2026-03-01 23:03:18 -05:00
|
|
|
|
"""Gandalf – Global Advanced Network Detection And Link Facilitator.
|
|
|
|
|
|
|
|
|
|
|
|
Flask web application serving the monitoring dashboard and suppression
|
|
|
|
|
|
management UI. Authentication via Authelia forward-auth headers.
|
|
|
|
|
|
All monitoring and alerting is handled by the separate monitor.py daemon.
|
|
|
|
|
|
"""
|
2026-04-19 23:35:02 -04:00
|
|
|
|
import hashlib
|
2026-05-10 23:41:31 -04:00
|
|
|
|
import html
|
2026-03-12 17:30:50 -04:00
|
|
|
|
import ipaddress
|
2025-01-04 01:42:16 -05:00
|
|
|
|
import json
|
2026-03-01 23:03:18 -05:00
|
|
|
|
import logging
|
2026-04-30 21:09:56 -04:00
|
|
|
|
import os
|
2026-03-12 17:30:50 -04:00
|
|
|
|
import re
|
2026-05-07 13:34:37 -04:00
|
|
|
|
import tempfile
|
2026-03-03 16:03:54 -05:00
|
|
|
|
import threading
|
|
|
|
|
|
import time
|
|
|
|
|
|
import uuid
|
2026-04-19 23:35:02 -04:00
|
|
|
|
from datetime import datetime, timezone
|
2026-03-01 23:03:18 -05:00
|
|
|
|
from functools import wraps
|
|
|
|
|
|
|
2026-04-30 21:09:56 -04:00
|
|
|
|
from flask import Flask, jsonify, make_response, render_template, request, send_file
|
2026-03-01 23:03:18 -05:00
|
|
|
|
|
|
|
|
|
|
import db
|
2026-03-03 16:03:54 -05:00
|
|
|
|
import diagnose
|
|
|
|
|
|
from monitor import PulseClient
|
2026-03-01 23:03:18 -05:00
|
|
|
|
|
|
|
|
|
|
logging.basicConfig(
|
|
|
|
|
|
level=logging.INFO,
|
|
|
|
|
|
format='%(asctime)s %(levelname)s %(name)s %(message)s',
|
|
|
|
|
|
)
|
|
|
|
|
|
logger = logging.getLogger('gandalf.web')
|
|
|
|
|
|
|
2025-01-04 01:42:16 -05:00
|
|
|
|
app = Flask(__name__)
|
2026-03-01 23:03:18 -05:00
|
|
|
|
|
2026-04-18 23:54:01 -04:00
|
|
|
|
_AVATAR_COLORS = ['lt-avatar--orange', 'lt-avatar--green', 'lt-avatar--purple', '']
|
|
|
|
|
|
|
2026-04-25 20:51:41 -04:00
|
|
|
|
|
2026-04-18 23:54:01 -04:00
|
|
|
|
@app.template_filter('avatar_color')
|
|
|
|
|
|
def avatar_color_filter(name: str) -> str:
|
2026-04-25 20:51:41 -04:00
|
|
|
|
return _AVATAR_COLORS[int(hashlib.md5(name.encode()).hexdigest(), 16) % len(_AVATAR_COLORS)] # nosec B324
|
2026-04-18 23:54:01 -04:00
|
|
|
|
|
2026-03-01 23:03:18 -05:00
|
|
|
|
_cfg = None
|
2026-04-19 23:35:02 -04:00
|
|
|
|
_cfg_lock = threading.Lock()
|
2026-03-01 23:03:18 -05:00
|
|
|
|
|
2026-03-14 14:31:57 -04:00
|
|
|
|
|
|
|
|
|
|
@app.context_processor
|
|
|
|
|
|
def inject_config():
|
|
|
|
|
|
"""Inject safe config values into all templates."""
|
|
|
|
|
|
cfg = _config()
|
|
|
|
|
|
return {
|
|
|
|
|
|
'config': {
|
|
|
|
|
|
'ticket_api': {
|
|
|
|
|
|
'web_url': cfg.get('ticket_api', {}).get('web_url', 'http://t.lotusguild.org/ticket/'),
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-04-13 22:23:26 -04:00
|
|
|
|
|
2026-03-03 16:03:54 -05:00
|
|
|
|
# In-memory diagnostic job store { job_id: { status, result, created_at } }
|
|
|
|
|
|
_diag_jobs: dict = {}
|
|
|
|
|
|
_diag_lock = threading.Lock()
|
2026-05-11 08:42:50 -04:00
|
|
|
|
# Per-user rate-limit: { username: [epoch_float, ...] } — cleaned inside _diag_lock
|
|
|
|
|
|
_diag_rate: dict = {}
|
2026-03-03 16:03:54 -05:00
|
|
|
|
|
|
|
|
|
|
|
2026-03-12 17:30:50 -04:00
|
|
|
|
def _purge_old_jobs_loop():
|
2026-03-17 20:32:32 -04:00
|
|
|
|
"""Background thread: remove stale diag jobs and run daily event purge."""
