR}/front/buildtimestamp.txt -USER netalertx:netalertx -ENTRYPOINT ["/bin/bash","/entrypoint.sh"] +# Create required folders +RUN install -d -o ${NETALERTX_USER} -g ${NETALERTX_GROUP} -m 700 ${READ_WRITE_FOLDERS} && \ + chmod 750 /entrypoint.sh /root-entrypoint.sh +# Copy Version +COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} .[V]ERSION ${NETALERTX_APP}/.VERSION +COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} .[V]ERSION ${NETALERTX_APP}/.VERSION_PREV +# Copy venv from builder +COPY --from=builder --chown=${READONLY_UID}:${READONLY_GID} ${VIRTUAL_ENV} ${VIRTUAL_ENV} + +# Init process +RUN for vfile in .VERSION .VERSION_PREV; do \ + if [ ! -f "${NETALERTX_APP}/${vfile}" ]; then \ + echo "DEVELOPMENT 00000000" > "${NETALERTX_APP}/${vfile}"; \ + fi; \ + chown ${READONLY_UID}:${READONLY_GID} "${NETALERTX_APP}/${vfile}"; \ + done && \ + # Set capabilities for raw socket access + setcap cap_net_raw,cap_net_admin+eip /usr/bin/nmap && \ + setcap cap_net_raw,cap_net_admin+eip /usr/sbin/arp-scan && \ + setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip /usr/bin/nbtscan && \ + setcap cap_net_raw,cap_net_admin+eip /usr/bin/traceroute.db && \ + # Note: python path needs to be dynamic or verificed + # setcap cap_net_raw,cap_net_admin+eip $(readlink -f ${VIRTUAL_ENV_BIN}/python) && \ + /bin/bash /build/init-nginx.sh && \ + /bin/bash /build/init-php-fpm.sh && \ + # /bin/bash /build/init-cron.sh && \ + # Debian cron init might differ, skipping for now or need to check init-cron.sh content + # Checking init-backend.sh + /bin/bash /build/init-backend.sh && \ + rm -rf /build && \ + date +%s > "${NETALERTX_FRONT}/buildtimestamp.txt" + +ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] + +# Stage 3: Hardened +FROM runner AS hardened + +ARG NETALERTX_UID=20211 +ARG NETALERTX_GID=20211 +ARG READONLY_UID=20212 +ARG READONLY_GID=20212 +ENV READ_ONLY_USER=readonly READ_ONLY_GROUP=readonly + +# Create readonly user +RUN groupadd -g ${READONLY_GID} ${READ_ONLY_GROUP} && \ + useradd -u ${READONLY_UID} -g ${READONLY_GID} -d /app -s /usr/sbin/nologin ${READ_ONLY_USER} + +# Hardening: Remove package managers and set permissions +RUN chown -R ${READ_ONLY_USER}:${READ_ONLY_GROUP} ${READ_ONLY_FOLDERS} && \ + chmod -R 004 ${READ_ONLY_FOLDERS} && \ + find ${READ_ONLY_FOLDERS} -type d -exec chmod 005 {} + && \ + install -d -o ${NETALERTX_USER} -g ${NETALERTX_GROUP} -m 0777 ${READ_WRITE_FOLDERS} && \ + chown ${READ_ONLY_USER}:${READ_ONLY_GROUP} /entrypoint.sh /root-entrypoint.sh /app /opt /opt/venv && \ + # Permissions + chmod 005 /entrypoint.sh /root-entrypoint.sh ${SYSTEM_SERVICES}/*.sh ${SYSTEM_SERVICES_SCRIPTS}/* ${ENTRYPOINT_CHECKS}/* /app /opt /opt/venv && \ + # Cleanups + rm -f \ + "${NETALERTX_CONFIG}/app.conf" \ + "${NETALERTX_DB_FILE}" \ + "${NETALERTX_DB_FILE}-shm" \ + "${NETALERTX_DB_FILE}-wal" || true && \ + # Remove apt and sensitive files + rm -rf /var/lib/apt /var/lib/dpkg /var/cache/apt /usr/bin/apt* /usr/bin/dpkg* \ + /etc/shadow /etc/gshadow /etc/sudoers /root /home/root && \ + # Dummy sudo + printf '#!/bin/sh\n"$@"\n' > /usr/bin/sudo && chmod +x /usr/bin/sudo + +USER 0 +ENTRYPOINT ["/root-entrypoint.sh"] +HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \ + CMD /services/healthcheck.sh diff --git a/README.md b/README.md index 31832462..1bb1af9e 100755 --- a/README.md +++ b/README.md @@ -4,34 +4,43 @@ [![Discord](https://img.shields.io/discord/1274490466481602755?color=0aa8d2&logoColor=fff&logo=Discord&style=for-the-badge)](https://discord.gg/NczTUTWyRr) [![Home Assistant](https://img.shields.io/badge/Repo-blue?logo=home-assistant&style=for-the-badge&color=0aa8d2&logoColor=fff&label=Add)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons) -# NetAlertX - Network, presence scanner and alert framework +# NetAlertX - Network Visibility & Asset Intelligence Framework -Get visibility of what's going on on your WIFI/LAN network and enable presence detection of important devices. Schedule scans for devices, port changes and get alerts if unknown devices or changes are found. Write your own [Plugin](https://docs.netalertx.com/PLUGINS#readme) with auto-generated UI and in-build notification system. Build out and easily maintain your network source of truth (NSoT) and device inventory. +![main][main] -## 📋 Table of Contents +
+ 📷 Click for more screenshots -- [NetAlertX - Network, presence scanner and alert framework](#netalertx---network-presence-scanner-and-alert-framework) - - [📋 Table of Contents](#-table-of-contents) - - [🚀 Quick Start](#-quick-start) - - [📦 Features](#-features) - - [Scanners](#scanners) - - [Notification gateways](#notification-gateways) - - [Integrations and Plugins](#integrations-and-plugins) - - [Workflows](#workflows) - - [📚 Documentation](#-documentation) - - [🔐 Security \& Privacy](#-security--privacy) - - [❓ FAQ](#-faq) - - [🐞 Known Issues](#-known-issues) - - [📃 Everything else](#-everything-else) - - [📧 Get notified what's new](#-get-notified-whats-new) - - [🔀 Other Alternative Apps](#-other-alternative-apps) - - [💙 Donations](#-donations) - - [🏗 Contributors](#-contributors) - - [🌍 Translations](#-translations) - - [License](#license) + | ![Main screen][main] | ![device_details 1][device_details] | ![Screen network][network] | + |----------------------|----------------------|----------------------| + | ![presence][presence] | ![maintenance][maintenance] | ![settings][settings] | + | ![sync_hub][sync_hub] | ![report1][report1] | ![device_nmap][device_nmap] | + + Head to [https://netalertx.com/](https://netalertx.com/) for even more gifs and screenshots 📷. + +
-## 🚀 Quick Start +Centralized network visibility and continuous asset discovery. + +Monitor devices, detect change, and stay aware across distributed networks. + +NetAlertX provides a centralized "Source of Truth" (NSoT) for network infrastructure. Maintain a real-time inventory of every connected device, identify Shadow IT and unauthorized hardware to maintain regulatory compliance, and automate compliance workflows across distributed sites. + +NetAlertX is designed to bridge the gap between simple network scanning and complex SIEM tools, providing actionable insights without the overhead. + + +## Table of Contents + +- [Quick Start](#quick-start) +- [Features](#features) +- [Documentation](#documentation) +- [Security \& Privacy](#security--privacy) +- [FAQ](#faq) +- [Troubleshooting Tips](#troubleshooting-tips) +- [Everything else](#everything-else) + +## Quick Start > [!WARNING] > ⚠️ **Important:** The docker-compose has recently changed. Carefully read the [Migration guide](https://docs.netalertx.com/MIGRATION/?h=migrat#12-migration-from-netalertx-v25524) for detailed instructions. @@ -47,14 +56,14 @@ docker run -d \ --tmpfs /tmp:uid=20211,gid=20211,mode=1700 \ -e PORT=20211 \ -e APP_CONF_OVERRIDE='{"GRAPHQL_PORT":"20214"}' \ - ghcr.io/jokob-sk/netalertx:latest + ghcr.io/netalertx/netalertx:latest ``` Note: Your `/local_data_dir` should contain a `config` and `db` folder. To deploy a containerized instance directly from the source repository, execute the following BASH sequence: ```bash -git clone https://github.com/jokob-sk/NetAlertX.git +git clone https://github.com/netalertx/NetAlertX.git cd NetAlertX docker compose up --force-recreate --build # To customize: edit docker-compose.yaml and run that last command again @@ -64,31 +73,17 @@ Need help configuring it? Check the [usage guide](https://docs.netalertx.com/REA For Home Assistant users: [Click here to add NetAlertX](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons) -For other install methods, check the [installation docs](#-documentation) +For other install methods, check the [installation docs](#documentation) +--- +### || [Docker guide](https://docs.netalertx.com/DOCKER_INSTALLATION) || [Releases](https://github.com/netalertx/NetAlertX/releases) || [Docs](https://docs.netalertx.com/) || [Plugins](https://docs.netalertx.com/PLUGINS) || [Website](https://netalertx.com) +--- -| [📑 Docker guide](https://docs.netalertx.com/DOCKER_INSTALLATION) | [🚀 Releases](https://github.com/jokob-sk/NetAlertX/releases) | [📚 Docs](https://docs.netalertx.com/) | [🔌 Plugins](https://docs.netalertx.com/PLUGINS) | [🤖 Ask AI](https://gurubase.io/g/netalertx) -|----------------------| ----------------------| ----------------------| ----------------------| ----------------------| +## Features -![showcase][showcase] +### Discovery & Asset Intelligence -
- 📷 Click for more screenshots - - | ![Main screen][main] | ![device_details 1][device_details] | ![Screen network][network] | - |----------------------|----------------------|----------------------| - | ![presence][presence] | ![maintenance][maintenance] | ![settings][settings] | - | ![sync_hub][sync_hub] | ![report1][report1] | ![device_nmap][device_nmap] | - - Head to [https://netalertx.com/](https://netalertx.com/) for even more gifs and screenshots 📷. - -
- -## 📦 Features - -### Scanners - -The app scans your network for **New devices**, **New connections** (re-connections), **Disconnections**, **"Always Connected" devices down**, Devices **IP changes** and **Internet IP address changes**. Discovery & scan methods include: **arp-scan**, **Pi-hole - DB import**, **Pi-hole - DHCP leases import**, **Generic DHCP leases import**, **UNIFI controller import**, **SNMP-enabled router import**. Check the [Plugins](https://docs.netalertx.com/PLUGINS#readme) docs for a full list of avaliable plugins. +Continuous monitoring for unauthorized asset discovery, connection state changes, and IP address management (IPAM) drift. Discovery & scan methods include: **arp-scan**, **Pi-hole - DB import**, **Pi-hole - DHCP leases import**, **Generic DHCP leases import**, **UNIFI controller import**, **SNMP-enabled router import**. Check the [Plugins](https://docs.netalertx.com/PLUGINS#readme) docs for a full list of avaliable plugins. ### Notification gateways @@ -101,12 +96,14 @@ build your own scanners with the [Plugin system](https://docs.netalertx.com/PLUG ### Workflows -The [workflows module](https://docs.netalertx.com/WORKFLOWS) allows to automate repetitive tasks, making network management more efficient. Whether you need to assign newly discovered devices to a specific Network Node, auto-group devices from a given vendor, unarchive a device if detected online, or automatically delete devices, this module provides the flexibility to tailor the automations to your needs. +The [workflows module](https://docs.netalertx.com/WORKFLOWS) automates IT governance by enforcing device categorization and cleanup policies. Whether you need to assign newly discovered devices to a specific Network Node, auto-group devices from a given vendor, unarchive a device if detected online, or automatically delete devices, this module provides the flexibility to tailor the automations to your needs. -## 📚 Documentation +## Documentation +Explore all the [documentation here](https://docs.netalertx.com/) or navigate to a specific installation option below. + Supported browsers: Chrome, Firefox - [[Installation] Docker](https://docs.netalertx.com/DOCKER_INSTALLATION) @@ -117,50 +114,51 @@ Supported browsers: Chrome, Firefox - [[Development] API docs](https://docs.netalertx.com/API) - [[Development] Custom Plugins](https://docs.netalertx.com/PLUGINS_DEV) -...or explore all the [documentation here](https://docs.netalertx.com/). - -## 🔐 Security & Privacy +## Security & Privacy NetAlertX scans your local network and can store metadata about connected devices. By default, all data is stored **locally**. No information is sent to external services unless you explicitly configure notifications or integrations. -To further secure your installation: +Compliance & Hardening: - Run it behind a reverse proxy with authentication - Use firewalls to restrict access to the web UI - Regularly update to the latest version for security patches +- Role-Based Access Control (RBAC) via Reverse Proxy: Integrate with your existing SSO/Identity provider for secure dashboard access. -See [Security Best Practices](https://github.com/jokob-sk/NetAlertX/security) for more details. +See [Security Best Practices](https://github.com/netalertx/NetAlertX/security) for more details. -## ❓ FAQ +## FAQ -**Q: Why don’t I see any devices?** +**Q: How do I monitor VLANs or remote subnets?** A: Ensure the container has proper network access (e.g., use `--network host` on Linux). Also check that your scan method is properly configured in the UI. -**Q: Does this work on Wi-Fi-only devices like Raspberry Pi?** -A: Yes, but some scanners (e.g. ARP) work best on Ethernet. For Wi-Fi, try SNMP, DHCP, or Pi-hole import. +**Q: What is the recommended deployment for high-availability?** +A: We recommend deploying via Docker with persistent volume mounts for database integrity and running behind a reverse proxy for secure access. **Q: Will this send any data to the internet?** A: No. All scans and data remain local, unless you set up cloud-based notifications. **Q: Can I use this without Docker?** -A: Yes! You can install it bare-metal. See the [bare metal installation guide](https://docs.netalertx.com/HW_INSTALL). +A: You can install the application directly on your own hardware by following the [bare metal installation guide](https://docs.netalertx.com/HW_INSTALL). **Q: Where is the data stored?** A: In the `/data/config` and `/data/db` folders. Back up these folders regularly. -## 🐞 Known Issues +## Troubleshooting Tips - Some scanners (e.g. ARP) may not detect devices on different subnets. See the [Remote networks guide](https://docs.netalertx.com/REMOTE_NETWORKS) for workarounds. - Wi-Fi-only networks may require alternate scanners for accurate detection. - Notification throttling may be needed for large networks to prevent spam. - On some systems, elevated permissions (like `CAP_NET_RAW`) may be needed for low-level scanning. -Check the [GitHub Issues](https://github.com/jokob-sk/NetAlertX/issues) for the latest bug reports and solutions and consult [the official documentation](https://docs.netalertx.com/). +Check the [GitHub Issues](https://github.com/netalertx/NetAlertX/issues) for the latest bug reports and solutions and consult [the official documentation](https://docs.netalertx.com/). -## 📃 Everything else +## Everything else +jokob-sk%2FNetAlertX | Trendshift + ### 📧 Get notified what's new Get notified about a new release, what new functionality you can use and about breaking changes. @@ -169,10 +167,10 @@ Get notified about a new release, what new functionality you can use and about b ### 🔀 Other Alternative Apps -- [PiAlert by leiweibau](https://github.com/leiweibau/Pi.Alert/) (maintained, bare-metal install) -- [WatchYourLAN](https://github.com/aceberg/WatchYourLAN) - Lightweight network IP scanner with web GUI (Open source) - [Fing](https://www.fing.com/) - Network scanner app for your Internet security (Commercial, Phone App, Proprietary hardware) - [NetBox](https://netboxlabs.com/) - Network management software (Commercial) +- [Zabbix](https://www.zabbix.com/) or [Nagios](https://www.nagios.org/) - Strong focus on infrastructure monitoring. +- [NetAlertX](https://netalertx.com) - The streamlined, discovery-focused alternative for real-time asset intelligence. ### 💙 Donations @@ -183,9 +181,8 @@ Thank you to everyone who appreciates this tool and donates.
- | [![GitHub](https://i.imgur.com/emsRCPh.png)](https://github.com/sponsors/jokob-sk) | [![Buy Me A Coffee](https://i.imgur.com/pIM6YXL.png)](https://www.buymeacoffee.com/jokobsk) | [![Patreon](https://i.imgur.com/MuYsrq1.png)](https://www.patreon.com/user?u=84385063) | -| --- | --- | --- | - + | [![GitHub](https://i.imgur.com/emsRCPh.png)](https://github.com/sponsors/jokob-sk) | [![Buy Me A Coffee](https://i.imgur.com/pIM6YXL.png)](https://www.buymeacoffee.com/jokobsk) | + | --- | --- | - Bitcoin: `1N8tupjeCK12qRVU2XrV17WvKK7LCawyZM` - Ethereum: `0x6e2749Cb42F4411bc98501406BdcD82244e3f9C7` @@ -197,7 +194,7 @@ Thank you to everyone who appreciates this tool and donates. This project would be nothing without the amazing work of the community, with special thanks to: -> [pucherot/Pi.Alert](https://github.com/pucherot/Pi.Alert) (the original creator of PiAlert), [leiweibau](https://github.com/leiweibau/Pi.Alert): Dark mode (and much more), [Macleykun](https://github.com/Macleykun) (Help with Dockerfile clean-up), [vladaurosh](https://github.com/vladaurosh) for Alpine re-base help, [Final-Hawk](https://github.com/Final-Hawk) (Help with NTFY, styling and other fixes), [TeroRERO](https://github.com/terorero) (Spanish translations), [Data-Monkey](https://github.com/Data-Monkey), (Split-up of the python.py file and more), [cvc90](https://github.com/cvc90) (Spanish translation and various UI work) to name a few. Check out all the [amazing contributors](https://github.com/jokob-sk/NetAlertX/graphs/contributors). +> [pucherot/Pi.Alert](https://github.com/pucherot/Pi.Alert) (the original creator of PiAlert), [leiweibau](https://github.com/leiweibau/Pi.Alert): Dark mode (and much more), [Macleykun](https://github.com/Macleykun) (Help with Dockerfile clean-up), [vladaurosh](https://github.com/vladaurosh) for Alpine re-base help, [Final-Hawk](https://github.com/Final-Hawk) (Help with NTFY, styling and other fixes), [TeroRERO](https://github.com/terorero) (Spanish translations), [Data-Monkey](https://github.com/Data-Monkey), (Split-up of the python.py file and more), [cvc90](https://github.com/cvc90) (Spanish translation and various UI work) to name a few. Check out all the [amazing contributors](https://github.com/netalertx/NetAlertX/graphs/contributors). ### 🌍 Translations @@ -223,7 +220,7 @@ Proudly using [Weblate](https://hosted.weblate.org/projects/pialert/). Help out [sync_hub]: ./docs/img/sync_hub.png "Screen 8" [notification_center]: ./docs/img/notification_center.png "Screen 8" [sent_reports_text]: ./docs/img/sent_reports_text.png "Screen 8" -[device_nmap]: ./docs/img/device_nmap.png "Screen 9" +[device_nmap]: ./docs/img/device_tools.png "Screen 9" [report1]: ./docs/img/report_sample.png "Report sample 1" [main_dark]: /docs/img/1_devices_dark.jpg "Main screen dark" [maintain_dark]: /docs/img/5_maintain.jpg "Maintain screen dark" diff --git a/back/app.conf b/back/app.conf index d0281eaa..9c1bbfe9 100755 --- a/back/app.conf +++ b/back/app.conf @@ -16,7 +16,7 @@ # # Scan multiple interfaces (eth1 and eth0): # SCAN_SUBNETS = [ '192.168.1.0/24 --interface=eth1', '192.168.1.0/24 --interface=eth0' ] - +BACKEND_API_URL='/server' DISCOVER_PLUGINS=True SCAN_SUBNETS=['--localnet'] TIMEZONE='Europe/Berlin' @@ -100,6 +100,8 @@ MQTT_PASSWORD='passw0rd' MQTT_QOS=0 MQTT_DELAY_SEC=2 +GRAPHQL_PORT=20212 + #-------------------IMPORTANT INFO-------------------# # This file is ingested by a python script, so if # diff --git a/back/app.sql b/back/app.sql index 3cee67d4..ce49d3fc 100755 --- a/back/app.sql +++ b/back/app.sql @@ -150,21 +150,21 @@ CREATE TABLE Plugins_Language_Strings( PRIMARY KEY("Index" AUTOINCREMENT) ); CREATE TABLE CurrentScan ( - cur_MAC STRING(50) NOT NULL COLLATE NOCASE, - cur_IP STRING(50) NOT NULL COLLATE NOCASE, - cur_Vendor STRING(250), - cur_ScanMethod STRING(10), - cur_Name STRING(250), - cur_LastQuery STRING(250), - cur_DateTime STRING(250), - cur_SyncHubNodeName STRING(50), - cur_NetworkSite STRING(250), - cur_SSID STRING(250), - cur_devVlan STRING(250), - cur_NetworkNodeMAC STRING(250), - cur_PORT STRING(250), - cur_Type STRING(250), - UNIQUE(cur_MAC) + scanMac STRING(50) NOT NULL COLLATE NOCASE, + scanLastIP STRING(50) NOT NULL COLLATE NOCASE, + scanVendor STRING(250), + scanSourcePlugin STRING(10), + scanName STRING(250), + scanLastQuery STRING(250), + scanLastConnection STRING(250), + scanSyncHubNode STRING(50), + scanSite STRING(250), + scanSSID STRING(250), + scanVlan STRING(250), + scanParentMAC STRING(250), + scanParentPort STRING(250), + scanType STRING(250), + UNIQUE(scanMac) ); CREATE TABLE IF NOT EXISTS "AppEvents" ( "Index" INTEGER PRIMARY KEY AUTOINCREMENT, @@ -237,9 +237,9 @@ CREATE VIEW LatestEventsPerMAC AS c.* FROM RankedEvents AS e LEFT JOIN Devices AS d ON e.eve_MAC = d.devMac - INNER JOIN CurrentScan AS c ON e.eve_MAC = c.cur_MAC + INNER JOIN CurrentScan AS c ON e.eve_MAC = c.scanMac WHERE e.row_num = 1 -/* LatestEventsPerMAC(eve_MAC,eve_IP,eve_DateTime,eve_EventType,eve_AdditionalInfo,eve_PendingAlertEmail,eve_PairEventRowid,row_num,devMac,devName,devOwner,devType,devVendor,devFavorite,devGroup,devComments,devFirstConnection,devLastConnection,devLastIP,devStaticIP,devScan,devLogEvents,devAlertEvents,devAlertDown,devSkipRepeated,devLastNotification,devPresentLastScan,devIsNew,devLocation,devIsArchived,devParentMAC,devParentPort,devIcon,devGUID,devSite,devSSID,devSyncHubNode,devSourcePlugin,devCustomProps,cur_MAC,cur_IP,cur_Vendor,cur_ScanMethod,cur_Name,cur_LastQuery,cur_DateTime,cur_SyncHubNodeName,cur_NetworkSite,cur_SSID,cur_NetworkNodeMAC,cur_PORT,cur_Type) */; +/* LatestEventsPerMAC(eve_MAC,eve_IP,eve_DateTime,eve_EventType,eve_AdditionalInfo,eve_PendingAlertEmail,eve_PairEventRowid,row_num,devMac,devName,devOwner,devType,devVendor,devFavorite,devGroup,devComments,devFirstConnection,devLastConnection,devLastIP,devStaticIP,devScan,devLogEvents,devAlertEvents,devAlertDown,devSkipRepeated,devLastNotification,devPresentLastScan,devIsNew,devLocation,devIsArchived,devParentMAC,devParentPort,devIcon,devGUID,devSite,devSSID,devSyncHubNode,devSourcePlugin,devCustomProps,scanMac,scanLastIP,scanVendor,scanSourcePlugin,scanName,scanLastQuery,scanLastConnection,scanSyncHubNode,scanSite,scanSSID,scanParentMAC,scanParentPort,scanType) */; CREATE VIEW Sessions_Devices AS SELECT * FROM Sessions LEFT JOIN "Devices" ON ses_MAC = devMac /* Sessions_Devices(ses_MAC,ses_IP,ses_EventTypeConnection,ses_DateTimeConnection,ses_EventTypeDisconnection,ses_DateTimeDisconnection,ses_StillConnected,ses_AdditionalInfo,devMac,devName,devOwner,devType,devVendor,devFavorite,devGroup,devComments,devFirstConnection,devLastConnection,devLastIP,devStaticIP,devScan,devLogEvents,devAlertEvents,devAlertDown,devSkipRepeated,devLastNotification,devPresentLastScan,devIsNew,devLocation,devIsArchived,devParentMAC,devParentPort,devIcon,devGUID,devSite,devSSID,devSyncHubNode,devSourcePlugin,devCustomProps) */; CREATE VIEW Convert_Events_to_Sessions AS SELECT EVE1.eve_MAC, diff --git a/back/device_heuristics_rules.json b/back/device_heuristics_rules.json index 419c3da1..783ca333 100755 --- a/back/device_heuristics_rules.json +++ b/back/device_heuristics_rules.json @@ -5,7 +5,64 @@ "matching_pattern": [ { "mac_prefix": "INTERNET", "vendor": "" } ], - "name_pattern": [] + "name_pattern": [], + "ip_pattern": [ + "^192\\.168\\.1\\.1$", + "^192\\.168\\.0\\.1$", + "^10\\.0\\.0\\.1$" + ] + }, + { + "dev_type": "Smart Switch", + "icon_html": "", + "matching_pattern": [ + { "mac_prefix": "003192", "vendor": "TP-Link" }, + { "mac_prefix": "50C7BF", "vendor": "TP-Link" }, + { "mac_prefix": "B04E26", "vendor": "TP-Link" } + ], + "name_pattern": ["hs200", "hs210", "hs220", "ks230", "smart switch", "light switch", "wall switch"] + }, + { + "dev_type": "Smart Plug", + "icon_html": "", + "matching_pattern": [ + { "mac_prefix": "2887BA", "vendor": "TP-Link" } + ], + "name_pattern": ["kp115", "hs100", "hs103", "hs105", "smart plug", "outlet", "plug"] + }, + { + "dev_type": "Smart Speaker", + "icon_html": "", + "matching_pattern": [ + { "mac_prefix": "14C14E", "vendor": "Google" }, + { "mac_prefix": "44650D", "vendor": "Amazon" }, + { "mac_prefix": "74ACB9", "vendor": "Google" } + ], + "name_pattern": ["echo", "alexa", "dot", "nest-audio", "nest-mini", "google-home"] + }, + { + "dev_type": "Smart Appliance", + "icon_html": "", + "matching_pattern": [ + { "mac_prefix": "446FF8", "vendor": "Dyson" } + ], + "name_pattern": ["dyson", "purifier", "humidifier", "fan"] + }, + { + "dev_type": "Smart Home", + "icon_html": "", + "matching_pattern": [], + "name_pattern": ["google", "chromecast", "nest", "hub"] + }, + { + "dev_type": "Phone", + "icon_html": "", + "matching_pattern": [ + { "mac_prefix": "001A79", "vendor": "Apple" }, + { "mac_prefix": "B0BE83", "vendor": "Samsung" }, + { "mac_prefix": "BC926B", "vendor": "Motorola" } + ], + "name_pattern": ["iphone", "ipad", "pixel", "galaxy", "redmi", "android", "samsung"] }, { "dev_type": "Access Point", @@ -16,24 +73,7 @@ { "mac_prefix": "F4F5D8", "vendor": "TP-Link" }, { "mac_prefix": "F88E85", "vendor": "Netgear" } ], - "name_pattern": ["router", "gateway", "ap", "access point", "access-point", "switch"] - }, - { - "dev_type": "Phone", - "icon_html": "", - "matching_pattern": [ - { "mac_prefix": "001A79", "vendor": "Apple" }, - { "mac_prefix": "B0BE83", "vendor": "Samsung" }, - { "mac_prefix": "BC926B", "vendor": "Motorola" } - ], - "name_pattern": ["iphone", "ipad", "pixel", "galaxy", "redmi"] - }, - { - "dev_type": "Phone", - "icon_html": "", - "matching_pattern": [ - ], - "name_pattern": ["android","samsung"] + "name_pattern": ["router", "gateway", "ap", "access point", "access-point", "switch", "sg105", "sg108", "managed switch", "unmanaged switch", "poe switch", "ethernet switch"] }, { "dev_type": "Tablet", @@ -43,25 +83,19 @@ { "mac_prefix": "BC4C4C", "vendor": "Samsung" } ], "name_pattern": ["tablet", "pad"] - }, - { - "dev_type": "IoT", - "icon_html": "", - "matching_pattern": [ - { "mac_prefix": "B827EB", "vendor": "Raspberry Pi" }, - { "mac_prefix": "DCA632", "vendor": "Raspberry Pi" } - ], - "name_pattern": ["raspberry", "pi"] }, { "dev_type": "IoT", "icon_html": "", "matching_pattern": [ + { "mac_prefix": "B827EB", "vendor": "Raspberry Pi" }, + { "mac_prefix": "DCA632", "vendor": "Raspberry Pi" }, { "mac_prefix": "840D8E", "vendor": "Espressif" }, { "mac_prefix": "ECFABC", "vendor": "Espressif" }, - { "mac_prefix": "7C9EBD", "vendor": "Espressif" } + { "mac_prefix": "7C9EBD", "vendor": "Espressif" }, + { "mac_prefix": "286DCD", "vendor": "Beijing Winner Microelectronics" } ], - "name_pattern": ["raspberry", "pi"] + "name_pattern": ["raspberry", "pi", "thingsturn", "w600", "w601"] }, { "dev_type": "Desktop", @@ -69,9 +103,11 @@ "matching_pattern": [ { "mac_prefix": "001422", "vendor": "Dell" }, { "mac_prefix": "001874", "vendor": "Lenovo" }, - { "mac_prefix": "00E04C", "vendor": "Hewlett Packard" } + { "mac_prefix": "00E04C", "vendor": "Hewlett Packard" }, + { "mac_prefix": "F44D30", "vendor": "Elitegroup Computer Systems" }, + { "mac_prefix": "1C697A", "vendor": "Elitegroup Computer Systems" } ], - "name_pattern": ["desktop", "pc", "computer"] + "name_pattern": ["desktop", "pc", "computer", "liva", "ecs"] }, { "dev_type": "Laptop", @@ -80,9 +116,10 @@ { "mac_prefix": "3C0754", "vendor": "HP" }, { "mac_prefix": "0017A4", "vendor": "Dell" }, { "mac_prefix": "F4CE46", "vendor": "Lenovo" }, - { "mac_prefix": "409F38", "vendor": "Acer" } + { "mac_prefix": "409F38", "vendor": "Acer" }, + { "mac_prefix": "9CB6D0", "vendor": "Rivet Networks" } ], - "name_pattern": ["macbook", "imac", "laptop", "notebook"] + "name_pattern": ["macbook", "imac", "laptop", "notebook", "alienware", "razer", "msi"] }, { "dev_type": "Server", @@ -123,9 +160,10 @@ "matching_pattern": [ { "mac_prefix": "001FA7", "vendor": "Sony" }, { "mac_prefix": "7C04D0", "vendor": "Nintendo" }, - { "mac_prefix": "EC26CA", "vendor": "Sony" } + { "mac_prefix": "EC26CA", "vendor": "Sony" }, + { "mac_prefix": "48B02D", "vendor": "NVIDIA" } ], - "name_pattern": ["playstation", "xbox"] + "name_pattern": ["playstation", "xbox", "shield", "nvidia"] }, { "dev_type": "Camera", @@ -138,15 +176,6 @@ ], "name_pattern": ["camera", "cam", "webcam"] }, - { - "dev_type": "Smart Speaker", - "icon_html": "", - "matching_pattern": [ - { "mac_prefix": "44650D", "vendor": "Amazon" }, - { "mac_prefix": "74ACB9", "vendor": "Google" } - ], - "name_pattern": ["echo", "alexa", "dot"] - }, { "dev_type": "Router", "icon_html": "", @@ -154,23 +183,13 @@ { "mac_prefix": "000C29", "vendor": "Cisco" }, { "mac_prefix": "00155D", "vendor": "MikroTik" } ], - "name_pattern": ["router", "gateway", "ap", "access point", "access-point"], - "ip_pattern": [ - "^192\\.168\\.[0-1]\\.1$", - "^10\\.0\\.0\\.1$" - ] + "name_pattern": ["router", "gateway", "ap", "access point"] }, { "dev_type": "Smart Light", "icon_html": "", "matching_pattern": [], - "name_pattern": ["hue", "lifx", "bulb"] - }, - { - "dev_type": "Smart Home", - "icon_html": "", - "matching_pattern": [], - "name_pattern": ["google", "chromecast", "nest"] + "name_pattern": ["hue", "lifx", "bulb", "light"] }, { "dev_type": "Smartwatch", @@ -187,14 +206,9 @@ { "dev_type": "Security Device", "icon_html": "", - "matching_pattern": [], - "name_pattern": ["doorbell", "lock", "security"] - }, - { - "dev_type": "Smart Light", - "icon_html": "", "matching_pattern": [ + { "mac_prefix": "047BCB", "vendor": "Universal Global Scientific" } ], - "name_pattern": ["light","bulb"] + "name_pattern": ["doorbell", "lock", "security", "mmd-", "ring"] } -] +] \ No newline at end of file diff --git a/docs/API.md b/docs/API.md index 8a11403d..3135b9d9 100755 --- a/docs/API.md +++ b/docs/API.md @@ -23,6 +23,8 @@ curl 'http://host:GRAPHQL_PORT/graphql' \ The API server runs on `0.0.0.0:` with **CORS enabled** for all main endpoints. +CORS configuration: You can limit allowed CORS origins with the `CORS_ORIGINS` environment variable. Set it to a comma-separated list of origins (for example: `CORS_ORIGINS="https://example.com,http://localhost:3000"`). The server parses this list at startup and only allows origins that begin with `http://` or `https://`. If `CORS_ORIGINS` is unset or parses to an empty list, the API falls back to a safe development default list (localhosts) and will include `*` as a last-resort permissive origin. + --- ## Authentication @@ -57,6 +59,10 @@ http://:/ ## Endpoints +> [!NOTE] +> You can explore the API endpoints by using the interactive API docs at `http://:/docs`. +> ![API docs](./img/API/API_docs.png) + > [!TIP] > When retrieving devices or settings try using the GraphQL API endpoint first as it is read-optimized. @@ -76,6 +82,7 @@ http://:/ * [Sync](API_SYNC.md) – Synchronization between multiple NetAlertX instances * [Logs](API_LOGS.md) – Purging of logs and adding to the event execution queue for user triggered events * [DB query](API_DBQUERY.md) (⚠ Internal) - Low level database access - use other endpoints if possible +* `/server` (⚠ Internal) - Backend server endpoint for internal communication only - **do not use directly** ### MCP Server Bridge diff --git a/docs/API_DEVICE_FIELD_LOCK.md b/docs/API_DEVICE_FIELD_LOCK.md index 5819301e..61180cf7 100644 --- a/docs/API_DEVICE_FIELD_LOCK.md +++ b/docs/API_DEVICE_FIELD_LOCK.md @@ -138,36 +138,6 @@ The Device Edit form displays lock/unlock buttons for all tracked fields: 2. **Unlock Button** (🔓): Click to allow plugin overwrites again 3. **Source Indicator**: Shows current field source (USER, LOCKED, NEWDEV, or plugin name) -## UI Workflow - -### Locking a Field via UI - -1. Navigate to Device Details -2. Find the field you want to protect -3. Click the lock button (🔒) next to the field -4. Button changes to unlock (🔓) and source indicator turns red (LOCKED) -5. Field is now protected from plugin overwrites - -### Unlocking a Field via UI - -1. Find the locked field (button shows 🔓) -2. Click the unlock button -3. Button changes back to lock (🔒) and source resets to NEWDEV -4. Plugins can now update this field again - -## Authorization - -All lock/unlock operations require: -- Valid API token in `Authorization: Bearer {token}` header -- User must be authenticated to the NetAlertX instance - -## Implementation Details - -### Backend Logic -The lock/unlock feature is implemented in: -- **API Endpoint**: `/server/api_server/api_server_start.py` - `api_device_field_lock()` -- **Data Model**: `/server/models/device_instance.py` - Authorization checks in `setDeviceData()` -- **Database**: Devices table with `*Source` columns tracking field origins ### Authorization Handler @@ -179,6 +149,9 @@ The authoritative field update logic prevents plugin overwrites: 4. If source is `NEWDEV` or plugin name, plugin update is accepted ## See Also + +- [Device locking](./DEVICE_FIELD_LOCK.md) +- [Device source fields](./DEVICE_SOURCE_FIELDS.md) - [API Device Endpoints Documentation](./API_DEVICE.md) - [Authoritative Field Updates System](./PLUGINS_DEV.md#authoritative-fields) - [Plugin Configuration Reference](./PLUGINS_DEV_CONFIG.md) diff --git a/docs/API_MCP.md b/docs/API_MCP.md index 6ab19c4b..387facef 100644 --- a/docs/API_MCP.md +++ b/docs/API_MCP.md @@ -31,11 +31,6 @@ graph TB D -->|Response Data| C C -->|JSON Response| B B -->|Stream Events| A - - style A fill:#e1f5fe - style B fill:#f3e5f5 - style C fill:#fff3e0 - style D fill:#e8f5e8 ``` ### MCP Tool Integration @@ -54,7 +49,7 @@ sequenceDiagram API-->>MCP: 5. Available tools spec MCP-->>AI: 6. Tool definitions AI->>MCP: 7. tools/call: search_devices - MCP->>API: 8. POST /mcp/sse/devices/search + MCP->>API: 8. POST /devices/search API->>DB: 9. Query devices DB-->>API: 10. Device data API-->>MCP: 11. JSON response @@ -77,9 +72,9 @@ graph LR end subgraph "NetAlertX API Server (:20211)" - F[Device APIs
/mcp/sse/devices/*] - G[Network Tools
/mcp/sse/nettools/*] - H[Events API
/mcp/sse/events/*] + F[Device APIs
/devices/*] + G[Network Tools
/nettools/*] + H[Events API
/events/*] end subgraph "Backend" @@ -98,15 +93,6 @@ graph LR F --> I G --> J H --> I - - style A fill:#e1f5fe - style B fill:#e1f5fe - style C fill:#f3e5f5 - style D fill:#f3e5f5 - style E fill:#f3e5f5 - style F fill:#fff3e0 - style G fill:#fff3e0 - style H fill:#fff3e0 ``` --- @@ -196,27 +182,28 @@ eventSource.onmessage = function(event) { | Tool | Endpoint | Description | |------|----------|-------------| -| `list_devices` | `/mcp/sse/devices/by-status` | List devices by online status | -| `get_device_info` | `/mcp/sse/device/` | Get detailed device information | -| `search_devices` | `/mcp/sse/devices/search` | Search devices by MAC, name, or IP | -| `get_latest_device` | `/mcp/sse/devices/latest` | Get most recently connected device | -| `set_device_alias` | `/mcp/sse/device//set-alias` | Set device friendly name | +| `list_devices` | `/devices/by-status` | List devices by online status | +| `get_device_info` | `/device/{mac}` | Get detailed device information | +| `search_devices` | `/devices/search` | Search devices by MAC, name, or IP | +| `get_latest_device` | `/devices/latest` | Get most recently connected device | +| `set_device_alias` | `/device/{mac}/set-alias` | Set device friendly name | ### Network Tools | Tool | Endpoint | Description | |------|----------|-------------| -| `trigger_scan` | `/mcp/sse/nettools/trigger-scan` | Trigger network discovery scan | -| `get_open_ports` | `/mcp/sse/device/open_ports` | Get stored NMAP open ports for device | -| `wol_wake_device` | `/mcp/sse/nettools/wakeonlan` | Wake device using Wake-on-LAN | -| `get_network_topology` | `/mcp/sse/devices/network/topology` | Get network topology map | +| `trigger_scan` | `/nettools/trigger-scan` | Trigger network discovery scan to find new devices. | +| `run_nmap_scan` | `/nettools/nmap` | Perform NMAP scan on a target to identify open ports. | +| `get_open_ports` | `/device/open_ports` | Get stored NMAP open ports. Use `run_nmap_scan` first if empty. | +| `wol_wake_device` | `/nettools/wakeonlan` | Wake device using Wake-on-LAN | +| `get_network_topology` | `/devices/network/topology` | Get network topology map | ### Event & Monitoring Tools | Tool | Endpoint | Description | |------|----------|-------------| -| `get_recent_alerts` | `/mcp/sse/events/recent` | Get events from last 24 hours | -| `get_last_events` | `/mcp/sse/events/last` | Get 10 most recent events | +| `get_recent_alerts` | `/events/recent` | Get events from last 24 hours | +| `get_last_events` | `/events/last` | Get 10 most recent events | --- diff --git a/docs/BACKUPS.md b/docs/BACKUPS.md index 7b26ce3d..79a40e0b 100755 --- a/docs/BACKUPS.md +++ b/docs/BACKUPS.md @@ -2,7 +2,7 @@ > [!NOTE] > To back up 99% of your configuration, back up at least the `/data/config` folder. -> Database definitions can change between releases, so the safest method is to restore backups using the **same app version** they were taken from, then upgrade incrementally. +> Database definitions can change between releases, so the safest method is to restore backups using the **same app version** they were taken from, then upgrade incrementally by following the [Migration documentation](./MIGRATION.md). --- diff --git a/docs/COMMON_ISSUES.md b/docs/COMMON_ISSUES.md index d270f5a3..1bbb05fa 100755 --- a/docs/COMMON_ISSUES.md +++ b/docs/COMMON_ISSUES.md @@ -120,3 +120,23 @@ With `ARPSCAN` scans some devices might flip IP addresses after each scan trigge See how to prevent IP flipping in the [ARPSCAN plugin guide](/front/plugins/arp_scan/README.md). Alternatively adjust your [notification settings](./NOTIFICATIONS.md) to prevent false positives by filtering out events or devices. + +#### Multiple NICs on Same Host Reporting Same IP + +On systems with multiple NICs (like a Proxmox server), each NIC has its own MAC address. Sometimes NetAlertX can incorrectly assign the same IP to all NICs, causing false device mappings. This is due to the way ARP responses are handled by the OS and cannot be overridden directly in NetAlertX. + +**Resolution (Linux-based systems, e.g., Proxmox):** + +Run the following commands on the host to fix ARP behavior: + +```bash +sudo sysctl -w net.ipv4.conf.all.arp_ignore=1 +sudo sysctl -w net.ipv4.conf.all.arp_announce=2 +``` + +This ensures each NIC responds correctly to ARP requests and prevents NetAlertX from misassigning IPs. + +> For setups with multiple interfaces on the same switch, consider [workflows](./WORKFLOWS.md), [device exclusions](./NOTIFICATIONS.md), or [dummy devices](./DEVICE_MANAGEMENT.md) as additional workarounds. +> See [Feature Requests](https://github.com/netalertx/netalertx/issues) for reporting edge cases. + + diff --git a/docs/DEBUG_PLUGINS.md b/docs/DEBUG_PLUGINS.md index 96af4cb0..947eee0d 100755 --- a/docs/DEBUG_PLUGINS.md +++ b/docs/DEBUG_PLUGINS.md @@ -1,7 +1,7 @@ # Troubleshooting plugins > [!TIP] -> Before troubleshooting, please ensure you have the right [Debugging and LOG_LEVEL set](./DEBUG_TIPS.md). +> Before troubleshooting, please ensure you have the right [Debugging and LOG_LEVEL set](./DEBUG_TIPS.md) in Settings. ## High-level overview @@ -22,10 +22,25 @@ For a more in-depth overview on how plugins work check the [Plugins development #### Incorrect input data -Input data from the plugin might cause mapping issues in specific edge cases. Look for a corresponding section in the `app.log` file, for example notice the first line of the execution run of the `PIHOLE` plugin below: +Input data from the plugin might cause mapping issues in specific edge cases. Look for a corresponding section in the `app.log` file, and search for `[Scheduler] run for PLUGINNAME: YES`, so for ICMP you would look for `[Scheduler] run for ICMP: YES`. You can find examples of useful logs below. If your issue is related to a plugin, and you don't include a log section with this data, we can't help you to resolve your issue. + +##### ICMP log example ``` -17:31:05 [Scheduler] - Scheduler run for PIHOLE: YES +20:39:04 [Scheduler] run for ICMP: YES +20:39:04 [ICMP] fping skipping 192.168.1.124 : [2], timed out (NaN avg, 100% loss) +20:39:04 [ICMP] adding 192.168.1.123 from 192.168.1.123 : [2], 64 bytes, 20.1 ms (8.22 avg, 0% loss) +20:39:04 [ICMP] fping skipping 192.168.1.157 : [1], timed out (NaN avg, 100% loss) +20:39:04 [ICMP] adding 192.168.1.79 from 192.168.1.79 : [2], 64 bytes, 48.3 ms (60.9 avg, 0% loss) +20:39:04 [ICMP] fping skipping 192.168.1.128 : [2], timed out (NaN avg, 100% loss) +20:39:04 [ICMP] fping skipping 192.168.1.129 : [2], timed out (NaN avg, 100% loss) +``` + + +##### PIHOLE log example + +``` +17:31:05 [Scheduler] run for PIHOLE: YES 17:31:05 [Plugin utils] --------------------------------------------- 17:31:05 [Plugin utils] display_name: PiHole (Device sync) 17:31:05 [Plugins] CMD: SELECT n.hwaddr AS Object_PrimaryID, {s-quote}null{s-quote} AS Object_SecondaryID, datetime() AS DateTime, na.ip AS Watched_Value1, n.lastQuery AS Watched_Value2, na.name AS Watched_Value3, n.macVendor AS Watched_Value4, {s-quote}null{s-quote} AS Extra, n.hwaddr AS ForeignKey FROM EXTERNAL_PIHOLE.Network AS n LEFT JOIN EXTERNAL_PIHOLE.Network_Addresses AS na ON na.network_id = n.id WHERE n.hwaddr NOT LIKE {s-quote}ip-%{s-quote} AND n.hwaddr is not {s-quote}00:00:00:00:00:00{s-quote} AND na.ip is not null @@ -54,13 +69,13 @@ Input data from the plugin might cause mapping issues in specific edge cases. Lo 17:31:05 [Plugin utils] In pluginObjects there are 2 events with the status "missing-in-last-scan" 17:31:05 [Plugin utils] In pluginObjects there are 2 events with the status "watched-not-changed" 17:31:05 [Plugins] Mapping objects to database table: CurrentScan -17:31:05 [Plugins] SQL query for mapping: INSERT into CurrentScan ( "cur_MAC", "cur_IP", "cur_LastQuery", "cur_Name", "cur_Vendor", "cur_ScanMethod") VALUES ( ?, ?, ?, ?, ?, ?) +17:31:05 [Plugins] SQL query for mapping: INSERT into CurrentScan ( "scanMac", "scanLastIP", "scanLastQuery", "scanName", "scanVendor", "scanSourcePlugin") VALUES ( ?, ?, ?, ?, ?, ?) 17:31:05 [Plugins] SQL sqlParams for mapping: [('01:01:01:01:01:01', '172.30.0.1', 0, 'aaaa', 'vvvvvvvvv', 'PIHOLE'), ('02:42:ac:1e:00:02', '172.30.0.2', 0, 'dddd', 'vvvvv2222', 'PIHOLE')] 🔺 17:31:05 [API] Update API starting 17:31:06 [API] Updating table_plugins_history.json file in /api ``` - +> [!NOTE] > The debug output between the 🔻red arrows🔺 is important for debugging (arrows added only to highlight the section on this page, they are not available in the actual debug log) In the above output notice the section logging how many events are produced by the plugin: @@ -80,12 +95,11 @@ These values, if formatted correctly, will also show up in the UI: ![Plugins table](./img/DEBUG_PLUGINS/plugin_objects_pihole.png) - ### Sharing application state Sometimes specific log sections are needed to debug issues. The Devices and CurrentScan table data is sometimes needed to figure out what's wrong. -1. Please set `LOG_LEVEL` to `trace` (Disable it once you have the info as this produces big log files). +1. Please set `LOG_LEVEL` to `trace` in the Settings (Disable it once you have the info as this produces big log files). 2. Wait for the issue to occur. 3. Search for `================ DEVICES table content ================` in your logs. 4. Search for `================ CurrentScan table content ================` in your logs. diff --git a/docs/DEBUG_TIPS.md b/docs/DEBUG_TIPS.md index 1a439eab..0228ff00 100755 --- a/docs/DEBUG_TIPS.md +++ b/docs/DEBUG_TIPS.md @@ -21,7 +21,7 @@ docker run \ --tmpfs /tmp:uid=20211,gid=20211,mode=1700 \ -e PORT=20211 \ -e APP_CONF_OVERRIDE='{"GRAPHQL_PORT":"20214"}' \ - ghcr.io/jokob-sk/netalertx:latest + ghcr.io/netalertx/netalertx:latest ``` @@ -34,7 +34,7 @@ Note: Your `/local_data_dir` should contain a `config` and `db` folder. If possible, check if your issue got fixed in the `_dev` image before opening a new issue. The container is: -`ghcr.io/jokob-sk/netalertx-dev:latest` +`ghcr.io/netalertx/netalertx-dev:latest` > ⚠ Please backup your DB and config beforehand! diff --git a/docs/QUICK_REFERENCE_FIELD_LOCK.md b/docs/DEVICE_FIELD_LOCK.md similarity index 81% rename from docs/QUICK_REFERENCE_FIELD_LOCK.md rename to docs/DEVICE_FIELD_LOCK.md index 05144428..47369c57 100644 --- a/docs/QUICK_REFERENCE_FIELD_LOCK.md +++ b/docs/DEVICE_FIELD_LOCK.md @@ -1,6 +1,8 @@ # Quick Reference Guide - Device Field Lock/Unlock System -## One-Minute Overview +## Overview + +![Field source and locks](./img/DEVICE_MANAGEMENT/field_sources_and_locks.png) The device field lock/unlock system allows you to protect specific device fields from being automatically overwritten by scanning plugins. When you lock a field, NetAlertX remembers your choice and prevents plugins from changing that value until you unlock it. @@ -10,14 +12,19 @@ The device field lock/unlock system allows you to protect specific device fields These are the ONLY fields that can be locked: -- devName - Device hostname/alias -- devVendor - Device manufacturer -- devFQDN - Fully qualified domain name -- devSSID - WiFi network name -- devParentMAC - Parent/gateway MAC -- devParentPort - Parent device port -- devParentRelType - Relationship type (e.g., "gateway") -- devVlan - VLAN identifier +- `devName` - Device hostname/alias +- `devVendor` - Device manufacturer +- `devSSID` - WiFi network name +- `devParentMAC` - Parent/gateway MAC +- `devParentPort` - Parent device port +- `devParentRelType` - Relationship type (e.g., "gateway") +- `devVlan` - VLAN identifier + +Additional fields that are tracked (and their source is dispalyed in the UI if available): + +- `devMac` +- `devLastIP` +- `devFQDN` ## Source Values Explained @@ -30,7 +37,12 @@ Each locked field has a "source" indicator that shows you why the value is prote | 📡 **NEWDEV** | Default/unset value | Yes, plugins can update | | 📡 **Plugin name** | Last updated by a plugin (e.g., UNIFIAPI) | Yes, plugins can update if field in SET_ALWAYS | -## How to Use +Overwrite rules are + +> [!TIP] +> You can bulk-unlock devices in the [Multi-edit](./DEVICES_BULK_EDITING.md) dialog. This removes all `USER` and `LOCKED` values from all `*Source` fields of selected devices. + +## Usage Examples ### Lock a Field (Prevent Plugin Changes) @@ -106,12 +118,14 @@ Each locked field has a "source" indicator that shows you why the value is prote ## When to Lock vs. When NOT to Lock ### ✅ **Good reasons to lock:** + - You've customized the device name and it's correct - You've set a static IP and it shouldn't change - You've configured VLAN information - You know the parent device and don't want it auto-corrected ### ❌ **Bad reasons to lock:** + - The value seems wrong—edit it first, then lock - You want to prevent data from another source—use field lock, not to hide problems - You're trying to force a value the system disagrees with @@ -119,29 +133,32 @@ Each locked field has a "source" indicator that shows you why the value is prote ## Troubleshooting **Lock button not appearing:** + - Confirm the field is one of the tracked fields (see list above) - Confirm the device is already saved (new devices don't show lock buttons) - Refresh the page **Lock button is there but click doesn't work:** + - Check your internet connection - Check you have permission to edit devices - Look at browser console (F12 > Console tab) for error messages - Try again in a few seconds **Field still changes after locking:** + - Double-check the lock icon shows - Reload the page—the change might be a display issue - Check if you accidentally unlocked it - Open an issue if it persists -## For More Information +## See also -- **Technical details:** See [API_DEVICE_FIELD_LOCK.md](API_DEVICE_FIELD_LOCK.md) -- **Plugin configuration:** See [PLUGINS_DEV_CONFIG.md](PLUGINS_DEV_CONFIG.md) -- **Admin guide:** See [DEVICE_MANAGEMENT.md](DEVICE_MANAGEMENT.md) - ---- - -**Quick Start:** Find a device field you want to protect → Click the lock icon → That's it! The field won't change until you unlock it. +- [Device locking](./DEVICE_FIELD_LOCK.md) +- [Device source fields](./DEVICE_SOURCE_FIELDS.md) +- [API Device Endpoints Documentation](./API_DEVICE.md) +- [Authoritative Field Updates System](./PLUGINS_DEV.md#authoritative-fields) +- [Plugin Configuration Reference](./PLUGINS_DEV_CONFIG.md) +- [Device locking APIs](API_DEVICE_FIELD_LOCK.md) +- [Device management](DEVICE_MANAGEMENT.md) diff --git a/docs/DEVICE_MANAGEMENT.md b/docs/DEVICE_MANAGEMENT.md index d1c66347..51685323 100755 --- a/docs/DEVICE_MANAGEMENT.md +++ b/docs/DEVICE_MANAGEMENT.md @@ -49,6 +49,8 @@ To speed up device population you can also copy data from an existing device. Th ## Field Locking (Preventing Plugin Overwrites) +![Field source and locks](./img/DEVICE_MANAGEMENT/field_sources_and_locks.png) + NetAlertX allows you to "lock" specific device fields to prevent plugins from automatically overwriting your custom values. This is useful when you've manually corrected information that might be discovered differently by discovery plugins. ### Quick Start @@ -57,14 +59,9 @@ NetAlertX allows you to "lock" specific device fields to prevent plugins from au 2. Click the **lock button** (🔒) next to any tracked field 3. The field is now protected—plugins cannot change it until you unlock it -### Tracked Fields - -The following 10 fields support locking: -- devMac, devName, devLastIP, devVendor, devFQDN, devSSID, devParentMAC, devParentPort, devParentRelType, devVlan - ### See Also -- **For Users:** [Quick Reference - Device Field Lock/Unlock](QUICK_REFERENCE_FIELD_LOCK.md) - How to use field locking +- **For Users:** [Quick Reference - Device Field Lock/Unlock](DEVICE_FIELD_LOCK.md) - How to use field locking - **For Developers:** [API Device Field Lock Documentation](API_DEVICE_FIELD_LOCK.md) - Technical API reference - **For Plugin Developers:** [Plugin Field Configuration (SET_ALWAYS/SET_EMPTY)](PLUGINS_DEV_CONFIG.md) - Configure which fields plugins can update diff --git a/docs/DEVICE_SOURCE_FIELDS.md b/docs/DEVICE_SOURCE_FIELDS.md new file mode 100644 index 00000000..02ef5e46 --- /dev/null +++ b/docs/DEVICE_SOURCE_FIELDS.md @@ -0,0 +1,67 @@ +# Understanding Device Source Fields and Field Updates + +When the system scans a network, it finds various details about devices (like names, IP addresses, and manufacturers). To ensure the data remains accurate without accidentally overwriting manual changes, the system uses a set of "Source Rules." + +![Field source and locks](./img/DEVICE_MANAGEMENT/field_sources_and_locks.png) + +--- + +## The "Protection" Levels + +Every piece of information for a device has a **Source**. This source determines whether a new scan is allowed to change that value. + +| Source Status | Description | Can a Scan Overwrite it? | +| --- | --- | --- | +| **USER** | You manually entered this value. | **Never** | +| **LOCKED** | This value is pinned and protected. | **Never** | +| **NEWDEV** | This value was initialized from `NEWDEV` plugin settings. | **Always** | +| **(Plugin Name)** | The value was found by a specific scanner (e.g., `NBTSCAN`). | **Only if specific rules are met** | + +--- + +## How Scans Update Information + +If a field is **not** protected by a `USER` or `LOCKED` status, the system follows these rules to decide if it should update the info: + +### 1. The "Empty Field" Rule (Default) + +By default, the system is cautious. It will only fill in a piece of information if the current field is **empty** (showing as "unknown," "0.0.0.0," or blank). It won't change for example an existing name unless you tell it to. + +### 2. SET_ALWAYS + +Some plugins are configured to be "authoritative." If a field is in the **SET_ALWAYS** setting of a plugin: + +* The scanner will **always** overwrite the current value with the new one. +* *Note: It will still never overwrite a `USER` or `LOCKED` field.* + +### 3. SET_EMPTY + +If a field is in the **SET_EMPTY** list: + +* The scanner will **only** provide a value if the current field is currently empty. +* This is used for fields where we want to "fill in the blanks" but never change a value once it has been established by any source. + +### 4. Automatic Overrides (Live Tracking) + +Some fields, like **IP Addresses** (`devLastIP`) and **Full Domain Names** (`devFQDN`), are set to automatically update whenever they change. This ensures that if a device moves to a new IP on your network, the system reflects that change immediately without you having to do anything. + +--- + +## Summary of Field Logic + +| If the current value is... | And the Scan finds... | Does it update? | +| --- | --- | --- | +| **USER / LOCKED** | Anything | **No** | +| **Empty** | A new value | **Yes** | +| **A "Plugin" value** | A different value | **No** (Unless `SET_ALWAYS` is on) | +| **An IP Address** | A different IP | **Yes** (Updates automatically) | + +## See also: + +- [Device locking](./DEVICE_FIELD_LOCK.md) +- [Device source fields](./DEVICE_SOURCE_FIELDS.md) +- [API Device Endpoints Documentation](./API_DEVICE.md) +- [Authoritative Field Updates System](./PLUGINS_DEV.md#authoritative-fields) +- [Plugin Configuration Reference](./PLUGINS_DEV_CONFIG.md) +- [Device locking APIs](API_DEVICE_FIELD_LOCK.md) +- [Device management](DEVICE_MANAGEMENT.md) diff --git a/docs/DEV_ENV_SETUP.md b/docs/DEV_ENV_SETUP.md index 26bbee4d..587bc6d8 100755 --- a/docs/DEV_ENV_SETUP.md +++ b/docs/DEV_ENV_SETUP.md @@ -8,26 +8,26 @@ Before starting development, please review the following guidelines. ### Priority Order (Highest to Lowest) -1. 🔼 Fixing core bugs that lack workarounds -2. 🔵 Adding core functionality that unlocks other features (e.g., plugins) -3. 🔵 Refactoring to enable faster development -4. 🔽 UI improvements (PRs welcome, but low priority) +1. 🔼 Fixing core bugs that lack workarounds +2. 🔵 Adding core functionality that unlocks other features (e.g., plugins) +3. 🔵 Refactoring to enable faster development +4. 🔽 UI improvements (PRs welcome, but low priority) ### Design Philosophy -The application architecture is designed for extensibility and maintainability. It relies heavily on configuration manifests via plugins and settings to dynamically build the UI and populate the application with data from various sources. +The application architecture is designed for extensibility and maintainability. It relies heavily on configuration manifests via plugins and settings to dynamically build the UI and populate the application with data from various sources. -For details, see: -- [Plugins Development](PLUGINS_DEV.md) (includes video) -- [Settings System](SETTINGS_SYSTEM.md) +For details, see: +- [Plugins Development](PLUGINS_DEV.md) (includes video) +- [Settings System](SETTINGS_SYSTEM.md) -Focus on **core functionality** and integrate with existing tools rather than reinventing the wheel. +Focus on **core functionality** and integrate with existing tools rather than reinventing the wheel. -Examples: -- Using **Apprise** for notifications instead of implementing multiple separate gateways -- Implementing **regex-based validation** instead of one-off validation for each setting +Examples: +- Using **Apprise** for notifications instead of implementing multiple separate gateways +- Implementing **regex-based validation** instead of one-off validation for each setting -> [!NOTE] +> [!NOTE] > UI changes have lower priority. PRs are welcome, but please keep them **small and focused**. ## Development Environment Set Up @@ -43,7 +43,7 @@ The following steps will guide you to set up your environment for local developm ### 1. Download the code: - `mkdir /development` -- `cd /development && git clone https://github.com/jokob-sk/NetAlertX.git` +- `cd /development && git clone https://github.com/netalertx/NetAlertX.git` ### 2. Create a DEV .env_dev file @@ -59,13 +59,13 @@ PORT=22222 # make sure this port is unique on your whole network DEV_LOCATION=/development/NetAlertX APP_DATA_LOCATION=/volume/docker_appdata # Make sure your GRAPHQL_PORT setting has a port that is unique on your whole host network -APP_CONF_OVERRIDE={"GRAPHQL_PORT":"22223"} +APP_CONF_OVERRIDE={"GRAPHQL_PORT":"22223"} # ALWAYS_FRESH_INSTALL=true # uncommenting this will always delete the content of /config and /db dirs on boot to simulate a fresh install ``` -### 3. Create /db and /config dirs +### 3. Create /db and /config dirs -Create a folder `netalertx` in the `APP_DATA_LOCATION` (in this example in `/volume/docker_appdata`) with 2 subfolders `db` and `config`. +Create a folder `netalertx` in the `APP_DATA_LOCATION` (in this example in `/volume/docker_appdata`) with 2 subfolders `db` and `config`. - `mkdir /volume/docker_appdata/netalertx` - `mkdir /volume/docker_appdata/netalertx/db` @@ -82,9 +82,9 @@ You can then modify the python script without restarting/rebuilding the containe ## Tips -A quick cheat sheet of useful commands. +A quick cheat sheet of useful commands. -### Removing the container and image +### Removing the container and image A command to stop, remove the container and the image (replace `netalertx` and `netalertx-netalertx` with the appropriate values) @@ -98,23 +98,23 @@ Most code changes can be tested without rebuilding the container. When working o ![image](./img/DEV/Maintenance_Logs_Restart_server.png) -2. If above doesn't work, SSH into the container and kill & restart the main script loop +2. If above doesn't work, SSH into the container and kill & restart the main script loop - `sudo docker exec -it netalertx /bin/bash` - `pkill -f "python /app/server" && python /app/server & ` -3. If none of the above work, restart the docker container. +3. If none of the above work, restart the docker container. -- This is usually the last resort as sometimes the Docker engine becomes unresponsive and the whole engine needs to be restarted. +- This is usually the last resort as sometimes the Docker engine becomes unresponsive and the whole engine needs to be restarted. ## Contributing & Pull Requests ### Before submitting a PR, please ensure: -✔ Changes are **backward-compatible** with existing installs. -✔ No unnecessary changes are made. -✔ New features are **reusable**, not narrowly scoped. -✔ Features are implemented via **plugins** if possible. +✔ Changes are **backward-compatible** with existing installs. +✔ No unnecessary changes are made. +✔ New features are **reusable**, not narrowly scoped. +✔ Features are implemented via **plugins** if possible. ### Mandatory Test Cases @@ -122,15 +122,15 @@ Most code changes can be tested without rebuilding the container. When working o - Existing DB/config compatibility. - Notification testing: - - Email - - Apprise (e.g., Telegram) - - Webhook (e.g., Discord) - - MQTT (e.g., Home Assistant) + - Email + - Apprise (e.g., Telegram) + - Webhook (e.g., Discord) + - MQTT (e.g., Home Assistant) - Updating Settings and their persistence. - Updating a Device - Plugin functionality. - Error log inspection. -> [!NOTE] +> [!NOTE] > Always run all available tests as per the [Testing documentation](API_TESTS.md). diff --git a/docs/DOCKER_COMPOSE.md b/docs/DOCKER_COMPOSE.md index 396bc912..dd89807b 100755 --- a/docs/DOCKER_COMPOSE.md +++ b/docs/DOCKER_COMPOSE.md @@ -17,7 +17,7 @@ services: netalertx: #use an environmental variable to set host networking mode if needed container_name: netalertx # The name when you docker contiainer ls - image: ghcr.io/jokob-sk/netalertx:latest + image: ghcr.io/netalertx/netalertx:latest network_mode: ${NETALERTX_NETWORK_MODE:-host} # Use host networking for ARP scanning and other services read_only: true # Make the container filesystem read-only @@ -27,6 +27,9 @@ services: - NET_ADMIN # Required for ARP scanning - NET_RAW # Required for raw socket operations - NET_BIND_SERVICE # Required to bind to privileged ports (nbtscan) + - CHOWN # Required for root-entrypoint to chown /data + /tmp before dropping privileges + - SETUID # Required for root-entrypoint to switch to non-root user + - SETGID # Required for root-entrypoint to switch to non-root group volumes: - type: volume # Persistent Docker-managed named volume for config + database @@ -78,7 +81,6 @@ services: cpu_shares: 512 # Relative CPU weight for CPU contention scenarios pids_limit: 512 # Limit the number of processes/threads to prevent fork bombs logging: - driver: "json-file" # Use JSON file logging driver options: max-size: "10m" # Rotate log files after they reach 10MB max-file: "3" # Keep a maximum of 3 log files diff --git a/docs/DOCKER_INSTALLATION.md b/docs/DOCKER_INSTALLATION.md index 2116fb33..f57bd8d6 100644 --- a/docs/DOCKER_INSTALLATION.md +++ b/docs/DOCKER_INSTALLATION.md @@ -4,10 +4,11 @@ [![Discord](https://img.shields.io/discord/1274490466481602755?color=0aa8d2&logoColor=fff&logo=Discord&style=for-the-badge)](https://discord.gg/NczTUTWyRr) [![Home Assistant](https://img.shields.io/badge/Repo-blue?logo=home-assistant&style=for-the-badge&color=0aa8d2&logoColor=fff&label=Add)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons) -# NetAlertX - Network scanner & notification framework +# NetAlertX - Network Visibility & Asset Intelligence Framework -| [📑 Docker guide](https://docs.netalertx.com/DOCKER_INSTALLATION) | [🚀 Releases](https://github.com/jokob-sk/NetAlertX/releases) | [📚 Docs](https://docs.netalertx.com/) | [🔌 Plugins](https://docs.netalertx.com/PLUGINS) | [🤖 Ask AI](https://gurubase.io/g/netalertx) -|----------------------| ----------------------| ----------------------| ----------------------| ----------------------| +--- +### || [Docker guide](https://docs.netalertx.com/DOCKER_INSTALLATION) || [Releases](https://github.com/netalertx/NetAlertX/releases) || [Docs](https://docs.netalertx.com/) || [Plugins](https://docs.netalertx.com/PLUGINS) || [Website](https://netalertx.com) +--- @@ -30,7 +31,7 @@ docker run -d --rm --network=host \ --tmpfs /tmp:uid=${NETALERTX_UID:-20211},gid=${NETALERTX_GID:-20211},mode=1700 \ -e PORT=20211 \ -e APP_CONF_OVERRIDE={"GRAPHQL_PORT":"20214"} \ - ghcr.io/jokob-sk/netalertx:latest + ghcr.io/netalertx/netalertx:latest ``` > Runtime UID/GID: The image defaults to a service user `netalertx` (UID/GID 20211). A separate readonly lock owner also uses UID/GID 20211 for 004/005 immutability. You can override the runtime UID/GID at build (ARG) or run (`--user` / compose `user:`) but must align writable mounts (`/data`, `/tmp*`) and tmpfs `uid/gid` to that choice. @@ -120,8 +121,8 @@ You can read or watch several [community configuration guides](https://docs.neta ## 💙 Support me -| [![GitHub](https://i.imgur.com/emsRCPh.png)](https://github.com/sponsors/jokob-sk) | [![Buy Me A Coffee](https://i.imgur.com/pIM6YXL.png)](https://www.buymeacoffee.com/jokobsk) | [![Patreon](https://i.imgur.com/MuYsrq1.png)](https://www.patreon.com/user?u=84385063) | -| --- | --- | --- | +| [![GitHub](https://i.imgur.com/emsRCPh.png)](https://github.com/sponsors/jokob-sk) | [![Buy Me A Coffee](https://i.imgur.com/pIM6YXL.png)](https://www.buymeacoffee.com/jokobsk) | +| --- | --- | - Bitcoin: `1N8tupjeCK12qRVU2XrV17WvKK7LCawyZM` - Ethereum: `0x6e2749Cb42F4411bc98501406BdcD82244e3f9C7` diff --git a/docs/DOCKER_PORTAINER.md b/docs/DOCKER_PORTAINER.md index 673c7757..911c04c5 100755 --- a/docs/DOCKER_PORTAINER.md +++ b/docs/DOCKER_PORTAINER.md @@ -35,9 +35,9 @@ services: netalertx: container_name: netalertx # Use this line for stable release - image: "ghcr.io/jokob-sk/netalertx:latest" + image: "ghcr.io/netalertx/netalertx:latest" # Or, use this for the latest development build - # image: "ghcr.io/jokob-sk/netalertx-dev:latest" + # image: "ghcr.io/netalertx/netalertx-dev:latest" network_mode: "host" restart: unless-stopped cap_drop: # Drop all capabilities for enhanced security @@ -48,7 +48,7 @@ services: - NET_BIND_SERVICE - CHOWN - SETUID - - SETGID + - SETGID volumes: - ${APP_FOLDER}/netalertx/config:/data/config - ${APP_FOLDER}/netalertx/db:/data/db @@ -72,6 +72,13 @@ In the **Environment variables** section of Portainer, add the following: * `PORT=22022` (or another port if needed) * `APP_CONF_OVERRIDE={"GRAPHQL_PORT":"22023"}` (optional advanced settings, otherwise the backend API server PORT defaults to `20212`) +Additional environment variables (advanced / testing): + +* `SKIP_TESTS=1` — when set, the container entrypoint will skip all startup checks and print the message `Skipping startup checks as SKIP_TESTS is set.`. Useful for automated test runs or CI where the container should not perform environment-specific checks. +* `SKIP_STARTUP_CHECKS=""` — space-delimited list of specific startup checks to skip. Names are the human-friendly names derived from files in `/entrypoint.d` (remove the leading numeric prefix and file extension). Example: `SKIP_STARTUP_CHECKS="mandatory folders"` will skip `30-mandatory-folders.sh`. + +Note: these variables are primarily useful for non-production scenarios (testing, CI, or specific deployments) and are processed by the entrypoint scripts. See `entrypoint.sh` and `entrypoint.d/*` for exact behaviour and available check names. + --- ## 5. Ensure permissions diff --git a/docs/DOCKER_SWARM.md b/docs/DOCKER_SWARM.md index 3d0d218d..7b34a21f 100755 --- a/docs/DOCKER_SWARM.md +++ b/docs/DOCKER_SWARM.md @@ -44,7 +44,7 @@ Use the following Compose snippet to deploy NetAlertX with a **static LAN IP** a ```yaml services: netalertx: - image: ghcr.io/jokob-sk/netalertx:latest + image: ghcr.io/netalertx/netalertx:latest ... networks: swarm-ipvlan: diff --git a/docs/FEATURES.md b/docs/FEATURES.md new file mode 100644 index 00000000..81b7b83c --- /dev/null +++ b/docs/FEATURES.md @@ -0,0 +1,92 @@ +# NetAlertX Features Overview + +NetAlertX is a lightweight, flexible platform for monitoring networks, tracking devices, and delivering actionable alerts. It combines discovery, change detection, and multi-channel notification into a single, streamlined solution. + +--- + +## Network Discovery & Device Tracking + +![Network Discovery & Device Tracking](./img/FEATURES/Network_Discovery_Device_Tracking.png) + +- **Automatic Device Detection**: Continuously scans your local network to detect all connected devices via ARP, DHCP, SNMP, and compatible controllers. +- **Presence Monitoring**: Track when devices appear, disappear, or reconnect on the network. +- **IP & MAC Tracking**: Log device IP changes, ensuring accurate identification over time. +- **Import from Existing Systems**: Integrates with DHCP servers, Pi-hole, UniFi controllers, and other supported sources to maintain an accurate inventory. + +--- + +## LAN Visualization + +![LAN visualization](./img/FEATURES/LAN_Visualization.png) + +- **Lightweight Network Map**: View a real-time representation of your local network with all connected devices. +- **Device Status Indicators**: Quickly identify active, missing, or new devices at a glance. +- **Interactive Overview**: Hover over devices to see IP, MAC, and last seen timestamps. +- **Change Highlighting**: Newly detected, disconnected, or reconnected devices are visually flagged to reduce oversight. +- **Simple & Efficient**: Designed for quick insights without heavy resource usage or complex topology maps. + +--- + +## Event-Driven Alerts + +![Event-Driven Alerts](./img/FEATURES/Event-Driven_Alerts.png) + +- **Real-Time Notifications**: Receive immediate alerts for new devices, disconnected devices, or unexpected changes. +- **Customizable Filters and Rules**: Define rules based on device type, IP ranges, presence, or other network parameters. +- **Alert Deduplication & Suppression**: Avoid unnecessary noise with smart alert handling. +- **Historical Logs**: Maintain a complete timeline of network events for review and reporting. + +--- + +## Workflows for implementing Business rules + +![orkflows](./img/WORKFLOWS/workflows.png) + +- **Custom rules**: Cretae custom flows and update device information based to scan results. +- **Customizable Triggers**: Define rules based on any device data, including device type, IP ranges, presence, or other network parameters. +- **Automated Updates**: Automate repetitive tasks, making network management more efficient. + +--- + +## Multi-Channel Notification + +![Multi-Channel Notification](./img/FEATURES/Multi-Channel_Notifications.png) + +- **Flexible Delivery Options**: Send alerts via email, webhooks, MQTT, and more. +- **Integration with Automation**: Connect to ticketing systems, workflow engines, and custom scripts for automated responses. +- **Apprise Support**: Utilize over 80 pre-built notification services without additional configuration. + +--- + +## Security & Compliance-Friendly Logging + +![Events](./img/FEATURES/Events.png) + +- **Device Accountability**: Maintain an auditable record of every device that appears or disappears from the network. +- **Change Tracking**: Document network events with timestamps for review and compliance reporting. +- **Rogue Device Alerts**: Detect and respond to unexpected or unauthorized network connections. + +--- + +## MCP Server and OpenAPI + +![MCP Server](./img/FEATURES/MCP_Server.png) + +- **Data Access & Interaction**: The MCP server provides full programmatic access to NetAlertX, allowing you to query, monitor, and interact with network and device data. +- **OpenAPI Integration**: Use the OpenAPI interface to fetch device status, network events, and logs, or trigger actions and alerts programmatically. +- **Full Transparency**: All scan results, logs, and device information are accessible via the API, enabling auditing, automation, or integration with external systems. +- **Flexible & Reliable**: Structured API access ensures predictable, repeatable interactions while allowing real-time data monitoring and operational control. + +--- + +## Extensible & Open Source + +![Plugins](./img/plugins_json_settings.png) + +- **Plugin System**: Extend discovery methods, ingestion types, or notification channels through modular plugins. +- **Community Contributions**: Open-source architecture encourages collaboration and improvements. +- **Full Transparency**: All logs, scans, and configurations are visible for analysis. + +--- + +NetAlertX provides a centralized, proactive approach to network awareness, combining device visibility, event-driven alerting, and flexible notifications into a single, deployable solution. Its design prioritizes efficiency, clarity, and actionable insights, making it ideal for monitoring dynamic environments. diff --git a/docs/FILE_PERMISSIONS.md b/docs/FILE_PERMISSIONS.md index ccad1604..89e893cd 100755 --- a/docs/FILE_PERMISSIONS.md +++ b/docs/FILE_PERMISSIONS.md @@ -12,7 +12,7 @@ docker run --rm --network=host \ -v /etc/localtime:/etc/localtime:ro \ --tmpfs /tmp:uid=20211,gid=20211,mode=1700 \ -e PORT=20211 \ - ghcr.io/jokob-sk/netalertx:latest + ghcr.io/netalertx/netalertx:latest ``` > [!WARNING] @@ -70,7 +70,7 @@ If you use a custom `PUID` (e.g. `0`) and `GUID` (e.g. `100`) make sure you also docker run -it --rm --name netalertx --user "0" \ -v /local_data_dir:/data \ --tmpfs /tmp:uid=20211,gid=20211,mode=1700 \ - ghcr.io/jokob-sk/netalertx:latest + ghcr.io/netalertx/netalertx:latest ``` 2. Wait for logs showing **permissions being fixed**. The container will then **hang intentionally**. @@ -95,7 +95,7 @@ docker run -it --rm --name netalertx --user "0" \ services: netalertx: container_name: netalertx - image: "ghcr.io/jokob-sk/netalertx" + image: "ghcr.io/netalertx/netalertx" network_mode: "host" cap_drop: # Drop all capabilities for enhanced security - ALL diff --git a/docs/FIX_OFFLINE_DETECTION.md b/docs/FIX_OFFLINE_DETECTION.md index bbfb0d3f..6bac1fd1 100755 --- a/docs/FIX_OFFLINE_DETECTION.md +++ b/docs/FIX_OFFLINE_DETECTION.md @@ -42,7 +42,10 @@ ARPSCAN_DURATION=30 ### ✅ Add ICMP (Ping) Scanning -Enable the `ICMP` scan plugin to complement ARP detection. ICMP is often more reliable for detecting active hosts, especially when ARP fails. +Enable the `ICMP` scan plugin to complement ARP detection. ICMP is often more reliable for detecting active hosts, especially when ARP fails. + +> [!IMPORTANT] +> If using AdGuard/Pi-hole: If devices still show offline after enabling ICMP, temporarily disable your content blocker. If the issue disappears, whitelist the NetAlertX host IP in your blocker's settings to prevent pings from being dropped. ### ✅ Use Multiple Detection Methods @@ -52,7 +55,7 @@ A combined approach greatly improves detection robustness: * `ICMP` (ping) * `NMAPDEV` (nmap) -This hybrid strategy increases reliability, especially for down detection and alerting. See [other plugins](./PLUGINS.md) that might be compatible with your setup. See benefits and drawbacks of individual scan methods in their respective docs. +This hybrid strategy increases reliability, especially for down detection and alerting. See [other plugins](./PLUGINS.md) that might be compatible with your setup. See benefits and drawbacks of individual scan methods in their respective docs. ## Results @@ -76,4 +79,4 @@ After increasing the ARP timeout and adding ICMP scanning (on select IP ranges), Let us know in the [NetAlertX Discussions](https://github.com/jokob-sk/NetAlertX/discussions) if you have further feedback or edge cases. -See also [Remote Networks](./REMOTE_NETWORKS.md) for more advanced setups. \ No newline at end of file +See also [Remote Networks](./REMOTE_NETWORKS.md) for more advanced setups. \ No newline at end of file diff --git a/docs/INSTALLATION.md b/docs/INSTALLATION.md index 8e6cbccc..4f5e51db 100755 --- a/docs/INSTALLATION.md +++ b/docs/INSTALLATION.md @@ -8,11 +8,12 @@ NetAlertX can be installed several ways. The best supported option is Docker, fo - [[Installation] Home Assistant](https://github.com/alexbelgium/hassio-addons/tree/master/netalertx) - [[Installation] Unraid App](https://unraid.net/community/apps) - [[Installation] Bare metal (experimental - looking for maintainers)](https://docs.netalertx.com/HW_INSTALL) +- [[Installation] Nix flake (community supported)](https://github.com/netalertx/NetAlertX/blob/main/install/nix/flake.nix) submitted by [2m](https://github.com/2m) ## Help -If facing issues, please spend a few minutes seraching. +If facing issues, please spend a few minutes searching. - Check [common issues](./COMMON_ISSUES.md) - Have a look at [Community guides](./COMMUNITY_GUIDES.md) diff --git a/docs/MIGRATION.md b/docs/MIGRATION.md index a3716909..079b5a46 100755 --- a/docs/MIGRATION.md +++ b/docs/MIGRATION.md @@ -318,7 +318,7 @@ As per user feedback, we’ve re-introduced the ability to control which user th services: netalertx: container_name: netalertx - image: "ghcr.io/jokob-sk/netalertx" + image: "ghcr.io/netalertx/netalertx" network_mode: "host" cap_drop: - ALL diff --git a/docs/PERFORMANCE.md b/docs/PERFORMANCE.md index a5f7cd63..d7f4f0a7 100755 --- a/docs/PERFORMANCE.md +++ b/docs/PERFORMANCE.md @@ -80,9 +80,9 @@ services: netalertx: container_name: netalertx # Use this line for the stable release - image: "ghcr.io/jokob-sk/netalertx:latest" + image: "ghcr.io/netalertx/netalertx:latest" # Or use this line for the latest development build - # image: "ghcr.io/jokob-sk/netalertx-dev:latest" + # image: "ghcr.io/netalertx/netalertx-dev:latest" network_mode: "host" restart: unless-stopped diff --git a/docs/PLUGINS_DEV.md b/docs/PLUGINS_DEV.md index 3fbd8bff..5176131f 100755 --- a/docs/PLUGINS_DEV.md +++ b/docs/PLUGINS_DEV.md @@ -268,7 +268,7 @@ To import plugin data into NetAlertX tables for device discovery or notification "database_column_definitions": [ { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "show": true, "type": "device_mac", "localized": ["name"], @@ -287,7 +287,7 @@ To always map a static value (not read from plugin output): ```json { "column": "NameDoesntMatter", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "MYPLN" } diff --git a/docs/PLUGINS_DEV_UI_COMPONENTS.md b/docs/PLUGINS_DEV_UI_COMPONENTS.md index 5f8ebb11..776bd40e 100644 --- a/docs/PLUGINS_DEV_UI_COMPONENTS.md +++ b/docs/PLUGINS_DEV_UI_COMPONENTS.md @@ -440,7 +440,7 @@ To import plugin data into the device scan pipeline (for notifications, heuristi "database_column_definitions": [ { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "show": true, "type": "device_mac", "localized": ["name"], @@ -448,7 +448,7 @@ To import plugin data into the device scan pipeline (for notifications, heuristi }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "show": true, "type": "device_ip", "localized": ["name"], @@ -456,7 +456,7 @@ To import plugin data into the device scan pipeline (for notifications, heuristi }, { "column": "NameDoesntMatter", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "MYSCAN" }, @@ -478,7 +478,7 @@ Use `mapped_to_column_data` to map a static value instead of reading from a colu ```json { "column": "NameDoesntMatter", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "MYSCAN" }, @@ -489,7 +489,7 @@ Use `mapped_to_column_data` to map a static value instead of reading from a colu } ``` -This always sets `cur_ScanMethod` to `"MYSCAN"` regardless of column data. +This always sets `scanSourcePlugin` to `"MYSCAN"` regardless of column data. --- @@ -546,7 +546,7 @@ When viewing a device detail page, the `txtMacFilter` field is populated with th "database_column_definitions": [ { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-2", "show": true, "type": "device_mac", @@ -556,7 +556,7 @@ When viewing a device detail page, the `txtMacFilter` field is populated with th }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", diff --git a/docs/REMOTE_NETWORKS.md b/docs/REMOTE_NETWORKS.md index 1fda6f17..8ff4848c 100755 --- a/docs/REMOTE_NETWORKS.md +++ b/docs/REMOTE_NETWORKS.md @@ -13,9 +13,17 @@ The following network setups might make some devices undetectable with `ARPSCAN` ### Wi-Fi Extenders -Wi-Fi extenders typically create a separate network or subnet, which can prevent network scanning tools like `arp-scan` from detecting devices behind the extender. +Wi-Fi extenders often **block or proxy Layer-2 broadcast traffic**, which can prevent network scanning tools like `arp-scan` from detecting devices behind the extender. This can happen **even when the extender uses the same SSID and the same IP subnet** as the main network. -> **Possible workaround**: Scan the specific subnet that the extender uses, if it is separate from the main network. +Please note that being able to `ping` a device does **not** mean it is discoverable via `arp-scan`. + +* `arp-scan` relies on **Layer 2 (ARP broadcast)** +* ICMP (`ping`) operates at **Layer 3 (routed traffic)** + +That’s why devices behind extenders may respond to ping but remain undiscoverable via `arp-scan`. + +> **Possible workaround**: +> If the extender uses a separate subnet, scan that subnet directly. Otherwise, use DHCP-based discovery plugins or router integration instead of ARP. See the **Other Workarounds** section below for more details. ### VPNs diff --git a/docs/REVERSE_DNS.md b/docs/REVERSE_DNS.md index 9ca3a24f..c9180c87 100755 --- a/docs/REVERSE_DNS.md +++ b/docs/REVERSE_DNS.md @@ -39,7 +39,7 @@ You can specify the DNS server in the docker-compose to improve name resolution services: netalertx: container_name: netalertx - image: "ghcr.io/jokob-sk/netalertx:latest" + image: "ghcr.io/netalertx/netalertx:latest" ... dns: # specifying the DNS servers used for the container - 10.8.0.1 diff --git a/docs/REVERSE_PROXY.md b/docs/REVERSE_PROXY.md index aaa12ccb..d7c4d098 100755 --- a/docs/REVERSE_PROXY.md +++ b/docs/REVERSE_PROXY.md @@ -3,13 +3,23 @@ > [!NOTE] > This is community-contributed. Due to environment, setup, or networking differences, results may vary. Please open a PR to improve it instead of creating an issue, as the maintainer is not actively maintaining it. +> [!NOTE] +> NetAlertX requires access to both the **web UI** (default `20211`) and the **GraphQL backend `GRAPHQL_PORT`** (default `20212`) ports. +> Ensure your reverse proxy allows traffic to both for proper functionality. -> [!TIP] -> You will need to specify the `BACKEND_API_URL` setting if you are running reverse proxies. This is the URL that points to the backend server url (including your `GRAPHQL_PORT`) +> [!IMPORTANT] +> You will need to specify 2 entries in your reverse proxy, one for the front end, one for the backend URL. The custom backend URL, including the `GRAPHQL_PORT`, needs to be aslo specified in the `BACKEND_API_URL` setting.This is the URL that points to the backend API server. > > ![BACKEND_API_URL setting](./img/REVERSE_PROXY/BACKEND_API_URL.png) +> > ![NPM set up](./img/REVERSE_PROXY/nginx_proxy_manager_npm.png) +See also: + +- [CADDY + AUTHENTIK](./REVERSE_PROXY_CADDY.md) +- [TRAEFIK](./REVERSE_PROXY_TRAEFIK.md) + + ## NGINX HTTP Configuration (Direct Path) > Submitted by amazing [cvc90](https://github.com/cvc90) 🙏 @@ -513,888 +523,4 @@ Mapping the updated file (on the local filesystem at `/appl/docker/netalertx/def ... ``` -## Caddy + Authentik Outpost Proxy SSO -> Submitted by [luckylinux](https://github.com/luckylinux) 🙏. -### Introduction - -This Setup assumes: - -1. Authentik Installation running on a separate Host at `https://authentik.MYDOMAIN.TLD` -2. Container Management is done on Baremetal OR in a Virtual Machine (KVM/Xen/ESXi/..., no LXC Containers !): - i. Docker and Docker Compose configured locally running as Root (needed for `network_mode: host`) OR - ii. Podman (optionally `podman-compose`) configured locally running as Root (needed for `network_mode: host`) -3. TLS Certificates are already pre-obtained and located at `/var/lib/containers/certificates/letsencrypt/MYDOMAIN.TLD`. - I use the `certbot/dns-cloudflare` Podman Container on a separate Host to obtain the Certificates which I then distribute internally. - This Container uses the Wildcard Top-Level Domain Certificate which is valid for `MYDOMAIN.TLD` and `*.MYDOMAIN.TLD`. -4. Proxied Access - i. NetAlertX Web Interface is accessible via Caddy Reverse Proxy at `https://netalertx.MYDOMAIN.TLD` (default HTTPS Port 443: `https://netalertx.MYDOMAIN.TLD:443`) with `REPORT_DASHBOARD_URL=https://netalertx.MYDOMAIN.TLD` - ii. NetAlertX GraphQL Interface is accessible via Caddy Reverse Proxy at `https://netalertx.MYDOMAIN.TLD:20212` with `BACKEND_API_URL=https://netalertx.MYDOMAIN.TLD:20212` - iii. Authentik Proxy Outpost is accessible via Caddy Reverse Proxy at `https://netalertx.MYDOMAIN.TLD:9443` -5. Internal Ports - i. NGINX Web Server is set to listen on internal Port 20211 set via `PORT=20211` - ii. Python Web Server is set to listen on internal Port `GRAPHQL_PORT=20219` - iii. Authentik Proxy Outpost is listening on internal Port `AUTHENTIK_LISTEN__HTTP=[::1]:6000` (unencrypted) and Port `AUTHENTIK_LISTEN__HTTPS=[::1]:6443` (encrypted) - -8. Some further Configuration for Caddy is performed in Terms of Logging, SSL Certificates, etc - -It's also possible to [let Caddy automatically request & keep TLS Certificates up-to-date](https://caddyserver.com/docs/automatic-https), although please keep in mind that: - -1. You risk enumerating your LAN. Every Domain/Subdomain for which Caddy requests a TLS Certificate for you will result in that Host to be listed on [List of Letsencrypt Certificates issued](https://crt.sh/). -2. You need to either: - i. Open Port 80 for external Access ([HTTP challenge](https://caddyserver.com/docs/automatic-https#http-challenge)) in order for Letsencrypt to verify the Ownership of the Domain/Subdomain - ii. Open Port 443 for external Access ([TLS-ALPN challenge](https://caddyserver.com/docs/automatic-https#tls-alpn-challenge)) in order for Letsencrypt to verify the Ownership of the Domain/Subdomain - iii. Give Caddy the Credentials to update the DNS Records at your DNS Provider ([DNS challenge](https://caddyserver.com/docs/automatic-https#dns-challenge)) - -You can also decide to deploy your own Certificates & Certification Authority, either manually with OpenSSL, or by using something like [mkcert](https://github.com/FiloSottile/mkcert). - -In Terms of IP Stack Used: -- External: Caddy listens on both IPv4 and IPv6. -- Internal: - - Authentik Outpost Proxy listens on IPv6 `[::1]` - - NetAlertX listens on IPv4 `0.0.0.0` - -### Flow -The Traffic Flow will therefore be as follows: - -- Web GUI: - i. Client accesses `http://authentik.MYDOMAIN.TLD:80`: default (built-in Caddy) Redirect to `https://authentik.MYDOMAIN.TLD:443` - ii. Client accesses `https://authentik.MYDOMAIN.TLD:443` -> reverse Proxy to internal Port 20211 (NetAlertX Web GUI / NGINX - unencrypted) -- GraphQL: Client accesses `https://authentik.MYDOMAIN.TLD:20212` -> reverse Proxy to internal Port 20219 (NetAlertX GraphQL - unencrypted) -- Authentik Outpost: Client accesses `https://authentik.MYDOMAIN.TLD:9443` -> reverse Proxy to internal Port 6000 (Authentik Outpost Proxy - unencrypted) - -An Overview of the Flow is provided in the Picture below: - -![Reverse Proxy Traffic Flow with Authentik SSSO](./img/REVERSE_PROXY/reverse_proxy_flow.svg) - -### Security Considerations - -#### Caddy should be run rootless - -> [!WARNING] -> By default Caddy runs as `root` which is a Security Risk. -> In order to solve this, it's recommended to create an unprivileged User `caddy` and Group `caddy` on the Host: -> ``` -> groupadd --gid 980 caddy -> useradd --shell /usr/sbin/nologin --gid 980 --uid 980 -c "Caddy web server" --base-dir /var/lib/caddy -> ``` - -At least using Quadlets with Usernames (NOT required with UID/GID), but possibly using Compose in certain Cases as well, a custom `/etc/passwd` and `/etc/group` might need to be bind-mounted inside the Container. -`passwd`: -``` -root:x:0:0:root:/root:/bin/sh -bin:x:1:1:bin:/bin:/sbin/nologin -daemon:x:2:2:daemon:/sbin:/sbin/nologin -lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin -sync:x:5:0:sync:/sbin:/bin/sync -shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown -halt:x:7:0:halt:/sbin:/sbin/halt -mail:x:8:12:mail:/var/mail:/sbin/nologin -news:x:9:13:news:/usr/lib/news:/sbin/nologin -uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin -cron:x:16:16:cron:/var/spool/cron:/sbin/nologin -ftp:x:21:21::/var/lib/ftp:/sbin/nologin -sshd:x:22:22:sshd:/dev/null:/sbin/nologin -games:x:35:35:games:/usr/games:/sbin/nologin -ntp:x:123:123:NTP:/var/empty:/sbin/nologin -guest:x:405:100:guest:/dev/null:/sbin/nologin -nobody:x:65534:65534:nobody:/:/sbin/nologin -caddy:x:980:980:caddy:/var/lib/caddy:/bin/sh -``` - -`group`: -``` -root:x:0:root -bin:x:1:root,bin,daemon -daemon:x:2:root,bin,daemon -sys:x:3:root,bin -adm:x:4:root,daemon -tty:x:5: -disk:x:6:root -lp:x:7:lp -kmem:x:9: -wheel:x:10:root -floppy:x:11:root -mail:x:12:mail -news:x:13:news -uucp:x:14:uucp -cron:x:16:cron -audio:x:18: -cdrom:x:19: -dialout:x:20:root -ftp:x:21: -sshd:x:22: -input:x:23: -tape:x:26:root -video:x:27:root -netdev:x:28: -kvm:x:34:kvm -games:x:35: -shadow:x:42: -www-data:x:82: -users:x:100:games -ntp:x:123: -abuild:x:300: -utmp:x:406: -ping:x:999: -nogroup:x:65533: -nobody:x:65534: -caddy:x:980: -``` - -#### Authentication of GraphQL Endpoint - -> [!WARNING] -> Currently the GraphQL Endpoint is NOT authenticated ! - -### Environment Files -Depending on the Preference of the User (Environment Variables defined in Compose/Quadlet or in external `.env` File[s]), it might be prefereable to place at least some Environment Variables in external `.env` and `.env.