fix: inspector.html stale/updated timestamp broken date parsing

Same bug as was just fixed in links.html: data.updated is stored as "YYYY-MM-DD HH:MM:SS UTC" by monitor.py, so appending 'Z' produced "…UTCZ" — an invalid date. The stale-data warning and Updated timestamp in Inspector were silently showing "Invalid Date" and the stale overlay never fired. Fixed to use _toIso() (already global via app.js). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
fix: admin-only suppression enforcement, links.html broken date parsing
2026-05-11 13:25:17 -04:00 · 2026-05-11 13:03:37 -04:00 · 2026-05-11 12:58:32 -04:00 · 2026-05-11 12:05:08 -04:00
8 changed files with 66 additions and 40 deletions
@@ -155,6 +155,17 @@ def require_auth(f):
    return wrapper
 def require_admin(f):
    """Decorator: require require_auth AND membership in the 'admin' group."""
    @wraps(f)
    def wrapper(*args, **kwargs):
        user = _get_user()
        if 'admin' not in user.get('groups', []):
            return jsonify({'error': 'Admin access required'}), 403
        return f(*args, **kwargs)
    return wrapper
 # ---------------------------------------------------------------------------
 # Helpers
 # ---------------------------------------------------------------------------
@@ -228,6 +239,7 @@ def inspector():
@app.route('/suppressions')
@require_auth
@require_admin
 def suppressions_page():
    user = _get_user()
    active = db.get_active_suppressions()
@@ -323,6 +335,7 @@ def api_get_suppressions():
@app.route('/api/suppressions', methods=['POST'])
@require_auth
@require_admin
 def api_create_suppression():
    user = _get_user()
    data = request.get_json(silent=True) or {}
@@ -371,6 +384,7 @@ def api_create_suppression():
@app.route('/api/suppressions/<int:sup_id>', methods=['DELETE'])
@require_auth
@require_admin
 def api_delete_suppression(sup_id: int):
    user = _get_user()
    db.deactivate_suppression(sup_id)
@@ -612,7 +626,8 @@ def api_avatar():
        avatar_data = avatar_data.encode('latin-1')
    if avatar_data[:3] != b'\xFF\xD8\xFF':
        logger.warning(f'Non-JPEG avatar data for {username}')
-        open(sentinel, 'w').close()
+        with open(sentinel, 'w'):
            pass
        return '', 404
    with open(cache_file, 'wb') as f:
@@ -221,8 +221,6 @@ class DiagnosticsRunner:
                data['auto_neg'] = (val.lower() == 'on')
            elif key == 'Link detected':
                data['link_detected'] = (val.lower() == 'yes')
            elif 'Supported link modes' in key:
                data.setdefault('supported_modes', []).append(val)
        return data
    @staticmethod
@@ -294,18 +294,33 @@ function updateSuppressForm() {
  const type      = document.getElementById('sup-type').value;
  const nameGrp   = document.getElementById('sup-name-group');
  const detailGrp = document.getElementById('sup-detail-group');
  const nameInput   = document.getElementById('sup-name');
  const detailInput = document.getElementById('sup-detail');
  if (nameGrp)   nameGrp.style.display   = (type === 'all') ? 'none' : '';
  if (detailGrp) detailGrp.style.display = (type === 'interface') ? '' : 'none';
  if (nameInput) {
    const req = (type !== 'all');
    nameInput.required = req;
    nameInput.setAttribute('aria-required', String(req));
  }
  if (detailInput) {
    const req = (type === 'interface');
    detailInput.required = req;
    detailInput.setAttribute('aria-required', String(req));
  }
 }
-function setDuration(mins, el) {
+function setDuration(mins, el, opts) {
-  document.getElementById('sup-expires').value = mins || '';
+  const o         = opts || {};
-  document.querySelectorAll('#suppress-modal .pill').forEach(p => {
+  const expiresEl = document.getElementById(o.expiresId || 'sup-expires');
  const pillSel   = o.pillSel || '#suppress-modal .pill';
  const hint      = document.getElementById(o.hintId || 'duration-hint');
  if (expiresEl) expiresEl.value = mins || '';
  document.querySelectorAll(pillSel).forEach(p => {
    p.classList.remove('active');
    p.setAttribute('aria-pressed', 'false');
  });
  if (el) { el.classList.add('active'); el.setAttribute('aria-pressed', 'true'); }
