Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 4b29f55518 | |||
| e8796d443e | |||
| 24aad5cdc0 | |||
| 27c1584dc3 | |||
| c89adeea97 | |||
| 8f51be8515 | |||
| 0490a1220b | |||
| 4b73b53dd6 | |||
| 75943fbe2b |
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "dashboard/unifi",
|
||||
"description": "UniFi network management, WiFi stats, and captive portal authentication for the Dashboard platform",
|
||||
"version": "1.4.0",
|
||||
"version": "1.6.2",
|
||||
"type": "library",
|
||||
"license": "MIT",
|
||||
"autoload": {
|
||||
@@ -27,8 +27,6 @@
|
||||
{ "label": "Devices", "route_name": "unifi.devices", "icon": "cpu-chip", "permission": "unifi.stats", "sort_order": 3 },
|
||||
{ "label": "Clients", "route_name": "unifi.clients", "icon": "users", "permission": "unifi.stats", "sort_order": 4 },
|
||||
{ "label": "WiFi Networks", "route_name": "unifi.wifi", "icon": "wifi", "permission": "unifi.manage", "sort_order": 5 },
|
||||
{ "label": "Portal", "route_name": "unifi.portal.settings", "icon": "shield-check", "permission": "unifi.auth", "sort_order": 6 },
|
||||
{ "label": "Webhooks", "route_name": "unifi.webhooks.index", "icon": "bell-alert", "permission": "unifi.settings", "sort_order": 7 },
|
||||
{ "label": "Settings", "route_name": "unifi.settings", "icon": "cog-6-tooth", "permission": "unifi.settings", "sort_order": 99 }
|
||||
],
|
||||
"permissions": [
|
||||
|
||||
@@ -0,0 +1,32 @@
|
||||
<?php
|
||||
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
|
||||
return new class extends Migration
|
||||
{
|
||||
/**
|
||||
* Structured log of every unifi scheduled-task execution: AP reboots,
|
||||
* password rotations, PPSK schedule syncs. One row per run.
|
||||
* Surfaced in the Logs tab of the Unifi settings page.
|
||||
*/
|
||||
public function up(): void
|
||||
{
|
||||
Schema::create('unifi_cron_runs', function (Blueprint $table) {
|
||||
$table->id();
|
||||
$table->string('command', 64)->index(); // 'reboot-all-aps' | 'rotate-passwords' | 'sync-ppsk-schedules'
|
||||
$table->enum('triggered_by', ['schedule', 'manual']);
|
||||
$table->foreignId('triggered_by_user_id')->nullable()->constrained('users')->nullOnDelete();
|
||||
$table->timestamp('started_at')->index();
|
||||
$table->timestamp('finished_at')->nullable();
|
||||
$table->string('status', 16); // 'running' | 'succeeded' | 'partial' | 'failed' | 'skipped'
|
||||
$table->longText('details')->nullable(); // JSON: counts, per-item actions, error summary
|
||||
});
|
||||
}
|
||||
|
||||
public function down(): void
|
||||
{
|
||||
Schema::dropIfExists('unifi_cron_runs');
|
||||
}
|
||||
};
|
||||
@@ -0,0 +1,32 @@
|
||||
<?php
|
||||
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
|
||||
return new class extends Migration
|
||||
{
|
||||
public function up(): void
|
||||
{
|
||||
Schema::table('unifi_webhook_configs', function (Blueprint $table) {
|
||||
if (! Schema::hasColumn('unifi_webhook_configs', 'tracked_clients')) {
|
||||
$table->json('tracked_clients')->nullable()->after('device_filter');
|
||||
}
|
||||
if (! Schema::hasColumn('unifi_webhook_configs', 'templates')) {
|
||||
$table->json('templates')->nullable()->after('tracked_clients');
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
public function down(): void
|
||||
{
|
||||
Schema::table('unifi_webhook_configs', function (Blueprint $table) {
|
||||
if (Schema::hasColumn('unifi_webhook_configs', 'templates')) {
|
||||
$table->dropColumn('templates');
|
||||
}
|
||||
if (Schema::hasColumn('unifi_webhook_configs', 'tracked_clients')) {
|
||||
$table->dropColumn('tracked_clients');
|
||||
}
|
||||
});
|
||||
}
|
||||
};
|
||||
@@ -0,0 +1,26 @@
|
||||
<?php
|
||||
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
|
||||
return new class extends Migration
|
||||
{
|
||||
public function up(): void
|
||||
{
|
||||
Schema::table('unifi_device_states', function (Blueprint $table) {
|
||||
if (! Schema::hasColumn('unifi_device_states', 'consecutive_count')) {
|
||||
$table->unsignedSmallInteger('consecutive_count')->default(0)->after('in_alert');
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
public function down(): void
|
||||
{
|
||||
Schema::table('unifi_device_states', function (Blueprint $table) {
|
||||
if (Schema::hasColumn('unifi_device_states', 'consecutive_count')) {
|
||||
$table->dropColumn('consecutive_count');
|
||||
}
|
||||
});
|
||||
}
|
||||
};
|
||||
@@ -2,61 +2,68 @@
|
||||
|
||||
namespace Dashboard\Unifi\Console;
|
||||
|
||||
use Dashboard\Unifi\Models\UnifiCronRun;
|
||||
use Dashboard\Unifi\Services\UnifiApiClient;
|
||||
use Illuminate\Console\Command;
|
||||
use Illuminate\Support\Facades\Cache;
|
||||
|
||||
class RebootAllAps extends Command
|
||||
{
|
||||
protected $signature = 'unifi:reboot-all-aps {--delay=5 : Seconds to wait between each reboot}';
|
||||
protected $signature = 'unifi:reboot-all-aps {--delay=5 : Seconds to wait between each reboot} {--triggered-by=schedule}';
