gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
fd54253f66
secubox-openwrt/package/secubox/luci-app-routes-status/root/usr/libexec/rpcd/luci.routes-status
CyberMind-FR ee49126530 fix(routes-status): RPCD handler timeout for large vhost lists 
- Root cause: jshn overhead + subshell issues with piped while loops
- Solution: Direct JSON output with printf, temp file for vhosts
- Deployed ACL file for LuCI authentication
- Handler now returns 226 vhosts in <10 seconds

Also:
- Added ROADMAP.md with version milestones and dependency graph
- Updated WIP.md with today's completed tasks

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-03-07 08:11:28 +01:00

136 lines
4.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
# RPCD handler for Routes Status dashboard
# Shows HAProxy vhosts and mitmproxy route configuration status
# Optimized: direct JSON output (avoids jshn overhead for large arrays)
MITMPROXY_ROUTES="/srv/mitmproxy/haproxy-routes.json"
MITMPROXY_IN_ROUTES="/srv/mitmproxy-in/haproxy-routes.json"
HAPROXY_CERTS="/srv/haproxy/certs"
# Get host LAN IP for route configuration
get_host_ip() {
uci -q get network.lan.ipaddr || echo "192.168.255.1"
}
# Main status method - returns all vhosts
method_status() {
local haproxy_running=$(pgrep haproxy >/dev/null 2>&1 && echo "true" || echo "false")
local mitmproxy_running=$(pgrep -f mitmproxy >/dev/null 2>&1 && echo "true" || echo "false")
local host_ip=$(get_host_ip)
# Cache route files for fast lookups
local routes_out=""
local routes_in=""
[ -f "$MITMPROXY_ROUTES" ] && routes_out=$(cat "$MITMPROXY_ROUTES" 2>/dev/null)
[ -f "$MITMPROXY_IN_ROUTES" ] && routes_in=$(cat "$MITMPROXY_IN_ROUTES" 2>/dev/null)
# Get vhosts
local vhosts=""
if command -v haproxyctl >/dev/null 2>&1; then
vhosts=$(haproxyctl vhost list 2>/dev/null | tail -n +3)
fi
local total=$(echo "$vhosts" | grep -c . 2>/dev/null || echo 0)
# Build JSON output directly (faster than jshn for large arrays)
printf '{"haproxy_running":%s,"mitmproxy_running":%s,"host_ip":"%s","total":%s,"vhosts":[' \
"$haproxy_running" "$mitmproxy_running" "$host_ip" "$total"
local first=1
echo "$vhosts" | while IFS= read -r line; do
[ -z "$line" ] && continue
# Parse line: " domain.com -> backend_name [enabled] SSL ..."
local domain=$(echo "$line" | awk '{print $1}')
local backend=$(echo "$line" | awk '{print $3}')
local enabled=$(echo "$line" | grep -qF '[enabled]' && echo "true" || echo "false")
[ -z "$domain" ] && continue
# Check routes using cached content
local has_route_out=$(echo "$routes_out" | grep -q "$domain" && echo "true" || echo "false")
local has_route_in=$(echo "$routes_in" | grep -q "$domain" && echo "true" || echo "false")
# Check SSL cert
local ssl_status="missing"
[ -f "$HAPROXY_CERTS/${domain}.pem" ] && ssl_status="valid"
# WAF bypass check
local waf_bypass=$([ "$backend" != "mitmproxy_inspector" ] && echo "true" || echo "false")
# Output JSON object
[ "$first" = "1" ] && first=0 || printf ","
printf '{"domain":"%s","backend":"%s","active":%s,"ssl_status":"%s","has_route_out":%s,"has_route_in":%s,"waf_bypass":%s}' \
"$domain" "$backend" "$enabled" "$ssl_status" "$has_route_out" "$has_route_in" "$waf_bypass"
done
printf "]}"
}
# Sync routes from HAProxy backends to mitmproxy
method_sync_routes() {
if [ -x /usr/sbin/mitmproxyctl ]; then
local result=$(/usr/sbin/mitmproxyctl sync-routes 2>&1)
printf '{"success":true,"output":"%s"}' "$(echo "$result" | sed 's/"/\\"/g' | tr '\n' ' ')"
else
printf '{"success":false,"error":"mitmproxyctl not found"}'
fi
}
# Add a missing route for a domain
method_add_route() {
read -r input
local domain=$(echo "$input" | jsonfilter -e '@.domain' 2>/dev/null)
local port=$(echo "$input" | jsonfilter -e '@.port' 2>/dev/null)
if [ -z "$domain" ] || [ -z "$port" ]; then
printf '{"success":false,"error":"Missing domain or port parameter"}'
return
fi
local host_ip=$(get_host_ip)
# Add route to both mitmproxy route files
for routes_file in "$MITMPROXY_ROUTES" "$MITMPROXY_IN_ROUTES"; do
if [ -f "$routes_file" ]; then
local tmpfile=$(mktemp)
sed "s/}$/,\"$domain\":[\"$host_ip\",$port]}/" "$routes_file" > "$tmpfile"
mv "$tmpfile" "$routes_file"
fi
done
# Restart mitmproxy to apply changes
/etc/init.d/mitmproxy restart >/dev/null 2>&1
printf '{"success":true}'
}
# List available methods
list_methods() {
printf '{"status":{},"sync_routes":{},"add_route":{"domain":"string","port":0}}'
}
case "$1" in
list)
list_methods
;;
call)
case "$2" in
status)
method_status
;;
sync_routes)
method_sync_routes
;;
add_route)
method_add_route
;;
*)
printf '{"error":"Unknown method"}'
;;
esac
;;
*)
printf '{"error":"Unknown action"}'
;;
esac
Reference in New Issue View Git Blame Copy Permalink