  const hint = document.getElementById('duration-hint');
  if (hint) {
    if (mins) {
      const h = Math.floor(mins / 60), m = mins % 60;
@@ -217,6 +217,7 @@
 .sev-pills          { display: flex; gap: 4px; }
 .g-page-sub { font-size: .78em; color: var(--text-muted); margin-top: 4px; }
 .g-page-sub-aside { font-size: .78em; color: var(--text-muted); margin-left: 8px; }
 .g-stale-warn { color: var(--orange); font-weight: 600; }
 /* ── Badge severity color variants (used with lt-badge) ───────────── */
 .badge-critical { color: var(--red);    border-color: var(--red);    text-shadow: var(--glow-red); }
@@ -227,16 +227,16 @@
          <div class="lt-form-group">
            <label class="lt-label" for="sup-reason">Reason <span class="required">*</span></label>
            <input type="text" class="lt-input" id="sup-reason" name="reason"
-                   placeholder="e.g. Planned switch reboot" required>
+                   placeholder="e.g. Planned switch reboot" required aria-required="true">
          </div>
          <div class="lt-form-group lt-form-group--last">
            <label class="lt-label">Duration</label>
            <div class="duration-pills" role="group" aria-label="Select suppression duration">
-              <button type="button" class="pill" data-duration="30" aria-pressed="false">30 min</button>
+              <button type="button" class="pill" data-duration="30" aria-pressed="false" aria-label="30 minutes">30 min</button>
-              <button type="button" class="pill" data-duration="60" aria-pressed="false">1 hr</button>
+              <button type="button" class="pill" data-duration="60" aria-pressed="false" aria-label="1 hour">1 hr</button>
-              <button type="button" class="pill" data-duration="240" aria-pressed="false">4 hr</button>
+              <button type="button" class="pill" data-duration="240" aria-pressed="false" aria-label="4 hours">4 hr</button>
-              <button type="button" class="pill" data-duration="480" aria-pressed="false">8 hr</button>
+              <button type="button" class="pill" data-duration="480" aria-pressed="false" aria-label="8 hours">8 hr</button>
-              <button type="button" class="pill pill-manual active" data-duration="" aria-pressed="true">Manual &#x221E;</button>
+              <button type="button" class="pill pill-manual active" data-duration="" aria-pressed="true" aria-label="Manual, no expiry">Manual &#x221E;</button>
            </div>
            <input type="hidden" id="sup-expires" name="expires_minutes" value="">
            <div class="lt-field-hint" id="duration-hint">Persists until manually removed.</div>
@@ -428,7 +428,14 @@ function renderInspector(data) {
  const updEl = document.getElementById('inspector-updated');
  if (updEl && data.updated) {
-    updEl.textContent = 'Updated: ' + new Date(data.updated + (data.updated.includes('Z') ? '' : 'Z')).toLocaleTimeString();
+    const updMs = new Date(_toIso(data.updated));
    const ageMin = (Date.now() - updMs) / 60000;
    const timeStr = updMs.toLocaleTimeString();
    if (ageMin > 15) {
      updEl.innerHTML = `<span class="g-stale-warn" title="Data is ${Math.floor(ageMin)} minutes old — monitor may be down">⚠ Stale: ${timeStr}</span>`;
    } else {
      updEl.textContent = 'Updated: ' + timeStr;
    }
  }
  if (!Object.keys(switches).length) {
@@ -36,7 +36,6 @@
 {% block scripts %}
 <script>
 const escHtml = s => lt.escHtml(s);
 const _toIso  = s => s ? s.replace(' UTC', 'Z').replace(' ', 'T') : s;
 // ── Formatting helpers ────────────────────────────────────────────
 function fmtRate(bytesPerSec) {
@@ -527,7 +526,7 @@ function expandAll() {
 // ── Stale data warning ────────────────────────────────────────────
 function checkLinksStale(updatedStr) {
  if (!updatedStr) return;
-  const age = (Date.now() - new Date(updatedStr + (updatedStr.includes('Z') ? '' : 'Z'))) / 1000;
+  const age = (Date.now() - new Date(_toIso(updatedStr))) / 1000;
  let banner = document.getElementById('links-stale-banner');
  if (age > 120) {
    if (!banner) {
@@ -556,7 +555,7 @@ async function loadLinks() {
    }
    const updEl = document.getElementById('links-updated');
    if (updEl && data.updated) {
