|
Xdev Host Manager
authored
2 days ago
|
1
|
#!/usr/bin/env perl
|
|
|
2
|
#
|
|
|
3
|
# host_manager.pl - Minimal host registry web app with no CPAN dependencies.
|
|
|
4
|
#
|
|
|
5
|
|
|
|
6
|
use strict;
|
|
|
7
|
use warnings;
|
|
|
8
|
|
|
|
9
|
use Cwd qw(abs_path);
|
|
|
10
|
use Digest::SHA qw(hmac_sha1 hmac_sha256_hex sha256_hex);
|
|
|
11
|
use File::Basename qw(dirname);
|
|
|
12
|
use File::Path qw(make_path);
|
|
|
13
|
use IO::Socket::INET;
|
|
|
14
|
use POSIX qw(strftime);
|
|
|
15
|
use Time::HiRes qw(time);
|
|
|
16
|
|
|
|
17
|
my $script_dir = dirname(abs_path($0));
|
|
|
18
|
my $project_dir = dirname($script_dir);
|
|
|
19
|
|
|
|
20
|
my %opt = (
|
|
|
21
|
bind => $ENV{HOST_MANAGER_BIND} || '127.0.0.1',
|
|
|
22
|
port => $ENV{HOST_MANAGER_PORT} || 8088,
|
|
|
23
|
data => $ENV{HOST_MANAGER_DATA} || "$project_dir/config/hosts.yaml",
|
|
|
24
|
local_hosts_tsv => $ENV{HOST_MANAGER_LOCAL_HOSTS_TSV} || "$project_dir/config/local-hosts.tsv",
|
|
|
25
|
);
|
|
|
26
|
|
|
|
27
|
while (@ARGV) {
|
|
|
28
|
my $arg = shift @ARGV;
|
|
|
29
|
if ($arg eq '--bind') {
|
|
|
30
|
$opt{bind} = shift @ARGV;
|
|
|
31
|
} elsif ($arg eq '--port') {
|
|
|
32
|
$opt{port} = shift @ARGV;
|
|
|
33
|
} elsif ($arg eq '--data') {
|
|
|
34
|
$opt{data} = shift @ARGV;
|
|
|
35
|
} elsif ($arg eq '--local-hosts-tsv') {
|
|
|
36
|
$opt{local_hosts_tsv} = shift @ARGV;
|
|
|
37
|
} elsif ($arg eq '--help' || $arg eq '-h') {
|
|
|
38
|
usage();
|
|
|
39
|
exit 0;
|
|
|
40
|
} else {
|
|
|
41
|
die "Unknown option: $arg\n";
|
|
|
42
|
}
|
|
|
43
|
}
|
|
|
44
|
|
|
|
45
|
my $session_secret = $ENV{HOST_MANAGER_SESSION_SECRET} || random_hex(32);
|
|
|
46
|
my %sessions;
|
|
|
47
|
|
|
|
48
|
my $server = IO::Socket::INET->new(
|
|
|
49
|
LocalHost => $opt{bind},
|
|
|
50
|
LocalPort => $opt{port},
|
|
|
51
|
Proto => 'tcp',
|
|
|
52
|
Listen => 10,
|
|
|
53
|
ReuseAddr => 1,
|
|
|
54
|
) or die "Cannot listen on $opt{bind}:$opt{port}: $!\n";
|
|
|
55
|
|
|
|
56
|
print "host-manager listening on http://$opt{bind}:$opt{port}\n";
|
|
|
57
|
print "data file: $opt{data}\n";
|
|
|
58
|
print "OTP login: " . ($ENV{HOST_MANAGER_TOTP_SECRET} ? "enabled\n" : "disabled; set HOST_MANAGER_TOTP_SECRET\n");
|
|
|
59
|
|
|
|
60
|
while (my $client = $server->accept) {
|
|
|
61
|
eval {
|
|
|
62
|
$client->autoflush(1);
|
|
|
63
|
handle_client($client);
|
|
|
64
|
};
|
|
|
65
|
if ($@) {
|
|
|
66
|
eval { send_json($client, 500, { error => 'internal_error', detail => "$@" }); };
|
|
|
67
|
}
|
|
|
68
|
close $client;
|
|
|
69
|
}
|
|
|
70
|
|
|
|
71
|
sub usage {
|
|
|
72
|
print <<"EOF";
|
|
|
73
|
Usage: perl scripts/host_manager.pl [--bind 127.0.0.1] [--port 8088]
|
|
|
74
|
|
|
|
75
|
Environment:
|
|
|
76
|
HOST_MANAGER_TOTP_SECRET Base32 TOTP secret required for write access.
|
|
|
77
|
HOST_MANAGER_SESSION_SECRET Optional session signing secret.
|
|
|
78
|
HOST_MANAGER_DATA Defaults to config/hosts.yaml.
|
|
|
79
|
HOST_MANAGER_LOCAL_HOSTS_TSV Defaults to config/local-hosts.tsv.
|
|
|
80
|
|
|
|
81
|
Read-only endpoints do not require authentication.
|
|
|
82
|
EOF
|
|
|
83
|
}
|
|
|
84
|
|
|
|
85
|
sub handle_client {
|
|
|
86
|
my ($client) = @_;
|
|
|
87
|
my $request_line = <$client>;
|
|
|
88
|
return unless defined $request_line;
|
|
|
89
|
$request_line =~ s/\r?\n$//;
|
|
|
90
|
my ($method, $target) = $request_line =~ m{^([A-Z]+)\s+(\S+)\s+HTTP/};
|
|
|
91
|
return send_text($client, 400, 'bad request') unless $method && $target;
|
|
|
92
|
|
|
|
93
|
my %headers;
|
|
|
94
|
while (my $line = <$client>) {
|
|
|
95
|
$line =~ s/\r?\n$//;
|
|
|
96
|
last if $line eq '';
|
|
|
97
|
my ($k, $v) = split /:\s*/, $line, 2;
|
|
|
98
|
$headers{lc $k} = $v if defined $k && defined $v;
|
|
|
99
|
}
|
|
|
100
|
|
|
|
101
|
my $body = '';
|
|
|
102
|
if (($headers{'content-length'} || 0) > 0) {
|
|
|
103
|
read($client, $body, int($headers{'content-length'}));
|
|
|
104
|
}
|
|
|
105
|
|
|
|
106
|
my ($path, $query) = split /\?/, $target, 2;
|
|
|
107
|
my %query = parse_params($query || '');
|
|
|
108
|
|
|
|
109
|
if ($method eq 'GET' && $path eq '/') {
|
|
|
110
|
return send_html($client, 200, app_html());
|
|
|
111
|
}
|
|
|
112
|
if ($method eq 'GET' && $path eq '/healthz') {
|
|
|
113
|
return send_json($client, 200, { ok => json_bool(1), data => $opt{data} });
|
|
|
114
|
}
|
|
|
115
|
if ($method eq 'GET' && $path eq '/api/session') {
|
|
|
116
|
return send_json($client, 200, { authenticated => is_authenticated(\%headers) ? json_bool(1) : json_bool(0) });
|
|
|
117
|
}
|
|
|
118
|
if ($method eq 'GET' && $path eq '/api/hosts') {
|
|
|
119
|
my $registry = load_registry();
|
|
|
120
|
return send_json($client, 200, registry_payload($registry));
|
|
|
121
|
}
|
|
|
122
|
if ($method eq 'GET' && $path eq '/download/hosts.yaml') {
|
|
|
123
|
return send_file($client, $opt{data}, 'application/x-yaml; charset=utf-8', 'hosts.yaml');
|
|
|
124
|
}
|
|
|
125
|
if ($method eq 'GET' && $path eq '/download/local-hosts.tsv') {
|
|
|
126
|
my $registry = load_registry();
|
|
|
127
|
return send_download($client, 200, render_local_hosts_tsv($registry), 'text/tab-separated-values; charset=utf-8', 'local-hosts.tsv');
|
|
|
128
|
}
|
|
|
129
|
if ($method eq 'GET' && $path eq '/download/monitoring.json') {
|
|
|
130
|
my $registry = load_registry();
|
|
|
131
|
return send_download($client, 200, json_encode(render_monitoring($registry)), 'application/json; charset=utf-8', 'monitoring-hosts.json');
|
|
|
132
|
}
|
|
|
133
|
if ($method eq 'POST' && $path eq '/api/login') {
|
|
|
134
|
return send_json($client, 503, { error => 'otp_not_configured' }) unless $ENV{HOST_MANAGER_TOTP_SECRET};