` Files. - -The following is proposed: - -- `.env`: common Settings (empty by Default) -- `.env.caddy`: Caddy Settings -- `.env.server`: NetAlertX Server/Application Settings -- `.env.outpost.proxy`: Authentik Proxy Outpost Settings - -The following Contents is assumed. - -`.env.caddy`: -``` -# Define Application Hostname -APPLICATION_HOSTNAME=netalertx.MYDOMAIN.TLD - -# Define Certificate Domain -# In this case: use Wildcard Certificate -APPLICATION_CERTIFICATE_DOMAIN=MYDOMAIN.TLD -APPLICATION_CERTIFICATE_CERT_FILE=fullchain.pem -APPLICATION_CERTIFICATE_KEY_FILE=privkey.pem - -# Define Outpost Hostname -OUTPOST_HOSTNAME=netalertx.MYDOMAIN.TLD - -# Define Outpost External Port (TLS) -OUTPOST_EXTERNAL_PORT=9443 -``` - -`.env.server`: -``` -PORT=20211 -PORT_SSL=443 -NETALERTX_NETWORK_MODE=host -LISTEN_ADDR=0.0.0.0 -GRAPHQL_PORT=20219 -NETALERTX_DEBUG=1 -BACKEND_API_URL=https://netalertx.MYDOMAIN.TLD:20212 -``` - -`.env.outpost.proxy`: -``` -AUTHENTIK_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -AUTHENTIK_LISTEN__HTTP=[::1]:6000 -AUTHENTIK_LISTEN__HTTPS=[::1]:6443 -``` - -### Compose Setup -``` -version: "3.8" -services: - netalertx-caddy: - container_name: netalertx-caddy - - network_mode: host - image: docker.io/library/caddy:latest - pull: missing - - env_file: - - .env - - .env.caddy - - environment: - CADDY_DOCKER_CADDYFILE_PATH: "/etc/caddy/Caddyfile" - - volumes: - - ./Caddyfile:/etc/caddy/Caddyfile:ro,z - - /var/lib/containers/data/netalertx/caddy:/data/caddy:rw,z - - /var/lib/containers/log/netalertx/caddy:/var/log:rw,z - - /var/lib/containers/config/netalertx/caddy:/config/caddy:rw,z - - /var/lib/containers/certificates/letsencrypt:/certificates:ro,z - - # Set User - user: "caddy:caddy" - - # Automatically restart Container - restart: unless-stopped - - netalertx-server: - container_name: netalertx-server # The name when you docker contiainer ls - - network_mode: host # Use host networking for ARP scanning and other services - - depends_on: - netalertx-caddy: - condition: service_started - restart: true - netalertx-outpost-proxy: - condition: service_started - restart: true - - # Local built Image including latest Changes - image: localhost/netalertx-dev:dev-20260109-232454 - - read_only: true # Make the container filesystem read-only - - # It is most secure to start with user 20211, but then we lose provisioning capabilities. - # user: "${NETALERTX_UID:-20211}:${NETALERTX_GID:-20211}" - cap_drop: # Drop all capabilities for enhanced security - - ALL - cap_add: # Add only the necessary capabilities - - NET_ADMIN # Required for scanning with arp-scan, nmap, nbtscan, traceroute, and zero-conf - - NET_RAW # Required for raw socket operations with arp-scan, nmap, nbtscan, traceroute and zero-conf - - NET_BIND_SERVICE # Required to bind to privileged ports with nbtscan - - CHOWN # Required for root-entrypoint to chown /data + /tmp before dropping privileges - - SETUID # Required for root-entrypoint to switch to non-root user - - SETGID # Required for root-entrypoint to switch to non-root group - volumes: - - # Override NGINX Configuration Template - - type: bind - source: /var/lib/containers/config/netalertx/server/nginx/netalertx.conf.template - target: /services/config/nginx/netalertx.conf.template - read_only: true - bind: - selinux: Z - - # Letsencrypt Certificates - - type: bind - source: /var/lib/containers/certificates/letsencrypt/MYDOMAIN.TLD - target: /certificates - read_only: true - bind: - selinux: Z - - # Data Storage for NetAlertX - - type: bind # Persistent Docker-managed Named Volume for storage - source: /var/lib/containers/data/netalertx/server - target: /data # consolidated configuration and database storage - read_only: false # writable volume - bind: - selinux: Z - - # Set the Timezone - - type: bind # Bind mount for timezone consistency - source: /etc/localtime - target: /etc/localtime - read_only: true - bind: - selinux: Z - - # tmpfs mounts for writable directories in a read-only container and improve system performance - # All writes now live under /tmp/* subdirectories which are created dynamically by entrypoint.d scripts - # mode=1700 gives rwx------ permissions; ownership is set by /root-entrypoint.sh - - type: tmpfs - target: /tmp - tmpfs-mode: 1700 - uid: 0 - gid: 0 - rw: true - noexec: true - nosuid: true - nodev: true - async: true - noatime: true - nodiratime: true - bind: - selinux: Z - - env_file: - - .env - - .env.server - - environment: - PUID: ${NETALERTX_UID:-20211} # Runtime UID after priming (Synology/no-copy-up safe) - PGID: ${NETALERTX_GID:-20211} # Runtime GID after priming (Synology/no-copy-up safe) - LISTEN_ADDR: ${LISTEN_ADDR:-0.0.0.0} # Listen for connections on all interfaces - PORT: ${PORT:-20211} # Application port - PORT_SSL: ${PORT_SSL:-443} - GRAPHQL_PORT: ${GRAPHQL_PORT:-20212} # GraphQL API port - ALWAYS_FRESH_INSTALL: ${ALWAYS_FRESH_INSTALL:-false} # Set to true to reset your config and database on each container start - NETALERTX_DEBUG: ${NETALERTX_DEBUG:-0} # 0=kill all services and restart if any dies. 1 keeps running dead services. - BACKEND_API_URL: ${BACKEND_API_URL-"https://netalertx.MYDOMAIN.TLD:20212"} - - # Resource limits to prevent resource exhaustion - mem_limit: 4096m # Maximum memory usage - mem_reservation: 2048m # Soft memory limit - cpu_shares: 512 # Relative CPU weight for CPU contention scenarios - pids_limit: 512 # Limit the number of processes/threads to prevent fork bombs - logging: - driver: "json-file" # Use JSON file logging driver - options: - max-size: "10m" # Rotate log files after they reach 10MB - max-file: "3" # Keep a maximum of 3 log files - - # Always restart the container unless explicitly stopped - restart: unless-stopped - - # To sign Out, you need to visit - # {$OUTPOST_HOSTNAME}:{$OUTPOST_EXTERNAL_PORT}/outpost.goauthentik.io/sign_out - netalertx-outpost-proxy: - container_name: netalertx-outpost-proxy - - network_mode: host - - depends_on: - netalertx-caddy: - condition: service_started - restart: true - - restart: unless-stopped - - image: ghcr.io/goauthentik/proxy:2025.10 - pull: missing - - env_file: - - .env - - .env.outpost.proxy - - environment: - AUTHENTIK_HOST: "https://authentik.MYDOMAIN.TLD" - AUTHENTIK_INSECURE: false - AUTHENTIK_LISTEN__HTTP: "[::1]:6000" - AUTHENTIK_LISTEN__HTTPS: "[::1]:6443" -``` - -### Quadlet Setup -`netalertx.pod`: -``` -[Pod] -# Name of the Pod -PodName=netalertx - -# Network Mode Host is required for ARP to work -Network=host - -# Automatically start Pod at Boot Time -[Install] -WantedBy=default.target -``` - -`netalertx-caddy.container`: -``` -[Unit] -Description=NetAlertX Caddy Container - -[Service] -Restart=always - -[Container] -ContainerName=netalertx-caddy - -Pod=netalertx.pod -StartWithPod=true - -# Generic Environment Configuration -EnvironmentFile=.env - -# Caddy Specific Environment Configuration -EnvironmentFile=.env.caddy - -Environment=CADDY_DOCKER_CADDYFILE_PATH=/etc/caddy/Caddyfile - -Image=docker.io/library/caddy:latest -Pull=missing - -# Run as rootless -# Specifying User & Group by Name requires to mount a custom passwd & group File inside the Container -# Otherwise an Error like the following will result: netalertx-caddy[593191]: Error: unable to find user caddy: no matching entries in passwd file -# User=caddy -# Group=caddy -# Volume=/var/lib/containers/config/netalertx/caddy-rootless/passwd:/etc/passwd:ro,z -# Volume=/var/lib/containers/config/netalertx/caddy-rootless/group:/etc/group:ro,z - -# Run as rootless -# Specifying User & Group by UID/GID will NOT require a custom passwd / group File to be bind-mounted inside the Container -User=980 -Group=980 - -Volume=./Caddyfile:/etc/caddy/Caddyfile:ro,z -Volume=/var/lib/containers/data/netalertx/caddy:/data/caddy:z -Volume=/var/lib/containers/log/netalertx/caddy:/var/log:z -Volume=/var/lib/containers/config/netalertx/caddy:/config/caddy:z -Volume=/var/lib/containers/certificates/letsencrypt:/certificates:ro,z -``` - -`netalertx-server.container`: -``` -[Unit] -Description=NetAlertX Server Container -Requires=netalertx-caddy.service netalertx-outpost-proxy.service -After=netalertx-caddy.service netalertx-outpost-proxy.service - -[Service] -Restart=always - -[Container] -ContainerName=netalertx-server - -Pod=netalertx.pod -StartWithPod=true - -# Local built Image including latest Changes -Image=localhost/netalertx-dev:dev-20260109-232454 -Pull=missing - -# Make the container filesystem read-only -ReadOnly=true - -# Drop all capabilities for enhanced security -DropCapability=ALL - -# It is most secure to start with user 20211, but then we lose provisioning capabilities. -# User=20211:20211 - -# Required for scanning with arp-scan, nmap, nbtscan, traceroute, and zero-conf -AddCapability=NET_ADMIN - -# Required for raw socket operations with arp-scan, nmap, nbtscan, traceroute and zero-conf -AddCapability=NET_RAW - -# Required to bind to privileged ports with nbtscan -AddCapability=NET_BIND_SERVICE - -# Required for root-entrypoint to chown /data + /tmp before dropping privileges -AddCapability=CHOWN - -# Required for root-entrypoint to switch to non-root user -AddCapability=SETUID - -# Required for root-entrypoint to switch to non-root group -AddCapability=SETGID - -# Override the Configuration Template -Volume=/var/lib/containers/config/netalertx/server/nginx/netalertx.conf.template:/services/config/nginx/netalertx.conf.template:ro,Z - -# Letsencrypt Certificates -Volume=/var/lib/containers/certificates/letsencrypt/MYDOMAIN.TLD:/certificates:ro,Z - -# Data Storage for NetAlertX -Volume=/var/lib/containers/data/netalertx/server:/data:rw,Z - -# Set the Timezone -Volume=/etc/localtime:/etc/localtime:ro,Z - -# tmpfs mounts for writable directories in a read-only container and improve system performance -# All writes now live under /tmp/* subdirectories which are created dynamically by entrypoint.d scripts -# mode=1700 gives rwx------ permissions; ownership is set by /root-entrypoint.sh -# Mount=type=tmpfs,destination=/tmp,tmpfs-mode=1700,uid=0,gid=0,rw=true,noexec=true,nosuid=true,nodev=true,async=true,noatime=true,nodiratime=true,relabel=private -Mount=type=tmpfs,destination=/tmp,tmpfs-mode=1700,rw=true,noexec=true,nosuid=true,nodev=true - -# Environment Configuration -EnvironmentFile=.env -EnvironmentFile=.env.server - -# Runtime UID after priming (Synology/no-copy-up safe) -Environment=PUID=20211 - -# Runtime GID after priming (Synology/no-copy-up safe) -Environment=PGID=20211 - -# Listen for connections on all interfaces (IPv4) -Environment=LISTEN_ADDR=0.0.0.0 - -# Application port -Environment=PORT=20211 - -# SSL Port -Environment=PORT_SSL=443 - -# GraphQL API port -Environment=GRAPHQL_PORT=20212 - -# Set to true to reset your config and database on each container start -Environment=ALWAYS_FRESH_INSTALL=false - -# 0=kill all services and restart if any dies. 1 keeps running dead services. -Environment=NETALERTX_DEBUG=0 - -# Set the GraphQL URL for external Access (via Caddy Reverse Proxy) -Environment=BACKEND_API_URL=https://netalertx-fedora.MYDOMAIN.TLD:20212 - -# Resource limits to prevent resource exhaustion -# Maximum memory usage -Memory=4g - -# Limit the number of processes/threads to prevent fork bombs -PidsLimit=512 - -# Relative CPU weight for CPU contention scenarios -PodmanArgs=--cpus=2 -PodmanArgs=--cpu-shares=512 - -# Soft memory limit -PodmanArgs=--memory-reservation=2g - -# !! The following Keys are unfortunately not [yet] supported !! - -# Relative CPU weight for CPU contention scenarios -#CpuShares=512 - -# Soft memory limit -#MemoryReservation=2g -``` - -`netalertx-outpost-proxy.container`: -``` -[Unit] -Description=NetAlertX Authentik Proxy Outpost Container -Requires=netalertx-caddy.service -After=netalertx-caddy.service - -[Service] -Restart=always - -[Container] -ContainerName=netalertx-outpost-proxy - -Pod=netalertx.pod -StartWithPod=true - -# General Configuration -EnvironmentFile=.env - -# Authentik Outpost Proxy Specific Configuration -EnvironmentFile=.env.outpost.proxy - -Environment=AUTHENTIK_HOST=https://authentik.MYDOMAIN.TLD -Environment=AUTHENTIK_INSECURE=false - -# Overrides Value from .env.outpost.rac -# Environment=AUTHENTIK_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - -# Optional setting to be used when `authentik_host` for internal communication doesn't match the public URL -# Environment=AUTHENTIK_HOST_BROWSER=https://authentik.MYDOMAIN.TLD - -# Container Image -Image=ghcr.io/goauthentik/proxy:2025.10 -Pull=missing - -# Network Configuration -Network=container:supermicro-ikvm-pve031-caddy - -# Security Configuration -NoNewPrivileges=true -``` - -### Firewall Setup - -Depending on which GNU/Linux Distribution you are running, it might be required to open up some Firewall Ports in order to be able to access the Endpoints from outside the Host itself. - -This is for instance the Case for Fedora Linux, where I had to open: - -- Port 20212 for external GraphQL Access (both TCP & UDP are open, unsure if UDP is required) -- Port 9443 for external Authentik Outpost Proxy Access (both TCP & UDP are open, unsure if UDP is required) - -![Fedora Firewall Configuration](./img/REVERSE_PROXY/fedora-firewall.png) - -### Authentik Setup - -In order to enable Single Sign On (SSO) with Authentik, you will need to create a Provider, an Application and an Outpost. - -![Authentik Left Sidebar](./img/REVERSE_PROXY/authentik-sidebar.png) - -First of all, using the Left Sidebar, navigate to `Applications` → `Providers`, click on `Create` (Blue Button at the Top of the Screen), select `Proxy Provider`, then click `Next`: -![Authentik Provider Setup (Part 1)](./img/REVERSE_PROXY/authentik-provider-setup-01.png) - -Fill in the required Fields: - -- Name: choose a Name for the Provider (e.g. `netalertx`) -- Authorization Flow: choose the Authorization Flow. I typically use `default-provider-authorization-implicit-consent (Authorize Application)`. If you select the `default-provider-authorization-explicit-consent (Authorize Application)` you will need to authorize Authentik every Time you want to log in NetAlertX, which can make the Experience less User-friendly -- Type: Click on `Forward Auth (single application)` -- External Host: set to `https://netalertx.MYDOMAIN.TLD` - -Click `Finish`. - -![Authentik Provider Setup (Part 2)](./img/REVERSE_PROXY/authentik-provider-setup-02.png) - -Now, using the Left Sidebar, navigate to `Applications` → `Applications`, click on `Create` (Blue Button at the Top of the Screen) and fill in the required Fields: - -- Name: choose a Name for the Application (e.g. `netalertx`) -- Slug: choose a Slug for the Application (e.g. `netalertx`) -- Group: optionally you can assign this Application to a Group of Applications of your Choosing (for grouping Purposes within Authentik User Interface) -- Provider: select the Provider you created the the `Providers` Section previosly (e.g. `netalertx`) - -Then click `Create`. - -![Authentik Application Setup (Part 1)](./img/REVERSE_PROXY/authentik-application-setup-01.png) - -Now, using the Left Sidebar, navigate to `Applications` → `Outposts`, click on `Create` (Blue Button at the Top of the Screen) and fill in the required Fields: - -- Name: choose a Name for the Outpost (e.g. `netalertx`) -- Type: `Proxy` -- Integration: open the Dropdown and click on `---------`. Make sure it is NOT set to `Local Docker connection` ! - -In the `Available Applications` Section, select the Application you created in the Previous Step, then click the right Arrow (approx. located in the Center of the Screen), so that it gets copied in the `Selected Applications` Section. - -Then click `Create`. - -![Authentik Outpost Setup (Part 1)](./img/REVERSE_PROXY/authentik-outpost-setup-01.png) - -Wait a few Seconds for the Outpost to be created. Once it appears in the List, click on `Deployment Info` on the Right Side of the relevant Line. - -![Authentik Outpost Setup (Part 2)](./img/REVERSE_PROXY/authentik-outpost-setup-02.png) - -Take note of that Token. You will need it for the Authentik Outpost Proxy Container, which will read it as the `AUTHENTIK_TOKEN` Environment Variable. - -### NGINX Configuration inside NetAlertX Container -> [!NOTE] -> This is something that was implemented based on the previous Content of this Reverse Proxy Document. -> Due to some Buffer Warnings/Errors in the Logs as well as some other Issues I was experiencing, I increased a lot the client_body_buffer_size and large_client_header_buffers Parameters, although these might not be required anymore. -> Further Testing might be required. - -``` -# Set number of worker processes automatically based on number of CPU cores. -worker_processes auto; - -# Enables the use of JIT for regular expressions to speed-up their processing. -pcre_jit on; - -# Configures default error logger. -error_log /tmp/log/nginx-error.log warn; - -pid /tmp/run/nginx.pid; - -events { - # The maximum number of simultaneous connections that can be opened by - # a worker process. - worker_connections 1024; -} - -http { - - # Mapping of temp paths for various nginx modules. - client_body_temp_path /tmp/nginx/client_body; - proxy_temp_path /tmp/nginx/proxy; - fastcgi_temp_path /tmp/nginx/fastcgi; - uwsgi_temp_path /tmp/nginx/uwsgi; - scgi_temp_path /tmp/nginx/scgi; - - # Includes mapping of file name extensions to MIME types of responses - # and defines the default type. - include /services/config/nginx/mime.types; - default_type application/octet-stream; - - # Name servers used to resolve names of upstream servers into addresses. - # It's also needed when using tcpsocket and udpsocket in Lua modules. - #resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001]; - - # Don't tell nginx version to the clients. Default is 'on'. - server_tokens off; - - # Specifies the maximum accepted body size of a client request, as - # indicated by the request header Content-Length. If the stated content - # length is greater than this size, then the client receives the HTTP - # error code 413. Set to 0 to disable. Default is '1m'. - client_max_body_size 1m; - - # Sendfile copies data between one FD and other from within the kernel, - # which is more efficient than read() + write(). Default is off. - sendfile on; - - # Causes nginx to attempt to send its HTTP response head in one packet, - # instead of using partial frames. Default is 'off'. - tcp_nopush on; - - - # Enables the specified protocols. Default is TLSv1 TLSv1.1 TLSv1.2. - # TIP: If you're not obligated to support ancient clients, remove TLSv1.1. - ssl_protocols TLSv1.2 TLSv1.3; - - # Path of the file with Diffie-Hellman parameters for EDH ciphers. - # TIP: Generate with: `openssl dhparam -out /etc/ssl/nginx/dh2048.pem 2048` - #ssl_dhparam /etc/ssl/nginx/dh2048.pem; - - # Specifies that our cipher suits should be preferred over client ciphers. - # Default is 'off'. - ssl_prefer_server_ciphers on; - - # Enables a shared SSL cache with size that can hold around 8000 sessions. - # Default is 'none'. - ssl_session_cache shared:SSL:2m; - - # Specifies a time during which a client may reuse the session parameters. - # Default is '5m'. - ssl_session_timeout 1h; - - # Disable TLS session tickets (they are insecure). Default is 'on'. - ssl_session_tickets off; - - - # Enable gzipping of responses. - gzip on; - - # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'. - gzip_vary on; - - - # Specifies the main log format. - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - # Sets the path, format, and configuration for a buffered log write. - access_log /tmp/log/nginx-access.log main; - - - # Virtual host config (unencrypted) - server { - listen ${LISTEN_ADDR}:${PORT} default_server; - root /app/front; - index index.php; - add_header X-Forwarded-Prefix "/app" always; - - server_name netalertx-server; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - client_body_buffer_size 512k; - large_client_header_buffers 64 128k; - - location ~* \.php$ { - # Set Cache-Control header to prevent caching on the first load - add_header Cache-Control "no-store"; - fastcgi_pass unix:/tmp/run/php.sock; - include /services/config/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param SCRIPT_NAME $fastcgi_script_name; - fastcgi_connect_timeout 75; - fastcgi_send_timeout 600; - fastcgi_read_timeout 600; - } - } -} -``` - -### Caddyfile -``` -# Example and Guide -# https://caddyserver.com/docs/caddyfile/options - -# General Options -{ - # (Optional) Debug Mode - # debug - - # (Optional ) Enable / Disable Admin API - admin off - - # TLS Options - # (Optional) Disable Certificates Management (only if SSL/TLS Certificates are managed by certbot or other external Tools) - auto_https disable_certs -} - -# (Optional Enable Admin API) -# localhost { -# reverse_proxy /api/* localhost:9001 -# } - -# NetAlertX Web GUI (HTTPS Port 443) -# (Optional) Only if SSL/TLS Certificates are managed by certbot or other external Tools and Custom Logging is required -{$APPLICATION_HOSTNAME}:443 { - tls /certificates/{$APPLICATION_CERTIFICATE_DOMAIN}/{$APPLICATION_CERTIFICATE_CERT_FILE:fullchain.pem} /certificates/{$APPLICATION_CERTIFICATE_DOMAIN}/{$APPLICATION_CERTIFICATE_KEY_FILE:privkey.pem} - - log { - output file /var/log/{$APPLICATION_HOSTNAME}/access_web.json { - roll_size 100MiB - roll_keep 5000 - roll_keep_for 720h - roll_uncompressed - } - - format json - } - - route { - # Always forward outpost path to actual outpost - reverse_proxy /outpost.goauthentik.io/* https://{$OUTPOST_HOSTNAME}:{$OUTPOST_EXTERNAL_PORT} { - header_up Host {http.reverse_proxy.upstream.hostport} - } - - # Forward authentication to outpost - forward_auth https://{$OUTPOST_HOSTNAME}:{$OUTPOST_EXTERNAL_PORT} { - uri /outpost.goauthentik.io/auth/caddy - - # Capitalization of the headers is important, otherwise they will be empty - copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version - - # (Optional) - # If not set, trust all private ranges, but for Security Reasons, this should be set to the outposts IP - trusted_proxies private_ranges - } - } - - # IPv4 Reverse Proxy to NetAlertX Web GUI (internal unencrypted Host) - reverse_proxy http://0.0.0.0:20211 - - # IPv6 Reverse Proxy to NetAlertX Web GUI (internal unencrypted Host) - # reverse_proxy http://[::1]:20211 -} - -# NetAlertX GraphQL Endpoint (HTTPS Port 20212) -# (Optional) Only if SSL/TLS Certificates are managed by certbot or other external Tools and Custom Logging is required -{$APPLICATION_HOSTNAME}:20212 { - tls /certificates/{$APPLICATION_CERTIFICATE_DOMAIN}/{$APPLICATION_CERTIFICATE_CERT_FILE:fullchain.pem} /certificates/{$APPLICATION_CERTIFICATE_DOMAIN}/{$APPLICATION_CERTIFICATE_KEY_FILE:privkey.pem} - - log { - output file /var/log/{$APPLICATION_HOSTNAME}/access_graphql.json { - roll_size 100MiB - roll_keep 5000 - roll_keep_for 720h - roll_uncompressed - } - - format json - } - - # IPv4 Reverse Proxy to NetAlertX GraphQL Endpoint (internal unencrypted Host) - reverse_proxy http://0.0.0.0:20219 - - # IPv6 Reverse Proxy to NetAlertX GraphQL Endpoint (internal unencrypted Host) - # reverse_proxy http://[::1]:6000 -} - -# Authentik Outpost -# (Optional) Only if SSL/TLS Certificates are managed by certbot or other external Tools and Custom Logging is required -{$OUTPOST_HOSTNAME}:{$OUTPOST_EXTERNAL_PORT} { - tls /certificates/{$APPLICATION_CERTIFICATE_DOMAIN}/{$APPLICATION_CERTIFICATE_CERT_FILE:fullchain.pem} /certificates/{$APPLICATION_CERTIFICATE_DOMAIN}/{$APPLICATION_CERTIFICATE_KEY_FILE:privkey.pem} - - log { - output file /var/log/outpost/{$OUTPOST_HOSTNAME}/access.json { - roll_size 100MiB - roll_keep 5000 - roll_keep_for 720h - roll_uncompressed - } - - format json - } - - # IPv4 Reverse Proxy to internal unencrypted Host - # reverse_proxy http://0.0.0.0:6000 - - # IPv6 Reverse Proxy to internal unencrypted Host - reverse_proxy http://[::1]:6000 -} -``` - -### Login -Now try to login by visiting `https://netalertx.MYDOMAIN.TLD`. - -You should be greeted with a Login Screen by Authentik. - -If you are already logged in Authentik, log out first. You can do that by visiting `https://netalertx.MYDOMAIN.TLD/outpost.goauthentik.io/sign_out`, then click on `Log out of authentik` (2nd Button). Or you can just sign out from your Authentik Admin Panel at `https://authentik.MYDOMAIN.TLD`. - -If everything works as expected, then you can now set `SETPWD_enable_password=false` to disable double Authentication. - -![Authentik Login Screen](./img/REVERSE_PROXY/authentik-login.png) diff --git a/docs/REVERSE_PROXY_CADDY.md b/docs/REVERSE_PROXY_CADDY.md new file mode 100644 index 00000000..0bde799d --- /dev/null +++ b/docs/REVERSE_PROXY_CADDY.md @@ -0,0 +1,892 @@ +## Caddy + Authentik Outpost Proxy SSO +> Submitted by [luckylinux](https://github.com/luckylinux) 🙏. + +> [!NOTE] +> This is community-contributed. Due to environment, setup, or networking differences, results may vary. Please open a PR to improve it instead of creating an issue, as the maintainer is not actively maintaining it. + +> [!NOTE] +> NetAlertX requires access to both the **web UI** (default `20211`) and the **GraphQL backend `GRAPHQL_PORT`** (default `20212`) ports. +> Ensure your reverse proxy allows traffic to both for proper functionality. + +### Introduction + +This Setup assumes: + +1. Authentik Installation running on a separate Host at `https://authentik.MYDOMAIN.TLD` +2. Container Management is done on Baremetal OR in a Virtual Machine (KVM/Xen/ESXi/..., no LXC Containers !): + i. Docker and Docker Compose configured locally running as Root (needed for `network_mode: host`) OR + ii. Podman (optionally `podman-compose`) configured locally running as Root (needed for `network_mode: host`) +3. TLS Certificates are already pre-obtained and located at `/var/lib/containers/certificates/letsencrypt/MYDOMAIN.TLD`. + I use the `certbot/dns-cloudflare` Podman Container on a separate Host to obtain the Certificates which I then distribute internally. + This Container uses the Wildcard Top-Level Domain Certificate which is valid for `MYDOMAIN.TLD` and `*.MYDOMAIN.TLD`. +4. Proxied Access + i. NetAlertX Web Interface is accessible via Caddy Reverse Proxy at `https://netalertx.MYDOMAIN.TLD` (default HTTPS Port 443: `https://netalertx.MYDOMAIN.TLD:443`) with `REPORT_DASHBOARD_URL=https://netalertx.MYDOMAIN.TLD` + ii. NetAlertX GraphQL Interface is accessible via Caddy Reverse Proxy at `https://netalertx.MYDOMAIN.TLD:20212` with `BACKEND_API_URL=https://netalertx.MYDOMAIN.TLD:20212` + iii. Authentik Proxy Outpost is accessible via Caddy Reverse Proxy at `https://netalertx.MYDOMAIN.TLD:9443` +5. Internal Ports + i. NGINX Web Server is set to listen on internal Port 20211 set via `PORT=20211` + ii. Python Web Server is set to listen on internal Port `GRAPHQL_PORT=20219` + iii. Authentik Proxy Outpost is listening on internal Port `AUTHENTIK_LISTEN__HTTP=[::1]:6000` (unencrypted) and Port `AUTHENTIK_LISTEN__HTTPS=[::1]:6443` (encrypted) + +8. Some further Configuration for Caddy is performed in Terms of Logging, SSL Certificates, etc + +It's also possible to [let Caddy automatically request & keep TLS Certificates up-to-date](https://caddyserver.com/docs/automatic-https), although please keep in mind that: + +1. You risk enumerating your LAN. Every Domain/Subdomain for which Caddy requests a TLS Certificate for you will result in that Host to be listed on [List of Letsencrypt Certificates issued](https://crt.sh/). +2. You need to either: + i. Open Port 80 for external Access ([HTTP challenge](https://caddyserver.com/docs/automatic-https#http-challenge)) in order for Letsencrypt to verify the Ownership of the Domain/Subdomain + ii. Open Port 443 for external Access ([TLS-ALPN challenge](https://caddyserver.com/docs/automatic-https#tls-alpn-challenge)) in order for Letsencrypt to verify the Ownership of the Domain/Subdomain + iii. Give Caddy the Credentials to update the DNS Records at your DNS Provider ([DNS challenge](https://caddyserver.com/docs/automatic-https#dns-challenge)) + +You can also decide to deploy your own Certificates & Certification Authority, either manually with OpenSSL, or by using something like [mkcert](https://github.com/FiloSottile/mkcert). + +In Terms of IP Stack Used: +- External: Caddy listens on both IPv4 and IPv6. +- Internal: + - Authentik Outpost Proxy listens on IPv6 `[::1]` + - NetAlertX listens on IPv4 `0.0.0.0` + +### Flow +The Traffic Flow will therefore be as follows: + +- Web GUI: + i. Client accesses `http://authentik.MYDOMAIN.TLD:80`: default (built-in Caddy) Redirect to `https://authentik.MYDOMAIN.TLD:443` + ii. Client accesses `https://authentik.MYDOMAIN.TLD:443` -> reverse Proxy to internal Port 20211 (NetAlertX Web GUI / NGINX - unencrypted) +- GraphQL: Client accesses `https://authentik.MYDOMAIN.TLD:20212` -> reverse Proxy to internal Port 20219 (NetAlertX GraphQL - unencrypted) +- Authentik Outpost: Client accesses `https://authentik.MYDOMAIN.TLD:9443` -> reverse Proxy to internal Port 6000 (Authentik Outpost Proxy - unencrypted) + +An Overview of the Flow is provided in the Picture below: + +![Reverse Proxy Traffic Flow with Authentik SSSO](./img/REVERSE_PROXY/reverse_proxy_flow.svg) + +### Security Considerations + +#### Caddy should be run rootless + +> [!WARNING] +> By default Caddy runs as `root` which is a Security Risk. +> In order to solve this, it's recommended to create an unprivileged User `caddy` and Group `caddy` on the Host: +> ``` +> groupadd --gid 980 caddy +> useradd --shell /usr/sbin/nologin --gid 980 --uid 980 -c "Caddy web server" --base-dir /var/lib/caddy +> ``` + +At least using Quadlets with Usernames (NOT required with UID/GID), but possibly using Compose in certain Cases as well, a custom `/etc/passwd` and `/etc/group` might need to be bind-mounted inside the Container. +`passwd`: +``` +root:x:0:0:root:/root:/bin/sh +bin:x:1:1:bin:/bin:/sbin/nologin +daemon:x:2:2:daemon:/sbin:/sbin/nologin +lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin +sync:x:5:0:sync:/sbin:/bin/sync +shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown +halt:x:7:0:halt:/sbin:/sbin/halt +mail:x:8:12:mail:/var/mail:/sbin/nologin +news:x:9:13:news:/usr/lib/news:/sbin/nologin +uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin +cron:x:16:16:cron:/var/spool/cron:/sbin/nologin +ftp:x:21:21::/var/lib/ftp:/sbin/nologin +sshd:x:22:22:sshd:/dev/null:/sbin/nologin +games:x:35:35:games:/usr/games:/sbin/nologin +ntp:x:123:123:NTP:/var/empty:/sbin/nologin +guest:x:405:100:guest:/dev/null:/sbin/nologin +nobody:x:65534:65534:nobody:/:/sbin/nologin +caddy:x:980:980:caddy:/var/lib/caddy:/bin/sh +``` + +`group`: +``` +root:x:0:root +bin:x:1:root,bin,daemon +daemon:x:2:root,bin,daemon +sys:x:3:root,bin +adm:x:4:root,daemon +tty:x:5: +disk:x:6:root +lp:x:7:lp +kmem:x:9: +wheel:x:10:root +floppy:x:11:root +mail:x:12:mail +news:x:13:news +uucp:x:14:uucp +cron:x:16:cron +audio:x:18: +cdrom:x:19: +dialout:x:20:root +ftp:x:21: +sshd:x:22: +input:x:23: +tape:x:26:root +video:x:27:root +netdev:x:28: +kvm:x:34:kvm +games:x:35: +shadow:x:42: +www-data:x:82: +users:x:100:games +ntp:x:123: +abuild:x:300: +utmp:x:406: +ping:x:999: +nogroup:x:65533: +nobody:x:65534: +caddy:x:980: +``` + +#### Authentication of GraphQL Endpoint + +> [!WARNING] +> Currently the GraphQL Endpoint is NOT authenticated ! + +### Environment Files +Depending on the Preference of the User (Environment Variables defined in Compose/Quadlet or in external `.env` File[s]), it might be prefereable to place at least some Environment Variables in external `.env` and `.env.` Files. + +The following is proposed: + +- `.env`: common Settings (empty by Default) +- `.env.caddy`: Caddy Settings +- `.env.server`: NetAlertX Server/Application Settings +- `.env.outpost.proxy`: Authentik Proxy Outpost Settings + +The following Contents is assumed. + +`.env.caddy`: +``` +# Define Application Hostname +APPLICATION_HOSTNAME=netalertx.MYDOMAIN.TLD + +# Define Certificate Domain +# In this case: use Wildcard Certificate +APPLICATION_CERTIFICATE_DOMAIN=MYDOMAIN.TLD +APPLICATION_CERTIFICATE_CERT_FILE=fullchain.pem +APPLICATION_CERTIFICATE_KEY_FILE=privkey.pem + +# Define Outpost Hostname +OUTPOST_HOSTNAME=netalertx.MYDOMAIN.TLD + +# Define Outpost External Port (TLS) +OUTPOST_EXTERNAL_PORT=9443 +``` + +`.env.server`: +``` +PORT=20211 +PORT_SSL=443 +NETALERTX_NETWORK_MODE=host +LISTEN_ADDR=0.0.0.0 +GRAPHQL_PORT=20219 +NETALERTX_DEBUG=1 +BACKEND_API_URL=https://netalertx.MYDOMAIN.TLD:20212 +``` + +`.env.outpost.proxy`: +``` +AUTHENTIK_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +AUTHENTIK_LISTEN__HTTP=[::1]:6000 +AUTHENTIK_LISTEN__HTTPS=[::1]:6443 +``` + +### Compose Setup +``` +version: "3.8" +services: + netalertx-caddy: + container_name: netalertx-caddy + + network_mode: host + image: docker.io/library/caddy:latest + pull: missing + + env_file: + - .env + - .env.caddy + + environment: + CADDY_DOCKER_CADDYFILE_PATH: "/etc/caddy/Caddyfile" + + volumes: + - ./Caddyfile:/etc/caddy/Caddyfile:ro,z + - /var/lib/containers/data/netalertx/caddy:/data/caddy:rw,z + - /var/lib/containers/log/netalertx/caddy:/var/log:rw,z + - /var/lib/containers/config/netalertx/caddy:/config/caddy:rw,z + - /var/lib/containers/certificates/letsencrypt:/certificates:ro,z + + # Set User + user: "caddy:caddy" + + # Automatically restart Container + restart: unless-stopped + + netalertx-server: + container_name: netalertx-server # The name when you docker contiainer ls + + network_mode: host # Use host networking for ARP scanning and other services + + depends_on: + netalertx-caddy: + condition: service_started + restart: true + netalertx-outpost-proxy: + condition: service_started + restart: true + + # Local built Image including latest Changes + image: localhost/netalertx-dev:dev-20260109-232454 + + read_only: true # Make the container filesystem read-only + + # It is most secure to start with user 20211, but then we lose provisioning capabilities. + # user: "${NETALERTX_UID:-20211}:${NETALERTX_GID:-20211}" + cap_drop: # Drop all capabilities for enhanced security + - ALL + cap_add: # Add only the necessary capabilities + - NET_ADMIN # Required for scanning with arp-scan, nmap, nbtscan, traceroute, and zero-conf + - NET_RAW # Required for raw socket operations with arp-scan, nmap, nbtscan, traceroute and zero-conf + - NET_BIND_SERVICE # Required to bind to privileged ports with nbtscan + - CHOWN # Required for root-entrypoint to chown /data + /tmp before dropping privileges + - SETUID # Required for root-entrypoint to switch to non-root user + - SETGID # Required for root-entrypoint to switch to non-root group + volumes: + + # Override NGINX Configuration Template + - type: bind + source: /var/lib/containers/config/netalertx/server/nginx/netalertx.conf.template + target: /services/config/nginx/netalertx.conf.template + read_only: true + bind: + selinux: Z + + # Letsencrypt Certificates + - type: bind + source: /var/lib/containers/certificates/letsencrypt/MYDOMAIN.TLD + target: /certificates + read_only: true + bind: + selinux: Z + + # Data Storage for NetAlertX + - type: bind # Persistent Docker-managed Named Volume for storage + source: /var/lib/containers/data/netalertx/server + target: /data # consolidated configuration and database storage + read_only: false # writable volume + bind: + selinux: Z + + # Set the Timezone + - type: bind # Bind mount for timezone consistency + source: /etc/localtime + target: /etc/localtime + read_only: true + bind: + selinux: Z + + # tmpfs mounts for writable directories in a read-only container and improve system performance + # All writes now live under /tmp/* subdirectories which are created dynamically by entrypoint.d scripts + # mode=1700 gives rwx------ permissions; ownership is set by /root-entrypoint.sh + - type: tmpfs + target: /tmp + tmpfs-mode: 1700 + uid: 0 + gid: 0 + rw: true + noexec: true + nosuid: true + nodev: true + async: true + noatime: true + nodiratime: true + bind: + selinux: Z + + env_file: + - .env + - .env.server + + environment: + PUID: ${NETALERTX_UID:-20211} # Runtime UID after priming (Synology/no-copy-up safe) + PGID: ${NETALERTX_GID:-20211} # Runtime GID after priming (Synology/no-copy-up safe) + LISTEN_ADDR: ${LISTEN_ADDR:-0.0.0.0} # Listen for connections on all interfaces + PORT: ${PORT:-20211} # Application port + PORT_SSL: ${PORT_SSL:-443} + GRAPHQL_PORT: ${GRAPHQL_PORT:-20212} # GraphQL API port + ALWAYS_FRESH_INSTALL: ${ALWAYS_FRESH_INSTALL:-false} # Set to true to reset your config and database on each container start + NETALERTX_DEBUG: ${NETALERTX_DEBUG:-0} # 0=kill all services and restart if any dies. 1 keeps running dead services. + BACKEND_API_URL: ${BACKEND_API_URL-"https://netalertx.MYDOMAIN.TLD:20212"} + + # Resource limits to prevent resource exhaustion + mem_limit: 4096m # Maximum memory usage + mem_reservation: 2048m # Soft memory limit + cpu_shares: 512 # Relative CPU weight for CPU contention scenarios + pids_limit: 512 # Limit the number of processes/threads to prevent fork bombs + logging: + driver: "json-file" # Use JSON file logging driver + options: + max-size: "10m" # Rotate log files after they reach 10MB + max-file: "3" # Keep a maximum of 3 log files + + # Always restart the container unless explicitly stopped + restart: unless-stopped + + # To sign Out, you need to visit + # {$OUTPOST_HOSTNAME}:{$OUTPOST_EXTERNAL_PORT}/outpost.goauthentik.io/sign_out + netalertx-outpost-proxy: + container_name: netalertx-outpost-proxy + + network_mode: host + + depends_on: + netalertx-caddy: + condition: service_started + restart: true + + restart: unless-stopped + + image: ghcr.io/goauthentik/proxy:2025.10 + pull: missing + + env_file: + - .env + - .env.outpost.proxy + + environment: + AUTHENTIK_HOST: "https://authentik.MYDOMAIN.TLD" + AUTHENTIK_INSECURE: false + AUTHENTIK_LISTEN__HTTP: "[::1]:6000" + AUTHENTIK_LISTEN__HTTPS: "[::1]:6443" +``` + +### Quadlet Setup +`netalertx.pod`: +``` +[Pod] +# Name of the Pod +PodName=netalertx + +# Network Mode Host is required for ARP to work +Network=host + +# Automatically start Pod at Boot Time +[Install] +WantedBy=default.target +``` + +`netalertx-caddy.container`: +``` +[Unit] +Description=NetAlertX Caddy Container + +[Service] +Restart=always + +[Container] +ContainerName=netalertx-caddy + +Pod=netalertx.pod +StartWithPod=true + +# Generic Environment Configuration +EnvironmentFile=.env + +# Caddy Specific Environment Configuration +EnvironmentFile=.env.caddy + +Environment=CADDY_DOCKER_CADDYFILE_PATH=/etc/caddy/Caddyfile + +Image=docker.io/library/caddy:latest +Pull=missing + +# Run as rootless +# Specifying User & Group by Name requires to mount a custom passwd & group File inside the Container +# Otherwise an Error like the following will result: netalertx-caddy[593191]: Error: unable to find user caddy: no matching entries in passwd file +# User=caddy +# Group=caddy +# Volume=/var/lib/containers/config/netalertx/caddy-rootless/passwd:/etc/passwd:ro,z +# Volume=/var/lib/containers/config/netalertx/caddy-rootless/group:/etc/group:ro,z + +# Run as rootless +# Specifying User & Group by UID/GID will NOT require a custom passwd / group File to be bind-mounted inside the Container +User=980 +Group=980 + +Volume=./Caddyfile:/etc/caddy/Caddyfile:ro,z +Volume=/var/lib/containers/data/netalertx/caddy:/data/caddy:z +Volume=/var/lib/containers/log/netalertx/caddy:/var/log:z +Volume=/var/lib/containers/config/netalertx/caddy:/config/caddy:z +Volume=/var/lib/containers/certificates/letsencrypt:/certificates:ro,z +``` + +`netalertx-server.container`: +``` +[Unit] +Description=NetAlertX Server Container +Requires=netalertx-caddy.service netalertx-outpost-proxy.service +After=netalertx-caddy.service netalertx-outpost-proxy.service + +[Service] +Restart=always + +[Container] +ContainerName=netalertx-server + +Pod=netalertx.pod +StartWithPod=true + +# Local built Image including latest Changes +Image=localhost/netalertx-dev:dev-20260109-232454 +Pull=missing + +# Make the container filesystem read-only +ReadOnly=true + +# Drop all capabilities for enhanced security +DropCapability=ALL + +# It is most secure to start with user 20211, but then we lose provisioning capabilities. +# User=20211:20211 + +# Required for scanning with arp-scan, nmap, nbtscan, traceroute, and zero-conf +AddCapability=NET_ADMIN + +# Required for raw socket operations with arp-scan, nmap, nbtscan, traceroute and zero-conf +AddCapability=NET_RAW + +# Required to bind to privileged ports with nbtscan +AddCapability=NET_BIND_SERVICE + +# Required for root-entrypoint to chown /data + /tmp before dropping privileges +AddCapability=CHOWN + +# Required for root-entrypoint to switch to non-root user +AddCapability=SETUID + +# Required for root-entrypoint to switch to non-root group +AddCapability=SETGID + +# Override the Configuration Template +Volume=/var/lib/containers/config/netalertx/server/nginx/netalertx.conf.template:/services/config/nginx/netalertx.conf.template:ro,Z + +# Letsencrypt Certificates +Volume=/var/lib/containers/certificates/letsencrypt/MYDOMAIN.TLD:/certificates:ro,Z + +# Data Storage for NetAlertX +Volume=/var/lib/containers/data/netalertx/server:/data:rw,Z + +# Set the Timezone +Volume=/etc/localtime:/etc/localtime:ro,Z + +# tmpfs mounts for writable directories in a read-only container and improve system performance +# All writes now live under /tmp/* subdirectories which are created dynamically by entrypoint.d scripts +# mode=1700 gives rwx------ permissions; ownership is set by /root-entrypoint.sh +# Mount=type=tmpfs,destination=/tmp,tmpfs-mode=1700,uid=0,gid=0,rw=true,noexec=true,nosuid=true,nodev=true,async=true,noatime=true,nodiratime=true,relabel=private +Mount=type=tmpfs,destination=/tmp,tmpfs-mode=1700,rw=true,noexec=true,nosuid=true,nodev=true + +# Environment Configuration +EnvironmentFile=.env +EnvironmentFile=.env.server + +# Runtime UID after priming (Synology/no-copy-up safe) +Environment=PUID=20211 + +# Runtime GID after priming (Synology/no-copy-up safe) +Environment=PGID=20211 + +# Listen for connections on all interfaces (IPv4) +Environment=LISTEN_ADDR=0.0.0.0 + +# Application port +Environment=PORT=20211 + +# SSL Port +Environment=PORT_SSL=443 + +# GraphQL API port +Environment=GRAPHQL_PORT=20212 + +# Set to true to reset your config and database on each container start +Environment=ALWAYS_FRESH_INSTALL=false + +# 0=kill all services and restart if any dies. 1 keeps running dead services. +Environment=NETALERTX_DEBUG=0 + +# Set the GraphQL URL for external Access (via Caddy Reverse Proxy) +Environment=BACKEND_API_URL=https://netalertx-fedora.MYDOMAIN.TLD:20212 + +# Resource limits to prevent resource exhaustion +# Maximum memory usage +Memory=4g + +# Limit the number of processes/threads to prevent fork bombs +PidsLimit=512 + +# Relative CPU weight for CPU contention scenarios +PodmanArgs=--cpus=2 +PodmanArgs=--cpu-shares=512 + +# Soft memory limit +PodmanArgs=--memory-reservation=2g + +# !! The following Keys are unfortunately not [yet] supported !! + +# Relative CPU weight for CPU contention scenarios +#CpuShares=512 + +# Soft memory limit +#MemoryReservation=2g +``` + +`netalertx-outpost-proxy.container`: +``` +[Unit] +Description=NetAlertX Authentik Proxy Outpost Container +Requires=netalertx-caddy.service +After=netalertx-caddy.service + +[Service] +Restart=always + +[Container] +ContainerName=netalertx-outpost-proxy + +Pod=netalertx.pod +StartWithPod=true + +# General Configuration +EnvironmentFile=.env + +# Authentik Outpost Proxy Specific Configuration +EnvironmentFile=.env.outpost.proxy + +Environment=AUTHENTIK_HOST=https://authentik.MYDOMAIN.TLD +Environment=AUTHENTIK_INSECURE=false + +# Overrides Value from .env.outpost.rac +# Environment=AUTHENTIK_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + +# Optional setting to be used when `authentik_host` for internal communication doesn't match the public URL +# Environment=AUTHENTIK_HOST_BROWSER=https://authentik.MYDOMAIN.TLD + +# Container Image +Image=ghcr.io/goauthentik/proxy:2025.10 +Pull=missing + +# Network Configuration +Network=container:supermicro-ikvm-pve031-caddy + +# Security Configuration +NoNewPrivileges=true +``` + +### Firewall Setup + +Depending on which GNU/Linux Distribution you are running, it might be required to open up some Firewall Ports in order to be able to access the Endpoints from outside the Host itself. + +This is for instance the Case for Fedora Linux, where I had to open: + +- Port 20212 for external GraphQL Access (both TCP & UDP are open, unsure if UDP is required) +- Port 9443 for external Authentik Outpost Proxy Access (both TCP & UDP are open, unsure if UDP is required) + +![Fedora Firewall Configuration](./img/REVERSE_PROXY/fedora-firewall.png) + +### Authentik Setup + +In order to enable Single Sign On (SSO) with Authentik, you will need to create a Provider, an Application and an Outpost. + +![Authentik Left Sidebar](./img/REVERSE_PROXY/authentik-sidebar.png) + +First of all, using the Left Sidebar, navigate to `Applications` → `Providers`, click on `Create` (Blue Button at the Top of the Screen), select `Proxy Provider`, then click `Next`: +![Authentik Provider Setup (Part 1)](./img/REVERSE_PROXY/authentik-provider-setup-01.png) + +Fill in the required Fields: + +- Name: choose a Name for the Provider (e.g. `netalertx`) +- Authorization Flow: choose the Authorization Flow. I typically use `default-provider-authorization-implicit-consent (Authorize Application)`. If you select the `default-provider-authorization-explicit-consent (Authorize Application)` you will need to authorize Authentik every Time you want to log in NetAlertX, which can make the Experience less User-friendly +- Type: Click on `Forward Auth (single application)` +- External Host: set to `https://netalertx.MYDOMAIN.TLD` + +Click `Finish`. + +![Authentik Provider Setup (Part 2)](./img/REVERSE_PROXY/authentik-provider-setup-02.png) + +Now, using the Left Sidebar, navigate to `Applications` → `Applications`, click on `Create` (Blue Button at the Top of the Screen) and fill in the required Fields: + +- Name: choose a Name for the Application (e.g. `netalertx`) +- Slug: choose a Slug for the Application (e.g. `netalertx`) +- Group: optionally you can assign this Application to a Group of Applications of your Choosing (for grouping Purposes within Authentik User Interface) +- Provider: select the Provider you created the the `Providers` Section previosly (e.g. `netalertx`) + +Then click `Create`. + +![Authentik Application Setup (Part 1)](./img/REVERSE_PROXY/authentik-application-setup-01.png) + +Now, using the Left Sidebar, navigate to `Applications` → `Outposts`, click on `Create` (Blue Button at the Top of the Screen) and fill in the required Fields: + +- Name: choose a Name for the Outpost (e.g. `netalertx`) +- Type: `Proxy` +- Integration: open the Dropdown and click on `---------`. Make sure it is NOT set to `Local Docker connection` ! + +In the `Available Applications` Section, select the Application you created in the Previous Step, then click the right Arrow (approx. located in the Center of the Screen), so that it gets copied in the `Selected Applications` Section. + +Then click `Create`. + +![Authentik Outpost Setup (Part 1)](./img/REVERSE_PROXY/authentik-outpost-setup-01.png) + +Wait a few Seconds for the Outpost to be created. Once it appears in the List, click on `Deployment Info` on the Right Side of the relevant Line. + +![Authentik Outpost Setup (Part 2)](./img/REVERSE_PROXY/authentik-outpost-setup-02.png) + +Take note of that Token. You will need it for the Authentik Outpost Proxy Container, which will read it as the `AUTHENTIK_TOKEN` Environment Variable. + +### NGINX Configuration inside NetAlertX Container +> [!NOTE] +> This is something that was implemented based on the previous Content of this Reverse Proxy Document. +> Due to some Buffer Warnings/Errors in the Logs as well as some other Issues I was experiencing, I increased a lot the client_body_buffer_size and large_client_header_buffers Parameters, although these might not be required anymore. +> Further Testing might be required. + +``` +# Set number of worker processes automatically based on number of CPU cores. +worker_processes auto; + +# Enables the use of JIT for regular expressions to speed-up their processing. +pcre_jit on; + +# Configures default error logger. +error_log /tmp/log/nginx-error.log warn; + +pid /tmp/run/nginx.pid; + +events { + # The maximum number of simultaneous connections that can be opened by + # a worker process. + worker_connections 1024; +} + +http { + + # Mapping of temp paths for various nginx modules. + client_body_temp_path /tmp/nginx/client_body; + proxy_temp_path /tmp/nginx/proxy; + fastcgi_temp_path /tmp/nginx/fastcgi; + uwsgi_temp_path /tmp/nginx/uwsgi; + scgi_temp_path /tmp/nginx/scgi; + + # Includes mapping of file name extensions to MIME types of responses + # and defines the default type. + include /services/config/nginx/mime.types; + default_type application/octet-stream; + + # Name servers used to resolve names of upstream servers into addresses. + # It's also needed when using tcpsocket and udpsocket in Lua modules. + #resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001]; + + # Don't tell nginx version to the clients. Default is 'on'. + server_tokens off; + + # Specifies the maximum accepted body size of a client request, as + # indicated by the request header Content-Length. If the stated content + # length is greater than this size, then the client receives the HTTP + # error code 413. Set to 0 to disable. Default is '1m'. + client_max_body_size 1m; + + # Sendfile copies data between one FD and other from within the kernel, + # which is more efficient than read() + write(). Default is off. + sendfile on; + + # Causes nginx to attempt to send its HTTP response head in one packet, + # instead of using partial frames. Default is 'off'. + tcp_nopush on; + + + # Enables the specified protocols. Default is TLSv1 TLSv1.1 TLSv1.2. + # TIP: If you're not obligated to support ancient clients, remove TLSv1.1. + ssl_protocols TLSv1.2 TLSv1.3; + + # Path of the file with Diffie-Hellman parameters for EDH ciphers. + # TIP: Generate with: `openssl dhparam -out /etc/ssl/nginx/dh2048.pem 2048` + #ssl_dhparam /etc/ssl/nginx/dh2048.pem; + + # Specifies that our cipher suits should be preferred over client ciphers. + # Default is 'off'. + ssl_prefer_server_ciphers on; + + # Enables a shared SSL cache with size that can hold around 8000 sessions. + # Default is 'none'. + ssl_session_cache shared:SSL:2m; + + # Specifies a time during which a client may reuse the session parameters. + # Default is '5m'. + ssl_session_timeout 1h; + + # Disable TLS session tickets (they are insecure). Default is 'on'. + ssl_session_tickets off; + + + # Enable gzipping of responses. + gzip on; + + # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'. + gzip_vary on; + + + # Specifies the main log format. + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + # Sets the path, format, and configuration for a buffered log write. + access_log /tmp/log/nginx-access.log main; + + + # Virtual host config (unencrypted) + server { + listen ${LISTEN_ADDR}:${PORT} default_server; + root /app/front; + index index.php; + add_header X-Forwarded-Prefix "/app" always; + + server_name netalertx-server; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + client_body_buffer_size 512k; + large_client_header_buffers 64 128k; + + location ~* \.php$ { + # Set Cache-Control header to prevent caching on the first load + add_header Cache-Control "no-store"; + fastcgi_pass unix:/tmp/run/php.sock; + include /services/config/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_connect_timeout 75; + fastcgi_send_timeout 600; + fastcgi_read_timeout 600; + } + } +} +``` + +### Caddyfile +``` +# Example and Guide +# https://caddyserver.com/docs/caddyfile/options + +# General Options +{ + # (Optional) Debug Mode + # debug + + # (Optional ) Enable / Disable Admin API + admin off + + # TLS Options + # (Optional) Disable Certificates Management (only if SSL/TLS Certificates are managed by certbot or other external Tools) + auto_https disable_certs +} + +# (Optional Enable Admin API) +# localhost { +# reverse_proxy /api/* localhost:9001 +# } + +# NetAlertX Web GUI (HTTPS Port 443) +# (Optional) Only if SSL/TLS Certificates are managed by certbot or other external Tools and Custom Logging is required +{$APPLICATION_HOSTNAME}:443 { + tls /certificates/{$APPLICATION_CERTIFICATE_DOMAIN}/{$APPLICATION_CERTIFICATE_CERT_FILE:fullchain.pem} /certificates/{$APPLICATION_CERTIFICATE_DOMAIN}/{$APPLICATION_CERTIFICATE_KEY_FILE:privkey.pem} + + log { + output file /var/log/{$APPLICATION_HOSTNAME}/access_web.json { + roll_size 100MiB + roll_keep 5000 + roll_keep_for 720h + roll_uncompressed + } + + format json + } + + route { + # Always forward outpost path to actual outpost + reverse_proxy /outpost.goauthentik.io/* https://{$OUTPOST_HOSTNAME}:{$OUTPOST_EXTERNAL_PORT} { + header_up Host {http.reverse_proxy.upstream.hostport} + } + + # Forward authentication to outpost + forward_auth https://{$OUTPOST_HOSTNAME}:{$OUTPOST_EXTERNAL_PORT} { + uri /outpost.goauthentik.io/auth/caddy + + # Capitalization of the headers is important, otherwise they will be empty + copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version + + # (Optional) + # If not set, trust all private ranges, but for Security Reasons, this should be set to the outposts IP + trusted_proxies private_ranges + } + } + + # IPv4 Reverse Proxy to NetAlertX Web GUI (internal unencrypted Host) + reverse_proxy http://0.0.0.0:20211 + + # IPv6 Reverse Proxy to NetAlertX Web GUI (internal unencrypted Host) + # reverse_proxy http://[::1]:20211 +} + +# NetAlertX GraphQL Endpoint (HTTPS Port 20212) +# (Optional) Only if SSL/TLS Certificates are managed by certbot or other external Tools and Custom Logging is required +{$APPLICATION_HOSTNAME}:20212 { + tls /certificates/{$APPLICATION_CERTIFICATE_DOMAIN}/{$APPLICATION_CERTIFICATE_CERT_FILE:fullchain.pem} /certificates/{$APPLICATION_CERTIFICATE_DOMAIN}/{$APPLICATION_CERTIFICATE_KEY_FILE:privkey.pem} + + log { + output file /var/log/{$APPLICATION_HOSTNAME}/access_graphql.json { + roll_size 100MiB + roll_keep 5000 + roll_keep_for 720h + roll_uncompressed + } + + format json + } + + # IPv4 Reverse Proxy to NetAlertX GraphQL Endpoint (internal unencrypted Host) + reverse_proxy http://0.0.0.0:20219 + + # IPv6 Reverse Proxy to NetAlertX GraphQL Endpoint (internal unencrypted Host) + # reverse_proxy http://[::1]:6000 +} + +# Authentik Outpost +# (Optional) Only if SSL/TLS Certificates are managed by certbot or other external Tools and Custom Logging is required +{$OUTPOST_HOSTNAME}:{$OUTPOST_EXTERNAL_PORT} { + tls /certificates/{$APPLICATION_CERTIFICATE_DOMAIN}/{$APPLICATION_CERTIFICATE_CERT_FILE:fullchain.pem} /certificates/{$APPLICATION_CERTIFICATE_DOMAIN}/{$APPLICATION_CERTIFICATE_KEY_FILE:privkey.pem} + + log { + output file /var/log/outpost/{$OUTPOST_HOSTNAME}/access.json { + roll_size 100MiB + roll_keep 5000 + roll_keep_for 720h + roll_uncompressed + } + + format json + } + + # IPv4 Reverse Proxy to internal unencrypted Host + # reverse_proxy http://0.0.0.0:6000 + + # IPv6 Reverse Proxy to internal unencrypted Host + reverse_proxy http://[::1]:6000 +} +``` + +### Login +Now try to login by visiting `https://netalertx.MYDOMAIN.TLD`. + +You should be greeted with a Login Screen by Authentik. + +If you are already logged in Authentik, log out first. You can do that by visiting `https://netalertx.MYDOMAIN.TLD/outpost.goauthentik.io/sign_out`, then click on `Log out of authentik` (2nd Button). Or you can just sign out from your Authentik Admin Panel at `https://authentik.MYDOMAIN.TLD`. + +If everything works as expected, then you can now set `SETPWD_enable_password=false` to disable double Authentication. + +![Authentik Login Screen](./img/REVERSE_PROXY/authentik-login.png) \ No newline at end of file diff --git a/docs/REVERSE_PROXY_TRAEFIK.md b/docs/REVERSE_PROXY_TRAEFIK.md new file mode 100644 index 00000000..8766cfc6 --- /dev/null +++ b/docs/REVERSE_PROXY_TRAEFIK.md @@ -0,0 +1,86 @@ +# Guide: Routing NetAlertX API via Traefik v3 + +> [!NOTE] +> NetAlertX requires access to both the **web UI** (default `20211`) and the **GraphQL backend `GRAPHQL_PORT`** (default `20212`) ports. +> Ensure your reverse proxy allows traffic to both for proper functionality. + + +> [!NOTE] +> This is community-contributed. Due to environment, setup, or networking differences, results may vary. Please open a PR to improve it instead of creating an issue, as the maintainer is not actively maintaining it. + + +Traefik v3 requires the following setup to route traffic properly. This guide shows a working configuration using a dedicated `PathPrefix`. + +--- + +## 1. Configure NetAlertX Backend URL + +1. Open the NetAlertX UI: **Settings → Core → General**. +2. Set the `BACKEND_API_URL` to include a custom path prefix, for example: + +``` +https://netalertx.yourdomain.com/netalertx-api +``` + +This tells the frontend where to reach the backend API. + +--- + +## 2. Create a Traefik Router for the API + +Define a router specifically for the API with a higher priority and a `PathPrefix` rule: + +```yaml +netalertx-api: + rule: "Host(`netalertx.yourdomain.com`) && PathPrefix(`/netalertx-api`)" + service: netalertx-api-service + middlewares: + - netalertx-stripprefix + priority: 100 +``` + +**Notes:** + +* `Host(...)` ensures requests are only routed for your domain. +* `PathPrefix(...)` routes anything under `/netalertx-api` to the backend. +* Priority `100` ensures this router takes precedence over other routes. + +--- + +## 3. Add a Middleware to Strip the Prefix + +NetAlertX expects requests at the root (`/`). Use Traefik’s `StripPrefix` middleware: + +```yaml +middlewares: + netalertx-stripprefix: + stripPrefix: + prefixes: + - "/netalertx-api" +``` + +This removes `/netalertx-api` before forwarding the request to the backend container. + +--- + +## 4. Map the API Service to the Backend Container + +Point the service to the internal GraphQL/Backend port (20212): + +```yaml +netalertx-api-service: + loadBalancer: + servers: + - url: "http://:20212" +``` + +Replace `` with your NetAlertX container’s internal address. + +--- + +✅ With this setup: + +* `https://netalertx.yourdomain.com` → Web interface (port 20211) +* `https://netalertx.yourdomain.com/netalertx-api` → API/GraphQL backend (port 20212) + +This cleanly separates API requests from frontend requests while keeping everything under the same domain. diff --git a/docs/SYNOLOGY_GUIDE.md b/docs/SYNOLOGY_GUIDE.md index 1329c0c2..c87cd2a7 100755 --- a/docs/SYNOLOGY_GUIDE.md +++ b/docs/SYNOLOGY_GUIDE.md @@ -37,8 +37,8 @@ services: netalertx: container_name: netalertx # use the below line if you want to test the latest dev image - # image: "ghcr.io/jokob-sk/netalertx-dev:latest" - image: "ghcr.io/jokob-sk/netalertx:latest" + # image: "ghcr.io/netalertx/netalertx-dev:latest" + image: "ghcr.io/netalertx/netalertx:latest" network_mode: "host" restart: unless-stopped cap_drop: # Drop all capabilities for enhanced security diff --git a/docs/img/@eaDir/device_details.png@SynoEAStream b/docs/img/@eaDir/device_details.png@SynoEAStream deleted file mode 100755 index 28532238..00000000 Binary files a/docs/img/@eaDir/device_details.png@SynoEAStream and /dev/null differ diff --git a/docs/img/@eaDir/devices_dark.png@SynoEAStream b/docs/img/@eaDir/devices_dark.png@SynoEAStream deleted file mode 100755 index 28532238..00000000 Binary files a/docs/img/@eaDir/devices_dark.png@SynoEAStream and /dev/null differ diff --git a/docs/img/@eaDir/devices_light.png@SynoEAStream b/docs/img/@eaDir/devices_light.png@SynoEAStream deleted file mode 100755 index 28532238..00000000 Binary files a/docs/img/@eaDir/devices_light.png@SynoEAStream and /dev/null differ diff --git a/docs/img/@eaDir/devices_split.png@SynoEAStream b/docs/img/@eaDir/devices_split.png@SynoEAStream deleted file mode 100755 index 28532238..00000000 Binary files a/docs/img/@eaDir/devices_split.png@SynoEAStream and /dev/null differ diff --git a/docs/img/@eaDir/events.png@SynoEAStream b/docs/img/@eaDir/events.png@SynoEAStream deleted file mode 100755 index 28532238..00000000 Binary files a/docs/img/@eaDir/events.png@SynoEAStream and /dev/null differ diff --git a/docs/img/@eaDir/help_faq.png@SynoEAStream b/docs/img/@eaDir/help_faq.png@SynoEAStream deleted file mode 100755 index 28532238..00000000 Binary files a/docs/img/@eaDir/help_faq.png@SynoEAStream and /dev/null differ diff --git a/docs/img/@eaDir/maintenance.png@SynoEAStream b/docs/img/@eaDir/maintenance.png@SynoEAStream deleted file mode 100755 index 28532238..00000000 Binary files a/docs/img/@eaDir/maintenance.png@SynoEAStream and /dev/null differ diff --git a/docs/img/@eaDir/network.png@SynoEAStream b/docs/img/@eaDir/network.png@SynoEAStream deleted file mode 100755 index 28532238..00000000 Binary files a/docs/img/@eaDir/network.png@SynoEAStream and /dev/null differ diff --git a/docs/img/@eaDir/presence.png@SynoEAStream b/docs/img/@eaDir/presence.png@SynoEAStream deleted file mode 100755 index 28532238..00000000 Binary files a/docs/img/@eaDir/presence.png@SynoEAStream and /dev/null differ diff --git a/docs/img/@eaDir/settings.png@SynoEAStream b/docs/img/@eaDir/settings.png@SynoEAStream deleted file mode 100755 index 28532238..00000000 Binary files a/docs/img/@eaDir/settings.png@SynoEAStream and /dev/null differ diff --git a/docs/img/API/API_docs.png b/docs/img/API/API_docs.png new file mode 100644 index 00000000..03db08fc Binary files /dev/null and b/docs/img/API/API_docs.png differ diff --git a/docs/img/DEVICE_MANAGEMENT/field_sources_and_locks.png b/docs/img/DEVICE_MANAGEMENT/field_sources_and_locks.png new file mode 100644 index 00000000..4b4b4b14 Binary files /dev/null and b/docs/img/DEVICE_MANAGEMENT/field_sources_and_locks.png differ diff --git a/docs/img/FEATURES/Event-Driven_Alerts.png b/docs/img/FEATURES/Event-Driven_Alerts.png new file mode 100644 index 00000000..b30bf6a1 Binary files /dev/null and b/docs/img/FEATURES/Event-Driven_Alerts.png differ diff --git a/docs/img/FEATURES/Events.png b/docs/img/FEATURES/Events.png new file mode 100644 index 00000000..cc25fdb1 Binary files /dev/null and b/docs/img/FEATURES/Events.png differ diff --git a/docs/img/FEATURES/LAN_Visualization.png b/docs/img/FEATURES/LAN_Visualization.png new file mode 100644 index 00000000..33a1133a Binary files /dev/null and b/docs/img/FEATURES/LAN_Visualization.png differ diff --git a/docs/img/FEATURES/MCP_Server.png b/docs/img/FEATURES/MCP_Server.png new file mode 100644 index 00000000..4eb7a40c Binary files /dev/null and b/docs/img/FEATURES/MCP_Server.png differ diff --git a/docs/img/FEATURES/Multi-Channel_Notifications.png b/docs/img/FEATURES/Multi-Channel_Notifications.png new file mode 100644 index 00000000..2eac0cc5 Binary files /dev/null and b/docs/img/FEATURES/Multi-Channel_Notifications.png differ diff --git a/docs/img/FEATURES/Network_Discovery_Device_Tracking.png b/docs/img/FEATURES/Network_Discovery_Device_Tracking.png new file mode 100644 index 00000000..5d8b6f2a Binary files /dev/null and b/docs/img/FEATURES/Network_Discovery_Device_Tracking.png differ diff --git a/docs/img/device_nmap.png b/docs/img/device_nmap.png deleted file mode 100755 index c1208edb..00000000 Binary files a/docs/img/device_nmap.png and /dev/null differ diff --git a/docs/img/device_tools.png b/docs/img/device_tools.png new file mode 100644 index 00000000..0e3b6612 Binary files /dev/null and b/docs/img/device_tools.png differ diff --git a/docs/img/devices_split.png b/docs/img/devices_split.png index 4a27a1bb..4f044aeb 100755 Binary files a/docs/img/devices_split.png and b/docs/img/devices_split.png differ diff --git a/docs/img/maintenance.png b/docs/img/maintenance.png index 93958686..989af00d 100755 Binary files a/docs/img/maintenance.png and b/docs/img/maintenance.png differ diff --git a/docs/img/netalertx_docs.png b/docs/img/netalertx_docs.png index 27a0b661..39914c59 100755 Binary files a/docs/img/netalertx_docs.png and b/docs/img/netalertx_docs.png differ diff --git a/docs/img/network.png b/docs/img/network.png index b87d42f5..19231586 100755 Binary files a/docs/img/network.png and b/docs/img/network.png differ diff --git a/docs/img/report_sample.png b/docs/img/report_sample.png index 7b688864..988267cf 100755 Binary files a/docs/img/report_sample.png and b/docs/img/report_sample.png differ diff --git a/docs/img/sync_hub.png b/docs/img/sync_hub.png index dc452e2d..af42a944 100755 Binary files a/docs/img/sync_hub.png and b/docs/img/sync_hub.png differ diff --git a/docs/index.md b/docs/index.md index 8f830dc7..720842a2 100755 --- a/docs/index.md +++ b/docs/index.md @@ -4,51 +4,55 @@ hide: - toc --- -# NetAlertX Documentation -Welcome to the official NetAlertX documentation! NetAlertX is a powerful tool designed to simplify the management and monitoring of your network. Below, you will find guides and resources to help you set up, configure, and troubleshoot your NetAlertX instance. +
+
+

