Merge branch 'main' of https://github.com/jokob-sk/NetAlertX

Signed-off-by: jokob-sk <jokob.sk@gmail.com>

.github/workflows/docker_dev.yml

@@ -47,6 +47,12 @@ jobs:
         id: get_version
         run: echo "version=Dev" >> $GITHUB_OUTPUT
 
+      # --- debug output
+      - name: Debug version
+        run: |
+          echo "GITHUB_REF: $GITHUB_REF"
+          echo "Version: '${{ steps.get_version.outputs.version }}'"
+
       # --- Write the timestamped version to .VERSION file
       - name: Create .VERSION file
         run: echo "${{ steps.timestamp.outputs.version }}" > .VERSION

.github/workflows/docker_prod.yml

@@ -32,14 +32,34 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
+      # --- Previous approach Get release version from tag
+      - name: Set up dynamic build ARGs
+        id: getargs
+        run: echo "version=$(cat ./stable/VERSION)" >> $GITHUB_OUTPUT
+
+      - name: Get release version
+        id: get_version_prev
+        run: echo "::set-output name=version::${GITHUB_REF#refs/tags/}"
+
+      - name: Create .VERSION file
+        run: echo "${{ steps.get_version.outputs.version }}" >> .VERSION_PREV
+
       # --- Get release version from tag
       - name: Get release version
         id: get_version
         run: echo "version=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
 
+
+      # --- debug output
+      - name: Debug version
+        run: |
+          echo "GITHUB_REF: $GITHUB_REF"
+          echo "Version: '${{ steps.get_version.outputs.version }}'"
+          echo "Version prev: '${{ steps.get_version_prev.outputs.version }}'"
+
       # --- Write version to .VERSION file
       - name: Create .VERSION file
-        run: echo "${{ steps.get_version.outputs.version }}" > .VERSION
+        run: echo -n "${{ steps.get_version.outputs.version }}" > .VERSION
 
       # --- Generate Docker metadata and tags
       - name: Docker meta

.gitignore

@@ -11,6 +11,7 @@ nohup.out
 config/*
 .ash_history
 .VERSION
+.VERSION_PREV
 config/pialert.conf
 config/app.conf
 db/*

Dockerfile

@@ -138,6 +138,7 @@ RUN install -d -o ${NETALERTX_USER} -g ${NETALERTX_GROUP} -m 700 ${READ_WRITE_FO
 
 # Copy version information into the image
 COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} .[V]ERSION ${NETALERTX_APP}/.VERSION
+COPY --chown=${NETALERTX_USER}:${NETALERTX_GROUP} .[V]ERSION ${NETALERTX_APP}/.VERSION_PREV
 
 # Copy the virtualenv from the builder stage
 COPY --from=builder --chown=20212:20212 ${VIRTUAL_ENV} ${VIRTUAL_ENV}
@@ -147,12 +148,12 @@ COPY --from=builder --chown=20212:20212 ${VIRTUAL_ENV} ${VIRTUAL_ENV}
 # This is done after the copy of the venv to ensure the venv is in place
 # although it may be quicker to do it before the copy, it keeps the image
 # layers smaller to do it after.
-RUN if [ -f '.VERSION' ]; then \
-        cp '.VERSION' "${NETALERTX_APP}/.VERSION"; \
-    else \
-        echo "DEVELOPMENT 00000000" > "${NETALERTX_APP}/.VERSION"; \
-    fi && \
-    chown 20212:20212 "${NETALERTX_APP}/.VERSION" && \
+RUN for vfile in .VERSION .VERSION_PREV; do \
+        if [ ! -f "${NETALERTX_APP}/${vfile}" ]; then \
+            echo "DEVELOPMENT 00000000" > "${NETALERTX_APP}/${vfile}"; \
+        fi; \
+        chown 20212:20212 "${NETALERTX_APP}/${vfile}"; \
+    done && \
     apk add --no-cache libcap && \
     setcap cap_net_raw+ep /bin/busybox && \
     setcap cap_net_raw,cap_net_admin+eip /usr/bin/nmap && \

README.md

@@ -34,9 +34,7 @@ Get visibility of what's going on on your WIFI/LAN network and enable presence d
 ## 🚀 Quick Start
 
 > [!WARNING]
-> ⚠️ **Important:** The documentation has been recently updated and some instructions may have changed.
-> If you are using the currently live production image, please follow the instructions on [Docker Hub](https://hub.docker.com/r/jokobsk/netalertx) for building and running the container.
-> These docs reflect the latest development version and may differ from the production image.
+> ⚠️ **Important:** The docker-compose has recently changed. Carefully read the [Migration guide](https://jokob-sk.github.io/NetAlertX/MIGRATION/?h=migrat#12-migration-from-netalertx-v25524) for detailed instructions.
 