|
|
|
135
|
my $payload = request_payload(\%headers, $body);
|
|
|
136
|
my $otp = $payload->{otp} || '';
|
|
|
137
|
if (!verify_totp($ENV{HOST_MANAGER_TOTP_SECRET} || '', $otp)) {
|
|
|
138
|
return send_json($client, 401, { error => 'invalid_otp' });
|
|
|
139
|
}
|
|
|
140
|
my $token = create_session();
|
|
|
141
|
return send_json($client, 200, { ok => json_bool(1) }, [ "Set-Cookie: hm_session=$token; HttpOnly; SameSite=Strict; Path=/" ]);
|
|
|
142
|
}
|
|
|
143
|
if ($method eq 'POST' && $path eq '/api/logout') {
|
|
|
144
|
expire_session(\%headers);
|
|
|
145
|
return send_json($client, 200, { ok => json_bool(1) }, [ "Set-Cookie: hm_session=deleted; Max-Age=0; Path=/" ]);
|
|
|
146
|
}
|
|
|
147
|
|
|
|
148
|
if ($method eq 'POST' && $path =~ m{^/api/}) {
|
|
|
149
|
return send_json($client, 401, { error => 'authentication_required' }) unless is_authenticated(\%headers);
|
|
|
150
|
|
|
|
151
|
if ($path eq '/api/hosts/upsert') {
|
|
|
152
|
my $payload = request_payload(\%headers, $body);
|
|
|
153
|
return upsert_host($client, $payload);
|
|
|
154
|
}
|
|
|
155
|
if ($path eq '/api/hosts/delete') {
|
|
|
156
|
my $payload = request_payload(\%headers, $body);
|
|
|
157
|
return delete_host($client, $payload->{id} || '');
|
|
|
158
|
}
|
|
|
159
|
if ($path eq '/api/render/local-hosts-tsv') {
|
|
|
160
|
my $registry = load_registry();
|
|
|
161
|
my $content = render_local_hosts_tsv($registry);
|
|
|
162
|
backup_file($opt{local_hosts_tsv});
|
|
|
163
|
write_file($opt{local_hosts_tsv}, $content);
|
|
|
164
|
return send_json($client, 200, { ok => json_bool(1), file => $opt{local_hosts_tsv} });
|
|
|
165
|
}
|
|
|
166
|
}
|
|
|
167
|
|
|
|
168
|
return send_json($client, 404, { error => 'not_found' });
|
|
|
169
|
}
|
|
|
170
|
|
|
|
171
|
sub load_registry {
|
|
|
172
|
return parse_hosts_yaml(read_file($opt{data}));
|
|
|
173
|
}
|
|
|
174
|
|
|
|
175
|
sub save_registry {
|
|
|
176
|
my ($registry) = @_;
|
|
|
177
|
$registry->{updated_at} = iso_now();
|
|
|
178
|
backup_file($opt{data});
|
|
|
179
|
write_file($opt{data}, render_hosts_yaml($registry));
|
|
|
180
|
}
|
|
|
181
|
|
|
|
182
|
sub registry_payload {
|
|
|
183
|
my ($registry) = @_;
|
|
|
184
|
my $problems = analyze_hosts($registry->{hosts});
|
|
|
185
|
return {
|
|
|
186
|
version => $registry->{version},
|
|
|
187
|
updated_at => $registry->{updated_at},
|
|
|
188
|
policy => $registry->{policy},
|
|
|
189
|
hosts => $registry->{hosts},
|
|
|
190
|
problems => $problems,
|
|
|
191
|
counts => {
|
|
|
192
|
hosts => scalar @{ $registry->{hosts} },
|
|
|
193
|
problems => scalar @$problems,
|
|
|
194
|
},
|
|
|
195
|
};
|
|
|
196
|
}
|
|
|
197
|
|
|
|
198
|
sub upsert_host {
|
|
|
199
|
my ($client, $payload) = @_;
|
|
|
200
|
my $id = clean_id($payload->{id} || '');
|
|
|
201
|
return send_json($client, 400, { error => 'invalid_id' }) unless $id;
|
|
|
202
|
|
|
|
203
|
my $hosts_ip = clean_scalar($payload->{hosts_ip} || '');
|
|
|
204
|
my $dns_ip = clean_scalar($payload->{dns_ip} || '');
|
|
|
205
|
return send_json($client, 400, { error => 'missing_ip' }) unless $hosts_ip && $dns_ip;
|
|
|
206
|
|
|
|
207
|
my @names = clean_list($payload->{names});
|
|
|
208
|
return send_json($client, 400, { error => 'missing_names' }) unless @names;
|
|
|
209
|
|
|
|
210
|
my $registry = load_registry();
|
|
|
211
|
my %host = (
|
|
|
212
|
id => $id,
|
|
|
213
|
status => clean_scalar($payload->{status} || 'active'),
|
|
|
214
|
hosts_ip => $hosts_ip,
|
|
|
215
|
dns_ip => $dns_ip,
|
|
|
216
|
names => \@names,
|
|
|
217
|
roles => [ clean_list($payload->{roles}) ],
|
|
|
218
|
sources => [ clean_list($payload->{sources}) ],
|
|
|
219
|
monitoring => clean_scalar($payload->{monitoring} || 'pending'),
|
|
|
220
|
notes => clean_scalar($payload->{notes} || ''),
|
|
|
221
|
);
|
|
|
222
|
|
|
|
223
|
my $replaced = 0;
|
|
|
224
|
for my $i (0 .. $#{ $registry->{hosts} }) {
|
|
|
225
|
if ($registry->{hosts}->[$i]{id} eq $id) {
|
|
|
226
|
$registry->{hosts}->[$i] = \%host;
|
|
|
227
|
$replaced = 1;
|
|
|
228
|
last;
|
|
|
229
|
}
|
|
|
230
|
}
|
|
|
231
|
push @{ $registry->{hosts} }, \%host unless $replaced;
|
|
|
232
|
save_registry($registry);
|
|
|
233
|
return send_json($client, 200, { ok => json_bool(1), host => \%host });
|
|
|
234
|
}
|
|
|
235
|
|
|
|
236
|
sub delete_host {
|
|
|
237
|
my ($client, $id) = @_;
|
|
|
238
|
$id = clean_id($id);
|
|
|
239
|
return send_json($client, 400, { error => 'invalid_id' }) unless $id;
|
|
|
240
|
|
|
|
241
|
my $registry = load_registry();
|
|
|
242
|
my @kept = grep { $_->{id} ne $id } @{ $registry->{hosts} };
|
|
|
243
|
return send_json($client, 404, { error => 'not_found' }) if @kept == @{ $registry->{hosts} };
|
|
|
244
|
$registry->{hosts} = \@kept;
|
|
|
245
|
save_registry($registry);
|
|
|
246
|
return send_json($client, 200, { ok => json_bool(1) });
|
|
|
247
|
}
|
|
|
248
|
|
|
|
249
|
sub analyze_hosts {
|
|
|
250
|
my ($hosts) = @_;
|
|
|
251
|
my @problems;
|
|
|
252
|
my (%names, %ids);
|
|
|
253
|
for my $host (@$hosts) {
|
|
|
254
|
push @problems, problem($host, 'duplicate-id', "Duplicate id $host->{id}") if $ids{ $host->{id} }++;
|
|
|
255
|
my @fqdn = grep { /\.madagascar\.xdev\.ro$/ } @{ $host->{names} || [] };
|
|
|
256
|
push @problems, problem($host, 'missing-fqdn', 'No madagascar.xdev.ro FQDN') unless @fqdn || ($host->{status} || '') ne 'active';
|
|
|
257
|
push @problems, problem($host, 'deprecated-vad-is', 'Deprecated vad.is.xdev.ro name present')
|
|
|
258
|
if grep { /\.vad\.is\.xdev\.ro$/ } @{ $host->{names} || [] };
|
|
|
259
|
push @problems, problem($host, 'legacy-prefix', 'Legacy prefix should be normalized out')
