From 3908080a0382b980d46c055371dbca765a5ee955 Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Wed, 21 Jan 2026 10:28:09 +0100 Subject: [PATCH] feat(secubox-app-webapp): Add SecuBox Dashboard web application Single-page dashboard for SecuBox/OpenWrt with: - Native OpenWrt authentication via rpcd/ubus - Real-time system monitoring (CPU, RAM, Disk, Network) - CrowdSec security integration - Service management - Network interface control Access via: http:///secubox-dashboard/ Co-Authored-By: Claude Opus 4.5 --- package/secubox/secubox-app-webapp/Makefile | 72 + .../files/etc/config/secubox-webapp | 9 + .../files/usr/sbin/secubox-webapp-setup | 167 + .../share/rpcd/acl.d/secubox-dashboard.json | 35 + .../files/www/secubox-dashboard/index.html | 3022 +++++++++++++++++ 5 files changed, 3305 insertions(+) create mode 100644 package/secubox/secubox-app-webapp/Makefile create mode 100644 package/secubox/secubox-app-webapp/files/etc/config/secubox-webapp create mode 100644 package/secubox/secubox-app-webapp/files/usr/sbin/secubox-webapp-setup create mode 100644 package/secubox/secubox-app-webapp/files/usr/share/rpcd/acl.d/secubox-dashboard.json create mode 100644 package/secubox/secubox-app-webapp/files/www/secubox-dashboard/index.html diff --git a/package/secubox/secubox-app-webapp/Makefile b/package/secubox/secubox-app-webapp/Makefile new file mode 100644 index 00000000..b7f2a463 --- /dev/null +++ b/package/secubox/secubox-app-webapp/Makefile @@ -0,0 +1,72 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=secubox-app-webapp +PKG_VERSION:=1.0.0 +PKG_RELEASE:=1 +PKG_LICENSE:=MIT +PKG_MAINTAINER:=CyberMind.FR + +include $(INCLUDE_DIR)/package.mk + +define Package/secubox-app-webapp + SECTION:=secubox + CATEGORY:=SecuBox + TITLE:=SecuBox Dashboard Web Application + DEPENDS:=+uhttpd +uhttpd-mod-ubus +rpcd +rpcd-mod-file + PKGARCH:=all +endef + +define Package/secubox-app-webapp/description + SecuBox Control Center Dashboard - A web-based dashboard for monitoring + and managing SecuBox/OpenWrt systems. Features include: + - Native OpenWrt authentication via rpcd/ubus + - Real-time system monitoring (CPU, RAM, Disk, Network) + - CrowdSec security integration + - Service management + - Network interface control +endef + +define Package/secubox-app-webapp/conffiles +/etc/config/secubox-webapp +endef + +define Build/Compile +endef + +define Package/secubox-app-webapp/install + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/etc/config/secubox-webapp $(1)/etc/config/secubox-webapp + + $(INSTALL_DIR) $(1)/www/secubox-dashboard + $(INSTALL_DATA) ./files/www/secubox-dashboard/index.html $(1)/www/secubox-dashboard/index.html + + $(INSTALL_DIR) $(1)/usr/share/rpcd/acl.d + $(INSTALL_DATA) ./files/usr/share/rpcd/acl.d/secubox-dashboard.json $(1)/usr/share/rpcd/acl.d/secubox-dashboard.json + + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) ./files/usr/sbin/secubox-webapp-setup $(1)/usr/sbin/secubox-webapp-setup +endef + +define Package/secubox-app-webapp/postinst +#!/bin/sh +[ -n "$${IPKG_INSTROOT}" ] && exit 0 + +# Enable ubus in uhttpd if not already +if ! uci -q get uhttpd.main.ubus_prefix >/dev/null; then + uci set uhttpd.main.ubus_prefix='/ubus' +fi + +# Enable CORS for external access +uci set uhttpd.main.ubus_cors='1' +uci commit uhttpd + +# Restart services +/etc/init.d/rpcd restart +/etc/init.d/uhttpd restart + +echo "SecuBox Dashboard installed at /www/secubox-dashboard/" +echo "Access via: http:///secubox-dashboard/" +exit 0 +endef + +$(eval $(call BuildPackage,secubox-app-webapp)) diff --git a/package/secubox/secubox-app-webapp/files/etc/config/secubox-webapp b/package/secubox/secubox-app-webapp/files/etc/config/secubox-webapp new file mode 100644 index 00000000..60939056 --- /dev/null +++ b/package/secubox/secubox-app-webapp/files/etc/config/secubox-webapp @@ -0,0 +1,9 @@ +config webapp 'main' + option enabled '1' + option title 'SecuBox Control Center' + option refresh_interval '10' + option session_timeout '3600' + +config access 'cors' + option enabled '1' + option allow_origin '*' diff --git a/package/secubox/secubox-app-webapp/files/usr/sbin/secubox-webapp-setup b/package/secubox/secubox-app-webapp/files/usr/sbin/secubox-webapp-setup new file mode 100644 index 00000000..51c6779e --- /dev/null +++ b/package/secubox/secubox-app-webapp/files/usr/sbin/secubox-webapp-setup @@ -0,0 +1,167 @@ +#!