 Start NetAlertX in seconds with Docker:
 

docs/DOCKER_COMPOSE.md

@@ -1,9 +1,7 @@
 # NetAlertX and Docker Compose
 
 > [!WARNING]
-> ⚠️ **Important:** The documentation has been recently updated and some instructions may have changed.
-> If you are using the currently live production image, please follow the instructions on [Docker Hub](https://hub.docker.com/r/jokobsk/netalertx) for building and running the container.
-> These docs reflect the latest development version and may differ from the production image.
+> ⚠️ **Important:** The docker-compose has recently changed. Carefully read the [Migration guide](https://jokob-sk.github.io/NetAlertX/MIGRATION/?h=migrat#12-migration-from-netalertx-v25524) for detailed instructions.
 
 Great care is taken to ensure NetAlertX meets the needs of everyone while being flexible enough for anyone. This document outlines how you can configure your docker-compose. There are many settings, so we recommend using the Baseline Docker Compose as-is, or modifying it for your system.Good care is taken to ensure NetAlertX meets the needs of everyone while being flexible enough for anyone. This document outlines how you can configure your docker-compose. There are many settings, so we recommend using the Baseline Docker Compose as-is, or modifying it for your system.
 

docs/DOCKER_INSTALLATION.md

@@ -61,21 +61,38 @@ See alternative [docked-compose examples](https://github.com/jokob-sk/NetAlertX/
 
 | Required | Path | Description |
 | :------------- | :------------- | :-------------|
-| ✅ | `:/data/config` | Folder which will contain the `app.conf` & `devices.csv` ([read about devices.csv](https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEVICES_BULK_EDITING.md)) files  |
-| ✅ | `:/data/db` | Folder which will contain the `app.db` database file  |
-| ✅ | `/etc/localtime:/etc/localtime:ro` | Ensuring the timezone is teh same as on teh server.  |
+| ✅ | `:/data` | Folder which needs to contain a `/db` and `/config` sub-folders. |
+| ✅ | `/etc/localtime:/etc/localtime:ro` | Ensuring the timezone is the same as on the server.  |
 | | `:/tmp/log` |  Logs folder useful for debugging if you have issues setting up the container  |
 | | `:/tmp/api` |  The [API endpoint](https://github.com/jokob-sk/NetAlertX/blob/main/docs/API.md) containing static (but regularly updated) json and other files. Path configurable via `NETALERTX_API` environment variable.   |
 | | `:/app/front/plugins/<plugin>/ignore_plugin` | Map a file `ignore_plugin` to ignore a plugin. Plugins can be soft-disabled via settings. More in the [Plugin docs](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS.md).  |
 | | `:/etc/resolv.conf` | Use a custom `resolv.conf` file for [better name resolution](https://github.com/jokob-sk/NetAlertX/blob/main/docs/REVERSE_DNS.md).  |
 
-> Use separate `db` and `config` directories, do not nest them.
+### Folder structure
+
+Use separate `db` and `config` directories, do not nest them:
+
+```
+data
+├── config
+└── db
+```
+
+### Permissions
+
+If you are facing permissions issues run the following commands on your server. This will change the owner and assure sufficient access to the database and config files that are stored in the `/local_data_dir/db` and `/local_data_dir/config` folders (replace `local_data_dir` with the location where your `/db` and `/config` folders are located).
+
+```bash
+sudo chown -R 20211:20211 /local_data_dir
+sudo chmod -R a+rwx /local_data_dir
+```
 
 ### Initial setup
 
 - If unavailable, the app generates a default `app.conf` and `app.db` file on the first run.
 - The preferred way is to manage the configuration via the Settings section in the UI, if UI is inaccessible you can modify [app.conf](https://github.com/jokob-sk/NetAlertX/tree/main/back) in the `/data/config/` folder directly
 
+
 #### Setting up scanners
 
 You have to specify which network(s) should be scanned. This is done by entering subnets that are accessible from the host. If you use the default `ARPSCAN` plugin, you have to specify at least one valid subnet and interface in the `SCAN_SUBNETS` setting. See the documentation on [How to set up multiple SUBNETS, VLANs and what are limitations](https://github.com/jokob-sk/NetAlertX/blob/main/docs/SUBNETS.md) for troubleshooting and more advanced scenarios.