|
|
|
260
|
if grep { /^(is|vad|b)-/ } @{ $host->{names} || [] };
|
|
|
261
|
for my $name (@{ $host->{names} || [] }) {
|
|
|
262
|
push @problems, problem($host, 'duplicate-name', "Duplicate name $name") if $names{$name}++;
|
|
|
263
|
}
|
|
|
264
|
if (($host->{hosts_ip} || '') ne ($host->{dns_ip} || '') && ($host->{hosts_ip} || '') ne '127.0.0.1') {
|
|
|
265
|
push @problems, problem($host, 'split-ip', 'hosts_ip differs from dns_ip; check that this is intentional');
|
|
|
266
|
}
|
|
|
267
|
}
|
|
|
268
|
return \@problems;
|
|
|
269
|
}
|
|
|
270
|
|
|
|
271
|
sub problem {
|
|
|
272
|
my ($host, $code, $message) = @_;
|
|
|
273
|
return { host_id => $host->{id}, code => $code, message => $message };
|
|
|
274
|
}
|
|
|
275
|
|
|
|
276
|
sub render_local_hosts_tsv {
|
|
|
277
|
my ($registry) = @_;
|
|
|
278
|
my $out = "# Local DNS manifest for the madagascar network.\n";
|
|
|
279
|
$out .= "# Generated by scripts/host_manager.pl from config/hosts.yaml.\n";
|
|
|
280
|
$out .= "#\n";
|
|
|
281
|
$out .= "# Format:\n";
|
|
|
282
|
$out .= "# hosts_ip<TAB>dns_ip<TAB>name [aliases...]\n";
|
|
|
283
|
$out .= "#\n";
|
|
|
284
|
$out .= "# Priority rule:\n";
|
|
|
285
|
$out .= "# - DHCP lease/reservation on 192.168.2.1 is canonical for LAN IP allocation.\n";
|
|
|
286
|
$out .= "# - madagascar.json is canonical for cluster roles and service interfaces.\n";
|
|
|
287
|
$out .= "# - This file publishes approved local DNS records derived from those sources.\n";
|
|
|
288
|
for my $host (sort { $a->{id} cmp $b->{id} } @{ $registry->{hosts} }) {
|
|
|
289
|
next unless ($host->{status} || 'active') eq 'active';
|
|
|
290
|
next unless @{ $host->{names} || [] };
|
|
|
291
|
$out .= join("\t", $host->{hosts_ip}, $host->{dns_ip}, join(' ', @{ $host->{names} })) . "\n";
|
|
|
292
|
}
|
|
|
293
|
return $out;
|
|
|
294
|
}
|
|
|
295
|
|
|
|
296
|
sub render_monitoring {
|
|
|
297
|
my ($registry) = @_;
|
|
|
298
|
my @hosts;
|
|
|
299
|
for my $host (sort { $a->{id} cmp $b->{id} } @{ $registry->{hosts} }) {
|
|
|
300
|
next unless ($host->{status} || 'active') eq 'active';
|
|
|
301
|
next if ($host->{monitoring} || 'pending') eq 'disabled';
|
|
|
302
|
push @hosts, {
|
|
|
303
|
id => $host->{id},
|
|
|
304
|
primary_name => $host->{names}[0],
|
|
|
305
|
address => $host->{dns_ip},
|
|
|
306
|
aliases => [ @{ $host->{names} || [] } ],
|
|
|
307
|
roles => [ @{ $host->{roles} || [] } ],
|
|
|
308
|
monitoring => $host->{monitoring} || 'pending',
|
|
|
309
|
notes => $host->{notes} || '',
|
|
|
310
|
};
|
|
|
311
|
}
|
|
|
312
|
return {
|
|
|
313
|
version => $registry->{version},
|
|
|
314
|
generated_at => iso_now(),
|
|
|
315
|
source => 'config/hosts.yaml',
|
|
|
316
|
hosts => \@hosts,
|
|
|
317
|
};
|
|
|
318
|
}
|
|
|
319
|
|
|
|
320
|
sub parse_hosts_yaml {
|
|
|
321
|
my ($text) = @_;
|
|
|
322
|
my %registry = (
|
|
|
323
|
version => 1,
|
|
|
324
|
updated_at => '',
|
|
|
325
|
policy => {},
|
|
|
326
|
hosts => [],
|
|
|
327
|
);
|
|
|
328
|
my ($section, $current, $list_key);
|
|
|
329
|
for my $line (split /\n/, $text) {
|
|
|
330
|
next if $line =~ /^\s*$/ || $line =~ /^\s*#/;
|
|
|
331
|
if ($line =~ /^version:\s*(\d+)/) {
|
|
|
332
|
$registry{version} = int($1);
|
|
|
333
|
} elsif ($line =~ /^updated_at:\s*(.+)$/) {
|
|
|
334
|
$registry{updated_at} = yaml_unquote($1);
|
|
|
335
|
} elsif ($line =~ /^policy:\s*$/) {
|
|
|
336
|
$section = 'policy';
|
|
|
337
|
} elsif ($line =~ /^hosts:\s*$/) {
|
|
|
338
|
$section = 'hosts';
|
|
|
339
|
} elsif (($section || '') eq 'policy' && $line =~ /^ ([A-Za-z0-9_]+):\s*(.+)$/) {
|
|
|
340
|
$registry{policy}{$1} = yaml_unquote($2);
|
|
|
341
|
} elsif (($section || '') eq 'hosts' && $line =~ /^ - id:\s*(.+)$/) {
|
|
|
342
|
$current = {
|
|
|
343
|
id => yaml_unquote($1),
|
|
|
344
|
status => 'active',
|
|
|
345
|
hosts_ip => '',
|
|
|
346
|
dns_ip => '',
|
|
|
347
|
names => [],
|
|
|
348
|
roles => [],
|
|
|
349
|
sources => [],
|
|
|
350
|
monitoring => 'pending',
|
|
|
351
|
notes => '',
|
|
|
352
|
};
|
|
|
353
|
push @{ $registry{hosts} }, $current;
|
|
|
354
|
$list_key = undef;
|
|
|
355
|
} elsif ($current && $line =~ /^ ([A-Za-z0-9_]+):\s*$/) {
|
|
|
356
|
$list_key = $1;
|
|
|
357
|
$current->{$list_key} ||= [];
|
|
|
358
|
} elsif ($current && defined $list_key && $line =~ /^ -\s*(.+)$/) {
|
|
|
359
|
push @{ $current->{$list_key} }, yaml_unquote($1);
|
|
|
360
|
} elsif ($current && $line =~ /^ ([A-Za-z0-9_]+):\s*(.*)$/) {
|
|
|
361
|
$current->{$1} = yaml_unquote($2);
|
|
|
362
|
$list_key = undef;
|
|
|
363
|
}
|
|
|
364
|
}
|
|
|
365
|
return \%registry;
|
|
|
366
|
}
|
|
|
367
|
|
|
|
368
|
sub render_hosts_yaml {
|
|
|
369
|
my ($registry) = @_;
|
|
|
370
|
my $out = "version: " . int($registry->{version} || 1) . "\n";
|
|
|
371
|
$out .= "updated_at: " . yq($registry->{updated_at} || iso_now()) . "\n";
|
|
|
372
|
$out .= "policy:\n";
|
|
|
373
|
for my $key (sort keys %{ $registry->{policy} || {} }) {
|
|
|
374
|
$out .= " $key: " . yq($registry->{policy}{$key}) . "\n";
|
|
|
375
|
}
|
|
|
376
|
$out .= "hosts:\n";
|
|
|
377
|
for my $host (sort { $a->{id} cmp $b->{id} } @{ $registry->{hosts} || [] }) {
|
|
|
378
|
$out .= " - id: " . yq($host->{id}) . "\n";
|
|
|
379
|
for my $key (qw(status hosts_ip dns_ip)) {
|
|
|
380
|
$out .= " $key: " . yq($host->{$key} || '') . "\n";
|
|
|
381
|
}
|
|
|
382
|
for my $key (qw(names roles sources)) {
|
|
|
383
|
$out .= " $key:\n";
|
|
|
384
|
for my $value (@{ $host->{$key} || [] }) {
|
|
|
385
|
$out .= " - " . yq($value) . "\n";
|
|
|
386
|
}
|
|
|
387
|
}
|
|
|
388
|
