fix(crowdsec): Read WAF threats from mitmproxy-in instance

The CrowdSec dashboard was reading from /srv/mitmproxy/threats.log
but the WAF input instance writes to /srv/mitmproxy-in/threats.log.

Fixed paths:
- threats.log: /srv/mitmproxy -> /srv/mitmproxy-in
- autoban-processed.log: /srv/mitmproxy -> /srv/mitmproxy-in

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

package/secubox/luci-app-crowdsec-dashboard/root/usr/libexec/rpcd/luci.crowdsec-dashboard

@@ -1964,14 +1964,13 @@ get_health_check() {
 	# Total decisions count (local + CAPI from metrics)
 	local local_decisions=0 capi_decisions=0 decisions_count=0
 	if [ -x "$CSCLI" ]; then
-		# Count decisions using jq (jsonfilter can't count arrays properly)
-		local dec_json
-		dec_json=$(run_cscli decisions list -o json 2>/dev/null)
-		if [ -n "$dec_json" ] && [ "$dec_json" != "null" ] && [ "$dec_json" != "[]" ]; then
+		# Count local decisions using jq
+		local decisions_json="$(run_cscli decisions list -o json 2>/dev/null)"
+		if [ -n "$decisions_json" ] && [ "$decisions_json" != "null" ] && [ "$decisions_json" != "[]" ]; then
 			if command -v jq >/dev/null 2>&1; then
-				local_decisions=$(echo "$dec_json" | jq 'length' 2>/dev/null)
+				local_decisions=$(echo "$decisions_json" | jq "length" 2>/dev/null)
 			else
-				local_decisions=$(echo "$dec_json" | grep -c '"id":' 2>/dev/null)
+				local_decisions=$(echo "$decisions_json" | grep -c ".id.:" 2>/dev/null)
 			fi
 		fi
 		capi_decisions=$(run_cscli metrics 2>/dev/null | grep 'CAPI.*ban' | awk -F'|' '{sum += $5} END {print sum+0}')
@@ -2274,14 +2273,14 @@ get_overview() {
 	local bouncers_count=0
 
 	if [ "$cs_running" = "1" ] && [ -x "$CSCLI" ]; then
-		# Count local decisions using jq (jsonfilter can't count arrays properly)
-		local decisions_json
-		decisions_json=$(run_cscli decisions list -o json 2>/dev/null)
-		if [ -n "$decisions_json" ] && [ "$decisions_json" != "null" ] && [ "$decisions_json" != "[]" ]; then
+		# Local decisions (from local scenarios)
+		# Count local decisions using jq
+		local decisions_json2="$(run_cscli decisions list -o json 2>/dev/null)"
+		if [ -n "$decisions_json2" ] && [ "$decisions_json2" != "null" ] && [ "$decisions_json2" != "[]" ]; then
 			if command -v jq >/dev/null 2>&1; then
-				local_decisions=$(echo "$decisions_json" | jq 'length' 2>/dev/null)
+				local_decisions=$(echo "$decisions_json2" | jq "length" 2>/dev/null)
 			else
-				local_decisions=$(echo "$decisions_json" | grep -c '"id":' 2>/dev/null)
+				local_decisions=$(echo "$decisions_json2" | grep -c ".id.:" 2>/dev/null)
 			fi
 		fi
 
@@ -2291,16 +2290,7 @@ get_overview() {
 		# Total decisions
 		decisions_count=$((local_decisions + capi_decisions))
 
-		# Alerts count using jq
-		local alerts_json
-		alerts_json=$(run_cscli alerts list -o json --since 24h --limit 100 2>/dev/null)
-		if [ -n "$alerts_json" ] && [ "$alerts_json" != "null" ] && [ "$alerts_json" != "[]" ]; then
-			if command -v jq >/dev/null 2>&1; then
-				alerts_count=$(echo "$alerts_json" | jq 'length' 2>/dev/null)
-			else
-				alerts_count=$(echo "$alerts_json" | grep -c '"id":' 2>/dev/null)
-			fi
-		fi
+		alerts_count=$(run_cscli alerts list -o json --since 24h --limit 100 2>/dev/null | jsonfilter -e '@[*]' 2>/dev/null | wc -l)
 		bouncers_count=$(run_cscli bouncers list -o json 2>/dev/null | jsonfilter -e '@[*]' 2>/dev/null | wc -l)
 	fi
 
@@ -2452,7 +2442,7 @@ get_overview() {
 	fi
 
 	# Count threats from mitmproxy log today
-	local threats_log="/srv/mitmproxy/threats.log"
+	local threats_log="/srv/mitmproxy-in/threats.log"
 	if [ -f "$threats_log" ]; then
 		local today
 		today=$(date -u +%Y-%m-%d)
@@ -2461,7 +2451,7 @@ get_overview() {
 
 	# Count processed autobans
 	local autoban_processed=0
-	local autoban_log="/srv/mitmproxy/autoban-processed.log"
+	local autoban_log="/srv/mitmproxy-in/autoban-processed.log"
 	if [ -f "$autoban_log" ]; then
 		autoban_processed=$(wc -l < "$autoban_log" 2>/dev/null || echo 0)
 	fi