-      updEl.textContent = 'Updated: ' + new Date(data.updated + (data.updated.includes('Z') ? '' : 'Z')).toLocaleTimeString();
+      updEl.textContent = 'Updated: ' + new Date(_toIso(data.updated)).toLocaleTimeString();
    }
    renderLinks(data);
    checkLinksStale(data.updated);
@@ -32,7 +32,7 @@
            <label class="lt-label" for="s-name">Target Name <span class="required">*</span></label>
            <input type="text" class="lt-input" id="s-name" name="target_name"
                   placeholder="hostname or device name" autocomplete="off"
-                   list="target-name-list">
+                   required aria-required="true" list="target-name-list">
            <datalist id="target-name-list">
              {% for name in snapshot.hosts.keys() | sort %}
              <option value="{{ name }}">
@@ -59,11 +59,11 @@
          <div class="lt-form-group">
            <label class="lt-label">Duration</label>
            <div class="duration-pills" role="group" aria-label="Select suppression duration">
-              <button type="button" class="pill" data-duration="30" aria-pressed="false">30 min</button>
+              <button type="button" class="pill" data-duration="30" aria-pressed="false" aria-label="30 minutes">30 min</button>
-              <button type="button" class="pill" data-duration="60" aria-pressed="false">1 hr</button>
+              <button type="button" class="pill" data-duration="60" aria-pressed="false" aria-label="1 hour">1 hr</button>
-              <button type="button" class="pill" data-duration="240" aria-pressed="false">4 hr</button>
+              <button type="button" class="pill" data-duration="240" aria-pressed="false" aria-label="4 hours">4 hr</button>
-              <button type="button" class="pill" data-duration="480" aria-pressed="false">8 hr</button>
+              <button type="button" class="pill" data-duration="480" aria-pressed="false" aria-label="8 hours">8 hr</button>
-              <button type="button" class="pill pill-manual active" data-duration="" aria-pressed="true">Manual ∞</button>
+              <button type="button" class="pill pill-manual active" data-duration="" aria-pressed="true" aria-label="Manual, no expiry">Manual ∞</button>
            </div>
            <input type="hidden" id="s-expires" name="expires_minutes" value="">
            <div class="lt-field-hint" id="s-dur-hint">Persists until manually removed.</div>
@@ -217,23 +217,16 @@
    const t = document.getElementById('s-type').value;
    document.getElementById('name-group').style.display = (t==='all') ? 'none' : '';
    document.getElementById('detail-group').style.display = (t==='interface') ? '' : 'none';
-    document.getElementById('s-name').required = (t!=='all');
+    const nameInput = document.getElementById('s-name');
    if (nameInput) {
      const req = (t !== 'all');
      nameInput.required = req;
      nameInput.setAttribute('aria-required', String(req));
    }
  }
  function setDur(mins, el) {
-    document.getElementById('s-expires').value = mins || '';
+    setDuration(mins, el, { expiresId: 's-expires', pillSel: '#create-suppression-form .pill', hintId: 's-dur-hint' });
    document.querySelectorAll('.duration-pills .pill').forEach(p => {
      p.classList.remove('active');
      p.setAttribute('aria-pressed', 'false');
    });
    if (el) { el.classList.add('active'); el.setAttribute('aria-pressed', 'true'); }
    const hint = document.getElementById('s-dur-hint');
    if (mins) {
      const h = Math.floor(mins/60), m = mins%60;
      hint.textContent = `Expires in ${h?h+'h ':''}${m?m+'m':''}`.trim()+'.';
    } else {
      hint.textContent = 'Persists until manually removed.';
    }
  }
  function renderActiveRows(rows) {
@@ -302,9 +295,7 @@
      showToast('Suppression applied', 'success');
      form.reset();
      onTypeChange();
-      document.querySelectorAll('.duration-pills .pill').forEach(p => p.classList.remove('active'));
+      setDur(null, document.querySelector('#create-suppression-form .pill-manual'));
      document.querySelector('.duration-pills .pill-manual')?.classList.add('active');
      document.getElementById('s-dur-hint').textContent = 'Persists until manually removed.';