/bin/sh +# +# SecuBox Dashboard - Configuration utility +# Copyright (C) 2025-2026 CyberMind.FR +# + +CONFIG="secubox-webapp" + +usage() { + cat <<'EOF' +Usage: secubox-webapp-setup + +Commands: + status Show dashboard configuration status + enable Enable CORS and ubus access + disable Disable CORS access + check Check rpcd/uhttpd configuration + info Show access URLs + +Dashboard URL: http:///secubox-dashboard/ +EOF +} + +log_info() { echo "[INFO] $*"; } +log_warn() { echo "[WARN] $*" >&2; } +log_error() { echo "[ERROR] $*" >&2; } + +cmd_status() { + echo "=== SecuBox Dashboard Status ===" + echo "" + + # Check uhttpd ubus + local ubus_prefix=$(uci -q get uhttpd.main.ubus_prefix) + local ubus_cors=$(uci -q get uhttpd.main.ubus_cors) + + if [ -n "$ubus_prefix" ]; then + echo "UBUS endpoint: $ubus_prefix (enabled)" + else + echo "UBUS endpoint: not configured" + fi + + if [ "$ubus_cors" = "1" ]; then + echo "CORS: enabled" + else + echo "CORS: disabled" + fi + + # Check rpcd + if /etc/init.d/rpcd status >/dev/null 2>&1; then + echo "rpcd: running" + else + echo "rpcd: not running" + fi + + # Check ACL + if [ -f /usr/share/rpcd/acl.d/secubox-dashboard.json ]; then + echo "ACL: installed" + else + echo "ACL: not found" + fi + + # Check dashboard files + if [ -f /www/secubox-dashboard/index.html ]; then + echo "Dashboard: installed" + else + echo "Dashboard: not found" + fi + + echo "" + echo "=== Access URL ===" + local lan_ip=$(uci -q get network.lan.ipaddr || echo "192.168.1.1") + echo "http://$lan_ip/secubox-dashboard/" +} + +cmd_enable() { + log_info "Enabling SecuBox Dashboard access..." + + # Configure uhttpd + uci set uhttpd.main.ubus_prefix='/ubus' + uci set uhttpd.main.ubus_cors='1' + uci commit uhttpd + + # Restart services + /etc/init.d/rpcd restart + /etc/init.d/uhttpd restart + + log_info "Dashboard access enabled" +} + +cmd_disable() { + log_info "Disabling CORS access..." + + uci set uhttpd.main.ubus_cors='0' + uci commit uhttpd + /etc/init.d/uhttpd restart + + log_info "CORS disabled (local access still works)" +} + +cmd_check() { + echo "=== Configuration Check ===" + echo "" + + # Check packages + echo "Packages:" + for pkg in uhttpd uhttpd-mod-ubus rpcd rpcd-mod-file; do + if opkg list-installed | grep -q "^$pkg "; then + echo " ✓ $pkg" + else + echo " ✗ $pkg (missing)" + fi + done + + echo "" + echo "Services:" + + if /etc/init.d/uhttpd status >/dev/null 2>&1; then + echo " ✓ uhttpd running" + else + echo " ✗ uhttpd not running" + fi + + if /etc/init.d/rpcd status >/dev/null 2>&1; then + echo " ✓ rpcd running" + else + echo " ✗ rpcd not running" + fi + + echo "" + echo "UBUS test:" + if command -v curl >/dev/null 2>&1; then + local result=$(curl -s -X POST http://127.0.0.1/ubus -d '{"jsonrpc":"2.0","id":1,"method":"list"}' 2>/dev/null) + if echo "$result" | grep -q "jsonrpc"; then + echo " ✓ UBUS responding" + else + echo " ✗ UBUS not responding" + fi + else + echo " ? curl not available for test" + fi +} + +cmd_info() { + local lan_ip=$(uci -q get network.lan.ipaddr || echo "192.168.1.1") + + echo "╔════════════════════════════════════════════════════════════╗" + echo "║ SecuBox Dashboard - Access Information ║" + echo "╠════════════════════════════════════════════════════════════╣" + echo "║ ║" + printf "║ Dashboard: %-46s ║\n" "http://$lan_ip/secubox-dashboard/" + printf "║ UBUS API: %-46s ║\n" "http://$lan_ip/ubus" + echo "║ ║" + echo "║ Login: Use OpenWrt root credentials ║" + echo "║ ║" + echo "╚════════════════════════════════════════════════════════════╝" +} + +# Main +case "${1:-}" in + status) cmd_status ;; + enable) cmd_enable ;; + disable) cmd_disable ;; + check) cmd_check ;; + info) cmd_info ;; + help|--help|-h|'') usage ;; + *) echo "Unknown command: $1" >&2; usage >&2; exit 1 ;; +esac diff --git a/package/secubox/secubox-app-webapp/files/usr/share/rpcd/acl.d/secubox-dashboard.json b/package/secubox/secubox-app-webapp/files/usr/share/rpcd/acl.d/secubox-dashboard.json new file mode 100644 index 00000000..6252f4db --- /dev/null +++ b/package/secubox/secubox-app-webapp/files/usr/share/rpcd/acl.d/secubox-dashboard.json @@ -0,0 +1,35 @@ +{ + "secubox-dashboard": { + "description": "SecuBox Dashboard full access", + "read": { + "ubus": { + "session": ["access", "get", "list"], + "system": ["board", "info"], + "network": ["get_proto_handlers"], + "network.interface": ["dump", "status"], + "network.device": ["status"], + "network.wireless": ["status"], + "service": ["list"], + "file": ["list", "read", "stat", "exec"], + "luci": ["getLocaltime", "getTimezones", "getInitList", "getRealtimeStats"], + "luci-rpc": ["getBoardJSON", "getNetworkDevices", "getDHCPLeases"] + }, + "file": { + "/etc/crowdsec/*": ["read"], + "/var/log/*": ["read"], + "/tmp/*": ["read"] + } + }, + "write": { + "ubus": { + "file": ["exec"], + "service": ["signal", "delete"], + "system": ["reboot"], + "network.interface": ["up", "down", "renew"] + }, + "file": { + "/tmp/*": ["write"] + } + } + } +} diff --git a/package/secubox/secubox-app-webapp/files/www/secubox-dashboard/index.html b/package/secubox/secubox-app-webapp/files/www/secubox-dashboard/index.html new file mode 100644 index 00000000..028b8a21 --- /dev/null +++ b/package/secubox/secubox-app-webapp/files/www/secubox-dashboard/index.html @@ -0,0 +1,3022 @@ + + + + + + SecuBox Control Center - CyberMind.FR + + + + + + + + + + + + + +
+
+
+ + +
+ + + + + +
+ + + + +
+ + +
+ +
+
+
+ +
+