docs/DOCKER_MAINTENANCE.md

@@ -1,9 +1,7 @@
 # The NetAlertX Container Operator's Guide
 
 > [!WARNING]
-> ⚠️ **Important:** The documentation has been recently updated and some instructions may have changed.  
-> If you are using the currently live production image, please follow the instructions on [Docker Hub](https://hub.docker.com/r/jokobsk/netalertx) for building and running the container.  
-> These docs reflect the latest development version and may differ from the production image.
+> ⚠️ **Important:** The docker-compose has recently changed. Carefully read the [Migration guide](https://jokob-sk.github.io/NetAlertX/MIGRATION/?h=migrat#12-migration-from-netalertx-v25524) for detailed instructions.
 
 This guide assumes you are starting with the official `docker-compose.yml` file provided with the project. We strongly recommend you start with or migrate to this file as your baseline and modify it to suit your specific needs (e.g., changing file paths). While there are many ways to configure NetAlertX, the default file is designed to meet the mandatory security baseline with layer-2 networking capabilities while operating securely and without startup warnings.
 

docs/FILE_PERMISSIONS.md

@@ -62,7 +62,7 @@ docker run -it --rm --name netalertx --user "0" \
 >
 >  `sudo chown -R 20211:20211 /local_data_dir`
 >
->  `sudo chmod -R a+rwx  /local_data_dir1`
+>  `sudo chmod -R a+rwx  /local_data_dir`
 >
 
 ---

docs/MIGRATION.md

@@ -1,11 +1,5 @@
 # Migration
 
-> [!WARNING]
-> ⚠️ **Important:** The documentation has been recently updated and some instructions may have changed.
-> If you are using the currently live production image, please follow the instructions on [Docker Hub](https://hub.docker.com/r/jokobsk/netalertx) for building and running the container.
-> These docs reflect the latest development version and may differ from the production image.
-
-
 When upgrading from older versions of NetAlertX (or PiAlert by jokob-sk), follow the migration steps below to ensure your data and configuration are properly transferred.
 
 > [!TIP]
@@ -245,30 +239,7 @@ services:
 
 4. Start the container and verify everything works as expected.
 5. Stop the container.
-6. Perform a one-off migration to the latest `netalertx` image and `20211` user:
-
-> [!NOTE]
-> The example below assumes your `/config` and `/db` folders are stored in `local_data_dir`.
-> Replace this path with your actual configuration directory. `netalertx` is the container name, which might differ from your setup.
-
-```sh
-docker run -it --rm --name netalertx --user "0" \
-  -v /local_data_dir/config:/data/config \
-  -v /local_data_dir/db:/data/db \
-  --tmpfs /tmp:uid=20211,gid=20211,mode=1700 \
-  ghcr.io/jokob-sk/netalertx:latest
-```
-
-..or alternatively execute:
-
-```bash
-sudo chown -R 20211:20211 /local_data_dir/config
-sudo chown -R 20211:20211 /local_data_dir/db
-sudo chmod -R a+rwx /local_data_dir/
-```
-
-7. Stop the container
-8. Update the `docker-compose.yml` as per example below.
+6. Update the `docker-compose.yml` as per example below.
 
 ```yaml
 services:
@@ -295,5 +266,34 @@ services:
       - "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
     # 🆕 New "tmpfs" section END  🔼
 ```
+7. Perform a one-off migration to the latest `netalertx` image and `20211` user.
 
-9. Start the container and verify everything works as expected.
+> [!NOTE]
+> The examples below assumes your `/config` and `/db` folders are stored in `local_data_dir`.
+> Replace this path with your actual configuration directory. `netalertx` is the container name, which might differ from your setup.
+
+**Automated approach**:
+
+Run the container with the `--user "0"` parameter. Please note, some systems will require the manual approach below.
+
+```sh
+docker run -it --rm --name netalertx --user "0" \
+  -v /local_data_dir/config:/app/config \
+  -v /local_data_dir/db:/app/db \
+  -v /local_data_dir:/data \
+  --tmpfs /tmp:uid=20211,gid=20211,mode=1700 \
+  ghcr.io/jokob-sk/netalertx:latest
+```
+
+Stop the container and run it as you would normally.
+
+**Manual approach**:
+
+Use the manual approach if the Automated approach fails. Execute the below commands:
+
+```bash
+sudo chown -R 20211:20211 /local_data_dir
+sudo chmod -R a+rwx /local_data_dir
+```
+
+8. Start the container and verify everything works as expected.