|
||||
protected $description = 'Planned reboot of all access points — suppresses webhook offline/online alerts';
|
||||
|
||||
public function handle(UnifiApiClient $unifi): int
|
||||
{
|
||||
try {
|
||||
$aps = $unifi->getAccessPoints();
|
||||
} catch (\Throwable $e) {
|
||||
$this->error('Failed to fetch APs: ' . $e->getMessage());
|
||||
return self::FAILURE;
|
||||
}
|
||||
$run = UnifiCronRun::record(
|
||||
'reboot-all-aps',
|
||||
$this->option('triggered-by') ?: 'schedule',
|
||||
null,
|
||||
function () use ($unifi) {
|
||||
$aps = $unifi->getAccessPoints();
|
||||
|
||||
if (empty($aps)) {
|
||||
$this->warn('No access points found.');
|
||||
return self::SUCCESS;
|
||||
}
|
||||
if (empty($aps)) {
|
||||
$this->warn('No access points found.');
|
||||
return ['status' => 'skipped', 'reason' => 'no APs found'];
|
||||
}
|
||||
|
||||
$delay = max(0, (int) $this->option('delay'));
|
||||
$delay = max(0, (int) $this->option('delay'));
|
||||
$rebooted = [];
|
||||
$failed = [];
|
||||
|
||||
// Pre-mark all APs as planned reboots before sending any commands
|
||||
foreach ($aps as $ap) {
|
||||
$mac = strtolower($ap['mac']);
|
||||
Cache::put("unifi:planned_reboot:{$mac}", true, now()->addMinutes(20));
|
||||
$this->line("Marked planned reboot: {$ap['name']} ({$mac})");
|
||||
}
|
||||
foreach ($aps as $ap) {
|
||||
$mac = strtolower($ap['mac']);
|
||||
Cache::put("unifi:planned_reboot:{$mac}", true, now()->addMinutes(20));
|
||||
$this->line("Marked planned reboot: {$ap['name']} ({$mac})");
|
||||
}
|
||||
$this->newLine();
|
||||
|
||||
$this->newLine();
|
||||
$ok = 0;
|
||||
$fail = 0;
|
||||
foreach ($aps as $ap) {
|
||||
$mac = strtolower($ap['mac']);
|
||||
$name = $ap['name'] ?? $mac;
|
||||
try {
|
||||
$unifi->rebootDevice($mac);
|
||||
$this->info("Rebooted: {$name} ({$mac})");
|
||||
$rebooted[] = $name;
|
||||
} catch (\Throwable $e) {
|
||||
$this->error("Failed to reboot {$name}: {$e->getMessage()}");
|
||||
$failed[] = ['name' => $name, 'error' => $e->getMessage()];
|
||||
}
|
||||
|
||||
foreach ($aps as $ap) {
|
||||
$mac = strtolower($ap['mac']);
|
||||
$name = $ap['name'] ?? $mac;
|
||||
try {
|
||||
$unifi->rebootDevice($mac);
|
||||
$this->info("Rebooted: {$name} ({$mac})");
|
||||
$ok++;
|
||||
} catch (\Throwable $e) {
|
||||
$this->error("Failed to reboot {$name}: {$e->getMessage()}");
|
||||
$fail++;
|
||||
if ($delay > 0 && count($rebooted) + count($failed) < count($aps)) {
|
||||
sleep($delay);
|
||||
}
|
||||
}
|
||||
|
||||
return [
|
||||
'status' => count($failed) === 0 ? 'succeeded' : (count($rebooted) > 0 ? 'partial' : 'failed'),
|
||||
'rebooted' => $rebooted,
|
||||
'failed' => $failed,
|
||||
'total' => count($aps),
|
||||
];
|
||||
}
|
||||
);
|
||||
|
||||
if ($delay > 0 && $ok + $fail < count($aps)) {
|
||||
sleep($delay);
|
||||
}
|
||||
}
|
||||
|
||||
$this->newLine();
|
||||
$this->info("Done. {$ok} rebooted, {$fail} failed.");
|
||||
return $fail > 0 ? self::FAILURE : self::SUCCESS;
|
||||
$this->info("Done. Status: {$run->status}.");
|
||||
return $run->status === 'failed' ? self::FAILURE : self::SUCCESS;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,76 +3,112 @@
|
||||
namespace Dashboard\Unifi\Console;
|
||||
|
||||
use App\Models\Setting;
|
||||
use Dashboard\Unifi\Models\UnifiCronRun;
|
||||
use Dashboard\Unifi\Models\UnifiPpsk;
|
||||
use Dashboard\Unifi\Services\UnifiApiClient;
|
||||
use Illuminate\Console\Command;
|
||||
use Illuminate\Support\Carbon;
|
||||
|
||||
class RotatePasswords extends Command
|
||||
{
|
||||
protected $signature = 'unifi:rotate-passwords {--force : Run regardless of schedule}';
|
||||
protected $signature = 'unifi:rotate-passwords {--force : Run regardless of schedule} {--triggered-by=schedule}';
|
||||
protected $description = 'Rotate WiFi passwords for SSIDs configured with a wordlist schedule';
|
||||
|
||||
public function handle(UnifiApiClient $unifi): int
|
||||
{
|
||||
if (! Setting::get('unifi.password_rotation.enabled')) {
|
||||
return self::SUCCESS;
|
||||
}
|
||||
|
||||
$wlanIdsJson = Setting::get('unifi.password_rotation.wlan_ids', '[]');
|
||||
$wlanIds = json_decode($wlanIdsJson, true);
|
||||
|
||||
if (empty($wlanIds) || ! is_array($wlanIds)) {
|
||||
return self::SUCCESS;
|
||||
}
|
||||
|
||||
$wordlist = Setting::get('unifi.password_rotation.wordlist', '');
|
||||
$passwords = array_values(array_filter(array_map('trim', explode("\n", $wordlist))));
|
||||
|
||||
if (empty($passwords)) {
|
||||
$this->warn('Password rotation: no passwords in wordlist — skipped.');
|
||||
// Don't log anything — the scheduler runs this every minute
|
||||
// and we'd flood the logs with "rotation disabled" rows.
|
||||
return self::SUCCESS;
|
||||
}
|
||||
|
||||
if (! $this->option('force') && ! $this->isDue()) {
|
||||
// Same reasoning — only log when we actually do something.