|
2026-03-12 17:30:50 -04:00
|
|
|
|
while True:
|
|
|
|
|
|
time.sleep(120)
|
|
|
|
|
|
cutoff = time.time() - 600
|
|
|
|
|
|
stuck_cutoff = time.time() - 300 # 5 min: job still 'running' → thread must have crashed
|
|
|
|
|
|
with _diag_lock:
|
|
|
|
|
|
stale = [jid for jid, j in _diag_jobs.items() if j.get('created_at', 0) < cutoff]
|
|
|
|
|
|
for jid in stale:
|
|
|
|
|
|
del _diag_jobs[jid]
|
2026-04-19 23:35:02 -04:00
|
|
|
|
for jid, j in list(_diag_jobs.items()):
|
2026-03-12 17:30:50 -04:00
|
|
|
|
if j['status'] == 'running' and j.get('created_at', 0) < stuck_cutoff:
|
|
|
|
|
|
j['status'] = 'done'
|
2026-05-10 23:39:52 -04:00
|
|
|
|
j['result'] = {'status': 'error', 'error': 'Diagnostic abandoned — no activity for 5 minutes.'}
|
|
|
|
|
|
logger.error(f'Diagnostic job {jid} stuck (no activity for 5 min); marked done/error')
|
2026-03-12 17:30:50 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
_purge_thread = threading.Thread(target=_purge_old_jobs_loop, daemon=True)
|
|
|
|
|
|
_purge_thread.start()
|
2026-03-03 16:03:54 -05:00
|
|
|
|
|
2026-03-01 23:03:18 -05:00
|
|
|
|
|
|
|
|
|
|
def _config() -> dict:
|
|
|
|
|
|
global _cfg
|
|
|
|
|
|
if _cfg is None:
|
2026-04-19 23:35:02 -04:00
|
|
|
|
with _cfg_lock:
|
|
|
|
|
|
if _cfg is None:
|
|
|
|
|
|
with open('config.json') as f:
|
|
|
|
|
|
_cfg = json.load(f)
|
2026-03-01 23:03:18 -05:00
|
|
|
|
return _cfg
|
|
|
|
|
|
|
|
|
|
|
|
|
2026-05-11 08:50:51 -04:00
|
|
|
|
@app.after_request
|
|
|
|
|
|
def add_security_headers(response):
|
|
|
|
|
|
response.headers.setdefault('X-Content-Type-Options', 'nosniff')
|
|
|
|
|
|
response.headers.setdefault('X-Frame-Options', 'DENY')
|
|
|
|
|
|
response.headers.setdefault('Referrer-Policy', 'strict-origin-when-cross-origin')
|
|
|
|
|
|
return response
|
|
|
|
|
|
|
|
|
|
|
|
|
2026-04-19 23:35:02 -04:00
|
|
|
|
def _daemon_ok(last_check: str) -> bool:
|
|
|
|
|
|
"""Return True if monitor last checked within 20 minutes."""
|
|
|
|
|
|
if not last_check or last_check == 'Never':
|
|
|
|
|
|
return False
|
|
|
|
|
|
try:
|
|
|
|
|
|
ts = datetime.strptime(last_check, '%Y-%m-%d %H:%M:%S UTC').replace(tzinfo=timezone.utc)
|
|
|
|
|
|
return (datetime.now(timezone.utc) - ts).total_seconds() < 1200
|
|
|
|
|
|
except Exception:
|
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
|
|
|
2026-03-01 23:03:18 -05:00
|
|
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
|
# Auth helpers
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
|
|
def _get_user() -> dict:
|
|
|
|
|
|
return {
|
|
|
|
|
|
'username': request.headers.get('Remote-User', ''),
|
|
|
|
|
|
'name': request.headers.get('Remote-Name', ''),
|
|
|
|
|
|
'email': request.headers.get('Remote-Email', ''),
|
|
|
|
|
|
'groups': [
|
|
|
|
|
|
g.strip()
|
|
|
|
|
|
for g in request.headers.get('Remote-Groups', '').split(',')
|
|
|
|
|
|
if g.strip()
|
|
|
|
|
|
],
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def require_auth(f):
|
|
|
|
|
|
@wraps(f)
|
|
|
|
|
|
def wrapper(*args, **kwargs):
|
|
|
|
|
|
user = _get_user()
|
|
|
|
|
|
if not user['username']:
|
|
|
|
|
|
return (
|
|
|
|
|
|
'<h1>401 – Not authenticated</h1>'
|
|
|
|
|
|
'<p>Please access Gandalf through '
|
|
|
|
|
|
'<a href="https://auth.lotusguild.org">auth.lotusguild.org</a>.</p>',
|
|
|
|
|
|
401,
|
|
|
|
|
|
)
|
|
|
|
|
|
allowed = _config().get('auth', {}).get('allowed_groups', ['admin'])
|
|
|
|
|
|
if not any(g in allowed for g in user['groups']):
|
2026-05-10 23:41:31 -04:00
|
|
|
|
safe_user = html.escape(user['username'])
|
|
|
|
|
|
safe_groups = html.escape(', '.join(allowed))
|
2026-03-01 23:03:18 -05:00
|
|
|
|
return (
|
|
|
|
|
|
f'<h1>403 – Access denied</h1>'
|
2026-05-10 23:41:31 -04:00
|
|
|
|
f'<p>Your account ({safe_user}) is not in an allowed group '
|
|
|
|
|
|
f'({safe_groups}).</p>',
|
2026-03-01 23:03:18 -05:00
|
|
|
|
403,
|
|
|
|
|
|
)
|
|
|
|
|
|
return f(*args, **kwargs)
|
|
|
|
|
|
return wrapper
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
2026-05-10 23:39:52 -04:00
|
|
|
|
# Helpers
|
2026-03-01 23:03:18 -05:00
|
|
|
|
# ---------------------------------------------------------------------------
|
2025-02-08 00:03:01 -05:00
|
|
|
|
|
2026-03-17 20:32:32 -04:00
|
|
|
|
_PAGE_LIMIT = 200 # max events returned per request
|
|
|
|
|
|
|
|
|
|
|
|
|
2026-05-10 23:39:52 -04:00
|
|
|
|
def _annotate_suppressions(events: list, suppressions: list) -> None:
|
|
|
|
|
|
"""Annotate each event dict in-place with an is_suppressed bool."""
