jwed
4b29f55518
* RotatePasswords now stores the active wordlist entry as
unifi.password_rotation.last_password whenever a whole-SSID rotation
succeeds. Per-PPSK rotation continues to store passwords on each
PPSK row as before.
* Settings → Tasks tab surfaces the current password in bold beneath
the wordlist textarea so operators can quickly check what's live.
* New JSON endpoint GET /api/unifi/wifi/current-password returns
{"password": "...", "rotated_at": "..."}. Protected by a token stored
in unifi.api_token — pass as Authorization: Bearer <token> or
?token=<token>. 401 on bad/missing token, 503 if no token is
configured, 404 if no rotation has happened yet.
* Settings page lets super-admins Generate / Regenerate / Clear the
token. Generated tokens are 48-char hex from bin2hex(random_bytes(24)).
* The endpoint lives outside the web/auth middleware so external
signage / kiosks can hit it without a session cookie.
v1.6.2.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
112 lines
8.7 KiB
PHP
112 lines
8.7 KiB
PHP
<?php
|
|
|
|
use Dashboard\Unifi\Http\Controllers\ClientController;
|
|
use Dashboard\Unifi\Http\Controllers\DeviceController;
|
|
use Dashboard\Unifi\Http\Controllers\PortalController;
|
|
use Dashboard\Unifi\Http\Controllers\StatsController;
|
|
use Dashboard\Unifi\Http\Controllers\UnifiCronLogsController;
|
|
use Dashboard\Unifi\Http\Controllers\UnifiPagesAccessController;
|
|
use Dashboard\Unifi\Http\Controllers\UnifiSettingsController;
|
|
use Dashboard\Unifi\Http\Controllers\VlanGroupController;
|
|
use Dashboard\Unifi\Http\Controllers\WebhookController;
|
|
use Dashboard\Unifi\Http\Controllers\WifiApiController;
|
|
use Dashboard\Unifi\Http\Controllers\WifiController;
|
|
use Illuminate\Support\Facades\Route;
|
|
|
|
Route::middleware(['web', 'auth', 'app.access:unifi'])
|
|
->prefix('app/network')
|
|
->name('unifi.')
|
|
->group(function () {
|
|
|
|
// ── Stats (read-only) ────────────────────────────────────────────────
|
|
Route::middleware('permission:unifi.stats')->group(function () {
|
|
Route::get('/', [StatsController::class, 'dashboard'])->name('dashboard');
|
|
Route::get('/fullscreen', [StatsController::class, 'dashboard'])->name('dashboard.fullscreen')->defaults('fullscreen', true);
|
|
Route::get('/wan-status', [StatsController::class, 'wanStatus'])->name('wan.status');
|
|
Route::get('/devices', [DeviceController::class, 'index']) ->name('devices');
|
|
Route::get('/clients', [ClientController::class, 'index']) ->name('clients');
|
|
Route::get('/client-dashboard', [StatsController::class, 'clientDashboard']) ->name('client.dashboard');
|
|
Route::get('/client-ap-traffic', [StatsController::class, 'clientApTraffic']) ->name('client.ap-traffic');
|
|
});
|
|
|
|
// ── Management (write access) ────────────────────────────────────────
|
|
Route::middleware('permission:unifi.manage')->group(function () {
|
|
// WiFi networks
|
|
Route::get('/wifi', [WifiController::class, 'index']) ->name('wifi');
|
|
Route::put('/wifi/{wlanId}', [WifiController::class, 'update']) ->name('wifi.update');
|
|
Route::post('/wifi/{wlanId}/toggle', [WifiController::class, 'toggle']) ->name('wifi.toggle');
|
|
Route::post('/wifi/groups', [WifiController::class, 'saveGroups']) ->name('wifi.groups');
|
|
|
|
// PPSK (per-WLAN pre-shared keys)
|
|
Route::get('/wifi/{wlanId}/ppsk', [WifiController::class, 'ppskIndex']) ->name('wifi.ppsk.index');
|
|
Route::post('/wifi/{wlanId}/ppsk', [WifiController::class, 'ppskStore']) ->name('wifi.ppsk.store');
|
|
Route::put('/wifi/{wlanId}/ppsk/{ppskId}', [WifiController::class, 'ppskUpdate']) ->name('wifi.ppsk.update');
|
|
Route::delete('/wifi/{wlanId}/ppsk/{ppskId}', [WifiController::class, 'ppskDestroy']) ->name('wifi.ppsk.destroy');
|
|
Route::put('/wifi/{wlanId}/ppsk/{ppskId}/schedule', [WifiController::class, 'ppskSchedule']) ->name('wifi.ppsk.schedule');
|
|
Route::patch('/wifi/{wlanId}/ppsk/{ppskId}/rotation',[WifiController::class, 'ppskToggleRotation'])->name('wifi.ppsk.rotation');
|
|
|
|
// Devices
|
|
Route::post('/devices/reboot', [DeviceController::class, 'reboot']) ->name('devices.reboot');
|
|
Route::post('/clients/kick', [ClientController::class, 'kick']) ->name('clients.kick');
|
|
});
|
|
|
|
// ── Portal auth ──────────────────────────────────────────────────────