NetAlertX

+

+ Centralized network visibility and continuous asset discovery. +

+

+ NetAlertx delivers a scalable and secure solution for comprehensive network monitoring, supporting security awareness and operational efficiency. +

+
+
+ Hero image for NetAlertx +
+
-![Preview](./img/devices_split.png) +
+
+

Learn

+

Understand NetAlertX core features, discovery, and alerting concepts

+ + Explore Features + +
-## In-App Help +
+

Install

+

Step-by-step installation guides for Docker, Home Assistant, Unraid, and bare-metal setups

+ + View Installation Guides + +
-NetAlertX provides contextual help within the application: - -- **Hover over settings, fields, or labels** to see additional tooltips and guidance. -- **Click ❔ (question-mark) icons** next to various elements to view detailed information. - ---- - -## Installation Guides - -The app can be installed different ways, with the best support of the docker-based deployments. This includes the Home Assistant and Unraid installation approaches. See details below. - -### Docker (Fully Supported) - -NetAlertX is fully supported in Docker environments, allowing for easy setup and configuration. Follow the official guide to get started: - -- [Docker Installation Guide](./DOCKER_INSTALLATION.md) - -This guide will take you through the process of setting up NetAlertX using Docker Compose or standalone Docker commands. - -### Home Assistant (Fully Supported) - -You can install NetAlertX also as a Home Assistant addon [![Home Assistant](https://img.shields.io/badge/Repo-blue?logo=home-assistant&style=for-the-badge&color=0aa8d2&logoColor=fff&label=Add)](https://my.home-assistant.io/redirect/supervisor_add_addon_repository/?repository_url=https%3A%2F%2Fgithub.com%2Falexbelgium%2Fhassio-addons) via the [alexbelgium/hassio-addons](https://github.com/alexbelgium/hassio-addons/) repository. This is only possible if you run a supervised instance of Home Assistant. If not, you can still run NetAlertX in a separate Docker container and follow this guide to configure MQTT. - -- [[Installation] Home Assistant](https://github.com/alexbelgium/hassio-addons/tree/master/netalertx) - -### Unraid (Partial Support) - -The Unraid template was created by the community, so it's only partially supported. Alternatively, here is [another version of the Unraid template](https://github.com/jokob-sk/NetAlertX-unraid). - -- [[Installation] Unraid App](https://unraid.net/community/apps) - -### Bare-Metal Installation (Experimental) - -If you prefer to run NetAlertX on your own hardware, you can try the experimental bare-metal installation. Please note that this method is still under development, and are looking for maintainers to help improve it. - -- [Bare-Metal Installation Guide](./HW_INSTALL.md) +
+

Notifications

+

Learn how NetAlertX provides device presence, alerting, and compliance-friendly monitoring

+ + Explore Notifications + +
+
+

Contribute

+

Source code, development environment setup, and contribution guidelines

+ + Contribute on GitHub + +
+
--- @@ -58,14 +62,16 @@ If you need help or run into issues, here are some resources to guide you: **Before opening an issue, please:** + - **Hover over settings, fields, or labels** to see additional tooltips and guidance. + - **Click ? (question-mark) icons** next to various elements to view detailed information. - [Check common issues](./DEBUG_TIPS.md#common-issues) to see if your problem has already been reported. - - [Look at closed issues](https://github.com/jokob-sk/NetAlertX/issues?q=is%3Aissue+is%3Aclosed) for possible solutions to past problems. + - [Look at closed issues](https://github.com/netalertx/NetAlertX/issues?q=is%3Aissue+is%3Aclosed) for possible solutions to past problems. - **Enable debugging** to gather more information: [Debug Guide](./DEBUG_TIPS.md). **Need more help?** Join the community discussions or submit a support request: - - Visit the [GitHub Discussions](https://github.com/jokob-sk/NetAlertX/discussions) for community support. - - If you are experiencing issues that require immediate attention, consider opening an issue on our [GitHub Issues page](https://github.com/jokob-sk/NetAlertX/issues). + - Visit the [GitHub Discussions](https://github.com/netalertx/NetAlertX/discussions) for community support. + - If you are experiencing issues that require immediate attention, consider opening an issue on our [GitHub Issues page](https://github.com/netalertx/NetAlertX/issues). --- @@ -84,15 +90,15 @@ For more information on contributing, check out our [Dev Guide](./DEV_ENV_SETUP. To keep up with the latest changes and updates to NetAlertX, please refer to the following resources: -- [Releases](https://github.com/jokob-sk/NetAlertX/releases) +- [Releases](https://github.com/netalertx/NetAlertX/releases) Make sure to follow the project on GitHub to get notifications for new releases and important updates. --- ## Additional info -- **Documentation Index**: Check out the full [documentation index](https://github.com/jokob-sk/NetAlertX/tree/main/docs) for all the guides available. +- **Documentation Index**: Check out the full [documentation index](https://github.com/netalertx/NetAlertX/tree/main/docs) for all the guides available. If you have any suggestions or improvements, please don’t hesitate to contribute! -NetAlertX is actively maintained. You can find the source code, report bugs, or request new features on our [GitHub page](https://github.com/jokob-sk/NetAlertX). +NetAlertX is actively maintained. You can find the source code, report bugs, or request new features on our [GitHub page](https://github.com/netalertx/NetAlertX). diff --git a/docs/stylesheets/custom.css b/docs/stylesheets/custom.css new file mode 100644 index 00000000..4407decd --- /dev/null +++ b/docs/stylesheets/custom.css @@ -0,0 +1,121 @@ +/** + * Copyright 2026 UCP Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +/* --- HERO SECTION --- */ +.hero-wrapper { + display: flex; + align-items: flex-start; + justify-content: space-between; + max-width: 1200px; + margin: 0 auto; +} + +.hero-content { + flex: 1; + max-width: 26.8rem; +} + +.hero-content h1 { + font-size: 3rem; + line-height: 1.12; + font-weight: 450; + margin-bottom: 0.5rem; + letter-spacing: -0.02em; +} + +p.hero-subheading { + font-size: 1.5rem; + line-height: 1.28; + margin: 0 0 1rem; +} + +p.hero-description { + line-height: 1.4; + margin: 0; +} + +.hero-image { + display: flex; + justify-content: center; + margin-top: 15px; + max-width: 45%; +} + +.hero-logo-crisp { + width: 100%; + height: auto; + object-fit: contain; +} + +/* --- PROMO CARDS --- */ +.promo-card-wrapper { + display: flex; + flex-wrap: wrap; + gap: 24px; + max-width: 1200px; + margin: 60px auto; +} + +.promo-card { + flex: 0 0 calc(50% - 12px); + min-width: 300px; + border-radius: 24px; + padding: 16px 24px; + display: flex; + flex-direction: column; + align-items: flex-start; + background-color: color-mix( + in srgb, + var(--md-primary-fg-color) 8%, + transparent + ); + transition: transform 0.2s ease; +} + +.promo-card:hover { + transform: translateY(-2px); +} + +.promo-card h3 { + margin: 0 0 12px; + color: var(--md-primary-fg-color); +} + +.promo-card p { + margin-bottom: 16px; + flex-grow: 1; +} + +/* --- PROMO BUTTONS --- */ +.promo-button, +.learn-more-btn { + display: inline-block; + padding: 0.5rem 1.2rem; + border: 1px solid var(--md-primary-fg-color); + border-radius: 50px; + text-decoration: none; + color: var(--md-primary-fg-color); + font-weight: 500; + font-size: 0.8rem; + background-color: transparent; + transition: opacity 0.2s ease-in-out; +} + +.promo-button:hover, +.learn-more-btn:hover { + opacity: 0.8; +} diff --git a/front/403_internal.html b/front/403_internal.html new file mode 100644 index 00000000..cbbcc8cf --- /dev/null +++ b/front/403_internal.html @@ -0,0 +1,65 @@ + + + + + + Access Restricted - NetAlertX + + + +
+

403 Forbidden

+

+ The /server endpoint is for internal use only and cannot be accessed from external browsers or applications. +

+

+ This security measure protects the backend API. You will need to contact your system administrator in order to gain access to the API port (default: 20212), or use the application through the standard web interface. +

+
+ NetAlertX Security • Trust Level: Untrusted Origin +
+
+ + \ No newline at end of file diff --git a/front/css/app.css b/front/css/app.css index 988618ad..302f2f94 100755 --- a/front/css/app.css +++ b/front/css/app.css @@ -105,7 +105,7 @@ a[target="_blank"] { background-color: black !important; font-family: 'Courier New', monospace; font-size: .85em; - cursor: pointer; + cursor: pointer !important; } .logs-row textarea { @@ -508,6 +508,45 @@ body color: #a0a0a0; } +.small-box { + margin-bottom: 15px !important; + float: left; + width: 100%; + border-radius: 4px; + border-top: 0px; +} + +#TopSmallBoxes .small-box { + height: 3em; +} + +.small-box .icon +{ + font-size: 2.2em !important; + float: right; + top: 0; +} +.small-box .small-box-text +{ + float:left; + font-size: x-large; + margin-top: -0.3em; +} + +.small-box .infobox_label +{ + font-size: larger; + float: right; + text-align: center; + z-index: 1; +} + +hr +{ + margin-top: 5px; + margin-bottom: 10px; +} + /* ----------------------------------------------------------------------------- Customized Box Borders ----------------------------------------------------------------------------- */ @@ -891,6 +930,14 @@ height: 50px; .nav-tabs-custom .tab-content { overflow: scroll; } + .infobox_label + { + display: none; + } + .small-box .icon + { + display: block !important; + } } .top_small_box_gray_text { @@ -901,10 +948,6 @@ height: 50px; background-color: #b2b6be !important; } -.infobox_label { - font-size: 16px !important; -} - .deviceSelector { display: block; @@ -1667,6 +1710,10 @@ textarea[readonly], min-height: 42px; } +.form-group { + margin-bottom: 5px !important; +} + /* Remove the default Select2 chevron (the down arrow) */ .select2-container .select2-selection__arrow b { display: none !important; @@ -2214,9 +2261,8 @@ textarea[readonly], .red-hover-border:hover { - border-color: red !important; - border-width: 1px; - border-style: solid; + border-color: #ff0000 !important; + box-shadow: #ff0000; } @@ -2225,12 +2271,6 @@ textarea[readonly], background-color: red !important; } -#multi-edit-form .form-group -{ - height: 45px; - -} - .top-left-logo { height:35px; diff --git a/front/css/dark-patch.css b/front/css/dark-patch.css index 8302fa28..dbda3801 100755 --- a/front/css/dark-patch.css +++ b/front/css/dark-patch.css @@ -42,14 +42,7 @@ h4 { .content-header > .breadcrumb > li > a { color: #bec5cb; } -.table > thead > tr > th, -.table > tbody > tr > th, -.table > tfoot > tr > th, -.table > thead > tr > td, -.table > tbody > tr > td, -.table > tfoot > tr > td { - border-top: 0; -} + .table > thead > tr.odd, .table > tbody > tr.odd, .table > tfoot > tr.odd { @@ -73,7 +66,6 @@ h4 { border: 1px solid #353c42; } .dataTables_wrapper input[type="search"] { - border-radius: 4px; background-color: #353c42; border: 0; color: #bec5cb; @@ -126,7 +118,6 @@ h4 { border-color: #3c8dbc; } .sidebar-menu > li > .treeview-menu { - margin: 0 1px; background-color: #32393e; } .sidebar a { @@ -144,16 +135,13 @@ h4 { color: #fff; } .sidebar-form { - border-radius: 3px; border: 1px solid #3e464c; - margin: 10px; } .sidebar-form input[type="text"], .sidebar-form .btn { box-shadow: none; background-color: #3e464c; border: 1px solid transparent; - height: 35px; } .sidebar-form input[type="text"] { color: #666; @@ -207,20 +195,13 @@ h4 { .box > .box-header .btn { color: #bec5cb; } -.box.box-info, -.box.box-primary, -.box.box-success, -.box.box-warning, -.box.box-danger { - border-top-width: 3px; -} + .main-header .navbar { background-color: #272c30; } .main-header .navbar .nav > li > a, .main-header .navbar .nav > li > .navbar-text { color: #bec5cb; - max-height: 50px; } .main-header .navbar .nav > li > a:hover, .main-header .navbar .nav > li > a:active, @@ -277,7 +258,6 @@ h4 { background: rgba(64, 72, 80, 0.666); } .nav-tabs-custom > .nav-tabs > li { - margin-right: 1px; color: #bec5cb; } .nav-tabs-custom > .nav-tabs > li.active > a, @@ -386,11 +366,8 @@ h4 { code, pre { - padding: 2px 4px; - font-size: 90%; color: #bec5cb; background-color: #353c42; - border-radius: 4px; } /* Used in the Query Log table */ @@ -456,7 +433,7 @@ td.highlight { /* Used by the long-term pages */ .daterangepicker { background-color: #3e464c; - border-radius: 4px; + border: 1px solid #353c42; } .daterangepicker .ranges li:hover { @@ -467,7 +444,7 @@ td.highlight { } .daterangepicker .calendar-table { background-color: #3e464c; - border-radius: 4px; + border: 1px solid #353c42; } .daterangepicker td.off, @@ -535,7 +512,7 @@ textarea[readonly], .panel-body, .panel-default > .panel-heading { background-color: #3e464c; - border-radius: 4px; + border: 1px solid #353c42; color: #bec5cb; } @@ -568,23 +545,10 @@ input[type="password"]::-webkit-caps-lock-indicator { background-image: linear-gradient(to right, #114100 0%, #525200 100%); } -.icheckbox_polaris, -.icheckbox_futurico, -.icheckbox_minimal-blue { - margin-right: 10px; -} -.iradio_polaris, -.iradio_futurico, -.iradio_minimal-blue { - margin-right: 8px; -} - /* Overlay box with spinners as shown during data collection for graphs */ .box .overlay, .overlay-wrapper .overlay { - z-index: 50; background-color: rgba(53, 60, 66, 0.733); - border-radius: 3px; } .box .overlay > .fa, .overlay-wrapper .overlay > .fa, @@ -594,7 +558,6 @@ input[type="password"]::-webkit-caps-lock-indicator { .navbar-nav > .user-menu > .dropdown-menu > .user-footer { background-color: #353c42bb; - padding: 10px; } .modal-content { @@ -623,36 +586,32 @@ input[type="password"]::-webkit-caps-lock-indicator { border-color: rgb(120, 127, 133); } -/*** Additional fixes For Pi.Alert UI ***/ -.small-box { - border-radius: 10px; - border-top: 0px; -} +/*** Additional fixes For UI ***/ .pa-small-box-aqua .inner { background-color: rgb(45,108,133); - border-top-left-radius: 10px; - border-top-right-radius: 10px; + + } .pa-small-box-green .inner { background-color: rgb(31,76,46); - border-top-left-radius: 10px; - border-top-right-radius: 10px; + + } .pa-small-box-yellow .inner { background-color: rgb(151,104,37); - border-top-left-radius: 10px; - border-top-right-radius: 10px; + + } .pa-small-box-red .inner { background-color: rgb(120,50,38); - border-top-left-radius: 10px; - border-top-right-radius: 10px; + + } .pa-small-box-gray .inner { background-color: #777; /* color: rgba(20,20,20,30%); */ - border-top-left-radius: 10px; - border-top-right-radius: 10px; + + } .pa-small-box-gray .inner h3 { color: #bbb; @@ -691,15 +650,6 @@ table.dataTable tbody tr.selected, table.dataTable tbody tr .selected .db_tools_table_cell_b:nth-child(1) {background: #272c30} .db_tools_table_cell_b:nth-child(2) {background: #272c30} -.db_info_table { - display: table; - border-spacing: 0em; - font-weight: 400; - font-size: 15px; - width: 100%; - margin: auto; -} - .nav-tabs-custom > .nav-tabs > li:hover > a, .nav-tabs-custom > .nav-tabs > li.active:hover > a { background-color: #272c30; color: #bec5cb; @@ -742,23 +692,7 @@ table.dataTable tbody tr.selected, table.dataTable tbody tr .selected color: #bec5cb; background-color: #272c30; } -/* Add border radius to bottom of the status boxes*/ -.pa-small-box-footer { - border-bottom-left-radius: 10px; - border-bottom-right-radius: 10px; -} -.small-box > .inner h3, .small-box > .inner p { - margin-bottom: 0px; - margin-left: 0px; -} -.small-box:hover .icon { - font-size: 3em; -} -.small-box .icon { - top: 0.01em; - font-size: 3.25em; -} .nax_semitransparent-panel{ background-color: #000 !important; } diff --git a/front/css/system-dark-patch.css b/front/css/system-dark-patch.css index f55ce1c2..353c1679 100755 --- a/front/css/system-dark-patch.css +++ b/front/css/system-dark-patch.css @@ -76,9 +76,7 @@ border: 1px solid #353c42; } .dataTables_wrapper input[type="search"] { - border-radius: 4px; background-color: #353c42; - border: 0; color: #bec5cb; } .dataTables_paginate .pagination li > a { @@ -129,7 +127,6 @@ border-color: #3c8dbc; } .sidebar-menu > li > .treeview-menu { - margin: 0 1px; background-color: #32393e; } .sidebar a { @@ -147,23 +144,16 @@ color: #fff; } .sidebar-form { - border-radius: 3px; border: 1px solid #3e464c; - margin: 10px; } .sidebar-form input[type="text"], .sidebar-form .btn { box-shadow: none; background-color: #3e464c; border: 1px solid transparent; - height: 35px; } .sidebar-form input[type="text"] { color: #666; - border-top-left-radius: 2px; - border-top-right-radius: 0; - border-bottom-right-radius: 0; - border-bottom-left-radius: 2px; } .sidebar-form input[type="text"]:focus, .sidebar-form input[type="text"]:focus + .input-group-btn .btn { @@ -175,10 +165,6 @@ } .sidebar-form .btn { color: #999; - border-top-left-radius: 0; - border-top-right-radius: 2px; - border-bottom-right-radius: 2px; - border-bottom-left-radius: 0; } .box, .box-footer, @@ -210,20 +196,12 @@ .box > .box-header .btn { color: #bec5cb; } - .box.box-info, - .box.box-primary, - .box.box-success, - .box.box-warning, - .box.box-danger { - border-top-width: 3px; - } .main-header .navbar { background-color: #272c30; } .main-header .navbar .nav > li > a, .main-header .navbar .nav > li > .navbar-text { color: #bec5cb; - max-height: 50px; } .main-header .navbar .nav > li > a:hover, .main-header .navbar .nav > li > a:active, @@ -280,7 +258,6 @@ background: rgba(64, 72, 80, 0.666); } .nav-tabs-custom > .nav-tabs > li { - margin-right: 1px; color: #bec5cb; } .nav-tabs-custom > .nav-tabs > li.active > a, @@ -389,11 +366,8 @@ code, pre { - padding: 2px 4px; - font-size: 90%; color: #bec5cb; background-color: #353c42; - border-radius: 4px; } /* Used in the Query Log table */ @@ -459,7 +433,6 @@ /* Used by the long-term pages */ .daterangepicker { background-color: #3e464c; - border-radius: 4px; border: 1px solid #353c42; } .daterangepicker .ranges li:hover { @@ -470,7 +443,6 @@ } .daterangepicker .calendar-table { background-color: #3e464c; - border-radius: 4px; border: 1px solid #353c42; } .daterangepicker td.off, @@ -537,7 +509,6 @@ .panel-body, .panel-default > .panel-heading { background-color: #3e464c; - border-radius: 4px; border: 1px solid #353c42; color: #bec5cb; } @@ -570,23 +541,10 @@ background-image: linear-gradient(to right, #114100 0%, #525200 100%); } - .icheckbox_polaris, - .icheckbox_futurico, - .icheckbox_minimal-blue { - margin-right: 10px; - } - .iradio_polaris, - .iradio_futurico, - .iradio_minimal-blue { - margin-right: 8px; - } - /* Overlay box with spinners as shown during data collection for graphs */ .box .overlay, .overlay-wrapper .overlay { - z-index: 50; background-color: rgba(53, 60, 66, 0.733); - border-radius: 3px; } .box .overlay > .fa, .overlay-wrapper .overlay > .fa, @@ -596,7 +554,6 @@ .navbar-nav > .user-menu > .dropdown-menu > .user-footer { background-color: #353c42bb; - padding: 10px; } .modal-content { @@ -625,36 +582,21 @@ border-color: rgb(120, 127, 133); } - /*** Additional fixes For Pi.Alert UI ***/ - .small-box { - border-radius: 10px; - border-top: 0px; - } .pa-small-box-aqua .inner { background-color: rgb(45,108,133); - border-top-left-radius: 10px; - border-top-right-radius: 10px; } .pa-small-box-green .inner { background-color: rgb(31,76,46); - border-top-left-radius: 10px; - border-top-right-radius: 10px; } .pa-small-box-yellow .inner { background-color: rgb(151,104,37); - border-top-left-radius: 10px; - border-top-right-radius: 10px; } .pa-small-box-red .inner { background-color: rgb(120,50,38); - border-top-left-radius: 10px; - border-top-right-radius: 10px; } .pa-small-box-gray .inner { background-color: #777; /* color: rgba(20,20,20,30%); */ - border-top-left-radius: 10px; - border-top-right-radius: 10px; } .pa-small-box-gray .inner h3 { color: #bbb; @@ -693,15 +635,6 @@ .db_tools_table_cell_b:nth-child(1) {background: #272c30} .db_tools_table_cell_b:nth-child(2) {background: #272c30} - .db_info_table { - display: table; - border-spacing: 0em; - font-weight: 400; - font-size: 15px; - width: 100%; - margin: auto; - } - .nav-tabs-custom > .nav-tabs > li:hover > a, .nav-tabs-custom > .nav-tabs > li.active:hover > a { background-color: #272c30; color: #bec5cb; @@ -723,15 +656,6 @@ color: white !important; } - /* remove white border that appears on mobile screen sizes */ - .box-body { - border: 0px; - } - /* remove white border that appears on mobile screen sizes */ - .table-responsive { - border: 0px; - } - .login-page { background-color: transparent; } @@ -744,23 +668,6 @@ color: #bec5cb; background-color: #272c30; } - /* Add border radius to bottom of the status boxes*/ - .pa-small-box-footer { - border-bottom-left-radius: 10px; - border-bottom-right-radius: 10px; - } - - .small-box > .inner h3, .small-box > .inner p { - margin-bottom: 0px; - margin-left: 0px; - } - .small-box:hover .icon { - font-size: 3em; - } - .small-box .icon { - top: 0.01em; - font-size: 3.25em; - } .nax_semitransparent-panel{ background-color: #000 !important; } diff --git a/front/deviceDetailsEdit.php b/front/deviceDetailsEdit.php index 83bf43ec..c9acb3a5 100755 --- a/front/deviceDetailsEdit.php +++ b/front/deviceDetailsEdit.php @@ -17,7 +17,7 @@ require_once $_SERVER["DOCUMENT_ROOT"] . "/php/templates/security.php"; ?> class="btn btn-default pa-btn pa-btn-delete" style="margin-left:0px;" id="btnDelete" - onclick="askDeleteDevice()"> + onclick="askDeleteDeviceByMac()"> @@ -138,7 +138,7 @@ function getDeviceData() { }, // Group for event and alert settings DevDetail_EveandAl_Title: { - data: ["devAlertEvents", "devAlertDown", "devSkipRepeated", "devReqNicsOnline", "devChildrenNicsDynamic"], + data: ["devAlertEvents", "devAlertDown", "devSkipRepeated", "devReqNicsOnline", "devChildrenNicsDynamic", "devForceStatus"], docs: "https://docs.netalertx.com/NOTIFICATIONS", iconClass: "fa fa-bell", inputGroupClasses: "field-group alert-group col-lg-4 col-sm-6 col-xs-12", @@ -147,7 +147,7 @@ function getDeviceData() { }, // Group for network details DevDetail_MainInfo_Network_Title: { - data: ["devParentMAC", "devParentRelType", "devParentPort", "devSSID", "devSite", "devSyncHubNode"], + data: ["devParentMAC", "devParentRelType", "devParentPort", "devSSID", "devSite", "devVlan", "devSyncHubNode"], docs: "https://docs.netalertx.com/NETWORK_TREE", iconClass: "fa fa-sitemap fa-rotate-270", inputGroupClasses: "field-group network-group col-lg-4 col-sm-6 col-xs-12", @@ -156,7 +156,7 @@ function getDeviceData() { }, // Group for other fields like static IP, archived status, etc. DevDetail_DisplayFields_Title: { - data: ["devStaticIP", "devIsNew", "devFavorite", "devIsArchived", "devForceStatus"], + data: ["devStaticIP", "devIsNew", "devFavorite", "devIsArchived"], docs: "https://docs.netalertx.com/DEVICE_DISPLAY_SETTINGS", iconClass: "fa fa-list-check", inputGroupClasses: "field-group display-group col-lg-4 col-sm-6 col-xs-12", @@ -172,6 +172,15 @@ function getDeviceData() { labelClasses: "col-sm-4 col-xs-12 control-label", inputClasses: "col-sm-8 col-xs-12 input-group" }, + // Group for Custom properties. + DevDetail_CustomProperties_Title: { + data: ["devCustomProps"], + docs: "https://docs.netalertx.com/CUSTOM_PROPERTIES", + iconClass: "fa fa-list", + inputGroupClasses: "field-group cutprop-group col-lg-6 col-sm-12 col-xs-12", + labelClasses: "col-sm-12 col-xs-12 control-label", + inputClasses: "col-sm-12 col-xs-12 input-group" + }, // Group for Children. DevDetail_Children_Title: { data: ["devChildrenDynamic"], @@ -181,15 +190,6 @@ function getDeviceData() { labelClasses: "col-sm-12 col-xs-12 control-label", inputClasses: "col-sm-12 col-xs-12 input-group" }, - // Group for Custom properties. - DevDetail_CustomProperties_Title: { - data: ["devCustomProps"], - docs: "https://docs.netalertx.com/CUSTOM_PROPERTIES", - iconClass: "fa fa-list", - inputGroupClasses: "field-group cutprop-group col-lg-6 col-sm-12 col-xs-12", - labelClasses: "col-sm-12 col-xs-12 control-label", - inputClasses: "col-sm-12 col-xs-12 input-group" - } }; // Filter settings data to get relevant settings @@ -339,7 +339,7 @@ function getDeviceData() {
- ${generateFormHtml(settingsData, setting, fieldData.toString(), fieldOptionsOverride, null)} + ${generateFormHtml(settingsData, setting, fieldData.toString(), fieldOptionsOverride, null, mac == "new")} ${inlineControl}
`; @@ -423,7 +423,7 @@ function setDeviceData(direction = '', refreshCallback = '') { // Build payload const payload = { - devName: $('#NEWDEV_devName').val().replace(/'/g, "’"), + devName: $('#NEWDEV_devName').val(), devOwner: $('#NEWDEV_devOwner').val().replace(/'/g, "’"), devType: $('#NEWDEV_devType').val().replace(/'/g, ""), devVendor: $('#NEWDEV_devVendor').val().replace(/'/g, "’"), @@ -432,7 +432,7 @@ function setDeviceData(direction = '', refreshCallback = '') { devFavorite: ($('#NEWDEV_devFavorite')[0].checked * 1), devGroup: $('#NEWDEV_devGroup').val().replace(/'/g, "’"), devLocation: $('#NEWDEV_devLocation').val().replace(/'/g, "’"), - devComments: encodeSpecialChars($('#NEWDEV_devComments').val()), + devComments: ($('#NEWDEV_devComments').val()), devParentMAC: $('#NEWDEV_devParentMAC').val(), devParentPort: $('#NEWDEV_devParentPort').val(), @@ -440,6 +440,7 @@ function setDeviceData(direction = '', refreshCallback = '') { devSSID: $('#NEWDEV_devSSID').val(), devSite: $('#NEWDEV_devSite').val(), + devVlan: $('#NEWDEV_devVlan').val(), devStaticIP: ($('#NEWDEV_devStaticIP')[0].checked * 1), devScan: 1, @@ -580,6 +581,12 @@ function toggleFieldLock(mac, fieldName) { const currentSource = deviceData[sourceField] || "N/A"; const shouldLock = currentSource !== "LOCKED"; + if(shouldLock && somethingChanged) + { + showMessage(getString("FieldLock_SaveBeforeLocking"), 5000, "modal_red"); + return; + } + const payload = { fieldName: fieldName, lock: shouldLock ? 1 : 0 diff --git a/front/devices.php b/front/devices.php index a9ccce6c..08da9254 100755 --- a/front/devices.php +++ b/front/devices.php @@ -57,7 +57,7 @@
- + - ${cellData} + ${displayedValue} ` ); @@ -1132,7 +1148,7 @@ function renderCustomProps(custProps, mac) { onClickEvent = `alert('Not implemented')`; break; case "delete_dev": - onClickEvent = `askDelDevDTInline('${mac}')`; + onClickEvent = `askDeleteDeviceByMac('${mac}')`; break; default: break; diff --git a/front/img/svg/netalertx_blue_docs.svg b/front/img/svg/netalertx_blue_docs.svg new file mode 100644 index 00000000..77710b9b --- /dev/null +++ b/front/img/svg/netalertx_blue_docs.svg @@ -0,0 +1,453 @@ + + + + + + + + + + + + + + + A + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/front/js/api.js b/front/js/api.js index 6f927913..32129ab0 100644 --- a/front/js/api.js +++ b/front/js/api.js @@ -4,11 +4,8 @@ function getApiBase() if(apiBase == "") { - const protocol = window.location.protocol.replace(':', ''); - const host = window.location.hostname; - const port = getSetting("GRAPHQL_PORT"); - - apiBase = `${protocol}://${host}:${port}`; + // Default to the same-origin proxy bridge + apiBase = "/server"; } // Remove trailing slash for consistency diff --git a/front/js/common.js b/front/js/common.js index 8ff405fd..ceeb82a5 100755 --- a/front/js/common.js +++ b/front/js/common.js @@ -181,7 +181,7 @@ function getSettingOptions (key) { if (result == "") { - console.log(`Setting options with key "${key}" not found`) + // console.log(`Setting options with key "${key}" not found`) result = [] } @@ -197,10 +197,10 @@ function getSetting (key) { result = getCache(`nax_set_${key}`, true); - if (result == "") - { - console.log(`Setting with key "${key}" not found`) - } + // if (result == "") + // { + // console.log(`Setting with key "${key}" not found`) + // } return result; } @@ -450,10 +450,18 @@ function localizeTimestamp(input) { const date = new Date(str); if (!isFinite(date)) { console.error(`ERROR: Couldn't parse date: '${str}' with TIMEZONE ${tz}`); - return 'Failed conversion - Check browser console'; + return 'Failed conversion'; } + + // CHECK: Does the input string have an offset (e.g., +11:00 or Z)? + // If it does, and we apply a 'tz' again, we double-shift. + const hasOffset = /[Z|[+-]\d{2}:?\d{2}]$/.test(str.trim()); + return new Intl.DateTimeFormat(LOCALE, { - timeZone: tz, + // If it has an offset, we display it as-is (UTC mode in Intl + // effectively means "don't add more hours"). + // If no offset, apply your variable 'tz'. + timeZone: hasOffset ? 'UTC' : tz, year: 'numeric', month: '2-digit', day: '2-digit', hour: '2-digit', minute: '2-digit', second: '2-digit', hour12: false diff --git a/front/js/device.js b/front/js/device.js index 934878c9..7dbffa1c 100755 --- a/front/js/device.js +++ b/front/js/device.js @@ -1,21 +1,5 @@ - - // ----------------------------------------------------------------------------- -function askDeleteDevice() { - - mac = getMac() - - // Ask delete device - showModalWarning( - getString("DevDetail_button_Delete"), - getString("DevDetail_button_Delete_ask"), - getString('Gen_Cancel'), - getString('Gen_Delete'), - 'deleteDevice'); -} - -// ----------------------------------------------------------------------------- -function askDelDevDTInline(mac) { +function askDeleteDeviceByMac(mac) { // only try getting mac from URL if not supplied - used in inline buttons on in the my devices listing pages if(isEmpty(mac)) @@ -31,34 +15,9 @@ function askDelDevDTInline(mac) { () => deleteDeviceByMac(mac)) } - -// ----------------------------------------------------------------------------- -function deleteDevice() { - // Check MAC - mac = getMac() - - const apiBase = getApiBase(); - const apiToken = getSetting("API_TOKEN"); - const url = `${apiBase}/device/${mac}/delete`; - - $.ajax({ - url, - method: "DELETE", - headers: { "Authorization": `Bearer ${apiToken}` }, - success: function(response) { - showMessage(response.success ? "Device deleted successfully" : (response.error || "Unknown error")); - updateApi("devices,appevents"); - }, - error: function(xhr, status, error) { - console.error("Error deleting device:", status, error); - showMessage("Error: " + (xhr.responseJSON?.error || error)); - } - }); -} - // ----------------------------------------------------------------------------- function deleteDeviceByMac(mac) { - // only try getting mac from URL if not supplied - used in inline buttons on in teh my devices listing pages + // only try getting mac from URL if not supplied - used in inline buttons on in the my devices listing pages if(isEmpty(mac)) { mac = getMac() diff --git a/front/js/modal.js b/front/js/modal.js index d4024d02..0c4ec1fb 100755 --- a/front/js/modal.js +++ b/front/js/modal.js @@ -170,7 +170,8 @@ function showModalPopupForm( curValue = null, popupFormJson = null, parentSettingKey = null, - triggeredBy = null + triggeredBy = null, + populateFromOverrides = true ) { // set captions prefix = "modal-form"; @@ -229,7 +230,8 @@ function showModalPopupForm( setObj, null, fieldOptionsOverride, - null + null, + populateFromOverrides // is new entry )}
diff --git a/front/js/settings_utils.js b/front/js/settings_utils.js index 2f713b73..dfafde44 100755 --- a/front/js/settings_utils.js +++ b/front/js/settings_utils.js @@ -321,7 +321,8 @@ function addViaPopupForm(element) { null, // curValue popupFormJson, // popupform toId, // parentSettingKey - element // triggeredBy + element, // triggeredBy + true // initialize defaut values ); // flag something changes to prevent navigating from page @@ -475,7 +476,8 @@ function initListInteractionOptions(element) { curValue, // curValue popupFormJson, // popupform toId, // parentSettingKey - this // triggeredBy + this, // triggeredBy + true // populate overrides ); } else { // Fallback to normal field input @@ -1132,24 +1134,44 @@ function collectSetting(prefix, setCodeName, setType, settingsArray) { // ------------------------------------------------------------------------------ // Generate the form control for setting -function generateFormHtml(settingsData, set, overrideValue, overrideOptions, originalSetKey) { +/** + * Generates the HTML string for form controls based on setting configurations. + * Supports various element types including select, input, button, textarea, span, and recursive datatables. + * * @param {Object} settingsData - The global settings object containing configuration for all available settings. + * @param {Object} set - The specific configuration object for the current setting. + * @param {string} set.setKey - Unique identifier for the setting. + * @param {string} set.setType - JSON string defining the UI components (dataType, elements, etc.). + * @param {string} [set.setValue] - The default value for the setting. + * @param {Array|string} [set.setEvents] - List of event triggers to be rendered as clickable icons. + * @param {any} overrideValue - The current value to be displayed in the form control. + * @param {any} overrideOptions - Custom options to override the default setting options (used primarily for dropdowns). + * @param {string} originalSetKey - The base key name (used to maintain reference when keys are modified for uniqueness in tables). + * @param {boolean} populateFromOverrides - Flag to determine if the value should be pulled from `set['setValue']` (true) or `overrideValue` (false). + * * @returns {string} A string of HTML containing the form elements and any associated event action icons. + * * @example + * const html = generateFormHtml(allSettings, currentSet, "DefaultVal", null, "my_key", false); + * $('#container').html(html); + */ +function generateFormHtml(settingsData, set, overrideValue, overrideOptions, originalSetKey, populateFromOverrides) { let inputHtml = ''; // if override value is considered empty initialize from setting defaults - overrideValue == null || overrideValue == undefined ? inVal = set['setValue'] : inVal = overrideValue + populateFromOverrides ? inVal = set['setValue'] : inVal = overrideValue; + const setKey = set['setKey']; const setType = set['setType']; - // if (setKey == 'NEWDEV_devParentMAC') { + // if (setKey == 'UNIFIAPI_site_name') { - // console.log("==== DEBUG OUTPUT BELOW 1 ===="); - // console.log(setType); - // console.log(setKey); - // console.log(overrideValue); - // console.log(inVal); - - // } + // console.log("==== DEBUG OUTPUT BELOW 1 ===="); + // console.log("populateFromOverrides: " + populateFromOverrides); + // console.log(setType); + // console.log(setKey); + // console.log("overrideValue:" + overrideValue); + // console.log("inVal:" + inVal); + // console.log("set['setValue']:" + set['setValue']); + // } // Parse the setType JSON string // console.log(processQuotes(setType)); @@ -1189,15 +1211,14 @@ function generateFormHtml(settingsData, set, overrideValue, overrideOptions, ori // Override value let val = valRes; - // if (setKey == 'NEWDEV_devParentMAC') { + // if (setKey == 'UNIFIAPI_site_name') { // console.log("==== DEBUG OUTPUT BELOW 2 ===="); // console.log(setType); // console.log(setKey); - // console.log(overrideValue); - // console.log(inVal); - // console.log(val); - + // console.log("overrideValue:" + overrideValue); + // console.log("inVal:" + inVal); + // console.log("val:" + val); // } // Generate HTML based on elementType @@ -1227,7 +1248,7 @@ function generateFormHtml(settingsData, set, overrideValue, overrideOptions, ori break; case 'input': - const checked = val === 'True' || val === 'true' || val === '1' ? 'checked' : ''; + const checked = val === 'True' || val === 'true' || val === '1' || val == true ? 'checked' : ''; const inputClass = inputType === 'checkbox' ? 'checkbox' : 'form-control'; inputHtml += `
${cellHtml}
`; diff --git a/front/js/sse_manager.js b/front/js/sse_manager.js index 72285fad..2c53d31d 100644 --- a/front/js/sse_manager.js +++ b/front/js/sse_manager.js @@ -23,10 +23,19 @@ class NetAlertXStateManager { */ init() { if (this.initialized) return; + // waiting until cache ready + const waitForInit = () => { + if (!isAppInitialized()) { + setTimeout(waitForInit, 300); + return; + } - console.log("[NetAlertX State] Initializing state manager..."); - this.trySSE(); - this.initialized = true; + console.log("[NetAlertX State] App initialized, starting state manager"); + this.trySSE(); + this.initialized = true; + }; + + waitForInit(); } /** @@ -128,14 +137,35 @@ class NetAlertXStateManager { } /** - * Handle state update from SSE + * Handle state update from SSE or Polling */ handleStateUpdate(appState) { try { - if (document.getElementById("state")) { - const cleanState = appState["currentState"].replaceAll('"', ""); - document.getElementById("state").innerHTML = cleanState; + // 1. Update the main status text + if (appState["currentState"]) { + const cleanState = appState["currentState"].replace(/"/g, ""); + $("#state").html(cleanState); } + + // 2. Update Version placeholders + const version = appState["appVersion"] || "UNKNOWN"; + $('[data-plc="version"]') + .html(version) + .attr('data-version', version); + + // 3. Update Build Timestamp placeholders + const buildTime = appState["buildTimestamp"] || 0; + const displayTime = buildTime ? localizeTimestamp(buildTime) : "UNKNOWN"; + + $('[data-plc="build-timestamp"]') + .html(displayTime) + .attr('data-build-time', buildTime); + + $('[data-plc="build-timestamp"]') + .html(displayTime) + .attr('data-build-time', buildTime); + + // console.log("[NetAlertX State] UI updated via jQuery"); } catch (e) { console.error("[NetAlertX State] Failed to update state display:", e); } diff --git a/front/js/ui_components.js b/front/js/ui_components.js index 649531c6..80710fe1 100755 --- a/front/js/ui_components.js +++ b/front/js/ui_components.js @@ -668,7 +668,10 @@ function getColumnNameFromLangString(headStringKey) { "Device_TableHead_CustomProps": "devCustomProps", "Device_TableHead_FQDN": "devFQDN", "Device_TableHead_ParentRelType": "devParentRelType", - "Device_TableHead_ReqNicsOnline": "devReqNicsOnline" + "Device_TableHead_ReqNicsOnline": "devReqNicsOnline", + "Device_TableHead_Vlan": "devVlan", + "Device_TableHead_IPv4": "devPrimaryIPv4", + "Device_TableHead_IPv6": "devPrimaryIPv6" }; return columnNameMap[headStringKey] || ""; diff --git a/front/maintenance.php b/front/maintenance.php index f7bc0d04..6648a3ee 100755 --- a/front/maintenance.php +++ b/front/maintenance.php @@ -66,21 +66,24 @@ $db->close();
-
"> - ' .lang('Maintenance_new_version').''.'' .lang('Maintenance_current_version').'';?> +
+ + + +
- +
- +
@@ -174,6 +177,12 @@ $db->close();
+
+
+ +
+
+
@@ -364,7 +373,10 @@ function deleteAllDevices() url, method: "DELETE", headers: { "Authorization": `Bearer ${apiToken}` }, - data: JSON.stringify({ macs: null }), + data: JSON.stringify({ + macs: [], + confirm_delete_all: true + }), contentType: "application/json", success: function(response) { showMessage(response.success ? "All devices deleted successfully" : (response.error || "Unknown error")); @@ -464,6 +476,51 @@ function deleteEvents30() }); } +// ----------------------------------------------------------- +// Unlock/clear sources +function askUnlockFields () { + // Ask + showModalWarning('', '', + '', '', () => unlockFields(true)); +} +function unlockFields(clearAllFields) { + + + console.log("clearAllFields"); + console.log(clearAllFields); + + const apiBase = getApiBase(); + const apiToken = getSetting("API_TOKEN"); + const url = `${apiBase}/devices/fields/unlock`; + + // Payload: clear all sources for all devices and all fields + const payload = { + mac: null, // null = all devices + fields: null, // null = all tracked fields + clearAll: clearAllFields // clear all source values + }; + + $.ajax({ + url: url, + method: "POST", + contentType: "application/json", + headers: { + "Authorization": `Bearer ${apiToken}` + }, + data: JSON.stringify(payload), + success: function(response) { + showMessage(response.success + ? "All device fields unlocked/cleared successfully" + : (response.error || "Unknown error") + ); + }, + error: function(xhr, status, error) { + console.error("Error unlocking fields:", status, error); + showMessage("Error: " + (xhr.responseJSON?.error || error)); + } + }); +} + // ----------------------------------------------------------- // delete History function askDeleteActHistory () { diff --git a/front/multiEditCore.php b/front/multiEditCore.php index 4dd4fbeb..4484ff8a 100755 --- a/front/multiEditCore.php +++ b/front/multiEditCore.php @@ -58,12 +58,24 @@

- -
- +
+
+
-
- +
+
+
+
+ +
+
+
+
+
+ +
+
+
@@ -418,6 +430,90 @@ function executeAction(action, whereColumnName, key, targetColumns, newTargetCol } +// ----------------------------------------------------------------------------- +// Ask to unlock fields of selected devices +function askUnlockFieldsSelected () { + // Ask + showModalWarning( + getString('Maintenance_Tool_unlockFields_selecteddev_noti'), + getString('Gen_AreYouSure'), + getString('Gen_Cancel'), + getString('Gen_Okay'), + 'unlockFieldsSelected'); +} + +// ----------------------------------------------------------------------------- +// Ask to unlock fields of selected devices +function askClearSourceFields () { + // Ask + showModalWarning( + getString('Maintenance_Tool_clearSourceFields_selected_noti'), + getString('Gen_AreYouSure'), + getString('Gen_Cancel'), + getString('Gen_Okay'), + ()=>unlockFieldsSelected(null, true)); +} + +// ----------------------------------------------------------------------------- +// Unlock fields for selected devices +function unlockFieldsSelected(fields = null, clearAll = false) { + // Get selected MACs + const macs_tmp = selectorMacs(); // returns array of MACs + + console.log(macs_tmp); + console.log(clearAll); + + + if (!macs_tmp || macs_tmp == "" || macs_tmp.length === 0) { + showMessage(textMessage = "No devices selected", timeout = 3000, colorClass = "modal_red") + return; + } + + // API setup + const apiBase = getApiBase(); + const apiToken = getSetting("API_TOKEN"); + const url = `${apiBase}/devices/fields/unlock`; + + // Convert string to array + const macsArray = macs_tmp.split(",").map(m => m.trim()).filter(Boolean); + + const payload = { + mac: macsArray, // array of MACs for backend + fields: fields, // null for all tracked fields + clearAll: clearAll // true to clear all sources, false to clear only LOCKED/USER + }; + + $.ajax({ + url: url, + method: "POST", + headers: { "Authorization": `Bearer ${apiToken}` }, + contentType: "application/json", + data: JSON.stringify(payload), + success: function(response) { + if (response.success) { + showMessage(getString('Gen_DataUpdatedUITakesTime')); + write_notification( + `[Multi edit] Successfully unlocked fields of devices with MACs: ${macs_tmp}`, + "info" + ); + } else { + write_notification( + `[Multi edit] Failed to unlock fields: ${response.error || "Unknown error"}`, + "interrupt" + ); + } + }, + error: function(xhr, status, error) { + console.error("Error unlocking fields:", status, error); + write_notification( + `[Multi edit] Error unlocking fields: ${xhr.responseJSON?.error || error}`, + "error" + ); + } + }); +} + + // ----------------------------------------------------------------------------- // Ask to delete selected devices function askDeleteSelectedDevices () { diff --git a/front/network.php b/front/network.php index 13830eed..dbf328e9 100755 --- a/front/network.php +++ b/front/network.php @@ -85,20 +85,26 @@ // \ // PC (leaf) <------- leafs are not included in this SQL query const rawSql = ` - SELECT node_name, node_mac, online, node_type, node_ports_count, parent_mac, node_icon, node_alert - FROM ( - SELECT a.devName as node_name, a.devMac as node_mac, a.devPresentLastScan as online, - a.devType as node_type, a.devParentMAC as parent_mac, a.devIcon as node_icon, a.devAlertDown as node_alert - FROM Devices a - WHERE a.devType IN (${networkDeviceTypes}) and a.devIsArchived = 0 - ) t1 - LEFT JOIN ( - SELECT b.devParentMAC as node_mac_2, count() as node_ports_count - FROM Devices b - WHERE b.devParentMAC NOT NULL - GROUP BY b.devParentMAC - ) t2 - ON (t1.node_mac = t2.node_mac_2) + SELECT + parent.devName AS node_name, + parent.devMac AS node_mac, + parent.devPresentLastScan AS online, + parent.devType AS node_type, + parent.devParentMAC AS parent_mac, + parent.devIcon AS node_icon, + parent.devAlertDown AS node_alert, + COUNT(child.devMac) AS node_ports_count + FROM Devices AS parent + LEFT JOIN Devices AS child + /* CRITICAL FIX: COLLATE NOCASE ensures the join works + even if devParentMAC is uppercase and devMac is lowercase + */ + ON child.devParentMAC = parent.devMac COLLATE NOCASE + WHERE parent.devType IN (${networkDeviceTypes}) + AND parent.devIsArchived = 0 + GROUP BY parent.devMac, parent.devName, parent.devPresentLastScan, + parent.devType, parent.devParentMAC, parent.devIcon, parent.devAlertDown + ORDER BY parent.devName; `; const apiBase = getApiBase(); @@ -377,7 +383,10 @@ } // ---------------------------------------------------- - function loadConnectedDevices(node_mac) { + function loadConnectedDevices(node_mac) { + // Standardize the input just in case + const normalized_mac = node_mac.toLowerCase(); + const sql = ` SELECT devName, devMac, devLastIP, devVendor, devPresentLastScan, devAlertDown, devParentPort, CASE @@ -389,13 +398,14 @@ ELSE 'Unknown status' END AS devStatus FROM Devices - WHERE devParentMac = '${node_mac}'`; + /* Using COLLATE NOCASE here solves the 'TEXT' vs 'NOCASE' mismatch */ + WHERE devParentMac = '${normalized_mac}' COLLATE NOCASE`; - const id = node_mac.replace(/:/g, '_'); + // Keep the ID generation consistent + const id = normalized_mac.replace(/:/g, '_'); const wrapperHtml = ` - - +
`; loadDeviceTable({ diff --git a/front/php/components/device_cards.php b/front/php/components/device_cards.php index e131b7e1..0ca24e44 100755 --- a/front/php/components/device_cards.php +++ b/front/php/components/device_cards.php @@ -21,8 +21,10 @@ function renderSmallBox($params) {
-

