#!/bin/sh # RPCD handler for Routes Status dashboard # Shows HAProxy vhosts and mitmproxy route configuration status # Optimized: direct JSON output (avoids jshn overhead for large arrays) MITMPROXY_ROUTES="/srv/mitmproxy/haproxy-routes.json" MITMPROXY_IN_ROUTES="/srv/mitmproxy-in/haproxy-routes.json" HAPROXY_CERTS="/srv/haproxy/certs" # Get host LAN IP for route configuration get_host_ip() { uci -q get network.lan.ipaddr || echo "192.168.255.1" } # Main status method - returns all vhosts method_status() { local haproxy_running=$(pgrep haproxy >/dev/null 2>&1 && echo "true" || echo "false") local mitmproxy_running=$(pgrep -f mitmproxy >/dev/null 2>&1 && echo "true" || echo "false") local host_ip=$(get_host_ip) # Cache route files for fast lookups local routes_out="" local routes_in="" [ -f "$MITMPROXY_ROUTES" ] && routes_out=$(cat "$MITMPROXY_ROUTES" 2>/dev/null) [ -f "$MITMPROXY_IN_ROUTES" ] && routes_in=$(cat "$MITMPROXY_IN_ROUTES" 2>/dev/null) # Get vhosts local vhosts="" if command -v haproxyctl >/dev/null 2>&1; then vhosts=$(haproxyctl vhost list 2>/dev/null | tail -n +3) fi local total=$(echo "$vhosts" | grep -c . 2>/dev/null || echo 0) # Build JSON output directly (faster than jshn for large arrays) printf '{"haproxy_running":%s,"mitmproxy_running":%s,"host_ip":"%s","total":%s,"vhosts":[' \ "$haproxy_running" "$mitmproxy_running" "$host_ip" "$total" local first=1 echo "$vhosts" | while IFS= read -r line; do [ -z "$line" ] && continue # Parse line: " domain.com -> backend_name [enabled] SSL ..." local domain=$(echo "$line" | awk '{print $1}') local backend=$(echo "$line" | awk '{print $3}') local enabled=$(echo "$line" | grep -qF '[enabled]' && echo "true" || echo "false") [ -z "$domain" ] && continue # Check routes using cached content local has_route_out=$(echo "$routes_out" | grep -q "$domain" && echo "true" || echo "false") local has_route_in=$(echo "$routes_in" | grep -q "$domain" && echo "true" || echo "false") # Check SSL cert local ssl_status="missing" [ -f "$HAPROXY_CERTS/${domain}.pem" ] && ssl_status="valid" # WAF bypass check local waf_bypass=$([ "$backend" != "mitmproxy_inspector" ] && echo "true" || echo "false") # Output JSON object [ "$first" = "1" ] && first=0 || printf "," printf '{"domain":"%s","backend":"%s","active":%s,"ssl_status":"%s","has_route_out":%s,"has_route_in":%s,"waf_bypass":%s}' \ "$domain" "$backend" "$enabled" "$ssl_status" "$has_route_out" "$has_route_in" "$waf_bypass" done printf "]}" } # Sync routes from HAProxy backends to mitmproxy method_sync_routes() { if [ -x /usr/sbin/mitmproxyctl ]; then local result=$(/usr/sbin/mitmproxyctl sync-routes 2>&1) printf '{"success":true,"output":"%s"}' "$(echo "$result" | sed 's/"/\\"/g' | tr '\n' ' ')" else printf '{"success":false,"error":"mitmproxyctl not found"}' fi } # Add a missing route for a domain method_add_route() { read -r input local domain=$(echo "$input" | jsonfilter -e '@.domain' 2>/dev/null) local port=$(echo "$input" | jsonfilter -e '@.port' 2>/dev/null) if [ -z "$domain" ] || [ -z "$port" ]; then printf '{"success":false,"error":"Missing domain or port parameter"}' return fi local host_ip=$(get_host_ip) # Add route to both mitmproxy route files for routes_file in "$MITMPROXY_ROUTES" "$MITMPROXY_IN_ROUTES"; do if [ -f "$routes_file" ]; then local tmpfile=$(mktemp) sed "s/}$/,\"$domain\":[\"$host_ip\",$port]}/" "$routes_file" > "$tmpfile" mv "$tmpfile" "$routes_file" fi done # Restart mitmproxy to apply changes /etc/init.d/mitmproxy restart >/dev/null 2>&1 printf '{"success":true}' } # List available methods list_methods() { printf '{"status":{},"sync_routes":{},"add_route":{"domain":"string","port":0}}' } case "$1" in list) list_methods ;; call) case "$2" in status) method_status ;; sync_routes) method_sync_routes ;; add_route) method_add_route ;; *) printf '{"error":"Unknown method"}' ;; esac ;; *) printf '{"error":"Unknown action"}' ;; esac