|
|
|
|
|
|
for ev in events:
|
|
|
|
|
|
sup_type = (
|
|
|
|
|
|
'unifi_device' if ev.get('event_type') == 'unifi_device_offline'
|
|
|
|
|
|
else 'interface' if ev.get('event_type') == 'interface_down'
|
|
|
|
|
|
else 'host'
|
|
|
|
|
|
)
|
|
|
|
|
|
ev['is_suppressed'] = db.check_suppressed(
|
|
|
|
|
|
suppressions, sup_type,
|
|
|
|
|
|
ev.get('target_name', ''), ev.get('target_detail', '') or '',
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
|
# Page routes
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
|
|
|
2025-02-08 00:03:01 -05:00
|
|
|
|
@app.route('/')
|
2026-03-01 23:03:18 -05:00
|
|
|
|
@require_auth
|
|
|
|
|
|
def index():
|
|
|
|
|
|
user = _get_user()
|
2026-03-17 20:32:32 -04:00
|
|
|
|
events = db.get_active_events(limit=_PAGE_LIMIT)
|
|
|
|
|
|
total_active = db.count_active_events()
|
2026-03-01 23:03:18 -05:00
|
|
|
|
summary = db.get_status_summary()
|
|
|
|
|
|
snapshot_raw = db.get_state('network_snapshot')
|
|
|
|
|
|
last_check = db.get_state('last_check', 'Never')
|
2026-05-11 08:47:43 -04:00
|
|
|
|
try:
|
|
|
|
|
|
snapshot = json.loads(snapshot_raw) if snapshot_raw else {}
|
|
|
|
|
|
except Exception as e:
|
|
|
|
|
|
logger.error(f'Failed to parse network_snapshot JSON: {e}')
|
|
|
|
|
|
snapshot = {}
|
2026-03-01 23:03:18 -05:00
|
|
|
|
suppressions = db.get_active_suppressions()
|
2026-05-10 23:39:52 -04:00
|
|
|
|
_annotate_suppressions(events, suppressions)
|
2026-03-14 21:48:40 -04:00
|
|
|
|
recent_resolved = db.get_recent_resolved(hours=24, limit=10)
|
2026-03-01 23:03:18 -05:00
|
|
|
|
return render_template(
|
|
|
|
|
|
'index.html',
|
|
|
|
|
|
user=user,
|
|
|
|
|
|
events=events,
|
2026-03-17 20:32:32 -04:00
|
|
|
|
total_active=total_active,
|
2026-03-01 23:03:18 -05:00
|
|
|
|
summary=summary,
|
|
|
|
|
|
snapshot=snapshot,
|
|
|
|
|
|
last_check=last_check,
|
|
|
|
|
|
suppressions=suppressions,
|
2026-03-14 21:48:40 -04:00
|
|
|
|
recent_resolved=recent_resolved,
|
2026-04-30 21:09:56 -04:00
|
|
|
|
daemon_ok=_daemon_ok(last_check),
|
2026-03-01 23:03:18 -05:00
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
2026-03-02 12:43:11 -05:00
|
|
|
|
@app.route('/links')
|
|
|
|
|
|
@require_auth
|
|
|
|
|
|
def links_page():
|
|
|
|
|
|
user = _get_user()
|
|
|
|
|
|
return render_template('links.html', user=user)
|
|
|
|
|
|
|
|
|
|
|
|
|
2026-03-03 15:39:48 -05:00
|
|
|
|
@app.route('/inspector')
|
|
|
|
|
|
@require_auth
|
|
|
|
|
|
def inspector():
|
|
|
|
|
|
user = _get_user()
|
|
|
|
|
|
return render_template('inspector.html', user=user)
|
|
|
|
|
|
|
|
|
|
|
|
|
2026-03-01 23:03:18 -05:00
|
|
|
|
@app.route('/suppressions')
|
|
|
|
|
|
@require_auth
|
|
|
|
|
|
def suppressions_page():
|
|
|
|
|
|
user = _get_user()
|
|
|
|
|
|
active = db.get_active_suppressions()
|
|
|
|
|
|
history = db.get_suppression_history(limit=50)
|
|
|
|
|
|
snapshot_raw = db.get_state('network_snapshot')
|
2026-05-11 08:50:51 -04:00
|
|
|
|
try:
|
|
|
|
|
|
snapshot = json.loads(snapshot_raw) if snapshot_raw else {}
|
|
|
|
|
|
except Exception as e:
|
|
|
|
|
|
logger.error(f'Failed to parse network_snapshot JSON: {e}')
|
|
|
|
|
|
snapshot = {}
|
2026-03-01 23:03:18 -05:00
|
|
|
|
return render_template(
|
|
|
|
|
|
'suppressions.html',
|
|
|
|
|
|
user=user,
|
|
|
|
|
|
active=active,
|
|
|
|
|
|
history=history,
|
|
|
|
|
|
snapshot=snapshot,
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
|
# API routes
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
2025-02-07 21:03:31 -05:00
|
|
|
|
|
|
|
|
|
|
@app.route('/api/status')
|
2026-03-01 23:03:18 -05:00
|
|
|
|
@require_auth
|
|
|
|
|
|
def api_status():
|
2026-03-17 20:32:32 -04:00
|
|
|
|
active = db.get_active_events(limit=_PAGE_LIMIT)
|
2026-05-10 23:11:15 -04:00
|
|
|
|
suppressions = db.get_active_suppressions()
|
2026-05-10 23:39:52 -04:00
|
|
|
|
_annotate_suppressions(active, suppressions)
|
2026-04-19 23:35:02 -04:00
|
|
|
|
last_check = db.get_state('last_check', 'Never')
|
2026-03-01 23:03:18 -05:00
|
|
|
|
return jsonify({
|
|
|
|
|
|
'summary': db.get_status_summary(),
|
2026-04-19 23:35:02 -04:00
|
|
|
|
'last_check': last_check,
|