Tableau de Bord

+
+ + --:--:-- +
+
+
+ +
+
+ + Connecté +
+ + +
+
+
+ + +
+ +
+
+
+ Décisions CrowdSec +
+ +
+
+
--
+
actives
+
+ +
+
+ Alertes +
+ +
+
+
--
+
dernières 24h
+
+ +
+
+ Connexions +
+ +
+
+
--
+
actives
+
+ +
+
+ Uptime +
+ +
+
+
--
+
--
+
+
+ + +
+ +
+
+
+ + Ressources Système +
+
+ Load: -- +
+
+
+
+
+
+ + + + +
+ -- + % +
+
+ CPU +
+ +
+
+ + + + +
+ -- + % +
+
+ RAM +
+ +
+
+ + + + +
+ -- + % +
+
+ Disque +
+ +
+
+
+ + -- + KB/s +
+
+ + -- + KB/s +
+
+ Réseau +
+
+
+
+ + +
+
+
+ + CrowdSec +
+
+ + Actif +
+
+
+
+ +
+ +
+
+
--
+
Parsers
+
+
+
--
+
Scénarios
+
+
+
+
+
+ + +
+ +
+
+
+ + Journaux Système +
+
+ + Live +
+
+
+
+ +
+
+
+ + +
+
+
+ + Interfaces Réseau +
+
+
+ + + + + + + + + + + +
InterfaceIPÉtat
+
+
+
+ + +
+
+
+ + Actions Rapides +
+
+
+
+ + + + + + +
+
+
+ + +
+

+ SecuBox Control Center v2.0 • Propulsé par + CrowdSec + + OpenWrt + + LuCI +

+

© 2025 CyberMind.FR - Gandalf

+
+
+
+ + + +
+ + + + + + + + + +