docs/README.md

@@ -63,7 +63,6 @@ There is also an in-app Help / FAQ section that should be answering frequently a
 
 #### ♻ Misc
 
-- [Version history (legacy)](./VERSIONS_HISTORY.md)
 - [Reverse proxy (Nginx, Apache, SWAG)](./REVERSE_PROXY.md)
 - [Installing Updates](./UPDATES.md)
 - [Setting up Authelia](./AUTHELIA.md) (DRAFT)

docs/SYNOLOGY_GUIDE.md

@@ -84,5 +84,5 @@ services:
 >
 >  `sudo chown -R 20211:20211 /local_data_dir`
 >
->  `sudo chmod -R a+rwx  /local_data_dir1`
+>  `sudo chmod -R a+rwx  /local_data_dir`
 >

front/js/common.js

@@ -378,7 +378,7 @@ function localizeTimestamp(input) {
   let tz = getSetting("TIMEZONE") || 'Europe/Berlin';
   input = String(input || '').trim();
 
-  // ✅ 1. Unix timestamps (10 or 13 digits)
+  // 1. Unix timestamps (10 or 13 digits)
   if (/^\d+$/.test(input)) {
     const ms = input.length === 10 ? parseInt(input, 10) * 1000 : parseInt(input, 10);
     return new Intl.DateTimeFormat('default', {
@@ -389,39 +389,59 @@ function localizeTimestamp(input) {
     }).format(new Date(ms));
   }
 
-  // ✅ 2. European DD/MM/YYYY
-  let match = input.match(/^(\d{1,2})\/(\d{1,2})\/(\d{4})(?:[ ,]+(\d{1,2}:\d{2}(?::\d{2})?))?(.*)$/);
+ // 2. European DD/MM/YYYY
+  let match = input.match(/^(\d{1,2})\/(\d{1,2})\/(\d{4})(?:[ ,]+(\d{1,2}:\d{2}(?::\d{2})?))?$/);
   if (match) {
-    let [ , d, m, y, t = "00:00:00", tzPart = "" ] = match;
-    const iso = `${y}-${m.padStart(2,'0')}-${d.padStart(2,'0')}T${t.length===5?t+":00":t}${tzPart}`;
+    let [, d, m, y, t = "00:00:00", tzPart = ""] = match;
+    const dNum = parseInt(d, 10);
+    const mNum = parseInt(m, 10);
+
+    if (dNum <= 12 && mNum > 12) {
+    } else {
+      const iso = `${y}-${m.padStart(2,'0')}-${d.padStart(2,'0')}T${t.length===5 ? t + ":00" : t}${tzPart}`;
       return formatSafe(iso, tz);
     }
+  }
 
-  // ✅ 3. US MM/DD/YYYY
+  // 3. US MM/DD/YYYY
   match = input.match(/^(\d{1,2})\/(\d{1,2})\/(\d{4})(?:[ ,]+(\d{1,2}:\d{2}(?::\d{2})?))?(.*)$/);
   if (match) {
-    let [ , m, d, y, t = "00:00:00", tzPart = "" ] = match;
+    let [, m, d, y, t = "00:00:00", tzPart = ""] = match;
     const iso = `${y}-${m.padStart(2,'0')}-${d.padStart(2,'0')}T${t.length===5?t+":00":t}${tzPart}`;
     return formatSafe(iso, tz);
   }
 
-  // ✅ 4. ISO-style (with T, Z, offsets)
-  match = input.match(/^(\d{4}-\d{1,2}-\d{1,2})[ T](\d{1,2}:\d{2}(?::\d{2})?)(Z|[+-]\d{2}:?\d{2})?$/);
+  // 4. ISO YYYY-MM-DD with optional Z/+offset
+  match = input.match(/^(\d{4})-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])[ T](\d{1,2}:\d{2}(?::\d{2})?)(Z|[+-]\d{2}:?\d{2})?$/);
   if (match) {
-    let [ , ymd, time, offset = "" ] = match;
-    // normalize to YYYY-MM-DD
-    let [y, m, d] = ymd.split('-').map(x => x.padStart(2,'0'));
+    let [, y, m, d, time, offset = ""] = match;
     const iso = `${y}-${m}-${d}T${time.length===5?time+":00":time}${offset}`;
     return formatSafe(iso, tz);
   }
 