|
||||
return self::SUCCESS;
|
||||
}
|
||||
|
||||
$password = $passwords[array_rand($passwords)];
|
||||
$rotated = 0;
|
||||
$force = $this->option('force');
|
||||
$triggeredBy = $this->option('triggered-by') ?: 'schedule';
|
||||
|
||||
foreach ($wlanIds as $wlanId) {
|
||||
try {
|
||||
$unifi->updateWlan($wlanId, ['x_passphrase' => $password]);
|
||||
$rotated++;
|
||||
} catch (\Throwable $e) {
|
||||
$this->error("Failed to rotate wlan {$wlanId}: {$e->getMessage()}");
|
||||
$run = UnifiCronRun::record('rotate-passwords', $triggeredBy, null, function () use ($unifi, $force) {
|
||||
$wlanIdsJson = Setting::get('unifi.password_rotation.wlan_ids', '[]');
|
||||
$wlanIds = json_decode($wlanIdsJson, true);
|
||||
if (! is_array($wlanIds)) $wlanIds = [];
|
||||
|
||||
$ppskQuery = UnifiPpsk::where('rotate_password', true)
|
||||
->where('state', 'active')
|
||||
->whereNotNull('unifi_id');
|
||||
|
||||
// Skip only if there's nothing at all to rotate — neither
|
||||
// whole-SSID rotation targets nor per-PPSK rotation opt-ins.
|
||||
if (empty($wlanIds) && ! $ppskQuery->exists()) {
|
||||
return ['status' => 'skipped', 'reason' => 'no SSIDs or PPSKs configured for rotation'];
|
||||
}
|
||||
}
|
||||
|
||||
if ($rotated > 0) {
|
||||
Setting::set('unifi.password_rotation.last_rotated_at', now()->toIso8601String());
|
||||
$this->info("Rotated password for {$rotated} SSID(s).");
|
||||
}
|
||||
$wordlist = Setting::get('unifi.password_rotation.wordlist', '');
|
||||
$passwords = array_values(array_filter(array_map('trim', explode("\n", $wordlist))));
|
||||
|
||||
// ── Rotate PPSK passwords ────────────────────────────────────────────
|
||||
$rotatedPpsks = 0;
|
||||
foreach (UnifiPpsk::where('rotate_password', true)->where('state', 'active')->whereNotNull('unifi_id')->get() as $ppsk) {
|
||||
// Each PPSK gets its own independently-chosen password from the wordlist
|
||||
$newPass = $passwords[array_rand($passwords)];
|
||||
try {
|
||||
$unifi->updatePpsk($ppsk->unifi_id, ['x_passphrase' => $newPass]);
|
||||
$ppsk->update(['x_passphrase' => $newPass]);
|
||||
$rotatedPpsks++;
|
||||
} catch (\Throwable $e) {
|
||||
$this->error("Failed to rotate PPSK \"{$ppsk->name}\": {$e->getMessage()}");
|
||||
if (empty($passwords)) {
|
||||
$this->warn('Password rotation: no passwords in wordlist — skipped.');
|
||||
return ['status' => 'skipped', 'reason' => 'empty wordlist'];
|
||||
}
|
||||
}
|
||||
if ($rotatedPpsks > 0) {
|
||||
$this->info("Rotated password for {$rotatedPpsks} PPSK(s).");
|
||||
}
|
||||
|
||||
return self::SUCCESS;
|
||||
$password = $passwords[array_rand($passwords)];
|
||||
$rotated = [];
|
||||
$failedWlans = [];
|
||||
|
||||
foreach ($wlanIds as $wlanId) {
|
||||
try {
|
||||
$unifi->updateWlan($wlanId, ['x_passphrase' => $password]);
|
||||
$rotated[] = $wlanId;
|
||||
} catch (\Throwable $e) {
|
||||
$this->error("Failed to rotate wlan {$wlanId}: {$e->getMessage()}");
|
||||
$failedWlans[] = ['wlan_id' => $wlanId, 'error' => $e->getMessage()];
|
||||
}
|
||||
}
|
||||
|
||||
if ($rotated) {
|
||||
Setting::set('unifi.password_rotation.last_rotated_at', now()->toIso8601String());
|
||||
// Persist the active password so it can be displayed in
|
||||
// the Settings page and exposed via the API endpoint.
|
||||
Setting::set('unifi.password_rotation.last_password', $password);
|
||||
$this->info('Rotated password for ' . count($rotated) . ' SSID(s).');
|
||||
}
|
||||
|
||||
$rotatedPpsks = [];
|
||||
$failedPpsks = [];
|
||||
foreach ($ppskQuery->get() as $ppsk) {
|
||||
$newPass = $passwords[array_rand($passwords)];
|
||||
try {
|
||||
if (str_starts_with((string) $ppsk->unifi_id, 'emb_')) {
|
||||
// Embedded PPSK: update inside the parent WLAN object.
|
||||
// Synthetic ID is derived from the new passphrase, so update it too.
