hammy275 / comp-status Goto Github PK
View Code? Open in Web Editor NEWA set of programs to view the status and resource usage of computers.
License: GNU General Public License v3.0
A set of programs to view the status and resource usage of computers.
License: GNU General Public License v3.0
This issue is being opened even though the bug has already been patched.
Long story short, since implementing the authentication system, when central-server
would store the data associated with a computer as received from server
, it would also store that server
's token! A patch was released a couple hours earlier today, but the vulnerability itself was pretty bad; anyone with a valid login could use client
to obtain any token used by a server
!
Issue has been patched, this will be closed as soon as its opened.
With the DOCKERFILE (most likely) coming soon, it would be pretty nice to not have to launch a shell in the container to do first time setup.
As such, the web UI should present a first time setup if the database is not configured, and hasn't been previously configured.
API endpoints should be in /api/
, and have much more sensible names.
Attempt login if we have a perma token already from cookies.
To my knowledge, this is fixing a regression.
The colors for high CPU usage and such are reversed
Username + password gets permanent token. Permanent token retrieves 24 hour lasting tokens. 24 hour lasting tokens used for doing things. Both types are revokable.
Ping on boot. If it fails, ask for IP address. There should also be the ability to "lock" the IP address, so the prompt won't occur unless "settings.json" is deleted or corrupted, even if several pings fail.
Or at least a dark background, like seriously.
I'll probably make a simple username and password authentication. For both the server and client, a username and password is sent to the central-server
, which returns a token for future use.
Since I don't have the technical nor mathematical knowledge currently to create tokens that properly decrypt server-side, they will instead be a randomly generated string of characters, which expire when the central-server
shuts down.
No way I'm going to do this right, but there's a first time for everything.
On some systems, psutil.sensors_temperatures() won't return a coretemp, this needs to be accounted for.
Should hopefully lead to a much cleaner web UI.
If not specified, just send API requests to /endpoint.
Will be needed for #34.
Will probably stick with Bulma, just going to try to tune the dark mode to look nicer, and really polish out the layout of everything.
We should allow the removal of computers from the computer dictionary when they are offline (probably manually)
We should move everything to Local Storage. This way, we aren't sending the cookies to the server when the server doesn't even care about them.
The setTimeout
should only be setup once!
Permanent tokens are labeled the assigned user in the web UI. The same should be done for temporary tokens.
If a temporary-token expires through a central-server
restart, the web UI reports an invalid username/password. This needs to be replaced with an error stating the need to retrieve a temporary-token, or not displaying anything to the user.
Now that the API is refactored to make more sense (#40), some API docs should be made.
Add LICENSE information at the top of source files and stuff. Probably also add a copyright notice or something.
There are literally no instructions to set this up, they should be made and put on the Wiki!!
Turbo boost knowledge just doesn't work on Windows, so it should be hidden from view in the Web-UI, and not sent to the central-server by the server.
We should use a login page instead of a page to punch it in alongside computer information. Additionally, there should be a Navigation Bar at the top for navigating pages and showing the status that used to be in the status box.
Since permanent tokens literally last forever, we need to take some measures to prevent a giant amount of them from being generated. Ideas include:
A user should be a "computer user" (can only send data to central-server
), "regular user" (takes computer data from central-server
), or "both". This won't be a type thing, rather will use the permissions system
Items that come after the modal button will still be interactable and not be grayed out when bringing up a modal. This should seriously be fixed!
Currently, any information being sent to central-server
has to be a Python dict. This should be changed to JSON to make writing clients for languages other than Python easier.
Image of the UI on the README
Right now, comp-status
releases purely by commit. There needs to be releases!
In preparation for future use, a timestamp exists (and is sent to clients) of when the given server
information was generated. This should be used, changing the color of the name of the PC as the time gets older and older (specifying the time since last request if longer than 30 secs or a minute have passed).
Requires completion of #10
Usernames aren't passwords, they don't need to be case-sensitive.
This would require users to be able to delete their own tokens. Put simply, this would prevent tons of temporary tokens from polluting the list of tokens.
To prevent the server manager and the central-server itself from trying to compete over the database file, a lock should be implemented so both programs can't access it at the same time.
Need a new permission for this.
Would also be nice for server manager to have the ability to change permissions of users.
If one logs in without a custom IP, the custom IP field isn't cleared. This means on refresh, the site assumes that we DO want to use a custom IP if we ever used one in the past!
The original purpose of this project was to have an app that could allow monitoring of computer usage at a quick glance. Now that security is done with to the best of my abilities, it's time I get this done.
Central server needs some configuration options like a custom port!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.