2026-03-17 20:32:32 -04:00
|
|
|
|
'events': active,
|
|
|
|
|
|
'total_active': db.count_active_events(),
|
2026-04-19 23:35:02 -04:00
|
|
|
|
'daemon_ok': _daemon_ok(last_check),
|
2026-03-01 23:03:18 -05:00
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/network')
|
|
|
|
|
|
@require_auth
|
|
|
|
|
|
def api_network():
|
|
|
|
|
|
raw = db.get_state('network_snapshot')
|
|
|
|
|
|
if raw:
|
|
|
|
|
|
try:
|
|
|
|
|
|
return jsonify(json.loads(raw))
|
|
|
|
|
|
except Exception:
|
2026-03-12 17:35:41 -04:00
|
|
|
|
logger.error('Failed to parse network_snapshot JSON')
|
2026-03-01 23:03:18 -05:00
|
|
|
|
return jsonify({'hosts': {}, 'unifi': [], 'updated': None})
|
|
|
|
|
|
|
|
|
|
|
|
|
2026-03-02 12:43:11 -05:00
|
|
|
|
@app.route('/api/links')
|
|
|
|
|
|
@require_auth
|
|
|
|
|
|
def api_links():
|
|
|
|
|
|
raw = db.get_state('link_stats')
|
|
|
|
|
|
if raw:
|
2026-05-11 08:50:51 -04:00
|
|
|
|
if len(raw) > 10_000_000:
|
|
|
|
|
|
logger.error(f'link_stats exceeds 10 MB ({len(raw)} bytes); possible corruption')
|
|
|
|
|
|
return jsonify({'error': 'Invalid cached data'}), 503
|
2026-03-02 12:43:11 -05:00
|
|
|
|
try:
|
|
|
|
|
|
return jsonify(json.loads(raw))
|
2026-05-11 08:50:51 -04:00
|
|
|
|
except Exception as e:
|
|
|
|
|
|
logger.error(f'Failed to parse link_stats JSON: {e}')
|
2026-03-02 12:43:11 -05:00
|
|
|
|
return jsonify({'hosts': {}, 'updated': None})
|
|
|
|
|
|
|
|
|
|
|
|
|
2026-03-01 23:03:18 -05:00
|
|
|
|
@app.route('/api/events')
|
|
|
|
|
|
@require_auth
|
|
|
|
|
|
def api_events():
|
2026-03-17 20:32:32 -04:00
|
|
|
|
try:
|
|
|
|
|
|
limit = min(int(request.args.get('limit', _PAGE_LIMIT)), 1000)
|
|
|
|
|
|
offset = max(int(request.args.get('offset', 0)), 0)
|
|
|
|
|
|
except ValueError:
|
|
|
|
|
|
return jsonify({'error': 'limit and offset must be integers'}), 400
|
|
|
|
|
|
status_filter = request.args.get('status', 'active')
|
|
|
|
|
|
if status_filter not in ('active', 'resolved', 'all'):
|
|
|
|
|
|
return jsonify({'error': 'status must be active, resolved, or all'}), 400
|
|
|
|
|
|
|
|
|
|
|
|
result: dict = {}
|
|
|
|
|
|
if status_filter in ('active', 'all'):
|
|
|
|
|
|
result['active'] = db.get_active_events(limit=limit, offset=offset)
|
|
|
|
|
|
result['total_active'] = db.count_active_events()
|
|
|
|
|
|
if status_filter in ('resolved', 'all'):
|
|
|
|
|
|
result['resolved'] = db.get_recent_resolved(hours=24, limit=30)
|
|
|
|
|
|
return jsonify(result)
|
2026-03-01 23:03:18 -05:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/suppressions', methods=['GET'])
|
|
|
|
|
|
@require_auth
|
|
|
|
|
|
def api_get_suppressions():
|
|
|
|
|
|
return jsonify(db.get_active_suppressions())
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/suppressions', methods=['POST'])
|
|
|
|
|
|
@require_auth
|
|
|
|
|
|
def api_create_suppression():
|
|
|
|
|
|
user = _get_user()
|
|
|
|
|
|
data = request.get_json(silent=True) or {}
|
|
|
|
|
|
|
|
|
|
|
|
target_type = data.get('target_type', 'host')
|
|
|
|
|
|
target_name = (data.get('target_name') or '').strip()
|
|
|
|
|
|
target_detail = (data.get('target_detail') or '').strip()
|
|
|
|
|
|
reason = (data.get('reason') or '').strip()
|
|
|
|
|
|
expires_minutes = data.get('expires_minutes') # None = manual/permanent
|
|
|
|
|
|
|
|
|
|
|
|
if target_type not in ('host', 'interface', 'unifi_device', 'all'):
|
|
|
|
|
|
return jsonify({'error': 'Invalid target_type'}), 400
|
|
|
|
|
|
if target_type != 'all' and not target_name:
|
|
|
|
|
|
return jsonify({'error': 'target_name required'}), 400
|
|
|
|
|
|
if not reason:
|
|
|
|
|
|
return jsonify({'error': 'reason required'}), 400
|
2026-03-17 20:32:32 -04:00
|
|
|
|
if len(reason) > 500:
|
|
|
|
|
|
return jsonify({'error': 'reason must be 500 characters or fewer'}), 400
|
|
|
|
|
|
if len(target_name) > 255:
|
|
|
|
|
|
return jsonify({'error': 'target_name must be 255 characters or fewer'}), 400
|
|
|
|
|
|
if len(target_detail) > 255:
|
|
|
|
|
|
return jsonify({'error': 'target_detail must be 255 characters or fewer'}), 400
|
2026-03-01 23:03:18 -05:00
|
|
|
|
|
2026-05-11 08:47:43 -04:00
|
|
|
|
if expires_minutes is not None:
|
|
|
|
|
|
try:
|
|
|
|
|
|
expires_minutes = int(expires_minutes)
|
|
|
|
|
|
if expires_minutes <= 0 or expires_minutes > 43200:
|
|
|
|
|
|
return jsonify({'error': 'expires_minutes must be between 1 and 43200 (30 days)'}), 400
|
|
|
|
|
|
except (ValueError, TypeError):
|
|
|
|
|
|
return jsonify({'error': 'expires_minutes must be a valid integer'}), 400
|
|
|
|
|
|
|
2026-03-01 23:03:18 -05:00
|
|
|
|
sup_id = db.create_suppression(
|
|
|
|
|
|
target_type=target_type,
|
|
|
|
|
|
target_name=target_name,
|
|
|
|
|
|
target_detail=target_detail,
|
|
|
|
|
|
reason=reason,
|
|
|
|
|
|
suppressed_by=user['username'],
|
2026-05-11 08:47:43 -04:00
|
|
|
|
expires_minutes=expires_minutes,
|
2026-03-01 23:03:18 -05:00
|
|
|
|
)
|
|
|
|
|
|
logger.info(
|
|
|
|
|
|
f'Suppression #{sup_id} created by {user["username"]}: '
|
|
|
|
|
|
f'{target_type}/{target_name}/{target_detail} – {reason}'
|
|
|
|
|
|
)
|
|
|
|
|
|
return jsonify({'success': True, 'id': sup_id})
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/suppressions/<int:sup_id>', methods=['DELETE'])
|
|
|
|
|
|
@require_auth
|
|
|
|
|
|
def api_delete_suppression(sup_id: int):
|
|
|
|
|
|
user = _get_user()
|
|
|
|
|
|
db.deactivate_suppression(sup_id)
|
|
|
|
|
|
logger.info(f'Suppression #{sup_id} removed by {user["username"]}')
|
|
|
|
|
|
return jsonify({'success': True})
|
|
|
|
|
|
|
|
|
|
|
|
|
2026-03-03 16:03:54 -05:00
|
|
|
|
@app.route('/api/diagnose', methods=['POST'])
|
|
|
|
|
|
@require_auth
|
|
|
|
|
|
def api_diagnose_start():
|
|
|
|
|
|
"""Start a link diagnostic job. Returns {job_id}."""
|
|
|
|
|
|
data = request.get_json(silent=True) or {}
|
|
|
|
|
|
switch_name = (data.get('switch_name') or '').strip()
|
2026-03-12 17:35:41 -04:00
|
|
|
|
try:
|
|
|
|
|
|
port_idx = int(data.get('port_idx'))
|
|
|
|
|
|
except (TypeError, ValueError):
|
|
|
|
|
|
return jsonify({'error': 'port_idx must be an integer'}), 400
|
2026-03-03 16:03:54 -05:00
|
|
|
|
|
2026-03-12 17:35:41 -04:00
|
|
|
|
if not switch_name:
|
2026-03-03 16:03:54 -05:00
|
|
|
|
return jsonify({'error': 'switch_name and port_idx required'}), 400
|
|
|
|
|
|
|
|
|
|
|
|
# Look up switch + port in cached link_stats
|
|
|
|
|
|
raw = db.get_state('link_stats')
|
|
|
|
|
|
if not raw:
|
|
|
|
|
|
return jsonify({'error': 'No link_stats data available'}), 503
|
|
|
|
|
|
try:
|
|
|
|
|
|
link_data = json.loads(raw)
|
2026-05-11 08:45:28 -04:00
|
|
|
|
except Exception as e:
|
|
|
|
|
|
logger.error(f'Failed to parse link_stats JSON in /api/diagnose: {e}')
|
2026-03-03 16:03:54 -05:00
|
|
|
|
return jsonify({'error': 'Internal data error'}), 500
|
|
|
|
|
|
|
|
|
|
|
|
switches = link_data.get('unifi_switches', {})
|
|
|
|
|
|
sw = switches.get(switch_name)
|
|
|
|
|
|
if not sw:
|
|
|
|
|
|
return jsonify({'error': f'Switch "{switch_name}" not found'}), 404
|
|
|
|
|
|
|
|
|
|
|
|
# Find port by port_idx
|
|
|
|
|
|
port_data = None
|
|
|
|
|
|
for pname, pd in sw.get('ports', {}).items():
|
|
|
|
|
|
if pd.get('port_idx') == port_idx:
|
|
|
|
|
|
port_data = dict(pd)
|
|
|
|
|
|
port_data['name'] = pname
|
|
|
|
|
|
break
|
|
|
|
|
|
if not port_data:
|
|
|
|
|
|
return jsonify({'error': f'Port {port_idx} not found on switch "{switch_name}"'}), 404
|
|
|
|
|
|
|
|
|
|
|
|
# LLDP neighbor required to know which host+iface to SSH into
|
|
|
|
|
|
lldp = port_data.get('lldp')
|
|
|
|
|
|
if not lldp or not lldp.get('system_name'):
|
|
|
|
|
|
return jsonify({'error': 'No LLDP neighbor data for this port'}), 400
|
|
|
|
|
|
|
|
|
|
|
|
server_name = lldp['system_name']
|
2026-05-11 08:45:28 -04:00
|
|
|
|
if not re.fullmatch(r'[a-zA-Z0-9._-]+', server_name):
|
|
|
|
|
|
logger.error(f'Refusing diagnostic: invalid server_name from LLDP: {server_name!r}')
|
|
|
|
|
|
return jsonify({'error': 'LLDP neighbor name contains invalid characters'}), 400
|
2026-03-03 16:03:54 -05:00
|
|
|
|
lldp_port_id = lldp.get('port_id', '')
|
|
|
|
|
|
|
|
|
|
|
|
# Find matching host + interface in link_stats hosts
|
|
|
|
|
|
hosts = link_data.get('hosts', {})
|
|
|
|
|
|
server_ifaces = hosts.get(server_name)
|
|
|
|
|
|
if not server_ifaces:
|
|
