webui

Documentation

Index

• Constants
• Variables
• func EnsureTLSCert(certPath, keyPath string, extraNames ...string) error
• func SettingsSectionIDs() []string
• type IPBlocker
• type OptionGroup
• type Server
  • func New(cfg *config.Config, store *state.Store) (*Server, error)
  • func (s *Server) Broadcast(_ []alert.Finding)
  • func (s *Server) HasUI() bool
  • func (s *Server) SetEmailAVWatcherMode(mode string)
  • func (s *Server) SetEmailQuarantine(q *emailav.Quarantine)
  • func (s *Server) SetFindingBus(bus *broadcast.Bus)
  • func (s *Server) SetGeoIPDB(db *geoip.DB)
  • func (s *Server) SetHealthInfo(fanotifyActive bool, logWatchers int)
  • func (s *Server) SetHealthProvider(p health.Provider)
  • func (s *Server) SetIPBlocker(b IPBlocker)
  • func (s *Server) SetIncidentCorrelator(c *incident.Correlator)
  • func (s *Server) SetSigCount(count int)
  • func (s *Server) SetVersion(v string)
  • func (s *Server) Shutdown(ctx context.Context) error
  • func (s *Server) Start() error
• type SettingsField
• type SettingsSection
  • func AllSettingsSections() []SettingsSection
  • func LookupSettingsSection(id string) (SettingsSection, bool)
• type UIAuditEntry

Constants

const (
	SectionGroupAlerting     = "Alerting"
	SectionGroupDetection    = "Detection"
	SectionGroupFirewall     = "Firewall"
	SectionGroupIntegrations = "Integrations"
	SectionGroupOps          = "Operations"
)

Section groups for the sidebar. Order here defines order in the UI.

Variables

var SectionGroupOrder = []string{
	SectionGroupAlerting,
	SectionGroupDetection,
	SectionGroupFirewall,
	SectionGroupIntegrations,
	SectionGroupOps,
}

SectionGroupOrder is the display order of sidebar group headers.

Functions

func EnsureTLSCert

func EnsureTLSCert(certPath, keyPath string, extraNames ...string) error

EnsureTLSCert generates a self-signed ECDSA P-256 certificate if the cert and key files don't exist. Includes localhost and the server hostname in the certificate SANs.

func SettingsSectionIDs

func SettingsSectionIDs() []string

SettingsSectionIDs returns the ordered list of section IDs.

Types

type IPBlocker

type IPBlocker interface {
	BlockIP(ip string, reason string, timeout time.Duration) error
	UnblockIP(ip string) error
}

IPBlocker abstracts the firewall engine for block/unblock operations.

type OptionGroup

type OptionGroup struct {
	Label  string   `json:"label"`
	Values []string `json:"values"`
}

OptionGroup is an ordered label + values pair used to render grouped multi-select options (e.g. "Authentication & Login" → [cpanel_login, ...]).

type Server

type Server struct {
	// contains filtered or unexported fields
}

Server is the web UI HTTP server. Serves API always; serves HTML pages and static files only if the UI directory exists on disk.

func New

func New(cfg *config.Config, store *state.Store) (*Server, error)

New creates a new web UI server.

func (*Server) Broadcast

func (s *Server) Broadcast(_ []alert.Finding)

Broadcast is a no-op kept for daemon compatibility; dashboard uses polling.

func (*Server) HasUI

func (s *Server) HasUI() bool

HasUI returns true if UI templates were loaded from disk.

func (*Server) SetEmailAVWatcherMode

func (s *Server) SetEmailAVWatcherMode(mode string)

SetEmailAVWatcherMode sets the watcher mode string for the email AV status API.

func (*Server) SetEmailQuarantine

func (s *Server) SetEmailQuarantine(q *emailav.Quarantine)

SetEmailQuarantine sets the email quarantine for the email AV API endpoints.

func (*Server) SetFindingBus

func (s *Server) SetFindingBus(bus *broadcast.Bus)

SetFindingBus installs the broadcaster the SSE event stream subscribes to. The webui constructs without one so unit tests work without a daemon; the daemon must call this before any request hits /api/v1/events.

