gru/mikromon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
mikromon/README.md
Mateusz Gruszczyński e8f6c4c609 push
2026-03-05 15:53:33 +01:00

2.6 KiB
Raw Permalink Blame History

MikroMon - MikroTik RouterOS Realtime Monitoring (Flask MVP)

Minimalist, dark-themed web UI + full JSON API + realtime charts via Socket.IO.

Features

  • Multi-user accounts (Argon2 password hashing)
  • Devices: MikroTik RouterOS REST + optional SSH (paramiko)
  • Dashboards with widgets (presets + configurable)
  • Realtime streaming (polling workers -> Socket.IO rooms)
  • Sharing: per-user ACL (view/edit/manage) + public read-only links
  • Admin panel (master role)
  • SMTP password reset (token + TTL) + admin SMTP test
  • Audit log
  • Server-side sessions (DB)
  • CSRF (forms), rate-limiting for auth endpoints
  • Static cache-busting with MD5 hash query param and long cache headers

Quick start (dev, no Docker)

1) Create venv + install

python -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt

2) Configure env

Copy .env.example -> .env and edit.

3) Init DB (SQLite by default)

export FLASK_APP=app.py
flask db upgrade

4) Run

python app.py

Open: http://127.0.0.1:5000

Default admin:

  • email: admin@example.com
  • password: Admin123! (change immediately)

Realtime

  • Browser joins rooms per dashboard/device
  • Poller runs in-process by default (APScheduler) for dev.
  • Production: use Redis + RQ worker (see Docker).

API

  • JSON API lives under /api/v1/...
  • API explorer: /api/docs (lists endpoints + basic try-it)
  • Auth: session cookie (same as UI) + optional API token (personal token) can be added later.

Insecure TLS (self-signed)

Per-device allow_insecure_tls flag allows verify=False for REST. UI shows a warning. Use only if you understand the risk.

Credentials encryption

Device credentials are encrypted using Fernet symmetric encryption. Key comes from CRED_ENC_KEY env (base64).

Rotate key

  1. Set CRED_ENC_KEY_OLD to old key, CRED_ENC_KEY to new key.
  2. Run:
flask devices rotate-cred-key
  1. Remove CRED_ENC_KEY_OLD.

Reset admin password (CLI)

Option A (Flask CLI)

flask users set-password admin@example.com "NewStrongPassword123!"

Option B (script)

python scripts/set_admin_password.py admin@example.com "NewStrongPassword123!"

Tests

pytest -q

Docker

See docker-compose.yml. It can run app + Postgres + Redis + RQ worker.

Production notes

  • Put behind HTTPS reverse proxy (nginx/Traefik/Caddy)
  • Use Postgres/MySQL for multi-instance
  • Run workers separately (RQ/Celery) + Redis
  • Set SECRET_KEY, SESSION_COOKIE_SECURE=1, PREFERRED_URL_SCHEME=https
  • Configure rate limits and global per-user limits
Reference in New Issue View Git Blame Copy Permalink