|
|
|
|
return jsonify({'error': f'Host "{server_name}" not in link stats'}), 404
|
|
|
|
|
|
|
|
|
|
|
|
# Match interface by LLDP port_id (exact then fuzzy)
|
|
|
|
|
|
matched_iface = None
|
|
|
|
|
|
if lldp_port_id and lldp_port_id in server_ifaces:
|
|
|
|
|
|
matched_iface = lldp_port_id
|
|
|
|
|
|
if not matched_iface and lldp_port_id:
|
|
|
|
|
|
matched_iface = next(
|
|
|
|
|
|
(k for k in server_ifaces if lldp_port_id in k or k in lldp_port_id),
|
|
|
|
|
|
None
|
|
|
|
|
|
)
|
|
|
|
|
|
if not matched_iface:
|
|
|
|
|
|
matched_iface = next(iter(server_ifaces), None)
|
|
|
|
|
|
if not matched_iface:
|
|
|
|
|
|
return jsonify({'error': 'Cannot determine server interface'}), 400
|
|
|
|
|
|
|
|
|
|
|
|
# Resolve host IP from link_stats host data
|
|
|
|
|
|
host_ip = (server_ifaces.get(matched_iface) or {}).get('host_ip')
|
|
|
|
|
|
if not host_ip:
|
2026-05-11 08:45:28 -04:00
|
|
|
|
# Fallback: use first valid IP from LLDP mgmt IPs
|
|
|
|
|
|
for candidate in (lldp.get('mgmt_ips') or []):
|
|
|
|
|
|
try:
|
|
|
|
|
|
ipaddress.ip_address(candidate)
|
|
|
|
|
|
host_ip = candidate
|
|
|
|
|
|
break
|
|
|
|
|
|
except ValueError:
|
|
|
|
|
|
continue
|
2026-03-03 16:03:54 -05:00
|
|
|
|
if not host_ip:
|
|
|
|
|
|
return jsonify({'error': 'Cannot determine host IP for SSH'}), 400
|
|
|
|
|
|
|
2026-03-12 17:30:50 -04:00
|
|
|
|
# Validate resolved values before passing to SSH command builder
|
|
|
|
|
|
try:
|
|
|
|
|
|
ipaddress.ip_address(host_ip)
|
|
|
|
|
|
except ValueError:
|
|
|
|
|
|
logger.error(f'Refusing diagnostic: invalid host_ip "{host_ip}" for {server_name}')
|
|
|
|
|
|
return jsonify({'error': 'Resolved host IP is not a valid IP address'}), 400
|
|
|
|
|
|
if not re.fullmatch(r'[a-zA-Z0-9._-]+', matched_iface):
|
|
|
|
|
|
logger.error(f'Refusing diagnostic: invalid iface "{matched_iface}" for {server_name}')
|
|
|
|
|
|
return jsonify({'error': 'Resolved interface name contains invalid characters'}), 400
|
|
|
|
|
|
|
2026-03-03 16:03:54 -05:00
|
|
|
|
job_id = str(uuid.uuid4())
|
2026-05-10 23:53:17 -04:00
|
|
|
|
requesting_user = _get_user()['username']
|
2026-05-11 08:42:50 -04:00
|
|
|
|
now = time.time()
|
2026-03-03 16:03:54 -05:00
|
|
|
|
with _diag_lock:
|
2026-05-11 08:47:43 -04:00
|
|
|
|
# Rate limit: max 5 diagnostic jobs per user per minute; prune stale user entries
|
|
|
|
|
|
stale_users = [u for u, ts in _diag_rate.items() if not ts or max(ts) < now - 3600]
|
|
|
|
|
|
for u in stale_users:
|
|
|
|
|
|
del _diag_rate[u]
|
2026-05-11 08:42:50 -04:00
|
|
|
|
recent = [t for t in _diag_rate.get(requesting_user, []) if now - t < 60]
|
|
|
|
|
|
if len(recent) >= 5:
|
|
|
|
|
|
return jsonify({'error': 'Rate limit exceeded: max 5 diagnostics per minute'}), 429
|
|
|
|
|
|
recent.append(now)
|
|
|
|
|
|
_diag_rate[requesting_user] = recent
|
2026-05-10 23:53:17 -04:00
|
|
|
|
_diag_jobs[job_id] = {
|
|
|
|
|
|
'status': 'running', 'result': None,
|
2026-05-11 08:42:50 -04:00
|
|
|
|
'created_at': now, 'user': requesting_user,
|
2026-05-10 23:53:17 -04:00
|
|
|
|
}
|
2026-03-03 16:03:54 -05:00
|
|
|
|
|
|
|
|
|
|
def _run():
|
|
|
|
|
|
try:
|
|
|
|
|
|
cfg = _config()
|
|
|
|
|
|
pulse = PulseClient(cfg)
|
|
|
|
|
|
runner = diagnose.DiagnosticsRunner(pulse)
|
|
|
|
|
|
result = runner.run(host_ip, server_name, matched_iface, port_data)
|
|
|
|
|
|
except Exception as e:
|
|
|
|
|
|
logger.error(f'Diagnostic job {job_id} failed: {e}', exc_info=True)
|
2026-05-11 08:40:25 -04:00
|
|
|
|
result = {'status': 'error', 'error': 'Diagnostic failed; check server logs.'}
|
2026-03-03 16:03:54 -05:00
|
|
|
|
with _diag_lock:
|
|
|
|
|
|
if job_id in _diag_jobs:
|
|
|
|
|
|
_diag_jobs[job_id]['status'] = 'done'
|
|
|
|
|
|
_diag_jobs[job_id]['result'] = result
|
|
|
|
|
|
|
|
|
|
|
|
t = threading.Thread(target=_run, daemon=True)
|
|
|
|
|
|
t.start()
|
|
|
|
|
|
|
|
|
|
|
|
return jsonify({'job_id': job_id})
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/diagnose/<job_id>', methods=['GET'])
|
|
|
|
|
|
@require_auth
|
|
|
|
|
|
def api_diagnose_poll(job_id: str):
|
|
|
|
|
|
"""Poll a diagnostic job. Returns {status, result}."""