func (*Server) SetGeoIPDB

func (s *Server) SetGeoIPDB(db *geoip.DB)

SetGeoIPDB sets the GeoIP database for IP lookups.

func (*Server) SetHealthInfo

func (s *Server) SetHealthInfo(fanotifyActive bool, logWatchers int)

SetHealthInfo sets daemon health info for the health API.

func (*Server) SetHealthProvider

func (s *Server) SetHealthProvider(p health.Provider)

SetHealthProvider installs the daemon's health provider. The webui constructs without one so unit tests can run without a daemon; the daemon must call this before any request hits /api/v1/status.

func (*Server) SetIPBlocker

func (s *Server) SetIPBlocker(b IPBlocker)

SetIPBlocker sets the firewall engine for block/unblock operations.

func (*Server) SetIncidentCorrelator

func (s *Server) SetIncidentCorrelator(c *incident.Correlator)

SetIncidentCorrelator wires the incident correlator. Called once at startup; treated as immutable after first set.

func (*Server) SetSigCount

func (s *Server) SetSigCount(count int)

SetSigCount sets the loaded signature count for the status API.

func (*Server) SetVersion

func (s *Server) SetVersion(v string)

SetVersion sets the application version for display in the UI.

func (*Server) Shutdown

func (s *Server) Shutdown(ctx context.Context) error

Shutdown gracefully stops the server.

func (*Server) Start

func (s *Server) Start() error

Start starts the HTTPS server. Blocks until shutdown.

type SettingsField

type SettingsField struct {
	YAMLPath      string        `json:"yaml_path"`
	Type          string        `json:"type"`
	Label         string        `json:"label"`
	Help          string        `json:"help,omitempty"`
	Secret        bool          `json:"secret,omitempty"`
	Nullable      bool          `json:"nullable,omitempty"`
	Min           *int64        `json:"min,omitempty"`
	Max           *int64        `json:"max,omitempty"`
	Options       []string      `json:"options,omitempty"`
	OptionGroups  []OptionGroup `json:"option_groups,omitempty"`
	OptionsSource string        `json:"options_source,omitempty"`
	Placeholder   string        `json:"placeholder,omitempty"`
}

SettingsField describes a single editable leaf within a settings section. YAMLPath is the dotted key path relative to the section's YAMLPath. For example inside the Alerts section, the field with YAMLPath "email.enabled" has full path "alerts.email.enabled".

For Type "[]enum" fields, Options and/or OptionGroups are resolved at request time. A field may either declare a static Options list or set OptionsSource to have the handler populate Options/OptionGroups from a registry ("check_names", "geoip_editions").

type SettingsSection

type SettingsSection struct {
	ID       string          `json:"id"`
	Title    string          `json:"title"`
	YAMLPath string          `json:"yaml_path"`
	Restart  bool            `json:"restart_hint"`
	Icon     string          `json:"icon,omitempty"`
	Group    string          `json:"group,omitempty"`
	Fields   []SettingsField `json:"fields"`
}

SettingsSection groups the fields of one top-level Config sub-tree. YAMLPath is the root key in csm.yaml (e.g. "auto_response"). ID is the URL-path identifier used by the API. Restart is a UI hint based on the current hotreload struct tag; final safe-vs-restart authority comes from config.Diff at runtime. Icon is a Tabler icon suffix (e.g. "bell" for "ti ti-bell"); Group is the nav category the section lives in ("Alerting", "Detection", "Integrations", "Ops").

func AllSettingsSections

func AllSettingsSections() []SettingsSection

AllSettingsSections returns the list of sections. Intended for read-only consumers such as the dashboard navigation.

func LookupSettingsSection

func LookupSettingsSection(id string) (SettingsSection, bool)

LookupSettingsSection returns the section with the given ID.

type UIAuditEntry

type UIAuditEntry struct {
	Timestamp time.Time `json:"timestamp"`
	Action    string    `json:"action"`              // block, unblock, dismiss, fix, whitelist, etc.
	Target    string    `json:"target"`              // IP, finding key, file path
	Details   string    `json:"details,omitempty"`   // extra context
	SourceIP  string    `json:"source_ip,omitempty"` // admin's IP
}

UIAuditEntry records a UI action for compliance and accountability.