|
||||
$unifi->updateEmbeddedPpsk($ppsk->wlan_id, $ppsk->x_passphrase, $newPass);
|
||||
$newUid = 'emb_' . substr(hash('sha256', $ppsk->wlan_id . ':' . $newPass), 0, 32);
|
||||
$ppsk->update(['x_passphrase' => $newPass, 'unifi_id' => $newUid]);
|
||||
} else {
|
||||
$unifi->updatePpsk($ppsk->unifi_id, ['x_passphrase' => $newPass]);
|
||||
$ppsk->update(['x_passphrase' => $newPass]);
|
||||
}
|
||||
$rotatedPpsks[] = $ppsk->name;
|
||||
} catch (\Throwable $e) {
|
||||
$this->error("Failed to rotate PPSK \"{$ppsk->name}\": {$e->getMessage()}");
|
||||
$failedPpsks[] = ['name' => $ppsk->name, 'error' => $e->getMessage()];
|
||||
}
|
||||
}
|
||||
|
||||
$hasFailures = count($failedWlans) + count($failedPpsks) > 0;
|
||||
$hasSuccess = count($rotated) + count($rotatedPpsks) > 0;
|
||||
|
||||
return [
|
||||
'status' => $hasFailures ? ($hasSuccess ? 'partial' : 'failed') : 'succeeded',
|
||||
'rotated_wlans' => $rotated,
|
||||
'failed_wlans' => $failedWlans,
|
||||
'rotated_ppsks' => $rotatedPpsks,
|
||||
'failed_ppsks' => $failedPpsks,
|
||||
];
|
||||
});
|
||||
|
||||
return $run->status === 'failed' ? self::FAILURE : self::SUCCESS;
|
||||
}
|
||||
|
||||
private function isDue(): bool
|
||||
|
||||
@@ -3,65 +3,82 @@
|
||||
namespace Dashboard\Unifi\Console;
|
||||
|
||||
use App\Models\Setting;
|
||||
use Dashboard\Unifi\Models\UnifiCronRun;
|
||||
use Dashboard\Unifi\Models\UnifiPpsk;
|
||||
use Dashboard\Unifi\Services\UnifiApiClient;
|
||||
use Illuminate\Console\Command;
|
||||
|
||||
class SyncPpskSchedules extends Command
|
||||
{
|
||||
protected $signature = 'unifi:sync-ppsk-schedules {--force : Run even if PPSK scheduling is disabled}';
|
||||
protected $signature = 'unifi:sync-ppsk-schedules {--force : Run even if PPSK scheduling is disabled} {--triggered-by=schedule}';
|
||||
protected $description = 'Enable or disable PPSKs based on their weekly half-hour schedule, kicking active clients when disabling';
|
||||
|
||||
public function handle(UnifiApiClient $unifi): int
|
||||
{
|
||||
// Always run, even when global ppsk_scheduling is disabled — in
|
||||
// that case the target state for every PPSK is "active" (always
|
||||
// on). That way disabling the global setting actually restores
|
||||
// any held PPSKs to active without operators having to do
|
||||
// anything else, and null-schedule PPSKs always end up active.
|
||||
// Schedules in the DB are preserved regardless of toggle state,
|
||||
// so re-enabling resumes the per-PPSK schedule.
|
||||
$globalEnabled = (bool) Setting::get('unifi.ppsk_scheduling.enabled');
|
||||
|
||||
$tz = \App\Support\Timezone::current();
|
||||
$now = now($tz);
|
||||
$day = $now->dayOfWeek; // 0=Sun … 6=Sat
|
||||
$slot = $now->hour * 2 + ($now->minute >= 30 ? 1 : 0); // 0–47
|
||||
|
||||
$ppsks = UnifiPpsk::all();
|
||||
|
||||
if ($ppsks->isEmpty()) {
|
||||
// Don't bother logging — no work, no audit value.
|
||||
return self::SUCCESS;
|
||||
}
|
||||
|
||||
// Fetch network confs once so we can resolve vlan → networkconf_id on re-enable
|
||||
$networksByVlan = [];
|
||||
try {
|
||||
foreach ($unifi->getNetworkConfs() as $n) {
|
||||
if (isset($n['vlan'])) {
|
||||
$networksByVlan[(int) $n['vlan']] = $n;
|
||||
$triggeredBy = $this->option('triggered-by') ?: 'schedule';
|
||||
|
||||
$run = UnifiCronRun::record('sync-ppsk-schedules', $triggeredBy, null, function () use ($unifi, $ppsks) {
|
||||
$globalEnabled = (bool) Setting::get('unifi.ppsk_scheduling.enabled');
|
||||
$tz = \App\Support\Timezone::current();
|
||||
$now = now($tz);
|
||||
$day = $now->dayOfWeek;
|
||||
$slot = $now->hour * 2 + ($now->minute >= 30 ? 1 : 0);
|
||||
|
||||
$networksByVlan = [];
|
||||
try {
|
||||
foreach ($unifi->getNetworkConfs() as $n) {
|
||||
if (isset($n['vlan'])) {
|
||||
$networksByVlan[(int) $n['vlan']] = $n;
|
||||
}
|
||||
}
|
||||
} catch (\Throwable $e) {
|
||||
$this->warn("Could not fetch network configs: {$e->getMessage()}");
|
||||
}
|
||||
|
||||
$enabled = [];
|
||||
$disabled = [];
|
||||
$errors = [];
|
||||
|
||||
foreach ($ppsks as $ppsk) {
|
||||
$shouldBeOn = true;
|
||||
if ($globalEnabled && $ppsk->schedule) {
|
||||
$shouldBeOn = (bool) ($ppsk->schedule[$day * 48 + $slot] ?? true);
|
||||
}
|
||||
|
||||
try {
|
||||
if ($shouldBeOn && $ppsk->state === 'held') {
|
||||
$this->enablePpsk($ppsk, $unifi, $networksByVlan);
|
||||
$enabled[] = $ppsk->name;
|
||||
} elseif (! $shouldBeOn && $ppsk->state === 'active' && $ppsk->unifi_id) {
|
||||
$this->disablePpsk($ppsk, $unifi);
|
||||
$disabled[] = $ppsk->name;
|
||||
}
|
||||
} catch (\Throwable $e) {
|
||||
$errors[] = ['ppsk' => $ppsk->name, 'error' => $e->getMessage()];
|
||||
}
|
||||
}
|
||||
} catch (\Throwable $e) {
|
||||
$this->warn("Could not fetch network configs: {$e->getMessage()}");
|
||||
}
|
||||
|
||||
foreach ($ppsks as $ppsk) {
|
||||
// Default to "always on". Only consult the schedule if
|
||||
// global scheduling is enabled AND this PPSK has one.