|
2026-05-11 08:42:50 -04:00
|
|
|
|
current_user = _get_user()['username']
|
2026-03-03 16:03:54 -05:00
|
|
|
|
with _diag_lock:
|
|
|
|
|
|
job = _diag_jobs.get(job_id)
|
2026-05-11 08:42:50 -04:00
|
|
|
|
if not job:
|
|
|
|
|
|
return jsonify({'error': 'Job not found'}), 404
|
|
|
|
|
|
if job.get('user') != current_user:
|
|
|
|
|
|
return jsonify({'error': 'Forbidden'}), 403
|
|
|
|
|
|
snapshot = {'status': job['status'], 'result': job.get('result')}
|
|
|
|
|
|
return jsonify(snapshot)
|
2026-03-03 16:03:54 -05:00
|
|
|
|
|
|
|
|
|
|
|
2026-04-30 21:09:56 -04:00
|
|
|
|
@app.route('/api/avatar')
|
|
|
|
|
|
@require_auth
|
|
|
|
|
|
def api_avatar():
|
|
|
|
|
|
"""Serve the current user's LDAP avatar photo (JPEG), cached to disk."""
|
|
|
|
|
|
username = request.headers.get('Remote-User', '').strip()
|
|
|
|
|
|
if not username:
|
|
|
|
|
|
return '', 404
|
|
|
|
|
|
|
|
|
|
|
|
ldap_cfg = _config().get('ldap', {})
|
|
|
|
|
|
if not ldap_cfg.get('host') or not ldap_cfg.get('bind_dn'):
|
|
|
|
|
|
return '', 404
|
|
|
|
|
|
|
|
|
|
|
|
# Build a safe cache filename from the username (alphanumeric + - _ .)
|
|
|
|
|
|
safe_name = re.sub(r'[^a-zA-Z0-9._-]', '_', username)
|
2026-05-11 09:31:25 -04:00
|
|
|
|
cache_dir = os.path.abspath(
|
|
|
|
|
|
ldap_cfg.get('cache_dir', os.path.join(tempfile.gettempdir(), 'gandalf_avatars'))
|
|
|
|
|
|
)
|
2026-04-30 21:09:56 -04:00
|
|
|
|
os.makedirs(cache_dir, exist_ok=True)
|
2026-05-11 09:31:25 -04:00
|
|
|
|
cache_file = os.path.abspath(os.path.join(cache_dir, f'user_{safe_name}.jpg'))
|
|
|
|
|
|
sentinel = os.path.abspath(os.path.join(cache_dir, f'user_{safe_name}.none'))
|
|
|
|
|
|
# Guard against path escape (shouldn't happen with sanitised safe_name, but be explicit)
|
|
|
|
|
|
if not cache_file.startswith(cache_dir + os.sep) or not sentinel.startswith(cache_dir + os.sep):
|
|
|
|
|
|
logger.error(f'Avatar path escape detected for user {username!r}')
|
|
|
|
|
|
return '', 404
|
2026-05-11 09:05:53 -04:00
|
|
|
|
try:
|
|
|
|
|
|
cache_ttl = int(ldap_cfg.get('cache_ttl', 3600))
|
|
|
|
|
|
except (ValueError, TypeError):
|
|
|
|
|
|
logger.warning('Invalid cache_ttl in ldap config; using default 3600')
|
|
|
|
|
|
cache_ttl = 3600
|
2026-04-30 21:09:56 -04:00
|
|
|
|
|
|
|
|
|
|
now = time.time()
|
|
|
|
|
|
|
|
|
|
|
|
# Serve cached image if fresh
|
|
|
|
|
|
if os.path.exists(cache_file) and now - os.path.getmtime(cache_file) < cache_ttl:
|
|
|
|
|
|
return send_file(cache_file, mimetype='image/jpeg',
|
|
|
|
|
|
max_age=cache_ttl, conditional=True)
|
|
|
|
|
|
|
|
|
|
|
|
# Skip LDAP if we already know this user has no avatar
|
2026-05-11 09:31:25 -04:00
|
|
|
|
try:
|
|
|
|
|
|
if os.path.exists(sentinel) and now - os.path.getmtime(sentinel) < cache_ttl:
|
|
|
|
|
|
return '', 404
|
|
|
|
|
|
except OSError:
|
|
|
|
|
|
pass
|
2026-04-30 21:09:56 -04:00
|
|
|
|
|
|
|
|
|
|
# Query lldap
|
2026-05-11 08:47:43 -04:00
|
|
|
|
bind_pw = ldap_cfg.get('bind_pw', '')
|
|
|
|
|
|
if not bind_pw:
|
|
|
|
|
|
logger.error('LDAP bind_pw not configured — avatar lookup disabled')
|
|
|
|
|
|
return '', 404
|
|
|
|
|
|
|
2026-04-30 21:09:56 -04:00
|
|
|
|
avatar_data = None
|
2026-05-11 08:50:51 -04:00
|
|
|
|
conn = None
|
2026-04-30 21:09:56 -04:00
|
|
|
|
try:
|
|
|
|
|
|
import ldap3
|
|
|
|
|
|
server = ldap3.Server(ldap_cfg['host'], port=int(ldap_cfg.get('port', 3890)))
|
|
|
|
|
|
conn = ldap3.Connection(server,
|
|
|
|
|
|
user=ldap_cfg['bind_dn'],
|
2026-05-11 08:47:43 -04:00
|
|
|
|
password=bind_pw,
|
2026-04-30 21:09:56 -04:00
|
|
|
|
auto_bind=True, receive_timeout=5)
|
|
|
|
|
|