-  // ✅ 5. RFC2822 / "25 Aug 2025 13:45:22 +0200"
+  // 5. RFC2822 / "25 Aug 2025 13:45:22 +0200"
   match = input.match(/^\d{1,2} [A-Za-z]{3,} \d{4}/);
   if (match) {
     return formatSafe(input, tz);
   }
 
-  // ✅ 6. Fallback (whatever Date() can parse)
+  // 6. DD-MM-YYYY with optional time
+  match = input.match(/^(\d{1,2})-(\d{1,2})-(\d{4})(?:[ T](\d{1,2}:\d{2}(?::\d{2})?))?$/);
+  if (match) {
+    let [, d, m, y, time = "00:00:00"] = match;
+    const iso = `${y}-${m.padStart(2,'0')}-${d.padStart(2,'0')}T${time.length===5?time+":00":time}`;
+    return formatSafe(iso, tz);
+  }
+
+  // 7. Strict YYYY-DD-MM with optional time
+  match = input.match(/^(\d{4})-(0[1-9]|[12]\d|3[01])-(0[1-9]|1[0-2])(?:[ T](\d{1,2}:\d{2}(?::\d{2})?))?$/);
+  if (match) {
+    let [, y, d, m, time = "00:00:00"] = match;
+    const iso = `${y}-${m}-${d}T${time.length === 5 ? time + ":00" : time}`;
+    return formatSafe(iso, tz);
+  }
+
+  // 8. Fallback
   return formatSafe(input, tz);
 
   function formatSafe(str, tz) {
@@ -440,6 +460,7 @@ function localizeTimestamp(input) {
 }
 
 
+
 // ----------------------------------------------------
 /**
  * Replaces double quotes within single-quoted strings, then converts all single quotes to double quotes,
@@ -1629,7 +1650,7 @@ async function executeOnce() {
       await cacheSettings();
       await cacheStrings();
 
-      console.log("✅ All AJAX callbacks have completed");
+      console.log("All AJAX callbacks have completed");
       onAllCallsComplete();
     } catch (error) {
       console.error("Error:", error);

front/network.php

@@ -521,12 +521,16 @@ function getChildren(node, list, path, visited = [])
 
     // Loop through all items to find children of the current node
     for (var i in list) {
-        if (list[i].devParentMAC.toLowerCase() == node.devMac.toLowerCase() && !hiddenMacs.includes(list[i].devParentMAC)) {   
+      const item = list[i];
+      const parentMac = item.devParentMAC || "";       // null-safe
+      const nodeMac = node.devMac || "";               // null-safe
+
+      if (parentMac != "" && parentMac.toLowerCase() == nodeMac.toLowerCase() && !hiddenMacs.includes(parentMac)) {
 
         visibleNodesCount++;
 
         // Process children recursively, passing a copy of the visited list
-            children.push(getChildren(list[i], list, path + ((path == "") ? "" : '|') + list[i].devParentMAC, visited));
+        children.push(getChildren(list[i], list, path + ((path == "") ? "" : '|') + parentMac, visited));
       }
     }
 
@@ -565,14 +569,27 @@ function getChildren(node, list, path, visited = [])
 // ---------------------------------------------------------------------------
 function getHierarchy()
 {
+  let internetNode = null;
+
   for(i in deviceListGlobal)
   {
     if(deviceListGlobal[i].devMac == 'Internet')
     {
-      return (getChildren(deviceListGlobal[i], deviceListGlobal, ''))
+      internetNode = deviceListGlobal[i];
+
+      return (getChildren(internetNode, deviceListGlobal, ''))
       break;
     }
   }
+
+  if (!internetNode) {
+    showModalOk(
+      getString('Network_Configuration_Error'),
+      getString('Network_Root_Not_Configured')
+    );
+    console.error("getHierarchy(): Internet node not found");
+    return null;
+  }
 }
 
 //---------------------------------------------------------------------------
@@ -671,8 +688,6 @@ function handleNodeClick(el)
 
 // ---------------------------------------------------------------------------
 var myTree;
-
-
 var emSize;
 var nodeHeight;
 // var sizeCoefficient = 1.4
@@ -689,10 +704,12 @@ function emToPx(em, element) {
 
 function initTree(myHierarchy)
 {
-  // calculate the drawing area based on teh tree width and available screen size
-  
+  if(myHierarchy && myHierarchy.type !== "")
+  {
+    // calculate the drawing area based on the tree width and available screen size
     let baseFontSize = parseFloat($('html').css('font-size'));
     let treeAreaHeight = ($(window).height() - 155); ;
+
     // calculate the font size of the leaf nodes to fit everything into the tree area
     leafNodesCount == 0 ? 1 : leafNodesCount;
 
