Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| c89adeea97 | |||
| 8f51be8515 | |||
| 0490a1220b |
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "dashboard/unifi",
|
||||
"description": "UniFi network management, WiFi stats, and captive portal authentication for the Dashboard platform",
|
||||
"version": "1.5.1",
|
||||
"version": "1.5.4",
|
||||
"type": "library",
|
||||
"license": "MIT",
|
||||
"autoload": {
|
||||
|
||||
@@ -0,0 +1,32 @@
|
||||
<?php
|
||||
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
|
||||
return new class extends Migration
|
||||
{
|
||||
public function up(): void
|
||||
{
|
||||
Schema::table('unifi_webhook_configs', function (Blueprint $table) {
|
||||
if (! Schema::hasColumn('unifi_webhook_configs', 'tracked_clients')) {
|
||||
$table->json('tracked_clients')->nullable()->after('device_filter');
|
||||
}
|
||||
if (! Schema::hasColumn('unifi_webhook_configs', 'templates')) {
|
||||
$table->json('templates')->nullable()->after('tracked_clients');
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
public function down(): void
|
||||
{
|
||||
Schema::table('unifi_webhook_configs', function (Blueprint $table) {
|
||||
if (Schema::hasColumn('unifi_webhook_configs', 'templates')) {
|
||||
$table->dropColumn('templates');
|
||||
}
|
||||
if (Schema::hasColumn('unifi_webhook_configs', 'tracked_clients')) {
|
||||
$table->dropColumn('tracked_clients');
|
||||
}
|
||||
});
|
||||
}
|
||||
};
|
||||
@@ -32,9 +32,16 @@ class RotatePasswords extends Command
|
||||
$run = UnifiCronRun::record('rotate-passwords', $triggeredBy, null, function () use ($unifi, $force) {
|
||||
$wlanIdsJson = Setting::get('unifi.password_rotation.wlan_ids', '[]');
|
||||
$wlanIds = json_decode($wlanIdsJson, true);
|
||||
if (! is_array($wlanIds)) $wlanIds = [];
|
||||
|
||||
if (empty($wlanIds) || ! is_array($wlanIds)) {
|
||||
return ['status' => 'skipped', 'reason' => 'no SSIDs configured for rotation'];
|
||||
$ppskQuery = UnifiPpsk::where('rotate_password', true)
|
||||
->where('state', 'active')
|
||||
->whereNotNull('unifi_id');
|
||||
|
||||
// Skip only if there's nothing at all to rotate — neither
|
||||
// whole-SSID rotation targets nor per-PPSK rotation opt-ins.
|
||||
if (empty($wlanIds) && ! $ppskQuery->exists()) {
|
||||
return ['status' => 'skipped', 'reason' => 'no SSIDs or PPSKs configured for rotation'];
|
||||
}
|
||||
|
||||
$wordlist = Setting::get('unifi.password_rotation.wordlist', '');
|
||||
@@ -66,7 +73,7 @@ class RotatePasswords extends Command
|
||||
|
||||
$rotatedPpsks = [];
|
||||
$failedPpsks = [];
|
||||
foreach (UnifiPpsk::where('rotate_password', true)->where('state', 'active')->whereNotNull('unifi_id')->get() as $ppsk) {
|
||||
foreach ($ppskQuery->get() as $ppsk) {
|
||||
$newPass = $passwords[array_rand($passwords)];
|
||||
try {
|
||||
$unifi->updatePpsk($ppsk->unifi_id, ['x_passphrase' => $newPass]);
|
||||
|
||||
@@ -34,6 +34,12 @@ class UnifiPagesAccessController extends Controller
|
||||
->get()
|
||||
->groupBy('nav_item_id');
|
||||
|
||||
// Only return users that ALREADY have grants. The full users list
|
||||
// can be enormous (thousands of rows); the operator adds more via
|
||||
// the searchUsers endpoint as needed.
|
||||
$grantedUserIds = $grants->flatten(1)->where('grantee_type', 'user')->pluck('grantee_id')->unique();
|
||||
$users = User::whereIn('id', $grantedUserIds)->orderBy('name')->get(['id', 'name', 'email']);
|
||||
|
||||
return response()->json([
|
||||
'pages' => $pages->map(fn ($p) => [
|
||||
'id' => $p->id,
|
||||
@@ -42,11 +48,34 @@ class UnifiPagesAccessController extends Controller
|
||||
'user_ids' => $grants->get($p->id, collect())->where('grantee_type', 'user')->pluck('grantee_id')->all(),
|
||||
'group_ids' => $grants->get($p->id, collect())->where('grantee_type', 'group')->pluck('grantee_id')->all(),
|
||||
])->values(),
|
||||
'users' => User::orderBy('name')->get(['id', 'name', 'email']),
|
||||
'users' => $users,
|
||||
'groups' => Group::orderBy('name')->get(['id', 'name', 'is_super']),
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Typeahead-style search for users to add to the access matrix.
|
||||
* Returns up to 20 matches against name or email. Empty query returns
|
||||
* an empty array — caller must enter at least 2 chars.