' . htmlspecialchars($dataValue) . '

-

' . lang(htmlspecialchars($labelLang)) . '

+
+
' . htmlspecialchars($dataValue) . '
+
+
' . lang(htmlspecialchars($labelLang)) . '
diff --git a/front/php/components/devices_filters.php b/front/php/components/devices_filters.php index c66492ec..0a376b4f 100755 --- a/front/php/components/devices_filters.php +++ b/front/php/components/devices_filters.php @@ -18,7 +18,7 @@ function renderFilterDropdown($headerKey, $columnName, $values) { // Generate the dropdown HTML return '
- + diff --git a/front/php/templates/build.php b/front/php/templates/build.php deleted file mode 100755 index ed352c38..00000000 --- a/front/php/templates/build.php +++ /dev/null @@ -1,21 +0,0 @@ - diff --git a/front/php/templates/footer.php b/front/php/templates/footer.php index 763859da..5b4058e9 100755 --- a/front/php/templates/footer.php +++ b/front/php/templates/footer.php @@ -32,8 +32,8 @@ | | | - | : - | Version: + | : + | Version: |
diff --git a/front/php/templates/language/ar_ar.json b/front/php/templates/language/ar_ar.json index 49a3503d..e5ec5c6a 100644 --- a/front/php/templates/language/ar_ar.json +++ b/front/php/templates/language/ar_ar.json @@ -226,6 +226,8 @@ "Device_TableHead_FirstSession": "أول جلسة", "Device_TableHead_GUID": "معرف فريد", "Device_TableHead_Group": "المجموعة", + "Device_TableHead_IPv4": "", + "Device_TableHead_IPv6": "", "Device_TableHead_Icon": "الأيقونة", "Device_TableHead_LastIP": "آخر عنوان IP", "Device_TableHead_LastIPOrder": "ترتيب آخر عنوان IP", @@ -249,6 +251,7 @@ "Device_TableHead_SyncHubNodeName": "اسم عقدة المزامنة", "Device_TableHead_Type": "النوع", "Device_TableHead_Vendor": "المصنع", + "Device_TableHead_Vlan": "", "Device_Table_Not_Network_Device": "ليس جهاز شبكة", "Device_Table_info": "معلومات الجدول", "Device_Table_nav_next": "التالي", @@ -300,6 +303,7 @@ "FieldLock_Error": "", "FieldLock_Lock_Tooltip": "", "FieldLock_Locked": "", + "FieldLock_SaveBeforeLocking": "", "FieldLock_Source_Label": "", "FieldLock_Unlock_Tooltip": "", "FieldLock_Unlocked": "", @@ -410,6 +414,10 @@ "Maintenance_Tool_ImportPastedConfig": "استيراد إعدادات ملصقة", "Maintenance_Tool_ImportPastedConfig_noti_text": "جاري استيراد الإعدادات الملصقة...", "Maintenance_Tool_ImportPastedConfig_text": "يستورد هذا الأمر ملف app.conf الذي يحتوي على جميع إعدادات التطبيق. قد ترغب في تنزيل ملف app.conf الحالي أولاً باستخدام Settings Export.", + "Maintenance_Tool_UnlockFields": "", + "Maintenance_Tool_UnlockFields_noti": "", + "Maintenance_Tool_UnlockFields_noti_text": "", + "Maintenance_Tool_UnlockFields_text": "", "Maintenance_Tool_arpscansw": "تبديل فحص ARP", "Maintenance_Tool_arpscansw_noti": "تبديل فحص ARP", "Maintenance_Tool_arpscansw_noti_text": "تم تغيير حالة فحص ARP", @@ -419,6 +427,9 @@ "Maintenance_Tool_backup_noti_text": "جاري إنشاء نسخة احتياطية...", "Maintenance_Tool_backup_text": "إنشاء نسخة احتياطية من قاعدة البيانات", "Maintenance_Tool_check_visible": "فحص المرئي", + "Maintenance_Tool_clearSourceFields_selected": "", + "Maintenance_Tool_clearSourceFields_selected_noti": "", + "Maintenance_Tool_clearSourceFields_selected_text": "", "Maintenance_Tool_darkmode": "الوضع الداكن", "Maintenance_Tool_darkmode_noti": "الوضع الداكن", "Maintenance_Tool_darkmode_noti_text": "تم تغيير الوضع الداكن", @@ -449,6 +460,7 @@ "Maintenance_Tool_del_unknowndev_noti": "حذف الأجهزة غير المعروفة", "Maintenance_Tool_del_unknowndev_noti_text": "هل أنت متأكد من رغبتك في حذف جميع الأجهزة (غير المعروفة) و(الاسم غير موجود)؟", "Maintenance_Tool_del_unknowndev_text": "حذف الأجهزة غير المعروفة من قاعدة البيانات", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "", "Maintenance_Tool_displayed_columns_text": "الأعمدة المعروضة", "Maintenance_Tool_drag_me": "اسحبني", "Maintenance_Tool_order_columns_text": "ترتيب الأعمدة", @@ -460,6 +472,8 @@ "Maintenance_Tool_restore_noti": "استعادة", "Maintenance_Tool_restore_noti_text": "جاري استعادة قاعدة البيانات...", "Maintenance_Tool_restore_text": "استعادة قاعدة البيانات من نسخة احتياطية", + "Maintenance_Tool_unlockFields_selecteddev": "", + "Maintenance_Tool_unlockFields_selecteddev_noti": "", "Maintenance_Tool_upgrade_database_noti": "ترقية قاعدة البيانات", "Maintenance_Tool_upgrade_database_noti_text": "جاري ترقية قاعدة البيانات...", "Maintenance_Tool_upgrade_database_text": "ترقية هيكل قاعدة البيانات", diff --git a/front/php/templates/language/ca_ca.json b/front/php/templates/language/ca_ca.json index de07b4d7..943f239e 100644 --- a/front/php/templates/language/ca_ca.json +++ b/front/php/templates/language/ca_ca.json @@ -198,7 +198,7 @@ "DevDetail_button_Save": "Guardar", "DeviceEdit_ValidMacIp": "Entra una adreça IP i Mac vàlides.", "Device_MultiEdit": "Multi-edició", - "Device_MultiEdit_Backup": "Atenció, entrar valors incorrectes a continuació trencarà la configuració. Si us plau, abans feu còpia de seguretat la vostra base de dades o configuració de Dispositius (clic per descarregar ). Llegiu com per recuperar Dispositius des d'aquest fitxer al documentació de Còpies de seguretat. Per aplicar els canvis, feu click a la Save icona de cada camp que volgueu actualitzar.", + "Device_MultiEdit_Backup": "Atenció, entrar valors incorrectes a continuació trencarà la configuració. Si us plau, abans feu còpia de seguretat la vostra base de dades o configuració de Dispositius (clic per descarregar ). Llegiu com per recuperar Dispositius des d'aquest fitxer al documentació de Còpies de seguretat. Per aplicar els canvis, feu click a la Save icona de cada camp que volgueu actualitzar.", "Device_MultiEdit_Fields": "Editar camps:", "Device_MultiEdit_MassActions": "Accions massives:", "Device_MultiEdit_No_Devices": "Cap dispositiu seleccionat.", @@ -226,6 +226,8 @@ "Device_TableHead_FirstSession": "Primera Sessió", "Device_TableHead_GUID": "GUID", "Device_TableHead_Group": "Grup", + "Device_TableHead_IPv4": "", + "Device_TableHead_IPv6": "", "Device_TableHead_Icon": "Icona", "Device_TableHead_LastIP": "Darrera IP", "Device_TableHead_LastIPOrder": "Últim Ordre d'IP", @@ -249,6 +251,7 @@ "Device_TableHead_SyncHubNodeName": "Node Sync", "Device_TableHead_Type": "Tipus", "Device_TableHead_Vendor": "Venedor", + "Device_TableHead_Vlan": "", "Device_Table_Not_Network_Device": "No configurat com a dispositiu de xarxa", "Device_Table_info": "Mostrant _INICI_ a_FINAL_ d'entrades_ TOTALS", "Device_Table_nav_next": "Següent", @@ -300,6 +303,7 @@ "FieldLock_Error": "", "FieldLock_Lock_Tooltip": "", "FieldLock_Locked": "", + "FieldLock_SaveBeforeLocking": "", "FieldLock_Source_Label": "", "FieldLock_Unlock_Tooltip": "", "FieldLock_Unlocked": "", @@ -410,6 +414,10 @@ "Maintenance_Tool_ImportPastedConfig": "Importació de la configuració (paste)", "Maintenance_Tool_ImportPastedConfig_noti_text": "Estàs segur que vols importar la configuració config enganxada? Això sobreescriurà completament el fitxer app.conf.", "Maintenance_Tool_ImportPastedConfig_text": "Importa el fitxer app.conf que conté tota l'aplicació Configuració. És possible que vulgueu descarregar el fitxer actual app.conf primer amb el Settings Export.", + "Maintenance_Tool_UnlockFields": "", + "Maintenance_Tool_UnlockFields_noti": "", + "Maintenance_Tool_UnlockFields_noti_text": "", + "Maintenance_Tool_UnlockFields_text": "", "Maintenance_Tool_arpscansw": "Conmuta arp-Scan (on/off)", "Maintenance_Tool_arpscansw_noti": "Conmuta arp-Scan on or off", "Maintenance_Tool_arpscansw_noti_text": "Quan l'escàner ha estat canviat a off es queda off fins que és activat de bell nou.", @@ -419,6 +427,9 @@ "Maintenance_Tool_backup_noti_text": "Estàs segur que vols executar el Backup DB? Assegura't que no hi ha exploració en funcionament.", "Maintenance_Tool_backup_text": "Les còpies de seguretat de la base de dades es troben al directori de bases de dades com a arxiu zip, anomenat amb la data de creació. No hi ha un nombre màxim de còpies de seguretat.", "Maintenance_Tool_check_visible": "Desmarqueu-ho per amagar la columna.", + "Maintenance_Tool_clearSourceFields_selected": "", + "Maintenance_Tool_clearSourceFields_selected_noti": "", + "Maintenance_Tool_clearSourceFields_selected_text": "", "Maintenance_Tool_darkmode": "Canvia Modes (Fosc/Clar)", "Maintenance_Tool_darkmode_noti": "Canvia Modes", "Maintenance_Tool_darkmode_noti_text": "Després del canvi de tema, la pàgina intenta recarregar-se per activar el canvi. Si és necessari, s'ha de netejar la memòria cau.", @@ -449,6 +460,7 @@ "Maintenance_Tool_del_unknowndev_noti": "Elimina dispositius desconeguts", "Maintenance_Tool_del_unknowndev_noti_text": "Estàs segur que vols eliminar tots els dispositius (no coneguts) o amb nom (no trobat)?", "Maintenance_Tool_del_unknowndev_text": "Abans d'utilitzar aquesta funció, feu una còpia de seguretat. La supressió no es pot desfer. Tots els dispositius anomenats (no coneguts) s'eliminaran de la base de dades.", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "", "Maintenance_Tool_displayed_columns_text": "Canvieu la visibilitat i l'ordre de les columnes a la pàgina Dispositius.", "Maintenance_Tool_drag_me": "Arrossega'm a reorder columnes.", "Maintenance_Tool_order_columns_text": "Manteniment_Eina_ordre_columnes_text", @@ -460,6 +472,8 @@ "Maintenance_Tool_restore_noti": "Restaura base de dades", "Maintenance_Tool_restore_noti_text": "Estàs segur que vols executar la Restauració de Base de Dades? Comprova que no hi ha exploració en funcionament.", "Maintenance_Tool_restore_text": "L'última còpia de seguretat es pot restaurar mitjançant el botó, però les còpies de seguretat antigues només es poden restaurar manualment. Després de la restauració, feu una comprovació d'integritat a la base de dades per seguretat, per si de cas la Base de dades estigués en mode escriptura quan es va crear la còpia de seguretat.", + "Maintenance_Tool_unlockFields_selecteddev": "", + "Maintenance_Tool_unlockFields_selecteddev_noti": "", "Maintenance_Tool_upgrade_database_noti": "Actualitza base de dades", "Maintenance_Tool_upgrade_database_noti_text": "T'és segur vols actualitzar la base de dades?
(potser prefereixes arxivar-la)", "Maintenance_Tool_upgrade_database_text": "Aquest botó actualitzarà la base de dades per activar l'activitat de Xarxa dins les darreres 12 hores. Si us plau, feu còpia de la vostra base de dades per si de cas.", diff --git a/front/php/templates/language/cs_cz.json b/front/php/templates/language/cs_cz.json index 2805c252..61324a97 100644 --- a/front/php/templates/language/cs_cz.json +++ b/front/php/templates/language/cs_cz.json @@ -226,6 +226,8 @@ "Device_TableHead_FirstSession": "", "Device_TableHead_GUID": "", "Device_TableHead_Group": "", + "Device_TableHead_IPv4": "", + "Device_TableHead_IPv6": "", "Device_TableHead_Icon": "", "Device_TableHead_LastIP": "", "Device_TableHead_LastIPOrder": "", @@ -249,6 +251,7 @@ "Device_TableHead_SyncHubNodeName": "", "Device_TableHead_Type": "", "Device_TableHead_Vendor": "", + "Device_TableHead_Vlan": "", "Device_Table_Not_Network_Device": "", "Device_Table_info": "", "Device_Table_nav_next": "", @@ -300,6 +303,7 @@ "FieldLock_Error": "", "FieldLock_Lock_Tooltip": "", "FieldLock_Locked": "", + "FieldLock_SaveBeforeLocking": "", "FieldLock_Source_Label": "", "FieldLock_Unlock_Tooltip": "", "FieldLock_Unlocked": "", @@ -410,6 +414,10 @@ "Maintenance_Tool_ImportPastedConfig": "", "Maintenance_Tool_ImportPastedConfig_noti_text": "", "Maintenance_Tool_ImportPastedConfig_text": "", + "Maintenance_Tool_UnlockFields": "", + "Maintenance_Tool_UnlockFields_noti": "", + "Maintenance_Tool_UnlockFields_noti_text": "", + "Maintenance_Tool_UnlockFields_text": "", "Maintenance_Tool_arpscansw": "", "Maintenance_Tool_arpscansw_noti": "", "Maintenance_Tool_arpscansw_noti_text": "", @@ -419,6 +427,9 @@ "Maintenance_Tool_backup_noti_text": "", "Maintenance_Tool_backup_text": "", "Maintenance_Tool_check_visible": "", + "Maintenance_Tool_clearSourceFields_selected": "", + "Maintenance_Tool_clearSourceFields_selected_noti": "", + "Maintenance_Tool_clearSourceFields_selected_text": "", "Maintenance_Tool_darkmode": "", "Maintenance_Tool_darkmode_noti": "", "Maintenance_Tool_darkmode_noti_text": "", @@ -449,6 +460,7 @@ "Maintenance_Tool_del_unknowndev_noti": "", "Maintenance_Tool_del_unknowndev_noti_text": "", "Maintenance_Tool_del_unknowndev_text": "", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "", "Maintenance_Tool_displayed_columns_text": "", "Maintenance_Tool_drag_me": "", "Maintenance_Tool_order_columns_text": "", @@ -460,6 +472,8 @@ "Maintenance_Tool_restore_noti": "", "Maintenance_Tool_restore_noti_text": "", "Maintenance_Tool_restore_text": "", + "Maintenance_Tool_unlockFields_selecteddev": "", + "Maintenance_Tool_unlockFields_selecteddev_noti": "", "Maintenance_Tool_upgrade_database_noti": "", "Maintenance_Tool_upgrade_database_noti_text": "", "Maintenance_Tool_upgrade_database_text": "", diff --git a/front/php/templates/language/de_de.json b/front/php/templates/language/de_de.json index d5eb58ac..57f55df0 100644 --- a/front/php/templates/language/de_de.json +++ b/front/php/templates/language/de_de.json @@ -84,12 +84,12 @@ "DevDetail_EveandAl_NewDevice": "Neues Gerät", "DevDetail_EveandAl_NewDevice_Tooltip": "Zeigt den Status „Neu“ für das Gerät an und nimmt es in Listen auf, wenn der Filter „Neue Geräte“ aktiv ist. Hat keine Auswirkungen auf Benachrichtigungen.", "DevDetail_EveandAl_RandomMAC": "Zufällige MAC", - "DevDetail_EveandAl_ScanCycle": "Scan Abstand", + "DevDetail_EveandAl_ScanCycle": "Gerät scannen", "DevDetail_EveandAl_ScanCycle_a": "Gerät scannen", "DevDetail_EveandAl_ScanCycle_z": "Gerät nicht scannen", - "DevDetail_EveandAl_Skip": "pausiere wiederhol. Meldungen für", + "DevDetail_EveandAl_Skip": "Keine wiederholten Benachrichtigungen für", "DevDetail_EveandAl_Title": "Konfiguration der Benachrichtigungen", - "DevDetail_Events_CheckBox": "Blende Verbindungs-Ereignisse aus", + "DevDetail_Events_CheckBox": "Verbindungsereignisse ausblenden", "DevDetail_GoToNetworkNode": "Zur Netzwerkseite des angegebenen Knotens navigieren.", "DevDetail_Icon": "Icon", "DevDetail_Icon_Descr": "Geben Sie einen Font Awesome Icon-Namen ohne das Präfix „fa-“ ein oder die vollständige Klasse, z. B.: fa fa-brands fa-apple.", @@ -102,10 +102,10 @@ "DevDetail_MainInfo_Network": " Knoten (MAC)", "DevDetail_MainInfo_Network_Port": " Port", "DevDetail_MainInfo_Network_Site": "Seite", - "DevDetail_MainInfo_Network_Title": "Network", + "DevDetail_MainInfo_Network_Title": "Netzwerkdetails", "DevDetail_MainInfo_Owner": "Eigen­tümer", "DevDetail_MainInfo_SSID": "SSID", - "DevDetail_MainInfo_Title": "Hauptinformation", + "DevDetail_MainInfo_Title": "Geräteinformationen", "DevDetail_MainInfo_Type": "Typ", "DevDetail_MainInfo_Vendor": "Hersteller", "DevDetail_MainInfo_mac": "MAC", @@ -202,14 +202,14 @@ "DevDetail_button_Save": "Speichern", "DeviceEdit_ValidMacIp": "Gib eine gültige MAC- und IP-Adresse ein.", "Device_MultiEdit": "Mehrfach-bearbeiten", - "Device_MultiEdit_Backup": "Achtung! Falsche Eingaben können die Installation beschädigen. Bitte sichere deine Datenbank oder Gerätekonfiguration zuerst: (Konfiguration herunterladen ). Wie du dein Gerät wiederherstellen kannst findest du in der Dokumentation über Backups.", + "Device_MultiEdit_Backup": "Achtung! Falsche Eingaben können die Installation beschädigen. Bitte sichere deine Datenbank oder Gerätekonfiguration zuerst: (Konfiguration herunterladen ). Wie du dein Gerät wiederherstellen kannst findest du in der Dokumentation über Backups.", "Device_MultiEdit_Fields": "Felder bearbeiten:", "Device_MultiEdit_MassActions": "Massen aktionen:", "Device_MultiEdit_No_Devices": "Keine Geräte ausgewählt.", "Device_MultiEdit_Tooltip": "Achtung! Beim Drücken werden alle Werte auf die oben ausgewählten Geräte übertragen.", "Device_Save_Failed": "", "Device_Save_Unauthorized": "", - "Device_Saved_Success": "", + "Device_Saved_Success": "Gerät erfolgreich gespeichert", "Device_Saved_Unexpected": "", "Device_Searchbox": "Suche", "Device_Shortcut_AllDevices": "Meine Geräte", @@ -230,6 +230,8 @@ "Device_TableHead_FirstSession": "Erste Sitzung", "Device_TableHead_GUID": "GUID", "Device_TableHead_Group": "Gruppe", + "Device_TableHead_IPv4": "", + "Device_TableHead_IPv6": "", "Device_TableHead_Icon": "Icon", "Device_TableHead_LastIP": "Letzte IP", "Device_TableHead_LastIPOrder": "Letzte erhaltene IP", @@ -253,6 +255,7 @@ "Device_TableHead_SyncHubNodeName": "Synchronisationsknoten", "Device_TableHead_Type": "Typ", "Device_TableHead_Vendor": "Hersteller", + "Device_TableHead_Vlan": "VLAN", "Device_Table_Not_Network_Device": "Nicht konfiguriert als Netzwerkgerät", "Device_Table_info": "Zeige _START_ bis _END_ von _TOTAL_ Einträgen", "Device_Table_nav_next": "Nächste", @@ -304,6 +307,7 @@ "FieldLock_Error": "", "FieldLock_Lock_Tooltip": "", "FieldLock_Locked": "", + "FieldLock_SaveBeforeLocking": "", "FieldLock_Source_Label": "", "FieldLock_Unlock_Tooltip": "", "FieldLock_Unlocked": "", @@ -428,6 +432,10 @@ "Maintenance_Tool_ImportPastedConfig": "", "Maintenance_Tool_ImportPastedConfig_noti_text": "", "Maintenance_Tool_ImportPastedConfig_text": "", + "Maintenance_Tool_UnlockFields": "", + "Maintenance_Tool_UnlockFields_noti": "", + "Maintenance_Tool_UnlockFields_noti_text": "", + "Maintenance_Tool_UnlockFields_text": "", "Maintenance_Tool_arpscansw": "ARP-Scan umschalten (ein/aus)", "Maintenance_Tool_arpscansw_noti": "ARP-Scan ein- oder ausschalten", "Maintenance_Tool_arpscansw_noti_text": "Wenn der Scan aus ist, bleibt er so lange aus bis er wieder aktiviert wird.", @@ -437,6 +445,9 @@ "Maintenance_Tool_backup_noti_text": "Sind Sie sicher, dass Sie die Datenbank jetzt sichern möchten. Prüfen Sie, dass gerade keine Scans stattfinden.", "Maintenance_Tool_backup_text": "Die Datenbank-Sicher­ungen befinden sich im Datenbank-Ver­zeich­nis, gepackt als zip-Archive, benannt mit dem Erstellungs­datum. Es gibt keine maximale Anzahl von Backups.", "Maintenance_Tool_check_visible": "Abwählen um die Spalte auszublenden.", + "Maintenance_Tool_clearSourceFields_selected": "", + "Maintenance_Tool_clearSourceFields_selected_noti": "", + "Maintenance_Tool_clearSourceFields_selected_text": "", "Maintenance_Tool_darkmode": "Darstellungswechsel (Dunkel/Hell)", "Maintenance_Tool_darkmode_noti": "Darstellungswechsel", "Maintenance_Tool_darkmode_noti_text": "Wechselt zwischen der hellen und der dunklen Darstellung. Wenn die Umschaltung nicht ordentlich funktionieren sollte, versuchen Sie den Browsercache zu löschen.", @@ -467,6 +478,7 @@ "Maintenance_Tool_del_unknowndev_noti": "Lösche (unknown) Geräte", "Maintenance_Tool_del_unknowndev_noti_text": "Sind Sie sicher, dass Sie alle (unknown) Geräte aus der Datenbank löschen wollen?", "Maintenance_Tool_del_unknowndev_text": "Machen Sie ein Backup, bevor Sie diese Funk­tion nutzen. Der Vor­gang kann ohne Back­up nicht rück­gängig gemacht werden. Alle Gräte mit dem Namen (unknown) werden aus der Datenbank ge­löscht.", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "", "Maintenance_Tool_displayed_columns_text": "Ändere die Sichtbarkeit und Anordnung der Spalten in der Geräte-Seite.", "Maintenance_Tool_drag_me": "Zieh mich um die Anordnung der Spalten zu ändern.", "Maintenance_Tool_order_columns_text": "", @@ -478,6 +490,8 @@ "Maintenance_Tool_restore_noti": "DB Wiederherstellung", "Maintenance_Tool_restore_noti_text": "Sind Sie sicher, dass Sie die Datenbank aus der neusten Sicherung wiederherstellen möchten? Prüfen Sie, dass gerade keine Scans stattfinden.", "Maintenance_Tool_restore_text": "Das neuste Backup kann über diese Funk­tion wiederhergestellt werden. Ältere Sicher­ungen müssen manuell wieder­hergestellt wer­den. Es empfiehlt sich eine Integritäts­prüfung nach der Wieder­her­stellung zu machen, falls die Datenbank bei der Sicherung geöffnet war.", + "Maintenance_Tool_unlockFields_selecteddev": "", + "Maintenance_Tool_unlockFields_selecteddev_noti": "", "Maintenance_Tool_upgrade_database_noti": "Aktualisiere Datenbank", "Maintenance_Tool_upgrade_database_noti_text": "", "Maintenance_Tool_upgrade_database_text": "Mit dieser Schaltfläche wird die Datenbank aktualisiert, um das Diagramm der Netzwerkaktivitäten der letzten 12 Stunden zu aktivieren. Bitte sichern Sie Ihre Datenbank, falls Probleme auftreten.", diff --git a/front/php/templates/language/en_us.json b/front/php/templates/language/en_us.json index e5c76dec..a58c4af8 100755 --- a/front/php/templates/language/en_us.json +++ b/front/php/templates/language/en_us.json @@ -198,7 +198,7 @@ "DevDetail_button_Save": "Save", "DeviceEdit_ValidMacIp": "Enter a valid Mac and IP address.", "Device_MultiEdit": "Multi-edit", - "Device_MultiEdit_Backup": "Careful, entering wrong values below will break your setup. Please backup your database or Devices configuration first (click to download ). Read how to recover Devices from this file in the Backups documentation. In order to apply your changes click the Save icon on each field you want to update.", + "Device_MultiEdit_Backup": "Careful, entering wrong values below will break your setup. Please backup your database or Devices configuration first (click to download ). Read how to recover Devices from this file in the Backups documentation. In order to apply your changes click the Save icon on each field you want to update.", "Device_MultiEdit_Fields": "Edit fields:", "Device_MultiEdit_MassActions": "Mass actions:", "Device_MultiEdit_No_Devices": "No devices selected.", @@ -226,6 +226,8 @@ "Device_TableHead_FirstSession": "First Session", "Device_TableHead_GUID": "GUID", "Device_TableHead_Group": "Group", + "Device_TableHead_IPv4": "IPv4", + "Device_TableHead_IPv6": "IPv6", "Device_TableHead_Icon": "Icon", "Device_TableHead_LastIP": "Last IP", "Device_TableHead_LastIPOrder": "Last IP Order", @@ -249,6 +251,7 @@ "Device_TableHead_SyncHubNodeName": "Sync Node", "Device_TableHead_Type": "Type", "Device_TableHead_Vendor": "Vendor", + "Device_TableHead_Vlan": "VLAN", "Device_Table_Not_Network_Device": "Not configured as a network device", "Device_Table_info": "Showing _START_ to _END_ of _TOTAL_ entries", "Device_Table_nav_next": "Next", @@ -300,6 +303,7 @@ "FieldLock_Error": "Error updating field lock status", "FieldLock_Lock_Tooltip": "Lock field (prevent plugin overwrites)", "FieldLock_Locked": "Field locked", + "FieldLock_SaveBeforeLocking": "Save your changes before locking", "FieldLock_Source_Label": "Source: ", "FieldLock_Unlock_Tooltip": "Unlock field (allow plugin overwrites)", "FieldLock_Unlocked": "Field unlocked", @@ -410,6 +414,10 @@ "Maintenance_Tool_ImportPastedConfig": "Settings Import (paste)", "Maintenance_Tool_ImportPastedConfig_noti_text": "Are you sure you want to import the pasted config settings? This will completely overwrite the app.conf file.", "Maintenance_Tool_ImportPastedConfig_text": "Imports the app.conf file containing all the application Settings. You might want to download the current app.conf file first with the Settings Export.", + "Maintenance_Tool_UnlockFields": "Unlock Device Fields", + "Maintenance_Tool_UnlockFields_noti": "Unlock Device Fields", + "Maintenance_Tool_UnlockFields_noti_text": "Are you sure you want to clear all source values (LOCKED/USER) for all device fields on all devices? This action cannot be undone.", + "Maintenance_Tool_UnlockFields_text": "This tool will remove all source values from every tracked field for all devices, effectively unlocking all fields for plugins and users. Use this with caution, as it will affect your entire device inventory.", "Maintenance_Tool_arpscansw": "Toggle arp-Scan (on/off)", "Maintenance_Tool_arpscansw_noti": "Toggle arp-Scan on or off", "Maintenance_Tool_arpscansw_noti_text": "When the scan has been switched off it remains off until it is activated again.", @@ -419,6 +427,9 @@ "Maintenance_Tool_backup_noti_text": "Are you sure you want to execute the DB Backup? Be sure that no scan is currently running.", "Maintenance_Tool_backup_text": "The database backups are located in the database directory as a zip-archive, named with the creation date. There is no maximum number of backups.", "Maintenance_Tool_check_visible": "Uncheck to hide column.", + "Maintenance_Tool_clearSourceFields_selected": "Clear source fields", + "Maintenance_Tool_clearSourceFields_selected_noti": "Clear sources", + "Maintenance_Tool_clearSourceFields_selected_text": "This will clear all source fields of the selected devices. This action cannot be undone.", "Maintenance_Tool_darkmode": "Toggle Modes (Dark/Light)", "Maintenance_Tool_darkmode_noti": "Toggle Modes", "Maintenance_Tool_darkmode_noti_text": "After the theme switch, the page tries to reload itself to activate the change. If necessary, the cache must be cleared.", @@ -449,6 +460,7 @@ "Maintenance_Tool_del_unknowndev_noti": "Delete (unknown) devices", "Maintenance_Tool_del_unknowndev_noti_text": "Are you sure you want to delete all (unknown) and (name not found) devices?", "Maintenance_Tool_del_unknowndev_text": "Before using this function, please make a backup. The deletion cannot be undone. All devices named (unknown) will be deleted from the database.", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "This will unlock the LOCKED/USER fields of the selected devices. This action cannot be undone.", "Maintenance_Tool_displayed_columns_text": "Change the visibility and order of the columns in the Devices page.", "Maintenance_Tool_drag_me": "Drag me to reorder columns.", "Maintenance_Tool_order_columns_text": "Maintenance_Tool_order_columns_text", @@ -460,6 +472,8 @@ "Maintenance_Tool_restore_noti": "DB Restore", "Maintenance_Tool_restore_noti_text": "Are you sure you want to execute the DB Restore? Be sure that no scan is currently running.", "Maintenance_Tool_restore_text": "The latest backup can be restored via the button, but older backups can only be restored manually. After the restore, make an integrity check on the database for safety, in case the db was currently in write access when the backup was created.", + "Maintenance_Tool_unlockFields_selecteddev": "Unlock device fields", + "Maintenance_Tool_unlockFields_selecteddev_noti": "Unlock fields", "Maintenance_Tool_upgrade_database_noti": "Upgrade database", "Maintenance_Tool_upgrade_database_noti_text": "Are you sure you want to upgrade the database?
(maybe you prefer to archive it)", "Maintenance_Tool_upgrade_database_text": "This button will upgrade the database to enable the Network activity over last 12 hours chart. Please backup your database in case of issues.", diff --git a/front/php/templates/language/es_es.json b/front/php/templates/language/es_es.json index 17c2541c..aff4832c 100644 --- a/front/php/templates/language/es_es.json +++ b/front/php/templates/language/es_es.json @@ -200,7 +200,7 @@ "DevDetail_button_Save": "Guardar", "DeviceEdit_ValidMacIp": "Introduzca una dirección Mac y una dirección IP válidas .", "Device_MultiEdit": "Edición múltiple", - "Device_MultiEdit_Backup": "Tenga cuidado, ingresar valores incorrectos o romperá su configuración. Por favor, haga una copia de seguridad de su base de datos o de la configuración de los dispositivos primero (haga clic para descargar ). Lea cómo recuperar dispositivos de este archivo en la documentación de Copia de seguridad. Para aplicar sus cambios haga click en el ícono de Guardar en cada campo que quiera actualizar.", + "Device_MultiEdit_Backup": "Tenga cuidado, ingresar valores incorrectos o romperá su configuración. Por favor, haga una copia de seguridad de su base de datos o de la configuración de los dispositivos primero (haga clic para descargar ). Lea cómo recuperar dispositivos de este archivo en la documentación de Copia de seguridad. Para aplicar sus cambios haga click en el ícono de Guardar en cada campo que quiera actualizar.", "Device_MultiEdit_Fields": "Editar campos:", "Device_MultiEdit_MassActions": "Acciones masivas:", "Device_MultiEdit_No_Devices": "", @@ -228,6 +228,8 @@ "Device_TableHead_FirstSession": "1ra. sesión", "Device_TableHead_GUID": "GUID", "Device_TableHead_Group": "Grupo", + "Device_TableHead_IPv4": "", + "Device_TableHead_IPv6": "", "Device_TableHead_Icon": "Icon", "Device_TableHead_LastIP": "Última IP", "Device_TableHead_LastIPOrder": "Última orden de IP", @@ -251,6 +253,7 @@ "Device_TableHead_SyncHubNodeName": "Nodo de sincronización", "Device_TableHead_Type": "Tipo", "Device_TableHead_Vendor": "Fabricante", + "Device_TableHead_Vlan": "", "Device_Table_Not_Network_Device": "No está configurado como dispositivo de red", "Device_Table_info": "Mostrando el INICIO y el FINAL de TODAS las entradas", "Device_Table_nav_next": "Siguiente", @@ -302,6 +305,7 @@ "FieldLock_Error": "", "FieldLock_Lock_Tooltip": "", "FieldLock_Locked": "", + "FieldLock_SaveBeforeLocking": "", "FieldLock_Source_Label": "", "FieldLock_Unlock_Tooltip": "", "FieldLock_Unlocked": "", @@ -426,6 +430,10 @@ "Maintenance_Tool_ImportPastedConfig": "Importar ajustes (pegar)", "Maintenance_Tool_ImportPastedConfig_noti_text": "¿Seguro que quieres importar la configuración pegada? Esto sobrescribirá por completo el archivo app.conf.", "Maintenance_Tool_ImportPastedConfig_text": "Importa el archivo app.conf que contiene toda la configuración de la aplicación. Es recomendable descargar primero el archivo app.conf actual con la Exportación de configuración.", + "Maintenance_Tool_UnlockFields": "", + "Maintenance_Tool_UnlockFields_noti": "", + "Maintenance_Tool_UnlockFields_noti_text": "", + "Maintenance_Tool_UnlockFields_text": "", "Maintenance_Tool_arpscansw": "Activar arp-scan (on/off)", "Maintenance_Tool_arpscansw_noti": "Activar arp-scan on or off", "Maintenance_Tool_arpscansw_noti_text": "Cuando el escaneo se ha apagado, permanece apagado hasta que se active nuevamente.", @@ -435,6 +443,9 @@ "Maintenance_Tool_backup_noti_text": "¿Estás seguro de que quieres exactos la copia de seguridad de DB? Asegúrese de que ningún escaneo se esté ejecutando actualmente.", "Maintenance_Tool_backup_text": "Las copias de seguridad de la base de datos se encuentran en el directorio de la base de datos como una Zip-Archive, nombrada con la fecha de creación. No hay un número máximo de copias de seguridad.", "Maintenance_Tool_check_visible": "Desactivar para ocultar columna.", + "Maintenance_Tool_clearSourceFields_selected": "", + "Maintenance_Tool_clearSourceFields_selected_noti": "", + "Maintenance_Tool_clearSourceFields_selected_text": "", "Maintenance_Tool_darkmode": "Cambiar Modo (Dark/Light)", "Maintenance_Tool_darkmode_noti": "Cambiar Modo", "Maintenance_Tool_darkmode_noti_text": "Después del cambio de tema, la página intenta volver a cargar para activar el cambio. Si es necesario, el caché debe ser eliminado.", @@ -465,6 +476,7 @@ "Maintenance_Tool_del_unknowndev_noti": "Eliminar dispositivos (desconocidos)", "Maintenance_Tool_del_unknowndev_noti_text": "¿Estás seguro de que quieres eliminar todos los dispositivos (desconocidos)?", "Maintenance_Tool_del_unknowndev_text": "Antes de usar esta función, haga una copia de seguridad. La eliminación no se puede deshacer. Todos los dispositivos nombrados (desconocidos) se eliminarán de la base de datos.", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "", "Maintenance_Tool_displayed_columns_text": "Cambia la visibilidad y el orden de las columnas en la página Dispositivos.", "Maintenance_Tool_drag_me": "Coger para rearrastrar columnas.", "Maintenance_Tool_order_columns_text": "Maintenance_Tool_order_columns_text", @@ -476,6 +488,8 @@ "Maintenance_Tool_restore_noti": "Restaurar DB", "Maintenance_Tool_restore_noti_text": "¿Estás seguro de que quieres hacer exactos la restauración de DB? Asegúrese de que ningún escaneo se esté ejecutando actualmente.", "Maintenance_Tool_restore_text": "La última copia de seguridad se puede restaurar a través del botón, pero las copias de seguridad anteriores solo se pueden restaurar manualmente. Después de la restauración, realice una verificación de integridad en la base de datos por seguridad, en caso de que el DB estuviera actualmente en acceso de escritura cuando se creó la copia de seguridad.", + "Maintenance_Tool_unlockFields_selecteddev": "", + "Maintenance_Tool_unlockFields_selecteddev_noti": "", "Maintenance_Tool_upgrade_database_noti": "Actualizar la base de datos", "Maintenance_Tool_upgrade_database_noti_text": "¿Estás seguro de que quieres actualizar la base de datos?
(tal vez prefieras archivarla)", "Maintenance_Tool_upgrade_database_text": "Este botón actualizará la base de datos para habilitar la actividad de la red en las últimas 12 horas. Haga una copia de seguridad de su base de datos en caso de problemas.", diff --git a/front/php/templates/language/fa_fa.json b/front/php/templates/language/fa_fa.json index 7b2b9c5d..772ef8df 100644 --- a/front/php/templates/language/fa_fa.json +++ b/front/php/templates/language/fa_fa.json @@ -226,6 +226,8 @@ "Device_TableHead_FirstSession": "", "Device_TableHead_GUID": "", "Device_TableHead_Group": "", + "Device_TableHead_IPv4": "", + "Device_TableHead_IPv6": "", "Device_TableHead_Icon": "", "Device_TableHead_LastIP": "", "Device_TableHead_LastIPOrder": "", @@ -249,6 +251,7 @@ "Device_TableHead_SyncHubNodeName": "", "Device_TableHead_Type": "", "Device_TableHead_Vendor": "", + "Device_TableHead_Vlan": "", "Device_Table_Not_Network_Device": "", "Device_Table_info": "", "Device_Table_nav_next": "", @@ -300,6 +303,7 @@ "FieldLock_Error": "", "FieldLock_Lock_Tooltip": "", "FieldLock_Locked": "", + "FieldLock_SaveBeforeLocking": "", "FieldLock_Source_Label": "", "FieldLock_Unlock_Tooltip": "", "FieldLock_Unlocked": "", @@ -410,6 +414,10 @@ "Maintenance_Tool_ImportPastedConfig": "", "Maintenance_Tool_ImportPastedConfig_noti_text": "", "Maintenance_Tool_ImportPastedConfig_text": "", + "Maintenance_Tool_UnlockFields": "", + "Maintenance_Tool_UnlockFields_noti": "", + "Maintenance_Tool_UnlockFields_noti_text": "", + "Maintenance_Tool_UnlockFields_text": "", "Maintenance_Tool_arpscansw": "", "Maintenance_Tool_arpscansw_noti": "", "Maintenance_Tool_arpscansw_noti_text": "", @@ -419,6 +427,9 @@ "Maintenance_Tool_backup_noti_text": "", "Maintenance_Tool_backup_text": "", "Maintenance_Tool_check_visible": "", + "Maintenance_Tool_clearSourceFields_selected": "", + "Maintenance_Tool_clearSourceFields_selected_noti": "", + "Maintenance_Tool_clearSourceFields_selected_text": "", "Maintenance_Tool_darkmode": "", "Maintenance_Tool_darkmode_noti": "", "Maintenance_Tool_darkmode_noti_text": "", @@ -449,6 +460,7 @@ "Maintenance_Tool_del_unknowndev_noti": "", "Maintenance_Tool_del_unknowndev_noti_text": "", "Maintenance_Tool_del_unknowndev_text": "", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "", "Maintenance_Tool_displayed_columns_text": "", "Maintenance_Tool_drag_me": "", "Maintenance_Tool_order_columns_text": "", @@ -460,6 +472,8 @@ "Maintenance_Tool_restore_noti": "", "Maintenance_Tool_restore_noti_text": "", "Maintenance_Tool_restore_text": "", + "Maintenance_Tool_unlockFields_selecteddev": "", + "Maintenance_Tool_unlockFields_selecteddev_noti": "", "Maintenance_Tool_upgrade_database_noti": "", "Maintenance_Tool_upgrade_database_noti_text": "", "Maintenance_Tool_upgrade_database_text": "", diff --git a/front/php/templates/language/fr_fr.json b/front/php/templates/language/fr_fr.json index 7ab9085b..38c4c009 100644 --- a/front/php/templates/language/fr_fr.json +++ b/front/php/templates/language/fr_fr.json @@ -98,10 +98,10 @@ "DevDetail_MainInfo_Network": " Nœud (MAC)", "DevDetail_MainInfo_Network_Port": " Port", "DevDetail_MainInfo_Network_Site": "Site", - "DevDetail_MainInfo_Network_Title": "Réseau", + "DevDetail_MainInfo_Network_Title": "Détails du réseau", "DevDetail_MainInfo_Owner": "Possesseur", "DevDetail_MainInfo_SSID": "SSID", - "DevDetail_MainInfo_Title": "Informations principales", + "DevDetail_MainInfo_Title": "Informations de l'appareil", "DevDetail_MainInfo_Type": "Type", "DevDetail_MainInfo_Vendor": "Fabricant", "DevDetail_MainInfo_mac": "MAC", @@ -198,15 +198,15 @@ "DevDetail_button_Save": "Enregistrer", "DeviceEdit_ValidMacIp": "Renseigner une adresse Mac et une adresse IP valides.", "Device_MultiEdit": "Édition multiple", - "Device_MultiEdit_Backup": "Attention, renseigner des valeurs non cohérentes ci-dessous peut bloquer votre paramétrage. Veillez à faire une sauvegarde de votre base de données ou de la configuration de vos appareils en premier lieu (clisuer ici pour la télécharger ). Renseignez-vous sur comment remettre les appareils depuis ce fichier via la documentation des sauvegardes. Afin d'enregistrer les changements, cliquer sur l'icône Sauvegarder sur chaque champ que vous voulez mettre à jour.", + "Device_MultiEdit_Backup": "Attention, renseigner des valeurs non cohérentes ci-dessous peut bloquer votre paramétrage. Veillez à faire une sauvegarde de votre base de données ou de la configuration de vos appareils en premier lieu (clisuer ici pour la télécharger ). Renseignez-vous sur comment remettre les appareils depuis ce fichier via la documentation des sauvegardes. Afin d'enregistrer les changements, cliquer sur l'icône Sauvegarder sur chaque champ que vous voulez mettre à jour.", "Device_MultiEdit_Fields": "Champs modifiables :", "Device_MultiEdit_MassActions": "Actions en masse :", "Device_MultiEdit_No_Devices": "Aucun appareil sélectionné.", "Device_MultiEdit_Tooltip": "Attention. Ceci va appliquer la valeur de gauche à tous les appareils sélectionnés au-dessus.", - "Device_Save_Failed": "", - "Device_Save_Unauthorized": "", - "Device_Saved_Success": "", - "Device_Saved_Unexpected": "", + "Device_Save_Failed": "Erreur à l'enregistrement de l'appareil", + "Device_Save_Unauthorized": "Non autorisé - Jeton d'API invalide", + "Device_Saved_Success": "Appareil enregistré avec succès", + "Device_Saved_Unexpected": "La mise à jour de l'appareil a renvoyé une réponse inattendue", "Device_Searchbox": "Rechercher", "Device_Shortcut_AllDevices": "Mes appareils", "Device_Shortcut_AllNodes": "Tous les nœuds", @@ -226,6 +226,8 @@ "Device_TableHead_FirstSession": "Première session", "Device_TableHead_GUID": "GUID", "Device_TableHead_Group": "Groupe", + "Device_TableHead_IPv4": "IPv4", + "Device_TableHead_IPv6": "IPv6", "Device_TableHead_Icon": "Icône", "Device_TableHead_LastIP": "Dernière IP", "Device_TableHead_LastIPOrder": "Ordre dernière IP", @@ -249,6 +251,7 @@ "Device_TableHead_SyncHubNodeName": "Noeud de synchro", "Device_TableHead_Type": "Type", "Device_TableHead_Vendor": "Fabriquant", + "Device_TableHead_Vlan": "VLAN", "Device_Table_Not_Network_Device": "Non configuré comme appareil du réseau", "Device_Table_info": "Affiche de _START_ à _END_ sur _TOTAL_ entrées", "Device_Table_nav_next": "Suivant", @@ -296,13 +299,14 @@ "Events_Tablelenght": "Afficher _MENU_ entrées", "Events_Tablelenght_all": "Tous", "Events_Title": "Évènements", - "FakeMAC_hover": "Autodétecté - indique si l'appareil utilise une fausse adresse MAC (qui commence par FA:CE ou 00:1A), typiquement générée par un plugin qui ne peut pas détecter la vraie adresse MAC, ou en créant un appareil factice.", - "FieldLock_Error": "", - "FieldLock_Lock_Tooltip": "", - "FieldLock_Locked": "", - "FieldLock_Source_Label": "", - "FieldLock_Unlock_Tooltip": "", - "FieldLock_Unlocked": "", + "FakeMAC_hover": "Cet appareil a une adresse MAC fausse ou falsifiée", + "FieldLock_Error": "Erreur de mise à jour du statut de verrouillage du champ", + "FieldLock_Lock_Tooltip": "Verrouiller le champ (empêche les surcharges de plugin)", + "FieldLock_Locked": "Champ verrouillé", + "FieldLock_SaveBeforeLocking": "Enregistrez vos changements avant de verrouiller", + "FieldLock_Source_Label": "Source : ", + "FieldLock_Unlock_Tooltip": "Déverrouiller le champ (autorise les surcharges de plugin)", + "FieldLock_Unlocked": "Champ déverrouillé", "GRAPHQL_PORT_description": "Le numéro de port du serveur GraphQL. Assurez vous sue le port est unique a l'échelle de toutes les applications sur cet hôte et vos instances NetAlertX.", "GRAPHQL_PORT_name": "Port GraphQL", "Gen_Action": "Action", @@ -410,6 +414,10 @@ "Maintenance_Tool_ImportPastedConfig": "Import des paramètres (coller)", "Maintenance_Tool_ImportPastedConfig_noti_text": "Êtes-vous sûr de vouloir importer les paramètres de configuration copiés ? Cela va complètement remplacer le fichier app.conf.", "Maintenance_Tool_ImportPastedConfig_text": "Importe le fichier app.conf, qui contient tous les paramètres de l'application. Vous devriez commencer par télécharger le fichier actuelapp.conf avec la fonctionnalité Export des paramètres.", + "Maintenance_Tool_UnlockFields": "Déverrouiller les champs de l'appareil", + "Maintenance_Tool_UnlockFields_noti": "Déverrouiller les champs de l'appareil", + "Maintenance_Tool_UnlockFields_noti_text": "Êtes-vous sûr de vouloir supprimer toutes les valeurs de source (verrouillés par l'utilisateur LOCKED/USER) pour tous les champs d'appareil de tous les appareils ? Cette action ne peut pas être annulée.", + "Maintenance_Tool_UnlockFields_text": "Cet outil va supprimer toutes les valeurs de source pour chaque champ suivi de tous les appareils, ce qui déverrouillera tous les champs pour les plugins et les utilisateurs. Utilisez-lebm avec précaution, cela impactera l'ensemble de l'inventaire des appareils.", "Maintenance_Tool_arpscansw": "Basculer l'arp-Scan (activé/désactivé)", "Maintenance_Tool_arpscansw_noti": "Activer ou désactiver l'arp-Scan", "Maintenance_Tool_arpscansw_noti_text": "Une fois le scan désactivé, il reste désactivé jusqu'à ce qu'il soit réactivé.", @@ -419,6 +427,9 @@ "Maintenance_Tool_backup_noti_text": "Êtes-vous sûr de vouloir lancer la sauvegarde de la base de données ? Assurez-vous de ne pas avoir de scan en cours.", "Maintenance_Tool_backup_text": "Les sauvegardes de base de données sont situées dans le répertoire de la base de données, soir forme d'archive ZIP, nommé selon la date de création. Il n'y a pas de limite de nombre de sauvegarde.", "Maintenance_Tool_check_visible": "Décocher pour masquer la colonne.", + "Maintenance_Tool_clearSourceFields_selected": "Supprimer les champs source", + "Maintenance_Tool_clearSourceFields_selected_noti": "Supprimer les sources", + "Maintenance_Tool_clearSourceFields_selected_text": "Cela va supprimer tous les champs de sources des appareils sélectionnés. Cette action est irréversible.", "Maintenance_Tool_darkmode": "Basculer de mode (clair/sombre)", "Maintenance_Tool_darkmode_noti": "Basculer de mode", "Maintenance_Tool_darkmode_noti_text": "Après le changement de thème, la page tente de se rafraîchir pour activer le changement. Si besoin, le cache doit être supprimé.", @@ -449,6 +460,7 @@ "Maintenance_Tool_del_unknowndev_noti": "Supprimer les appareils inconnus", "Maintenance_Tool_del_unknowndev_noti_text": "Êtes-vous sûr de vouloir supprimer tous les appareils inconnus et sans nom trouvé ?", "Maintenance_Tool_del_unknowndev_text": "Avant d'utiliser cette fonction, veuillez effectuer une sauvegarde. La suppression ne peut pas être annulée. Tous les appareils nommés (inconnus) seront supprimés de la base de données.", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "Cela va déverrouiller les champs verrouillés par l'utilisateur (LOCKED/USER) des appareils sélectionnés. Cette action ne peut pas être annulée.", "Maintenance_Tool_displayed_columns_text": "Changer la visibilité et l'ordre des colonnes dans la page appareils page.", "Maintenance_Tool_drag_me": "Déplacez-moi pour réordonner les colonnes.", "Maintenance_Tool_order_columns_text": "Maintenance_Tool_order_columns_text", @@ -460,6 +472,8 @@ "Maintenance_Tool_restore_noti": "Restauration de la base de données", "Maintenance_Tool_restore_noti_text": "Êtes-vous sûr de vouloir lancer la restauration de la base données ? Assurez-vous qu'aucun scan ne soit en cours.", "Maintenance_Tool_restore_text": "La dernière sauvegarde peut être restaurée à l'aide du bouton, mais les sauvegardes plus anciennes ne peuvent être restaurées que manuellement. Après la restauration, faites un contrôle d'intégrité de la base de donnes par sécurité, au cas où elle était en cours d'ecriture lorsque la sauvegarde a été réalisée.", + "Maintenance_Tool_unlockFields_selecteddev": "Déverrouiller les champs de l'appareil", + "Maintenance_Tool_unlockFields_selecteddev_noti": "Déverrouiller les champs", "Maintenance_Tool_upgrade_database_noti": "Mise à jour de la base de données", "Maintenance_Tool_upgrade_database_noti_text": "Êtes-vous sûr de vouloir mettre à jour la base de données ?
(il peut être préférable de l'archiver)", "Maintenance_Tool_upgrade_database_text": "Ce bouton va mettre à jour la base de données pour activer le graphique de l'activité réseau sur les 12 dernières heures. Veillez à faire une sauvegarde de la base de données en cas de problème.", @@ -601,7 +615,7 @@ "REPORT_MAIL_description": "Si activé, un courriel est envoyé, avec la liste des changements pour lesquels on a souscrit. Cela nécessite de renseigner les paramètres associés au paramétrage SMTP plus bas. Si vous rencontrez des problèmes, positionnez le LOG_LEVEL au niveau debug et vérifiez les journaux d'erreurs.", "REPORT_MAIL_name": "Activer les courriels", "REPORT_TITLE": "Rapport", - "RandomMAC_hover": "Détecté automatiquement - indique si l'appareil dispose d'une adresse MAC générée aléatoirement. Vous pouvez exclure des adresses MAC spécifiques via le paramètre UI_NOT_RANDOM_MAC. Cliquez pour plus d'informations.", + "RandomMAC_hover": "Cet appareil a une adresse MAC aléatoire", "Reports_Sent_Log": "Rapports de log transmis", "SCAN_SUBNETS_description": "La plupart des scanners sur le réseau (scan ARP, NMAP, Nslookup, DIG) se base sur le scan d'une partie spécifique des interfaces réseau ou de sous-réseau. Consulter la documentation des sous-réseaux pour plus d'aide sur ce paramètre, notamment pour des VLAN, lesquels sont supportés ou sur comment identifier le masque réseau et votre interface réseau.

Une alternative à ces scanner sur le réseau et d'activer d'autres scanners d'appareils ou des importe, qui ne dépendent pas du fait de laisser NetAlertX accéder au réseau (Unifié, baux DHCP, Pi-hole, etc.).

Remarque : la durée du scan en lui-même dépend du nombre d'adresses IP à scanner, renseignez donc soigneusement avec le bon masque réseau et la bonne interface réseau.", "SCAN_SUBNETS_name": "Réseaux à scanner", @@ -609,7 +623,7 @@ "Setting_Override": "Remplacer la valeur", "Setting_Override_Description": "Activer cette option va remplacer la valeur fournie par défaut par une application par la valeur renseignée au-dessus.", "Settings_Metadata_Toggle": "Afficher/masquer les méta données pour le paramètre sélectionné.", - "Settings_Show_Description": "Montrer la description de la configuration.", + "Settings_Show_Description": "Afficher la description", "Settings_device_Scanners_desync": "⚠ La planification des différents scanners d'appareils est désynchronisée.", "Settings_device_Scanners_desync_popup": "La planification des scanners (*_RUN_SCHD) n'est pas identique entre scanners. Cela va entraîner des notifications en ligne/hors-ligne non cohérentes. À moins que cela soit attendu, utilisez la même planification pour tous les 🔍scanners d'appareils activés.", "Speedtest_Results": "Résultats du test de débit", @@ -775,4 +789,4 @@ "settings_system_label": "Système", "settings_update_item_warning": "Mettre à jour la valeur ci-dessous. Veillez à bien suivre le même format qu'auparavant. Il n'y a pas de pas de contrôle.", "test_event_tooltip": "Enregistrer d'abord vos modifications avant de tester vôtre paramétrage." -} \ No newline at end of file +} diff --git a/front/php/templates/language/it_it.json b/front/php/templates/language/it_it.json index fcf1212f..f4cc17bb 100644 --- a/front/php/templates/language/it_it.json +++ b/front/php/templates/language/it_it.json @@ -98,10 +98,10 @@ "DevDetail_MainInfo_Network": " Nodo (MAC)", "DevDetail_MainInfo_Network_Port": " Porta", "DevDetail_MainInfo_Network_Site": "Sito", - "DevDetail_MainInfo_Network_Title": "Rete", + "DevDetail_MainInfo_Network_Title": "Dettagli rete", "DevDetail_MainInfo_Owner": "Proprietario", "DevDetail_MainInfo_SSID": "SSID", - "DevDetail_MainInfo_Title": "Informazioni principali", + "DevDetail_MainInfo_Title": "Informazioni dispositivo", "DevDetail_MainInfo_Type": "Tipo", "DevDetail_MainInfo_Vendor": "Produttore", "DevDetail_MainInfo_mac": "MAC", @@ -198,15 +198,15 @@ "DevDetail_button_Save": "Salva", "DeviceEdit_ValidMacIp": "Inserisci un indirizzo Mac e un indirizzo IP validi.", "Device_MultiEdit": "Modifica multipla", - "Device_MultiEdit_Backup": "Attento, l'inserimento di valori errati di seguito interromperà la configurazione. Effettua prima il backup del database o della configurazione dei dispositivi (fai clic per scaricare ). Leggi come ripristinare i dispositivi da questo file nella Documentazione di backup. Per applicare le modifiche, fai clic sull'icona Salva su ogni campo che desideri aggiornare.", + "Device_MultiEdit_Backup": "Attento, l'inserimento di valori errati di seguito interromperà la configurazione. Effettua prima il backup del database o della configurazione dei dispositivi (fai clic per scaricare ). Leggi come ripristinare i dispositivi da questo file nella Documentazione di backup. Per applicare le modifiche, fai clic sull'icona Salva su ogni campo che desideri aggiornare.", "Device_MultiEdit_Fields": "Modifica campi:", "Device_MultiEdit_MassActions": "Azioni di massa:", "Device_MultiEdit_No_Devices": "Nessun dispositivo selezionato.", "Device_MultiEdit_Tooltip": "Attento. Facendo clic verrà applicato il valore sulla sinistra a tutti i dispositivi selezionati sopra.", - "Device_Save_Failed": "", - "Device_Save_Unauthorized": "", - "Device_Saved_Success": "", - "Device_Saved_Unexpected": "", + "Device_Save_Failed": "Impossibile salvare il dispositivo", + "Device_Save_Unauthorized": "Non autorizzato: token API non valido", + "Device_Saved_Success": "Dispositivo salvato correttamente", + "Device_Saved_Unexpected": "L'aggiornamento del dispositivo ha restituito una risposta imprevista", "Device_Searchbox": "Cerca", "Device_Shortcut_AllDevices": "I miei dispositivi", "Device_Shortcut_AllNodes": "Tutti i nodi", @@ -226,6 +226,8 @@ "Device_TableHead_FirstSession": "Prima sessione", "Device_TableHead_GUID": "GUID", "Device_TableHead_Group": "Gruppo", + "Device_TableHead_IPv4": "IPv4", + "Device_TableHead_IPv6": "IPv6", "Device_TableHead_Icon": "Icona", "Device_TableHead_LastIP": "Ultimo IP", "Device_TableHead_LastIPOrder": "Ordina per ultimo IP", @@ -249,6 +251,7 @@ "Device_TableHead_SyncHubNodeName": "Sincronizza nodo", "Device_TableHead_Type": "Tipo", "Device_TableHead_Vendor": "Produttore", + "Device_TableHead_Vlan": "VLAN", "Device_Table_Not_Network_Device": "Non configurato come dispositivo di rete", "Device_Table_info": "Visualizzazione da _START_ a _END_ di _TOTAL_ voci", "Device_Table_nav_next": "Successivo", @@ -296,13 +299,14 @@ "Events_Tablelenght": "Mostra _MENU_ elementi", "Events_Tablelenght_all": "Tutti", "Events_Title": "Eventi", - "FakeMAC_hover": "Rilevato automaticamente: indica se il dispositivo utilizza un indirizzo MAC FALSO (che inizia con FA:CE o 00:1A), in genere generato da un plugin che non riesce a rilevare il MAC reale o quando si crea un dispositivo fittizio.", - "FieldLock_Error": "", - "FieldLock_Lock_Tooltip": "", - "FieldLock_Locked": "", - "FieldLock_Source_Label": "", - "FieldLock_Unlock_Tooltip": "", - "FieldLock_Unlocked": "", + "FakeMAC_hover": "Questo dispositivo ha un indirizzo MAC contraffatto", + "FieldLock_Error": "Errore durante l'aggiornamento dello stato di blocco del campo", + "FieldLock_Lock_Tooltip": "Blocca campo (impedisci sovrascrittura plugin)", + "FieldLock_Locked": "Campo bloccato", + "FieldLock_SaveBeforeLocking": "Salva modifiche prima di bloccare", + "FieldLock_Source_Label": "Sorgente: ", + "FieldLock_Unlock_Tooltip": "Sblocca campo (consenti sovrascritture plugin)", + "FieldLock_Unlocked": "Campo sbloccato", "GRAPHQL_PORT_description": "Il numero di porta del server GraphQL. Assicurati che la porta sia univoca in tutte le tue applicazioni su questo host e nelle istanze di NetAlertX.", "GRAPHQL_PORT_name": "Porta GraphQL", "Gen_Action": "Azione", @@ -410,6 +414,10 @@ "Maintenance_Tool_ImportPastedConfig": "Importa impostazioni (incolla)", "Maintenance_Tool_ImportPastedConfig_noti_text": "Vuoi davvero importare le impostazioni di configurazione incollate? Questo sovrascriverà completamente il file app.conf.", "Maintenance_Tool_ImportPastedConfig_text": "Importa il file app.conf contenente tutte le impostazioni dell'applicazione. Potresti voler scaricare prima il file app.conf corrente con Esporta impostazioni.", + "Maintenance_Tool_UnlockFields": "Sblocca campi del dispositivo", + "Maintenance_Tool_UnlockFields_noti": "Sblocca campi del dispositivo", + "Maintenance_Tool_UnlockFields_noti_text": "Vuoi davvero cancellare tutti i valori sorgente (BLOCCATO/UTENTE) per tutti i campi dispositivo su tutti i dispositivi? Questa azione non può essere annullata.", + "Maintenance_Tool_UnlockFields_text": "Questo strumento rimuoverà tutti i valori sorgente da ogni campo tracciato per tutti i dispositivi, sbloccando di fatto tutti i campi per plugin e utenti. Usalo con cautela, poiché influirà sull'intero inventario dei dispositivi.", "Maintenance_Tool_arpscansw": "Attiva/disattiva arp-Scan", "Maintenance_Tool_arpscansw_noti": "Attiva o disattiva arp-Scan", "Maintenance_Tool_arpscansw_noti_text": "Una volta disattivata la scansione rimane disattivata finché non viene nuovamente attivata.", @@ -419,6 +427,9 @@ "Maintenance_Tool_backup_noti_text": "Sei sicuro di voler eseguire il backup del DB? Assicurati che nessuna scansione sia attualmente in esecuzione.", "Maintenance_Tool_backup_text": "I backup del database si trovano nella directory del database come archivio zip, denominato con la data di creazione. Non esiste un numero massimo di backup.", "Maintenance_Tool_check_visible": "Deseleziona per nascondere la colonna.", + "Maintenance_Tool_clearSourceFields_selected": "Cancella campi sorgente", + "Maintenance_Tool_clearSourceFields_selected_noti": "Cancella sorgenti", + "Maintenance_Tool_clearSourceFields_selected_text": "Questa operazione cancellerà tutti i campi sorgente dei dispositivi selezionati. Questa azione non può essere annullata.", "Maintenance_Tool_darkmode": "Alterna modalità (Scuro/Chiaro)", "Maintenance_Tool_darkmode_noti": "Alterna modalità", "Maintenance_Tool_darkmode_noti_text": "Dopo il cambio di tema, la pagina tenta di ricaricarsi per attivare la modifica. Potrebbe essere necessaria la cancellazione della cache.", @@ -449,6 +460,7 @@ "Maintenance_Tool_del_unknowndev_noti": "Elimina dispositivi (sconosciuti)", "Maintenance_Tool_del_unknowndev_noti_text": "Sei sicuro di voler eliminare tutti i dispositivi (sconosciuti) e (senza nome)?", "Maintenance_Tool_del_unknowndev_text": "Prima di utilizzare questa funzione, esegui un backup. L'eliminazione non può essere annullata. Tutti i dispositivi (sconosciuti) verranno eliminati dal database.", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "Questa operazione sbloccherà i campi BLOCCATO/UTENTE dei dispositivi selezionati. Questa azione non può essere annullata.", "Maintenance_Tool_displayed_columns_text": "Cambia la visibilità e l'ordine delle colonne nella pagina Dispositivi.", "Maintenance_Tool_drag_me": "Trascinami per riordinare le colonne.", "Maintenance_Tool_order_columns_text": "Maintenance_Tool_order_columns_text", @@ -460,6 +472,8 @@ "Maintenance_Tool_restore_noti": "Ripristino DB", "Maintenance_Tool_restore_noti_text": "Sei sicuro di voler eseguire il ripristino del DB? Assicurati che nessuna scansione sia attualmente in esecuzione.", "Maintenance_Tool_restore_text": "L'ultimo backup può essere ripristinato tramite il pulsante, ma i backup più vecchi possono essere ripristinati solo manualmente. Dopo il ripristino, effettuare un controllo di integrità sul database per sicurezza, nel caso in cui il db fosse attualmente in accesso di scrittura quando è stato creato il backup.", + "Maintenance_Tool_unlockFields_selecteddev": "Sblocca i campi del dispositivo", + "Maintenance_Tool_unlockFields_selecteddev_noti": "Sblocca campi", "Maintenance_Tool_upgrade_database_noti": "Aggiorna database", "Maintenance_Tool_upgrade_database_noti_text": "Sei sicuro di voler aggiornare il database?
(forse preferisci archiviarlo)", "Maintenance_Tool_upgrade_database_text": "Questo pulsante aggiornerà il database per abilitare il grafico dell'attività di rete nelle ultime 12 ore. Esegui il backup del database in caso di problemi.", @@ -601,7 +615,7 @@ "REPORT_MAIL_description": "Se abilitato, viene inviata un'e-mail con un elenco delle modifiche a cui sei iscritto. Compila anche tutte le restanti impostazioni relative alla configurazione SMTP. In caso di problemi, imposta LOG_LEVEL su debug e controlla il log degli errori.", "REPORT_MAIL_name": "Abilita e-mail", "REPORT_TITLE": "Rapporto", - "RandomMAC_hover": "Rilevato automaticamente: indica se il dispositivo genera casualmente il suo indirizzo MAC. Puoi escludere MAC specifici con l'impostazione UI_NOT_RANDOM_MAC. Fai clic per saperne di più.", + "RandomMAC_hover": "Questo dispositivo ha un indirizzo MAC casuale", "Reports_Sent_Log": "Log rapporti inviati", "SCAN_SUBNETS_description": "La maggior parte degli scanner di rete (ARP-SCAN, NMAP, NSLOOKUP, DIG) si basano sulla scansione di interfacce di rete e sottoreti specifiche. Consulta la documentazione sulle sottoreti per assistenza su questa impostazione, in particolare VLAN, quali VLAN sono supportate o come individuare la maschera di rete e l'interfaccia.

Un'alternativa agli scanner in rete è abilitare altri scanner/importatori di dispositivi che non si affidano a NetAlertX che hanno accesso alla rete (UNIFI, dhcp.leases , PiHole, ecc.).