@@ -703,13 +720,6 @@ function initTree(myHierarchy)
     // init the drawing area size
     $("#networkTree").attr('style', `height:${treeAreaHeight}px; width:${emToPx(screenWidthEm)}px`)
 
-  if(myHierarchy.type == "")
-  {
-    showModalOk(getString('Network_Configuration_Error'), getString('Network_Root_Not_Configured'))      
-    
-    return;
-  }
-
     // handle canvas and node size if only a few nodes
     emSize > 1 ? emSize = 1 : emSize = emSize;
 
@@ -823,6 +833,10 @@ function initTree(myHierarchy)
 
     // hide spinning icon
     hideSpinner()
+  } else
+  {
+    console.error("getHierarchy() not returning expected result");
+  }
 }
 
 

front/php/server/util.php

@@ -303,7 +303,7 @@ function saveSettings()
 
   // save to the file
   $new_name = $config_file.'_'.$timestamp.'.backup';
-  $new_location = $configFolderPath.$new_name;
+  $new_location = $configFolderPath.'/'.$new_name;
 
   if(file_exists( $fullConfPath) != 1)
   {

front/php/templates/language/fr_fr.json

@@ -311,7 +311,7 @@
     "Gen_Filter": "Filtrer",
     "Gen_Generate": "Générer",
     "Gen_InvalidMac": "Adresse MAC invalide.",
-    "Gen_Invalid_Value": "",
+    "Gen_Invalid_Value": "Une valeur invalide a été renseignée",
     "Gen_LockedDB": "Erreur - La base de données est peut-être verrouillée - Vérifier avec les outils de dév via F12 -> Console ou essayer plus tard.",
     "Gen_NetworkMask": "Masque réseau",
     "Gen_Offline": "Hors ligne",

front/php/templates/language/ru_ru.json

@@ -311,7 +311,7 @@
     "Gen_Filter": "Фильтр",
     "Gen_Generate": "Генерировать",
     "Gen_InvalidMac": "Неверный Mac-адрес.",
-    "Gen_Invalid_Value": "",
+    "Gen_Invalid_Value": "Введено некорректное значение",
     "Gen_LockedDB": "ОШИБКА - Возможно, база данных заблокирована. Проверьте инструменты разработчика F12 -> Консоль или повторите попытку позже.",
     "Gen_NetworkMask": "Маска сети",
     "Gen_Offline": "Оффлайн",

front/php/templates/language/uk_ua.json

@@ -311,7 +311,7 @@
     "Gen_Filter": "Фільтр",
     "Gen_Generate": "Генерувати",
     "Gen_InvalidMac": "Недійсна Mac-адреса.",
-    "Gen_Invalid_Value": "",
+    "Gen_Invalid_Value": "Введено недійсне значення",
     "Gen_LockedDB": "ПОМИЛКА – БД може бути заблоковано – перевірте F12 Інструменти розробника -> Консоль або спробуйте пізніше.",
     "Gen_NetworkMask": "Маска мережі",
     "Gen_Offline": "Офлайн",

front/plugins/snmp_discovery/README.md

@@ -14,6 +14,14 @@ Specify the following settings in the Settings section of NetAlertX:
 
 If unsure, please check [snmpwalk examples](https://www.comparitech.com/net-admin/snmpwalk-examples-windows-linux/).
 
+Supported output formats:
+
+```
+ipNetToMediaPhysAddress[3][192.168.1.9] 6C:6C:6C:6C:6C:b6C1
+IP-MIB::ipNetToMediaPhysAddress.17.10.10.3.202 = STRING: f8:81:1a:ef:ef:ef
+mib-2.3.1.1.2.15.1.192.168.1.14 "2C F4 32 18 61 43 "
+```
+
 ### Setup Cisco IOS
 
 Enable IOS SNMP service and restrict to selected (internal) IP/Subnet.

front/plugins/snmp_discovery/script.py

@@ -30,7 +30,7 @@ RESULT_FILE = os.path.join(LOG_PATH, f'last_result.{pluginName}.log')
 
 
 def main():
-    mylog('verbose', ['[SNMPDSC] In script '])
+    mylog('verbose', f"[{pluginName}] In script ")
 