      await refreshActive();
    } catch (err) {
      showToast(err.message || 'Error', 'error');
Author	SHA1	Message	Date
jared	b6ee45a842	fix: inspector.html stale/updated timestamp broken date parsing Lint / Python (flake8) (push) Successful in 1m8s Details Lint / JS (eslint) (push) Successful in 10s Details Security / Python Security (bandit) (push) Successful in 50s Details Test / Python Tests (pytest) (push) Successful in 52s Details Lint / Notify on failure (push) Has been skipped Details Lint / Deploy (push) Successful in 3s Details Same bug as was just fixed in links.html: data.updated is stored as "YYYY-MM-DD HH:MM:SS UTC" by monitor.py, so appending 'Z' produced "…UTCZ" — an invalid date. The stale-data warning and Updated timestamp in Inspector were silently showing "Invalid Date" and the stale overlay never fired. Fixed to use _toIso() (already global via app.js). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-11 13:25:17 -04:00
jared	9c4dd5df51	fix: admin-only suppression enforcement, links.html broken date parsing Lint / Python (flake8) (push) Successful in 40s Details Lint / JS (eslint) (push) Successful in 7s Details Security / Python Security (bandit) (push) Successful in 44s Details Test / Python Tests (pytest) (push) Successful in 49s Details Lint / Notify on failure (push) Has been skipped Details Lint / Deploy (push) Successful in 3s Details Security: add require_admin decorator; apply to POST/DELETE /api/suppressions and /suppressions page. Previously any user in allowed_groups could create or delete suppressions even though the nav restricts the UI to admins. Bug: links.html "Updated:" timestamp and stale-warning both produced Invalid Date because the raw "YYYY-MM-DD HH:MM:SS UTC" string was appended with 'Z' instead of being normalised through _toIso(). Fix both call sites to use _toIso(), and remove the now-redundant local _toIso redefinition. Style: use `with open(sentinel, 'w'): pass` consistently (was open().close() at avatar JPEG validation path). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-11 13:03:37 -04:00
jared	4e3d0a1f0a	fix: aria-required sync, aria-label pills, deduplicate setDuration logic Lint / Python (flake8) (push) Successful in 39s Details Lint / JS (eslint) (push) Successful in 7s Details Security / Python Security (bandit) (push) Successful in 1m3s Details Test / Python Tests (pytest) (push) Successful in 1m5s Details Lint / Notify on failure (push) Has been skipped Details Lint / Deploy (push) Successful in 3s Details - updateSuppressForm() now sets required + aria-required on sup-name/sup-detail when target type changes; sup-reason gets static aria-required="true" - onTypeChange() in suppressions page syncs aria-required on s-name - s-name in suppressions.html gets initial required/aria-required (default type=host) - Duration pills in both modal and suppressions page now have descriptive aria-label ("30 minutes", "1 hour", etc.) alongside the group aria-label - setDuration() in app.js accepts optional {expiresId,pillSel,hintId} opts so logic lives in one place; suppressions.html setDur() delegates to it - Post-create form reset uses setDur() instead of manually patching DOM Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-11 12:58:32 -04:00
jared	49869fd9f7	fix: inspector stale data warning, remove dead supported_modes code Lint / Python (flake8) (push) Successful in 40s Details Lint / JS (eslint) (push) Successful in 7s Details Security / Python Security (bandit) (push) Successful in 39s Details Test / Python Tests (pytest) (push) Successful in 55s Details Lint / Notify on failure (push) Has been skipped Details Lint / Deploy (push) Successful in 5s Details - inspector.html: show orange '⚠ Stale: HH:MM' with tooltip when link_stats data is >15 min old (previously just showed the time with no visual warning) - style.css: add .g-stale-warn helper class (orange, bold) for the stale indicator - diagnose.py: remove supported_modes accumulation from parse_ethtool() — field was collected but never consumed by analyze() or displayed anywhere Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-11 12:05:08 -04:00