push
This commit is contained in:
Mateusz Gruszczyński
94
README.md
Normal file
94
README.md
Normal file
@@ -0,0 +1,94 @@
|
||||
# MikroMon - MikroTik RouterOS Realtime Monitoring (Flask MVP)
|
||||
|
||||
Minimalist, dark-themed web UI + full JSON API + realtime charts via Socket.IO.
|
||||
|
||||
## Features
|
||||
- Multi-user accounts (Argon2 password hashing)
|
||||
- Devices: MikroTik RouterOS REST + optional SSH (paramiko)
|
||||
- Dashboards with widgets (presets + configurable)
|
||||
- Realtime streaming (polling workers -> Socket.IO rooms)
|
||||
- Sharing: per-user ACL (view/edit/manage) + public read-only links
|
||||
- Admin panel (master role)
|
||||
- SMTP password reset (token + TTL) + admin SMTP test
|
||||
- Audit log
|
||||
- Server-side sessions (DB)
|
||||
- CSRF (forms), rate-limiting for auth endpoints
|
||||
- Static cache-busting with MD5 hash query param and long cache headers
|
||||
|
||||
## Quick start (dev, no Docker)
|
||||
### 1) Create venv + install
|
||||
```bash
|
||||
python -m venv .venv
|
||||
source .venv/bin/activate
|
||||
pip install -r requirements.txt
|
||||
```
|
||||
|
||||
### 2) Configure env
|
||||
Copy `.env.example` -> `.env` and edit.
|
||||
|
||||
### 3) Init DB (SQLite by default)
|
||||
```bash
|
||||
export FLASK_APP=app.py
|
||||
flask db upgrade
|
||||
```
|
||||
|
||||
### 4) Run
|
||||
```bash
|
||||
python app.py
|
||||
```
|
||||
Open: http://127.0.0.1:5000
|
||||
|
||||
Default admin:
|
||||
- email: `admin@example.com`
|
||||
- password: `Admin123!` (change immediately)
|
||||
|
||||
## Realtime
|
||||
- Browser joins rooms per dashboard/device
|
||||
- Poller runs in-process by default (APScheduler) for dev.
|
||||
- Production: use Redis + RQ worker (see Docker).
|
||||
|
||||
## API
|
||||
- JSON API lives under `/api/v1/...`
|
||||
- API explorer: `/api/docs` (lists endpoints + basic try-it)
|
||||
- Auth: session cookie (same as UI) + optional API token (personal token) can be added later.
|
||||
|
||||
## Insecure TLS (self-signed)
|
||||
Per-device `allow_insecure_tls` flag allows `verify=False` for REST.
|
||||
UI shows a warning. Use only if you understand the risk.
|
||||
|
||||
## Credentials encryption
|
||||
Device credentials are encrypted using Fernet symmetric encryption.
|
||||
Key comes from `CRED_ENC_KEY` env (base64).
|
||||
### Rotate key
|
||||
1) Set `CRED_ENC_KEY_OLD` to old key, `CRED_ENC_KEY` to new key.
|
||||
2) Run:
|
||||
```bash
|
||||
flask devices rotate-cred-key
|
||||
```
|
||||
3) Remove `CRED_ENC_KEY_OLD`.
|
||||
|
||||
## Reset admin password (CLI)
|
||||
### Option A (Flask CLI)
|
||||
```bash
|
||||
flask users set-password admin@example.com "NewStrongPassword123!"
|
||||
```
|
||||
### Option B (script)
|
||||
```bash
|
||||
python scripts/set_admin_password.py admin@example.com "NewStrongPassword123!"
|
||||
```
|
||||
|
||||
## Tests
|
||||
```bash
|
||||
pytest -q
|
||||
```
|
||||
|
||||
## Docker
|
||||
See `docker-compose.yml`. It can run app + Postgres + Redis + RQ worker.
|
||||
|
||||
## Production notes
|
||||
- Put behind HTTPS reverse proxy (nginx/Traefik/Caddy)
|
||||
- Use Postgres/MySQL for multi-instance
|
||||
- Run workers separately (RQ/Celery) + Redis
|
||||
- Set `SECRET_KEY`, `SESSION_COOKIE_SECURE=1`, `PREFERRED_URL_SCHEME=https`
|
||||
- Configure rate limits and global per-user limits
|
||||
|
||||
Reference in New Issue
Block a user