     # init global variables
     global snmpWalkCmds
@@ -57,7 +57,7 @@ def main():
             commands = [snmpWalkCmds]
 
         for cmd in commands:
-            mylog('verbose', ['[SNMPDSC] Router snmpwalk command: ', cmd])
+            mylog('verbose', [f"[{pluginName}] Router snmpwalk command: ", cmd])
             # split the string, remove white spaces around each item, and exclude any empty strings
             snmpwalkArgs = [arg.strip() for arg in cmd.split(' ') if arg.strip()]
 
@@ -72,7 +72,7 @@ def main():
                     timeout=(timeoutSetting)
                 )
 
-                mylog('verbose', ['[SNMPDSC] output: ', output])
+                mylog('verbose', [f"[{pluginName}] output: ", output])
 
                 lines = output.split('\n')
 
@@ -80,6 +80,8 @@ def main():
 
                     tmpSplt = line.split('"')
 
+                    # Expected Format:
+                    # mib-2.3.1.1.2.15.1.192.168.1.14 "2C F4 32 18 61 43 "
                     if len(tmpSplt) == 3:
 
                         ipStr = tmpSplt[0].split('.')[-4:]  # Get the last 4 elements to extract the IP
@@ -89,7 +91,7 @@ def main():
                             macAddress = ':'.join(macStr)
                             ipAddress = '.'.join(ipStr)
 
-                            mylog('verbose', [f'[SNMPDSC] IP: {ipAddress} MAC: {macAddress}'])
+                            mylog('verbose', [f"[{pluginName}] IP: {ipAddress} MAC: {macAddress}"])
 
                             plugin_objects.add_object(
                                 primaryId   = handleEmpty(macAddress),
@@ -100,8 +102,40 @@ def main():
                                 foreignKey  = handleEmpty(macAddress)  # Use the primary ID as the foreign key
                             )
                         else:
-                            mylog('verbose', ['[SNMPDSC] ipStr does not seem to contain a valid IP:', ipStr])
+                            mylog('verbose', [f"[{pluginName}] ipStr does not seem to contain a valid IP:", ipStr])
 
+                    # Expected Format:
+                    # IP-MIB::ipNetToMediaPhysAddress.17.10.10.3.202 = STRING: f8:81:1a:ef:ef:ef
+                    elif "ipNetToMediaPhysAddress" in line and "=" in line and "STRING:" in line:
+
+                        # Split on "=" → ["IP-MIB::ipNetToMediaPhysAddress.xxx.xxx.xxx.xxx ", " STRING: aa:bb:cc:dd:ee:ff"]
+                        left, right = line.split("=", 1)
+
+                        # Extract the MAC (right side)
+                        macAddress = right.split("STRING:")[-1].strip()
+                        macAddress = normalize_mac(macAddress)
+
+                        # Extract IP address from the left side
+                        # tail of the OID: last 4 integers = IPv4 address
+                        oid_parts = left.strip().split('.')
+                        ip_parts  = oid_parts[-4:]
+                        ipAddress = ".".join(ip_parts)
+
+                        mylog('verbose', [f"[{pluginName}] (fallback) IP: {ipAddress} MAC: {macAddress}"])
+
+                        plugin_objects.add_object(
+                            primaryId   = handleEmpty(macAddress),
+                            secondaryId = handleEmpty(ipAddress),
+                            watched1    = '(unknown)',
+                            watched2    = handleEmpty(snmpwalkArgs[6]),
+                            extra       = handleEmpty(line),
+                            foreignKey  = handleEmpty(macAddress)
+                        )
+
+                        continue
+
+                    # Expected Format:
+                    # ipNetToMediaPhysAddress[3][192.168.1.9] 6C:6C:6C:6C:6C:b6C1
                     elif line.startswith('ipNetToMediaPhysAddress'):
                         # Format: snmpwalk -OXsq output
                         parts = line.split()
@@ -110,7 +144,7 @@ def main():
                             ipAddress  = parts[0].split('[')[-1][:-1]
                             macAddress = normalize_mac(parts[1])
 
-                            mylog('verbose', [f'[SNMPDSC] IP: {ipAddress} MAC: {macAddress}'])
+                            mylog('verbose', [f"[{pluginName}] IP: {ipAddress} MAC: {macAddress}"])
 