Nota: il tempo di scansione stesso dipende dal numero di indirizzi IP da controllare, quindi impostalo attentamente con la maschera di rete e l'interfaccia appropriate.", "SCAN_SUBNETS_name": "Reti da scansionare", @@ -609,7 +623,7 @@ "Setting_Override": "Sovrascrivi valore", "Setting_Override_Description": "L'abilitazione di questa opzione sovrascriverà il valore predefinito fornito dall'app con il valore specificato sopra.", "Settings_Metadata_Toggle": "Mostra/nascondi i metadati per l'impostazione specificata.", - "Settings_Show_Description": "Mostra descrizione dell'impostazione.", + "Settings_Show_Description": "Mostra descrizione", "Settings_device_Scanners_desync": "⚠ Le pianificazioni dello scanner del dispositivo non sono sincronizzate.", "Settings_device_Scanners_desync_popup": "Gli orari degli scanner dei dispositivi (*_RUN_SCHD) non sono gli stessi. Questo comporterà notifiche online/offline incoerenti del dispositivo. A meno che ciò non sia previsto, utilizza la stessa pianificazione per tutti gli 🔍 scanner dispositivi abilitati.", "Speedtest_Results": "Risultati test di velocità", @@ -775,4 +789,4 @@ "settings_system_label": "Sistema", "settings_update_item_warning": "Aggiorna il valore qui sotto. Fai attenzione a seguire il formato precedente. La convalida non viene eseguita.", "test_event_tooltip": "Salva le modifiche prima di provare le nuove impostazioni." -} \ No newline at end of file +} diff --git a/front/php/templates/language/ja_jp.json b/front/php/templates/language/ja_jp.json index 55f7cb4d..2c00ce59 100644 --- a/front/php/templates/language/ja_jp.json +++ b/front/php/templates/language/ja_jp.json @@ -198,7 +198,7 @@ "DevDetail_button_Save": "保存", "DeviceEdit_ValidMacIp": "有効なMacIPアドレスを入力します.", "Device_MultiEdit": "マルチエディタ", - "Device_MultiEdit_Backup": "注意:以下の項目に誤った値を入力すると設定が破損します。まずデータベースまたはデバイスの設定をバックアップしてください(クリックしてダウンロード)。このファイルからデバイスを復元する方法については、バックアップのドキュメントを参照してください。変更を適用するには、更新したい各フィールドの保存アイコンをクリックしてください。", + "Device_MultiEdit_Backup": "注意:以下の項目に誤った値を入力すると設定が破損します。まずデータベースまたはデバイスの設定をバックアップしてください(クリックしてダウンロード)。このファイルからデバイスを復元する方法については、バックアップのドキュメントを参照してください。変更を適用するには、更新したい各フィールドの保存アイコンをクリックしてください。", "Device_MultiEdit_Fields": "フィールドの編集:", "Device_MultiEdit_MassActions": "大量のアクション:", "Device_MultiEdit_No_Devices": "デバイスが選択されていません。", @@ -226,6 +226,8 @@ "Device_TableHead_FirstSession": "初回セッション", "Device_TableHead_GUID": "GUID", "Device_TableHead_Group": "グループ", + "Device_TableHead_IPv4": "", + "Device_TableHead_IPv6": "", "Device_TableHead_Icon": "アイコン", "Device_TableHead_LastIP": "直近のIP", "Device_TableHead_LastIPOrder": "直近のIP順", @@ -249,6 +251,7 @@ "Device_TableHead_SyncHubNodeName": "同期ノード", "Device_TableHead_Type": "種別", "Device_TableHead_Vendor": "ベンダー", + "Device_TableHead_Vlan": "", "Device_Table_Not_Network_Device": "ネットワーク機器として構成されていない", "Device_Table_info": "_START_~_END_を表示 / _TOTAL_ 件中", "Device_Table_nav_next": "次", @@ -300,6 +303,7 @@ "FieldLock_Error": "", "FieldLock_Lock_Tooltip": "", "FieldLock_Locked": "", + "FieldLock_SaveBeforeLocking": "", "FieldLock_Source_Label": "", "FieldLock_Unlock_Tooltip": "", "FieldLock_Unlocked": "", @@ -410,6 +414,10 @@ "Maintenance_Tool_ImportPastedConfig": "設定のインポート(貼り付け)", "Maintenance_Tool_ImportPastedConfig_noti_text": "貼り付けた設定を本当にインポートしますか?これによりapp.confファイルが完全に上書きされます。", "Maintenance_Tool_ImportPastedConfig_text": "アプリケーション設定をすべて含むapp.confファイルをインポートします。まず設定のエクスポートで現在のapp.confファイルをダウンロードすることをお勧めします。", + "Maintenance_Tool_UnlockFields": "", + "Maintenance_Tool_UnlockFields_noti": "", + "Maintenance_Tool_UnlockFields_noti_text": "", + "Maintenance_Tool_UnlockFields_text": "", "Maintenance_Tool_arpscansw": "arpスキャンの切り替え(オン/オフ)", "Maintenance_Tool_arpscansw_noti": "arpスキャンをオンまたはオフにする", "Maintenance_Tool_arpscansw_noti_text": "スキャンをオフにした場合、再度有効化されるまでオフのままとなります。", @@ -419,6 +427,9 @@ "Maintenance_Tool_backup_noti_text": "データベースのバックアップを実行してもよろしいですか? 現在スキャンが実行されていないことを確認してください。", "Maintenance_Tool_backup_text": "データベースのバックアップは、作成日をファイル名としたzipアーカイブとしてデータベースディレクトリ内に配置されます。バックアップの最大数は存在しません。", "Maintenance_Tool_check_visible": "チェックを外すと列を非表示にします。", + "Maintenance_Tool_clearSourceFields_selected": "", + "Maintenance_Tool_clearSourceFields_selected_noti": "", + "Maintenance_Tool_clearSourceFields_selected_text": "", "Maintenance_Tool_darkmode": "モード切替(ダーク/ライト)", "Maintenance_Tool_darkmode_noti": "モード切替", "Maintenance_Tool_darkmode_noti_text": "テーマ変更後、変更を有効化するためにページを再読み込みします。必要に応じて、キャッシュをクリアする必要があります。", @@ -449,6 +460,7 @@ "Maintenance_Tool_del_unknowndev_noti": "(Unknown)のデバイスを削除", "Maintenance_Tool_del_unknowndev_noti_text": "すべての(Unknown)のデバイスと(name not found)のデバイスを削除してもよろしいですか?", "Maintenance_Tool_del_unknowndev_text": "この機能を使用する前に、必ずバックアップを作成してください。削除操作は元に戻せません。データベースから(Unknown)という名前のデバイスをすべて削除します。", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "", "Maintenance_Tool_displayed_columns_text": "デバイスページの列の表示状態と順序を変更します。", "Maintenance_Tool_drag_me": "ドラッグして列を並べ替え。", "Maintenance_Tool_order_columns_text": "Maintenance_Tool_order_columns_text", @@ -460,6 +472,8 @@ "Maintenance_Tool_restore_noti": "DB復元", "Maintenance_Tool_restore_noti_text": "データベースの復元を実行してもよろしいですか? 現在スキャンが実行されていないことを確認してください。", "Maintenance_Tool_restore_text": "最新のバックアップはボタンから復元できますが、それ以前のバックアップは手動でのみ復元可能です。復元後は、バックアップ作成時にデータベースが書き込まれていた場合に備え、安全のためデータベースの整合性チェックを実施してください。", + "Maintenance_Tool_unlockFields_selecteddev": "", + "Maintenance_Tool_unlockFields_selecteddev_noti": "", "Maintenance_Tool_upgrade_database_noti": "データベースアップグレード", "Maintenance_Tool_upgrade_database_noti_text": "データベースをアップグレードしてもよろしいですか?
(アーカイブすることをお勧めします)", "Maintenance_Tool_upgrade_database_text": "このボタンをクリックすると、データベースがアップグレードされ、過去12時間のネットワーク活動チャートが表示可能になります。問題発生に備え、データベースのバックアップを必ず行ってください。", diff --git a/front/php/templates/language/nb_no.json b/front/php/templates/language/nb_no.json index cb24ee12..e86b9200 100644 --- a/front/php/templates/language/nb_no.json +++ b/front/php/templates/language/nb_no.json @@ -198,7 +198,7 @@ "DevDetail_button_Save": "Lagre", "DeviceEdit_ValidMacIp": "", "Device_MultiEdit": "Multiredigering", - "Device_MultiEdit_Backup": "Forsiktig, hvis du legger inn feil verdier nedenfor, vil oppsettet ditt ødelegges. Ta sikkerhetskopi av databasen eller enhetskonfigurasjonen først (klikk for å laste ned ). Les hvordan du gjenoppretter enheter fra denne filen i Sikkerhetskopierings dokumentasjon.", + "Device_MultiEdit_Backup": "Forsiktig, hvis du legger inn feil verdier nedenfor, vil oppsettet ditt ødelegges. Ta sikkerhetskopi av databasen eller enhetskonfigurasjonen først (klikk for å laste ned ). Les hvordan du gjenoppretter enheter fra denne filen i Sikkerhetskopierings dokumentasjon.", "Device_MultiEdit_Fields": "Rediger felt:", "Device_MultiEdit_MassActions": "Flerhandlinger:", "Device_MultiEdit_No_Devices": "", @@ -226,6 +226,8 @@ "Device_TableHead_FirstSession": "Første Økt", "Device_TableHead_GUID": "GUID", "Device_TableHead_Group": "Gruppe", + "Device_TableHead_IPv4": "", + "Device_TableHead_IPv6": "", "Device_TableHead_Icon": "Ikon", "Device_TableHead_LastIP": "Siste IP", "Device_TableHead_LastIPOrder": "Siste IP Rekkefølge", @@ -249,6 +251,7 @@ "Device_TableHead_SyncHubNodeName": "Synkroniser Node", "Device_TableHead_Type": "Type", "Device_TableHead_Vendor": "Leverandør", + "Device_TableHead_Vlan": "", "Device_Table_Not_Network_Device": "Ikke konfigurert som en nettverksenhet", "Device_Table_info": "Showing _START_ to _END_ of _TOTAL_ entries", "Device_Table_nav_next": "Neste", @@ -300,6 +303,7 @@ "FieldLock_Error": "", "FieldLock_Lock_Tooltip": "", "FieldLock_Locked": "", + "FieldLock_SaveBeforeLocking": "", "FieldLock_Source_Label": "", "FieldLock_Unlock_Tooltip": "", "FieldLock_Unlocked": "", @@ -410,6 +414,10 @@ "Maintenance_Tool_ImportPastedConfig": "", "Maintenance_Tool_ImportPastedConfig_noti_text": "", "Maintenance_Tool_ImportPastedConfig_text": "", + "Maintenance_Tool_UnlockFields": "", + "Maintenance_Tool_UnlockFields_noti": "", + "Maintenance_Tool_UnlockFields_noti_text": "", + "Maintenance_Tool_UnlockFields_text": "", "Maintenance_Tool_arpscansw": "Slå arp-Scan (på/av)", "Maintenance_Tool_arpscansw_noti": "Slå arp-Scan på eller av", "Maintenance_Tool_arpscansw_noti_text": "Når skanningen er slått av, forblir den slått av til den aktiveres igjen.", @@ -419,6 +427,9 @@ "Maintenance_Tool_backup_noti_text": "Er du sikker på at du vil kjøre Database Sikkerhetskopiering? Pass på at ingen skanning kjører for øyeblikket.", "Maintenance_Tool_backup_text": "Databasesikkerhetskopiene er plassert i databasekatalogen som et zip-arkiv, navngitt med opprettelsesdatoen. Det er ikke noe maksimalt antall sikkerhetskopier.", "Maintenance_Tool_check_visible": "Fjern merket for å skjule kolonne.", + "Maintenance_Tool_clearSourceFields_selected": "", + "Maintenance_Tool_clearSourceFields_selected_noti": "", + "Maintenance_Tool_clearSourceFields_selected_text": "", "Maintenance_Tool_darkmode": "Bytt Modus (mørk/lys)", "Maintenance_Tool_darkmode_noti": "Bytt Modus", "Maintenance_Tool_darkmode_noti_text": "Etter tema bytte, prøver siden å laste seg inn på nytt for å aktivere endringen. Om nødvendig må hurtigbufferen tømmes.", @@ -449,6 +460,7 @@ "Maintenance_Tool_del_unknowndev_noti": "Slett (ukjente) Enheter", "Maintenance_Tool_del_unknowndev_noti_text": "Er du sikker på at du vil slette alle (ukjente) og (navn ikke funnet) enheter?", "Maintenance_Tool_del_unknowndev_text": "Før du bruker denne funksjonen, vennligst ta en sikkerhetskopi. Slettingen kan ikke angres. Alle enheter som heter (ukjent) vil bli slettet fra databasen.", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "", "Maintenance_Tool_displayed_columns_text": "Endre synligheten og rekkefølgen på kolonnene i Enheter siden.", "Maintenance_Tool_drag_me": "Dra meg for å endre rekkefølge på kolonner.", "Maintenance_Tool_order_columns_text": "Maintenance_Tool_order_columns_text", @@ -460,6 +472,8 @@ "Maintenance_Tool_restore_noti": "Gjenopprett DB", "Maintenance_Tool_restore_noti_text": "Er du sikker på at du vil utføre DB-gjenopprettingen? Forsikre deg om at ingen skanning kjører for øyeblikket.", "Maintenance_Tool_restore_text": "Den siste sikkerhetskopien kan gjenopprettes via knappen, men eldre sikkerhetskopier kan bare gjenopprettes manuelt. Etter gjenoppretting, gjør du en integritetskontroll på databasen for sikkerhet, i tilfelle DB for øyeblikket var i skrivetilgang da sikkerhetskopien ble opprettet.", + "Maintenance_Tool_unlockFields_selecteddev": "", + "Maintenance_Tool_unlockFields_selecteddev_noti": "", "Maintenance_Tool_upgrade_database_noti": "Oppgrader databasen", "Maintenance_Tool_upgrade_database_noti_text": "Er du sikker på at du vil oppgradere databasen?
(kanskje du foretrekker å arkivere den)", "Maintenance_Tool_upgrade_database_text": "Denne knappen vil oppgradere databasen for å aktivere nettverksaktiviteten i løpet av de siste 12 timene. Vennligst ta en sikkerhetskopi av databasen din i tilfelle det oppstår problemer.", diff --git a/front/php/templates/language/pl_pl.json b/front/php/templates/language/pl_pl.json index 6bd19942..877376bd 100644 --- a/front/php/templates/language/pl_pl.json +++ b/front/php/templates/language/pl_pl.json @@ -198,7 +198,7 @@ "DevDetail_button_Save": "Zapisz", "DeviceEdit_ValidMacIp": "Wprowadź poprawny adres MAC oraz adres IP.", "Device_MultiEdit": "Edycja zbiorcza", - "Device_MultiEdit_Backup": "Uwaga, wprowadzenie niepoprawnych wartości poniżej może uszkodzić Twoją konfigurację. Najpierw wykonaj kopię zapasową bazy danych lub konfiguracji urządzeń (kliknij, aby pobrać ). Instrukcje odzyskiwania urządzeń z tego pliku znajdziesz w dokumentacji kopii zapasowych. Aby zastosować zmiany, kliknij ikonę Zapisz przy każdym polu, które chcesz zaktualizować.", + "Device_MultiEdit_Backup": "Uwaga, wprowadzenie niepoprawnych wartości poniżej może uszkodzić Twoją konfigurację. Najpierw wykonaj kopię zapasową bazy danych lub konfiguracji urządzeń (kliknij, aby pobrać ). Instrukcje odzyskiwania urządzeń z tego pliku znajdziesz w dokumentacji kopii zapasowych. Aby zastosować zmiany, kliknij ikonę Zapisz przy każdym polu, które chcesz zaktualizować.", "Device_MultiEdit_Fields": "Edytuj pola:", "Device_MultiEdit_MassActions": "Operacje zbiorcze:", "Device_MultiEdit_No_Devices": "", @@ -226,6 +226,8 @@ "Device_TableHead_FirstSession": "Pierwsza sesja", "Device_TableHead_GUID": "GUID", "Device_TableHead_Group": "Grupa", + "Device_TableHead_IPv4": "", + "Device_TableHead_IPv6": "", "Device_TableHead_Icon": "Ikona", "Device_TableHead_LastIP": "Ostatni adres IP", "Device_TableHead_LastIPOrder": "Kolejność ostatniego adresu IP", @@ -249,6 +251,7 @@ "Device_TableHead_SyncHubNodeName": "Węzeł synchronizacji", "Device_TableHead_Type": "Typ", "Device_TableHead_Vendor": "Producent", + "Device_TableHead_Vlan": "", "Device_Table_Not_Network_Device": "Nie skonfigurowano jako urządzenie sieciowe", "Device_Table_info": "Pokazuje _START_ do _END_ z _TOTAL_ wpisów", "Device_Table_nav_next": "Następna", @@ -300,6 +303,7 @@ "FieldLock_Error": "", "FieldLock_Lock_Tooltip": "", "FieldLock_Locked": "", + "FieldLock_SaveBeforeLocking": "", "FieldLock_Source_Label": "", "FieldLock_Unlock_Tooltip": "", "FieldLock_Unlocked": "", @@ -410,6 +414,10 @@ "Maintenance_Tool_ImportPastedConfig": "Import ustawień (wklej)", "Maintenance_Tool_ImportPastedConfig_noti_text": "Czy na pewno chcesz zaimportować wklejone ustawienia konfiguracyjne? Spowoduje to całkowite nadpisanie pliku app.conf.", "Maintenance_Tool_ImportPastedConfig_text": "Importuje plik app.conf zawierający wszystkie ustawienia aplikacji. Zaleca się najpierw pobrać aktualny plik app.conf za pomocą opcji Eksport ustawień.", + "Maintenance_Tool_UnlockFields": "", + "Maintenance_Tool_UnlockFields_noti": "", + "Maintenance_Tool_UnlockFields_noti_text": "", + "Maintenance_Tool_UnlockFields_text": "", "Maintenance_Tool_arpscansw": "Przełącz skanowanie ARP (wł./wył.)", "Maintenance_Tool_arpscansw_noti": "Włącz lub wyłącz skanowanie ARP", "Maintenance_Tool_arpscansw_noti_text": "Po wyłączeniu skanowania pozostaje ono nieaktywne, dopóki nie zostanie ponownie włączone.", @@ -419,6 +427,9 @@ "Maintenance_Tool_backup_noti_text": "Czy na pewno chcesz wykonać kopię zapasową bazy danych? Upewnij się, że żadne skanowanie nie jest obecnie uruchomione.", "Maintenance_Tool_backup_text": "Kopie zapasowe bazy danych są zapisywane w katalogu bazy danych jako archiwum ZIP, nazwane zgodnie z datą utworzenia. Nie ma ustalonego limitu liczby kopii zapasowych.", "Maintenance_Tool_check_visible": "Usuń zaznaczenie, aby ukryć kolumnę.", + "Maintenance_Tool_clearSourceFields_selected": "", + "Maintenance_Tool_clearSourceFields_selected_noti": "", + "Maintenance_Tool_clearSourceFields_selected_text": "", "Maintenance_Tool_darkmode": "Przełącz tryb (Ciemny/Jasny)", "Maintenance_Tool_darkmode_noti": "Przełącz tryb", "Maintenance_Tool_darkmode_noti_text": "Po zmianie motywu strona próbuje przeładować się, aby zastosować zmiany. W razie potrzeby należy wyczyścić pamięć podręczną (cache).", @@ -449,6 +460,7 @@ "Maintenance_Tool_del_unknowndev_noti": "Usuń (nieznane) urządzenia", "Maintenance_Tool_del_unknowndev_noti_text": "Czy na pewno chcesz usunąć wszystkie urządzenia oznaczone jako (nieznane) oraz (nie znaleziono nazwy)?", "Maintenance_Tool_del_unknowndev_text": "Przed użyciem tej funkcji wykonaj kopię zapasową. Usunięcie nie może zostać cofnięte. Wszystkie urządzenia o nazwie „(nieznane)” zostaną usunięte z bazy danych.", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "", "Maintenance_Tool_displayed_columns_text": "Zmień widoczność i kolejność kolumn na stronie Urządzenia.", "Maintenance_Tool_drag_me": "Przeciągnij, aby zmienić kolejność kolumn.", "Maintenance_Tool_order_columns_text": "Narzędzie_konserwacji_kolejność_kolumn_tekst", @@ -460,6 +472,8 @@ "Maintenance_Tool_restore_noti": "Przywracanie bazy danych", "Maintenance_Tool_restore_noti_text": "Czy na pewno chcesz wykonać przywracanie bazy danych? Upewnij się, że w tej chwili nie jest uruchomione żadne skanowanie.", "Maintenance_Tool_restore_text": "Najnowszą kopię zapasową można przywrócić za pomocą przycisku, ale starsze kopie można przywrócić wyłącznie ręcznie. Po zakończeniu przywracania wykonaj kontrolę integralności bazy danych, aby upewnić się, że dane są spójne — szczególnie jeśli kopia została utworzona w momencie, gdy baza danych była w trybie zapisu.", + "Maintenance_Tool_unlockFields_selecteddev": "", + "Maintenance_Tool_unlockFields_selecteddev_noti": "", "Maintenance_Tool_upgrade_database_noti": "Aktualizacja bazy danych", "Maintenance_Tool_upgrade_database_noti_text": "Czy na pewno chcesz uaktualnić bazę danych?
(Może wolisz najpierw ją zarchiwizować)", "Maintenance_Tool_upgrade_database_text": "Ten przycisk uaktualni bazę danych, aby włączyć wykres aktywności sieci z ostatnich 12 godzin. Przed kontynuacją wykonaj kopię zapasową bazy danych na wypadek problemów.", diff --git a/front/php/templates/language/pt_br.json b/front/php/templates/language/pt_br.json index a194c657..5adbb5cd 100644 --- a/front/php/templates/language/pt_br.json +++ b/front/php/templates/language/pt_br.json @@ -198,7 +198,7 @@ "DevDetail_button_Save": "Salvar", "DeviceEdit_ValidMacIp": "Insira um endereço Mac e IP válidos.", "Device_MultiEdit": "Edição múltipla", - "Device_MultiEdit_Backup": "Cuidado, inserir valores errados abaixo interromperá sua configuração. Faça backup do seu banco de dados ou da configuração dos dispositivos primeiro (clique para baixar ). Leia como recuperar dispositivos deste arquivo no Documentação de backups.", + "Device_MultiEdit_Backup": "Cuidado, inserir valores errados abaixo interromperá sua configuração. Faça backup do seu banco de dados ou da configuração dos dispositivos primeiro (clique para baixar ). Leia como recuperar dispositivos deste arquivo no Documentação de backups.", "Device_MultiEdit_Fields": "Editar campos:", "Device_MultiEdit_MassActions": "Ações em massa:", "Device_MultiEdit_No_Devices": "", @@ -226,6 +226,8 @@ "Device_TableHead_FirstSession": "Primeira sessão", "Device_TableHead_GUID": "GUID", "Device_TableHead_Group": "Grupo", + "Device_TableHead_IPv4": "", + "Device_TableHead_IPv6": "", "Device_TableHead_Icon": "Ícone", "Device_TableHead_LastIP": "Último IP", "Device_TableHead_LastIPOrder": "Último pedido de IP", @@ -249,6 +251,7 @@ "Device_TableHead_SyncHubNodeName": "Nó de sincronização", "Device_TableHead_Type": "Tipo", "Device_TableHead_Vendor": "Fornecedor", + "Device_TableHead_Vlan": "", "Device_Table_Not_Network_Device": "Não configurado como um dispositivo de rede", "Device_Table_info": "Mostrando _START_ de _END_ do _TOTAL_ entradas", "Device_Table_nav_next": "Próximo", @@ -300,6 +303,7 @@ "FieldLock_Error": "", "FieldLock_Lock_Tooltip": "", "FieldLock_Locked": "", + "FieldLock_SaveBeforeLocking": "", "FieldLock_Source_Label": "", "FieldLock_Unlock_Tooltip": "", "FieldLock_Unlocked": "", @@ -410,6 +414,10 @@ "Maintenance_Tool_ImportPastedConfig": "Configurações Importar (colar)", "Maintenance_Tool_ImportPastedConfig_noti_text": "Tem certeza de que deseja importar as configurações coladas? Isso irá sobrescrever completamente o arquivo app.conf.", "Maintenance_Tool_ImportPastedConfig_text": "Importa o arquivo app.conf contendo todas as configurações do aplicativo. Você pode querer baixar primeiro o arquivo app.conf com a Exportação de configurações.", + "Maintenance_Tool_UnlockFields": "", + "Maintenance_Tool_UnlockFields_noti": "", + "Maintenance_Tool_UnlockFields_noti_text": "", + "Maintenance_Tool_UnlockFields_text": "", "Maintenance_Tool_arpscansw": "Alternar arp-Scan (ligado/desligado)", "Maintenance_Tool_arpscansw_noti": "Ativar ou desativar o arp-Scan", "Maintenance_Tool_arpscansw_noti_text": "Quando o scanner é desligado, permanece desligado até ser novamente ativado.", @@ -419,6 +427,9 @@ "Maintenance_Tool_backup_noti_text": "Tem a certeza de que pretende executar a cópia de segurança da BD? Certifique-se de que não está a ser executada nenhuma verificação.", "Maintenance_Tool_backup_text": "Os backups do banco de dados estão localizados no diretório do banco de dados como um zip-archive, nomeado com a data de criação. Não há nenhum número máximo de backups.", "Maintenance_Tool_check_visible": "Desmarque para esconder a coluna.", + "Maintenance_Tool_clearSourceFields_selected": "", + "Maintenance_Tool_clearSourceFields_selected_noti": "", + "Maintenance_Tool_clearSourceFields_selected_text": "", "Maintenance_Tool_darkmode": "Modos de alternância (escuro/claro)", "Maintenance_Tool_darkmode_noti": "Modos de alternância", "Maintenance_Tool_darkmode_noti_text": "Após a mudança de tema, a página tenta recarregar-se para ativar a alteração. Se necessário, a cache deve ser limpa.", @@ -449,6 +460,7 @@ "Maintenance_Tool_del_unknowndev_noti": "Excluir (desconhecido) Dispositivos", "Maintenance_Tool_del_unknowndev_noti_text": "Tem certeza de que deseja excluir todos (desconhecido) e (nome não encontrado) dispositivos?", "Maintenance_Tool_del_unknowndev_text": "Antes de usar esta função, faça um backup. A exclusão não pode ser desfeita. Todos os dispositivos nomeados (não conhecidos) serão excluídos do banco de dados.", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "", "Maintenance_Tool_displayed_columns_text": "Altere a visibilidade e a ordem das colunas na página Dispositivos.", "Maintenance_Tool_drag_me": "Arraste-me para reordenar colunas.", "Maintenance_Tool_order_columns_text": "Maintenance_Tool_order_columns_text", @@ -460,6 +472,8 @@ "Maintenance_Tool_restore_noti": "Restauração de DB", "Maintenance_Tool_restore_noti_text": "Tem a certeza de que quer executar a Restauração DB? Certifique-se de que nenhuma varredura está funcionando atualmente.", "Maintenance_Tool_restore_text": "O backup mais recente pode ser restaurado através do botão, mas os backups mais antigos só podem ser restaurados manualmente. Após a restauração, faça uma verificação de integridade no banco de dados para segurança, caso o db estivesse atualmente em acesso de gravação quando o backup foi criado.", + "Maintenance_Tool_unlockFields_selecteddev": "", + "Maintenance_Tool_unlockFields_selecteddev_noti": "", "Maintenance_Tool_upgrade_database_noti": "Atualizar a base de dados", "Maintenance_Tool_upgrade_database_noti_text": "Tem certeza de que deseja atualizar o banco de dados?
(talvez você prefira arquivá-lo)", "Maintenance_Tool_upgrade_database_text": "Este botão actualizará a base de dados para ativar o gráfico Atividade de rede nas últimas 12 horas. Faça uma cópia de segurança da sua base de dados em caso de problemas.", diff --git a/front/php/templates/language/pt_pt.json b/front/php/templates/language/pt_pt.json index f675c673..c44b0545 100644 --- a/front/php/templates/language/pt_pt.json +++ b/front/php/templates/language/pt_pt.json @@ -226,6 +226,8 @@ "Device_TableHead_FirstSession": "Primeira sessão", "Device_TableHead_GUID": "GUID", "Device_TableHead_Group": "Grupo", + "Device_TableHead_IPv4": "", + "Device_TableHead_IPv6": "", "Device_TableHead_Icon": "Ícone", "Device_TableHead_LastIP": "Último IP", "Device_TableHead_LastIPOrder": "Último pedido de IP", @@ -249,6 +251,7 @@ "Device_TableHead_SyncHubNodeName": "Nó de sincronização", "Device_TableHead_Type": "Tipo", "Device_TableHead_Vendor": "Fornecedor", + "Device_TableHead_Vlan": "", "Device_Table_Not_Network_Device": "Não configurado como um dispositivo de rede", "Device_Table_info": "A mostrar _START_ to _END_ of _TOTAL_ entradas", "Device_Table_nav_next": "Próximo", @@ -300,6 +303,7 @@ "FieldLock_Error": "", "FieldLock_Lock_Tooltip": "", "FieldLock_Locked": "", + "FieldLock_SaveBeforeLocking": "", "FieldLock_Source_Label": "", "FieldLock_Unlock_Tooltip": "", "FieldLock_Unlocked": "", @@ -410,6 +414,10 @@ "Maintenance_Tool_ImportPastedConfig": "Configurações Importar (colar)", "Maintenance_Tool_ImportPastedConfig_noti_text": "Tem certeza de que deseja importar as configurações coladas? Isto irá sobrescrever completamente o ficheiro app.conf.", "Maintenance_Tool_ImportPastedConfig_text": "Importa o ficheiro app.conf contendo todas as configurações da aplicação. Pode descarregar primeiro o ficheiro app.conf com a Exportação de configurações.", + "Maintenance_Tool_UnlockFields": "", + "Maintenance_Tool_UnlockFields_noti": "", + "Maintenance_Tool_UnlockFields_noti_text": "", + "Maintenance_Tool_UnlockFields_text": "", "Maintenance_Tool_arpscansw": "Alternar arp-Scan (ligado/desligado)", "Maintenance_Tool_arpscansw_noti": "Ativar ou desativar o arp-Scan", "Maintenance_Tool_arpscansw_noti_text": "Quando a análise é desligada, permanece desligada até ser novamente ativada.", @@ -419,6 +427,9 @@ "Maintenance_Tool_backup_noti_text": "Tem a certeza de que pretende executar a cópia de segurança da BD? Certifique-se de que não está a ser executada nenhuma verificação.", "Maintenance_Tool_backup_text": "Os backups da base de dados estão localizadas no diretório da base de dados como um arquivo zip, nomeado com a data de criação. Não há nenhum número máximo de backups.", "Maintenance_Tool_check_visible": "Desmarque para esconder a coluna.", + "Maintenance_Tool_clearSourceFields_selected": "", + "Maintenance_Tool_clearSourceFields_selected_noti": "", + "Maintenance_Tool_clearSourceFields_selected_text": "", "Maintenance_Tool_darkmode": "Modos de alternância (escuro/claro)", "Maintenance_Tool_darkmode_noti": "Modos de alternância", "Maintenance_Tool_darkmode_noti_text": "Após a mudança de tema, a página tenta recarregar-se para ativar a alteração. Se necessário, a cache deve ser limpa.", @@ -449,6 +460,7 @@ "Maintenance_Tool_del_unknowndev_noti": "Eliminar dispositivos desconhecidos", "Maintenance_Tool_del_unknowndev_noti_text": "Tem certeza que deseja apagar todos (desconhecidos) e (nome não encontrados) dispositivos?", "Maintenance_Tool_del_unknowndev_text": "Antes de usar esta função, faça um backup. Apagar não pode ser desfeito. Todos os dispositivos nomeados (não conhecidos) serão apagados da base de dados.", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "", "Maintenance_Tool_displayed_columns_text": "Altere a visibilidade e a ordem das colunas na página Dispositivos.", "Maintenance_Tool_drag_me": "Arraste-me para reordenar colunas.", "Maintenance_Tool_order_columns_text": "Maintenance_Tool_order_columns_text", @@ -460,6 +472,8 @@ "Maintenance_Tool_restore_noti": "Restauração de DB", "Maintenance_Tool_restore_noti_text": "Tem a certeza de que quer executar a Restauração DB? Certifique-se de que nenhuma varredura funciona atualmente.", "Maintenance_Tool_restore_text": "O backup mais recente pode ser restaurado através do botão, mas os backups mais antigos só podem ser restaurados manualmente. Após a restauração, faça uma verificação de integridade na base de dados para segurança, caso o db estivesse atualmente em acesso de gravação quando o backup foi criado.", + "Maintenance_Tool_unlockFields_selecteddev": "", + "Maintenance_Tool_unlockFields_selecteddev_noti": "", "Maintenance_Tool_upgrade_database_noti": "Atualizar a base de dados", "Maintenance_Tool_upgrade_database_noti_text": "Tem certeza de que deseja atualizar a base de dados?
(talvez prefira arquivá-la)", "Maintenance_Tool_upgrade_database_text": "Este botão atualizará a base de dados para ativar o gráfico Atividade de rede nas últimas 12 horas. Faça uma cópia de segurança da sua base de dados em caso de problemas.", diff --git a/front/php/templates/language/ru_ru.json b/front/php/templates/language/ru_ru.json index 595ed347..8386626e 100644 --- a/front/php/templates/language/ru_ru.json +++ b/front/php/templates/language/ru_ru.json @@ -98,10 +98,10 @@ "DevDetail_MainInfo_Network": " Узел (MAC)", "DevDetail_MainInfo_Network_Port": " Порт", "DevDetail_MainInfo_Network_Site": "Сайт", - "DevDetail_MainInfo_Network_Title": "Сеть", + "DevDetail_MainInfo_Network_Title": "Сведения о сети", "DevDetail_MainInfo_Owner": "Владелец", "DevDetail_MainInfo_SSID": "SSID", - "DevDetail_MainInfo_Title": "Основное", + "DevDetail_MainInfo_Title": "Информация об устройстве", "DevDetail_MainInfo_Type": "Тип", "DevDetail_MainInfo_Vendor": "Поставщик", "DevDetail_MainInfo_mac": "MAC адрес", @@ -198,15 +198,15 @@ "DevDetail_button_Save": "Сохранить", "DeviceEdit_ValidMacIp": "Введите действительный Mac и IP адрес.", "Device_MultiEdit": "Мультиредакт", - "Device_MultiEdit_Backup": "Будьте осторожны: ввод неправильных значений ниже приведет к поломке вашей настройки. Сначала сделайте резервную копию базы данных или конфигурации устройств (нажмите для загрузки ). О том, как восстановить Устройства из этого файла, читайте в разделе Документация о резервном копировании. Чтобы применить свои изменения, нажмите на значок Сохранить в каждом поле, которое вы хотите обновить.", + "Device_MultiEdit_Backup": "Будьте осторожны: ввод неправильных значений ниже приведет к поломке вашей настройки. Сначала сделайте резервную копию базы данных или конфигурации устройств (нажмите для загрузки ). О том, как восстановить Устройства из этого файла, читайте в разделе Документация о резервном копировании. Чтобы применить свои изменения, нажмите на значок Сохранить в каждом поле, которое вы хотите обновить.", "Device_MultiEdit_Fields": "Редактировать поля:", "Device_MultiEdit_MassActions": "Массовые действия:", "Device_MultiEdit_No_Devices": "Устройства не выбраны.", "Device_MultiEdit_Tooltip": "Осторожно. При нажатии на эту кнопку значение слева будет применено ко всем устройствам, выбранным выше.", - "Device_Save_Failed": "", - "Device_Save_Unauthorized": "", - "Device_Saved_Success": "", - "Device_Saved_Unexpected": "", + "Device_Save_Failed": "Не удалось сохранить устройство", + "Device_Save_Unauthorized": "Не авторизован - недействительный токен API", + "Device_Saved_Success": "Устройство успешно сохранено", + "Device_Saved_Unexpected": "Обновление устройства дало неожиданный ответ", "Device_Searchbox": "Поиск", "Device_Shortcut_AllDevices": "Мои устройства", "Device_Shortcut_AllNodes": "Все узлы", @@ -226,6 +226,8 @@ "Device_TableHead_FirstSession": "Первый сеанс", "Device_TableHead_GUID": "GUID", "Device_TableHead_Group": "Группа", + "Device_TableHead_IPv4": "IPv4", + "Device_TableHead_IPv6": "IPv6", "Device_TableHead_Icon": "Значок", "Device_TableHead_LastIP": "Последний IP", "Device_TableHead_LastIPOrder": "Последний IP-запрос", @@ -249,6 +251,7 @@ "Device_TableHead_SyncHubNodeName": "Узел синхронизации", "Device_TableHead_Type": "Тип", "Device_TableHead_Vendor": "Поставщик", + "Device_TableHead_Vlan": "VLAN", "Device_Table_Not_Network_Device": "Не настроено как сетевое устройство", "Device_Table_info": "Показаны с _START_ по _END_ из _TOTAL_ записей", "Device_Table_nav_next": "Следующая", @@ -296,13 +299,14 @@ "Events_Tablelenght": "Показать _MENU_ записей", "Events_Tablelenght_all": "Все", "Events_Title": "События", - "FakeMAC_hover": "Автоопределение — указывает, использует ли устройство ПОДДЕЛЬНЫЙ MAC-адрес (начинающийся с FA:CE или 00:1A), обычно создаваемый плагином, который не может обнаружить настоящий MAC-адрес, или при создании фиктивного устройства.", - "FieldLock_Error": "", - "FieldLock_Lock_Tooltip": "", - "FieldLock_Locked": "", - "FieldLock_Source_Label": "", - "FieldLock_Unlock_Tooltip": "", - "FieldLock_Unlocked": "", + "FakeMAC_hover": "Это устройство имеет поддельный MAC-адрес", + "FieldLock_Error": "Ошибка при обновлении статуса блокировки поля", + "FieldLock_Lock_Tooltip": "Заблокировать поле (предотвратить перезапись плагином)", + "FieldLock_Locked": "Поле заблокировано", + "FieldLock_SaveBeforeLocking": "Сохранить изменения перед блокировкой", + "FieldLock_Source_Label": "Источник: ", + "FieldLock_Unlock_Tooltip": "Разблокировать поле (разрешить перезапись плагином)", + "FieldLock_Unlocked": "Поле разблокировано", "GRAPHQL_PORT_description": "Номер порта сервера GraphQL. Убедитесь, что порт уникален для всех ваших приложений на этом хосте и экземпляров NetAlertX.", "GRAPHQL_PORT_name": "Порт GraphQL", "Gen_Action": "Действия", @@ -410,6 +414,10 @@ "Maintenance_Tool_ImportPastedConfig": "Импорт настроек (вставка)", "Maintenance_Tool_ImportPastedConfig_noti_text": "Вы уверены, что хотите импортировать вставленные настройки конфигурации? Это полностью перезапишет файл app.conf.", "Maintenance_Tool_ImportPastedConfig_text": "Импорт файла app.conf, содержащего все настройки приложения. Возможно, вам захочется сначала загрузить текущий файл app.conf с помощью команды Экспорт настроек.", + "Maintenance_Tool_UnlockFields": "Разблокировать поля устройства", + "Maintenance_Tool_UnlockFields_noti": "Разблокировать поля устройства", + "Maintenance_Tool_UnlockFields_noti_text": "Вы уверены, что хотите очистить все исходные значения (LOCKED/USER) для всех полей на всех устройствах? Это действие нельзя отменить.", + "Maintenance_Tool_UnlockFields_text": "Этот инструмент удалит все исходные значения из всех отслеживаемых полей для всех устройств, эффективно разблокировав все поля для плагинов и пользователей. Используйте его с осторожностью, так как это повлияет на весь ваш парк устройств.", "Maintenance_Tool_arpscansw": "Переключить arp-скан (ВКЛ./ВЫКЛ.)", "Maintenance_Tool_arpscansw_noti": "Включить или выключить arp-скан", "Maintenance_Tool_arpscansw_noti_text": "Когда сканирование было выключено, оно остается выключенным до тех пор, пока не будет активировано снова.", @@ -419,6 +427,9 @@ "Maintenance_Tool_backup_noti_text": "Вы уверены, что хотите выполнить резервное копирование БД? Убедитесь, что в данный момент сканирование не выполняется.", "Maintenance_Tool_backup_text": "Резервные копии базы данных располагаются в каталоге базы данных в виде zip-архива, имя которого соответствует дате создания. Максимального количества резервных копий не существует.", "Maintenance_Tool_check_visible": "Снимите флажок, чтобы скрыть столбец.", + "Maintenance_Tool_clearSourceFields_selected": "Очистить поля источника", + "Maintenance_Tool_clearSourceFields_selected_noti": "Очистить источники", + "Maintenance_Tool_clearSourceFields_selected_text": "Это очистит все поля источника выбранных устройств. Это действие нельзя отменить.", "Maintenance_Tool_darkmode": "Тема (Темная/Светлая)", "Maintenance_Tool_darkmode_noti": "Переключение режимов", "Maintenance_Tool_darkmode_noti_text": "После переключения темы страница пытается перезагрузиться, чтобы активировать изменение. При необходимости кэш необходимо очистить.", @@ -449,6 +460,7 @@ "Maintenance_Tool_del_unknowndev_noti": "Удалить неизвест. устр-ва", "Maintenance_Tool_del_unknowndev_noti_text": "Вы уверены, что хотите удалить все (неизвестные) и (имя не найдено) устройства?", "Maintenance_Tool_del_unknowndev_text": "Прежде чем использовать эту функцию, сделайте резервную копию. Удаление невозможно отменить. Все названные устройства (неизвестные) будут удалены из базы данных.", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "Это разблокирует поля LOCKED/USER выбранных устройств. Это действие нельзя отменить.", "Maintenance_Tool_displayed_columns_text": "Измените видимость и порядок столбцов на странице Устройства.", "Maintenance_Tool_drag_me": "Перетащите элемент, чтобы изменить порядок столбцов.", "Maintenance_Tool_order_columns_text": "Maintenance_Tool_order_columns_text", @@ -460,6 +472,8 @@ "Maintenance_Tool_restore_noti": "Восстановление БД", "Maintenance_Tool_restore_noti_text": "Вы уверены, что хотите выполнить восстановление БД? Убедитесь, что в данный момент сканирование не выполняется.", "Maintenance_Tool_restore_text": "Последнюю резервную копию можно восстановить с помощью кнопки, но более старые резервные копии можно восстановить только вручную. После восстановления выполните проверку целостности базы данных на предмет безопасности, если база данных в данный момент находилась в режиме записи при создании резервной копии.", + "Maintenance_Tool_unlockFields_selecteddev": "Разблокировать поля устройства", + "Maintenance_Tool_unlockFields_selecteddev_noti": "Разблокировать поля", "Maintenance_Tool_upgrade_database_noti": "Обновить базу данных", "Maintenance_Tool_upgrade_database_noti_text": "Вы уверены, что хотите обновить базу данных?
(возможно, вы предпочитаете заархивировать ее)", "Maintenance_Tool_upgrade_database_text": "Эта кнопка обновит базу данных, чтобы включить график сетевой активности за последние 12 часов. Пожалуйста, сделайте резервную копию вашей базы данных на случай возникновения проблем.", @@ -601,7 +615,7 @@ "REPORT_MAIL_description": "Если эта функция включена, по электронной почте будет отправлено письмо со списком изменений, на которые вы подписались. Пожалуйста, также заполните все остальные настройки, связанные с настройкой SMTP, ниже. Если возникли проблемы, установите для LOG_LEVEL значение debug и проверьте журнал ошибок.", "REPORT_MAIL_name": "Включить эл. почту", "REPORT_TITLE": "Отчет", - "RandomMAC_hover": "Автоматически обнаружено — указывает, рандомизирует ли устройство свой MAC-адрес. Вы можете исключить конкретные MAC-адреса с помощью настройки UI_NOT_RANDOM_MAC. Нажмите, чтобы узнать больше.", + "RandomMAC_hover": "Это устройство имеет случайный MAC-адрес", "Reports_Sent_Log": "Отправленные уведомления", "SCAN_SUBNETS_description": "Большинство сетевых сканеров (ARP-SCAN, NMAP, NSLOOKUP, DIG) полагаются на сканирование определенных сетевых интерфейсов и подсетей. Дополнительную информацию по этому параметру можно найти в документации по подсетям, особенно VLAN, какие VLAN поддерживаются или как разобраться в маске сети и своем интерфейсе.

Альтернативой сетевым сканерам является включение некоторых других сканеров/импортеров устройств, которые не полагаются на NetAlertX, имеющий доступ к сети (UNIFI, dhcp.leases , PiHole и др.).

Примечание. Само время сканирования зависит от количества проверяемых IP-адресов, поэтому тщательно настройте его, указав соответствующую маску сети и интерфейс.", "SCAN_SUBNETS_name": "Сети для сканирования", @@ -609,7 +623,7 @@ "Setting_Override": "Переопределить значение", "Setting_Override_Description": "Включение этой опции приведет к переопределению значения по умолчанию, предоставленного приложением, на значение, указанное выше.", "Settings_Metadata_Toggle": "Показать/скрыть метаданные для данного параметра.", - "Settings_Show_Description": "Показать описание настройки.", + "Settings_Show_Description": "Показать описание", "Settings_device_Scanners_desync": "⚠ Расписания сканера устройств не синхронизированы.", "Settings_device_Scanners_desync_popup": "Расписания сканеров устройств (*_RUN_SCHD) не совпадают. Это приведет к несогласованным онлайн/оффлайн уведомлениям устройства. Если это не предусмотрено, используйте одно и то же расписание для всех включенных 🔍Сканеров устройств.", "Speedtest_Results": "Результаты теста скорости", @@ -775,4 +789,4 @@ "settings_system_label": "Система", "settings_update_item_warning": "Обновить значение ниже. Будьте осторожны, следуя предыдущему формату. Проверка не выполняется.", "test_event_tooltip": "Сначала сохраните изменения, прежде чем проверять настройки." -} \ No newline at end of file +} diff --git a/front/php/templates/language/sv_sv.json b/front/php/templates/language/sv_sv.json index dc384fef..74024c1d 100644 --- a/front/php/templates/language/sv_sv.json +++ b/front/php/templates/language/sv_sv.json @@ -226,6 +226,8 @@ "Device_TableHead_FirstSession": "", "Device_TableHead_GUID": "", "Device_TableHead_Group": "", + "Device_TableHead_IPv4": "", + "Device_TableHead_IPv6": "", "Device_TableHead_Icon": "", "Device_TableHead_LastIP": "", "Device_TableHead_LastIPOrder": "", @@ -249,6 +251,7 @@ "Device_TableHead_SyncHubNodeName": "", "Device_TableHead_Type": "", "Device_TableHead_Vendor": "", + "Device_TableHead_Vlan": "", "Device_Table_Not_Network_Device": "", "Device_Table_info": "", "Device_Table_nav_next": "", @@ -300,6 +303,7 @@ "FieldLock_Error": "", "FieldLock_Lock_Tooltip": "", "FieldLock_Locked": "", + "FieldLock_SaveBeforeLocking": "", "FieldLock_Source_Label": "", "FieldLock_Unlock_Tooltip": "", "FieldLock_Unlocked": "", @@ -410,6 +414,10 @@ "Maintenance_Tool_ImportPastedConfig": "", "Maintenance_Tool_ImportPastedConfig_noti_text": "", "Maintenance_Tool_ImportPastedConfig_text": "", + "Maintenance_Tool_UnlockFields": "", + "Maintenance_Tool_UnlockFields_noti": "", + "Maintenance_Tool_UnlockFields_noti_text": "", + "Maintenance_Tool_UnlockFields_text": "", "Maintenance_Tool_arpscansw": "", "Maintenance_Tool_arpscansw_noti": "", "Maintenance_Tool_arpscansw_noti_text": "", @@ -419,6 +427,9 @@ "Maintenance_Tool_backup_noti_text": "", "Maintenance_Tool_backup_text": "", "Maintenance_Tool_check_visible": "", + "Maintenance_Tool_clearSourceFields_selected": "", + "Maintenance_Tool_clearSourceFields_selected_noti": "", + "Maintenance_Tool_clearSourceFields_selected_text": "", "Maintenance_Tool_darkmode": "", "Maintenance_Tool_darkmode_noti": "", "Maintenance_Tool_darkmode_noti_text": "", @@ -449,6 +460,7 @@ "Maintenance_Tool_del_unknowndev_noti": "", "Maintenance_Tool_del_unknowndev_noti_text": "", "Maintenance_Tool_del_unknowndev_text": "", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "", "Maintenance_Tool_displayed_columns_text": "", "Maintenance_Tool_drag_me": "", "Maintenance_Tool_order_columns_text": "", @@ -460,6 +472,8 @@ "Maintenance_Tool_restore_noti": "", "Maintenance_Tool_restore_noti_text": "", "Maintenance_Tool_restore_text": "", + "Maintenance_Tool_unlockFields_selecteddev": "", + "Maintenance_Tool_unlockFields_selecteddev_noti": "", "Maintenance_Tool_upgrade_database_noti": "", "Maintenance_Tool_upgrade_database_noti_text": "", "Maintenance_Tool_upgrade_database_text": "", diff --git a/front/php/templates/language/tr_tr.json b/front/php/templates/language/tr_tr.json index 522b6475..3d54e46c 100644 --- a/front/php/templates/language/tr_tr.json +++ b/front/php/templates/language/tr_tr.json @@ -198,7 +198,7 @@ "DevDetail_button_Save": "Kaydet", "DeviceEdit_ValidMacIp": "Geçerli bir Mac ve IP adresi girin.", "Device_MultiEdit": "Çoklu Düzenleme", - "Device_MultiEdit_Backup": "Dikkat, aşağıya yanlış değerler girmeniz yapılandırmanızı bozabilir. Lütfen önce veritabanınızı veya Cihazlar yapılandırmanızı yedekleyin (İndirmeniz için tıklayın ). Bu dosyadan Cihazları nasıl geri yükleyeceğinizi öğrenmek için Yedekleme dökümantasyonunu okuyun.", + "Device_MultiEdit_Backup": "Dikkat, aşağıya yanlış değerler girmeniz yapılandırmanızı bozabilir. Lütfen önce veritabanınızı veya Cihazlar yapılandırmanızı yedekleyin (İndirmeniz için tıklayın ). Bu dosyadan Cihazları nasıl geri yükleyeceğinizi öğrenmek için Yedekleme dökümantasyonunu okuyun.", "Device_MultiEdit_Fields": "Alanları Düzenle:", "Device_MultiEdit_MassActions": "Toplu komutlar:", "Device_MultiEdit_No_Devices": "", @@ -226,6 +226,8 @@ "Device_TableHead_FirstSession": "İlk Oturum", "Device_TableHead_GUID": "GUID", "Device_TableHead_Group": "Grup", + "Device_TableHead_IPv4": "", + "Device_TableHead_IPv6": "", "Device_TableHead_Icon": "İkon", "Device_TableHead_LastIP": "Son IP", "Device_TableHead_LastIPOrder": "Son IP Sırası", @@ -249,6 +251,7 @@ "Device_TableHead_SyncHubNodeName": "Senkronizasyon Node", "Device_TableHead_Type": "Tür", "Device_TableHead_Vendor": "Üretici", + "Device_TableHead_Vlan": "", "Device_Table_Not_Network_Device": "Ağ cihazı olarak ayarlanmadı", "Device_Table_info": "Showing _START_ to _END_ of _TOTAL_ entries", "Device_Table_nav_next": "Sonraki", @@ -300,6 +303,7 @@ "FieldLock_Error": "", "FieldLock_Lock_Tooltip": "", "FieldLock_Locked": "", + "FieldLock_SaveBeforeLocking": "", "FieldLock_Source_Label": "", "FieldLock_Unlock_Tooltip": "", "FieldLock_Unlocked": "", @@ -410,6 +414,10 @@ "Maintenance_Tool_ImportPastedConfig": "Ayarları İçe Aktar (yapıştır)", "Maintenance_Tool_ImportPastedConfig_noti_text": "Yapıştırılan yapılandırma ayarlarını içe aktarmak istediğinizden emin misiniz? Bu tamamen olacak Üzerine bu app.conf dosya.", "Maintenance_Tool_ImportPastedConfig_text": "İçe aktarır app.conf tüm uygulama Ayarlarını içeren dosya. Güncel olanı indirmek isteyebilirsiniz. app.conf Önce dosya ile Ayarlar Dışa Aktarma.", + "Maintenance_Tool_UnlockFields": "", + "Maintenance_Tool_UnlockFields_noti": "", + "Maintenance_Tool_UnlockFields_noti_text": "", + "Maintenance_Tool_UnlockFields_text": "", "Maintenance_Tool_arpscansw": "arp-Scan arasında geçiş yapın (açık/kapalı)", "Maintenance_Tool_arpscansw_noti": "arp-Scan'i açma veya kapatma", "Maintenance_Tool_arpscansw_noti_text": "Tarama kapatıldığında, tekrar etkinleştirilene kadar kapalı kalır.", @@ -419,6 +427,9 @@ "Maintenance_Tool_backup_noti_text": "DB Yedeklemesini yürütmek istediğinizden emin misiniz? Şu anda hiçbir taramanın çalışmadığından emin olun.", "Maintenance_Tool_backup_text": "Veritabanı yedekleri, veritabanı dizininde, oluşturulma tarihiyle adlandırılan bir zip arşivi olarak bulunur. Maksimum yedekleme sayısı yoktur.", "Maintenance_Tool_check_visible": "Sütunu gizlemek için işareti kaldırın.", + "Maintenance_Tool_clearSourceFields_selected": "", + "Maintenance_Tool_clearSourceFields_selected_noti": "", + "Maintenance_Tool_clearSourceFields_selected_text": "", "Maintenance_Tool_darkmode": "Modları Değiştir (Koyu/Açık)", "Maintenance_Tool_darkmode_noti": "Modları Aç/Kapat", "Maintenance_Tool_darkmode_noti_text": "Tema geçişinden sonra sayfa, değişikliği etkinleştirmek için kendini yeniden yüklemeye çalışır. Gerekirse, önbellek temizlenmelidir.", @@ -449,6 +460,7 @@ "Maintenance_Tool_del_unknowndev_noti": "(Bilinmeyen) Cihazları Sil", "Maintenance_Tool_del_unknowndev_noti_text": "Tüm (bilinmeyen) ve (ad bulunamadı) cihazları silmek istediğinizden emin misiniz?", "Maintenance_Tool_del_unknowndev_text": "Bu işlevi kullanmadan önce lütfen bir yedekleme yapın. Silme işlemi geri alınamaz. (Bilinmeyen) adlı tüm cihazlar veritabanından silinecektir.", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "", "Maintenance_Tool_displayed_columns_text": "Sütunların görünürlüğünü ve sırasını değiştirme Aygıtları sayfa.", "Maintenance_Tool_drag_me": "Sütunları yeniden sıralamak için beni sürükleyin.", "Maintenance_Tool_order_columns_text": "Maintenance_Tool_order_columns_text", @@ -460,6 +472,8 @@ "Maintenance_Tool_restore_noti": "Veritabanı Geri Yükleme", "Maintenance_Tool_restore_noti_text": "Veritabanı Geri Yükleme'yi yürütmek istediğinizden emin misiniz? Şu anda hiçbir taramanın çalışmadığından emin olun.", "Maintenance_Tool_restore_text": "En son yedekleme düğme aracılığıyla geri yüklenebilir, ancak eski yedeklemeler yalnızca manuel olarak geri yüklenebilir. Geri yüklemeden sonra, yedekleme oluşturulduğunda veritabanı'nın şu anda yazma erişiminde olması durumunda, güvenlik için veritabanında bir bütünlük kontrolü yapın.", + "Maintenance_Tool_unlockFields_selecteddev": "", + "Maintenance_Tool_unlockFields_selecteddev_noti": "", "Maintenance_Tool_upgrade_database_noti": "Veritabanını yükseltme", "Maintenance_Tool_upgrade_database_noti_text": "Veritabanını yükseltmek istediğinizden emin misiniz?
(belki arşivlemeyi tercih edersiniz)", "Maintenance_Tool_upgrade_database_text": "Bu düğme, son 12 saatteki Ağ etkinliği grafiğini etkinleştirmek için veritabanını yükseltir. Sorun olması durumunda lütfen veritabanınızı yedekleyin.", diff --git a/front/php/templates/language/uk_ua.json b/front/php/templates/language/uk_ua.json index 66475545..fffbddc8 100644 --- a/front/php/templates/language/uk_ua.json +++ b/front/php/templates/language/uk_ua.json @@ -98,10 +98,10 @@ "DevDetail_MainInfo_Network": " Вузол (MAC)", "DevDetail_MainInfo_Network_Port": " Порт", "DevDetail_MainInfo_Network_Site": "Сайт", - "DevDetail_MainInfo_Network_Title": "Мережа", + "DevDetail_MainInfo_Network_Title": "Деталі мережі", "DevDetail_MainInfo_Owner": "Власник", "DevDetail_MainInfo_SSID": "SSID", - "DevDetail_MainInfo_Title": "Основна інформація", + "DevDetail_MainInfo_Title": "Інформація про пристрій", "DevDetail_MainInfo_Type": "Тип", "DevDetail_MainInfo_Vendor": "Продавець", "DevDetail_MainInfo_mac": "MAC", @@ -198,15 +198,15 @@ "DevDetail_button_Save": "Зберегти", "DeviceEdit_ValidMacIp": "Введіть дійсну адресу Mac та IP.", "Device_MultiEdit": "Мультиредагування", - "Device_MultiEdit_Backup": "Обережно, введення неправильних значень нижче призведе до порушення роботи налаштувань. Спочатку створіть резервну копію бази даних або конфігурації пристроїв (натисніть, щоб завантажити ). Прочитайте, як відновити пристрої з цього файлу, у документації щодо резервних копій. Щоб застосувати зміни, натисніть значок Зберегти у кожному полі, яке потрібно оновити.", + "Device_MultiEdit_Backup": "Обережно, введення неправильних значень нижче призведе до порушення роботи налаштувань. Спочатку створіть резервну копію бази даних або конфігурації пристроїв (натисніть, щоб завантажити ). Прочитайте, як відновити пристрої з цього файлу, у документації щодо резервних копій. Щоб застосувати зміни, натисніть значок Зберегти у кожному полі, яке потрібно оновити.", "Device_MultiEdit_Fields": "Редагувати поля:", "Device_MultiEdit_MassActions": "Масові акції:", "Device_MultiEdit_No_Devices": "Не вибрано жодного пристрою.", "Device_MultiEdit_Tooltip": "Обережно. Якщо натиснути це, значення зліва буде застосовано до всіх пристроїв, вибраних вище.", - "Device_Save_Failed": "", - "Device_Save_Unauthorized": "", - "Device_Saved_Success": "", - "Device_Saved_Unexpected": "", + "Device_Save_Failed": "Не вдалося зберегти пристрій", + "Device_Save_Unauthorized": "Неавторизовано – недійсний токен API", + "Device_Saved_Success": "Пристрій успішно збережено", + "Device_Saved_Unexpected": "Оновлення пристрою повернуло неочікувану відповідь", "Device_Searchbox": "Пошук", "Device_Shortcut_AllDevices": "Мої пристрої", "Device_Shortcut_AllNodes": "Усі вузли", @@ -226,6 +226,8 @@ "Device_TableHead_FirstSession": "Перша сесія", "Device_TableHead_GUID": "GUID", "Device_TableHead_Group": "Група", + "Device_TableHead_IPv4": "", + "Device_TableHead_IPv6": "", "Device_TableHead_Icon": "Значок", "Device_TableHead_LastIP": "Останній IP", "Device_TableHead_LastIPOrder": "Останнє замовлення IP", @@ -249,6 +251,7 @@ "Device_TableHead_SyncHubNodeName": "Вузол синхронізації", "Device_TableHead_Type": "Тип", "Device_TableHead_Vendor": "Продавець", + "Device_TableHead_Vlan": "", "Device_Table_Not_Network_Device": "Не налаштовано як мережевий пристрій", "Device_Table_info": "Показано від _START_ до _END_ із _TOTAL_ записів", "Device_Table_nav_next": "Далі", @@ -296,13 +299,14 @@ "Events_Tablelenght": "Показати записи _МЕНЮ_", "Events_Tablelenght_all": "Все", "Events_Title": "Події", - "FakeMAC_hover": "Автоматично виявлено – вказує, чи пристрій використовує ПІДРОБНУ MAC-адресу (що починається з FA:CE або 00:1A), зазвичай згенеровану плагіном, який не може визначити справжню MAC-адресу, або під час створення фіктивного пристрою.", - "FieldLock_Error": "", - "FieldLock_Lock_Tooltip": "", - "FieldLock_Locked": "", - "FieldLock_Source_Label": "", - "FieldLock_Unlock_Tooltip": "", - "FieldLock_Unlocked": "", + "FakeMAC_hover": "Цей пристрій має підроблену MAC-адресу", + "FieldLock_Error": "Помилка оновлення стану блокування поля", + "FieldLock_Lock_Tooltip": "Заблокувати поле (запобігти перезапису плагіном)", + "FieldLock_Locked": "Поле заблоковано", + "FieldLock_SaveBeforeLocking": "Збережіть зміни перед блокуванням", + "FieldLock_Source_Label": "Джерело: ", + "FieldLock_Unlock_Tooltip": "Поле розблокування (дозволити перезапис плагіна)", + "FieldLock_Unlocked": "Поле розблоковано", "GRAPHQL_PORT_description": "Номер порту сервера GraphQL. Переконайтеся, що порт є унікальним для всіх ваших програм на цьому хості та екземплярах NetAlertX.", "GRAPHQL_PORT_name": "Порт GraphQL", "Gen_Action": "Дія", @@ -410,6 +414,10 @@ "Maintenance_Tool_ImportPastedConfig": "Імпорт налаштувань (вставити)", "Maintenance_Tool_ImportPastedConfig_noti_text": "Ви впевнені, що бажаєте імпортувати вставлені налаштування конфігурації? Це повністю перезапише файл app.conf.", "Maintenance_Tool_ImportPastedConfig_text": "Імпортує файл app.conf, який містить усі налаштування програми. Ви можете спочатку завантажити поточний файл app.conf за допомогою Експорту налаштувань.", + "Maintenance_Tool_UnlockFields": "Очистити всі джерела пристроїв", + "Maintenance_Tool_UnlockFields_noti": "Очистити всі джерела пристроїв", + "Maintenance_Tool_UnlockFields_noti_text": "Ви впевнені, що хочете очистити всі вихідні значення (ЗАБЛОКОВАНО/КОРИСТУВАЧ) для всіх полів пристрою на всіх пристроях? Цю дію не можна скасувати.", + "Maintenance_Tool_UnlockFields_text": "Цей інструмент видалить усі вихідні значення з кожного відстежуваного поля для всіх пристроїв, фактично розблокувавши всі поля для плагінів та користувачів. Використовуйте це з обережністю, оскільки це вплине на весь ваш інвентар пристроїв.", "Maintenance_Tool_arpscansw": "Перемикач arp-сканування (увімк./вимк.)", "Maintenance_Tool_arpscansw_noti": "Увімкніть або вимкніть arp-Scan", "Maintenance_Tool_arpscansw_noti_text": "Коли сканування було вимкнено, воно залишається вимкненим, доки не буде активовано знову.", @@ -419,6 +427,9 @@ "Maintenance_Tool_backup_noti_text": "Ви впевнені, що хочете виконати резервне копіювання БД? Переконайтеся, що сканування наразі не виконується.", "Maintenance_Tool_backup_text": "Резервні копії бази даних зберігаються в каталозі бази даних у вигляді zip-архіву з датою створення. Немає максимальної кількості резервних копій.", "Maintenance_Tool_check_visible": "Зніміть прапорець, щоб приховати стовпець.", + "Maintenance_Tool_clearSourceFields_selected": "", + "Maintenance_Tool_clearSourceFields_selected_noti": "", + "Maintenance_Tool_clearSourceFields_selected_text": "", "Maintenance_Tool_darkmode": "Перемикати режими (темний/світлий)", "Maintenance_Tool_darkmode_noti": "Перемикати режими", "Maintenance_Tool_darkmode_noti_text": "Після перемикання теми сторінка намагається перезавантажитися, щоб активувати зміну. При необхідності необхідно очистити кеш.", @@ -449,6 +460,7 @@ "Maintenance_Tool_del_unknowndev_noti": "Видалити (невідомі) пристрої", "Maintenance_Tool_del_unknowndev_noti_text": "Ви впевнені, що бажаєте видалити всі пристрої (невідомо) і (ім’я не знайдено)?", "Maintenance_Tool_del_unknowndev_text": "Перед використанням цієї функції зробіть резервну копію. Видалення не можна скасувати. Усі пристрої з назвами (невідомі) будуть видалені з бази даних.", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "Це розблокує поля ЗАБЛОКОВАНО/КОРИСТНИК вибраних пристроїв. Цю дію не можна скасувати.", "Maintenance_Tool_displayed_columns_text": "Змініть видимість і порядок стовпців на сторінці Пристрої.", "Maintenance_Tool_drag_me": "Перетягніть мене, щоб змінити порядок стовпців.", "Maintenance_Tool_order_columns_text": "Maintenance _Tool_order_columns_text", @@ -460,6 +472,8 @@ "Maintenance_Tool_restore_noti": "Відновлення БД", "Maintenance_Tool_restore_noti_text": "Ви впевнені, що хочете виконати відновлення БД? Переконайтеся, що сканування наразі не виконується.", "Maintenance_Tool_restore_text": "Останню резервну копію можна відновити за допомогою кнопки, але старіші резервні копії можна відновити лише вручну. Після відновлення зробіть перевірку цілісності бази даних для безпеки, якщо на момент створення резервної копії база даних мала доступ для запису.", + "Maintenance_Tool_unlockFields_selecteddev": "Розблокувати поля пристрою", + "Maintenance_Tool_unlockFields_selecteddev_noti": "Розблокувати поля", "Maintenance_Tool_upgrade_database_noti": "Оновлення бази даних", "Maintenance_Tool_upgrade_database_noti_text": "Ви впевнені, що бажаєте оновити базу даних?
(можливо, ви віддаєте перевагу заархівувати її)", "Maintenance_Tool_upgrade_database_text": "Ця кнопка оновить базу даних, щоб увімкнути графік активності мережі за останні 12 годин. Будь ласка, створіть резервну копію вашої бази даних на випадок проблем.", @@ -601,7 +615,7 @@ "REPORT_MAIL_description": "Якщо ввімкнено, електронною поштою буде надіслано список змін, на які ви підписалися. Будь ласка, також заповніть усі інші налаштування, пов’язані з налаштуванням SMTP нижче. Якщо виникли проблеми, установіть LOG_LEVEL на debug і перевірте журнал помилок.", "REPORT_MAIL_name": "Увімкнути електронну пошту", "REPORT_TITLE": "Звіт", - "RandomMAC_hover": "Автоматично визначено – вказує, чи пристрій рандомізує свою MAC-адресу. Ви можете виключити певні MAC-адреси за допомогою параметра UI_NOT_RANDOM_MAC. Натисніть, щоб дізнатися більше.", + "RandomMAC_hover": "Цей пристрій має випадкову MAC-адресу", "Reports_Sent_Log": "Журнал надісланих звітів", "SCAN_SUBNETS_description": "Більшість мережевих сканерів (ARP-SCAN, NMAP, NSLOOKUP, DIG) покладаються на сканування конкретних мережевих інтерфейсів і підмереж. Перегляньте документацію підмереж, щоб отримати допомогу щодо цього налаштування, особливо VLAN, які VLAN підтримуються або як визначити маску мережі та ваш інтерфейс.

Альтернативою мережевим сканерам є ввімкнення деяких інших сканерів/імпортерів пристроїв, які не покладаються на доступ NetAlertX до мережі (UNIFI, dhcp.leases , PiHole тощо).