|
||||
$shouldBeOn = true;
|
||||
if ($globalEnabled && $ppsk->schedule) {
|
||||
$shouldBeOn = (bool) ($ppsk->schedule[$day * 48 + $slot] ?? true);
|
||||
}
|
||||
$hasActions = count($enabled) + count($disabled) > 0;
|
||||
$status = count($errors) > 0
|
||||
? ($hasActions ? 'partial' : 'failed')
|
||||
: ($hasActions ? 'succeeded' : 'skipped');
|
||||
|
||||
if ($shouldBeOn && $ppsk->state === 'held') {
|
||||
$this->enablePpsk($ppsk, $unifi, $networksByVlan);
|
||||
} elseif (! $shouldBeOn && $ppsk->state === 'active' && $ppsk->unifi_id) {
|
||||
$this->disablePpsk($ppsk, $unifi);
|
||||
}
|
||||
}
|
||||
return [
|
||||
'status' => $status,
|
||||
'global_enabled' => $globalEnabled,
|
||||
'enabled_ppsks' => $enabled,
|
||||
'disabled_ppsks' => $disabled,
|
||||
'errors' => $errors,
|
||||
];
|
||||
});
|
||||
|
||||
return self::SUCCESS;
|
||||
return $run->status === 'failed' ? self::FAILURE : self::SUCCESS;
|
||||
}
|
||||
|
||||
private function enablePpsk(UnifiPpsk $ppsk, UnifiApiClient $unifi, array $networksByVlan): void
|
||||
|
||||
43
src/Http/Controllers/UnifiCronLogsController.php
Normal file
43
src/Http/Controllers/UnifiCronLogsController.php
Normal file
@@ -0,0 +1,43 @@
|
||||
<?php
|
||||
|
||||
namespace Dashboard\Unifi\Http\Controllers;
|
||||
|
||||
use Dashboard\Unifi\Models\UnifiCronRun;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Routing\Controller;
|
||||
|
||||
class UnifiCronLogsController extends Controller
|
||||
{
|
||||
public function index(Request $request)
|
||||
{
|
||||
$filters = $request->only(['command', 'status']);
|
||||
|
||||
$runs = UnifiCronRun::query()
|
||||
->with('triggeredByUser:id,name,email')
|
||||
->when($filters['command'] ?? null, fn ($q, $c) => $q->where('command', $c))
|
||||
->when($filters['status'] ?? null, fn ($q, $s) => $q->where('status', $s))
|
||||
->orderByDesc('started_at')
|
||||
->limit(200)
|
||||
->get();
|
||||
|
||||
return response()->json([
|
||||
'runs' => $runs->map(fn ($r) => [
|
||||
'id' => $r->id,
|
||||
'command' => $r->command,
|
||||
'triggered_by' => $r->triggered_by,
|
||||
'triggered_user' => $r->triggeredByUser ? [
|
||||
'id' => $r->triggeredByUser->id,
|
||||
'name' => $r->triggeredByUser->name,
|
||||
'email' => $r->triggeredByUser->email,
|
||||
] : null,
|
||||
'started_at' => $r->started_at?->toIso8601String(),
|
||||
'finished_at' => $r->finished_at?->toIso8601String(),
|
||||
'duration_ms' => $r->finished_at && $r->started_at
|
||||
? (int) $r->finished_at->diffInMilliseconds($r->started_at)
|
||||
: null,
|
||||
'status' => $r->status,
|
||||
'details' => $r->details,
|
||||
])->values(),
|
||||
]);
|
||||
}
|
||||
}
|
||||
@@ -34,6 +34,12 @@ class UnifiPagesAccessController extends Controller
|
||||
->get()
|
||||
->groupBy('nav_item_id');
|
||||
|
||||
// Only return users that ALREADY have grants. The full users list
|
||||
// can be enormous (thousands of rows); the operator adds more via
|
||||
// the searchUsers endpoint as needed.
|
||||
$grantedUserIds = $grants->flatten(1)->where('grantee_type', 'user')->pluck('grantee_id')->unique();
|
||||
$users = User::whereIn('id', $grantedUserIds)->orderBy('name')->get(['id', 'name', 'email']);
|
||||
|
||||
return response()->json([
|
||||
'pages' => $pages->map(fn ($p) => [
|
||||
'id' => $p->id,
|
||||
@@ -42,11 +48,34 @@ class UnifiPagesAccessController extends Controller
|
||||
'user_ids' => $grants->get($p->id, collect())->where('grantee_type', 'user')->pluck('grantee_id')->all(),
|
||||
'group_ids' => $grants->get($p->id, collect())->where('grantee_type', 'group')->pluck('grantee_id')->all(),
|
||||
])->values(),
|
||||
'users' => User::orderBy('name')->get(['id', 'name', 'email']),
|
||||
'users' => $users,
|
||||
'groups' => Group::orderBy('name')->get(['id', 'name', 'is_super']),
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Typeahead-style search for users to add to the access matrix.
|
||||
* Returns up to 20 matches against name or email. Empty query returns
|
||||
* an empty array — caller must enter at least 2 chars.
|
||||
*/
|
||||
public function searchUsers(Request $request)
|
||||
{
|
||||
$q = trim((string) $request->query('q', ''));
|
||||
if (strlen($q) < 2) {
|
||||
return response()->json(['users' => []]);
|
||||
}
|
||||
|
||||
$users = User::where(function ($w) use ($q) {
|
||||
$w->where('name', 'like', '%' . $q . '%')
|
||||
->orWhere('email', 'like', '%' . $q . '%');
|
||||
})
|
||||
->orderBy('name')
|
||||
->limit(20)
|
||||
->get(['id', 'name', 'email']);
|
||||
|
||||
return response()->json(['users' => $users]);
|
||||
}
|
||||
|
||||
public function update(Request $request, NavItem $navItem)
|
||||
{
|
||||
$app = DashboardApp::where('slug', 'unifi')->first();
|
||||
|
||||
@@ -31,10 +31,25 @@ class UnifiSettingsController extends Controller
|
||||
'rotationMinute' => (int) Setting::get('unifi.password_rotation.minute', 0),
|
||||
'rotationWordlist' => Setting::get('unifi.password_rotation.wordlist', ''),
|
||||
'rotationLastRotatedAt' => Setting::get('unifi.password_rotation.last_rotated_at', null),
|
||||
'rotationLastPassword' => Setting::get('unifi.password_rotation.last_password', null),
|
||||
'ppskSchedulingEnabled' => (bool) Setting::get('unifi.ppsk_scheduling.enabled', false),
|
||||
'apiToken' => Setting::get('unifi.api_token', null),
|
||||
]);
|
||||
}
|
||||
|
||||
public function regenerateApiToken()
|
||||
{
|
||||
$token = bin2hex(random_bytes(24));
|
||||
Setting::set('unifi.api_token', $token);
|
||||
return response()->json(['token' => $token]);
|
||||
}
|
||||
|
||||
public function clearApiToken()
|
||||
{
|
||||
Setting::set('unifi.api_token', '');
|
||||
return response()->json(['ok' => true]);
|
||||
}
|
||||
|
||||
public function update(Request $request)
|
||||
{
|
||||
$request->validate([
|
||||
|
||||
@@ -68,20 +68,49 @@ class WebhookController extends Controller
|
||||
|
||||
public function test(WebhookConfig $webhook)
|
||||
{
|
||||
$payload = [
|
||||
return $this->fireTest($webhook->url, $webhook->secret);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test an arbitrary URL+secret before the webhook is saved. Lets the
|
||||
* operator validate their endpoint from the form without first
|
||||
* committing a row.
