95 lines
2.6 KiB
Markdown
95 lines
2.6 KiB
Markdown
# MikroMon - MikroTik RouterOS Realtime Monitoring (Flask MVP)
|
|
|
|
Minimalist, dark-themed web UI + full JSON API + realtime charts via Socket.IO.
|
|
|
|
## Features
|
|
- Multi-user accounts (Argon2 password hashing)
|
|
- Devices: MikroTik RouterOS REST + optional SSH (paramiko)
|
|
- Dashboards with widgets (presets + configurable)
|
|
- Realtime streaming (polling workers -> Socket.IO rooms)
|
|
- Sharing: per-user ACL (view/edit/manage) + public read-only links
|
|
- Admin panel (master role)
|
|
- SMTP password reset (token + TTL) + admin SMTP test
|
|
- Audit log
|
|
- Server-side sessions (DB)
|
|
- CSRF (forms), rate-limiting for auth endpoints
|
|
- Static cache-busting with MD5 hash query param and long cache headers
|
|
|
|
## Quick start (dev, no Docker)
|
|
### 1) Create venv + install
|
|
```bash
|
|
python -m venv .venv
|
|
source .venv/bin/activate
|
|
pip install -r requirements.txt
|
|
```
|
|
|
|
### 2) Configure env
|
|
Copy `.env.example` -> `.env` and edit.
|
|
|
|
### 3) Init DB (SQLite by default)
|
|
```bash
|
|
export FLASK_APP=app.py
|
|
flask db upgrade
|
|
```
|
|
|
|
### 4) Run
|
|
```bash
|
|
python app.py
|
|
```
|
|
Open: http://127.0.0.1:5000
|
|
|
|
Default admin:
|
|
- email: `admin@example.com`
|
|
- password: `Admin123!` (change immediately)
|
|
|
|
## Realtime
|
|
- Browser joins rooms per dashboard/device
|
|
- Poller runs in-process by default (APScheduler) for dev.
|
|
- Production: use Redis + RQ worker (see Docker).
|
|
|
|
## API
|
|
- JSON API lives under `/api/v1/...`
|
|
- API explorer: `/api/docs` (lists endpoints + basic try-it)
|
|
- Auth: session cookie (same as UI) + optional API token (personal token) can be added later.
|
|
|
|
## Insecure TLS (self-signed)
|
|
Per-device `allow_insecure_tls` flag allows `verify=False` for REST.
|
|
UI shows a warning. Use only if you understand the risk.
|
|
|
|
## Credentials encryption
|
|
Device credentials are encrypted using Fernet symmetric encryption.
|
|
Key comes from `CRED_ENC_KEY` env (base64).
|
|
### Rotate key
|
|
1) Set `CRED_ENC_KEY_OLD` to old key, `CRED_ENC_KEY` to new key.
|
|
2) Run:
|
|
```bash
|
|
flask devices rotate-cred-key
|
|
```
|
|
3) Remove `CRED_ENC_KEY_OLD`.
|
|
|
|
## Reset admin password (CLI)
|
|
### Option A (Flask CLI)
|
|
```bash
|
|
flask users set-password admin@example.com "NewStrongPassword123!"
|
|
```
|
|
### Option B (script)
|
|
```bash
|
|
python scripts/set_admin_password.py admin@example.com "NewStrongPassword123!"
|
|
```
|
|
|
|
## Tests
|
|
```bash
|
|
pytest -q
|
|
```
|
|
|
|
## Docker
|
|
See `docker-compose.yml`. It can run app + Postgres + Redis + RQ worker.
|
|
|
|
## Production notes
|
|
- Put behind HTTPS reverse proxy (nginx/Traefik/Caddy)
|
|
- Use Postgres/MySQL for multi-instance
|
|
- Run workers separately (RQ/Celery) + Redis
|
|
- Set `SECRET_KEY`, `SESSION_COOKIE_SECURE=1`, `PREFERRED_URL_SCHEME=https`
|
|
- Configure rate limits and global per-user limits
|
|
|