$out .= " monitoring: " . yq($host->{monitoring} || 'pending') . "\n";
|
|
|
389
|
$out .= " notes: " . yq($host->{notes} || '') . "\n";
|
|
|
390
|
}
|
|
|
391
|
return $out;
|
|
|
392
|
}
|
|
|
393
|
|
|
|
394
|
sub request_payload {
|
|
|
395
|
my ($headers, $body) = @_;
|
|
|
396
|
my $type = $headers->{'content-type'} || '';
|
|
|
397
|
if ($type =~ m{application/json}) {
|
|
|
398
|
return json_decode($body || '{}');
|
|
|
399
|
}
|
|
|
400
|
return { parse_params($body || '') };
|
|
|
401
|
}
|
|
|
402
|
|
|
|
403
|
sub json_bool {
|
|
|
404
|
my ($value) = @_;
|
|
|
405
|
return bless \(my $bool = $value ? 1 : 0), 'HostManager::JSONBool';
|
|
|
406
|
}
|
|
|
407
|
|
|
|
408
|
sub json_encode {
|
|
|
409
|
my ($value) = @_;
|
|
|
410
|
if (!defined $value) {
|
|
|
411
|
return 'null';
|
|
|
412
|
}
|
|
|
413
|
my $ref = ref($value);
|
|
|
414
|
if (!$ref) {
|
|
|
415
|
return $value if $value =~ /\A-?(?:0|[1-9][0-9]*)(?:\.[0-9]+)?\z/;
|
|
|
416
|
return json_string($value);
|
|
|
417
|
}
|
|
|
418
|
if ($ref eq 'HostManager::JSONBool') {
|
|
|
419
|
return $$value ? 'true' : 'false';
|
|
|
420
|
}
|
|
|
421
|
if ($ref eq 'ARRAY') {
|
|
|
422
|
return '[' . join(',', map { json_encode($_) } @$value) . ']';
|
|
|
423
|
}
|
|
|
424
|
if ($ref eq 'HASH') {
|
|
|
425
|
return '{' . join(',', map { json_string($_) . ':' . json_encode($value->{$_}) } sort keys %$value) . '}';
|
|
|
426
|
}
|
|
|
427
|
return json_string("$value");
|
|
|
428
|
}
|
|
|
429
|
|
|
|
430
|
sub json_string {
|
|
|
431
|
my ($value) = @_;
|
|
|
432
|
$value = '' unless defined $value;
|
|
|
433
|
$value =~ s/\\/\\\\/g;
|
|
|
434
|
$value =~ s/"/\\"/g;
|
|
|
435
|
$value =~ s/\n/\\n/g;
|
|
|
436
|
$value =~ s/\r/\\r/g;
|
|
|
437
|
$value =~ s/\t/\\t/g;
|
|
|
438
|
$value =~ s/([\x00-\x1f])/sprintf("\\u%04x", ord($1))/eg;
|
|
|
439
|
return qq("$value");
|
|
|
440
|
}
|
|
|
441
|
|
|
|
442
|
sub json_decode {
|
|
|
443
|
my ($text) = @_;
|
|
|
444
|
my $i = 0;
|
|
|
445
|
my $len = length($text);
|
|
|
446
|
my ($parse_value, $parse_string, $parse_array, $parse_object, $parse_number, $skip_ws);
|
|
|
447
|
|
|
|
448
|
$skip_ws = sub {
|
|
|
449
|
$i++ while $i < $len && substr($text, $i, 1) =~ /\s/;
|
|
|
450
|
};
|
|
|
451
|
|
|
|
452
|
$parse_string = sub {
|
|
|
453
|
die "Expected JSON string\n" unless substr($text, $i, 1) eq '"';
|
|
|
454
|
$i++;
|
|
|
455
|
my $out = '';
|
|
|
456
|
while ($i < $len) {
|
|
|
457
|
my $ch = substr($text, $i++, 1);
|
|
|
458
|
return $out if $ch eq '"';
|
|
|
459
|
if ($ch eq "\\") {
|
|
|
460
|
die "Bad JSON escape\n" if $i >= $len;
|
|
|
461
|
my $esc = substr($text, $i++, 1);
|
|
|
462
|
if ($esc eq '"' || $esc eq "\\" || $esc eq '/') {
|
|
|
463
|
$out .= $esc;
|
|
|
464
|
} elsif ($esc eq 'b') {
|
|
|
465
|
$out .= "\b";
|
|
|
466
|
} elsif ($esc eq 'f') {
|
|
|
467
|
$out .= "\f";
|
|
|
468
|
} elsif ($esc eq 'n') {
|
|
|
469
|
$out .= "\n";
|
|
|
470
|
} elsif ($esc eq 'r') {
|
|
|
471
|
$out .= "\r";
|
|
|
472
|
} elsif ($esc eq 't') {
|
|
|
473
|
$out .= "\t";
|
|
|
474
|
} elsif ($esc eq 'u') {
|
|
|
475
|
my $hex = substr($text, $i, 4);
|
|
|
476
|
die "Bad JSON unicode escape\n" unless $hex =~ /\A[0-9A-Fa-f]{4}\z/;
|
|
|
477
|
$out .= chr(hex($hex));
|
|
|
478
|
$i += 4;
|
|
|
479
|
} else {
|
|
|
480
|
die "Bad JSON escape\n";
|
|
|
481
|
}
|
|
|
482
|
} else {
|
|
|
483
|
$out .= $ch;
|
|
|
484
|
}
|
|
|
485
|
}
|
|
|
486
|
die "Unterminated JSON string\n";
|
|
|
487
|
};
|
|
|
488
|
|
|
|
489
|
$parse_number = sub {
|
|
|
490
|
my $start = $i;
|
|
|
491
|
$i++ if substr($text, $i, 1) eq '-';
|
|
|
492
|
$i++ while $i < $len && substr($text, $i, 1) =~ /[0-9]/;
|
|
|
493
|
if ($i < $len && substr($text, $i, 1) eq '.') {
|
|
|
494
|
$i++;
|
|
|
495
|
$i++ while $i < $len && substr($text, $i, 1) =~ /[0-9]/;
|
|
|
496
|
}
|
|
|
497
|
if ($i < $len && substr($text, $i, 1) =~ /[eE]/) {
|
|
|
498
|
$i++;
|
|
|
499
|
$i++ if $i < $len && substr($text, $i, 1) =~ /[+-]/;
|
|
|
500
|
$i++ while $i < $len && substr($text, $i, 1) =~ /[0-9]/;
|
|
|
501
|
}
|
|
|
502
|
return 0 + substr($text, $start, $i - $start);
|
|
|
503
|
};
|
|
|
504
|
|
|
|
505
|
$parse_array = sub {
|
|
|
506
|
die "Expected JSON array\n" unless substr($text, $i, 1) eq '[';
|
|
|
507
|
$i++;
|
|
|
508
|
my @out;
|
|
|
509
|
$skip_ws->();
|
|
|
510
|
if ($i < $len && substr($text, $i, 1) eq ']') {
|
|
|
511
|
$i++;
|
|
|
512
|
return \@out;
|
|
|
513
|
}
|
|
|
514
|
while (1) {
|
|
|
515
|
push @out, $parse_value->();
|
|
|
516
|
$skip_ws->();
|
|
|
517
|
my $ch = substr($text, $i++, 1);
|
|
|
518
|
last if $ch eq ']';
|
|
|
519
|
die "Expected JSON array comma\n" unless $ch eq ',';
|
|
|
520
|
}
|
|
|
521
|
return \@out;
|
|
|
522
|
};
|
|
|
523
|
|
|
|
524
|
$parse_object = sub {
|
|
|
525
|
die "Expected JSON object\n" unless substr($text, $i, 1) eq '{';
|
|
|
526
|
$i++;
|
|
|
527
|
my %out;
|
|
|
528
|
$skip_ws->();
|
|
|
529
|
if ($i < $len && substr($text, $i, 1) eq '}') {
|
|
|
530
|
$i++;
|
|
|
531
|
return \%out;
|
|
|
532
|
}
|
|
|
533
|
while (1) {
|
|
|
534
|
$skip_ws->();
|
|
|
535
|
my $key = $parse_string->();
|
|
|
536
|
$skip_ws->();
|
|
|
537
|
die "Expected JSON object colon\n" unless substr($text, $i++, 1) eq ':';
|
|
|
538
|
$out{$key} = $parse_value->();
|
|
|
539
|
$skip_ws->();
|
|
|
540
|
my $ch = substr($text, $i++, 1);
|
|
|
541
|
last if $ch eq '}';
|
|
|
542
|
die "Expected JSON object comma\n" unless $ch eq ',';
|
|
|
543
|
}
|
|
|
544
|
return \%out;
|
|
|
545
|
};
|
|
|
546
|
|
|
|
547
|
$parse_value = sub {
|
|
|
548
|
$skip_ws->();
|
|
|
549
|
die "Unexpected end of JSON\n" if $i >= $len;
|
|
|
550
|
my $ch = substr($text, $i, 1);
|
|
|
551
|