|
||||
*/
|
||||
public function testUrl(Request $request)
|
||||
{
|
||||
$data = $request->validate([
|
||||
'url' => 'required|url|max:500',
|
||||
'secret' => 'nullable|string|max:255',
|
||||
]);
|
||||
return $this->fireTest($data['url'], $data['secret'] ?? null);
|
||||
}
|
||||
|
||||
private function fireTest(string $url, ?string $secret)
|
||||
{
|
||||
$message = '✅ Test webhook from ' . config('app.name') . ' — endpoint is reachable.';
|
||||
$genericPayload = [
|
||||
'event' => 'test',
|
||||
'timestamp' => now()->toIso8601String(),
|
||||
'data' => ['message' => 'This is a test webhook from ' . config('app.name')],
|
||||
'message' => $message,
|
||||
'data' => ['message' => $message],
|
||||
];
|
||||
// Shape the payload to match the target platform (Google Chat,
|
||||
// Slack, Discord, Teams) so the test exercises the same code
|
||||
// path real events use.
|
||||
$payload = \Dashboard\Unifi\Services\WebhookCheckService::buildPlatformPayload($url, $message, $genericPayload);
|
||||
|
||||
$headers = ['Content-Type' => 'application/json'];
|
||||
if ($webhook->secret) {
|
||||
$headers['X-Webhook-Signature'] = hash_hmac('sha256', json_encode($payload), $webhook->secret);
|
||||
if ($secret) {
|
||||
$headers['X-Webhook-Signature'] = hash_hmac('sha256', json_encode($payload), $secret);
|
||||
}
|
||||
|
||||
try {
|
||||
$response = \Illuminate\Support\Facades\Http::withHeaders($headers)->timeout(10)->post($webhook->url, $payload);
|
||||
return response()->json(['ok' => true, 'status' => $response->status()]);
|
||||
$response = \Illuminate\Support\Facades\Http::withHeaders($headers)->timeout(10)->post($url, $payload);
|
||||
return response()->json([
|
||||
'ok' => $response->successful(),
|
||||
'status' => $response->status(),
|
||||
'body' => mb_substr((string) $response->body(), 0, 500),
|
||||
]);
|
||||
} catch (\Throwable $e) {
|
||||
return response()->json(['ok' => false, 'error' => $e->getMessage()], 422);
|
||||
}
|
||||
|
||||
40
src/Http/Controllers/WifiApiController.php
Normal file
40
src/Http/Controllers/WifiApiController.php
Normal file
@@ -0,0 +1,40 @@
|
||||
<?php
|
||||
|
||||
namespace Dashboard\Unifi\Http\Controllers;
|
||||
|
||||
use App\Models\Setting;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Routing\Controller;
|
||||
|
||||
/**
|
||||
* Token-protected JSON endpoints for external integrations (signage,
|
||||
* kiosks, room displays, etc.) that need the current rotating WiFi
|
||||
* password without going through the dashboard UI.
|
||||
*/
|
||||
class WifiApiController extends Controller
|
||||
{
|
||||
public function currentPassword(Request $request)
|
||||
{
|
||||
$expected = Setting::get('unifi.api_token');
|
||||
if (! $expected) {
|
||||
return response()->json(['error' => 'API token not configured'], 503);
|
||||
}
|
||||
|
||||
$provided = $request->bearerToken() ?: $request->query('token');
|
||||
if (! $provided || ! hash_equals($expected, $provided)) {
|
||||
return response()->json(['error' => 'Unauthorized'], 401);
|
||||
}
|
||||
|
||||
$password = Setting::get('unifi.password_rotation.last_password');
|
||||
if (! $password) {
|
||||
return response()->json([
|
||||
'error' => 'No rotated password recorded yet — wait for the next scheduled rotation or run unifi:rotate-passwords --force.',
|
||||
], 404);
|
||||
}
|
||||
|
||||
return response()->json([
|
||||
'password' => $password,
|
||||
'rotated_at' => Setting::get('unifi.password_rotation.last_rotated_at'),
|
||||
]);
|
||||
}
|
||||
}
|
||||
@@ -291,11 +291,18 @@ class WifiController extends Controller
|
||||
fn ($v) => $v !== null
|
||||
);
|
||||
if (! empty($unifiUpdate)) {
|
||||
$unifi->updatePpsk($record->unifi_id, $unifiUpdate);
|
||||
if (str_starts_with($record->unifi_id, 'emb_') && isset($unifiUpdate['x_passphrase'])) {
|
||||
// Embedded PPSK update path — modify the WLAN's embedded array.
|
||||
$unifi->updateEmbeddedPpsk($record->wlan_id, $record->x_passphrase, $unifiUpdate['x_passphrase']);
|
||||
// Synthetic id is derived from the new passphrase.