safe_uid = ldap3.utils.conv.escape_filter_chars(username)
|
|
|
|
|
|
conn.search(ldap_cfg.get('user_base', 'ou=people,dc=example,dc=com'),
|
|
|
|
|
|
f'(uid={safe_uid})', attributes=['avatar'])
|
|
|
|
|
|
if conn.entries and conn.entries[0]['avatar'].value:
|
|
|
|
|
|
avatar_data = conn.entries[0]['avatar'].value
|
|
|
|
|
|
except ImportError:
|
|
|
|
|
|
logger.error('ldap3 not installed — run: pip install ldap3')
|
|
|
|
|
|
return '', 404
|
|
|
|
|
|
except Exception as e:
|
|
|
|
|
|
logger.error(f'LDAP avatar lookup failed for {username}: {e}')
|
|
|
|
|
|
return '', 404
|
2026-05-11 08:50:51 -04:00
|
|
|
|
finally:
|
|
|
|
|
|
if conn is not None:
|
|
|
|
|
|
try:
|
|
|
|
|
|
conn.unbind()
|
|
|
|
|
|
except Exception:
|
|
|
|
|
|
pass
|
2026-04-30 21:09:56 -04:00
|
|
|
|
|
|
|
|
|
|
if not avatar_data or len(avatar_data) < 100:
|
2026-05-11 09:23:06 -04:00
|
|
|
|
with open(sentinel, 'w'):
|
|
|
|
|
|
pass
|
2026-04-30 21:09:56 -04:00
|
|
|
|
return '', 404
|
|
|
|
|
|
|
|
|
|
|
|
# Validate JPEG magic bytes (FF D8 FF)
|
|
|
|
|
|
if isinstance(avatar_data, str):
|
|
|
|
|
|
avatar_data = avatar_data.encode('latin-1')
|
|
|
|
|
|
if avatar_data[:3] != b'\xFF\xD8\xFF':
|
|
|
|
|
|
logger.warning(f'Non-JPEG avatar data for {username}')
|
|
|
|
|
|
open(sentinel, 'w').close()
|
|
|
|
|
|
return '', 404
|
|
|
|
|
|
|
|
|
|
|
|
with open(cache_file, 'wb') as f:
|
|
|
|
|
|
f.write(avatar_data)
|
|
|
|
|
|
if os.path.exists(sentinel):
|
|
|
|
|
|
os.unlink(sentinel)
|
|
|
|
|
|
|
|
|
|
|
|
resp = make_response(avatar_data)
|
|
|
|
|
|
resp.headers['Content-Type'] = 'image/jpeg'
|
|
|
|
|
|
resp.headers['Cache-Control'] = f'private, max-age={cache_ttl}'
|
|
|
|
|
|
return resp
|
|
|
|
|
|
|
|
|
|
|
|
|
2026-03-01 23:03:18 -05:00
|
|
|
|
@app.route('/health')
|
|
|
|
|
|
def health():
|
2026-03-14 21:35:32 -04:00
|
|
|
|
"""Health check endpoint (no auth). Checks DB and monitor freshness."""
|
|
|
|
|
|
checks = {}
|
|
|
|
|
|
overall = 'ok'
|
|
|
|
|
|
|
|
|
|
|
|
# DB connectivity
|
|
|
|
|
|
try:
|
|
|
|
|
|
db.get_state('last_check')
|
|
|
|
|
|
checks['db'] = 'ok'
|
|
|
|
|
|
except Exception as e:
|
2026-05-11 08:40:25 -04:00
|
|
|
|
logger.error(f'Health check db error: {e}')
|
|
|
|
|
|
checks['db'] = 'error'
|
2026-03-14 21:35:32 -04:00
|
|
|
|
overall = 'degraded'
|
|
|
|
|
|
|
|
|
|
|
|
# Monitor freshness: fail if last_check is older than 20 minutes
|
|
|
|
|
|
try:
|
|
|
|
|
|
last_check = db.get_state('last_check', '')
|
|
|
|
|
|
if last_check:
|
|
|
|
|
|
ts = datetime.strptime(last_check, '%Y-%m-%d %H:%M:%S UTC').replace(tzinfo=timezone.utc)
|
|
|
|
|
|
age_s = (datetime.now(timezone.utc) - ts).total_seconds()
|
|
|
|
|
|
if age_s > 1200:
|
2026-05-11 08:50:51 -04:00
|
|
|
|
checks['monitor'] = 'stale'
|
2026-03-14 21:35:32 -04:00
|
|
|
|
overall = 'degraded'
|
|
|
|
|
|
else:
|
2026-05-11 08:50:51 -04:00
|
|
|
|
checks['monitor'] = 'ok'
|
2026-03-14 21:35:32 -04:00
|
|
|
|
else:
|
|
|
|
|
|
checks['monitor'] = 'no data yet'
|
|
|
|
|
|
except Exception as e:
|
2026-05-11 08:40:25 -04:00
|
|
|
|
logger.error(f'Health check monitor error: {e}')
|
|
|
|
|
|
checks['monitor'] = 'error'
|
2026-03-14 21:35:32 -04:00
|
|
|
|
overall = 'degraded'
|
|
|
|
|
|
|
|
|
|
|
|
status_code = 200 if overall == 'ok' else 503
|
|
|
|
|
|
return jsonify({'status': overall, 'service': 'gandalf', 'checks': checks}), status_code
|
2026-03-01 23:03:18 -05:00
|
|
|
|
|
2025-01-04 01:42:16 -05:00
|
|
|
|
|
|
|
|
|
|
if __name__ == '__main__':
|
2026-04-25 20:51:41 -04:00
|
|
|
|
app.run(debug=True, host='0.0.0.0', port=5000) # nosec B201 B104 — dev runner only; production uses gunicorn
|