return $parse_string->() if $ch eq '"';
|
|
|
552
|
return $parse_object->() if $ch eq '{';
|
|
|
553
|
return $parse_array->() if $ch eq '[';
|
|
|
554
|
if (substr($text, $i, 4) eq 'true') {
|
|
|
555
|
$i += 4;
|
|
|
556
|
return json_bool(1);
|
|
|
557
|
}
|
|
|
558
|
if (substr($text, $i, 5) eq 'false') {
|
|
|
559
|
$i += 5;
|
|
|
560
|
return json_bool(0);
|
|
|
561
|
}
|
|
|
562
|
if (substr($text, $i, 4) eq 'null') {
|
|
|
563
|
$i += 4;
|
|
|
564
|
return undef;
|
|
|
565
|
}
|
|
|
566
|
return $parse_number->() if $ch =~ /[-0-9]/;
|
|
|
567
|
die "Unexpected JSON token\n";
|
|
|
568
|
};
|
|
|
569
|
|
|
|
570
|
my $value = $parse_value->();
|
|
|
571
|
$skip_ws->();
|
|
|
572
|
die "Trailing JSON content\n" if $i != $len;
|
|
|
573
|
return $value;
|
|
|
574
|
}
|
|
|
575
|
|
|
|
576
|
sub parse_params {
|
|
|
577
|
my ($text) = @_;
|
|
|
578
|
my %out;
|
|
|
579
|
for my $pair (split /&/, $text) {
|
|
|
580
|
next unless length $pair;
|
|
|
581
|
my ($k, $v) = split /=/, $pair, 2;
|
|
|
582
|
$out{url_decode($k)} = url_decode($v || '');
|
|
|
583
|
}
|
|
|
584
|
return %out;
|
|
|
585
|
}
|
|
|
586
|
|
|
|
587
|
sub clean_id {
|
|
|
588
|
my ($value) = @_;
|
|
|
589
|
$value = lc clean_scalar($value);
|
|
|
590
|
$value =~ s/[^a-z0-9_.-]+/-/g;
|
|
|
591
|
$value =~ s/^-+|-+$//g;
|
|
|
592
|
return $value;
|
|
|
593
|
}
|
|
|
594
|
|
|
|
595
|
sub clean_scalar {
|
|
|
596
|
my ($value) = @_;
|
|
|
597
|
$value = '' unless defined $value;
|
|
|
598
|
$value =~ s/[\r\n\t]+/ /g;
|
|
|
599
|
$value =~ s/^\s+|\s+$//g;
|
|
|
600
|
return $value;
|
|
|
601
|
}
|
|
|
602
|
|
|
|
603
|
sub clean_list {
|
|
|
604
|
my ($value) = @_;
|
|
|
605
|
return () unless defined $value;
|
|
|
606
|
my @items = ref($value) eq 'ARRAY' ? @$value : split /[\s,]+/, $value;
|
|
|
607
|
my @clean;
|
|
|
608
|
for my $item (@items) {
|
|
|
609
|
$item = clean_scalar($item);
|
|
|
610
|
push @clean, $item if length $item;
|
|
|
611
|
}
|
|
|
612
|
return @clean;
|
|
|
613
|
}
|
|
|
614
|
|
|
|
615
|
sub yq {
|
|
|
616
|
my ($value) = @_;
|
|
|
617
|
$value = '' unless defined $value;
|
|
|
618
|
$value =~ s/\\/\\\\/g;
|
|
|
619
|
$value =~ s/"/\\"/g;
|
|
|
620
|
return qq("$value");
|
|
|
621
|
}
|
|
|
622
|
|
|
|
623
|
sub yaml_unquote {
|
|
|
624
|
my ($value) = @_;
|
|
|
625
|
$value = '' unless defined $value;
|
|
|
626
|
$value =~ s/^\s+|\s+$//g;
|
|
|
627
|
if ($value =~ /^"(.*)"$/) {
|
|
|
628
|
$value = $1;
|
|
|
629
|
$value =~ s/\\"/"/g;
|
|
|
630
|
$value =~ s/\\\\/\\/g;
|
|
|
631
|
}
|
|
|
632
|
return $value;
|
|
|
633
|
}
|
|
|
634
|
|
|
|
635
|
sub verify_totp {
|
|
|
636
|
my ($secret, $otp) = @_;
|
|
|
637
|
return 0 unless $secret && $otp =~ /^\d{6}$/;
|
|
|
638
|
my $key = eval { base32_decode($secret) };
|
|
|
639
|
return 0 if $@ || !length $key;
|
|
|
640
|
my $counter = int(time() / 30);
|
|
|
641
|
for my $offset (-1, 0, 1) {
|
|
|
642
|
return 1 if totp_code($key, $counter + $offset) eq $otp;
|
|
|
643
|
}
|
|
|
644
|
return 0;
|
|
|
645
|
}
|
|
|
646
|
|
|
|
647
|
sub totp_code {
|
|
|
648
|
my ($key, $counter) = @_;
|
|
|
649
|
my $msg = pack('NN', int($counter / 4294967296), $counter & 0xffffffff);
|
|
|
650
|
my $hash = hmac_sha1($msg, $key);
|
|
|
651
|
my $offset = ord(substr($hash, -1)) & 0x0f;
|
|
|
652
|
my $bin = unpack('N', substr($hash, $offset, 4)) & 0x7fffffff;
|
|
|
653
|
return sprintf('%06d', $bin % 1_000_000);
|
|
|
654
|
}
|
|
|
655
|
|
|
|
656
|
sub base32_decode {
|
|
|
657
|
my ($text) = @_;
|
|
|
658
|
$text = uc($text || '');
|
|
|
659
|
$text =~ s/[^A-Z2-7]//g;
|
|
|
660
|
my %map;
|
|
|
661
|
my @chars = ('A'..'Z', '2'..'7');
|
|
|
662
|
@map{@chars} = (0..31);
|
|
|
663
|
my ($bits, $value, $out) = (0, 0, '');
|
|
|
664
|
for my $char (split //, $text) {
|
|
|
665
|
die "Invalid base32\n" unless exists $map{$char};
|
|
|
666
|
$value = ($value << 5) | $map{$char};
|
|
|
667
|
$bits += 5;
|
|
|
668
|
while ($bits >= 8) {
|
|
|
669
|
$bits -= 8;
|
|
|
670
|
$out .= chr(($value >> $bits) & 0xff);
|
|
|
671
|
}
|
|
|
672
|
}
|
|
|
673
|
return $out;
|
|
|
674
|
}
|
|
|
675
|
|
|
|
676
|
sub create_session {
|
|
|
677
|
my $nonce = random_hex(24);
|
|
|
678
|
my $expires = int(time() + 8 * 3600);
|
|
|
679
|
my $sig = hmac_sha256_hex("$nonce:$expires", $session_secret);
|
|
|
680
|
my $token = "$nonce:$expires:$sig";
|
|
|
681
|
$sessions{$token} = $expires;
|
|
|
682
|
return $token;
|
|
|
683
|
}
|
|
|
684
|
|
|
|
685
|
sub is_authenticated {
|
|
|
686
|
my ($headers) = @_;
|
|
|
687
|
my $token = cookie_value($headers->{'cookie'} || '', 'hm_session');
|
|
|
688
|
return 0 unless $token;
|
|
|
689
|
my ($nonce, $expires, $sig) = split /:/, $token;
|
|
|
690
|
return 0 unless $nonce && $expires && $sig;
|
|
|
691
|
return 0 if $expires < time();
|
|
|
692
|
return 0 unless hmac_sha256_hex("$nonce:$expires", $session_secret) eq $sig;
|
|
|
693
|
return exists $sessions{$token};
|
|
|
694
|
}
|
|
|
695
|
|
|
|
696
|
sub expire_session {
|
|
|
697
|
my ($headers) = @_;
|
|
|
698
|
my $token = cookie_value($headers->{'cookie'} || '', 'hm_session');
|
|
|
699
|
delete $sessions{$token} if $token;
|
|
|
700
|
}
|
|
|
701
|
|
|
|
702
|
sub cookie_value {
|
|
|
703
|
my ($cookie, $name) = @_;
|
|
|
704
|
for my $part (split /;\s*/, $cookie) {
|
|
|
705
|
my ($k, $v) = split /=/, $part, 2;
|
|
|
706
|
return $v if defined $k && $k eq $name;
|
|
|
707
|
}
|
|
|
708
|
return '';
|
|
|
709
|
}
|
|
|
710
|
|
|
|
711
|
sub send_json {
|
|
|
712
|
my ($client, $status, $payload, $extra_headers) = @_;
|
|
|
713
|
return send_response($client, $status, json_encode($payload), 'application/json; charset=utf-8', $extra_headers);
|
|
|
714
|
}
