added custom web html

2025-09-28 21:28:39 +01:00
parent 22185904be
commit fde81e982a
17 changed files with 2403 additions and 53 deletions
@@ -38,6 +38,7 @@ func initTemplates() error {
        "templates/settings.html",
        "templates/threat_reports.html",
        "templates/threat_rules.html",
+        "templates/webtemplates.html",
        "templates/users.html",
    )
    if err != nil { return err }
@@ -71,6 +72,12 @@ func (a *App) startWeb() {
 		
 		// Register blocklist export routes (public endpoints for threat intelligence sharing)
 		a.threatManager.GetBlocklistExporter().RegisterExportRoutes(mux, securityManager)
+		
+		// Register web template management routes (admin only)
+		a.threatManager.GetWebTemplateAPI().RegisterRoutes(mux, securityManager)
+		
+		// Register web services management routes (admin only)
+		a.threatManager.GetWebServicesAPI().RegisterRoutes(mux, securityManager)
 	}

 	// Secure dashboard routes with authentication
@@ -176,6 +183,10 @@ func (a *App) startWeb() {
                    SIP int `json:"sip"`
                    VNC int `json:"vnc"`
                } `json:"ports"`
+                Web struct {
+                    HTTPTemplateName  string `json:"http_template_name"`
+                    HTTPSTemplateName string `json:"https_template_name"`
+                } `json:"web"`
            }
            if err := json.NewDecoder(r.Body).Decode(&in); err != nil {
                w.WriteHeader(http.StatusBadRequest)
@@ -213,11 +224,24 @@ func (a *App) startWeb() {
            a.cfg.Ports.SIP = in.Ports.SIP
            a.cfg.Ports.VNC = in.Ports.VNC

+            // Update web template settings
+            a.cfg.Web.HTTPTemplateName = in.Web.HTTPTemplateName
+            a.cfg.Web.HTTPSTemplateName = in.Web.HTTPSTemplateName
+
            // Persist to ./config.json
            if b, err := json.MarshalIndent(a.cfg, "", "  "); err == nil {
                _ = os.WriteFile("config.json", b, 0644)
            }
-            _ = json.NewEncoder(w).Encode(map[string]string{"status":"ok"})
+            
+            // Generate new CSRF token for subsequent requests
+            response := map[string]string{"status": "ok"}
+            if a.threatManager != nil {
+                if newToken, err := a.threatManager.GetSecurityManager().GenerateCSRFToken(); err == nil {
+                    response["csrf_token"] = newToken
+                    w.Header().Set("X-CSRF-Token", newToken)
+                }
+            }
+            _ = json.NewEncoder(w).Encode(response)
            return
        default:
            w.WriteHeader(http.StatusMethodNotAllowed)
@@ -227,7 +251,16 @@ func (a *App) startWeb() {
    // Restart endpoint: triggers app restart
    mux.HandleFunc("/api/restart", apiAuthMiddleware(csrfMiddleware(func(w http.ResponseWriter, r *http.Request) {
        if r.Method != http.MethodPost { w.WriteHeader(http.StatusMethodNotAllowed); return }
-        _ = json.NewEncoder(w).Encode(map[string]string{"status":"restarting"})
+        
+        // Generate new CSRF token for subsequent requests
+        response := map[string]string{"status": "restarting"}
+        if a.threatManager != nil {
+            if newToken, err := a.threatManager.GetSecurityManager().GenerateCSRFToken(); err == nil {
+                response["csrf_token"] = newToken
+                w.Header().Set("X-CSRF-Token", newToken)
+            }
+        }
+        _ = json.NewEncoder(w).Encode(response)
        go func(){ time.Sleep(700*time.Millisecond); a.Restart() }()
    })))
    mux.HandleFunc("/logs", authMiddleware(func(w http.ResponseWriter, r *http.Request) {
@@ -374,7 +407,7 @@ func (a *App) startWeb() {
        http.Error(w, "templates not loaded", 500)
    }))

-    // Users page (Admin only)
+    // Role middleware setup for admin pages
    var roleMiddleware func(string) func(http.HandlerFunc) http.HandlerFunc
    if a.threatManager != nil {
        roleMiddleware = a.threatManager.GetSecurityManager().RoleMiddleware
@@ -385,6 +418,24 @@ func (a *App) startWeb() {
        }
    }
    
+    // Web Templates page (Admin only)
+    mux.HandleFunc("/webtemplates", authMiddleware(roleMiddleware("admin")(func(w http.ResponseWriter, r *http.Request) {
+        data := map[string]any{
+            "Now":         time.Now().Format("2006-01-02 15:04:05 MST"),
+            "PageTitle":   "webtemplates_title",
+            "PageContent": "webtemplates_content",
+        }
+        // Add CSRF token if security manager is available
+        if a.threatManager != nil {
+            a.threatManager.GetSecurityManager().AddCSRFToken(w, data)
+        }
+        if templates != nil {
+            _ = templates.ExecuteTemplate(w, "layout.html", data)
+            return
+        }
+        http.Error(w, "templates not loaded", 500)
+    })))
+    
    mux.HandleFunc("/users", authMiddleware(roleMiddleware("admin")(func(w http.ResponseWriter, r *http.Request) {
        // Get current user from context
        var currentUser interface{}