|
||||
*/
|
||||
public function searchUsers(Request $request)
|
||||
{
|
||||
$q = trim((string) $request->query('q', ''));
|
||||
if (strlen($q) < 2) {
|
||||
return response()->json(['users' => []]);
|
||||
}
|
||||
|
||||
$users = User::where(function ($w) use ($q) {
|
||||
$w->where('name', 'like', '%' . $q . '%')
|
||||
->orWhere('email', 'like', '%' . $q . '%');
|
||||
})
|
||||
->orderBy('name')
|
||||
->limit(20)
|
||||
->get(['id', 'name', 'email']);
|
||||
|
||||
return response()->json(['users' => $users]);
|
||||
}
|
||||
|
||||
public function update(Request $request, NavItem $navItem)
|
||||
{
|
||||
$app = DashboardApp::where('slug', 'unifi')->first();
|
||||
|
||||
@@ -67,6 +67,25 @@ class WebhookController extends Controller
|
||||
}
|
||||
|
||||
public function test(WebhookConfig $webhook)
|
||||
{
|
||||
return $this->fireTest($webhook->url, $webhook->secret);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test an arbitrary URL+secret before the webhook is saved. Lets the
|
||||
* operator validate their endpoint from the form without first
|
||||
* committing a row.
|
||||
*/
|
||||
public function testUrl(Request $request)
|
||||
{
|
||||
$data = $request->validate([
|
||||
'url' => 'required|url|max:500',
|
||||
'secret' => 'nullable|string|max:255',
|
||||
]);
|
||||
return $this->fireTest($data['url'], $data['secret'] ?? null);
|
||||
}
|
||||
|
||||
private function fireTest(string $url, ?string $secret)
|
||||
{
|
||||
$payload = [
|
||||
'event' => 'test',
|
||||
@@ -75,13 +94,17 @@ class WebhookController extends Controller
|
||||
];
|
||||
|
||||
$headers = ['Content-Type' => 'application/json'];
|
||||
if ($webhook->secret) {
|
||||
$headers['X-Webhook-Signature'] = hash_hmac('sha256', json_encode($payload), $webhook->secret);
|
||||
if ($secret) {
|
||||
$headers['X-Webhook-Signature'] = hash_hmac('sha256', json_encode($payload), $secret);
|
||||
}
|
||||
|
||||
try {
|
||||
$response = \Illuminate\Support\Facades\Http::withHeaders($headers)->timeout(10)->post($webhook->url, $payload);
|
||||
return response()->json(['ok' => true, 'status' => $response->status()]);
|
||||
$response = \Illuminate\Support\Facades\Http::withHeaders($headers)->timeout(10)->post($url, $payload);
|
||||
return response()->json([
|
||||
'ok' => $response->successful(),
|
||||
'status' => $response->status(),
|
||||
'body' => mb_substr((string) $response->body(), 0, 500),
|
||||
]);
|
||||
} catch (\Throwable $e) {
|
||||
return response()->json(['ok' => false, 'error' => $e->getMessage()], 422);
|
||||
}
|
||||
|
||||
@@ -75,19 +75,21 @@ Route::middleware(['web', 'auth', 'app.access:unifi'])
|
||||
// Page Access — super-admin only. Lists unifi pages and lets
|
||||
// operators assign per-page user/group grants.
|
||||
Route::middleware('super.admin')->group(function () {
|
||||
Route::get('/settings/pages-access', [UnifiPagesAccessController::class, 'index']) ->name('settings.pages-access.index');
|
||||
Route::put('/settings/pages-access/{navItem}', [UnifiPagesAccessController::class, 'update']) ->name('settings.pages-access.update');
|
||||
Route::get('/settings/pages-access', [UnifiPagesAccessController::class, 'index']) ->name('settings.pages-access.index');
|
||||
Route::get('/settings/pages-access/users/search', [UnifiPagesAccessController::class, 'searchUsers'])->name('settings.pages-access.users.search');
|
||||
Route::put('/settings/pages-access/{navItem}', [UnifiPagesAccessController::class, 'update']) ->name('settings.pages-access.update');
|
||||
});
|
||||
|
||||
// Cron logs — read-only history of scheduled-task runs.
|
||||
Route::get('/settings/cron-logs', [UnifiCronLogsController::class, 'index'])->name('settings.cron-logs.index');
|
||||
|
||||
// Webhooks
|
||||
Route::get('/webhooks', [WebhookController::class, 'index']) ->name('webhooks.index');
|
||||
Route::post('/webhooks', [WebhookController::class, 'store']) ->name('webhooks.store');
|
||||
Route::put('/webhooks/{webhook}', [WebhookController::class, 'update']) ->name('webhooks.update');
|
||||
Route::delete('/webhooks/{webhook}', [WebhookController::class, 'destroy'])->name('webhooks.destroy');
|
||||
Route::post('/webhooks/{webhook}/test', [WebhookController::class, 'test']) ->name('webhooks.test');
|
||||
// Webhooks — lives under /settings/* so it reads as a settings tab.
|
||||
Route::get('/settings/webhooks', [WebhookController::class, 'index']) ->name('webhooks.index');
|
||||
Route::post('/settings/webhooks', [WebhookController::class, 'store']) ->name('webhooks.store');
|
||||
Route::put('/settings/webhooks/{webhook}', [WebhookController::class, 'update']) ->name('webhooks.update');
|
||||
Route::delete('/settings/webhooks/{webhook}', [WebhookController::class, 'destroy'])->name('webhooks.destroy');
|
||||
Route::post('/settings/webhooks/{webhook}/test', [WebhookController::class, 'test']) ->name('webhooks.test');
|
||||
Route::post('/settings/webhooks/test-url', [WebhookController::class, 'testUrl'])->name('webhooks.test-url');
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user