|
|
|
715
|
|
|
|
716
|
sub send_html {
|
|
|
717
|
my ($client, $status, $html) = @_;
|
|
|
718
|
return send_response($client, $status, $html, 'text/html; charset=utf-8');
|
|
|
719
|
}
|
|
|
720
|
|
|
|
721
|
sub send_text {
|
|
|
722
|
my ($client, $status, $text) = @_;
|
|
|
723
|
return send_response($client, $status, $text, 'text/plain; charset=utf-8');
|
|
|
724
|
}
|
|
|
725
|
|
|
|
726
|
sub send_download {
|
|
|
727
|
my ($client, $status, $content, $type, $filename) = @_;
|
|
|
728
|
return send_response($client, $status, $content, $type, [ qq(Content-Disposition: attachment; filename="$filename") ]);
|
|
|
729
|
}
|
|
|
730
|
|
|
|
731
|
sub send_file {
|
|
|
732
|
my ($client, $path, $type, $filename) = @_;
|
|
|
733
|
return send_json($client, 404, { error => 'missing_file' }) unless -f $path;
|
|
|
734
|
return send_download($client, 200, read_file($path), $type, $filename);
|
|
|
735
|
}
|
|
|
736
|
|
|
|
737
|
sub send_response {
|
|
|
738
|
my ($client, $status, $body, $type, $extra_headers) = @_;
|
|
|
739
|
my %reason = (200 => 'OK', 400 => 'Bad Request', 401 => 'Unauthorized', 404 => 'Not Found', 500 => 'Internal Server Error', 503 => 'Service Unavailable');
|
|
|
740
|
$body = '' unless defined $body;
|
|
|
741
|
print $client "HTTP/1.1 $status " . ($reason{$status} || 'OK') . "\r\n";
|
|
|
742
|
print $client "Content-Type: $type\r\n";
|
|
|
743
|
print $client "Content-Length: " . length($body) . "\r\n";
|
|
|
744
|
print $client "Cache-Control: no-store\r\n";
|
|
|
745
|
print $client "$_\r\n" for @{ $extra_headers || [] };
|
|
|
746
|
print $client "Connection: close\r\n\r\n";
|
|
|
747
|
print $client $body;
|
|
|
748
|
}
|
|
|
749
|
|
|
|
750
|
sub read_file {
|
|
|
751
|
my ($path) = @_;
|
|
|
752
|
open my $fh, '<', $path or die "Cannot read $path: $!";
|
|
|
753
|
local $/;
|
|
|
754
|
return <$fh>;
|
|
|
755
|
}
|
|
|
756
|
|
|
|
757
|
sub write_file {
|
|
|
758
|
my ($path, $content) = @_;
|
|
|
759
|
open my $fh, '>', $path or die "Cannot write $path: $!";
|
|
|
760
|
print {$fh} $content;
|
|
|
761
|
close $fh or die "Cannot close $path: $!";
|
|
|
762
|
}
|
|
|
763
|
|
|
|
764
|
sub backup_file {
|
|
|
765
|
my ($path) = @_;
|
|
|
766
|
return unless -f $path;
|
|
|
767
|
my $backup_dir = "$project_dir/backups/host-manager";
|
|
|
768
|
make_path($backup_dir) unless -d $backup_dir;
|
|
|
769
|
my $name = $path;
|
|
|
770
|
$name =~ s{.*/}{};
|
|
|
771
|
my $stamp = strftime('%Y%m%d_%H%M%S', localtime);
|
|
|
772
|
write_file("$backup_dir/$name.$stamp.bak", read_file($path));
|
|
|
773
|
}
|
|
|
774
|
|
|
|
775
|
sub url_decode {
|
|
|
776
|
my ($value) = @_;
|
|
|
777
|
$value = '' unless defined $value;
|
|
|
778
|
$value =~ tr/+/ /;
|
|
|
779
|
$value =~ s/%([0-9A-Fa-f]{2})/chr(hex($1))/eg;
|
|
|
780
|
return $value;
|
|
|
781
|
}
|
|
|
782
|
|
|
|
783
|
sub random_hex {
|
|
|
784
|
my ($bytes) = @_;
|
|
|
785
|
if (open my $fh, '<:raw', '/dev/urandom') {
|
|
|
786
|
read($fh, my $raw, $bytes);
|
|
|
787
|
close $fh;
|
|
|
788
|
return unpack('H*', $raw);
|
|
|
789
|
}
|
|
|
790
|
return sha256_hex(rand() . time() . $$);
|
|
|
791
|
}
|
|
|
792
|
|
|
|
793
|
sub iso_now {
|
|
|
794
|
return strftime('%Y-%m-%dT%H:%M:%SZ', gmtime);
|
|
|
795
|
}
|
|
|
796
|
|
|
|
797
|
sub app_html {
|
|
|
798
|
return <<'HTML';
|
|
|
799
|
<!doctype html>
|
|
|
800
|
<html lang="ro">
|
|
|
801
|
<head>
|
|
|
802
|
<meta charset="utf-8">
|
|
|
803
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
|
804
|
<title>Host Manager</title>
|
|
|
805
|
<style>
|
|
|
806
|
:root {
|
|
|
807
|
color-scheme: light;
|
|
|
808
|
--ink: #152033;
|
|
|
809
|
--muted: #647084;
|
|
|
810
|
--line: #d8dee8;
|
|
|
811
|
--soft: #f4f6f9;
|
|
|
812
|
--panel: #ffffff;
|
|
|
813
|
--accent: #1267d8;
|
|
|
814
|
--bad: #b42318;
|
|
|
815
|
--warn: #946200;
|
|
|
816
|
--ok: #137333;
|
|
|
817
|
}
|
|
|
818
|
* { box-sizing: border-box; }
|
|
|
819
|
body { margin: 0; font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif; color: var(--ink); background: #eef2f6; font-size: 14px; }
|
|
|
820
|
header { display: flex; align-items: center; justify-content: space-between; gap: 16px; padding: 14px 18px; background: var(--panel); border-bottom: 1px solid var(--line); position: sticky; top: 0; z-index: 2; }
|
|
|
821
|
h1 { margin: 0; font-size: 18px; font-weight: 700; letter-spacing: 0; }
|
|
|
822
|
main { padding: 16px; display: grid; gap: 16px; max-width: 1280px; margin: 0 auto; }
|
|
|
823
|
.toolbar, .panel { background: var(--panel); border: 1px solid var(--line); border-radius: 8px; }
|
|
|
824
|
.toolbar { display: flex; flex-wrap: wrap; align-items: center; gap: 8px; padding: 10px; }
|
|
|
825
|
.panel { overflow: hidden; }
|
|
|
826
|
.panel-head { display: flex; justify-content: space-between; align-items: center; gap: 12px; padding: 12px 14px; border-bottom: 1px solid var(--line); background: #fafbfc; }
|
|
|
827
|
.panel-head h2 { margin: 0; font-size: 14px; }
|
|
|
828
|
.stats { display: flex; gap: 8px; flex-wrap: wrap; }
|
|
|
829
|
.stat { padding: 6px 8px; border: 1px solid var(--line); border-radius: 6px; background: var(--soft); font-size: 12px; color: var(--muted); }
|
|
|
830
|
button, input, select, textarea { font: inherit; }
|
|
|
831
|
button, .linkbtn { border: 1px solid var(--line); background: #fff; color: var(--ink); border-radius: 6px; padding: 7px 10px; min-height: 34px; cursor: pointer; text-decoration: none; display: inline-flex; align-items: center; gap: 6px; }
|
|
|
832
|
button.primary { background: var(--accent); border-color: var(--accent); color: #fff; }
|
|
|
833
|
button.danger { color: var(--bad); }
|
|
|