Примітка. Сам час сканування залежить від кількості IP-адрес, які потрібно перевірити, тому ретельно налаштуйте це за допомогою відповідної маски мережі та інтерфейсу.", "SCAN_SUBNETS_name": "Мережі для сканування", @@ -609,7 +623,7 @@ "Setting_Override": "Перевизначати значення", "Setting_Override_Description": "Якщо ввімкнути цю опцію, значення за умовчанням, надане програмою, буде замінено значенням, указаним вище.", "Settings_Metadata_Toggle": "Показати/сховати метадані для вказаного параметра.", - "Settings_Show_Description": "Показати опис налаштування.", + "Settings_Show_Description": "Показати опис", "Settings_device_Scanners_desync": "⚠ Розклади сканування пристрою не синхронізовані.", "Settings_device_Scanners_desync_popup": "Розклади сканерів пристроїв (*_RUN_SCHD) не однакові. Це призведе до непослідовних сповіщень пристрою онлайн/офлайн. Якщо це не передбачено, використовуйте той самий розклад для всіх увімкнених 🔍сканерів пристроїв.", "Speedtest_Results": "Результати Speedtest", @@ -775,4 +789,4 @@ "settings_system_label": "Система", "settings_update_item_warning": "Оновіть значення нижче. Слідкуйте за попереднім форматом. Перевірка не виконана.", "test_event_tooltip": "Перш ніж перевіряти налаштування, збережіть зміни." -} \ No newline at end of file +} diff --git a/front/php/templates/language/zh_cn.json b/front/php/templates/language/zh_cn.json index 9fd4fda7..4d3b2683 100644 --- a/front/php/templates/language/zh_cn.json +++ b/front/php/templates/language/zh_cn.json @@ -27,8 +27,8 @@ "AppEvents_ObjectType": "对象类型", "AppEvents_Plugin": "插件", "AppEvents_Type": "类型", - "BACKEND_API_URL_description": "", - "BACKEND_API_URL_name": "", + "BACKEND_API_URL_description": "用于生成后端API URL。如果您使用反向代理映射到您的GRAPHQL_PORT,请指定。请输入以http://开头的完整URL,包括端口号(末尾不带斜杠/)。", + "BACKEND_API_URL_name": "后端 API 网址", "BackDevDetail_Actions_Ask_Run": "您要执行此操作吗?", "BackDevDetail_Actions_Not_Registered": "未注册的操作: ", "BackDevDetail_Actions_Title_Run": "运行动作", @@ -98,10 +98,10 @@ "DevDetail_MainInfo_Network": " 节点 (MAC)", "DevDetail_MainInfo_Network_Port": " 端口", "DevDetail_MainInfo_Network_Site": "地点", - "DevDetail_MainInfo_Network_Title": "网络", + "DevDetail_MainInfo_Network_Title": "网络 详情", "DevDetail_MainInfo_Owner": "所有者", "DevDetail_MainInfo_SSID": "SSID", - "DevDetail_MainInfo_Title": "主要信息", + "DevDetail_MainInfo_Title": "设备信息", "DevDetail_MainInfo_Type": "类型", "DevDetail_MainInfo_Vendor": "制造商", "DevDetail_MainInfo_mac": "MAC", @@ -198,15 +198,15 @@ "DevDetail_button_Save": "保存", "DeviceEdit_ValidMacIp": "请输入有效的MacIP地址。", "Device_MultiEdit": "编辑", - "Device_MultiEdit_Backup": "小心,输入错误的值将破坏您的设置。请先备份您的数据库或设备配置(点击下载)。在备份文档中了解如何从此文件恢复设备。要应用更改,请在每个需要更新的字段点击保存图标。", + "Device_MultiEdit_Backup": "小心,输入错误的值将破坏您的设置。请先备份您的数据库或设备配置(点击下载)。在备份文档中了解如何从此文件恢复设备。要应用更改,请在每个需要更新的字段点击保存图标。", "Device_MultiEdit_Fields": "编辑:", "Device_MultiEdit_MassActions": "谨慎操作:", "Device_MultiEdit_No_Devices": "未选择设备。", "Device_MultiEdit_Tooltip": "小心。 单击此按钮会将左侧的值应用到上面选择的所有设备。", - "Device_Save_Failed": "", - "Device_Save_Unauthorized": "", - "Device_Saved_Success": "", - "Device_Saved_Unexpected": "", + "Device_Save_Failed": "保存设备失败", + "Device_Save_Unauthorized": "未授权 - API 令牌无效", + "Device_Saved_Success": "设备保存成功", + "Device_Saved_Unexpected": "设备更新返回了一个意外的响应", "Device_Searchbox": "搜索", "Device_Shortcut_AllDevices": "我的设备", "Device_Shortcut_AllNodes": "全部节点", @@ -226,6 +226,8 @@ "Device_TableHead_FirstSession": "加入", "Device_TableHead_GUID": "GUID", "Device_TableHead_Group": "组", + "Device_TableHead_IPv4": "IPv4", + "Device_TableHead_IPv6": "IPv6", "Device_TableHead_Icon": "图标", "Device_TableHead_LastIP": "上次 IP", "Device_TableHead_LastIPOrder": "上次 IP 排序", @@ -249,6 +251,7 @@ "Device_TableHead_SyncHubNodeName": "同步节点", "Device_TableHead_Type": "类型", "Device_TableHead_Vendor": "制造商", + "Device_TableHead_Vlan": "VLAN", "Device_Table_Not_Network_Device": "未配置为网络设备", "Device_Table_info": "显示第_START_至 END_条_共_TOTAL_条", "Device_Table_nav_next": "下一页", @@ -296,13 +299,14 @@ "Events_Tablelenght": "显示_MENU_条", "Events_Tablelenght_all": "全部", "Events_Title": "事件", - "FakeMAC_hover": "", - "FieldLock_Error": "", - "FieldLock_Lock_Tooltip": "", - "FieldLock_Locked": "", - "FieldLock_Source_Label": "", - "FieldLock_Unlock_Tooltip": "", - "FieldLock_Unlocked": "", + "FakeMAC_hover": "该设备具有伪造/欺骗的 MAC 地址", + "FieldLock_Error": "更新字段锁定状态时出错", + "FieldLock_Lock_Tooltip": "锁定字段(防止插件覆盖)", + "FieldLock_Locked": "字段锁定", + "FieldLock_SaveBeforeLocking": "在锁定之前请先保存您的更改", + "FieldLock_Source_Label": "出自: ", + "FieldLock_Unlock_Tooltip": "解锁字段(允许插件覆盖)", + "FieldLock_Unlocked": "字段解锁", "GRAPHQL_PORT_description": "GraphQL服务器的端口号。请确保该端口在该主机和 NetAlertX 实例上的所有应用程序中都是唯一的。", "GRAPHQL_PORT_name": "GraphQL端口", "Gen_Action": "动作", @@ -324,7 +328,7 @@ "Gen_Filter": "筛选", "Gen_Generate": "生成", "Gen_InvalidMac": "无效的 Mac 地址。", - "Gen_Invalid_Value": "", + "Gen_Invalid_Value": "输入了无效的值", "Gen_LockedDB": "错误 - DB 可能被锁定 - 检查 F12 开发工具 -> 控制台或稍后重试。", "Gen_NetworkMask": "网络掩码", "Gen_Offline": "离线", @@ -398,7 +402,7 @@ "Maintenance_Tool_ExportCSV": "设备导出(csv)", "Maintenance_Tool_ExportCSV_noti": "设备导出(csv)", "Maintenance_Tool_ExportCSV_noti_text": "您确定要生成 CSV 文件吗?", - "Maintenance_Tool_ExportCSV_text": "生成一个 CSV(逗号分隔值)文件,其中包含设备列表,包括网络节点和连接设备之间的网络关系。您也可以通过访问此 URL your NetAlertX url/php/server/devices.php?action=ExportCSV 或启用 CSV Backup 插件来触发此功能。", + "Maintenance_Tool_ExportCSV_text": "生成一个 CSV(逗号分隔值)文件,其中包含设备列表,包括网络节点和连接设备之间的网络关系。您也可以启用 CSV Backup 插件来触发此功能。", "Maintenance_Tool_ImportCSV": "设备导入(csv)", "Maintenance_Tool_ImportCSV_noti": "设备导入(csv)", "Maintenance_Tool_ImportCSV_noti_text": "您确定要导入 CSV 文件吗?这将完全覆盖数据库中的设备。", @@ -410,6 +414,10 @@ "Maintenance_Tool_ImportPastedConfig": "设置导入(粘贴)", "Maintenance_Tool_ImportPastedConfig_noti_text": "您确认要导入粘贴的设置吗?这会完全覆盖app.conf的内容。", "Maintenance_Tool_ImportPastedConfig_text": "导入包含所有应用程序设置的app.conf文件。建议先通过设置导出功能下载当前的app.conf文件。", + "Maintenance_Tool_UnlockFields": "清除所有设备来源", + "Maintenance_Tool_UnlockFields_noti": "清除所有设备来源", + "Maintenance_Tool_UnlockFields_noti_text": "您确定要清除所有设备字段(锁定/用户)的所有源值吗?(请注意:此操作将永久删除这些值,无法恢复)这一行为无法挽回。", + "Maintenance_Tool_UnlockFields_text": "此工具将从所有设备的每个跟踪字段中删除所有原始数据,从而为插件和用户完全解锁所有字段。请谨慎使用,因为这将影响您整个设备的库存情况。", "Maintenance_Tool_arpscansw": "切换 arp 扫描(开/关)", "Maintenance_Tool_arpscansw_noti": "打开或关闭 arp 扫描", "Maintenance_Tool_arpscansw_noti_text": "当扫描关闭时,它会保持关闭状态,直到再次激活为止。", @@ -419,6 +427,9 @@ "Maintenance_Tool_backup_noti_text": "您确定要执行数据库备份吗?请确保当前没有正在运行的扫描。", "Maintenance_Tool_backup_text": "数据库备份以 zip 存档形式位于数据库目录中,以创建日期命名。备份数量没有上限。", "Maintenance_Tool_check_visible": "取消选择隐藏列。", + "Maintenance_Tool_clearSourceFields_selected": "", + "Maintenance_Tool_clearSourceFields_selected_noti": "", + "Maintenance_Tool_clearSourceFields_selected_text": "", "Maintenance_Tool_darkmode": "切换模式(暗/亮)", "Maintenance_Tool_darkmode_noti": "切换模式", "Maintenance_Tool_darkmode_noti_text": "主题切换后,页面会尝试重新加载以激活更改。如有必要,必须清除缓存。", @@ -449,6 +460,7 @@ "Maintenance_Tool_del_unknowndev_noti": "删除(未知)设备", "Maintenance_Tool_del_unknowndev_noti_text": "您确定要删除所有(未知)和(未找到名称)设备吗?", "Maintenance_Tool_del_unknowndev_text": "使用此功能前,请先备份。删除操作不可撤销。所有名为 (未知) 的设备都将从数据库中删除。", + "Maintenance_Tool_del_unlockFields_selecteddev_text": "这将解除所选设备的“锁定/用户”字段的锁定状态。这一行为无法挽回。", "Maintenance_Tool_displayed_columns_text": "更改设备页面中列的可见性和顺序。", "Maintenance_Tool_drag_me": "拖动我来对列进行重新排序。", "Maintenance_Tool_order_columns_text": "Maintenance_Tool_order_columns_text", @@ -460,6 +472,8 @@ "Maintenance_Tool_restore_noti": "数据库恢复", "Maintenance_Tool_restore_noti_text": "您确定要执行数据库恢复吗?请确保当前没有正在运行的扫描。", "Maintenance_Tool_restore_text": "最新备份可通过按钮恢复,但旧备份只能手动恢复。恢复后,请对数据库进行完整性检查以确保安全,以防创建备份时数据库当前处于写访问状态。", + "Maintenance_Tool_unlockFields_selecteddev": "解锁设备字段", + "Maintenance_Tool_unlockFields_selecteddev_noti": "解锁字段", "Maintenance_Tool_upgrade_database_noti": "升级数据库", "Maintenance_Tool_upgrade_database_noti_text": "您确定要升级数据库吗?
(也许您更愿意将其存档)", "Maintenance_Tool_upgrade_database_text": "此按钮将升级数据库以启用过去 12 小时的网络活动图表。请备份您的数据库以防出现问题。", @@ -601,7 +615,7 @@ "REPORT_MAIL_description": "如果启用,则会发送一封电子邮件,其中包含您已订阅的更改列表。还请填写以下与 SMTP 设置相关的所有剩余设置。如果遇到问题,请将 LOG_LEVEL 设置为 debug 并检查错误日志。", "REPORT_MAIL_name": "启用email", "REPORT_TITLE": "报告", - "RandomMAC_hover": "自动检测 - 表示设备是否随机化其 MAC 地址。您可通过 UI_NOT_RANDOM_MAC 设置排除特定MAC地址。点击了解更多。", + "RandomMAC_hover": "该设备具有随机的MAC地址", "Reports_Sent_Log": "已发送报告日志", "SCAN_SUBNETS_description": "大多数网络扫描器(ARP-SCAN、NMAP、NSLOOKUP、DIG)依赖于扫描特定的网络接口和子网。查看子网文档以获取有关此设置的帮助,尤其是 VLAN、支持哪些 VLAN,或者如何确定网络掩码和接口。

网络扫描器的替代方法是启用一些其他不依赖于 NetAlertX 访问网络的设备扫描器/导入器(UNIFI、dhcp.leases、PiHole 等)。

注意:扫描时间本身取决于要检查的 IP 地址数量,因此请使用适当的网络掩码和接口仔细设置。", "SCAN_SUBNETS_name": "待扫描网络", @@ -609,7 +623,7 @@ "Setting_Override": "覆盖值", "Setting_Override_Description": "启用此选项将用上面指定的值覆盖应用程序提供的默认值。", "Settings_Metadata_Toggle": "显示/隐藏给定设置的元数据。", - "Settings_Show_Description": "显示设置描述。", + "Settings_Show_Description": "显示设置描述", "Settings_device_Scanners_desync": "⚠ 设备扫描计划不同步。", "Settings_device_Scanners_desync_popup": "设备扫描 (*_RUN_SCHD) 的时间表并不相同。这将导致设备在线/离线通知不一致。除非有意为之,否则请对所有启用的 🔍设备扫描 使用相同的时间表。", "Speedtest_Results": "Speedtest 结果", @@ -749,7 +763,7 @@ "run_event_tooltip": "在运行之前,请先启用设置并保存更改。", "select_icon_event_tooltip": "选择图标", "settings_core_icon": "fa-solid fa-gem", - "settings_core_label": "核", + "settings_core_label": "主要", "settings_device_scanners": "设备扫描器用于发现写入当前扫描数据库表的设备。", "settings_device_scanners_icon": "fa-solid fa-magnifying-glass-plus", "settings_device_scanners_info": "使用 LOADED_PLUGINS 设置加载更多设备扫描仪", @@ -775,4 +789,4 @@ "settings_system_label": "系统", "settings_update_item_warning": "更新下面的值。请注意遵循先前的格式。未执行验证。", "test_event_tooltip": "在测试设置之前,请先保存更改。" -} \ No newline at end of file +} diff --git a/front/plugins/__template/config.json b/front/plugins/__template/config.json index f2dfd28a..12617d70 100755 --- a/front/plugins/__template/config.json +++ b/front/plugins/__template/config.json @@ -419,7 +419,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-3", "show": true, "type": "device_name_mac", @@ -435,7 +435,7 @@ }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", @@ -451,7 +451,7 @@ }, { "column": "Watched_Value1", - "mapped_to_column": "cur_Name", + "mapped_to_column": "scanName", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -467,7 +467,7 @@ }, { "column": "Watched_Value2", - "mapped_to_column": "cur_Vendor", + "mapped_to_column": "scanVendor", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -483,7 +483,7 @@ }, { "column": "Watched_Value3", - "mapped_to_column": "cur_Type", + "mapped_to_column": "scanType", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -514,7 +514,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "Example Plugin" }, diff --git a/front/plugins/__template/rename_me.py b/front/plugins/__template/rename_me.py index 18c2d072..b9f43e56 100755 --- a/front/plugins/__template/rename_me.py +++ b/front/plugins/__template/rename_me.py @@ -51,8 +51,8 @@ def main(): # "database_column_definitions": [ # { # "column": "Object_PrimaryID", <--------- the value I save into primaryId - # "mapped_to_column": "cur_MAC", <--------- gets inserted into the CurrentScan DB - # table column cur_MAC + # "mapped_to_column": "scanMac", <--------- gets inserted into the CurrentScan DB + # table column scanMac # for device in device_data: plugin_objects.add_object( diff --git a/front/plugins/adguard_import/config.json b/front/plugins/adguard_import/config.json index 5fb46a88..f4df3377 100644 --- a/front/plugins/adguard_import/config.json +++ b/front/plugins/adguard_import/config.json @@ -323,7 +323,9 @@ "default_value": ["devMac", "devLastIP"], "options": [ "devMac", - "devLastIP" + "devLastIP", + "devType", + "devName" ], "localized": ["name", "description"], "name": [ @@ -392,7 +394,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-3", "show": true, "type": "device_name_mac", @@ -408,7 +410,7 @@ }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", @@ -424,7 +426,7 @@ }, { "column": "Watched_Value1", - "mapped_to_column": "cur_Name", + "mapped_to_column": "scanName", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -440,7 +442,7 @@ }, { "column": "Watched_Value2", - "mapped_to_column": "cur_Type", + "mapped_to_column": "scanType", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -486,7 +488,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "Example Plugin" }, diff --git a/front/plugins/arp_scan/config.json b/front/plugins/arp_scan/config.json index 2c342e5e..98beb02e 100755 --- a/front/plugins/arp_scan/config.json +++ b/front/plugins/arp_scan/config.json @@ -500,7 +500,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-3", "show": true, "type": "device_name_mac", @@ -516,7 +516,7 @@ }, { "column": "Watched_Value1", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", @@ -532,7 +532,7 @@ }, { "column": "Watched_Value2", - "mapped_to_column": "cur_Vendor", + "mapped_to_column": "scanVendor", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -556,7 +556,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "ARPSCAN" }, diff --git a/front/plugins/asuswrt_import/config.json b/front/plugins/asuswrt_import/config.json index bd165e32..0135ab20 100755 --- a/front/plugins/asuswrt_import/config.json +++ b/front/plugins/asuswrt_import/config.json @@ -129,7 +129,8 @@ } ] }, - { "function": "SET_ALWAYS", + { + "function": "SET_ALWAYS", "type": { "dataType": "array", "elements": [ @@ -143,7 +144,9 @@ "default_value": ["devMac", "devLastIP"], "options": [ "devMac", - "devLastIP" + "devLastIP", + "devName", + "devVendor" ], "localized": ["name", "description"], "name": [ @@ -451,7 +454,7 @@ "localized": [ "name" ], - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "name": [ { "language_code": "en_us", @@ -477,7 +480,7 @@ "localized": [ "name" ], - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "name": [ { "language_code": "en_us", @@ -503,7 +506,7 @@ "localized": [ "name" ], - "mapped_to_column": "cur_Name", + "mapped_to_column": "scanName", "name": [ { "language_code": "en_us", @@ -524,7 +527,7 @@ }, { "column": "Watched_Value2", - "mapped_to_column": "cur_Vendor", + "mapped_to_column": "scanVendor", "css_classes": "col-sm-2", "default_value": "", "localized": [ @@ -550,7 +553,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "ASUSWRT" }, diff --git a/front/plugins/avahi_scan/config.json b/front/plugins/avahi_scan/config.json index 770e2541..d588e64d 100755 --- a/front/plugins/avahi_scan/config.json +++ b/front/plugins/avahi_scan/config.json @@ -225,6 +225,68 @@ "string": "Maximum time per device scan in seconds to wait for the script to finish. If this time is exceeded the script is aborted." } ] + }, + { + "function": "SET_ALWAYS", + "type": { + "dataType": "array", + "elements": [ + { + "elementType": "select", + "elementOptions": [{ "multiple": "true", "ordeable": "true"}], + "transformers": [] + } + ] + }, + "default_value": ["devFQDN"], + "options": [ + "devFQDN", + "devName" + ], + "localized": ["name", "description"], + "name": [ + { + "language_code": "en_us", + "string": "Set always columns" + } + ], + "description": [ + { + "language_code": "en_us", + "string": "These columns are treated as authoritative and will overwrite existing values, including those set by other plugins, unless the current value was explicitly set by the user (Source = USER or Source = LOCKED)." + } + ] + }, + { + "function": "SET_EMPTY", + "type": { + "dataType": "array", + "elements": [ + { + "elementType": "select", + "elementOptions": [{ "multiple": "true", "ordeable": "true" }], + "transformers": [] + } + ] + }, + "default_value": [], + "options": [ + "devFQDN", + "devName" + ], + "localized": ["name", "description"], + "name": [ + { + "language_code": "en_us", + "string": "Set empty columns" + } + ], + "description": [ + { + "language_code": "en_us", + "string": "These columns are only overwritten if they are empty (NULL / empty string) or if their Source is set to NEWDEV" + } + ] } ], "database_column_definitions": [ diff --git a/front/plugins/ddns_update/script.py b/front/plugins/ddns_update/script.py index 39bdade4..c25526a1 100755 --- a/front/plugins/ddns_update/script.py +++ b/front/plugins/ddns_update/script.py @@ -81,14 +81,14 @@ def ddns_update(DDNS_UPDATE_URL, DDNS_USER, DDNS_PASSWORD, DDNS_DOMAIN, PREV_IP) # plugin_objects = Plugin_Objects(RESULT_FILE) # plugin_objects.add_object( - # primaryId = 'Internet', # MAC (Device Name) + # primaryId = 'internet', # MAC (Device Name) # secondaryId = new_internet_IP, # IP Address # watched1 = f'Previous IP: {PREV_IP}', # watched2 = '', # watched3 = '', # watched4 = '', # extra = f'Previous IP: {PREV_IP}', - # foreignKey = 'Internet') + # foreignKey = 'internet') # plugin_objects.write_result_file() diff --git a/front/plugins/dhcp_leases/config.json b/front/plugins/dhcp_leases/config.json index 8735c46e..70adb612 100755 --- a/front/plugins/dhcp_leases/config.json +++ b/front/plugins/dhcp_leases/config.json @@ -103,7 +103,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-2", "show": true, "type": "device_mac", @@ -127,7 +127,7 @@ }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", @@ -174,7 +174,7 @@ }, { "column": "DateTimeChanged", - "mapped_to_column": "cur_DateTime", + "mapped_to_column": "scanLastConnection", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -221,7 +221,7 @@ }, { "column": "Watched_Value2", - "mapped_to_column": "cur_Name", + "mapped_to_column": "scanName", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -337,7 +337,7 @@ }, { "column": "ScanMethod", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "DHCPLSS" }, diff --git a/front/plugins/dig_scan/config.json b/front/plugins/dig_scan/config.json index 7a4d2820..8729f9a5 100755 --- a/front/plugins/dig_scan/config.json +++ b/front/plugins/dig_scan/config.json @@ -233,6 +233,68 @@ "string": "Maximale Zeit in Sekunden, die auf den Abschluss des Skripts gewartet werden soll. Bei Überschreitung dieser Zeit wird das Skript abgebrochen." } ] + }, + { + "function": "SET_ALWAYS", + "type": { + "dataType": "array", + "elements": [ + { + "elementType": "select", + "elementOptions": [{ "multiple": "true", "ordeable": "true"}], + "transformers": [] + } + ] + }, + "default_value": ["devFQDN"], + "options": [ + "devFQDN", + "devName" + ], + "localized": ["name", "description"], + "name": [ + { + "language_code": "en_us", + "string": "Set always columns" + } + ], + "description": [ + { + "language_code": "en_us", + "string": "These columns are treated as authoritative and will overwrite existing values, including those set by other plugins, unless the current value was explicitly set by the user (Source = USER or Source = LOCKED)." + } + ] + }, + { + "function": "SET_EMPTY", + "type": { + "dataType": "array", + "elements": [ + { + "elementType": "select", + "elementOptions": [{ "multiple": "true", "ordeable": "true" }], + "transformers": [] + } + ] + }, + "default_value": [], + "options": [ + "devFQDN", + "devName" + ], + "localized": ["name", "description"], + "name": [ + { + "language_code": "en_us", + "string": "Set empty columns" + } + ], + "description": [ + { + "language_code": "en_us", + "string": "These columns are only overwritten if they are empty (NULL / empty string) or if their Source is set to NEWDEV" + } + ] } ], "database_column_definitions": [ diff --git a/front/plugins/freebox/config.json b/front/plugins/freebox/config.json index bb63a858..9ab39ec6 100755 --- a/front/plugins/freebox/config.json +++ b/front/plugins/freebox/config.json @@ -319,7 +319,10 @@ "default_value": ["devMac", "devLastIP"], "options": [ "devMac", - "devLastIP" + "devLastIP", + "devName", + "devVendor", + "devType" ], "localized": ["name", "description"], "name": [ @@ -391,7 +394,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-3", "show": true, "type": "device_name_mac", @@ -409,7 +412,7 @@ }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", @@ -427,7 +430,7 @@ }, { "column": "Watched_Value1", - "mapped_to_column": "cur_Name", + "mapped_to_column": "scanName", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -445,7 +448,7 @@ }, { "column": "Watched_Value2", - "mapped_to_column": "cur_Vendor", + "mapped_to_column": "scanVendor", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -463,7 +466,7 @@ }, { "column": "Watched_Value3", - "mapped_to_column": "cur_Type", + "mapped_to_column": "scanType", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -498,7 +501,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "Freebox" }, diff --git a/front/plugins/icmp_scan/config.json b/front/plugins/icmp_scan/config.json index 59692172..382b8b7f 100755 --- a/front/plugins/icmp_scan/config.json +++ b/front/plugins/icmp_scan/config.json @@ -382,7 +382,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-3", "show": true, "type": "device_name_mac", @@ -400,7 +400,7 @@ }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", @@ -418,7 +418,6 @@ }, { "column": "Watched_Value1", - "mapped_to_column": "cur_Name", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -487,7 +486,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "ICMP" }, diff --git a/front/plugins/internet_ip/config.json b/front/plugins/internet_ip/config.json index ba8ade02..446f30d1 100755 --- a/front/plugins/internet_ip/config.json +++ b/front/plugins/internet_ip/config.json @@ -494,7 +494,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-3", "show": true, "type": "device_name_mac", @@ -518,7 +518,7 @@ }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", @@ -591,7 +591,7 @@ }, { "column": "Watched_Value4", - "mapped_to_column": "cur_Type", + "mapped_to_column": "scanType", "css_classes": "col-sm-2", "show": false, "type": "label", @@ -607,7 +607,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "INTRNT" }, @@ -657,7 +657,7 @@ }, { "column": "DateTimeChanged", - "mapped_to_column": "cur_DateTime", + "mapped_to_column": "scanLastConnection", "css_classes": "col-sm-2", "show": true, "type": "label", diff --git a/front/plugins/internet_ip/script.py b/front/plugins/internet_ip/script.py index ff5d3cea..328341a6 100755 --- a/front/plugins/internet_ip/script.py +++ b/front/plugins/internet_ip/script.py @@ -79,14 +79,14 @@ def main(): plugin_objects = Plugin_Objects(RESULT_FILE) plugin_objects.add_object( - primaryId = 'Internet', # MAC (Device Name) + primaryId = 'internet', # MAC (Device Name) secondaryId = new_internet_IP, # IP Address watched1 = f'Previous IP: {PREV_IP}', watched2 = cmd_output.replace('\n', ''), watched3 = retries_needed, watched4 = 'Gateway', extra = f'Previous IP: {PREV_IP}', - foreignKey = 'Internet' + foreignKey = 'internet' ) plugin_objects.write_result_file() @@ -101,8 +101,8 @@ def main(): # =============================================================================== def check_internet_IP(PREV_IP, DIG_GET_IP_ARG): - # Get Internet IP - mylog('verbose', [f'[{pluginName}] - Retrieving Internet IP']) + # Get internet IP + mylog('verbose', [f'[{pluginName}] - Retrieving internet IP']) internet_IP, cmd_output = get_internet_IP(DIG_GET_IP_ARG) mylog('verbose', [f'[{pluginName}] Current internet_IP : {internet_IP}']) diff --git a/front/plugins/ipneigh/config.json b/front/plugins/ipneigh/config.json index 4bc1ab50..3ba4d08e 100755 --- a/front/plugins/ipneigh/config.json +++ b/front/plugins/ipneigh/config.json @@ -132,7 +132,8 @@ } ] }, - { "function": "SET_ALWAYS", + { + "function": "SET_ALWAYS", "type": { "dataType": "array", "elements": [ @@ -146,7 +147,10 @@ "default_value": ["devMac", "devLastIP"], "options": [ "devMac", - "devLastIP" + "devLastIP", + "devName", + "devVendor", + "devType" ], "localized": ["name", "description"], "name": [ @@ -287,7 +291,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-3", "show": true, "type": "device_name_mac", @@ -305,7 +309,7 @@ }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", @@ -323,7 +327,7 @@ }, { "column": "Watched_Value1", - "mapped_to_column": "cur_Name", + "mapped_to_column": "scanName", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -341,7 +345,7 @@ }, { "column": "Watched_Value2", - "mapped_to_column": "cur_Vendor", + "mapped_to_column": "scanVendor", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -359,7 +363,7 @@ }, { "column": "Watched_Value3", - "mapped_to_column": "cur_Type", + "mapped_to_column": "scanType", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -394,7 +398,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "IPNEIGH" }, diff --git a/front/plugins/luci_import/config.json b/front/plugins/luci_import/config.json index 2eac488c..8b25c24d 100755 --- a/front/plugins/luci_import/config.json +++ b/front/plugins/luci_import/config.json @@ -470,7 +470,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-3", "show": true, "type": "device_name_mac", @@ -490,7 +490,7 @@ }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -549,7 +549,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "LUCIRPC" }, diff --git a/front/plugins/mikrotik_scan/config.json b/front/plugins/mikrotik_scan/config.json index 03d1832d..f3cc3f58 100755 --- a/front/plugins/mikrotik_scan/config.json +++ b/front/plugins/mikrotik_scan/config.json @@ -283,7 +283,8 @@ "default_value": ["devMac", "devLastIP"], "options": [ "devMac", - "devLastIP" + "devLastIP", + "devName" ], "localized": ["name", "description"], "name": [ @@ -351,7 +352,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-3", "show": true, "type": "device_name_mac", @@ -382,7 +383,7 @@ }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", @@ -413,7 +414,7 @@ }, { "column": "Watched_Value2", - "mapped_to_column": "cur_Name", + "mapped_to_column": "scanName", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -474,7 +475,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "MTSCAN" }, diff --git a/front/plugins/nbtscan_scan/config.json b/front/plugins/nbtscan_scan/config.json index b46ae793..48b8a589 100755 --- a/front/plugins/nbtscan_scan/config.json +++ b/front/plugins/nbtscan_scan/config.json @@ -233,6 +233,68 @@ "string": "Maximale Zeit in Sekunden, die auf den Abschluss des Skripts gewartet werden soll. Bei Überschreitung dieser Zeit wird das Skript abgebrochen." } ] + }, + { + "function": "SET_ALWAYS", + "type": { + "dataType": "array", + "elements": [ + { + "elementType": "select", + "elementOptions": [{ "multiple": "true", "ordeable": "true"}], + "transformers": [] + } + ] + }, + "default_value": ["devFQDN"], + "options": [ + "devFQDN", + "devName" + ], + "localized": ["name", "description"], + "name": [ + { + "language_code": "en_us", + "string": "Set always columns" + } + ], + "description": [ + { + "language_code": "en_us", + "string": "These columns are treated as authoritative and will overwrite existing values, including those set by other plugins, unless the current value was explicitly set by the user (Source = USER or Source = LOCKED)." + } + ] + }, + { + "function": "SET_EMPTY", + "type": { + "dataType": "array", + "elements": [ + { + "elementType": "select", + "elementOptions": [{ "multiple": "true", "ordeable": "true" }], + "transformers": [] + } + ] + }, + "default_value": [], + "options": [ + "devFQDN", + "devName" + ], + "localized": ["name", "description"], + "name": [ + { + "language_code": "en_us", + "string": "Set empty columns" + } + ], + "description": [ + { + "language_code": "en_us", + "string": "These columns are only overwritten if they are empty (NULL / empty string) or if their Source is set to NEWDEV" + } + ] } ], "database_column_definitions": [ diff --git a/front/plugins/newdev_template/config.json b/front/plugins/newdev_template/config.json index 0f01158d..8192a12d 100755 --- a/front/plugins/newdev_template/config.json +++ b/front/plugins/newdev_template/config.json @@ -400,7 +400,7 @@ "XC5ob21l", "LVthLWZBLUYwLTldezMyfQ==", "Iy4q", - "XC5cYg==" + "XC4k" ], "options": [], "localized": [ @@ -1588,6 +1588,38 @@ } ] }, + { + "function": "devVlan", + "type": { + "dataType": "string", + "elements": [ + { + "elementType": "input", + "elementOptions": [], + "transformers": [] + } + ] + }, + "maxLength": 50, + "default_value": "", + "options": [], + "localized": [ + "name", + "description" + ], + "name": [ + { + "language_code": "en_us", + "string": "VLAN" + } + ], + "description": [ + { + "language_code": "en_us", + "string": "The VLAN identifier or name the device belongs to. Database column name: devVlan." + } + ] + }, { "function": "devSyncHubNode", "type": { @@ -1901,38 +1933,6 @@ } ] }, - { - "function": "devVlan", - "type": { - "dataType": "string", - "elements": [ - { - "elementType": "input", - "elementOptions": [], - "transformers": [] - } - ] - }, - "maxLength": 50, - "default_value": "", - "options": [], - "localized": [ - "name", - "description" - ], - "name": [ - { - "language_code": "en_us", - "string": "VLAN" - } - ], - "description": [ - { - "language_code": "en_us", - "string": "The VLAN identifier or name the device belongs to. Database column name: devVlan." - } - ] - }, { "function": "devForceStatus", "type": { diff --git a/front/plugins/nmap_dev_scan/config.json b/front/plugins/nmap_dev_scan/config.json index 81fcf114..55cf9c77 100755 --- a/front/plugins/nmap_dev_scan/config.json +++ b/front/plugins/nmap_dev_scan/config.json @@ -467,7 +467,9 @@ "default_value": ["devMac", "devLastIP"], "options": [ "devMac", - "devLastIP" + "devLastIP", + "devName", + "devVendor" ], "localized": ["name", "description"], "name": [ @@ -538,7 +540,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-3", "show": true, "type": "device_name_mac", @@ -556,7 +558,7 @@ }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", @@ -574,7 +576,7 @@ }, { "column": "Watched_Value1", - "mapped_to_column": "cur_Name", + "mapped_to_column": "scanName", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -592,7 +594,7 @@ }, { "column": "Watched_Value2", - "mapped_to_column": "cur_Vendor", + "mapped_to_column": "scanVendor", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -618,7 +620,7 @@ }, { "column": "Watched_Value3", - "mapped_to_column": "cur_LastQuery", + "mapped_to_column": "scanLastQuery", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -640,7 +642,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "NMAPDEV" }, diff --git a/front/plugins/nslookup_scan/config.json b/front/plugins/nslookup_scan/config.json index 1589e666..6bf444d0 100755 --- a/front/plugins/nslookup_scan/config.json +++ b/front/plugins/nslookup_scan/config.json @@ -233,6 +233,68 @@ "string": "Maximale Zeit in Sekunden, die auf den Abschluss des Skripts gewartet werden soll. Bei Überschreitung dieser Zeit wird das Skript abgebrochen." } ] + }, + { + "function": "SET_ALWAYS", + "type": { + "dataType": "array", + "elements": [ + { + "elementType": "select", + "elementOptions": [{ "multiple": "true", "ordeable": "true"}], + "transformers": [] + } + ] + }, + "default_value": ["devFQDN"], + "options": [ + "devFQDN", + "devName" + ], + "localized": ["name", "description"], + "name": [ + { + "language_code": "en_us", + "string": "Set always columns" + } + ], + "description": [ + { + "language_code": "en_us", + "string": "These columns are treated as authoritative and will overwrite existing values, including those set by other plugins, unless the current value was explicitly set by the user (Source = USER or Source = LOCKED)." + } + ] + }, + { + "function": "SET_EMPTY", + "type": { + "dataType": "array", + "elements": [ + { + "elementType": "select", + "elementOptions": [{ "multiple": "true", "ordeable": "true" }], + "transformers": [] + } + ] + }, + "default_value": [], + "options": [ + "devFQDN", + "devName" + ], + "localized": ["name", "description"], + "name": [ + { + "language_code": "en_us", + "string": "Set empty columns" + } + ], + "description": [ + { + "language_code": "en_us", + "string": "These columns are only overwritten if they are empty (NULL / empty string) or if their Source is set to NEWDEV" + } + ] } ], "database_column_definitions": [ diff --git a/front/plugins/omada_sdn_imp/config.json b/front/plugins/omada_sdn_imp/config.json index 22203782..5287d147 100755 --- a/front/plugins/omada_sdn_imp/config.json +++ b/front/plugins/omada_sdn_imp/config.json @@ -483,7 +483,11 @@ "default_value": ["devMac", "devLastIP"], "options": [ "devMac", - "devLastIP" + "devLastIP", + "devName", + "devParentMAC", + "devSSID", + "devType" ], "localized": ["name", "description"], "name": [ @@ -554,7 +558,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-3", "show": true, "type": "device_name_mac", @@ -578,7 +582,7 @@ }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", @@ -602,7 +606,7 @@ }, { "column": "Watched_Value1", - "mapped_to_column": "cur_Name", + "mapped_to_column": "scanName", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -618,7 +622,7 @@ }, { "column": "Watched_Value2", - "mapped_to_column": "cur_NetworkNodeMAC", + "mapped_to_column": "scanParentMAC", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -634,7 +638,7 @@ }, { "column": "Watched_Value3", - "mapped_to_column": "cur_PORT", + "mapped_to_column": "scanParentPort", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -650,7 +654,7 @@ }, { "column": "Watched_Value4", - "mapped_to_column": "cur_SSID", + "mapped_to_column": "scanSSID", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -666,7 +670,7 @@ }, { "column": "Extra", - "mapped_to_column": "cur_Type", + "mapped_to_column": "scanType", "css_classes": "col-sm-2", "show": false, "type": "label", @@ -682,7 +686,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "OMDSDN" }, diff --git a/front/plugins/omada_sdn_imp/omada_sdn.py b/front/plugins/omada_sdn_imp/omada_sdn.py index 8ee3ffea..9447df69 100755 --- a/front/plugins/omada_sdn_imp/omada_sdn.py +++ b/front/plugins/omada_sdn_imp/omada_sdn.py @@ -320,7 +320,7 @@ def main(): # "database_column_definitions": [ # { # "column": "Object_PrimaryID", <--------- the value I save into primaryId - # "mapped_to_column": "cur_MAC", <--------- gets unserted into the CurrentScan DB table column cur_MAC + # "mapped_to_column": "scanMac", <--------- gets unserted into the CurrentScan DB table column scanMac # watched1 = 'null' , # figure a way to run my udpate script delayed @@ -330,8 +330,8 @@ def main(): myssid = device[PORT_SSID] if not device[PORT_SSID].isdigit() else "" ParentNetworkNode = ( ieee2ietf_mac_formater(device[SWITCH_AP]) - if device[SWITCH_AP] != "Internet" - else "Internet" + if device[SWITCH_AP].lower() != "internet" + else "internet" ) mymac = ieee2ietf_mac_formater(device[MAC]) plugin_objects.add_object( @@ -342,7 +342,7 @@ def main(): watched3=myport, # PORT watched4=myssid, # SSID extra=device[TYPE], - # omada_site, # SITENAME (cur_NetworkSite) or VENDOR (cur_Vendor) (PICK one and adjust config.json -> "column": "Extra") + # omada_site, # SITENAME (scanSite) or VENDOR (scanVendor) (PICK one and adjust config.json -> "column": "Extra") foreignKey=device[MAC].lower().replace("-", ":"), ) # usually MAC @@ -665,7 +665,7 @@ def get_device_data(omada_clients_output, switches_and_aps, device_handler): device_data_bymac[default_router_mac][TYPE] = "Firewall" # step2 let's find the first switch and set the default router parent to internet first_switch = device_data_bymac[default_router_mac][SWITCH_AP] - device_data_bymac[default_router_mac][SWITCH_AP] = "Internet" + device_data_bymac[default_router_mac][SWITCH_AP] = "internet" # step3 let's set the switch connected to the default gateway uplink to the default gateway and hardcode port to 1 for now: # device_data_bymac[first_switch][SWITCH_AP]=default_router_mac # device_data_bymac[first_switch][SWITCH_AP][PORT_SSID] = '1' diff --git a/front/plugins/omada_sdn_openapi/config.json b/front/plugins/omada_sdn_openapi/config.json index a9df0317..cc594202 100755 --- a/front/plugins/omada_sdn_openapi/config.json +++ b/front/plugins/omada_sdn_openapi/config.json @@ -456,7 +456,12 @@ "default_value": ["devMac", "devLastIP"], "options": [ "devMac", - "devLastIP" + "devLastIP", + "devName", + "devParentMAC", + "devSSID", + "devType", + "devSite" ], "localized": ["name", "description"], "name": [ @@ -528,7 +533,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-3", "show": true, "type": "device_name_mac", @@ -544,7 +549,7 @@ }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", @@ -560,7 +565,7 @@ }, { "column": "Watched_Value1", - "mapped_to_column": "cur_Name", + "mapped_to_column": "scanName", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -576,7 +581,7 @@ }, { "column": "Watched_Value2", - "mapped_to_column": "cur_NetworkNodeMAC", + "mapped_to_column": "scanParentMAC", "css_classes": "col-sm-2", "show": true, "type": "device_name_mac", @@ -592,7 +597,7 @@ }, { "column": "Watched_Value3", - "mapped_to_column": "cur_PORT", + "mapped_to_column": "scanParentPort", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -608,7 +613,7 @@ }, { "column": "Watched_Value4", - "mapped_to_column": "cur_SSID", + "mapped_to_column": "scanSSID", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -624,7 +629,7 @@ }, { "column": "Extra", - "mapped_to_column": "cur_Type", + "mapped_to_column": "scanType", "css_classes": "col-sm-2", "show": false, "type": "label", @@ -640,7 +645,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "OMDSDNOPENAPI" }, @@ -704,7 +709,7 @@ }, { "column": "HelpVal2", - "mapped_to_column": "cur_NetworkSite", + "mapped_to_column": "scanSite", "css_classes": "col-sm-2", "show": true, "type": "label", diff --git a/front/plugins/omada_sdn_openapi/script.py b/front/plugins/omada_sdn_openapi/script.py index 7d341126..11b17b60 100755 --- a/front/plugins/omada_sdn_openapi/script.py +++ b/front/plugins/omada_sdn_openapi/script.py @@ -413,11 +413,11 @@ class OmadaData: OmadaHelper.verbose(f"Making entry for: {entry['mac_address']}") - # If the device_type is gateway, set the parent_node to Internet + # If the device_type is gateway, set the parent_node to internet device_type = entry["device_type"].lower() parent_node = entry["parent_node_mac_address"] if len(parent_node) == 0 and entry["device_type"] == "gateway" and is_typical_router_ip(entry["ip_address"]): - parent_node = "Internet" + parent_node = "internet" # Some device type naming exceptions if device_type == "iphone": diff --git a/front/plugins/pihole_api_scan/config.json b/front/plugins/pihole_api_scan/config.json index fc94405c..2ed11f33 100644 --- a/front/plugins/pihole_api_scan/config.json +++ b/front/plugins/pihole_api_scan/config.json @@ -115,7 +115,8 @@ } ] }, - { "function": "SET_ALWAYS", + { + "function": "SET_ALWAYS", "type": { "dataType": "array", "elements": [ @@ -234,6 +235,62 @@ } ] }, + { + "function": "GET_OFFLINE", + "type": { + "dataType": "boolean", + "elements": [ + { + "elementType": "input", + "elementOptions": [{ "type": "checkbox" }], + "transformers": [] + } + ] + }, + "default_value": false, + "options": [], + "localized": ["name", "description"], + "name": [ + { + "language_code": "en_us", + "string": "Import offline" + } + ], + "description": [ + { + "language_code": "en_us", + "string": "Import offline devices. By default only online devices are retrieved." + } + ] + }, + { + "function": "CONSIDER_ONLINE", + "type": { + "dataType": "integer", + "elements": [ + { + "elementType": "input", + "elementOptions": [{ "type": "number" }], + "transformers": [] + } + ] + }, + "default_value": 300, + "options": [], + "localized": ["name", "description"], + "name": [ + { + "language_code": "en_us", + "string": "Online if last seen" + } + ], + "description": [ + { + "language_code": "en_us", + "string": "Time in seconds to consider a device online." + } + ] + }, { "function": "VERIFY_SSL", "type": { @@ -400,7 +457,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-3", "show": true, "type": "device_name_mac", @@ -416,7 +473,7 @@ }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", @@ -432,7 +489,7 @@ }, { "column": "Watched_Value1", - "mapped_to_column": "cur_Name", + "mapped_to_column": "scanName", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -448,7 +505,7 @@ }, { "column": "Watched_Value2", - "mapped_to_column": "cur_Vendor", + "mapped_to_column": "scanVendor", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -494,7 +551,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "PIHOLEAPI" }, diff --git a/front/plugins/pihole_api_scan/pihole_api_scan.py b/front/plugins/pihole_api_scan/pihole_api_scan.py index c8a9aa75..65cda801 100644 --- a/front/plugins/pihole_api_scan/pihole_api_scan.py +++ b/front/plugins/pihole_api_scan/pihole_api_scan.py @@ -42,6 +42,7 @@ PIHOLEAPI_SES_SID = None PIHOLEAPI_SES_CSRF = None PIHOLEAPI_API_MAXCLIENTS = None PIHOLEAPI_VERIFY_SSL = True +PIHOLEAPI_GET_OFFLINE = False PIHOLEAPI_RUN_TIMEOUT = 10 PIHOLEAPI_FAKE_MAC = get_setting_value('PIHOLEAPI_FAKE_MAC') VERSION_DATE = "NAX-PIHOLEAPI-1.0" @@ -195,47 +196,69 @@ def get_pihole_network_devices(): # ------------------------------------------------------------------ def gather_device_entries(): """ - Build a list of device entries suitable for Plugin_Objects.add_object. - Each entry is a dict with: mac, ip, name, macVendor, lastQuery + Build a list of device entries. + Online status is determined by comparing lastSeen (in seconds) vs the current time. """ entries = [] - - iface_map = get_pihole_interface_data() devices = get_pihole_network_devices() now_ts = int(datetime.datetime.now().timestamp()) for device in devices: hwaddr = device.get('hwaddr') - if not hwaddr or hwaddr == "00:00:00:00:00:00": + + # Filter out invalid MACs/interfaces + if not hwaddr or hwaddr in ["00:00:00:00:00:00", "ip-::"]: continue - macVendor = device.get('macVendor', '') - lastQuery = device.get('lastQuery') - # 'ips' is a list of dicts: {ip, name} - for ip_info in device.get('ips', []): + device_ips = device.get('ips', []) + if not device_ips: + continue + + # 1. Find the freshest timestamp across all IPs for this MAC + # This ensures if the device is active on ANY IP, the MAC is considered online. + max_last_seen = 0 + for ip_info in device_ips: + ls = ip_info.get('lastSeen', 0) + if ls > max_last_seen: + max_last_seen = ls + + # 2. Determine online status: (Current Time - Last Seen) <= PIHOLEAPI_CONSIDER_ONLINE + # Math is in seconds. + if (now_ts - max_last_seen) <= PIHOLEAPI_CONSIDER_ONLINE: + is_online = True + else: + is_online = False + + # 3. Skip if offline (and user doesn't want offline devices) + if not is_online and not PIHOLEAPI_GET_OFFLINE: + mylog('verbose', [f'[{pluginName}] Not online in the last {PIHOLEAPI_CONSIDER_ONLINE}s, import of offline disabled (PIHOLEAPI_GET_OFFLINE) skipping device: {device}.']) + continue + + mac_vendor = device.get('macVendor', '') + + # 4. Process each valid IP for the device + for ip_info in device_ips: ip = ip_info.get('ip') - if not ip: + + # Skip internal Pi-hole placeholders + if not ip or ip in ["0.0.0.0", "::"]: + mylog('verbose', [f'[{pluginName}] Not a valid ip ({ip}), skipping device: {device}.']) continue name = ip_info.get('name') or '(unknown)' + tmp_mac = hwaddr.lower() - # mark active if ip present on local interfaces - for mac, iplist in iface_map.items(): - if ip in iplist: - lastQuery = str(now_ts) - - tmpMac = hwaddr.lower() - - # ensure fake mac if enabled - if PIHOLEAPI_FAKE_MAC and is_mac(tmpMac) is False: - tmpMac = string_to_fake_mac(ip) + # Handle Fake MAC logic for non-standard hardware addresses + if PIHOLEAPI_FAKE_MAC and not is_mac(tmp_mac): + tmp_mac = string_to_fake_mac(ip) entries.append({ - 'mac': tmpMac, + 'mac': tmp_mac, 'ip': ip, 'name': name, - 'macVendor': macVendor, - 'lastQuery': str(lastQuery) if lastQuery is not None else '' + 'macVendor': mac_vendor, + # Pass the Unix timestamp as a string for NAX tracking + 'lastQuery': str(max_last_seen) if max_last_seen > 0 else "" }) return entries @@ -244,7 +267,7 @@ def gather_device_entries(): # ------------------------------------------------------------------ def main(): """Main plugin entrypoint.""" - global PIHOLEAPI_URL, PIHOLEAPI_PASSWORD, PIHOLEAPI_API_MAXCLIENTS, PIHOLEAPI_VERIFY_SSL, PIHOLEAPI_RUN_TIMEOUT + global PIHOLEAPI_URL, PIHOLEAPI_PASSWORD, PIHOLEAPI_API_MAXCLIENTS, PIHOLEAPI_VERIFY_SSL, PIHOLEAPI_RUN_TIMEOUT, PIHOLEAPI_GET_OFFLINE, PIHOLEAPI_CONSIDER_ONLINE mylog('verbose', [f'[{pluginName}] start script.']) @@ -260,6 +283,12 @@ def main(): # Accept boolean or string "True"/"False" PIHOLEAPI_VERIFY_SSL = get_setting_value('PIHOLEAPI_SSL_VERIFY') PIHOLEAPI_RUN_TIMEOUT = get_setting_value('PIHOLEAPI_RUN_TIMEOUT') + PIHOLEAPI_GET_OFFLINE = get_setting_value('PIHOLEAPI_GET_OFFLINE') + PIHOLEAPI_CONSIDER_ONLINE = get_setting_value('PIHOLEAPI_CONSIDER_ONLINE') + + # Fallback in case the setting is missing or returned as an empty string + if not isinstance(PIHOLEAPI_CONSIDER_ONLINE, int): + PIHOLEAPI_CONSIDER_ONLINE = 300 # Authenticate if not pihole_api_auth(): diff --git a/front/plugins/pihole_scan/config.json b/front/plugins/pihole_scan/config.json index 1fbb936b..6d96f111 100755 --- a/front/plugins/pihole_scan/config.json +++ b/front/plugins/pihole_scan/config.json @@ -385,7 +385,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-2", "show": true, "type": "device_mac", @@ -420,7 +420,7 @@ }, { "column": "Watched_Value1", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", @@ -440,7 +440,7 @@ }, { "column": "Watched_Value2", - "mapped_to_column": "cur_LastQuery", + "mapped_to_column": "scanLastQuery", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -456,7 +456,7 @@ }, { "column": "Watched_Value3", - "mapped_to_column": "cur_Name", + "mapped_to_column": "scanName", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -472,7 +472,7 @@ }, { "column": "Watched_Value4", - "mapped_to_column": "cur_Vendor", + "mapped_to_column": "scanVendor", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -488,7 +488,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "PIHOLE" }, diff --git a/front/plugins/plugin_helper.py b/front/plugins/plugin_helper.py index 6e1f99a0..b8c120ad 100755 --- a/front/plugins/plugin_helper.py +++ b/front/plugins/plugin_helper.py @@ -91,11 +91,11 @@ def is_typical_router_ip(ip_address): def is_mac(input): input_str = str(input).lower().strip() # Convert to string and lowercase so non-string values won't raise errors - # Full MAC (6 octets) e.g. AA:BB:CC:DD:EE:FF + # Full MAC (6 octets) e.g. aa:bb:cc:dd:ee:ff full_mac_re = re.compile(r"^[0-9a-f]{2}([-:]?)[0-9a-f]{2}(\1[0-9a-f]{2}){4}$") # Wildcard prefix format: exactly 3 octets followed by a trailing '*' component - # Examples: AA:BB:CC:* + # Examples: aa:bb:cc:* wildcard_re = re.compile(r"^[0-9a-f]{2}[-:]?[0-9a-f]{2}[-:]?[0-9a-f]{2}[-:]?\*$") if full_mac_re.match(input_str) or wildcard_re.match(input_str): @@ -177,27 +177,25 @@ def decode_settings_base64(encoded_str, convert_types=True): # ------------------------------------------------------------------- def normalize_mac(mac): """ - Normalize a MAC address to the standard format with colon separators. - For example, "aa-bb-cc-dd-ee-ff" will be normalized to "AA:BB:CC:DD:EE:FF". - Wildcard MAC addresses like "AA:BB:CC:*" will be normalized to "AA:BB:CC:*". + normalize a mac address to the standard format with colon separators. + for example, "AA-BB-CC-DD-EE-FF" will be normalized to "aa:bb:cc:dd:ee:ff". + wildcard mac addresses like "AA:BB:CC:*" will be normalized to "aa:bb:cc:*". - :param mac: The MAC address to normalize. - :return: The normalized MAC address. + :param mac: the mac address to normalize. + :return: the normalized mac address (lowercase). """ - s = str(mac).strip() + s = str(mac).strip().lower() - if s.lower() == "internet": - return "Internet" + if s == "internet": + return "internet" - s = s.upper() - - # Determine separator if present, prefer colon, then hyphen + # determine separator if present, prefer colon, then hyphen if ':' in s: parts = s.split(':') elif '-' in s: parts = s.split('-') else: - # No explicit separator; attempt to split every two chars + # no explicit separator; attempt to split every two chars parts = [s[i:i + 2] for i in range(0, len(s), 2)] normalized_parts = [] @@ -206,10 +204,10 @@ def normalize_mac(mac): if part == '*': normalized_parts.append('*') else: - # Ensure two hex digits (zfill is fine for alphanumeric input) + # ensure two hex digits normalized_parts.append(part.zfill(2)) - # Use colon as canonical separator + # use colon as canonical separator return ':'.join(normalized_parts) diff --git a/front/plugins/snmp_discovery/config.json b/front/plugins/snmp_discovery/config.json index 62fc7760..1a155a71 100755 --- a/front/plugins/snmp_discovery/config.json +++ b/front/plugins/snmp_discovery/config.json @@ -100,7 +100,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-2", "show": true, "type": "device_mac", @@ -120,7 +120,7 @@ }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", @@ -140,7 +140,7 @@ }, { "column": "DateTimeCreated", - "mapped_to_column": "cur_DateTime", + "mapped_to_column": "scanLastConnection", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -160,7 +160,7 @@ }, { "column": "Watched_Value1", - "mapped_to_column": "cur_Name", + "mapped_to_column": "scanName", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -275,7 +275,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "SNMPDSC" }, @@ -601,7 +601,8 @@ "default_value": ["devMac", "devLastIP"], "options": [ "devMac", - "devLastIP" + "devLastIP", + "devName" ], "localized": ["name", "description"], "name": [ diff --git a/front/plugins/sync/config.json b/front/plugins/sync/config.json index 9ef665fa..bb98a239 100755 --- a/front/plugins/sync/config.json +++ b/front/plugins/sync/config.json @@ -612,7 +612,8 @@ "default_value": ["devMac", "devLastIP"], "options": [ "devMac", - "devLastIP" + "devName", + "devVendor" ], "localized": ["name", "description"], "name": [ @@ -684,7 +685,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-3", "show": true, "type": "device_name_mac", @@ -710,7 +711,7 @@ }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", @@ -736,7 +737,7 @@ }, { "column": "Watched_Value1", - "mapped_to_column": "cur_Name", + "mapped_to_column": "scanName", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -754,7 +755,7 @@ }, { "column": "Watched_Value2", - "mapped_to_column": "cur_Vendor", + "mapped_to_column": "scanVendor", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -772,7 +773,7 @@ }, { "column": "Watched_Value3", - "mapped_to_column": "cur_SyncHubNodeName", + "mapped_to_column": "scanSyncHubNode", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -807,7 +808,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "sync" }, diff --git a/front/plugins/ui_settings/config.json b/front/plugins/ui_settings/config.json index 20fc84df..18cee2cb 100755 --- a/front/plugins/ui_settings/config.json +++ b/front/plugins/ui_settings/config.json @@ -199,7 +199,12 @@ "PGkgY2xhc3M9ImZhIGZhLWxpZ2h0YnVsYiI+PC9pPg==", "PGkgY2xhc3M9ImZhIGZhLXNoaWVsZCI+PC9pPg==", "PGkgY2xhc3M9ImZhIGZhLXdpZmkiPjwvaT4=", - "PGkgY2xhc3M9ImZhIGZhLWdhbWVwYWQiPjwvaT4=" + "PGkgY2xhc3M9ImZhIGZhLWdhbWVwYWQiPjwvaT4=", + "PGkgY2xhc3M9ImZhLXNvbGlkIGZhLXByaW50Ij48L2k+", + "PGkgY2xhc3M9ImZhLXNvbGlkIGZhLW1vYmlsZSI+PC9pPg==", + "PGkgY2xhc3M9ImZhLXNvbGlkIGZhLWhhcmQtZHJpdmUiPjwvaT4=", + "PGkgY2xhc3M9ImZhLXNvbGlkIGZhLXNlcnZlciI+PC9pPg==", + "PGkgY2xhc3M9ImZhLWJyYW5kcyBmYS1hbmRyb2lkIj48L2k+" ], "options": [], "localized": [], @@ -435,7 +440,10 @@ "Device_TableHead_CustomProps", "Device_TableHead_FQDN", "Device_TableHead_ParentRelType", - "Device_TableHead_ReqNicsOnline" + "Device_TableHead_ReqNicsOnline", + "Device_TableHead_Vlan", + "Device_TableHead_IPv4", + "Device_TableHead_IPv6" ], "localized": ["name", "description"], "name": [ @@ -512,7 +520,8 @@ "Device_TableHead_NetworkSite", "Device_TableHead_SSID", "Device_TableHead_SourcePlugin", - "Device_TableHead_ParentRelType" + "Device_TableHead_ParentRelType", + "Device_TableHead_Vlan" ], "localized": ["name", "description"], "name": [ diff --git a/front/plugins/unifi_api_import/config.json b/front/plugins/unifi_api_import/config.json index ab8080b4..8ee8fba7 100755 --- a/front/plugins/unifi_api_import/config.json +++ b/front/plugins/unifi_api_import/config.json @@ -587,7 +587,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-3", "show": true, "type": "device_name_mac", @@ -605,7 +605,7 @@ }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", @@ -623,7 +623,7 @@ }, { "column": "Watched_Value1", - "mapped_to_column": "cur_Name", + "mapped_to_column": "scanName", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -641,7 +641,7 @@ }, { "column": "Watched_Value2", - "mapped_to_column": "cur_Type", + "mapped_to_column": "scanType", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -676,7 +676,7 @@ }, { "column": "Watched_Value4", - "mapped_to_column": "cur_NetworkNodeMAC", + "mapped_to_column": "scanParentMAC", "css_classes": "col-sm-2", "show": true, "type": "device_mac", @@ -694,7 +694,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "UNIFIAPI" }, diff --git a/front/plugins/unifi_api_import/unifi_api_import.py b/front/plugins/unifi_api_import/unifi_api_import.py index 4c51f7b4..678e8a46 100755 --- a/front/plugins/unifi_api_import/unifi_api_import.py +++ b/front/plugins/unifi_api_import/unifi_api_import.py @@ -74,7 +74,7 @@ def main(): watched1 = device['dev_name'], # name watched2 = device['dev_type'], # device_type (AP/Switch etc) watched3 = device['dev_connected'], # connectedAt or empty - watched4 = device['dev_parent_mac'], # parent_mac or "Internet" + watched4 = device['dev_parent_mac'], # parent_mac or "internet" extra = '', foreignKey = device['dev_mac'] ) @@ -115,10 +115,10 @@ def get_device_data(site, api): continue device_id_to_mac[dev["id"]] = dev.get("macAddress", "") - # Helper to resolve uplinkDeviceId to parent MAC, or "Internet" if no uplink + # Helper to resolve uplinkDeviceId to parent MAC, or "internet" if no uplink def resolve_parent_mac(uplink_id): if not uplink_id: - return "Internet" + return "internet" return device_id_to_mac.get(uplink_id, "Unknown") # Process Unifi devices diff --git a/front/plugins/unifi_import/config.json b/front/plugins/unifi_import/config.json index 111e3521..ce215cc9 100755 --- a/front/plugins/unifi_import/config.json +++ b/front/plugins/unifi_import/config.json @@ -123,7 +123,7 @@ "css_classes": "col-sm-2", "default_value": "", "localized": ["name"], - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "name": [ { "language_code": "en_us", @@ -147,7 +147,7 @@ "css_classes": "col-sm-2", "default_value": "", "localized": ["name"], - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "name": [ { "language_code": "en_us", @@ -194,7 +194,7 @@ "css_classes": "col-sm-2", "default_value": "", "localized": ["name"], - "mapped_to_column": "cur_DateTime", + "mapped_to_column": "scanLastConnection", "name": [ { "language_code": "en_us", @@ -218,7 +218,7 @@ "css_classes": "col-sm-2", "default_value": "", "localized": ["name"], - "mapped_to_column": "cur_Name", + "mapped_to_column": "scanName", "name": [ { "language_code": "en_us", @@ -239,7 +239,7 @@ }, { "column": "Watched_Value2", - "mapped_to_column": "cur_Vendor", + "mapped_to_column": "scanVendor", "css_classes": "col-sm-2", "default_value": "", "localized": ["name"], @@ -263,7 +263,7 @@ }, { "column": "Watched_Value3", - "mapped_to_column": "cur_Type", + "mapped_to_column": "scanType", "css_classes": "col-sm-2", "default_value": "", "localized": ["name"], @@ -336,7 +336,7 @@ "css_classes": "col-sm-2", "default_value": "", "localized": ["name"], - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "UNFIMP" }, @@ -383,7 +383,7 @@ }, { "column": "HelpVal1", - "mapped_to_column": "cur_NetworkNodeMAC", + "mapped_to_column": "scanParentMAC", "css_classes": "col-sm-2", "default_value": "", "localized": ["name"], @@ -399,7 +399,7 @@ }, { "column": "HelpVal2", - "mapped_to_column": "cur_PORT", + "mapped_to_column": "scanParentPort", "css_classes": "col-sm-2", "default_value": "", "localized": ["name"], @@ -935,6 +935,7 @@ "devName", "devVendor", "devSSID", + "devType", "devParentMAC", "devParentPort" ], diff --git a/front/plugins/unifi_import/script.py b/front/plugins/unifi_import/script.py index d62154b7..d2a3886b 100755 --- a/front/plugins/unifi_import/script.py +++ b/front/plugins/unifi_import/script.py @@ -173,7 +173,7 @@ def collect_details(device_type, devices, online_macs, processed_macs, plugin_ob # override parent MAC if this is a router if parentMac == 'null' and is_typical_router_ip(ipTmp): - parentMac = 'Internet' + parentMac = 'internet' # Add object only if not processed if macTmp not in processed_macs and (status == 1 or force_import is True): diff --git a/front/plugins/vendor_update/config.json b/front/plugins/vendor_update/config.json index d487dab2..79f29f93 100755 --- a/front/plugins/vendor_update/config.json +++ b/front/plugins/vendor_update/config.json @@ -428,7 +428,7 @@ }, { "column": "Object_PrimaryID", - "mapped_to_column": "cur_MAC", + "mapped_to_column": "scanMac", "css_classes": "col-sm-2", "show": true, "type": "device_mac", @@ -452,7 +452,7 @@ }, { "column": "Object_SecondaryID", - "mapped_to_column": "cur_IP", + "mapped_to_column": "scanLastIP", "css_classes": "col-sm-2", "show": true, "type": "device_ip", @@ -499,7 +499,7 @@ }, { "column": "DateTimeChanged", - "mapped_to_column": "cur_DateTime", + "mapped_to_column": "scanLastConnection", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -523,7 +523,7 @@ }, { "column": "Dummy", - "mapped_to_column": "cur_ScanMethod", + "mapped_to_column": "scanSourcePlugin", "mapped_to_column_data": { "value": "VNDRPDT" }, @@ -550,7 +550,7 @@ }, { "column": "Watched_Value1", - "mapped_to_column": "cur_Vendor", + "mapped_to_column": "scanVendor", "css_classes": "col-sm-2", "show": true, "type": "label", @@ -570,7 +570,7 @@ }, { "column": "Watched_Value2", - "mapped_to_column": "cur_Name", + "mapped_to_column": "scanName", "css_classes": "col-sm-2", "show": true, "type": "label", diff --git a/front/pluginsCore.php b/front/pluginsCore.php index 4a6a3897..63675993 100755 --- a/front/pluginsCore.php +++ b/front/pluginsCore.php @@ -572,7 +572,7 @@ function purgeAllExecute() { data: JSON.stringify({ dbtable: dbTable, columnName: 'Plugin', - id: plugPrefix + id: [plugPrefix] }), contentType: "application/json", success: function(response, textStatus) { @@ -603,15 +603,18 @@ function deleteListed(plugPrefixArg, dbTableArg) { // Ask for confirmation showModalWarning(`${getString('Gen_Purge')} ${plugPrefix} ${dbTable}`, `${getString('Gen_AreYouSure')} (${idArr.length})`, - `${getString('Gen_Cancel')}`, `${getString('Gen_Okay')}`, "deleteListedExecute"); + `${getString('Gen_Cancel')}`, `${getString('Gen_Okay')}`, () => deleteListedExecute(idArr)); } // -------------------------------------------------------- -function deleteListedExecute() { +function deleteListedExecute(idArr) { const apiBase = getApiBase(); const apiToken = getSetting("API_TOKEN"); const url = `${apiBase}/dbquery/delete`; + console.log(idArr); + + $.ajax({ method: "POST", url: url, @@ -619,7 +622,7 @@ function deleteListedExecute() { data: JSON.stringify({ dbtable: dbTable, columnName: 'Index', - id: idArr.toString() + id: idArr }), contentType: "application/json", success: function(response, textStatus) { diff --git a/front/settings.php b/front/settings.php index 899cdef0..2dc298bd 100755 --- a/front/settings.php +++ b/front/settings.php @@ -511,10 +511,10 @@ $settingsJSON_DB = json_encode($settings, JSON_HEX_TAG | JSON_HEX_AMP | JSON_HEX } // INPUT - inputFormHtml = generateFormHtml(settingsData, set, valIn, null, null); + inputFormHtml = generateFormHtml(settingsData, set, valIn, null, null, false); - // construct final HTML for the setting - setHtml += inputFormHtml + overrideHtml + ` + // construct final HTML for the setting + setHtml += inputFormHtml + overrideHtml + `
` diff --git a/front/workflowsCore.php b/front/workflowsCore.php index 32a25967..b2942e6e 100755 --- a/front/workflowsCore.php +++ b/front/workflowsCore.php @@ -12,7 +12,7 @@
- +
@@ -43,15 +43,17 @@ let workflows = []; let fieldOptions = [ - "devName", "devMac", "devOwner", "devType", "devVendor", "devFavorite", + "devName", "devMac", "devOwner", "devType", "devVendor", "devVlan", "devFavorite", "devGroup", "devComments", "devFirstConnection", "devLastConnection", "devLastIP", "devStaticIP", "devScan", "devLogEvents", "devAlertEvents", "devAlertDown", "devSkipRepeated", "devLastNotification", "devPresentLastScan", "devIsNew", "devLocation", "devIsArchived", "devParentMAC", "devParentPort", - "devIcon", "devSite", "devSSID", "devSyncHubNode", "devSourcePlugin", "devFQDN", - "devParentRelType", "devReqNicsOnline" + "devIcon", "devSite", "devSSID", "devSyncHubNode", "devSourcePlugin", "devFQDN", + "devParentRelType", "devReqNicsOnline", "devNameSource", "devVendorSource" , + "devSSIDSource", "devParentMACSource" , "devParentPortSource" , "devParentRelTypeSource", + "devVlanSource" ]; - + let triggerTypes = [ "Devices" ]; @@ -79,7 +81,7 @@ let emptyWorkflow = { }, "conditions": [ ], - "actions": [ + "actions": [ ] }; @@ -131,25 +133,25 @@ function renderWorkflows() { // Generate UI for a single workflow function generateWorkflowUI(wf, wfIndex) { - let wfEnabled = (wf?.enabled ?? "No") == "Yes"; + let wfEnabled = (wf?.enabled ?? "No") == "Yes"; - let $wfContainer = $("
", { - class: "workflow-card panel col-sm-12 col-sx-12", - id: `wf-${wfIndex}-container` + let $wfContainer = $("
", { + class: "workflow-card panel col-sm-12 col-sx-12", + id: `wf-${wfIndex}-container` }); // Workflow Name let $wfLinkWrap = $("
", { class: " ", - id: `wf-${wfIndex}-header` + id: `wf-${wfIndex}-header` } ) - let $wfEnabledIcon = $("", { + let $wfEnabledIcon = $("", { class: `alignRight fa ${wfEnabled ? "fa-dot-circle" : "fa-circle" }` }); - + let $wfHeaderLink = $("", { @@ -163,7 +165,7 @@ function generateWorkflowUI(wf, wfIndex) { let $wfHeaderHeading = $("