|
||||
$data['unifi_id'] = 'emb_' . substr(hash('sha256', $record->wlan_id . ':' . $unifiUpdate['x_passphrase']), 0, 32);
|
||||
} else {
|
||||
$unifi->updatePpsk($record->unifi_id, $unifiUpdate);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$dbUpdate = array_intersect_key($data, array_flip(['name', 'x_passphrase']));
|
||||
$dbUpdate = array_intersect_key($data, array_flip(['name', 'x_passphrase', 'unifi_id']));
|
||||
// vlan can be explicitly set to null
|
||||
if (array_key_exists('vlan', $data)) $dbUpdate['vlan'] = $data['vlan'];
|
||||
if (! empty($dbUpdate)) $record->update($dbUpdate);
|
||||
|
||||
79
src/Models/UnifiCronRun.php
Normal file
79
src/Models/UnifiCronRun.php
Normal file
@@ -0,0 +1,79 @@
|
||||
<?php
|
||||
|
||||
namespace Dashboard\Unifi\Models;
|
||||
|
||||
use Illuminate\Database\Eloquent\Model;
|
||||
|
||||
class UnifiCronRun extends Model
|
||||
{
|
||||
protected $table = 'unifi_cron_runs';
|
||||
|
||||
public $timestamps = false;
|
||||
|
||||
protected $fillable = [
|
||||
'command',
|
||||
'triggered_by',
|
||||
'triggered_by_user_id',
|
||||
'started_at',
|
||||
'finished_at',
|
||||
'status',
|
||||
'details',
|
||||
];
|
||||
|
||||
protected $casts = [
|
||||
'started_at' => 'datetime',
|
||||
'finished_at' => 'datetime',
|
||||
'details' => 'array',
|
||||
];
|
||||
|
||||
public function triggeredByUser()
|
||||
{
|
||||
return $this->belongsTo(\App\Models\User::class, 'triggered_by_user_id');
|
||||
}
|
||||
|
||||
/**
|
||||
* Wraps a unit of cron work, recording start/finish/status and any
|
||||
* exception. Returns whatever the work returns; the resulting
|
||||
* UnifiCronRun row is returned via the $run reference param.
|
||||
*/
|
||||
public static function record(string $command, string $triggeredBy, ?int $userId, callable $work): self
|
||||
{
|
||||
$run = static::create([
|
||||
'command' => $command,
|
||||
'triggered_by' => $triggeredBy,
|
||||
'triggered_by_user_id' => $userId,
|
||||
'started_at' => now(),
|
||||
'status' => 'running',
|
||||
]);
|
||||
|
||||
try {
|
||||
$details = $work($run);
|
||||
|
||||
// Caller can return a status string ("skipped", "partial",
|
||||
// etc.) by sticking it under the 'status' key in details.
|
||||
// Default = succeeded.
|
||||
$status = is_array($details) && isset($details['status'])
|
||||
? $details['status']
|
||||
: 'succeeded';
|
||||
|
||||
$run->update([
|
||||
'finished_at' => now(),
|
||||
'status' => $status,
|
||||
'details' => is_array($details) ? array_diff_key($details, ['status' => null]) : null,
|
||||
]);
|
||||
} catch (\Throwable $e) {
|
||||
$run->update([
|
||||
'finished_at' => now(),
|
||||
'status' => 'failed',
|
||||
'details' => [
|
||||
'error' => $e->getMessage(),
|
||||
'class' => $e::class,
|
||||
'file' => $e->getFile() . ':' . $e->getLine(),
|
||||
],
|
||||
]);
|
||||
throw $e;
|
||||
}
|
||||
|
||||
return $run->refresh();
|
||||
}
|
||||
}
|
||||
@@ -496,6 +496,63 @@ class UnifiApiClient
|
||||
return $this->normalizePpsk(is_array($result) && isset($result[0]) ? $result : [$result]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Update an embedded PPSK (one that lives inside a WLAN's
|
||||
* private_preshared_keys array rather than as its own REST resource).
|
||||
*
|
||||
* Matching is done by current passphrase since embedded entries have
|
||||
* no controller-side ID. Only changes the entry's passphrase; name
|
||||
* isn't separately addressable on embedded PPSKs.
|
||||
*/
|
||||
public function updateEmbeddedPpsk(string $wlanId, string $oldPassphrase, string $newPassphrase): array
|
||||
{
|
||||
$wlanResp = $this->get("/rest/wlanconf/{$wlanId}");
|
||||
$wlan = $wlanResp[0] ?? $wlanResp;
|
||||
$entries = $wlan['private_preshared_keys'] ?? [];
|
||||
|
||||
if (! is_array($entries) || empty($entries)) {
|
||||
throw new \RuntimeException('WLAN has no embedded PPSKs to update.');
|
||||
}
|
||||
|
||||
$matched = false;
|
||||
foreach ($entries as &$e) {
|
||||
$current = $e['x_passphrase'] ?? $e['password'] ?? $e['passphrase'] ?? null;
|
||||
if ($current === $oldPassphrase) {
|
||||
// Preserve whichever field name the controller is using.
|
||||
if (array_key_exists('x_passphrase', $e)) $e['x_passphrase'] = $newPassphrase;
|
||||
if (array_key_exists('password', $e)) $e['password'] = $newPassphrase;
|
||||
if (array_key_exists('passphrase', $e)) $e['passphrase'] = $newPassphrase;
|
||||
// If none of the above existed, default to password (most common on embedded).
|
||||
if (! isset($e['x_passphrase']) && ! isset($e['password']) && ! isset($e['passphrase'])) {
|
||||
$e['password'] = $newPassphrase;
|
||||
}
|
||||
$matched = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
unset($e);
|
||||
|
||||
if (! $matched) {
|
||||
throw new \RuntimeException('Embedded PPSK not found by current passphrase.');
|
||||
}
|
||||
|
||||
// UniFi REST expects the full WLAN object on PUT — send what we
|
||||
// got back, with the mutated PPSK array.
|
||||
$payload = $wlan;
|
||||
$payload['private_preshared_keys'] = $entries;
|
||||
// Strip internal fields the controller rejects on PUT.
|
||||
unset($payload['_id'], $payload['site_id']);
|
||||
|
||||
$this->put("/rest/wlanconf/{$wlanId}", $payload);
|
||||
|
||||
// Return a normalized record so callers can read the new state.