834
|
button:disabled { opacity: .55; cursor: not-allowed; }
|
|
|
835
|
input, select, textarea { width: 100%; border: 1px solid var(--line); border-radius: 6px; padding: 8px; background: #fff; color: var(--ink); }
|
|
|
836
|
textarea { min-height: 74px; resize: vertical; }
|
|
|
837
|
table { width: 100%; border-collapse: collapse; table-layout: fixed; }
|
|
|
838
|
th, td { padding: 9px 10px; border-bottom: 1px solid var(--line); text-align: left; vertical-align: top; overflow-wrap: anywhere; }
|
|
|
839
|
th { color: var(--muted); font-size: 12px; font-weight: 700; background: #fafbfc; }
|
|
|
840
|
tr:hover td { background: #f8fafc; }
|
|
|
841
|
.pill { display: inline-block; padding: 2px 6px; border-radius: 999px; background: var(--soft); border: 1px solid var(--line); color: var(--muted); font-size: 12px; margin: 0 4px 4px 0; }
|
|
|
842
|
.pill.ok { color: var(--ok); border-color: #b7dfc1; background: #edf8ef; }
|
|
|
843
|
.pill.warn { color: var(--warn); border-color: #f1d184; background: #fff7df; }
|
|
|
844
|
.pill.bad { color: var(--bad); border-color: #f0b8b3; background: #fff0ee; }
|
|
|
845
|
.grid { display: grid; grid-template-columns: repeat(2, minmax(0, 1fr)); gap: 10px; padding: 14px; }
|
|
|
846
|
.span2 { grid-column: 1 / -1; }
|
|
|
847
|
label { display: grid; gap: 5px; color: var(--muted); font-size: 12px; font-weight: 650; }
|
|
|
848
|
.auth { display: flex; gap: 8px; align-items: center; }
|
|
|
849
|
.auth input { width: 130px; }
|
|
|
850
|
.muted { color: var(--muted); }
|
|
|
851
|
.problems { padding: 10px 14px; display: grid; gap: 8px; }
|
|
|
852
|
.problem { border-left: 3px solid var(--warn); padding: 7px 9px; background: #fffaf0; }
|
|
|
853
|
@media (max-width: 760px) {
|
|
|
854
|
header { align-items: stretch; flex-direction: column; }
|
|
|
855
|
.grid { grid-template-columns: 1fr; }
|
|
|
856
|
table { min-width: 760px; }
|
|
|
857
|
.table-wrap { overflow-x: auto; }
|
|
|
858
|
}
|
|
|
859
|
</style>
|
|
|
860
|
</head>
|
|
|
861
|
<body>
|
|
|
862
|
<header>
|
|
|
863
|
<h1>Host Manager</h1>
|
|
|
864
|
<form class="auth" id="login-form">
|
|
|
865
|
<span id="auth-state" class="muted">read-only</span>
|
|
|
866
|
<input id="otp" name="otp" inputmode="numeric" pattern="[0-9]*" autocomplete="one-time-code" placeholder="OTP">
|
|
|
867
|
<button class="primary" type="submit">Login</button>
|
|
|
868
|
<button type="button" id="logout">Logout</button>
|
|
|
869
|
</form>
|
|
|
870
|
</header>
|
|
|
871
|
<main>
|
|
|
872
|
<section class="toolbar">
|
|
|
873
|
<button id="refresh">Refresh</button>
|
|
|
874
|
<a class="linkbtn" href="/download/hosts.yaml">hosts.yaml</a>
|
|
|
875
|
<a class="linkbtn" href="/download/local-hosts.tsv">local-hosts.tsv</a>
|
|
|
876
|
<a class="linkbtn" href="/download/monitoring.json">monitoring.json</a>
|
|
|
877
|
<button id="write-tsv">Write local-hosts.tsv</button>
|
|
|
878
|
<span id="message" class="muted"></span>
|
|
|
879
|
</section>
|
|
|
880
|
|
|
|
881
|
<section class="panel">
|
|
|
882
|
<div class="panel-head">
|
|
|
883
|
<h2>Overview</h2>
|
|
|
884
|
<div class="stats" id="stats"></div>
|
|
|
885
|
</div>
|
|
|
886
|
<div class="problems" id="problems"></div>
|
|
|
887
|
</section>
|
|
|
888
|
|
|
|
889
|
<section class="panel">
|
|
|
890
|
<div class="panel-head">
|
|
|
891
|
<h2>Hosts</h2>
|
|
|
892
|
<input id="filter" placeholder="filter" style="max-width: 240px">
|
|
|
893
|
</div>
|
|
|
894
|
<div class="table-wrap">
|
|
|
895
|
<table>
|
|
|
896
|
<thead>
|
|
|
897
|
<tr>
|
|
|
898
|
<th style="width: 120px">ID</th>
|
|
|
899
|
<th style="width: 130px">hosts_ip</th>
|
|
|
900
|
<th style="width: 130px">dns_ip</th>
|
|
|
901
|
<th>Names</th>
|
|
|
902
|
<th style="width: 150px">Roles</th>
|
|
|
903
|
<th style="width: 110px">Monitoring</th>
|
|
|
904
|
<th style="width: 90px">Status</th>
|
|
|
905
|
</tr>
|
|
|
906
|
</thead>
|
|
|
907
|
<tbody id="hosts"></tbody>
|
|
|
908
|
</table>
|
|
|
909
|
</div>
|
|
|
910
|
</section>
|
|
|
911
|
|
|
|
912
|
<section class="panel">
|
|
|
913
|
<div class="panel-head">
|
|
|
914
|
<h2>Edit host</h2>
|
|
|
915
|
<span class="muted">write access requires OTP</span>
|
|
|
916
|
</div>
|
|
|
917
|
<form id="host-form" class="grid">
|
|
|
918
|
<label>ID<input name="id" required></label>
|
|
|
919
|
<label>Status<select name="status"><option>active</option><option>planned</option><option>retired</option></select></label>
|
|
|
920
|
<label>hosts_ip<input name="hosts_ip" required></label>
|
|
|
921
|
<label>dns_ip<input name="dns_ip" required></label>
|
|
|
922
|
<label class="span2">Names<textarea name="names" required></textarea></label>
|
|
|
923
|
<label>Roles<input name="roles"></label>
|
|
|
924
|
<label>Sources<input name="sources"></label>
|
|
|
925
|
<label>Monitoring<select name="monitoring"><option>pending</option><option>enabled</option><option>disabled</option></select></label>
|
|
|
926
|
<label>Notes<input name="notes"></label>
|
|
|
927
|
<div class="span2">
|
|
|
928
|
<button class="primary" type="submit">Save host</button>
|
|
|
929
|
<button class="danger" type="button" id="delete-host">Delete host</button>
|
|
|
930
|
</div>
|
|
|
931
|
</form>
|
|
|
932
|
</section>
|
|
|
933
|
</main>
|
|
|
934
|
<script>
|
|
|
935
|
let state = { hosts: [], problems: [], authenticated: false };
|
|
|
936
|
|
|
|
937
|
const $ = (id) => document.getElementById(id);
|
|
|
938
|
const msg = (text) => { $('message').textContent = text || ''; };
|
|
|
939
|
|
|
|
940
|
async function api(path, options = {}) {
|
|
|
941
|
const res = await fetch(path, options);
|
|
|
942
|
const body = await res.json();
|
|
|
943