", { - class: "panel-title" + class: "panel-title" } ).text(wf.name) @@ -176,34 +178,34 @@ function generateWorkflowUI(wf, wfIndex) { let isOpen = panelState === "true"; // Convert stored string to boolean console.log(`panel isOpen: ${isOpen}` ); - - let $wfCollapsiblePanel = $("
", { - class: ` panel-collapse collapse ${isOpen ? 'in' : ''}`, - id: `wf-${wfIndex}-collapsible-panel` + + let $wfCollapsiblePanel = $("
", { + class: ` panel-collapse collapse ${isOpen ? 'in' : ''}`, + id: `wf-${wfIndex}-collapsible-panel` }); let $wfEnabled = createEditableDropdown( - `[${wfIndex}].enabled`, + `[${wfIndex}].enabled`, getString("WF_Enabled"), - wfEnabledOptions, - wfEnabled ? "Yes" :"No", + wfEnabledOptions, + wfEnabled ? "Yes" :"No", `wf-${wfIndex}-enabled` ); $wfCollapsiblePanel.append($wfEnabled) let $wfNameInput = createEditableInput( - `[${wfIndex}].name`, - getString("WF_Name"), - wf.name, - `wf-${wfIndex}-name`, + `[${wfIndex}].name`, + getString("WF_Name"), + wf.name, + `wf-${wfIndex}-name`, "workflow-name-input" ); $wfCollapsiblePanel.append($wfNameInput) - let $triggersIcon = $("", { + let $triggersIcon = $("", { class: "fa-solid fa-bolt" }); @@ -221,34 +223,34 @@ function generateWorkflowUI(wf, wfIndex) { ).append($triggerTitle); let $triggerTypeDropdown = createEditableDropdown( - `[${wfIndex}].trigger.object_type`, + `[${wfIndex}].trigger.object_type`, getString("WF_Trigger_type"), - triggerTypes, - wf.trigger.object_type, + triggerTypes, + wf.trigger.object_type, `wf-${wfIndex}-trigger-object-type` ); let $eventTypeDropdown = createEditableDropdown( - `[${wfIndex}].trigger.event_type`, - getString("WF_Trigger_event_type"), - triggerEvents, - wf.trigger.event_type, + `[${wfIndex}].trigger.event_type`, + getString("WF_Trigger_event_type"), + triggerEvents, + wf.trigger.event_type, `wf-${wfIndex}-trigger-event-type` ); - let $triggerIcon = $("", { + let $triggerIcon = $("", { class: "fa-solid fa-bolt bckg-icon-2-line" }); $triggerSection.append($triggerIcon); $triggerSection.append($triggerTypeDropdown); $triggerSection.append($eventTypeDropdown); - + $wfCollapsiblePanel.append($triggerSection); // Conditions - let $conditionsIcon = $("", { + let $conditionsIcon = $("", { class: "fa-solid fa-arrows-split-up-and-left fa-rotate-270" }); @@ -262,10 +264,10 @@ function generateWorkflowUI(wf, wfIndex) { $conditionsContainer.append(renderConditions(wfIndex, `[${wfIndex}]`, 0, wf.conditions)); - + $wfCollapsiblePanel.append($conditionsContainer); - let $actionsIcon = $("", { + let $actionsIcon = $("", { class: "fa-solid fa-person-running fa-flip-horizontal" }); @@ -295,10 +297,10 @@ function generateWorkflowUI(wf, wfIndex) { // Dropdown for action.type let $actionDropdown= createEditableDropdown( - `[${wfIndex}].actions[${actionIndex}].type`, - getString("WF_Action_type"), - actionTypes, - action.type, + `[${wfIndex}].actions[${actionIndex}].type`, + getString("WF_Action_type"), + actionTypes, + action.type, `wf-${wfIndex}-actionIndex-${actionIndex}-type` ); @@ -314,23 +316,23 @@ function generateWorkflowUI(wf, wfIndex) { // Dropdown for action.field let $fieldDropdown = createEditableDropdown( - `[${wfIndex}].actions[${actionIndex}].field`, - getString("WF_Action_field"), - fieldOptions, - action.field, + `[${wfIndex}].actions[${actionIndex}].field`, + getString("WF_Action_field"), + fieldOptions, + action.field, `wf-${wfIndex}-actionIndex-${actionIndex}-field` ); // Textbox for action.value let $actionValueInput = createEditableInput( - `[${wfIndex}].actions[${actionIndex}].value`, - getString("WF_Action_value"), - action.value, - `wf-${wfIndex}-actionIndex-${actionIndex}-value`, + `[${wfIndex}].actions[${actionIndex}].value`, + getString("WF_Action_value"), + action.value, + `wf-${wfIndex}-actionIndex-${actionIndex}-value`, "action-value-input" ); - + $actionEl.append($fieldDropdown); $actionEl.append($actionValueInput); @@ -340,7 +342,7 @@ function generateWorkflowUI(wf, wfIndex) { let $actionRemoveButtonWrap = $("
", { class: "button-container col-sm-1 col-sx-12" }); - let $actionRemoveIcon = $("", { + let $actionRemoveIcon = $("", { class: "fa-solid fa-trash" }); @@ -353,14 +355,14 @@ function generateWorkflowUI(wf, wfIndex) { $actionRemoveButtonWrap.append($actionRemoveButton); - let $actionIcon = $("", { + let $actionIcon = $("", { class: `fa-solid fa-person-running fa-flip-horizontal bckg-icon-${numberOfLines}-line ` }); $actionEl.prepend($actionIcon) $actionElWrap.append($actionEl) - + $actionElWrap.append($actionRemoveButtonWrap) $actionsContainer.append($actionElWrap); @@ -370,7 +372,7 @@ function generateWorkflowUI(wf, wfIndex) { // add action button let $actionAddButtonWrap = $("
", { class: "button-container col-sm-12 col-sx-12" }); - let $actionAddIcon = $("", { + let $actionAddIcon = $("", { class: "fa-solid fa-plus" }); let $actionAddButton = $("
", { @@ -382,10 +384,10 @@ function generateWorkflowUI(wf, wfIndex) { $actionAddButtonWrap.append($actionAddButton) $actionsContainer.append($actionAddButtonWrap) - + let $wfRemoveButtonWrap = $("
", { class: "button-container col-sm-4 col-sx-12" }); - let $wfRemoveIcon = $("", { + let $wfRemoveIcon = $("", { class: "fa-solid fa-trash" }); @@ -399,7 +401,7 @@ function generateWorkflowUI(wf, wfIndex) { let $wfDuplicateButtonWrap = $("
", { class: "button-container col-sm-4 col-sx-12" }); - let $wfDuplicateIcon = $("", { + let $wfDuplicateIcon = $("", { class: "fa-solid fa-copy" }); @@ -412,7 +414,7 @@ function generateWorkflowUI(wf, wfIndex) { let $wfExportButtonWrap = $("
", { class: "button-container col-sm-4 col-sx-12" }); - let $wfExportIcon = $("", { + let $wfExportIcon = $("", { class: "fa-solid fa-file-export" }); @@ -422,13 +424,13 @@ function generateWorkflowUI(wf, wfIndex) { }) .append($wfExportIcon) // Add icon .append(` ${getString("WF_Export")}`); // Add text - + $wfCollapsiblePanel.append($actionsContainer); $wfCollapsiblePanel.append($wfDuplicateButtonWrap.append($wfDuplicateButton)) $wfCollapsiblePanel.append($wfExportButtonWrap.append($wfExportButton)) $wfCollapsiblePanel.append($wfRemoveButtonWrap.append($wfRemoveButton)) - + $wfContainer.append($wfCollapsiblePanel) @@ -439,24 +441,24 @@ function generateWorkflowUI(wf, wfIndex) { // -------------------------------------- // Render conditions recursively function renderConditions(wfIndex, parentIndexPath, conditionGroupsIndex, conditions) { - let $conditionList = $("
", { + let $conditionList = $("
", { class: "condition-list panel col-sm-12 col-sx-12", - parentIndexPath: parentIndexPath + parentIndexPath: parentIndexPath }); lastConditionIndex = 0 - let $conditionListWrap = $("
", { + let $conditionListWrap = $("
", { class: `condition-list-wrap ${conditionGroupsIndex==0?"col-sm-12":"col-sm-11"} col-sx-12`, conditionGroupsIndex: conditionGroupsIndex }); - let $deleteConditionGroupWrap = $("
", { + let $deleteConditionGroupWrap = $("
", { class: "condition-group-wrap-del col-sm-1 col-sx-12" }); $.each(conditions, function (conditionIndex, condition) { - + let currentPath = `${parentIndexPath}.conditions[${conditionIndex}]`; if (condition.logic) { @@ -467,16 +469,16 @@ function renderConditions(wfIndex, parentIndexPath, conditionGroupsIndex, condit ); let $logicDropdown = createEditableDropdown( - `${currentPath}.logic`, - getString("WF_Conditions_logic_rules"), - ["AND", "OR"], - condition.logic, + `${currentPath}.logic`, + getString("WF_Conditions_logic_rules"), + ["AND", "OR"], + condition.logic, `wf-${wfIndex}-${currentPath.replace(/\./g, "-")}-logic` // id ); $nestedCondition.append($logicDropdown); - - $conditionListNested = renderConditions(wfIndex, currentPath, conditionGroupsIndex+1, condition.conditions) + + $conditionListNested = renderConditions(wfIndex, currentPath, conditionGroupsIndex+1, condition.conditions) $nestedCondition.append($conditionListNested); // Recursive call for nested conditions @@ -484,7 +486,7 @@ function renderConditions(wfIndex, parentIndexPath, conditionGroupsIndex, condit } else { // INDIVIDUAL CONDITIONS - let $conditionIcon = $("", { + let $conditionIcon = $("", { class: "fa-solid fa-arrows-split-up-and-left fa-rotate-270 bckg-icon-3-line " }); @@ -505,27 +507,27 @@ function renderConditions(wfIndex, parentIndexPath, conditionGroupsIndex, condit // Create dropdown for condition field let $fieldDropdown = createEditableDropdown( `${currentPath}.field`, - getString("WF_Condition_field"), - fieldOptions, - condition.field, + getString("WF_Condition_field"), + fieldOptions, + condition.field, `wf-${wfIndex}-${currentPath.replace(/\./g, "-")}-field` ); // Create dropdown for operator let $operatorDropdown = createEditableDropdown( - `${currentPath}.operator`, - getString("WF_Condition_operator"), - operatorTypes, - condition.operator, + `${currentPath}.operator`, + getString("WF_Condition_operator"), + operatorTypes, + condition.operator, `wf-${wfIndex}-${currentPath.replace(/\./g, "-")}-operator` ); // Editable input for condition value let $editableInput = createEditableInput( - `${currentPath}.value`, - getString("WF_Condition_value"), - condition.value, - `wf-${wfIndex}-${currentPath.replace(/\./g, "-")}-value`, + `${currentPath}.value`, + getString("WF_Condition_value"), + condition.value, + `wf-${wfIndex}-${currentPath.replace(/\./g, "-")}-value`, "condition-value-input" ); @@ -535,7 +537,7 @@ function renderConditions(wfIndex, parentIndexPath, conditionGroupsIndex, condit $conditionItemsWrap.append($editableInput); // Append editable input for condition value let $conditionRemoveButtonWrap = $("
", { class: "button-container col-sm-1 col-sx-12" }); - let $conditionRemoveButtonIcon = $("", { + let $conditionRemoveButtonIcon = $("", { class: "fa-solid fa-trash" }); let $conditionRemoveButton = $("
", { @@ -549,7 +551,7 @@ function renderConditions(wfIndex, parentIndexPath, conditionGroupsIndex, condit $conditionItem.append($conditionItemsWrap); $conditionItem.append($conditionRemoveButtonWrap); - $conditionList.append($conditionItem); + $conditionList.append($conditionItem); } lastConditionIndex = conditionIndex @@ -562,7 +564,7 @@ function renderConditions(wfIndex, parentIndexPath, conditionGroupsIndex, condit if (conditionGroupsIndex != 0) { // Add Condition button let $conditionAddWrap = $("
", { class: "button-container col-sm-6 col-sx-12" }); - let $conditionAddIcon = $("", { + let $conditionAddIcon = $("", { class: "fa-solid fa-plus" }); let $conditionAddButton = $("
", { @@ -574,7 +576,7 @@ function renderConditions(wfIndex, parentIndexPath, conditionGroupsIndex, condit // Remove Condition Group button let $conditionGroupRemoveWrap = $("
", { class: "button-container col-sx-12" }); - let $conditionGroupRemoveIcon = $("", { + let $conditionGroupRemoveIcon = $("", { class: "fa-solid fa-trash" }); let $conditionGroupRemoveButton = $("
", { @@ -592,7 +594,7 @@ function renderConditions(wfIndex, parentIndexPath, conditionGroupsIndex, condit // Add Condition Group button let $conditionsGroupAddWrap = $("
", { class: "button-container col-sm-6 col-sx-12" }); - let $conditionsGroupAddIcon = $("", { + let $conditionsGroupAddIcon = $("", { class: "fa-solid fa-plus" }); let $conditionsGroupAddButton = $("
", { @@ -606,9 +608,9 @@ function renderConditions(wfIndex, parentIndexPath, conditionGroupsIndex, condit $conditionList.append($addButtonWrap); $conditionListWrap.append($conditionList) - - - let $res = $("
", { + + + let $res = $("
", { class: "condition-list-res col-sm-12 col-sx-12" }); @@ -627,8 +629,8 @@ function createEditableDropdown(jsonPath, labelText, options, selectedValue, id) class: "form-group col-sm-12 col-sx-12" }); - let $label = $(" ', '', '', '', 'importWorkflowExecute', null, "" ); } function importWorkflowExecute() -{ +{ var json = JSON.parse($('#modal-input-textarea').val()); - + workflows = getWorkflowsJson() - + workflows.push(json); updateWorkflowsJson(workflows) @@ -998,7 +1000,7 @@ function removeAction(workflows, wfIndex, actionIndex) { } console.log(actionIndex); - + // Remove the specified condition target.actions.splice(actionIndex, 1); @@ -1016,15 +1018,15 @@ function removeConditionGroup(workflows, wfIndex, parentIndexPath) { // Split the path by dots const parts = parentIndexPath.split('.'); - + // Extract the last part (index) const lastIndex = parts.pop().replace(/\D/g, ''); // Remove any non-numeric characters - + // Rebuild the path without the last part const newPath = parts.join('.'); - console.log(parentIndexPath); - console.log(newPath); + console.log(parentIndexPath); + console.log(newPath); // Navigate to the target nested object let target = getNestedObject(workflows, newPath); @@ -1074,22 +1076,22 @@ function getNestedObject(obj, path) { function getWorkflowsJson() { return workflows = JSON.parse(getCache('workflows')) || getEmptyWorkflowJson(); -} +} // --------------------------------------------------- // Get workflows JSON function updateWorkflowsJson(workflows) -{ +{ // Store the updated workflows object back into cache setCache('workflows', JSON.stringify(workflows)); -} +} // --------------------------------------------------- // Get empty workflow JSON function getEmptyWorkflowJson() { return emptyWorkflow; -} +} // --------------------------------------------------- // Save workflows JSON @@ -1100,11 +1102,11 @@ function saveWorkflows() // import $.post('php/server/query_replace_config.php', { base64data: appConfBase64, fileName: "workflows.json" }, function(msg) { - console.log(msg); - // showMessage(msg); + console.log(msg); + // showMessage(msg); write_notification(`[WF]: ${msg}`, 'interrupt'); }); -} +} // --------------------------------------------------- // Event listeners @@ -1154,7 +1156,7 @@ $(document).on("click", ".remove-condition", function () { let wfIndex = $(this).attr("wfindex"); let parentIndexPath = $(this).attr("parentIndexPath"); let conditionIndex = parseInt($(this).attr("conditionIndex"), 10); - + removeCondition(getWorkflowsJson(), wfIndex, parentIndexPath, conditionIndex); }); @@ -1162,7 +1164,7 @@ $(document).on("click", ".remove-condition", function () { $(document).on("click", ".remove-action", function () { let wfIndex = $(this).attr("wfindex"); let actionIndex = $(this).attr("actionIndex"); - + removeAction(getWorkflowsJson(), wfIndex, actionIndex); }); diff --git a/install/nix/flake.nix b/install/nix/flake.nix new file mode 100644 index 00000000..aeab9960 --- /dev/null +++ b/install/nix/flake.nix @@ -0,0 +1,94 @@ +{ + description = "NixOS module for NetAlertX network monitoring"; + + outputs = { self }: { + nixosModules.default = { config, lib, ... }: + with lib; + let + cfg = config.services.netalertx; + in { + options.services.netalertx = { + enable = mkEnableOption "netalertx"; + port = mkOption { + type = types.port; + default = 20211; + description = "Port to listen on for web gui"; + }; + graphqlPort = mkOption { + type = types.port; + default = 20212; + description = "Port to listen on for GraphQL requests"; + }; + puid = mkOption { + type = types.int; + default = 20211; + description = "PUID to run the app"; + }; + pgid = mkOption { + type = types.int; + default = 20211; + description = "PGID to run the app"; + }; + imageTag = mkOption { + type = types.str; + default = "26.1.17"; + description = "Image tag to run"; + }; + backendApiUrl = mkOption { + type = types.str; + default = "http://localhost:${toString cfg.graphqlPort}"; + description = "URL to use when accessing GraphQL server"; + }; + }; + config = mkIf cfg.enable { + users.users.netalertx = { + isSystemUser = true; + group = "netalertx"; + uid = cfg.puid; + }; + users.groups.netalertx = { + gid = cfg.pgid; + }; + systemd.tmpfiles.rules = [ + "d /var/lib/netalertx 0755 ${toString cfg.puid} ${toString cfg.pgid} -" + "d /var/lib/netalertx/db 0755 ${toString cfg.puid} ${toString cfg.pgid} -" + "d /var/lib/netalertx/config 0755 ${toString cfg.puid} ${toString cfg.pgid} -" + ]; + virtualisation.oci-containers = { + containers = { + netalertx = { + image = "ghcr.io/netalertx/netalertx:${cfg.imageTag}"; + autoStart = true; + extraOptions = [ + "--network=host" + "--cap-drop=ALL" + "--cap-add=NET_ADMIN" + "--cap-add=NET_RAW" + "--cap-add=NET_BIND_SERVICE" + "--cap-add=CHOWN" + "--cap-add=SETUID" + "--cap-add=SETGID" + "--read-only" + "--tmpfs=/tmp" + ]; + volumes = [ + "/var/lib/netalertx:/data" + "/etc/localtime:/etc/localtime:ro" + ]; + environment = { + PUID = toString cfg.puid; + PGID = toString cfg.pgid; + LISTEN_ADDR = "0.0.0.0"; + PORT = "${toString cfg.port}"; + GRAPHQL_PORT = "${toString cfg.graphqlPort}"; + APP_CONF_OVERRIDE = builtins.toJSON { BACKEND_API_URL = cfg.backendApiUrl; }; + ALWAYS_FRESH_INSTALL = "false"; + NETALERTX_DEBUG = "0"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/install/production-filesystem/entrypoint.d/20-first-run-config.sh b/install/production-filesystem/entrypoint.d/20-first-run-config.sh index 8e37f2d6..e568eee3 100755 --- a/install/production-filesystem/entrypoint.d/20-first-run-config.sh +++ b/install/production-filesystem/entrypoint.d/20-first-run-config.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # first-run-check.sh - Checks and initializes configuration files on first run # Fix permissions if config directory exists but is unreadable @@ -6,17 +6,79 @@ if [ -d "${NETALERTX_CONFIG}" ]; then chmod u+rwX "${NETALERTX_CONFIG}" 2>/dev/null || true fi chmod u+rw "${NETALERTX_CONFIG}/app.conf" 2>/dev/null || true + +### Helper function to set the SCAN_SUBNETS based on active interfaces during first run +get_scan_subnets() { + _list="" + while read -r _cidr _iface; do + [[ "$_iface" =~ ^(lo|docker|veth) ]] && continue + + # Robustly get network address regardless of ipcalc version + if ipcalc -n "$_cidr" | grep -q '^Network:'; then + # Debian-style + _net=$(ipcalc -n "$_cidr" | grep '^Network:' | awk '{print $2}' | cut -d/ -f1) + else + # Alpine-style (Busybox) + _net=$(ipcalc -n "$_cidr" | awk -F= '{print $2}' | awk '{print $1}') + fi + _mask=$(echo "$_cidr" | cut -d/ -f2) + _entry="${_net}/${_mask} --interface=${_iface}" + + if [ -z "$_list" ]; then + _list="'$_entry'" + else + _list="$_list,'$_entry'" + fi + done < <(ip -o -4 addr show scope global | awk '{print $4, $2}') + + [ -z "$_list" ] && printf "['--localnet']" || printf "[%s]" "$_list" +} + +set -eu + +CYAN=$(printf '\033[1;36m') +RED=$(printf '\033[1;31m') +RESET=$(printf '\033[0m') + +# Ensure config folder exists +if [ ! -d "${NETALERTX_CONFIG}" ]; then + if ! mkdir -p "${NETALERTX_CONFIG}"; then + >&2 printf "%s" "${RED}" + >&2 cat <&2 printf "%s" "${RESET}" + exit 1 + fi + chmod 700 "${NETALERTX_CONFIG}" 2>/dev/null || true +fi + +# Fresh rebuild requested +if [ "${ALWAYS_FRESH_INSTALL:-false}" = "true" ] && [ -e "${NETALERTX_CONFIG}/app.conf" ]; then + >&2 echo "INFO: ALWAYS_FRESH_INSTALL enabled — removing existing config." + rm -rf "${NETALERTX_CONFIG:?}"/* +fi + # Check for app.conf and deploy if required if [ ! -f "${NETALERTX_CONFIG}/app.conf" ]; then - mkdir -p "${NETALERTX_CONFIG}" || { - >&2 echo "ERROR: Failed to create config directory ${NETALERTX_CONFIG}" - exit 1 - } install -m 600 /app/back/app.conf "${NETALERTX_CONFIG}/app.conf" || { >&2 echo "ERROR: Failed to deploy default config to ${NETALERTX_CONFIG}/app.conf" exit 2 } - RESET=$(printf '\033[0m') + # Generate the dynamic subnet list + SCAN_LIST=$(get_scan_subnets | tr -d '\n\r') + + # Inject into the newly deployed config + sed -i "s|^SCAN_SUBNETS=.*|SCAN_SUBNETS=$SCAN_LIST|" "${NETALERTX_CONFIG}/app.conf" ||true + + >&2 printf "%s" "${CYAN}" >&2 cat <&2 printf "%s" "${RESET}" + >&2 printf "%s" "${RESET}" fi diff --git a/install/production-filesystem/entrypoint.d/25-first-run-db.sh b/install/production-filesystem/entrypoint.d/25-first-run-db.sh index 2f601030..0f6646d8 100755 --- a/install/production-filesystem/entrypoint.d/25-first-run-db.sh +++ b/install/production-filesystem/entrypoint.d/25-first-run-db.sh @@ -58,419 +58,7 @@ EOF # Write all text to db file until we see "end-of-database-schema" -sqlite3 "${NETALERTX_DB_FILE}" <<'end-of-database-schema' -CREATE TABLE Events (eve_MAC STRING (50) NOT NULL COLLATE NOCASE, eve_IP STRING (50) NOT NULL COLLATE NOCASE, eve_DateTime DATETIME NOT NULL, eve_EventType STRING (30) NOT NULL COLLATE NOCASE, eve_AdditionalInfo STRING (250) DEFAULT (''), eve_PendingAlertEmail BOOLEAN NOT NULL CHECK (eve_PendingAlertEmail IN (0, 1)) DEFAULT (1), eve_PairEventRowid INTEGER); -CREATE TABLE Sessions (ses_MAC STRING (50) COLLATE NOCASE, ses_IP STRING (50) COLLATE NOCASE, ses_EventTypeConnection STRING (30) COLLATE NOCASE, ses_DateTimeConnection DATETIME, ses_EventTypeDisconnection STRING (30) COLLATE NOCASE, ses_DateTimeDisconnection DATETIME, ses_StillConnected BOOLEAN, ses_AdditionalInfo STRING (250)); -CREATE TABLE IF NOT EXISTS "Online_History" ( - "Index" INTEGER, - "Scan_Date" TEXT, - "Online_Devices" INTEGER, - "Down_Devices" INTEGER, - "All_Devices" INTEGER, - "Archived_Devices" INTEGER, - "Offline_Devices" INTEGER, - PRIMARY KEY("Index" AUTOINCREMENT) - ); -CREATE TABLE Devices ( - devMac STRING (50) PRIMARY KEY NOT NULL COLLATE NOCASE, - devName STRING (50) NOT NULL DEFAULT "(unknown)", - devOwner STRING (30) DEFAULT "(unknown)" NOT NULL, - devType STRING (30), - devVendor STRING (250), - devFavorite BOOLEAN CHECK (devFavorite IN (0, 1)) DEFAULT (0) NOT NULL, - devGroup STRING (10), - devComments TEXT, - devFirstConnection DATETIME NOT NULL, - devLastConnection DATETIME NOT NULL, - devLastIP STRING (50) NOT NULL COLLATE NOCASE, - devStaticIP BOOLEAN DEFAULT (0) NOT NULL CHECK (devStaticIP IN (0, 1)), - devScan INTEGER DEFAULT (1) NOT NULL, - devLogEvents BOOLEAN NOT NULL DEFAULT (1) CHECK (devLogEvents IN (0, 1)), - devAlertEvents BOOLEAN NOT NULL DEFAULT (1) CHECK (devAlertEvents IN (0, 1)), - devAlertDown BOOLEAN NOT NULL DEFAULT (0) CHECK (devAlertDown IN (0, 1)), - devSkipRepeated INTEGER DEFAULT 0 NOT NULL, - devLastNotification DATETIME, - devPresentLastScan BOOLEAN NOT NULL DEFAULT (0) CHECK (devPresentLastScan IN (0, 1)), - devIsNew BOOLEAN NOT NULL DEFAULT (1) CHECK (devIsNew IN (0, 1)), - devLocation STRING (250) COLLATE NOCASE, - devIsArchived BOOLEAN NOT NULL DEFAULT (0) CHECK (devIsArchived IN (0, 1)), - devParentMAC TEXT, - devParentPort INTEGER, - devParentRelType TEXT, - devIcon TEXT, - devGUID TEXT, - devSite TEXT, - devSSID TEXT, - devSyncHubNode TEXT, - devSourcePlugin TEXT, - devFQDN TEXT, - "devCustomProps" TEXT); -CREATE TABLE IF NOT EXISTS "Settings" ( - "setKey" TEXT, - "setName" TEXT, - "setDescription" TEXT, - "setType" TEXT, - "setOptions" TEXT, - "setGroup" TEXT, - "setValue" TEXT, - "setEvents" TEXT, - "setOverriddenByEnv" INTEGER - ); -CREATE TABLE IF NOT EXISTS "Parameters" ( - "par_ID" TEXT PRIMARY KEY, - "par_Value" TEXT - ); -CREATE TABLE Plugins_Objects( - "Index" INTEGER, - Plugin TEXT NOT NULL, - Object_PrimaryID TEXT NOT NULL, - Object_SecondaryID TEXT NOT NULL, - DateTimeCreated TEXT NOT NULL, - DateTimeChanged TEXT NOT NULL, - Watched_Value1 TEXT NOT NULL, - Watched_Value2 TEXT NOT NULL, - Watched_Value3 TEXT NOT NULL, - Watched_Value4 TEXT NOT NULL, - Status TEXT NOT NULL, - Extra TEXT NOT NULL, - UserData TEXT NOT NULL, - ForeignKey TEXT NOT NULL, - SyncHubNodeName TEXT, - "HelpVal1" TEXT, - "HelpVal2" TEXT, - "HelpVal3" TEXT, - "HelpVal4" TEXT, - ObjectGUID TEXT, - PRIMARY KEY("Index" AUTOINCREMENT) - ); -CREATE TABLE Plugins_Events( - "Index" INTEGER, - Plugin TEXT NOT NULL, - Object_PrimaryID TEXT NOT NULL, - Object_SecondaryID TEXT NOT NULL, - DateTimeCreated TEXT NOT NULL, - DateTimeChanged TEXT NOT NULL, - Watched_Value1 TEXT NOT NULL, - Watched_Value2 TEXT NOT NULL, - Watched_Value3 TEXT NOT NULL, - Watched_Value4 TEXT NOT NULL, - Status TEXT NOT NULL, - Extra TEXT NOT NULL, - UserData TEXT NOT NULL, - ForeignKey TEXT NOT NULL, - SyncHubNodeName TEXT, - "HelpVal1" TEXT, - "HelpVal2" TEXT, - "HelpVal3" TEXT, - "HelpVal4" TEXT, "ObjectGUID" TEXT, - PRIMARY KEY("Index" AUTOINCREMENT) - ); -CREATE TABLE Plugins_History( - "Index" INTEGER, - Plugin TEXT NOT NULL, - Object_PrimaryID TEXT NOT NULL, - Object_SecondaryID TEXT NOT NULL, - DateTimeCreated TEXT NOT NULL, - DateTimeChanged TEXT NOT NULL, - Watched_Value1 TEXT NOT NULL, - Watched_Value2 TEXT NOT NULL, - Watched_Value3 TEXT NOT NULL, - Watched_Value4 TEXT NOT NULL, - Status TEXT NOT NULL, - Extra TEXT NOT NULL, - UserData TEXT NOT NULL, - ForeignKey TEXT NOT NULL, - SyncHubNodeName TEXT, - "HelpVal1" TEXT, - "HelpVal2" TEXT, - "HelpVal3" TEXT, - "HelpVal4" TEXT, "ObjectGUID" TEXT, - PRIMARY KEY("Index" AUTOINCREMENT) - ); -CREATE TABLE Plugins_Language_Strings( - "Index" INTEGER, - Language_Code TEXT NOT NULL, - String_Key TEXT NOT NULL, - String_Value TEXT NOT NULL, - Extra TEXT NOT NULL, - PRIMARY KEY("Index" AUTOINCREMENT) - ); -CREATE TABLE CurrentScan ( - cur_MAC STRING(50) NOT NULL COLLATE NOCASE, - cur_IP STRING(50) NOT NULL COLLATE NOCASE, - cur_Vendor STRING(250), - cur_ScanMethod STRING(10), - cur_Name STRING(250), - cur_LastQuery STRING(250), - cur_DateTime STRING(250), - cur_SyncHubNodeName STRING(50), - cur_NetworkSite STRING(250), - cur_SSID STRING(250), - cur_NetworkNodeMAC STRING(250), - cur_PORT STRING(250), - cur_Type STRING(250), - UNIQUE(cur_MAC) - ); -CREATE TABLE IF NOT EXISTS "AppEvents" ( - "Index" INTEGER PRIMARY KEY AUTOINCREMENT, - "GUID" TEXT UNIQUE, - "AppEventProcessed" BOOLEAN, - "DateTimeCreated" TEXT, - "ObjectType" TEXT, - "ObjectGUID" TEXT, - "ObjectPlugin" TEXT, - "ObjectPrimaryID" TEXT, - "ObjectSecondaryID" TEXT, - "ObjectForeignKey" TEXT, - "ObjectIndex" TEXT, - "ObjectIsNew" BOOLEAN, - "ObjectIsArchived" BOOLEAN, - "ObjectStatusColumn" TEXT, - "ObjectStatus" TEXT, - "AppEventType" TEXT, - "Helper1" TEXT, - "Helper2" TEXT, - "Helper3" TEXT, - "Extra" TEXT - ); -CREATE TABLE IF NOT EXISTS "Notifications" ( - "Index" INTEGER, - "GUID" TEXT UNIQUE, - "DateTimeCreated" TEXT, - "DateTimePushed" TEXT, - "Status" TEXT, - "JSON" TEXT, - "Text" TEXT, - "HTML" TEXT, - "PublishedVia" TEXT, - "Extra" TEXT, - PRIMARY KEY("Index" AUTOINCREMENT) - ); -CREATE INDEX IDX_eve_DateTime ON Events (eve_DateTime); -CREATE INDEX IDX_eve_EventType ON Events (eve_EventType COLLATE NOCASE); -CREATE INDEX IDX_eve_MAC ON Events (eve_MAC COLLATE NOCASE); -CREATE INDEX IDX_eve_PairEventRowid ON Events (eve_PairEventRowid); -CREATE INDEX IDX_ses_EventTypeDisconnection ON Sessions (ses_EventTypeDisconnection COLLATE NOCASE); -CREATE INDEX IDX_ses_EventTypeConnection ON Sessions (ses_EventTypeConnection COLLATE NOCASE); -CREATE INDEX IDX_ses_DateTimeDisconnection ON Sessions (ses_DateTimeDisconnection); -CREATE INDEX IDX_ses_MAC ON Sessions (ses_MAC COLLATE NOCASE); -CREATE INDEX IDX_ses_DateTimeConnection ON Sessions (ses_DateTimeConnection); -CREATE INDEX IDX_dev_PresentLastScan ON Devices (devPresentLastScan); -CREATE INDEX IDX_dev_FirstConnection ON Devices (devFirstConnection); -CREATE INDEX IDX_dev_AlertDeviceDown ON Devices (devAlertDown); -CREATE INDEX IDX_dev_StaticIP ON Devices (devStaticIP); -CREATE INDEX IDX_dev_ScanCycle ON Devices (devScan); -CREATE INDEX IDX_dev_Favorite ON Devices (devFavorite); -CREATE INDEX IDX_dev_LastIP ON Devices (devLastIP); -CREATE INDEX IDX_dev_NewDevice ON Devices (devIsNew); -CREATE INDEX IDX_dev_Archived ON Devices (devIsArchived); -CREATE VIEW Events_Devices AS - SELECT * - FROM Events - LEFT JOIN Devices ON eve_MAC = devMac -/* Events_Devices(eve_MAC,eve_IP,eve_DateTime,eve_EventType,eve_AdditionalInfo,eve_PendingAlertEmail,eve_PairEventRowid,devMac,devName,devOwner,devType,devVendor,devFavorite,devGroup,devComments,devFirstConnection,devLastConnection,devLastIP,devStaticIP,devScan,devLogEvents,devAlertEvents,devAlertDown,devSkipRepeated,devLastNotification,devPresentLastScan,devIsNew,devLocation,devIsArchived,devParentMAC,devParentPort,devIcon,devGUID,devSite,devSSID,devSyncHubNode,devSourcePlugin,devCustomProps) */; -CREATE VIEW LatestEventsPerMAC AS - WITH RankedEvents AS ( - SELECT - e.*, - ROW_NUMBER() OVER (PARTITION BY e.eve_MAC ORDER BY e.eve_DateTime DESC) AS row_num - FROM Events AS e - ) - SELECT - e.*, - d.*, - c.* - FROM RankedEvents AS e - LEFT JOIN Devices AS d ON e.eve_MAC = d.devMac - INNER JOIN CurrentScan AS c ON e.eve_MAC = c.cur_MAC - WHERE e.row_num = 1 -/* LatestEventsPerMAC(eve_MAC,eve_IP,eve_DateTime,eve_EventType,eve_AdditionalInfo,eve_PendingAlertEmail,eve_PairEventRowid,row_num,devMac,devName,devOwner,devType,devVendor,devFavorite,devGroup,devComments,devFirstConnection,devLastConnection,devLastIP,devStaticIP,devScan,devLogEvents,devAlertEvents,devAlertDown,devSkipRepeated,devLastNotification,devPresentLastScan,devIsNew,devLocation,devIsArchived,devParentMAC,devParentPort,devIcon,devGUID,devSite,devSSID,devSyncHubNode,devSourcePlugin,devCustomProps,cur_MAC,cur_IP,cur_Vendor,cur_ScanMethod,cur_Name,cur_LastQuery,cur_DateTime,cur_SyncHubNodeName,cur_NetworkSite,cur_SSID,cur_NetworkNodeMAC,cur_PORT,cur_Type) */; -CREATE VIEW Sessions_Devices AS SELECT * FROM Sessions LEFT JOIN "Devices" ON ses_MAC = devMac -/* Sessions_Devices(ses_MAC,ses_IP,ses_EventTypeConnection,ses_DateTimeConnection,ses_EventTypeDisconnection,ses_DateTimeDisconnection,ses_StillConnected,ses_AdditionalInfo,devMac,devName,devOwner,devType,devVendor,devFavorite,devGroup,devComments,devFirstConnection,devLastConnection,devLastIP,devStaticIP,devScan,devLogEvents,devAlertEvents,devAlertDown,devSkipRepeated,devLastNotification,devPresentLastScan,devIsNew,devLocation,devIsArchived,devParentMAC,devParentPort,devIcon,devGUID,devSite,devSSID,devSyncHubNode,devSourcePlugin,devCustomProps) */; -CREATE VIEW Convert_Events_to_Sessions AS SELECT EVE1.eve_MAC, - EVE1.eve_IP, - EVE1.eve_EventType AS eve_EventTypeConnection, - EVE1.eve_DateTime AS eve_DateTimeConnection, - CASE WHEN EVE2.eve_EventType IN ('Disconnected', 'Device Down') OR - EVE2.eve_EventType IS NULL THEN EVE2.eve_EventType ELSE '' END AS eve_EventTypeDisconnection, - CASE WHEN EVE2.eve_EventType IN ('Disconnected', 'Device Down') THEN EVE2.eve_DateTime ELSE NULL END AS eve_DateTimeDisconnection, - CASE WHEN EVE2.eve_EventType IS NULL THEN 1 ELSE 0 END AS eve_StillConnected, - EVE1.eve_AdditionalInfo - FROM Events AS EVE1 - LEFT JOIN - Events AS EVE2 ON EVE1.eve_PairEventRowID = EVE2.RowID - WHERE EVE1.eve_EventType IN ('New Device', 'Connected','Down Reconnected') - UNION - SELECT eve_MAC, - eve_IP, - '' AS eve_EventTypeConnection, - NULL AS eve_DateTimeConnection, - eve_EventType AS eve_EventTypeDisconnection, - eve_DateTime AS eve_DateTimeDisconnection, - 0 AS eve_StillConnected, - eve_AdditionalInfo - FROM Events AS EVE1 - WHERE (eve_EventType = 'Device Down' OR - eve_EventType = 'Disconnected') AND - EVE1.eve_PairEventRowID IS NULL -/* Convert_Events_to_Sessions(eve_MAC,eve_IP,eve_EventTypeConnection,eve_DateTimeConnection,eve_EventTypeDisconnection,eve_DateTimeDisconnection,eve_StillConnected,eve_AdditionalInfo) */; -CREATE TRIGGER "trg_insert_devices" - AFTER INSERT ON "Devices" - WHEN NOT EXISTS ( - SELECT 1 FROM AppEvents - WHERE AppEventProcessed = 0 - AND ObjectType = 'Devices' - AND ObjectGUID = NEW.devGUID - AND ObjectStatus = CASE WHEN NEW.devPresentLastScan = 1 THEN 'online' ELSE 'offline' END - AND AppEventType = 'insert' - ) - BEGIN - INSERT INTO "AppEvents" ( - "GUID", - "DateTimeCreated", - "AppEventProcessed", - "ObjectType", - "ObjectGUID", - "ObjectPrimaryID", - "ObjectSecondaryID", - "ObjectStatus", - "ObjectStatusColumn", - "ObjectIsNew", - "ObjectIsArchived", - "ObjectForeignKey", - "ObjectPlugin", - "AppEventType" - ) - VALUES ( - - lower( - hex(randomblob(4)) || '-' || hex(randomblob(2)) || '-' || '4' || - substr(hex( randomblob(2)), 2) || '-' || - substr('AB89', 1 + (abs(random()) % 4) , 1) || - substr(hex(randomblob(2)), 2) || '-' || - hex(randomblob(6)) - ) - , - DATETIME('now'), - FALSE, - 'Devices', - NEW.devGUID, -- ObjectGUID - NEW.devMac, -- ObjectPrimaryID - NEW.devLastIP, -- ObjectSecondaryID - CASE WHEN NEW.devPresentLastScan = 1 THEN 'online' ELSE 'offline' END, -- ObjectStatus - 'devPresentLastScan', -- ObjectStatusColumn - NEW.devIsNew, -- ObjectIsNew - NEW.devIsArchived, -- ObjectIsArchived - NEW.devGUID, -- ObjectForeignKey - 'DEVICES', -- ObjectForeignKey - 'insert' - ); - END; -CREATE TRIGGER "trg_update_devices" - AFTER UPDATE ON "Devices" - WHEN NOT EXISTS ( - SELECT 1 FROM AppEvents - WHERE AppEventProcessed = 0 - AND ObjectType = 'Devices' - AND ObjectGUID = NEW.devGUID - AND ObjectStatus = CASE WHEN NEW.devPresentLastScan = 1 THEN 'online' ELSE 'offline' END - AND AppEventType = 'update' - ) - BEGIN - INSERT INTO "AppEvents" ( - "GUID", - "DateTimeCreated", - "AppEventProcessed", - "ObjectType", - "ObjectGUID", - "ObjectPrimaryID", - "ObjectSecondaryID", - "ObjectStatus", - "ObjectStatusColumn", - "ObjectIsNew", - "ObjectIsArchived", - "ObjectForeignKey", - "ObjectPlugin", - "AppEventType" - ) - VALUES ( - - lower( - hex(randomblob(4)) || '-' || hex(randomblob(2)) || '-' || '4' || - substr(hex( randomblob(2)), 2) || '-' || - substr('AB89', 1 + (abs(random()) % 4) , 1) || - substr(hex(randomblob(2)), 2) || '-' || - hex(randomblob(6)) - ) - , - DATETIME('now'), - FALSE, - 'Devices', - NEW.devGUID, -- ObjectGUID - NEW.devMac, -- ObjectPrimaryID - NEW.devLastIP, -- ObjectSecondaryID - CASE WHEN NEW.devPresentLastScan = 1 THEN 'online' ELSE 'offline' END, -- ObjectStatus - 'devPresentLastScan', -- ObjectStatusColumn - NEW.devIsNew, -- ObjectIsNew - NEW.devIsArchived, -- ObjectIsArchived - NEW.devGUID, -- ObjectForeignKey - 'DEVICES', -- ObjectForeignKey - 'update' - ); - END; -CREATE TRIGGER "trg_delete_devices" - AFTER DELETE ON "Devices" - WHEN NOT EXISTS ( - SELECT 1 FROM AppEvents - WHERE AppEventProcessed = 0 - AND ObjectType = 'Devices' - AND ObjectGUID = OLD.devGUID - AND ObjectStatus = CASE WHEN OLD.devPresentLastScan = 1 THEN 'online' ELSE 'offline' END - AND AppEventType = 'delete' - ) - BEGIN - INSERT INTO "AppEvents" ( - "GUID", - "DateTimeCreated", - "AppEventProcessed", - "ObjectType", - "ObjectGUID", - "ObjectPrimaryID", - "ObjectSecondaryID", - "ObjectStatus", - "ObjectStatusColumn", - "ObjectIsNew", - "ObjectIsArchived", - "ObjectForeignKey", - "ObjectPlugin", - "AppEventType" - ) - VALUES ( - - lower( - hex(randomblob(4)) || '-' || hex(randomblob(2)) || '-' || '4' || - substr(hex( randomblob(2)), 2) || '-' || - substr('AB89', 1 + (abs(random()) % 4) , 1) || - substr(hex(randomblob(2)), 2) || '-' || - hex(randomblob(6)) - ) - , - DATETIME('now'), - FALSE, - 'Devices', - OLD.devGUID, -- ObjectGUID - OLD.devMac, -- ObjectPrimaryID - OLD.devLastIP, -- ObjectSecondaryID - CASE WHEN OLD.devPresentLastScan = 1 THEN 'online' ELSE 'offline' END, -- ObjectStatus - 'devPresentLastScan', -- ObjectStatusColumn - OLD.devIsNew, -- ObjectIsNew - OLD.devIsArchived, -- ObjectIsArchived - OLD.devGUID, -- ObjectForeignKey - 'DEVICES', -- ObjectForeignKey - 'delete' - ); - END; -end-of-database-schema +sqlite3 "${NETALERTX_DB_FILE}" < "${NETALERTX_SERVER}/db/schema/app.sql" database_creation_status=$? diff --git a/install/production-filesystem/services/config/nginx/netalertx.conf.template b/install/production-filesystem/services/config/nginx/netalertx.conf.template index 6a567056..abe3e9e1 100755 --- a/install/production-filesystem/services/config/nginx/netalertx.conf.template +++ b/install/production-filesystem/services/config/nginx/netalertx.conf.template @@ -94,6 +94,19 @@ http { access_log /tmp/log/nginx-access.log main; + # Map 1: The Legacy Logic (Referer Match) + map "$http_referer|$http_host" $sec_legacy { + "~^https?://(?[^/:]+)(?::\d+)?/.*\|\k(?::\d+)?$" "TRUSTED"; + default "UNTRUSTED"; + } + + # Map 2: Strict Same-Origin Enforcement + map $http_sec_fetch_site $is_trusted { + "same-origin" "TRUSTED"; + "" $sec_legacy; # Fallback only if header is missing + default "UNTRUSTED"; # Blocks 'same-site' and 'cross-site' + } + # Virtual host config server { listen ${LISTEN_ADDR}:${PORT} default_server; @@ -102,6 +115,31 @@ http { index index.php; add_header X-Forwarded-Prefix "/app" always; + location /server/ { + # 1. Enforcement + error_page 403 /403_internal.html; + if ($is_trusted != "TRUSTED") { + return 403; + } + + # 2. Path Rewriting & Proxy + rewrite ^/server/(.*)$ /$1 break; + proxy_pass http://127.0.0.1:${BACKEND_PORT}; + + # 3. Performance & SSE (Per #1440) + proxy_buffering off; + proxy_cache off; + proxy_http_version 1.1; + proxy_set_header Connection ""; + client_max_body_size 50m; + proxy_read_timeout 3600s; + + # 4. Standard Proxy Headers + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } location ~* \.php$ { # Set Cache-Control header to prevent caching on the first load diff --git a/install/production-filesystem/services/start-nginx.sh b/install/production-filesystem/services/start-nginx.sh index 7f17fbac..4d4bb668 100755 --- a/install/production-filesystem/services/start-nginx.sh +++ b/install/production-filesystem/services/start-nginx.sh @@ -42,9 +42,32 @@ if [ "$(id -u)" -eq 0 ]; then NGINX_USER_DIRECTIVE="user root;" fi +# ------------------------------------------------------------------ +# BACKEND_PORT RESOLUTION +# ------------------------------------------------------------------ +# Priority 1: APP_CONF_OVERRIDE (parsed via jq) +# Priority 2: GRAPHQL_PORT env var +# Priority 3: Default 20212 + +# Default +export BACKEND_PORT=20212 + +# Check env var +if [ -n "${GRAPHQL_PORT:-}" ]; then + export BACKEND_PORT="${GRAPHQL_PORT}" +fi + +# Check override (highest priority) +if [ -n "${APP_CONF_OVERRIDE:-}" ]; then + override_port=$(echo "${APP_CONF_OVERRIDE}" | jq -r '.GRAPHQL_PORT // empty') + if [ -n "${override_port}" ]; then + export BACKEND_PORT="${override_port}" + fi +fi + # Shell check doesn't recognize envsubst variables # shellcheck disable=SC2016 -if envsubst '${LISTEN_ADDR} ${PORT} ${NGINX_USER_DIRECTIVE}' < "${SYSTEM_NGINX_CONFIG_TEMPLATE}" > "${TEMP_CONFIG_FILE}" 2>/dev/null; then +if envsubst '${LISTEN_ADDR} ${PORT} ${NGINX_USER_DIRECTIVE} ${BACKEND_PORT}' < "${SYSTEM_NGINX_CONFIG_TEMPLATE}" > "${TEMP_CONFIG_FILE}" 2>/dev/null; then mv "${TEMP_CONFIG_FILE}" "${SYSTEM_SERVICES_ACTIVE_CONFIG_FILE}" else echo "Note: Unable to write to ${SYSTEM_SERVICES_ACTIVE_CONFIG_FILE}. Using default configuration." diff --git a/install/proxmox/proxmox-install-netalertx.sh b/install/proxmox/proxmox-install-netalertx.sh index 64c3872e..da9c5845 100755 --- a/install/proxmox/proxmox-install-netalertx.sh +++ b/install/proxmox/proxmox-install-netalertx.sh @@ -185,7 +185,7 @@ printf "%b\n" "${GREEN}[INSTALLING] ${RESET}Cloning app printf "%b\n" "--------------------------------------------------------------------------" mkdir -p "$INSTALL_DIR" -git clone https://github.com/jokob-sk/NetAlertX.git "$INSTALL_DIR/" +git clone https://github.com/netalertx/NetAlertX.git "$INSTALL_DIR/" if [ ! -f "$INSTALL_DIR/front/buildtimestamp.txt" ]; then date +%s > "$INSTALL_DIR/front/buildtimestamp.txt" diff --git a/mkdocs.yml b/mkdocs.yml index 6e964b88..dd4769de 100755 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -1,6 +1,6 @@ -site_name: NetAlertX Documentation +site_name: Documentation site_url: https://docs.netalertx.com -repo_url: https://github.com/jokob-sk/NetAlertX/ +repo_url: https://github.com/netalertx/NetAlertX/ edit_uri: blob/main/docs/ docs_dir: docs use_directory_urls: true @@ -57,7 +57,10 @@ nav: - Authelia: AUTHELIA.md - Performance: PERFORMANCE.md - Reverse DNS: REVERSE_DNS.md - - Reverse Proxy: REVERSE_PROXY.md + - Reverse Proxy: + - Reverse Proxy Overview: REVERSE_PROXY.md + - Caddy and Authentik: REVERSE_PROXY_CADDY.md + - Traefik: REVERSE_PROXY_TRAEFIK.md - Webhooks (n8n): WEBHOOK_N8N.md - Workflows: WORKFLOWS.md - Workflow Examples: WORKFLOW_EXAMPLES.md @@ -73,7 +76,7 @@ nav: - Custom Properties: CUSTOM_PROPERTIES.md - Device Display Settings: DEVICE_DISPLAY_SETTINGS.md - Session Info: SESSION_INFO.md - - Field Lock/Unlock: QUICK_REFERENCE_FIELD_LOCK.md + - Field Lock/Unlock: DEVICE_FIELD_LOCK.md - Icons and Topology: - Icons: ICONS.md - Network Topology: NETWORK_TREE.md @@ -138,7 +141,7 @@ theme: custom_dir: docs/overrides metadata: description: "NetAlertX Documentation - The go-to resource for all things related to NetAlertX." - image: "https://raw.githubusercontent.com/jokob-sk/NetAlertX/main/front/img/netalertx_docs.png" + image: "https://raw.githubusercontent.com/netalertx/NetAlertX/main/front/img/netalertx_docs.png" extra: home_hide_sidebar: true analytics: @@ -215,4 +218,8 @@ plugins: - gh-admonitions - search +# Custom CSS +extra_css: + - stylesheets/custom.css + favicon: /img/netalertx_docs.png diff --git a/scripts/db_cleanup/db_cleanup.py b/scripts/db_cleanup/db_cleanup.py index 9fabf0e5..e55ee5e6 100755 --- a/scripts/db_cleanup/db_cleanup.py +++ b/scripts/db_cleanup/db_cleanup.py @@ -36,7 +36,7 @@ def check_and_clean_device(): tables_checks = [ f"SELECT 'Events' as source, * FROM Events WHERE eve_MAC='{mac}'", f"SELECT 'Devices' as source, * FROM Devices WHERE dev_MAC='{mac}'", - f"SELECT 'CurrentScan' as source, * FROM CurrentScan WHERE cur_MAC='{mac}'", + f"SELECT 'CurrentScan' as source, * FROM CurrentScan WHERE scanMac='{mac}'", f"SELECT 'Notifications' as source, * FROM Notifications WHERE JSON LIKE '%{mac}%'", f"SELECT 'AppEvents' as source, * FROM AppEvents WHERE ObjectPrimaryID LIKE '%{mac}%' OR ObjectSecondaryID LIKE '%{mac}%'", f"SELECT 'Plugins_Objects' as source, * FROM Plugins_Objects WHERE Object_PrimaryID LIKE '%{mac}%'" @@ -56,7 +56,7 @@ def check_and_clean_device(): deletes = [ f"DELETE FROM Events WHERE eve_MAC='{mac}'", f"DELETE FROM Devices WHERE dev_MAC='{mac}'", - f"DELETE FROM CurrentScan WHERE cur_MAC='{mac}'", + f"DELETE FROM CurrentScan WHERE scanMac='{mac}'", f"DELETE FROM Notifications WHERE JSON LIKE '%{mac}%'", f"DELETE FROM AppEvents WHERE ObjectPrimaryID LIKE '%{mac}%' OR ObjectSecondaryID LIKE '%{mac}%'", f"DELETE FROM Plugins_Objects WHERE Object_PrimaryID LIKE '%{mac}%'" @@ -75,7 +75,7 @@ def check_and_clean_device(): tables_checks = [ f"SELECT 'Events' as source, * FROM Events WHERE eve_IP='{ip}'", f"SELECT 'Devices' as source, * FROM Devices WHERE dev_LastIP='{ip}'", - f"SELECT 'CurrentScan' as source, * FROM CurrentScan WHERE cur_IP='{ip}'", + f"SELECT 'CurrentScan' as source, * FROM CurrentScan WHERE scanLastIP='{ip}'", f"SELECT 'Notifications' as source, * FROM Notifications WHERE JSON LIKE '%{ip}%'", f"SELECT 'AppEvents' as source, * FROM AppEvents WHERE ObjectSecondaryID LIKE '%{ip}%'", f"SELECT 'Plugins_Objects' as source, * FROM Plugins_Objects WHERE Object_SecondaryID LIKE '%{ip}%'" @@ -95,7 +95,7 @@ def check_and_clean_device(): deletes = [ f"DELETE FROM Events WHERE eve_IP='{ip}'", f"DELETE FROM Devices WHERE dev_LastIP='{ip}'", - f"DELETE FROM CurrentScan WHERE cur_IP='{ip}'", + f"DELETE FROM CurrentScan WHERE scanLastIP='{ip}'", f"DELETE FROM Notifications WHERE JSON LIKE '%{ip}%'", f"DELETE FROM AppEvents WHERE ObjectSecondaryID LIKE '%{ip}%'", f"DELETE FROM Plugins_Objects WHERE Object_SecondaryID LIKE '%{ip}%'" diff --git a/scripts/db_cleanup/regenerate-database.sh b/scripts/db_cleanup/regenerate-database.sh index b690148c..0940082b 100755 --- a/scripts/db_cleanup/regenerate-database.sh +++ b/scripts/db_cleanup/regenerate-database.sh @@ -4,421 +4,17 @@ NETALERTX_DB_FILE=${NETALERTX_DB:-/data/db}/app.db #remove the old database -rm "${NETALERTX_DB_FILE}" +rm -f "${NETALERTX_DB_FILE}" "${NETALERTX_DB_FILE}-shm" "${NETALERTX_DB_FILE}-wal" -# Write schema to text to app.db file until we see "end-of-database-schema" -cat << end-of-database-schema > "${NETALERTX_DB_FILE}.sql" -CREATE TABLE sqlite_stat1(tbl,idx,stat); -CREATE TABLE Events (eve_MAC STRING (50) NOT NULL COLLATE NOCASE, eve_IP STRING (50) NOT NULL COLLATE NOCASE, eve_DateTime DATETIME NOT NULL, eve_EventType STRING (30) NOT NULL COLLATE NOCASE, eve_AdditionalInfo STRING (250) DEFAULT (''), eve_PendingAlertEmail BOOLEAN NOT NULL CHECK (eve_PendingAlertEmail IN (0, 1)) DEFAULT (1), eve_PairEventRowid INTEGER); -CREATE TABLE Sessions (ses_MAC STRING (50) COLLATE NOCASE, ses_IP STRING (50) COLLATE NOCASE, ses_EventTypeConnection STRING (30) COLLATE NOCASE, ses_DateTimeConnection DATETIME, ses_EventTypeDisconnection STRING (30) COLLATE NOCASE, ses_DateTimeDisconnection DATETIME, ses_StillConnected BOOLEAN, ses_AdditionalInfo STRING (250)); -CREATE TABLE IF NOT EXISTS "Online_History" ( - "Index" INTEGER, - "Scan_Date" TEXT, - "Online_Devices" INTEGER, - "Down_Devices" INTEGER, - "All_Devices" INTEGER, - "Archived_Devices" INTEGER, - "Offline_Devices" INTEGER, - PRIMARY KEY("Index" AUTOINCREMENT) - ); -CREATE TABLE Devices ( - devMac STRING (50) PRIMARY KEY NOT NULL COLLATE NOCASE, - devName STRING (50) NOT NULL DEFAULT "(unknown)", - devOwner STRING (30) DEFAULT "(unknown)" NOT NULL, - devType STRING (30), - devVendor STRING (250), - devFavorite BOOLEAN CHECK (devFavorite IN (0, 1)) DEFAULT (0) NOT NULL, - devGroup STRING (10), - devComments TEXT, - devFirstConnection DATETIME NOT NULL, - devLastConnection DATETIME NOT NULL, - devLastIP STRING (50) NOT NULL COLLATE NOCASE, - devStaticIP BOOLEAN DEFAULT (0) NOT NULL CHECK (devStaticIP IN (0, 1)), - devScan INTEGER DEFAULT (1) NOT NULL, - devLogEvents BOOLEAN NOT NULL DEFAULT (1) CHECK (devLogEvents IN (0, 1)), - devAlertEvents BOOLEAN NOT NULL DEFAULT (1) CHECK (devAlertEvents IN (0, 1)), - devAlertDown BOOLEAN NOT NULL DEFAULT (0) CHECK (devAlertDown IN (0, 1)), - devSkipRepeated INTEGER DEFAULT 0 NOT NULL, - devLastNotification DATETIME, - devPresentLastScan BOOLEAN NOT NULL DEFAULT (0) CHECK (devPresentLastScan IN (0, 1)), - devIsNew BOOLEAN NOT NULL DEFAULT (1) CHECK (devIsNew IN (0, 1)), - devLocation STRING (250) COLLATE NOCASE, - devIsArchived BOOLEAN NOT NULL DEFAULT (0) CHECK (devIsArchived IN (0, 1)), - devParentMAC TEXT, - devParentPort INTEGER, - devIcon TEXT, - devGUID TEXT, - devSite TEXT, - devSSID TEXT, - devSyncHubNode TEXT, - devSourcePlugin TEXT - , "devCustomProps" TEXT); -CREATE TABLE IF NOT EXISTS "Settings" ( - "setKey" TEXT, - "setName" TEXT, - "setDescription" TEXT, - "setType" TEXT, - "setOptions" TEXT, - "setGroup" TEXT, - "setValue" TEXT, - "setEvents" TEXT, - "setOverriddenByEnv" INTEGER - ); -CREATE TABLE IF NOT EXISTS "Parameters" ( - "par_ID" TEXT PRIMARY KEY, - "par_Value" TEXT - ); -CREATE TABLE Plugins_Objects( - "Index" INTEGER, - Plugin TEXT NOT NULL, - Object_PrimaryID TEXT NOT NULL, - Object_SecondaryID TEXT NOT NULL, - DateTimeCreated TEXT NOT NULL, - DateTimeChanged TEXT NOT NULL, - Watched_Value1 TEXT NOT NULL, - Watched_Value2 TEXT NOT NULL, - Watched_Value3 TEXT NOT NULL, - Watched_Value4 TEXT NOT NULL, - Status TEXT NOT NULL, - Extra TEXT NOT NULL, - UserData TEXT NOT NULL, - ForeignKey TEXT NOT NULL, - SyncHubNodeName TEXT, - "HelpVal1" TEXT, - "HelpVal2" TEXT, - "HelpVal3" TEXT, - "HelpVal4" TEXT, - ObjectGUID TEXT, - PRIMARY KEY("Index" AUTOINCREMENT) - ); -CREATE TABLE Plugins_Events( - "Index" INTEGER, - Plugin TEXT NOT NULL, - Object_PrimaryID TEXT NOT NULL, - Object_SecondaryID TEXT NOT NULL, - DateTimeCreated TEXT NOT NULL, - DateTimeChanged TEXT NOT NULL, - Watched_Value1 TEXT NOT NULL, - Watched_Value2 TEXT NOT NULL, - Watched_Value3 TEXT NOT NULL, - Watched_Value4 TEXT NOT NULL, - Status TEXT NOT NULL, - Extra TEXT NOT NULL, - UserData TEXT NOT NULL, - ForeignKey TEXT NOT NULL, - SyncHubNodeName TEXT, - "HelpVal1" TEXT, - "HelpVal2" TEXT, - "HelpVal3" TEXT, - "HelpVal4" TEXT, "ObjectGUID" TEXT, - PRIMARY KEY("Index" AUTOINCREMENT) - ); -CREATE TABLE Plugins_History( - "Index" INTEGER, - Plugin TEXT NOT NULL, - Object_PrimaryID TEXT NOT NULL, - Object_SecondaryID TEXT NOT NULL, - DateTimeCreated TEXT NOT NULL, - DateTimeChanged TEXT NOT NULL, - Watched_Value1 TEXT NOT NULL, - Watched_Value2 TEXT NOT NULL, - Watched_Value3 TEXT NOT NULL, - Watched_Value4 TEXT NOT NULL, - Status TEXT NOT NULL, - Extra TEXT NOT NULL, - UserData TEXT NOT NULL, - ForeignKey TEXT NOT NULL, - SyncHubNodeName TEXT, - "HelpVal1" TEXT, - "HelpVal2" TEXT, - "HelpVal3" TEXT, - "HelpVal4" TEXT, "ObjectGUID" TEXT, - PRIMARY KEY("Index" AUTOINCREMENT) - ); -CREATE TABLE Plugins_Language_Strings( - "Index" INTEGER, - Language_Code TEXT NOT NULL, - String_Key TEXT NOT NULL, - String_Value TEXT NOT NULL, - Extra TEXT NOT NULL, - PRIMARY KEY("Index" AUTOINCREMENT) - ); -CREATE TABLE CurrentScan ( - cur_MAC STRING(50) NOT NULL COLLATE NOCASE, - cur_IP STRING(50) NOT NULL COLLATE NOCASE, - cur_Vendor STRING(250), - cur_ScanMethod STRING(10), - cur_Name STRING(250), - cur_LastQuery STRING(250), - cur_DateTime STRING(250), - cur_SyncHubNodeName STRING(50), - cur_NetworkSite STRING(250), - cur_SSID STRING(250), - cur_NetworkNodeMAC STRING(250), - cur_PORT STRING(250), - cur_Type STRING(250), - UNIQUE(cur_MAC) - ); -CREATE TABLE IF NOT EXISTS "AppEvents" ( - "Index" INTEGER PRIMARY KEY AUTOINCREMENT, - "GUID" TEXT UNIQUE, - "AppEventProcessed" BOOLEAN, - "DateTimeCreated" TEXT, - "ObjectType" TEXT, - "ObjectGUID" TEXT, - "ObjectPlugin" TEXT, - "ObjectPrimaryID" TEXT, - "ObjectSecondaryID" TEXT, - "ObjectForeignKey" TEXT, - "ObjectIndex" TEXT, - "ObjectIsNew" BOOLEAN, - "ObjectIsArchived" BOOLEAN, - "ObjectStatusColumn" TEXT, - "ObjectStatus" TEXT, - "AppEventType" TEXT, - "Helper1" TEXT, - "Helper2" TEXT, - "Helper3" TEXT, - "Extra" TEXT - ); -CREATE TABLE IF NOT EXISTS "Notifications" ( - "Index" INTEGER, - "GUID" TEXT UNIQUE, - "DateTimeCreated" TEXT, - "DateTimePushed" TEXT, - "Status" TEXT, - "JSON" TEXT, - "Text" TEXT, - "HTML" TEXT, - "PublishedVia" TEXT, - "Extra" TEXT, - PRIMARY KEY("Index" AUTOINCREMENT) - ); -CREATE INDEX IDX_eve_DateTime ON Events (eve_DateTime); -CREATE INDEX IDX_eve_EventType ON Events (eve_EventType COLLATE NOCASE); -CREATE INDEX IDX_eve_MAC ON Events (eve_MAC COLLATE NOCASE); -CREATE INDEX IDX_eve_PairEventRowid ON Events (eve_PairEventRowid); -CREATE INDEX IDX_ses_EventTypeDisconnection ON Sessions (ses_EventTypeDisconnection COLLATE NOCASE); -CREATE INDEX IDX_ses_EventTypeConnection ON Sessions (ses_EventTypeConnection COLLATE NOCASE); -CREATE INDEX IDX_ses_DateTimeDisconnection ON Sessions (ses_DateTimeDisconnection); -CREATE INDEX IDX_ses_MAC ON Sessions (ses_MAC COLLATE NOCASE); -CREATE INDEX IDX_ses_DateTimeConnection ON Sessions (ses_DateTimeConnection); -CREATE INDEX IDX_dev_PresentLastScan ON Devices (devPresentLastScan); -CREATE INDEX IDX_dev_FirstConnection ON Devices (devFirstConnection); -CREATE INDEX IDX_dev_AlertDeviceDown ON Devices (devAlertDown); -CREATE INDEX IDX_dev_StaticIP ON Devices (devStaticIP); -CREATE INDEX IDX_dev_ScanCycle ON Devices (devScan); -CREATE INDEX IDX_dev_Favorite ON Devices (devFavorite); -CREATE INDEX IDX_dev_LastIP ON Devices (devLastIP); -CREATE INDEX IDX_dev_NewDevice ON Devices (devIsNew); -CREATE INDEX IDX_dev_Archived ON Devices (devIsArchived); -CREATE VIEW Events_Devices AS - SELECT * - FROM Events - LEFT JOIN Devices ON eve_MAC = devMac -/* Events_Devices(eve_MAC,eve_IP,eve_DateTime,eve_EventType,eve_AdditionalInfo,eve_PendingAlertEmail,eve_PairEventRowid,devMac,devName,devOwner,devType,devVendor,devFavorite,devGroup,devComments,devFirstConnection,devLastConnection,devLastIP,devStaticIP,devScan,devLogEvents,devAlertEvents,devAlertDown,devSkipRepeated,devLastNotification,devPresentLastScan,devIsNew,devLocation,devIsArchived,devParentMAC,devParentPort,devIcon,devGUID,devSite,devSSID,devSyncHubNode,devSourcePlugin,devCustomProps) */; -CREATE VIEW LatestEventsPerMAC AS - WITH RankedEvents AS ( - SELECT - e.*, - ROW_NUMBER() OVER (PARTITION BY e.eve_MAC ORDER BY e.eve_DateTime DESC) AS row_num - FROM Events AS e - ) - SELECT - e.*, - d.*, - c.* - FROM RankedEvents AS e - LEFT JOIN Devices AS d ON e.eve_MAC = d.devMac - INNER JOIN CurrentScan AS c ON e.eve_MAC = c.cur_MAC - WHERE e.row_num = 1 -/* LatestEventsPerMAC(eve_MAC,eve_IP,eve_DateTime,eve_EventType,eve_AdditionalInfo,eve_PendingAlertEmail,eve_PairEventRowid,row_num,devMac,devName,devOwner,devType,devVendor,devFavorite,devGroup,devComments,devFirstConnection,devLastConnection,devLastIP,devStaticIP,devScan,devLogEvents,devAlertEvents,devAlertDown,devSkipRepeated,devLastNotification,devPresentLastScan,devIsNew,devLocation,devIsArchived,devParentMAC,devParentPort,devIcon,devGUID,devSite,devSSID,devSyncHubNode,devSourcePlugin,devCustomProps,cur_MAC,cur_IP,cur_Vendor,cur_ScanMethod,cur_Name,cur_LastQuery,cur_DateTime,cur_SyncHubNodeName,cur_NetworkSite,cur_SSID,cur_NetworkNodeMAC,cur_PORT,cur_Type) */; -CREATE VIEW Sessions_Devices AS SELECT * FROM Sessions LEFT JOIN "Devices" ON ses_MAC = devMac -/* Sessions_Devices(ses_MAC,ses_IP,ses_EventTypeConnection,ses_DateTimeConnection,ses_EventTypeDisconnection,ses_DateTimeDisconnection,ses_StillConnected,ses_AdditionalInfo,devMac,devName,devOwner,devType,devVendor,devFavorite,devGroup,devComments,devFirstConnection,devLastConnection,devLastIP,devStaticIP,devScan,devLogEvents,devAlertEvents,devAlertDown,devSkipRepeated,devLastNotification,devPresentLastScan,devIsNew,devLocation,devIsArchived,devParentMAC,devParentPort,devIcon,devGUID,devSite,devSSID,devSyncHubNode,devSourcePlugin,devCustomProps) */; -CREATE VIEW Convert_Events_to_Sessions AS SELECT EVE1.eve_MAC, - EVE1.eve_IP, - EVE1.eve_EventType AS eve_EventTypeConnection, - EVE1.eve_DateTime AS eve_DateTimeConnection, - CASE WHEN EVE2.eve_EventType IN ('Disconnected', 'Device Down') OR - EVE2.eve_EventType IS NULL THEN EVE2.eve_EventType ELSE '' END AS eve_EventTypeDisconnection, - CASE WHEN EVE2.eve_EventType IN ('Disconnected', 'Device Down') THEN EVE2.eve_DateTime ELSE NULL END AS eve_DateTimeDisconnection, - CASE WHEN EVE2.eve_EventType IS NULL THEN 1 ELSE 0 END AS eve_StillConnected, - EVE1.eve_AdditionalInfo - FROM Events AS EVE1 - LEFT JOIN - Events AS EVE2 ON EVE1.eve_PairEventRowID = EVE2.RowID - WHERE EVE1.eve_EventType IN ('New Device', 'Connected','Down Reconnected') - UNION - SELECT eve_MAC, - eve_IP, - '' AS eve_EventTypeConnection, - NULL AS eve_DateTimeConnection, - eve_EventType AS eve_EventTypeDisconnection, - eve_DateTime AS eve_DateTimeDisconnection, - 0 AS eve_StillConnected, - eve_AdditionalInfo - FROM Events AS EVE1 - WHERE (eve_EventType = 'Device Down' OR - eve_EventType = 'Disconnected') AND - EVE1.eve_PairEventRowID IS NULL -/* Convert_Events_to_Sessions(eve_MAC,eve_IP,eve_EventTypeConnection,eve_DateTimeConnection,eve_EventTypeDisconnection,eve_DateTimeDisconnection,eve_StillConnected,eve_AdditionalInfo) */; -CREATE TRIGGER "trg_insert_devices" - AFTER INSERT ON "Devices" - WHEN NOT EXISTS ( - SELECT 1 FROM AppEvents - WHERE AppEventProcessed = 0 - AND ObjectType = 'Devices' - AND ObjectGUID = NEW.devGUID - AND ObjectStatus = CASE WHEN NEW.devPresentLastScan = 1 THEN 'online' ELSE 'offline' END - AND AppEventType = 'insert' - ) - BEGIN - INSERT INTO "AppEvents" ( - "GUID", - "DateTimeCreated", - "AppEventProcessed", - "ObjectType", - "ObjectGUID", - "ObjectPrimaryID", - "ObjectSecondaryID", - "ObjectStatus", - "ObjectStatusColumn", - "ObjectIsNew", - "ObjectIsArchived", - "ObjectForeignKey", - "ObjectPlugin", - "AppEventType" - ) - VALUES ( - - lower( - hex(randomblob(4)) || '-' || hex(randomblob(2)) || '-' || '4' || - substr(hex( randomblob(2)), 2) || '-' || - substr('AB89', 1 + (abs(random()) % 4) , 1) || - substr(hex(randomblob(2)), 2) || '-' || - hex(randomblob(6)) - ) - , - DATETIME('now'), - FALSE, - 'Devices', - NEW.devGUID, -- ObjectGUID - NEW.devMac, -- ObjectPrimaryID - NEW.devLastIP, -- ObjectSecondaryID - CASE WHEN NEW.devPresentLastScan = 1 THEN 'online' ELSE 'offline' END, -- ObjectStatus - 'devPresentLastScan', -- ObjectStatusColumn - NEW.devIsNew, -- ObjectIsNew - NEW.devIsArchived, -- ObjectIsArchived - NEW.devGUID, -- ObjectForeignKey - 'DEVICES', -- ObjectForeignKey - 'insert' - ); - END; -CREATE TRIGGER "trg_update_devices" - AFTER UPDATE ON "Devices" - WHEN NOT EXISTS ( - SELECT 1 FROM AppEvents - WHERE AppEventProcessed = 0 - AND ObjectType = 'Devices' - AND ObjectGUID = NEW.devGUID - AND ObjectStatus = CASE WHEN NEW.devPresentLastScan = 1 THEN 'online' ELSE 'offline' END - AND AppEventType = 'update' - ) - BEGIN - INSERT INTO "AppEvents" ( - "GUID", - "DateTimeCreated", - "AppEventProcessed", - "ObjectType", - "ObjectGUID", - "ObjectPrimaryID", - "ObjectSecondaryID", - "ObjectStatus", - "ObjectStatusColumn", - "ObjectIsNew", - "ObjectIsArchived", - "ObjectForeignKey", - "ObjectPlugin", - "AppEventType" - ) - VALUES ( - - lower( - hex(randomblob(4)) || '-' || hex(randomblob(2)) || '-' || '4' || - substr(hex( randomblob(2)), 2) || '-' || - substr('AB89', 1 + (abs(random()) % 4) , 1) || - substr(hex(randomblob(2)), 2) || '-' || - hex(randomblob(6)) - ) - , - DATETIME('now'), - FALSE, - 'Devices', - NEW.devGUID, -- ObjectGUID - NEW.devMac, -- ObjectPrimaryID - NEW.devLastIP, -- ObjectSecondaryID - CASE WHEN NEW.devPresentLastScan = 1 THEN 'online' ELSE 'offline' END, -- ObjectStatus - 'devPresentLastScan', -- ObjectStatusColumn - NEW.devIsNew, -- ObjectIsNew - NEW.devIsArchived, -- ObjectIsArchived - NEW.devGUID, -- ObjectForeignKey - 'DEVICES', -- ObjectForeignKey - 'update' - ); - END; -CREATE TRIGGER "trg_delete_devices" - AFTER DELETE ON "Devices" - WHEN NOT EXISTS ( - SELECT 1 FROM AppEvents - WHERE AppEventProcessed = 0 - AND ObjectType = 'Devices' - AND ObjectGUID = OLD.devGUID - AND ObjectStatus = CASE WHEN OLD.devPresentLastScan = 1 THEN 'online' ELSE 'offline' END - AND AppEventType = 'delete' - ) - BEGIN - INSERT INTO "AppEvents" ( - "GUID", - "DateTimeCreated", - "AppEventProcessed", - "ObjectType", - "ObjectGUID", - "ObjectPrimaryID", - "ObjectSecondaryID", - "ObjectStatus", - "ObjectStatusColumn", - "ObjectIsNew", - "ObjectIsArchived", - "ObjectForeignKey", - "ObjectPlugin", - "AppEventType" - ) - VALUES ( - - lower( - hex(randomblob(4)) || '-' || hex(randomblob(2)) || '-' || '4' || - substr(hex( randomblob(2)), 2) || '-' || - substr('AB89', 1 + (abs(random()) % 4) , 1) || - substr(hex(randomblob(2)), 2) || '-' || - hex(randomblob(6)) - ) - , - DATETIME('now'), - FALSE, - 'Devices', - OLD.devGUID, -- ObjectGUID - OLD.devMac, -- ObjectPrimaryID - OLD.devLastIP, -- ObjectSecondaryID - CASE WHEN OLD.devPresentLastScan = 1 THEN 'online' ELSE 'offline' END, -- ObjectStatus - 'devPresentLastScan', -- ObjectStatusColumn - OLD.devIsNew, -- ObjectIsNew - OLD.devIsArchived, -- ObjectIsArchived - OLD.devGUID, -- ObjectForeignKey - 'DEVICES', -- ObjectForeignKey - 'delete' - ); - END; -end-of-database-schema +# Calculate script directory and schema path +SCRIPT_DIR="$(dirname "$(readlink -f "$0")")" +# Path to the schema file (relative to script location: scripts/db_cleanup/ -> ../../server/db/schema/app.sql) +SCHEMA_FILE="${SCRIPT_DIR}/../../server/db/schema/app.sql" + +if [ ! -f "${SCHEMA_FILE}" ]; then + echo "Error: Schema file not found at ${SCHEMA_FILE}" + exit 1 +fi # Import the database schema into the new database file -sqlite3 "${NETALERTX_DB_FILE}" < "${NETALERTX_DB_FILE}.sql" +sqlite3 "${NETALERTX_DB_FILE}" < "${SCHEMA_FILE}" diff --git a/scripts/generate-device-inventory.py b/scripts/generate-device-inventory.py index 3ca76a4b..1ad959f3 100644 --- a/scripts/generate-device-inventory.py +++ b/scripts/generate-device-inventory.py @@ -216,7 +216,7 @@ def generate_rows(args: argparse.Namespace, header: list[str]) -> list[dict[str, rows: list[dict[str, str]] = [] - # Include one Internet root device that anchors the tree; it does not consume an IP. + # Include one internet root device that anchors the tree; it does not consume an IP. required_devices = 1 + args.switches + args.aps + args.devices if required_devices > len(ip_pool): raise ValueError( @@ -229,12 +229,12 @@ def generate_rows(args: argparse.Namespace, header: list[str]) -> list[dict[str, ip_pool.remove(choice) return choice - # Root "Internet" device (no parent, no IP) so the topology has a defined root. + # Root "internet" device (no parent, no IP) so the topology has a defined root. root_row = build_row( - name="Internet", + name="internet", dev_type="Gateway", vendor="NetAlertX", - mac="Internet", + mac="internet", parent_mac="", ip="", header=header, @@ -243,7 +243,7 @@ def generate_rows(args: argparse.Namespace, header: list[str]) -> list[dict[str, ssid=args.ssid, now=now, ) - root_row["devComments"] = "Synthetic root device representing the Internet." + root_row["devComments"] = "Synthetic root device representing the internet." root_row["devParentRelType"] = "Root" root_row["devStaticIP"] = "0" root_row["devScan"] = "0" @@ -261,7 +261,7 @@ def generate_rows(args: argparse.Namespace, header: list[str]) -> list[dict[str, dev_type="Firewall", vendor=random.choice(VENDORS), mac=router_mac, - parent_mac="Internet", + parent_mac="internet", ip=router_ip, header=header, owner=args.owner, diff --git a/test/docker_tests/run_docker_tests.sh b/scripts/run_tests_in_docker_environment.sh similarity index 95% rename from test/docker_tests/run_docker_tests.sh rename to scripts/run_tests_in_docker_environment.sh index 675be28f..c5038a24 100755 --- a/test/docker_tests/run_docker_tests.sh +++ b/scripts/run_tests_in_docker_environment.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# run_docker_tests.sh +# run_tests_in_docker_environment.sh # # This script automates the entire process of testing the application # within its intended, privileged devcontainer environment. It is @@ -17,6 +17,9 @@ else echo "ERROR: generate-configs.sh not found. Aborting." exit 1 fi +echo "Development $(git rev-parse --short=8 HEAD)" | tee ".VERSION" >/dev/null +date +%s > front/buildtimestamp.txt + # --- 2. Build the Docker Image --- echo "--- Building 'netalertx-dev-test' image ---" diff --git a/server/api_server/api_server_start.py b/server/api_server/api_server_start.py index e509ca28..8a0eb1ef 100755 --- a/server/api_server/api_server_start.py +++ b/server/api_server/api_server_start.py @@ -4,16 +4,17 @@ import os # flake8: noqa: E402 -from flask import Flask, request, jsonify, Response +from flask import Flask, redirect, request, jsonify, url_for, Response from models.device_instance import DeviceInstance # noqa: E402 from flask_cors import CORS +from werkzeug.exceptions import HTTPException # Register NetAlertX directories INSTALL_PATH = os.getenv("NETALERTX_APP", "/app") sys.path.extend([f"{INSTALL_PATH}/front/plugins", f"{INSTALL_PATH}/server"]) from logger import mylog # noqa: E402 [flake8 lint suppression] -from helper import get_setting_value, get_env_setting_value # noqa: E402 [flake8 lint suppression] +from helper import get_setting_value, get_env_setting_value, getBuildTimeStampAndVersion # noqa: E402 [flake8 lint suppression] from db.db_helper import get_date_from_period # noqa: E402 [flake8 lint suppression] from app_state import updateState # noqa: E402 [flake8 lint suppression] @@ -59,7 +60,8 @@ from .mcp_endpoint import ( mcp_sse, mcp_messages, openapi_spec, -) # noqa: E402 [flake8 lint suppression] + get_openapi_spec, +) # validation and schemas for MCP v2 from .openapi.validation import validate_request # noqa: E402 [flake8 lint suppression] from .openapi.schemas import ( # noqa: E402 [flake8 lint suppression] @@ -70,9 +72,11 @@ from .openapi.schemas import ( # noqa: E402 [flake8 lint suppression] DeviceUpdateRequest, DeviceInfo, BaseResponse, DeviceTotalsResponse, + DeviceTotalsNamedResponse, + EventsTotalsNamedResponse, DeleteDevicesRequest, DeviceImportRequest, DeviceImportResponse, UpdateDeviceColumnRequest, - LockDeviceFieldRequest, + LockDeviceFieldRequest, UnlockDeviceFieldsRequest, CopyDeviceRequest, TriggerScanRequest, OpenPortsRequest, OpenPortsResponse, WakeOnLanRequest, @@ -100,6 +104,20 @@ from .sse_endpoint import ( # noqa: E402 [flake8 lint suppression] app = Flask(__name__) +@app.errorhandler(500) +@app.errorhandler(Exception) +def handle_500_error(e): + """Global error handler for uncaught exceptions.""" + if isinstance(e, HTTPException): + return e + mylog("none", [f"[API] Uncaught exception: {e}"]) + return jsonify({ + "success": False, + "error": "Internal Server Error", + "message": "Something went wrong on the server" + }), 500 + + # Parse CORS origins from environment or use safe defaults _cors_origins_env = os.environ.get("CORS_ORIGINS", "") _cors_origins = [ @@ -273,7 +291,6 @@ def api_get_setting(setKey): # -------------------------- # Device Endpoints # -------------------------- -@app.route('/mcp/sse/device/', methods=['GET', 'POST']) @app.route("/device/", methods=["GET"]) @validate_request( operation_id="get_device_info", @@ -416,7 +433,7 @@ def api_device_copy(payload=None): @validate_request( operation_id="update_device_column", summary="Update Device Column", - description="Update a specific database column for a device.", + description="Update a specific database column for a device. Use this to mark devices as favorites (columnName='devFavorite', columnValue=1). See `get_favorite_devices` to retrieve them.", path_params=[{ "name": "mac", "description": "Device MAC address", @@ -445,6 +462,10 @@ def api_device_update_column(mac, payload=None): return jsonify(result) +# -------------------------- +# Field sources and locking +# -------------------------- + @app.route("/device//field/lock", methods=["POST"]) @validate_request( operation_id="lock_device_field", @@ -496,7 +517,44 @@ def api_device_field_lock(mac, payload=None): return jsonify({"success": False, "error": str(e)}), 500 -@app.route('/mcp/sse/device//set-alias', methods=['POST']) +@app.route("/devices/fields/unlock", methods=["POST"]) +@validate_request( + operation_id="unlock_device_fields", + summary="Unlock/Clear Device Fields", + description=( + "Unlock device fields (clear LOCKED/USER sources) or clear all sources. " + "Can target one device or all devices, and one or multiple fields." + ), + request_model=UnlockDeviceFieldsRequest, + response_model=BaseResponse, + tags=["devices"], + auth_callable=is_authorized +) +def api_device_fields_unlock(payload=None): + """ + Unlock or clear fields for one device or all devices. + """ + data = request.get_json() or {} + + mac = data.get("mac") + fields = data.get("fields") + if fields and not isinstance(fields, list): + return jsonify({ + "success": False, + "error": "fields must be a list of field names" + }), 400 + + clear_all = bool(data.get("clearAll", False)) + device_handler = DeviceInstance() + + # Call wrapper directly — it handles validation and normalization + result = device_handler.unlockFields(mac=mac, fields=fields, clear_all=clear_all) + return jsonify(result) + +# -------------------------- +# Devices Collections +# -------------------------- + @app.route('/device//set-alias', methods=['POST']) @validate_request( operation_id="set_device_alias", @@ -524,16 +582,25 @@ def api_device_set_alias(mac, payload=None): return jsonify(result) -@app.route('/mcp/sse/device/open_ports', methods=['POST']) @app.route('/device/open_ports', methods=['POST']) @validate_request( operation_id="get_open_ports", summary="Get Open Ports", - description="Retrieve open ports for a target IP or MAC address. Returns cached NMAP scan results.", + description="Retrieve open ports for a target IP or MAC address. Returns cached NMAP scan results. If no ports are found, run a scan first using `run_nmap_scan`.", request_model=OpenPortsRequest, response_model=OpenPortsResponse, tags=["nettools"], - auth_callable=is_authorized + auth_callable=is_authorized, + links={ + "RunNmapScan": { + "operationId": "run_nmap_scan", + "parameters": { + "scan": "$response.body#/target", + "mode": "fast" + }, + "description": "Refresh the open ports data by running a new NMAP scan on this target." + } + } ) def api_device_open_ports(payload=None): """Get stored NMAP open ports for a target IP or MAC.""" @@ -548,19 +615,16 @@ def api_device_open_ports(payload=None): open_ports = device_handler.getOpenPorts(target) if not open_ports: - return jsonify({"success": False, "error": f"No stored open ports for {target}. Run a scan with `/nettools/trigger-scan`"}), 404 + return jsonify({"success": False, "error": f"No stored open ports for {target}. Run a scan with the 'run_nmap_scan' tool (or /nettools/nmap)."