                             plugin_objects.add_object(
                                 primaryId   = handleEmpty(macAddress),
@@ -121,7 +155,7 @@ def main():
                                 foreignKey  = handleEmpty(macAddress)
                             )
 
-    mylog('verbose', ['[SNMPDSC] Entries found: ', len(plugin_objects)])
+    mylog('verbose', [f"[{pluginName}] Entries found: ", len(plugin_objects)])
 
     plugin_objects.write_result_file()
 

install/production-filesystem/entrypoint.d/95-appliance-integrity.sh

@@ -14,7 +14,7 @@ if ! awk '$2 == "/" && $4 ~ /ro/ {found=1} END {exit !found}' /proc/mounts; then
 ══════════════════════════════════════════════════════════════════════════════
 ⚠️  Warning: Container is running as read-write, not in read-only mode.
 
-    Please mount the root filesystem as --read-only or use read-only: true
+    Please mount the root filesystem as --read-only or use read_only: true
     https://github.com/jokob-sk/NetAlertX/blob/main/docs/docker-troubleshooting/read-only-filesystem.md
 ══════════════════════════════════════════════════════════════════════════════
 EOF

server/api_server/api_server_start.py

@@ -87,7 +87,8 @@ CORS(
         r"/dbquery/*": {"origins": "*"},
         r"/messaging/*": {"origins": "*"},
         r"/events/*": {"origins": "*"},
-        r"/logs/*": {"origins": "*"}
+        r"/logs/*": {"origins": "*"},
+        r"/auth/*": {"origins": "*"}
     },
     supports_credentials=True,
     allow_headers=["Authorization", "Content-Type"],
@@ -744,6 +745,23 @@ def sync_endpoint():
         return jsonify({"success": False, "message": "ERROR: No allowed", "error": "Method Not Allowed"}), 405
 
 
+# --------------------------
+# Auth endpoint
+# --------------------------
+@app.route("/auth", methods=["GET"])
+def check_auth():
+    if not is_authorized():
+        return jsonify({"success": False, "message": "ERROR: Not authorized", "error": "Forbidden"}), 403
+
+    elif request.method == "GET":
+        return jsonify({"success": True, "message": "Authentication check successful"}), 200
+    else:
+        msg = "[sync endpoint] Method Not Allowed"
+        write_notification(msg, "alert")
+        mylog("verbose", [msg])
+        return jsonify({"success": False, "message": "ERROR: No allowed", "error": "Method Not Allowed"}), 405
+
+
 # --------------------------
 # Background Server Start
 # --------------------------

test/api_endpoints/test_auth_endpoints.py

@@ -0,0 +1,66 @@
+# tests/test_auth.py
+
+import sys
+import os
+import pytest
+
+# Register NetAlertX directories
+INSTALL_PATH = os.getenv("NETALERTX_APP", "/app")
+sys.path.extend([f"{INSTALL_PATH}/front/plugins", f"{INSTALL_PATH}/server"])
+
+from helper import get_setting_value  # noqa: E402
+from api_server.api_server_start import app  # noqa: E402
+
+
+@pytest.fixture(scope="session")
+def api_token():
+    """Load API token from system settings (same as other tests)."""
+    return get_setting_value("API_TOKEN")
+
+
+@pytest.fixture
+def client():
+    """Flask test client."""
+    with app.test_client() as client:
+        yield client
+
+
+def auth_headers(token):
+    return {"Authorization": f"Bearer {token}"}
+
+
+# -------------------------
+# AUTH ENDPOINT TESTS
+# -------------------------
+
+def test_auth_ok(client, api_token):
+    """Valid token should allow access."""
+    resp = client.get("/auth", headers=auth_headers(api_token))
+    assert resp.status_code == 200
+
+    data = resp.get_json()
+    assert data is not None
+    assert data.get("success") is True
+    assert "successful" in data.get("message", "").lower()
+
+
+def test_auth_missing_token(client):
+    """Missing token should be forbidden."""
+    resp = client.get("/auth")
+    assert resp.status_code == 403
+
+    data = resp.get_json()
+    assert data is not None
+    assert data.get("success") is False
+    assert "not authorized" in data.get("message", "").lower()
+
+
+def test_auth_invalid_token(client):
+    """Invalid bearer token should be forbidden."""
+    resp = client.get("/auth", headers=auth_headers("INVALID-TOKEN"))
+    assert resp.status_code == 403
+
+    data = resp.get_json()
+    assert data is not None
+    assert data.get("success") is False
+    assert "not authorized" in data.get("message", "").lower()