|
if (!res.ok) throw new Error(body.error || res.statusText);
|
|
|
944
|
return body;
|
|
|
945
|
}
|
|
|
946
|
|
|
|
947
|
async function refresh() {
|
|
|
948
|
const session = await api('/api/session');
|
|
|
949
|
state.authenticated = session.authenticated;
|
|
|
950
|
$('auth-state').textContent = state.authenticated ? 'authenticated' : 'read-only';
|
|
|
951
|
const data = await api('/api/hosts');
|
|
|
952
|
state.hosts = data.hosts || [];
|
|
|
953
|
state.problems = data.problems || [];
|
|
|
954
|
render(data);
|
|
|
955
|
}
|
|
|
956
|
|
|
|
957
|
function render(data) {
|
|
|
958
|
$('stats').innerHTML = [
|
|
|
959
|
['hosts', data.counts.hosts],
|
|
|
960
|
['problems', data.counts.problems],
|
|
|
961
|
['updated', data.updated_at || 'unknown']
|
|
|
962
|
].map(([k, v]) => `<span class="stat">${k}: ${escapeHtml(String(v))}</span>`).join('');
|
|
|
963
|
|
|
|
964
|
$('problems').innerHTML = state.problems.length
|
|
|
965
|
? state.problems.map(p => `<div class="problem"><strong>${escapeHtml(p.host_id)}</strong> ${escapeHtml(p.code)}: ${escapeHtml(p.message)}</div>`).join('')
|
|
|
966
|
: '<div class="muted" style="padding: 8px 0">No registry problems detected.</div>';
|
|
|
967
|
|
|
|
968
|
renderHosts();
|
|
|
969
|
}
|
|
|
970
|
|
|
|
971
|
function renderHosts() {
|
|
|
972
|
const filter = $('filter').value.toLowerCase();
|
|
|
973
|
$('hosts').innerHTML = state.hosts
|
|
|
974
|
.filter(h => JSON.stringify(h).toLowerCase().includes(filter))
|
|
|
975
|
.map(h => {
|
|
|
976
|
const problems = state.problems.filter(p => p.host_id === h.id);
|
|
|
977
|
const cls = problems.length ? 'warn' : 'ok';
|
|
|
978
|
return `<tr data-id="${escapeHtml(h.id)}">
|
|
|
979
|
<td><button type="button" data-edit="${escapeHtml(h.id)}">${escapeHtml(h.id)}</button></td>
|
|
|
980
|
<td>${escapeHtml(h.hosts_ip || '')}</td>
|
|
|
981
|
<td>${escapeHtml(h.dns_ip || '')}</td>
|
|
|
982
|
<td>${(h.names || []).map(n => `<span class="pill">${escapeHtml(n)}</span>`).join('')}</td>
|
|
|
983
|
<td>${(h.roles || []).map(n => `<span class="pill">${escapeHtml(n)}</span>`).join('')}</td>
|
|
|
984
|
<td><span class="pill ${cls}">${escapeHtml(h.monitoring || '')}</span></td>
|
|
|
985
|
<td>${escapeHtml(h.status || '')}</td>
|
|
|
986
|
</tr>`;
|
|
|
987
|
}).join('');
|
|
|
988
|
document.querySelectorAll('[data-edit]').forEach(button => button.addEventListener('click', () => editHost(button.dataset.edit)));
|
|
|
989
|
}
|
|
|
990
|
|
|
|
991
|
function editHost(id) {
|
|
|
992
|
const host = state.hosts.find(h => h.id === id);
|
|
|
993
|
if (!host) return;
|
|
|
994
|
const form = $('host-form');
|
|
|
995
|
for (const key of ['id', 'status', 'hosts_ip', 'dns_ip', 'monitoring', 'notes']) form.elements[key].value = host[key] || '';
|
|
|
996
|
form.elements.names.value = (host.names || []).join('\n');
|
|
|
997
|
form.elements.roles.value = (host.roles || []).join(' ');
|
|
|
998
|
form.elements.sources.value = (host.sources || []).join(' ');
|
|
|
999
|
window.scrollTo({ top: document.body.scrollHeight, behavior: 'smooth' });
|
|
|
1000
|
}
|
|
|
1001
|
|
|
|
1002
|
function formObject(form) {
|
|
|
1003
|
return Object.fromEntries(new FormData(form).entries());
|
|
|
1004
|
}
|
|
|
1005
|
|
|
|
1006
|
function escapeHtml(value) {
|
|
|
1007
|
return value.replace(/[&<>"']/g, ch => ({'&':'&','<':'<','>':'>','"':'"',"'":'''}[ch]));
|
|
|
1008
|
}
|
|
|
1009
|
|
|
|
1010
|
$('refresh').addEventListener('click', () => refresh().catch(e => msg(e.message)));
|
|
|
1011
|
$('filter').addEventListener('input', renderHosts);
|
|
|
1012
|
|
|
|
1013
|
$('login-form').addEventListener('submit', async (event) => {
|
|
|
1014
|
event.preventDefault();
|
|
|
1015
|
try {
|
|
|
1016
|
await api('/api/login', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ otp: $('otp').value }) });
|
|
|
1017
|
$('otp').value = '';
|
|
|
1018
|
msg('authenticated');
|
|
|
1019
|
await refresh();
|
|
|
1020
|
} catch (e) { msg(e.message); }
|
|
|
1021
|
});
|
|
|
1022
|
|
|
|
1023
|
$('logout').addEventListener('click', async () => {
|
|
|
1024
|
await api('/api/logout', { method: 'POST' }).catch(() => {});
|
|
|
1025
|
msg('logged out');
|
|
|
1026
|
await refresh();
|
|
|
1027
|
});
|
|
|
1028
|
|
|
|
1029
|
$('host-form').addEventListener('submit', async (event) => {
|
|
|
1030
|
event.preventDefault();
|
|
|
1031
|
try {
|
|
|
1032
|
await api('/api/hosts/upsert', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify(formObject(event.target)) });
|
|
|
1033
|
msg('host saved');
|
|
|
1034
|
await refresh();
|
|
|
1035
|
} catch (e) { msg(e.message); }
|
|
|
1036
|
});
|
|
|
1037
|
|
|
|
1038
|
$('delete-host').addEventListener('click', async () => {
|
|
|
1039
|
const id = $('host-form').elements.id.value;
|
|
|
1040
|
if (!id || !confirm(`Delete ${id}?`)) return;
|
|
|
1041
|
try {
|
|
|
1042
|
await api('/api/hosts/delete', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ id }) });
|
|
|
1043
|
$('host-form').reset();
|
|
|
1044
|
msg('host deleted');
|
|
|
1045
|
await refresh();
|
|
|
1046
|
} catch (e) { msg(e.message); }
|
|
|
1047
|
});
|
|
|
1048
|
|
|
|
1049
|
$('write-tsv').addEventListener('click', async () => {
|
|
|
1050
|
if (!confirm('Write config/local-hosts.tsv from hosts.yaml?')) return;
|
|
|
1051
|
try {
|
|
|
1052
|
await api('/api/render/local-hosts-tsv', { method: 'POST' });
|
|
|
1053
|
msg('local-hosts.tsv written');
|
|
|
1054
|
} catch (e) { msg(e.message); }
|
|
|
1055
|
});
|
|
|
1056
|
|
|
|
1057
|
refresh().catch(e => msg(e.message));
|
|
|
1058
|
</script>
|
|
|
1059
|
</body>
|
|
|
1060
|
</html>
|
|
|
1061
|
HTML
|
|
|
1062
|
}
|