|
||||
return $this->normalizePpsk([[
|
||||
'_id' => 'emb_' . substr(hash('sha256', $wlanId . ':' . $newPassphrase), 0, 32),
|
||||
'wlan_id' => $wlanId,
|
||||
'x_passphrase' => $newPassphrase,
|
||||
]]);
|
||||
}
|
||||
|
||||
public function deletePpsk(string $ppskId): void
|
||||
{
|
||||
// Try v2 hotspot endpoint first
|
||||
|
||||
@@ -581,10 +581,19 @@ class WebhookCheckService
|
||||
|
||||
private function formatPayloadForPlatform(string $url, string $message, array $fullPayload): array
|
||||
{
|
||||
if (str_contains($url, 'chat.googleapis.com')) return ['text' => $message];
|
||||
if (str_contains($url, 'hooks.slack.com')) return ['text' => $message];
|
||||
if (str_contains($url, 'discord.com/api/webhooks')) return ['content' => $message];
|
||||
if (str_contains($url, 'webhook.office.com') || str_contains($url, 'workflows.office.com')) return ['text' => $message];
|
||||
return self::buildPlatformPayload($url, $message, $fullPayload);
|
||||
}
|
||||
|
||||
/**
|
||||
* Public/static helper so the test-webhook endpoint produces the
|
||||
* same per-platform payload shape that real events do.
|
||||
*/
|
||||
public static function buildPlatformPayload(string $url, string $message, array $fullPayload): array
|
||||
{
|
||||
if (str_contains($url, 'chat.googleapis.com')) return ['text' => $message];
|
||||
if (str_contains($url, 'hooks.slack.com')) return ['text' => $message];
|
||||
if (str_contains($url, 'discord.com/api/webhooks')) return ['content' => $message];
|
||||
if (str_contains($url, 'webhook.office.com') || str_contains($url, 'workflows.office.com')) return ['text' => $message];
|
||||
return $fullPayload;
|
||||
}
|
||||
|
||||
|
||||
@@ -4,10 +4,12 @@ use Dashboard\Unifi\Http\Controllers\ClientController;
|
||||
use Dashboard\Unifi\Http\Controllers\DeviceController;
|
||||
use Dashboard\Unifi\Http\Controllers\PortalController;
|
||||
use Dashboard\Unifi\Http\Controllers\StatsController;
|
||||
use Dashboard\Unifi\Http\Controllers\UnifiCronLogsController;
|
||||
use Dashboard\Unifi\Http\Controllers\UnifiPagesAccessController;
|
||||
use Dashboard\Unifi\Http\Controllers\UnifiSettingsController;
|
||||
use Dashboard\Unifi\Http\Controllers\VlanGroupController;
|
||||
use Dashboard\Unifi\Http\Controllers\WebhookController;
|
||||
use Dashboard\Unifi\Http\Controllers\WifiApiController;
|
||||
use Dashboard\Unifi\Http\Controllers\WifiController;
|
||||
use Illuminate\Support\Facades\Route;
|
||||
|
||||
@@ -74,19 +76,35 @@ Route::middleware(['web', 'auth', 'app.access:unifi'])
|
||||
// Page Access — super-admin only. Lists unifi pages and lets
|
||||
// operators assign per-page user/group grants.
|
||||
Route::middleware('super.admin')->group(function () {
|
||||
Route::get('/settings/pages-access', [UnifiPagesAccessController::class, 'index']) ->name('settings.pages-access.index');
|
||||
Route::put('/settings/pages-access/{navItem}', [UnifiPagesAccessController::class, 'update']) ->name('settings.pages-access.update');
|
||||
Route::get('/settings/pages-access', [UnifiPagesAccessController::class, 'index']) ->name('settings.pages-access.index');
|
||||
Route::get('/settings/pages-access/users/search', [UnifiPagesAccessController::class, 'searchUsers'])->name('settings.pages-access.users.search');
|
||||
Route::put('/settings/pages-access/{navItem}', [UnifiPagesAccessController::class, 'update']) ->name('settings.pages-access.update');
|
||||
});
|
||||
|
||||
// Webhooks
|
||||
Route::get('/webhooks', [WebhookController::class, 'index']) ->name('webhooks.index');
|
||||
Route::post('/webhooks', [WebhookController::class, 'store']) ->name('webhooks.store');
|
||||
Route::put('/webhooks/{webhook}', [WebhookController::class, 'update']) ->name('webhooks.update');
|
||||
Route::delete('/webhooks/{webhook}', [WebhookController::class, 'destroy'])->name('webhooks.destroy');
|
||||
Route::post('/webhooks/{webhook}/test', [WebhookController::class, 'test']) ->name('webhooks.test');
|
||||
// Cron logs — read-only history of scheduled-task runs.
|
||||
Route::get('/settings/cron-logs', [UnifiCronLogsController::class, 'index'])->name('settings.cron-logs.index');
|
||||
|
||||
// Webhooks — lives under /settings/* so it reads as a settings tab.
|
||||
Route::get('/settings/webhooks', [WebhookController::class, 'index']) ->name('webhooks.index');
|
||||
Route::post('/settings/webhooks', [WebhookController::class, 'store']) ->name('webhooks.store');
|
||||
Route::put('/settings/webhooks/{webhook}', [WebhookController::class, 'update']) ->name('webhooks.update');
|
||||
Route::delete('/settings/webhooks/{webhook}', [WebhookController::class, 'destroy'])->name('webhooks.destroy');
|
||||
Route::post('/settings/webhooks/{webhook}/test', [WebhookController::class, 'test']) ->name('webhooks.test');
|
||||
Route::post('/settings/webhooks/test-url', [WebhookController::class, 'testUrl'])->name('webhooks.test-url');
|
||||
|
||||
// API-token management
|
||||
Route::post('/settings/api-token/regenerate', [UnifiSettingsController::class, 'regenerateApiToken'])->name('settings.api-token.regenerate');
|
||||
Route::delete('/settings/api-token', [UnifiSettingsController::class, 'clearApiToken']) ->name('settings.api-token.clear');
|
||||
});
|
||||
});
|
||||
|
||||
// ── Public API (token-protected) ──────────────────────────────────────────
|
||||
// External integrations (signage, kiosks) hit these without session auth.
|
||||
Route::prefix('api/unifi')->name('unifi.api.')->group(function () {
|
||||
Route::get('/wifi/current-password', [WifiApiController::class, 'currentPassword'])
|
||||
->name('wifi.current-password');
|
||||
});
|
||||
|
||||
// ── Captive portal callback (public — user redirected here by UniFi) ─────
|
||||
Route::middleware(['web', 'auth'])
|
||||
->get('/portal/wifi/callback', [PortalController::class, 'captiveCallback'])
|
||||
|
||||
Reference in New Issue
Block a user