}), 404 return jsonify({"success": True, "target": target, "open_ports": open_ports}) -# -------------------------- -# Devices Collections -# -------------------------- @app.route("/devices", methods=["GET"]) @validate_request( operation_id="get_all_devices", summary="Get All Devices", - description="Retrieve a list of all devices in the system.", + description="Retrieve a list of all devices in the system. Returns all records. No pagination supported.", response_model=DeviceListWrapperResponse, tags=["devices"], auth_callable=is_authorized @@ -574,20 +638,17 @@ def api_get_devices(payload=None): @app.route("/devices", methods=["DELETE"]) @validate_request( operation_id="delete_devices", - summary="Delete Multiple Devices", - description="Delete multiple devices by MAC address.", + summary="Delete Devices (Bulk / All)", + description="Delete devices by MAC address. Provide a list of MACs to delete specific devices, set confirm_delete_all=true with an empty macs list to delete ALL devices. Supports wildcard '*' matching.", request_model=DeleteDevicesRequest, tags=["devices"], auth_callable=is_authorized ) -def api_devices_delete(payload=None): - data = request.get_json(silent=True) or {} - macs = data.get('macs', []) - - if not macs: - return jsonify({"success": False, "message": "ERROR: Missing parameters", "error": "macs list is required"}), 400 - +def api_devices_delete(payload: DeleteDevicesRequest = None): device_handler = DeviceInstance() + + macs = None if payload.confirm_delete_all else payload.macs + return jsonify(device_handler.deleteDevices(macs)) @@ -619,11 +680,10 @@ def api_delete_unknown_devices(payload=None): return jsonify(device_handler.deleteUnknownDevices()) -@app.route('/mcp/sse/devices/export', methods=['GET']) @app.route("/devices/export", methods=["GET"]) @app.route("/devices/export/", methods=["GET"]) @validate_request( - operation_id="export_devices", + operation_id="export_devices_all", summary="Export Devices", description="Export all devices in CSV or JSON format.", query_params=[{ @@ -640,7 +700,8 @@ def api_delete_unknown_devices(payload=None): }], response_model=DeviceExportResponse, tags=["devices"], - auth_callable=is_authorized + auth_callable=is_authorized, + response_content_types=["application/json", "text/csv"] ) def api_export_devices(format=None, payload=None): export_format = (format or request.args.get("format", "csv")).lower() @@ -660,7 +721,6 @@ def api_export_devices(format=None, payload=None): ) -@app.route('/mcp/sse/devices/import', methods=['POST']) @app.route("/devices/import", methods=["POST"]) @validate_request( operation_id="import_devices", @@ -690,12 +750,11 @@ def api_import_csv(payload=None): return jsonify(result) -@app.route('/mcp/sse/devices/totals', methods=['GET']) @app.route("/devices/totals", methods=["GET"]) @validate_request( operation_id="get_device_totals", - summary="Get Device Totals", - description="Get device statistics including total count, online/offline counts, new devices, and archived devices.", + summary="Get Device Totals (Deprecated)", + description="Get device statistics including total count, online/offline counts, new devices, and archived devices. Deprecated: use /devices/totals/named instead.", response_model=DeviceTotalsResponse, tags=["devices"], auth_callable=is_authorized @@ -705,10 +764,33 @@ def api_devices_totals(payload=None): return jsonify(device_handler.getTotals()) -@app.route('/mcp/sse/devices/by-status', methods=['GET', 'POST']) +@app.route("/devices/totals/named", methods=["GET"]) +@validate_request( + operation_id="get_device_totals_named", + summary="Get Named Device Totals", + description="Get device statistics with named fields including total count, online/offline counts, new devices, and archived devices.", + response_model=DeviceTotalsNamedResponse, + tags=["devices"], + auth_callable=is_authorized +) +def api_devices_totals_named(payload=None): + device_handler = DeviceInstance() + totals_list = device_handler.getTotals() + # totals_list order: [devices, connected, favorites, new, down, archived] + totals_dict = { + "devices": totals_list[0] if len(totals_list) > 0 else 0, + "connected": totals_list[1] if len(totals_list) > 1 else 0, + "favorites": totals_list[2] if len(totals_list) > 2 else 0, + "new": totals_list[3] if len(totals_list) > 3 else 0, + "down": totals_list[4] if len(totals_list) > 4 else 0, + "archived": totals_list[5] if len(totals_list) > 5 else 0 + } + return jsonify({"success": True, "totals": totals_dict}) + + @app.route("/devices/by-status", methods=["GET", "POST"]) @validate_request( - operation_id="list_devices_by_status", + operation_id="list_devices_by_status_api", summary="List Devices by Status", description="List devices filtered by their online/offline status.", request_model=DeviceListRequest, @@ -724,7 +806,30 @@ def api_devices_totals(payload=None): "connected", "down", "favorites", "new", "archived", "all", "my", "offline" ]} - }] + }], + links={ + "GetOpenPorts": { + "operationId": "get_open_ports", + "parameters": { + "target": "$response.body#/0/devLastIP" + }, + "description": "The `target` parameter for `get_open_ports` requires an IP address. Use the `devLastIP` from the first device in the list." + }, + "WakeOnLan": { + "operationId": "wake_on_lan", + "parameters": { + "devMac": "$response.body#/0/devMac" + }, + "description": "The `devMac` parameter for `wake_on_lan` requires a MAC address. Use the `devMac` from the first device in the list." + }, + "UpdateDevice": { + "operationId": "update_device", + "parameters": { + "mac": "$response.body#/0/devMac" + }, + "description": "The `mac` parameter for `update_device` is a path parameter. Use the `devMac` from the first device in the list." + } + } ) def api_devices_by_status(payload: DeviceListRequest = None): status = payload.status if payload else request.args.get("status") @@ -732,16 +837,45 @@ def api_devices_by_status(payload: DeviceListRequest = None): return jsonify(device_handler.getByStatus(status)) -@app.route('/mcp/sse/devices/search', methods=['POST']) @app.route('/devices/search', methods=['POST']) @validate_request( - operation_id="search_devices", + operation_id="search_devices_api", summary="Search Devices", - description="Search for devices based on various criteria like name, IP, MAC, or vendor.", + description="Search for devices based on various criteria like name, IP, MAC, or vendor. Use this to find MAC addresses for other tools.", request_model=DeviceSearchRequest, response_model=DeviceSearchResponse, tags=["devices"], - auth_callable=is_authorized + auth_callable=is_authorized, + links={ + "GetOpenPorts": { + "operationId": "get_open_ports", + "parameters": { + "target": "$response.body#/devices/0/devLastIP" + }, + "description": "The `target` parameter for `get_open_ports` requires an IP address. Use the `devLastIP` from the first device in the search results." + }, + "WakeOnLan": { + "operationId": "wake_on_lan", + "parameters": { + "devMac": "$response.body#/devices/0/devMac" + }, + "description": "The `devMac` parameter for `wake_on_lan` requires a MAC address. Use the `devMac` from the first device in the search results." + }, + "NmapScan": { + "operationId": "run_nmap_scan", + "parameters": { + "scan": "$response.body#/devices/0/devLastIP" + }, + "description": "The `scan` parameter for `run_nmap_scan` requires an IP or range. Use the `devLastIP` from the first device in the search results." + }, + "UpdateDevice": { + "operationId": "update_device", + "parameters": { + "mac": "$response.body#/devices/0/devMac" + }, + "description": "The `mac` parameter for `update_device` is a path parameter. Use the `devMac` from the first device in the search results." + } + } ) def api_devices_search(payload=None): """Device search: accepts 'query' in JSON and maps to device info/search.""" @@ -769,7 +903,6 @@ def api_devices_search(payload=None): return jsonify({"success": True, "devices": matches}) -@app.route('/mcp/sse/devices/latest', methods=['GET']) @app.route('/devices/latest', methods=['GET']) @validate_request( operation_id="get_latest_device", @@ -790,12 +923,11 @@ def api_devices_latest(payload=None): return jsonify([latest]) -@app.route('/mcp/sse/devices/favorite', methods=['GET']) @app.route('/devices/favorite', methods=['GET']) @validate_request( operation_id="get_favorite_devices", summary="Get Favorite Devices", - description="Get list of devices marked as favorites.", + description="Get list of devices marked as favorites. Use `update_device_column` with 'devFavorite' to add devices.", response_model=DeviceListResponse, tags=["devices"], auth_callable=is_authorized @@ -807,11 +939,10 @@ def api_devices_favorite(payload=None): favorite = device_handler.getFavorite() if not favorite: - return jsonify({"success": False, "message": "No devices found", "error": "No devices found"}), 404 + return jsonify({"success": False, "message": "No devices found", "error": "No favorite devices found. Mark devices using `update_device_column`."}), 404 return jsonify([favorite]) -@app.route('/mcp/sse/devices/network/topology', methods=['GET']) @app.route('/devices/network/topology', methods=['GET']) @validate_request( operation_id="get_network_topology", @@ -833,7 +964,6 @@ def api_devices_network_topology(payload=None): # -------------------------- # Net tools # -------------------------- -@app.route('/mcp/sse/nettools/wakeonlan', methods=['POST']) @app.route("/nettools/wakeonlan", methods=["POST"]) @validate_request( operation_id="wake_on_lan", @@ -845,9 +975,13 @@ def api_devices_network_topology(payload=None): auth_callable=is_authorized ) def api_wakeonlan(payload=None): - data = request.get_json(silent=True) or {} - mac = data.get("devMac") - ip = data.get("devLastIP") or data.get('ip') + if payload: + mac = payload.mac + ip = payload.devLastIP + else: + data = request.get_json(silent=True) or {} + mac = data.get("mac") or data.get("devMac") + ip = data.get("devLastIP") or data.get('ip') if not mac and ip: @@ -866,7 +1000,6 @@ def api_wakeonlan(payload=None): return wakeonlan(mac) -@app.route('/mcp/sse/nettools/traceroute', methods=['POST']) @app.route("/nettools/traceroute", methods=["POST"]) @validate_request( operation_id="perform_traceroute", @@ -923,11 +1056,20 @@ def api_nslookup(payload: NslookupRequest = None): @validate_request( operation_id="run_nmap_scan", summary="NMAP Scan", - description="Perform an NMAP scan on a target IP.", + description="Perform an NMAP scan on a target IP to identify open ports. This data is used by `get_open_ports`.", request_model=NmapScanRequest, response_model=NmapScanResponse, tags=["nettools"], - auth_callable=is_authorized + auth_callable=is_authorized, + links={ + "GetOpenPorts": { + "operationId": "get_open_ports", + "parameters": { + "target": "$response.body#/ip" + }, + "description": "View the open ports discovered by this scan." + } + } ) def api_nmap(payload: NmapScanRequest = None): """ @@ -971,8 +1113,7 @@ def api_network_interfaces(payload=None): return network_interfaces() -@app.route('/mcp/sse/nettools/trigger-scan', methods=['POST']) -@app.route("/nettools/trigger-scan", methods=["GET"]) +@app.route("/nettools/trigger-scan", methods=["GET", "POST"]) @validate_request( operation_id="trigger_network_scan", summary="Trigger Network Scan", @@ -1026,7 +1167,6 @@ def api_trigger_scan(payload=None): # MCP Server # -------------------------- @app.route('/openapi.json', methods=['GET']) -@app.route('/mcp/sse/openapi.json', methods=['GET']) def serve_openapi_spec(): # Allow unauthenticated access to the spec itself so Swagger UI can load. # The actual API endpoints remain protected. @@ -1052,6 +1192,11 @@ def api_docs(): return send_from_directory(openapi_dir, 'swagger.html') +@app.route('/') +def index_redirect(): + """Redirect root to API documentation.""" + return redirect(url_for('api_docs')) + # -------------------------- # DB query # -------------------------- @@ -1139,14 +1284,22 @@ def dbquery_update(payload=None): def dbquery_delete(payload=None): data = request.get_json() or {} required = ["columnName", "id", "dbtable"] - if not all(data.get(k) for k in required): - return jsonify({"success": False, "message": "ERROR: Missing parameters", "error": "Missing required 'columnName', 'id', or 'dbtable' query parameter"}), 400 + if not all(k in data and data[k] for k in required): + return jsonify({ + "success": False, + "message": "ERROR: Missing parameters", + "error": "Missing required 'columnName', 'id', or 'dbtable' query parameter" + }), 400 - return delete_query( - column_name=data["columnName"], - ids=data["id"], - dbtable=data["dbtable"], - ) + dbtable = data["dbtable"] + column_name = data["columnName"] + ids = data["id"] + + # Ensure ids is a list + if not isinstance(ids, list): + ids = [ids] + + return delete_query(column_name, ids, dbtable) # -------------------------- @@ -1238,7 +1391,7 @@ def api_add_to_execution_queue(payload=None): path_params=[{ "name": "mac", "description": "Device MAC address", - "schema": {"type": "string"} + "schema": {"type": "string", "pattern": "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$"} }], request_model=CreateEventRequest, response_model=BaseResponse, @@ -1261,13 +1414,25 @@ def api_create_event(mac, payload=None): @app.route("/events/", methods=["DELETE"]) @validate_request( - operation_id="delete_events_by_mac", - summary="Delete Events by MAC", - description="Delete all events for a specific device MAC address.", + operation_id="delete_events", + summary="Delete Events", + description="Delete events by device MAC address or older than a specified number of days.", path_params=[{ "name": "mac", - "description": "Device MAC address", - "schema": {"type": "string"} + "description": "Device MAC address or number of days", + "schema": { + "oneOf": [ + { + "type": "integer", + "description": "Number of days (e.g., 30) to delete events older than this value." + }, + { + "type": "string", + "pattern": "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$", + "description": "Device MAC address to delete all events for a specific device." + } + ] + } }], response_model=BaseResponse, tags=["events"], @@ -1276,6 +1441,7 @@ def api_create_event(mac, payload=None): def api_events_by_mac(mac, payload=None): """Delete events for a specific device MAC; string converter keeps this distinct from /events/.""" device_handler = DeviceInstance() + result = device_handler.deleteDeviceEvents(mac) return jsonify(result) @@ -1299,7 +1465,7 @@ def api_delete_all_events(payload=None): @validate_request( operation_id="get_all_events", summary="Get Events", - description="Retrieve a list of events, optionally filtered by MAC.", + description="Retrieve a list of events, optionally filtered by MAC. Returns all matching records. No pagination supported.", query_params=[{ "name": "mac", "description": "Filter by Device MAC", @@ -1333,7 +1499,8 @@ def api_get_events(payload=None): }], response_model=BaseResponse, tags=["events"], - auth_callable=is_authorized + auth_callable=is_authorized, + exclude_from_spec=True ) def api_delete_old_events(days: int, payload=None): """ @@ -1348,8 +1515,8 @@ def api_delete_old_events(days: int, payload=None): @app.route("/sessions/totals", methods=["GET"]) @validate_request( operation_id="get_events_totals", - summary="Get Events Totals", - description="Retrieve event totals for a specified period.", + summary="Get Events Totals (Deprecated)", + description="Retrieve event totals for a specified period. Deprecated: use /sessions/totals/named instead.", query_params=[{ "name": "period", "description": "Time period (e.g., '7 days')", @@ -1366,8 +1533,38 @@ def api_get_events_totals(payload=None): return jsonify(totals) -@app.route('/mcp/sse/events/recent', methods=['GET', 'POST']) -@app.route('/events/recent', methods=['GET']) +@app.route("/sessions/totals/named", methods=["GET"]) +@validate_request( + operation_id="get_events_totals_named", + summary="Get Named Event Totals", + description="Retrieve event/session totals with named fields for a specified period.", + query_params=[{ + "name": "period", + "description": "Time period (e.g., '7 days')", + "required": False, + "schema": {"type": "string", "default": "7 days"} + }], + response_model=EventsTotalsNamedResponse, + tags=["events"], + auth_callable=is_authorized +) +def api_get_events_totals_named(payload=None): + period = request.args.get("period", "7 days") + event_handler = EventInstance() + totals = event_handler.getEventsTotals(period) + # totals order: [all_events, sessions, missing, voided, new, down] + totals_dict = { + "total": totals[0] if len(totals) > 0 else 0, + "sessions": totals[1] if len(totals) > 1 else 0, + "missing": totals[2] if len(totals) > 2 else 0, + "voided": totals[3] if len(totals) > 3 else 0, + "new": totals[4] if len(totals) > 4 else 0, + "down": totals[5] if len(totals) > 5 else 0 + } + return jsonify({"success": True, "totals": totals_dict}) + + +@app.route('/events/recent', methods=['GET', 'POST']) @validate_request( operation_id="get_recent_events", summary="Get Recent Events", @@ -1386,8 +1583,7 @@ def api_events_default_24h(payload=None): return api_events_recent(hours) -@app.route('/mcp/sse/events/last', methods=['GET', 'POST']) -@app.route('/events/last', methods=['GET']) +@app.route('/events/last', methods=['GET', 'POST']) @validate_request( operation_id="get_last_events", summary="Get Last Events", @@ -1575,7 +1771,7 @@ def api_get_session_events(payload=None): auth_callable=is_authorized ) def metrics(payload=None): - # Return Prometheus metrics as plain text + # Return Prometheus metrics as plain text (not JSON) return Response(get_metric_stats(), mimetype="text/plain") @@ -1613,7 +1809,8 @@ def api_write_notification(payload=None): auth_callable=is_authorized ) def api_get_unread_notifications(payload=None): - return get_unread_notifications() + notifications = get_unread_notifications() + return jsonify(notifications) @app.route("/messaging/in-app/read/all", methods=["POST"]) @@ -1724,7 +1921,7 @@ def sync_endpoint_post(payload=None): @validate_request( operation_id="check_auth", summary="Check Authentication", - description="Check if the current API token is valid.", + description="Check if the current API token is valid. Note: tokens must be generated externally via the UI or CLI.", response_model=BaseResponse, tags=["auth"], auth_callable=is_authorized @@ -1739,6 +1936,14 @@ def check_auth(payload=None): # Mount SSE endpoints after is_authorized is defined (avoid circular import) create_sse_endpoint(app, is_authorized) +# Apply environment-driven MCP disablement by regenerating the OpenAPI spec. +# This populates the registry and applies any operation IDs listed in MCP_DISABLED_TOOLS. +try: + get_openapi_spec(force_refresh=True, flask_app=app) + mylog("verbose", [f"[MCP] Applied MCP_DISABLED_TOOLS: {os.environ.get('MCP_DISABLED_TOOLS', '')}"]) +except Exception as e: + mylog("none", [f"[MCP] Error applying MCP_DISABLED_TOOLS: {e}"]) + def start_server(graphql_port, app_state): """Start the GraphQL server in a background thread.""" @@ -1770,6 +1975,9 @@ def start_server(graphql_port, app_state): ) thread.start() + # Pass Application "VERSION" into the app_state + buildTimestamp, newBuildVersion = getBuildTimeStampAndVersion() + # Update the state to indicate the server has started app_state = updateState("Process: Idle", None, None, None, 1) diff --git a/server/api_server/dbquery_endpoint.py b/server/api_server/dbquery_endpoint.py index 6d5f6b39..2cc9e6e5 100755 --- a/server/api_server/dbquery_endpoint.py +++ b/server/api_server/dbquery_endpoint.py @@ -11,6 +11,7 @@ INSTALL_PATH = os.getenv("NETALERTX_APP", "/app") sys.path.extend([f"{INSTALL_PATH}/front/plugins", f"{INSTALL_PATH}/server"]) from database import get_temp_db_connection # noqa: E402 [flake8 lint suppression] +from logger import mylog # noqa: E402 [flake8 lint suppression] def read_query(raw_sql_b64): @@ -82,17 +83,18 @@ def delete_query(column_name, ids, dbtable): conn = get_temp_db_connection() cur = conn.cursor() - if not isinstance(ids, list): - ids = [ids] - deleted_count = 0 for id_val in ids: - sql = f"DELETE FROM {dbtable} WHERE {column_name} = ?" + # Wrap table and column in quotes to handle reserved words + sql = f'DELETE FROM "{dbtable}" WHERE "{column_name}" = ?' + mylog("debug", f"[delete_query] sql {sql} with id={id_val}") cur.execute(sql, (id_val,)) deleted_count += cur.rowcount conn.commit() conn.close() return jsonify({"success": True, "deleted_count": deleted_count}) + except Exception as e: return jsonify({"success": False, "error": str(e)}), 400 + diff --git a/server/api_server/graphql_endpoint.py b/server/api_server/graphql_endpoint.py index 94c5c624..0f99dc33 100755 --- a/server/api_server/graphql_endpoint.py +++ b/server/api_server/graphql_endpoint.py @@ -339,6 +339,9 @@ class Query(ObjectType): "devFQDN", "devParentRelType", "devParentMAC", + "devVlan", + "devPrimaryIPv4", + "devPrimaryIPv6" ] search_term = options.search.lower() diff --git a/server/api_server/mcp_endpoint.py b/server/api_server/mcp_endpoint.py index 005ff1ef..827338a2 100644 --- a/server/api_server/mcp_endpoint.py +++ b/server/api_server/mcp_endpoint.py @@ -309,6 +309,7 @@ def map_openapi_to_mcp_tools(spec: Dict[str, Any]) -> List[Dict[str, Any]]: This function transforms OpenAPI operations into MCP-compatible tool schemas, ensuring proper inputSchema derivation from request bodies and parameters. + It deduplicates tools by their original operationId, preferring /mcp/ routes. Args: spec: OpenAPI specification dictionary @@ -316,10 +317,10 @@ def map_openapi_to_mcp_tools(spec: Dict[str, Any]) -> List[Dict[str, Any]]: Returns: List of MCP tool definitions with name, description, and inputSchema """ - tools = [] + tools_map = {} if not spec or "paths" not in spec: - return tools + return [] for path, methods in spec["paths"].items(): for method, details in methods.items(): @@ -327,6 +328,9 @@ def map_openapi_to_mcp_tools(spec: Dict[str, Any]) -> List[Dict[str, Any]]: continue operation_id = details["operationId"] + # Deduplicate using the original operationId (before suffixing) + # or the unique operationId as fallback. + original_op_id = details.get("x-original-operationId", operation_id) # Build inputSchema from requestBody and parameters input_schema = { @@ -382,31 +386,82 @@ def map_openapi_to_mcp_tools(spec: Dict[str, Any]) -> List[Dict[str, Any]]: tool = { "name": operation_id, "description": details.get("description", details.get("summary", "")), - "inputSchema": input_schema + "inputSchema": input_schema, + "_original_op_id": original_op_id, + "_is_mcp": path.startswith("/mcp/"), + "_is_post": method.upper() == "POST" } - tools.append(tool) + # Preference logic for deduplication: + # 1. Prefer /mcp/ routes over standard ones. + # 2. Prefer POST methods over GET for the same logic (usually more robust body validation). + existing = tools_map.get(original_op_id) + if not existing: + tools_map[original_op_id] = tool + else: + # Upgrade if current is MCP and existing is not + mcp_upgrade = tool["_is_mcp"] and not existing["_is_mcp"] + # Upgrade if same route type but current is POST and existing is GET + method_upgrade = (tool["_is_mcp"] == existing["_is_mcp"]) and tool["_is_post"] and not existing["_is_post"] + + if mcp_upgrade or method_upgrade: + tools_map[original_op_id] = tool - return tools + # Final cleanup: remove internal preference flags and ensure tools have the original names + # unless we explicitly want the suffixed ones. + # The user said "Eliminate Duplicate Tool Names", so we should use original_op_id as the tool name. + final_tools = [] + _tool_name_to_operation_id: Dict[str, str] = {} + for tool in tools_map.values(): + actual_operation_id = tool["name"] # Save before overwriting + tool["name"] = tool["_original_op_id"] + _tool_name_to_operation_id[tool["name"]] = actual_operation_id + del tool["_original_op_id"] + del tool["_is_mcp"] + del tool["_is_post"] + final_tools.append(tool) + + return final_tools def find_route_for_tool(tool_name: str) -> Optional[Dict[str, Any]]: """ Find the registered route for a given tool name (operationId). + Handles exact matches and deduplicated original IDs. Args: - tool_name: The operationId to look up + tool_name: The operationId or original_operation_id to look up Returns: Route dictionary with path, method, and models, or None if not found """ registry = get_registry() + candidates = [] for entry in registry: + # Exact match (priority) - if the client passed the specific suffixed ID if entry["operation_id"] == tool_name: return entry + if entry.get("original_operation_id") == tool_name: + candidates.append(entry) - return None + if not candidates: + return None + + # Apply same preference logic as map_openapi_to_mcp_tools to ensure we pick the + # same route definition that generated the tool schema. + + # Priority 1: MCP routes (they have specialized paths/behavior) + mcp_candidates = [c for c in candidates if c["path"].startswith("/mcp/")] + pool = mcp_candidates if mcp_candidates else candidates + + # Priority 2: POST methods (usually preferred for tools) + post_candidates = [c for c in pool if c["method"].upper() == "POST"] + if post_candidates: + return post_candidates[0] + + # Fallback: return the first from the best pool available + return pool[0] # ============================================================================= @@ -694,7 +749,8 @@ def _execute_tool(route: Dict[str, Any], args: Dict[str, Any]) -> Dict[str, Any] "type": "text", "text": json.dumps(json_content, indent=2) }) - except json.JSONDecodeError: + except (json.JSONDecodeError, ValueError): + # Fallback for endpoints that return plain text instead of JSON (e.g., /metrics) content.append({ "type": "text", "text": api_response.text @@ -739,8 +795,17 @@ def get_log_dir() -> str: def _list_resources() -> List[Dict[str, Any]]: - """List available MCP resources (read-only data like logs).""" + """List available MCP resources (read-only data like logs and API spec).""" resources = [] + + # API Specification + resources.append({ + "uri": "netalertx://api/openapi.json", + "name": "OpenAPI Specification", + "description": "The full OpenAPI 3.1 specification for the NetAlertX API and MCP tools", + "mimeType": "application/json" + }) + log_dir = get_log_dir() if not log_dir: return resources @@ -784,6 +849,16 @@ def _list_resources() -> List[Dict[str, Any]]: def _read_resource(uri: str) -> List[Dict[str, Any]]: """Read a resource by URI.""" + # Handle API Specification + if uri == "netalertx://api/openapi.json": + from flask import current_app + spec = get_openapi_spec(flask_app=current_app) + return [{ + "uri": uri, + "mimeType": "application/json", + "text": json.dumps(spec, indent=2) + }] + log_dir = get_log_dir() if not log_dir: return [{"uri": uri, "text": "Error: NETALERTX_LOG directory not configured"}] diff --git a/server/api_server/openapi/introspection.py b/server/api_server/openapi/introspection.py index 2c1454de..dea99245 100644 --- a/server/api_server/openapi/introspection.py +++ b/server/api_server/openapi/introspection.py @@ -1,10 +1,12 @@ from __future__ import annotations import re -from typing import Any +from typing import Any, Dict, Optional import graphene from .registry import register_tool, _operation_ids +from .schemas import GraphQLRequest +from .schema_converter import pydantic_to_json_schema, resolve_schema_refs def introspect_graphql_schema(schema: graphene.Schema): @@ -26,6 +28,7 @@ def introspect_graphql_schema(schema: graphene.Schema): operation_id="graphql_query", summary="GraphQL Endpoint", description="Execute arbitrary GraphQL queries against the system schema.", + request_model=GraphQLRequest, tags=["graphql"] ) @@ -36,6 +39,20 @@ def _flask_to_openapi_path(flask_path: str) -> str: return re.sub(r'<(?:\w+:)?(\w+)>', r'{\1}', flask_path) +def _get_openapi_metadata(func: Any) -> Optional[Dict[str, Any]]: + """Recursively find _openapi_metadata in wrapped functions.""" + # Check current function + metadata = getattr(func, "_openapi_metadata", None) + if metadata: + return metadata + + # Check __wrapped__ (standard for @wraps) + if hasattr(func, "__wrapped__"): + return _get_openapi_metadata(func.__wrapped__) + + return None + + def introspect_flask_app(app: Any): """ Introspect the Flask application to find routes decorated with @validate_request @@ -47,14 +64,13 @@ def introspect_flask_app(app: Any): if not view_func: continue - # Check for our decorator's metadata - metadata = getattr(view_func, "_openapi_metadata", None) - if not metadata: - # Fallback for wrapped functions - if hasattr(view_func, "__wrapped__"): - metadata = getattr(view_func.__wrapped__, "_openapi_metadata", None) + # Check for our decorator's metadata recursively + metadata = _get_openapi_metadata(view_func) if metadata: + if metadata.get("exclude_from_spec"): + continue + op_id = metadata["operation_id"] # Register the tool with real path and method from Flask @@ -75,20 +91,72 @@ def introspect_flask_app(app: Any): # Determine tags - create a copy to avoid mutating shared metadata tags = list(metadata.get("tags") or ["rest"]) if path.startswith("/mcp/"): - # Move specific tags to secondary position or just add MCP - if "rest" in tags: - tags.remove("rest") - if "mcp" not in tags: - tags.append("mcp") + # For MCP endpoints, we want them exclusively in the 'mcp' tag section + tags = ["mcp"] # Ensure unique operationId original_op_id = op_id unique_op_id = op_id + + # Semantic naming strategy for duplicates + if unique_op_id in _operation_ids: + # Construct a semantic suffix to replace numeric ones + # Priority: /mcp/ prefix and HTTP method + suffix = "" + if path.startswith("/mcp/"): + suffix = "_mcp" + + if method.upper() == "POST": + suffix += "_post" + elif method.upper() == "GET": + suffix += "_get" + + if suffix: + candidate = f"{op_id}{suffix}" + if candidate not in _operation_ids: + unique_op_id = candidate + + # Fallback to numeric suffixes if semantic naming didn't ensure uniqueness count = 1 while unique_op_id in _operation_ids: unique_op_id = f"{op_id}_{count}" count += 1 + # Filter path_params to only include those that are actually in the path + path_params = metadata.get("path_params") + if path_params: + path_params = [ + p for p in path_params + if f"{{{p['name']}}}" in path + ] + + # Auto-generate query_params from request_model for GET requests + query_params = metadata.get("query_params") + if method == 'GET' and not query_params and metadata.get("request_model"): + try: + schema = pydantic_to_json_schema(metadata["request_model"]) + defs = schema.get("$defs", {}) + properties = schema.get("properties", {}) + query_params = [] + for name, prop in properties.items(): + is_required = name in schema.get("required", []) + # Resolve references to inlined definitions (preserving Enums) + resolved_prop = resolve_schema_refs(prop, defs) + # Create param definition + param_def = { + "name": name, + "in": "query", + "required": is_required, + "description": prop.get("description", ""), + "schema": resolved_prop + } + # Remove description from schema to avoid duplication + if "description" in param_def["schema"]: + del param_def["schema"]["description"] + query_params.append(param_def) + except Exception: + pass # Fallback to empty if schema generation fails + register_tool( path=path, method=method, @@ -98,9 +166,11 @@ def introspect_flask_app(app: Any): description=metadata["description"], request_model=metadata.get("request_model"), response_model=metadata.get("response_model"), - path_params=metadata.get("path_params"), - query_params=metadata.get("query_params"), + path_params=path_params, + query_params=query_params, tags=tags, - allow_multipart_payload=metadata.get("allow_multipart_payload", False) + allow_multipart_payload=metadata.get("allow_multipart_payload", False), + response_content_types=metadata.get("response_content_types"), + links=metadata.get("links") ) registered_ops.add(op_key) diff --git a/server/api_server/openapi/registry.py b/server/api_server/openapi/registry.py index fcd2fa91..6d8759b3 100644 --- a/server/api_server/openapi/registry.py +++ b/server/api_server/openapi/registry.py @@ -96,7 +96,9 @@ def register_tool( tags: Optional[List[str]] = None, deprecated: bool = False, original_operation_id: Optional[str] = None, - allow_multipart_payload: bool = False + allow_multipart_payload: bool = False, + response_content_types: Optional[List[str]] = None, + links: Optional[Dict[str, Any]] = None ) -> None: """ Register an API endpoint for OpenAPI spec generation. @@ -115,6 +117,8 @@ def register_tool( deprecated: Whether this endpoint is deprecated original_operation_id: The base ID before suffixing (for disablement mapping) allow_multipart_payload: Whether to allow multipart/form-data payloads + response_content_types: List of supported response media types (e.g. ["application/json", "text/csv"]) + links: Dictionary of OpenAPI links to include in the response definition. Raises: DuplicateOperationIdError: If operation_id already exists in registry @@ -140,7 +144,9 @@ def register_tool( "query_params": query_params or [], "tags": tags or ["default"], "deprecated": deprecated, - "allow_multipart_payload": allow_multipart_payload + "allow_multipart_payload": allow_multipart_payload, + "response_content_types": response_content_types or ["application/json"], + "links": links }) diff --git a/server/api_server/openapi/schema_converter.py b/server/api_server/openapi/schema_converter.py index c6979527..73b6c029 100644 --- a/server/api_server/openapi/schema_converter.py +++ b/server/api_server/openapi/schema_converter.py @@ -2,6 +2,7 @@ from __future__ import annotations from typing import Dict, Any, Optional, Type, List from pydantic import BaseModel +from .schemas import ErrorResponse, BaseResponse def pydantic_to_json_schema(model: Type[BaseModel], mode: str = "validation") -> Dict[str, Any]: @@ -161,57 +162,124 @@ def strip_validation(schema: Dict[str, Any]) -> Dict[str, Any]: return clean_schema +def resolve_schema_refs(schema: Dict[str, Any], definitions: Dict[str, Any]) -> Dict[str, Any]: + """ + Recursively resolve $ref in schema by inlining the definition. + Useful for standalone schema parts like query parameters where global definitions aren't available. + """ + if not isinstance(schema, dict): + return schema + + if "$ref" in schema: + ref = schema["$ref"] + # Handle #/$defs/Name syntax + if ref.startswith("#/$defs/"): + def_name = ref.split("/")[-1] + if def_name in definitions: + # Inline the definition (and resolve its refs recursively) + inlined = resolve_schema_refs(definitions[def_name], definitions) + # Merge any extra keys from the original schema (e.g. description override) + # Schema keys take precedence over definition keys + return {**inlined, **{k: v for k, v in schema.items() if k != "$ref"}} + + # Recursively resolve properties + resolved = {} + for k, v in schema.items(): + if k == "items": + resolved[k] = resolve_schema_refs(v, definitions) + elif k == "properties": + resolved[k] = {pk: resolve_schema_refs(pv, definitions) for pk, pv in v.items()} + elif k in ("allOf", "anyOf", "oneOf"): + resolved[k] = [resolve_schema_refs(i, definitions) for i in v] + else: + resolved[k] = v + + return resolved + + def build_responses( - response_model: Optional[Type[BaseModel]], definitions: Dict[str, Any] + response_model: Optional[Type[BaseModel]], + definitions: Dict[str, Any], + response_content_types: Optional[List[str]] = None, + links: Optional[Dict[str, Any]] = None, + method: str = "post" ) -> Dict[str, Any]: """Build OpenAPI responses object.""" responses = {} - # Success response (200) - if response_model: - # Strip validation from response schema to save tokens - schema = strip_validation(pydantic_to_json_schema(response_model, mode="serialization")) - schema = extract_definitions(schema, definitions) - responses["200"] = { - "description": "Successful response", - "content": { - "application/json": { - "schema": schema - } - } - } + # Use a fresh list for response content types to avoid a shared mutable default. + if response_content_types is None: + response_content_types = ["application/json"] else: - responses["200"] = { - "description": "Successful response", - "content": { - "application/json": { - "schema": { - "type": "object", - "properties": { - "success": {"type": "boolean"}, - "message": {"type": "string"} - } - } - } - } - } + # Copy provided list to ensure each call gets its own list + response_content_types = list(response_content_types) - # Standard error responses - MINIMIZED context - # Annotate that these errors can occur, but provide no schema/content to save tokens. - # The LLM knows what "Bad Request" or "Not Found" means. - error_codes = { - "400": "Bad Request", - "401": "Unauthorized", - "403": "Forbidden", - "404": "Not Found", - "422": "Validation Error", - "500": "Internal Server Error" + # Success response (200) + effective_model = response_model or BaseResponse + schema = strip_validation(pydantic_to_json_schema(effective_model, mode="serialization")) + schema = extract_definitions(schema, definitions) + + content = {} + for ct in response_content_types: + if ct == "application/json": + content[ct] = {"schema": schema} + else: + # For non-JSON types like CSV, we don't necessarily use the JSON schema + content[ct] = {"schema": {"type": "string", "format": "binary"}} + + response_obj = { + "description": "Successful response", + "content": content + } + if links: + response_obj["links"] = links + responses["200"] = response_obj + + # Standard error responses + error_configs = { + "400": ("Invalid JSON", "Request body must be valid JSON"), + "401": ("Unauthorized", None), + "403": ("Forbidden", "ERROR: Not authorized"), + "404": ("API route not found", "The requested URL /example/path was not found on the server."), + "422": ("Validation Error", None), + "500": ("Internal Server Error", "Something went wrong on the server") } - for code, desc in error_codes.items(): + for code, (error_val, message_val) in error_configs.items(): + # Generate a fresh schema for each error to customize examples + error_schema_raw = strip_validation(pydantic_to_json_schema(ErrorResponse, mode="serialization")) + error_schema = extract_definitions(error_schema_raw, definitions) + + # Inject status-specific example + if "examples" in error_schema and len(error_schema["examples"]) > 0: + example = { + "success": False, + "error": error_val + } + if message_val: + example["message"] = message_val + + if code == "422": + example["error"] = "Validation Error: Input should be a valid string" + example["details"] = [ + { + "input": "invalid_value", + "loc": ["field_name"], + "msg": "Input should be a valid string", + "type": "string_type", + "url": "https://errors.pydantic.dev/2.12/v/string_type" + } + ] + + error_schema["examples"] = [example] + responses[code] = { - "description": desc - # No "content" schema provided + "description": error_val, + "content": { + "application/json": { + "schema": error_schema + } + } } return responses diff --git a/server/api_server/openapi/schemas.py b/server/api_server/openapi/schemas.py index e8fe6423..84561a7c 100644 --- a/server/api_server/openapi/schemas.py +++ b/server/api_server/openapi/schemas.py @@ -15,7 +15,7 @@ from __future__ import annotations import re import ipaddress -from typing import Optional, List, Literal, Any, Dict +from typing import Optional, List, Literal, Any, Dict, Union from pydantic import BaseModel, Field, field_validator, model_validator, ConfigDict, RootModel # Internal helper imports @@ -39,25 +39,34 @@ ALLOWED_DEVICE_COLUMNS = Literal[ ] ALLOWED_NMAP_MODES = Literal[ - "quick", "intense", "ping", "comprehensive", "fast", "normal", "detail", "skipdiscovery", - "-sS", "-sT", "-sU", "-sV", "-O" + "fast", "normal", "detail", "skipdiscovery" ] -NOTIFICATION_LEVELS = Literal["info", "warning", "error", "alert"] +NOTIFICATION_LEVELS = Literal["info", "warning", "error", "alert", "interrupt"] -ALLOWED_TABLES = Literal["Devices", "Events", "Sessions", "Settings", "CurrentScan", "Online_History", "Plugins_Objects"] +ALLOWED_TABLES = Literal["Devices", "Events", "Sessions", "Settings", "CurrentScan", "Online_History", "Plugins_Objects", "Plugins_History"] ALLOWED_LOG_FILES = Literal[ "app.log", "app_front.log", "IP_changes.log", "stdout.log", "stderr.log", "app.php_errors.log", "execution_queue.log", "db_is_locked.log" ] +ALLOWED_SCAN_TYPES = Literal["ARPSCAN", "NMAPDEV", "NMAP", "INTRNT", "AVAHISCAN", "NBTSCAN"] + +ALLOWED_SESSION_CONNECTION_TYPES = Literal["Connected", "Reconnected", "New Device", "Down Reconnected"] +ALLOWED_SESSION_DISCONNECTION_TYPES = Literal["Disconnected", "Device Down", "Timeout"] + +ALLOWED_EVENT_TYPES = Literal[ + "Device Down", "New Device", "Connected", "Disconnected", + "IP Changed", "Down Reconnected", "" +] + def validate_mac(value: str) -> str: """Validate and normalize MAC address format.""" - # Allow "Internet" as a special case for the gateway/WAN device + # Allow "internet" as a special case for the gateway/WAN device if value.lower() == "internet": - return "Internet" + return "internet" if not is_mac(value): raise ValueError(f"Invalid MAC address format: {value}") @@ -89,14 +98,42 @@ def validate_column_identifier(value: str) -> str: class BaseResponse(BaseModel): - """Standard API response wrapper.""" - model_config = ConfigDict(extra="allow") + """ + Standard API response wrapper. + Note: The API often returns 200 OK for most operations; clients MUST parse the 'success' + boolean field to determine if the operation was actually successful. + """ + model_config = ConfigDict( + extra="allow", + json_schema_extra={ + "examples": [{ + "success": True + }] + } + ) success: bool = Field(..., description="Whether the operation succeeded") message: Optional[str] = Field(None, description="Human-readable message") error: Optional[str] = Field(None, description="Error message if success=False") +class ErrorResponse(BaseResponse): + """Standard error response model with details.""" + model_config = ConfigDict( + extra="allow", + json_schema_extra={ + "examples": [{ + "success": False, + "error": "Error message" + }] + } + ) + + success: bool = Field(False, description="Always False for errors") + details: Optional[Any] = Field(None, description="Detailed error information (e.g., validation errors)") + code: Optional[str] = Field(None, description="Internal error code") + + class PaginatedResponse(BaseResponse): """Response with pagination metadata.""" total: int = Field(0, description="Total number of items") @@ -130,7 +167,19 @@ class DeviceSearchRequest(BaseModel): class DeviceInfo(BaseModel): """Detailed device information model (Raw record).""" - model_config = ConfigDict(extra="allow") + model_config = ConfigDict( + extra="allow", + json_schema_extra={ + "examples": [{ + "devMac": "00:11:22:33:44:55", + "devName": "My iPhone", + "devLastIP": "192.168.1.10", + "devVendor": "Apple", + "devStatus": "online", + "devFavorite": 0 + }] + } + ) devMac: str = Field(..., description="Device MAC address") devName: Optional[str] = Field(None, description="Device display name/alias") @@ -138,13 +187,27 @@ class DeviceInfo(BaseModel): devPrimaryIPv4: Optional[str] = Field(None, description="Primary IPv4 address") devPrimaryIPv6: Optional[str] = Field(None, description="Primary IPv6 address") devVlan: Optional[str] = Field(None, description="VLAN identifier") - devForceStatus: Optional[str] = Field(None, description="Force device status (online/offline/dont_force)") + devForceStatus: Optional[Literal["online", "offline", "dont_force"]] = Field( + "dont_force", + description="Force device status (online/offline/dont_force)" + ) devVendor: Optional[str] = Field(None, description="Hardware vendor from OUI lookup") devOwner: Optional[str] = Field(None, description="Device owner") devType: Optional[str] = Field(None, description="Device type classification") - devFavorite: Optional[int] = Field(0, description="Favorite flag (0 or 1)") - devPresentLastScan: Optional[int] = Field(None, description="Present in last scan (0 or 1)") - devStatus: Optional[str] = Field(None, description="Online/Offline status") + devFavorite: Optional[int] = Field( + 0, + description="Favorite flag (0=False, 1=True). Legacy boolean representation.", + json_schema_extra={"enum": [0, 1]} + ) + devPresentLastScan: Optional[int] = Field( + None, + description="Present in last scan (0 or 1)", + json_schema_extra={"enum": [0, 1]} + ) + devStatus: Optional[Literal["online", "offline"]] = Field( + None, + description="Online/Offline status" + ) devMacSource: Optional[str] = Field(None, description="Source of devMac (USER, LOCKED, or plugin prefix)") devNameSource: Optional[str] = Field(None, description="Source of devName") devFQDNSource: Optional[str] = Field(None, description="Source of devFQDN") @@ -169,7 +232,17 @@ class DeviceListRequest(BaseModel): "offline" ]] = Field( None, - description="Filter devices by status (connected, down, favorites, new, archived, all, my, offline)" + description=( + "Filter devices by status:\n" + "- connected: Active devices present in the last scan\n" + "- down: Devices with active 'Device Down' alert\n" + "- favorites: Devices marked as favorite\n" + "- new: Devices flagged as new\n" + "- archived: Devices moved to archive\n" + "- all: All active (non-archived) devices\n" + "- my: All active devices (alias for 'all')\n" + "- offline: Devices not present in the last scan" + ) ) @@ -227,6 +300,42 @@ class DeviceTotalsResponse(RootModel): root: List[int] = Field(default_factory=list, description="List of counts: [all, online, favorites, new, offline, archived]") +class DeviceTotalsNamedResponse(BaseResponse): + """Response with named device statistics.""" + totals: Dict[str, int] = Field( + ..., + description="Dictionary of counts", + json_schema_extra={ + "examples": [{ + "devices": 10, + "connected": 5, + "favorites": 2, + "new": 1, + "down": 0, + "archived": 2 + }] + } + ) + + +class EventsTotalsNamedResponse(BaseResponse): + """Response with named event/session statistics.""" + totals: Dict[str, int] = Field( + ..., + description="Dictionary of counts: total, sessions, missing, voided, new, down", + json_schema_extra={ + "examples": [{ + "total": 100, + "sessions": 50, + "missing": 0, + "voided": 0, + "new": 5, + "down": 2 + }] + } + ) + + class DeviceExportRequest(BaseModel): """Request for exporting devices.""" format: Literal["csv", "json"] = Field( @@ -270,40 +379,92 @@ class CopyDeviceRequest(BaseModel): class UpdateDeviceColumnRequest(BaseModel): """Request to update a specific device database column.""" columnName: ALLOWED_DEVICE_COLUMNS = Field(..., description="Database column name") - columnValue: Any = Field(..., description="New value for the column") + columnValue: Union[str, int, bool, None] = Field( + ..., + description="New value for the column. Must match the column's expected data type (e.g., string for devName, integer for devFavorite).", + json_schema_extra={ + "oneOf": [ + {"type": "string"}, + {"type": "integer"}, + {"type": "boolean"}, + {"type": "null"} + ] + } + ) class LockDeviceFieldRequest(BaseModel): """Request to lock/unlock a device field.""" - fieldName: Optional[str] = Field(None, description="Field name to lock/unlock (devMac, devName, devLastIP, etc.)") + fieldName: str = Field(..., description="Field name to lock/unlock (e.g., devName, devVendor). Required.") lock: bool = Field(True, description="True to lock the field, False to unlock") +class UnlockDeviceFieldsRequest(BaseModel): + """Request to unlock/clear device fields for one or multiple devices.""" + mac: Optional[Union[str, List[str]]] = Field( + None, + description="Single MAC, list of MACs, or None to target all devices" + ) + fields: Optional[List[str]] = Field( + None, + description="List of field names to unlock. If omitted, all tracked fields will be unlocked" + ) + clear_all: bool = Field( + False, + description="True to clear all sources, False to clear only LOCKED/USER" + ) + + class DeviceUpdateRequest(BaseModel): """Request to update device fields (create/update).""" model_config = ConfigDict(extra="allow") devName: Optional[str] = Field(None, description="Device name") devOwner: Optional[str] = Field(None, description="Device owner") - devType: Optional[str] = Field(None, description="Device type") + devType: Optional[str] = Field( + None, + description="Device type", + json_schema_extra={ + "examples": ["Phone", "Laptop", "Desktop", "Router", "IoT", "Camera", "Server", "TV"] + } + ) devVendor: Optional[str] = Field(None, description="Device vendor") devGroup: Optional[str] = Field(None, description="Device group") devLocation: Optional[str] = Field(None, description="Device location") devComments: Optional[str] = Field(None, description="Comments") - createNew: bool = Field(False, description="Create new device if not exists") + createNew: bool = Field(False, description="If True, creates a new device. Recommended to provide at least devName and devVendor. If False, updates existing device.") @field_validator("devName", "devOwner", "devType", "devVendor", "devGroup", "devLocation", "devComments") @classmethod def sanitize_text_fields(cls, v: Optional[str]) -> Optional[str]: if v is None: return v - return sanitize_string(v) + return v class DeleteDevicesRequest(BaseModel): """Request to delete multiple devices.""" - macs: List[str] = Field([], description="List of MACs to delete") - confirm_delete_all: bool = Field(False, description="Explicit flag to delete ALL devices when macs is empty") + macs: List[str] = Field( + default_factory=list, + description="List of MACs to delete (supports '*' wildcard at the end or start for individual macs)" + ) + confirm_delete_all: bool = Field( + default=False, + description="Explicit flag to delete ALL devices when macs is empty" + ) + model_config = { + "json_schema_extra": { + "examples": [ + { + "summary": "Delete specific devices", + "value": { + "macs": ["aa:bb:cc:dd:ee:ff", "aa:bb:cc:dd:*"], + "confirm_delete_all": False + } + } + ] + } + } @field_validator("macs") @classmethod @@ -311,9 +472,11 @@ class DeleteDevicesRequest(BaseModel): return [validate_mac(mac) for mac in v] @model_validator(mode="after") - def check_delete_all_safety(self) -> DeleteDevicesRequest: + def check_delete_all_safety(self): if not self.macs and not self.confirm_delete_all: - raise ValueError("Must provide at least one MAC or set confirm_delete_all=True") + raise ValueError( + "Must provide at least one MAC or set confirm_delete_all=True" + ) return self @@ -324,10 +487,9 @@ class DeleteDevicesRequest(BaseModel): class TriggerScanRequest(BaseModel): """Request to trigger a network scan.""" - type: str = Field( + type: ALLOWED_SCAN_TYPES = Field( "ARPSCAN", - description="Scan plugin type to execute (e.g., ARPSCAN, NMAPDEV, NMAP)", - json_schema_extra={"examples": ["ARPSCAN", "NMAPDEV", "NMAP"]} + description="Scan plugin type to execute (e.g., ARPSCAN, NMAPDEV, NMAP)" ) @@ -365,8 +527,9 @@ class OpenPortsResponse(BaseResponse): class WakeOnLanRequest(BaseModel): """Request to send Wake-on-LAN packet.""" - devMac: Optional[str] = Field( + mac: Optional[str] = Field( None, + alias="devMac", description="Target device MAC address", json_schema_extra={"examples": ["00:11:22:33:44:55"]} ) @@ -380,7 +543,7 @@ class WakeOnLanRequest(BaseModel): # But Pydantic V2 with populate_by_name=True allows both "devLastIP" and "ip". model_config = ConfigDict(populate_by_name=True) - @field_validator("devMac") + @field_validator("mac") @classmethod def validate_mac_if_provided(cls, v: Optional[str]) -> Optional[str]: if v is not None: @@ -396,15 +559,19 @@ class WakeOnLanRequest(BaseModel): @model_validator(mode="after") def require_mac_or_ip(self) -> "WakeOnLanRequest": - """Ensure at least one of devMac or devLastIP is provided.""" - if self.devMac is None and self.devLastIP is None: - raise ValueError("Either 'devMac' or 'devLastIP' (alias 'ip') must be provided") + """Ensure at least one of mac or devLastIP is provided.""" + if self.mac is None and self.devLastIP is None: + raise ValueError("Either devMac (aka mac) or devLastIP (aka ip) must be provided") return self class WakeOnLanResponse(BaseResponse): """Response for Wake-on-LAN operation.""" - output: Optional[str] = Field(None, description="Command output") + output: Optional[str] = Field( + None, + description="Command output", + json_schema_extra={"examples": ["Sent magic packet to aa:bb:cc:dd:ee:ff"]} + ) class TracerouteRequest(BaseModel): @@ -430,7 +597,7 @@ class NmapScanRequest(BaseModel): """Request to perform NMAP scan.""" scan: str = Field( ..., - description="Target IP address for NMAP scan" + description="Target IP address for NMAP scan (Single IP only, no CIDR/ranges/hostnames)." ) mode: ALLOWED_NMAP_MODES = Field( ..., @@ -491,7 +658,17 @@ class NetworkInterfacesResponse(BaseResponse): class EventInfo(BaseModel): """Event/alert information.""" - model_config = ConfigDict(extra="allow") + model_config = ConfigDict( + extra="allow", + json_schema_extra={ + "examples": [{ + "eveMAC": "00:11:22:33:44:55", + "eveIP": "192.168.1.10", + "eveDateTime": "2024-01-29 10:00:00", + "eveEventType": "Device Down" + }] + } + ) eveRowid: Optional[int] = Field(None, description="Event row ID") eveMAC: Optional[str] = Field(None, description="Device MAC address") @@ -531,9 +708,19 @@ class LastEventsResponse(BaseResponse): class CreateEventRequest(BaseModel): """Request to create a device event.""" ip: Optional[str] = Field("0.0.0.0", description="Device IP") - event_type: str = Field("Device Down", description="Event type") + event_type: str = Field( + "Device Down", + description="Event type", + json_schema_extra={ + "examples": ["Device Down", "New Device", "Connected", "Disconnected", "IP Changed", "Down Reconnected", ""] + } + ) additional_info: Optional[str] = Field("", description="Additional info") - pending_alert: int = Field(1, description="Pending alert flag") + pending_alert: int = Field( + 1, + description="Pending alert flag (0 or 1)", + json_schema_extra={"enum": [0, 1]} + ) event_time: Optional[str] = Field(None, description="Event timestamp (ISO)") @field_validator("ip", mode="before") @@ -548,11 +735,19 @@ class CreateEventRequest(BaseModel): # ============================================================================= # SESSIONS SCHEMAS # ============================================================================= - - class SessionInfo(BaseModel): """Session information.""" - model_config = ConfigDict(extra="allow") + model_config = ConfigDict( + extra="allow", + json_schema_extra={ + "examples": [{ + "sesMac": "00:11:22:33:44:55", + "sesDateTimeConnection": "2024-01-29 08:00:00", + "sesDateTimeDisconnection": "2024-01-29 09:00:00", + "sesIPAddress": "192.168.1.10" + }] + } + ) sesRowid: Optional[int] = Field(None, description="Session row ID") sesMac: Optional[str] = Field(None, description="Device MAC address") @@ -563,12 +758,24 @@ class SessionInfo(BaseModel): class CreateSessionRequest(BaseModel): """Request to create a session.""" - mac: str = Field(..., description="Device MAC") + mac: str = Field(..., description="Device MAC", pattern=MAC_PATTERN) ip: str = Field(..., description="Device IP") start_time: str = Field(..., description="Start time") end_time: Optional[str] = Field(None, description="End time") - event_type_conn: str = Field("Connected", description="Connection event type") - event_type_disc: str = Field("Disconnected", description="Disconnection event type") + event_type_conn: str = Field( + "Connected", + description="Connection event type", + json_schema_extra={ + "examples": ["Connected", "Reconnected", "New Device", "Down Reconnected"] + } + ) + event_type_disc: str = Field( + "Disconnected", + description="Disconnection event type", + json_schema_extra={ + "examples": ["Disconnected", "Device Down", "Timeout"] + } + ) @field_validator("mac") @classmethod @@ -604,7 +811,11 @@ class InAppNotification(BaseModel): guid: Optional[str] = Field(None, description="Unique notification GUID") text: str = Field(..., description="Notification text content") level: NOTIFICATION_LEVELS = Field("info", description="Notification level") - read: Optional[int] = Field(0, description="Read status (0 or 1)") + read: Optional[int] = Field( + 0, + description="Read status (0 or 1)", + json_schema_extra={"enum": [0, 1]} + ) created_at: Optional[str] = Field(None, description="Creation timestamp") @@ -649,10 +860,12 @@ class DbQueryRequest(BaseModel): """ Request for raw database query. WARNING: This is a highly privileged operation. + Can be used to read settings by querying the 'Settings' table. """ rawSql: str = Field( ..., - description="Base64-encoded SQL query. (UNSAFE: Use only for administrative tasks)" + description="Base64-encoded SQL query. (UNSAFE: Use only for administrative tasks)", + json_schema_extra={"examples": ["U0VMRUNUICogRlJPTSBTZXR0aW5ncw=="]} ) # Legacy compatibility: removed strict safety check # TODO: SECURITY CRITICAL - Re-enable strict safety checks. @@ -674,9 +887,23 @@ class DbQueryRequest(BaseModel): class DbQueryUpdateRequest(BaseModel): - """Request for DB update query.""" + """ + Request for DB update query. + Can be used to update settings by targeting the 'Settings' table. + """ columnName: str = Field(..., description="Column to filter by") - id: List[Any] = Field(..., description="List of IDs to update") + id: List[Union[str, int]] = Field( + ..., + description="List of IDs to update. Use MAC address strings for 'Devices' table, and integer RowIDs for all other tables.", + json_schema_extra={ + "items": { + "oneOf": [ + {"type": "string", "description": "A string identifier (e.g., MAC address)"}, + {"type": "integer", "description": "A numeric row ID"} + ] + } + } + ) dbtable: ALLOWED_TABLES = Field(..., description="Table name") columns: List[str] = Field(..., description="Columns to update") values: List[Any] = Field(..., description="New values") @@ -699,9 +926,23 @@ class DbQueryUpdateRequest(BaseModel): class DbQueryDeleteRequest(BaseModel): - """Request for DB delete query.""" + """ + Request for DB delete query. + Can be used to delete settings by targeting the 'Settings' table. + """ columnName: str = Field(..., description="Column to filter by") - id: List[Any] = Field(..., description="List of IDs to delete") + id: List[Union[str, int]] = Field( + ..., + description="List of IDs to delete. Use MAC address strings for 'Devices' table, and integer RowIDs for all other tables.", + json_schema_extra={ + "items": { + "oneOf": [ + {"type": "string", "description": "A string identifier (e.g., MAC address)"}, + {"type": "integer", "description": "A numeric row ID"} + ] + } + } + ) dbtable: ALLOWED_TABLES = Field(..., description="Table name") @field_validator("columnName") @@ -756,3 +997,14 @@ class SettingValue(BaseModel): class GetSettingResponse(BaseResponse): """Response for getting a setting value.""" value: Any = Field(None, description="The setting value") + + +# ============================================================================= +# GRAPHQL SCHEMAS +# ============================================================================= + + +class GraphQLRequest(BaseModel): + """Request payload for GraphQL queries.""" + query: str = Field(..., description="GraphQL query string", json_schema_extra={"examples": ["{ devices { devMac devName } }"]}) + variables: Optional[Dict[str, Any]] = Field(None, description="Variables for the GraphQL query") diff --git a/server/api_server/openapi/spec_generator.py b/server/api_server/openapi/spec_generator.py index 12154624..bc51b635 100644 --- a/server/api_server/openapi/spec_generator.py +++ b/server/api_server/openapi/spec_generator.py @@ -29,7 +29,7 @@ Usage: """ from __future__ import annotations - +import os import threading from typing import Optional, List, Dict, Any @@ -52,7 +52,15 @@ _rebuild_lock = threading.Lock() def generate_openapi_spec( title: str = "NetAlertX API", version: str = "2.0.0", - description: str = "NetAlertX Network Monitoring API - MCP Compatible", + description: str = ''' +**NetAlertX Network Monitoring API - Official Documentation - MCP Compatible** + +* **MCP endpoint**: `/mcp/sse` + +* **OpenAPI Spec**: `/openapi.json` + +Authorize with your API Key from the NetAlertX WebUI under `Settings > Core > General` +''', servers: Optional[List[Dict[str, str]]] = None, flask_app: Optional[Any] = None ) -> Dict[str, Any]: @@ -74,18 +82,58 @@ def generate_openapi_spec( introspect_graphql_schema(devicesSchema) introspect_flask_app(flask_app) + # Apply default disabled tools from setting `MCP_DISABLED_TOOLS`, env var, or hard-coded defaults + # Format: comma-separated operation IDs, e.g. "dbquery_read,dbquery_write" + try: + disabled_env = None + # Prefer setting from app.conf/settings when available + try: + from helper import get_setting_value + setting_val = get_setting_value("MCP_DISABLED_TOOLS") + if setting_val: + disabled_env = str(setting_val).strip() + except Exception: + # If helper is unavailable, fall back to environment + pass + + if not disabled_env: + env_val = os.getenv("MCP_DISABLED_TOOLS") + if env_val: + disabled_env = env_val.strip() + + # If still not set, apply safe hard-coded defaults + if not disabled_env: + disabled_env = "dbquery_read,dbquery_write" + + if disabled_env: + from .registry import set_tool_disabled + for op in [p.strip() for p in disabled_env.split(",") if p.strip()]: + set_tool_disabled(op, True) + except Exception: + # Never fail spec generation due to disablement application issues + pass + spec = { "openapi": "3.1.0", "info": { "title": title, "version": version, "description": description, + "termsOfService": "https://github.com/netalertx/NetAlertX/blob/main/LICENSE.txt", "contact": { - "name": "NetAlertX", - "url": "https://github.com/jokob-sk/NetAlertX" + "name": "Open Source Project - NetAlertX - Github", + "url": "https://github.com/netalertx/NetAlertX" + }, + "license": { + "name": "Licensed under GPLv3", + "url": "https://www.gnu.org/licenses/gpl-3.0.html" } }, - "servers": servers or [{"url": "/", "description": "Local server"}], + "externalDocs": { + "description": "NetAlertX Official Documentation", + "url": "https://docs.netalertx.com/" + }, + "servers": servers or [{"url": "/", "description": "This NetAlertX instance"}], "security": [ {"BearerAuth": []} ], @@ -152,7 +200,11 @@ def generate_openapi_spec( # Add responses operation["responses"] = build_responses( - entry.get("response_model"), definitions + entry.get("response_model"), + definitions, + response_content_types=entry.get("response_content_types", ["application/json"]), + links=entry.get("links"), + method=method ) spec["paths"][path][method] = operation diff --git a/server/api_server/openapi/swagger.html b/server/api_server/openapi/swagger.html index 441758b9..503083d5 100644 --- a/server/api_server/openapi/swagger.html +++ b/server/api_server/openapi/swagger.html @@ -16,7 +16,8 @@