|
|
Route::middleware('permission:unifi.auth')->group(function () {
|
|
Route::get('/portal', [PortalController::class, 'settings']) ->name('portal.settings');
|
|
Route::post('/portal/mappings', [PortalController::class, 'storeMapping']) ->name('portal.mappings.store');
|
|
Route::put('/portal/mappings/{mapping}', [PortalController::class, 'updateMapping']) ->name('portal.mappings.update');
|
|
Route::delete('/portal/mappings/{mapping}', [PortalController::class, 'destroyMapping'])->name('portal.mappings.destroy');
|
|
Route::post('/portal/macs', [PortalController::class, 'storeMac']) ->name('portal.macs.store');
|
|
Route::delete('/portal/macs/{mac}', [PortalController::class, 'destroyMac']) ->name('portal.macs.destroy');
|
|
Route::post('/portal/sessions/{session}/disconnect', [PortalController::class, 'disconnectSession'])->name('portal.sessions.disconnect');
|
|
|
|
// VLAN Groups
|
|
Route::post('/portal/vlan-groups', [VlanGroupController::class, 'store']) ->name('portal.vlan-groups.store');
|
|
Route::put('/portal/vlan-groups/{vlanGroup}', [VlanGroupController::class, 'update']) ->name('portal.vlan-groups.update');
|
|
Route::delete('/portal/vlan-groups/{vlanGroup}', [VlanGroupController::class, 'destroy'])->name('portal.vlan-groups.destroy');
|
|
});
|
|
|
|
// ── Settings ─────────────────────────────────────────────────────────
|
|
Route::middleware('permission:unifi.settings')->group(function () {
|
|
Route::get('/settings', [UnifiSettingsController::class, 'edit']) ->name('settings');
|
|
Route::post('/settings', [UnifiSettingsController::class, 'update']) ->name('settings.update');
|
|
Route::post('/settings/test', [UnifiSettingsController::class, 'testConnection'])->name('settings.test');
|
|
Route::post('/settings/sites', [UnifiSettingsController::class, 'fetchSites']) ->name('settings.sites');
|
|
|
|
// Page Access — super-admin only. Lists unifi pages and lets
|
|
// operators assign per-page user/group grants.
|
|
Route::middleware('super.admin')->group(function () {
|
|
Route::get('/settings/pages-access', [UnifiPagesAccessController::class, 'index']) ->name('settings.pages-access.index');
|
|
Route::get('/settings/pages-access/users/search', [UnifiPagesAccessController::class, 'searchUsers'])->name('settings.pages-access.users.search');
|
|
Route::put('/settings/pages-access/{navItem}', [UnifiPagesAccessController::class, 'update']) ->name('settings.pages-access.update');
|
|
});
|
|
|
|
// Cron logs — read-only history of scheduled-task runs.
|
|
Route::get('/settings/cron-logs', [UnifiCronLogsController::class, 'index'])->name('settings.cron-logs.index');
|
|
|
|
// Webhooks — lives under /settings/* so it reads as a settings tab.
|
|
Route::get('/settings/webhooks', [WebhookController::class, 'index']) ->name('webhooks.index');
|
|
Route::post('/settings/webhooks', [WebhookController::class, 'store']) ->name('webhooks.store');
|
|
Route::put('/settings/webhooks/{webhook}', [WebhookController::class, 'update']) ->name('webhooks.update');
|
|
Route::delete('/settings/webhooks/{webhook}', [WebhookController::class, 'destroy'])->name('webhooks.destroy');
|
|
Route::post('/settings/webhooks/{webhook}/test', [WebhookController::class, 'test']) ->name('webhooks.test');
|
|
Route::post('/settings/webhooks/test-url', [WebhookController::class, 'testUrl'])->name('webhooks.test-url');
|
|
|
|
// API-token management
|
|
Route::post('/settings/api-token/regenerate', [UnifiSettingsController::class, 'regenerateApiToken'])->name('settings.api-token.regenerate');
|
|
Route::delete('/settings/api-token', [UnifiSettingsController::class, 'clearApiToken']) ->name('settings.api-token.clear');
|
|
});
|
|
});
|
|
|
|
// ── Public API (token-protected) ──────────────────────────────────────────
|
|
// External integrations (signage, kiosks) hit these without session auth.
|
|
Route::prefix('api/unifi')->name('unifi.api.')->group(function () {
|
|
Route::get('/wifi/current-password', [WifiApiController::class, 'currentPassword'])
|
|
->name('wifi.current-password');
|
|
});
|
|
|
|
// ── Captive portal callback (public — user redirected here by UniFi) ─────
|
|
Route::middleware(['web', 'auth'])
|
|
->get('/portal/wifi/callback', [PortalController::class, 'captiveCallback'])
|
|
->name('unifi.portal.callback');
|