Add web frontend with JWT auth, RBAC, SSE dashboard, and config editor

- FastAPI + htmx + Jinja2 web frontend, started with --web flag - JWT HS256 auth (WEB_SECRET_KEY) with httpOnly cookies; access (15 min) + refresh (7 day) tokens; refresh rotation + JTI revocation in data/web.db - RBAC: superadmin > admin > reader enforced per route - Live SSE dashboard fed by tui/events broadcast queue - Config editor: keyword groups and channel list saved to data/runtime_config.json and hot-reloaded in-process (scorer.reload_from_config, signal_channel_changed) - config.py migrated to load groups/channels from runtime_config.json; falls back to hardcoded defaults when file absent - tui/events.py: subscribe/unsubscribe broadcast, set_bot_context/signal_channel_changed - utils/scorer.py: import config as _config (fixes local binding); reload_from_config() - utils/database.py: count_by_severity, recent_for_domains, count_by_severity_for_domains - 53 new tests (events bus, JWT lifecycle, web DB CRUD, RBAC enforcement, config round-trip); total 141 passing
2026-04-02 11:41:46 -03:00
parent b28168c846
commit 4c104cddd2
32 changed files with 2093 additions and 47 deletions
--- a/web/templates/dashboard.html
+++ b/web/templates/dashboard.html
@@ -0,0 +1,64 @@
+{% extends "base.html" %}
+{% block title %}Dashboard — ULPgrammer{% endblock %}
+{% block content %}
+
+<div class="stats-bar"
+     hx-get="/api/stats"
+     hx-trigger="every 10s"
+     hx-swap="outerHTML">
+  <span class="stat critical">🔴 CRITICAL: {{ counts.CRITICAL }}</span>
+  <span class="stat high">🟠 HIGH: {{ counts.HIGH }}</span>
+  <span class="stat medium">🟡 MEDIUM: {{ counts.MEDIUM }}</span>
+  <span class="stat low">🟢 LOW: {{ counts.LOW }}</span>
+</div>
+
+{% if groups %}
+<div class="groups-bar">
+  <strong>Groups:</strong>
+  {% for g in groups %}
+  <a href="/dashboard/groups/{{ g.id }}" class="group-pill">{{ g.name }}</a>
+  {% endfor %}
+</div>
+{% endif %}
+
+<h2>Live feed</h2>
+<div id="hit-feed"
+     hx-ext="sse"
+     sse-connect="/api/stream"
+     sse-swap="hit"
+     hx-swap="afterbegin">
+  {% for hit in hits %}
+  <div class="hit-card sev-{{ hit.severity|lower }}">
+    <span class="sev-badge">{{ hit.severity }}</span>
+    <code class="raw">{{ hit.raw }}</code>
+    <span class="meta">{{ hit.source }} / {{ hit.filename }} — {{ hit.timestamp }}</span>
+    {% if hit.reasons %}
+    <ul class="reasons">{% for r in hit.reasons %}<li>{{ r }}</li>{% endfor %}</ul>
+    {% endif %}
+  </div>
+  {% endfor %}
+</div>
+
+<script>
+// SSE: inject new hit cards into #hit-feed
+document.body.addEventListener("htmx:sseMessage", function(e) {
+  if (e.detail.type !== "hit") return;
+  const data = JSON.parse(e.detail.data);
+  const feed = document.getElementById("hit-feed");
+  const card = document.createElement("div");
+  card.className = "hit-card sev-" + data.severity.toLowerCase();
+  card.innerHTML = `
+    <span class="sev-badge">${data.severity}</span>
+    <code class="raw">${escHtml(data.raw)}</code>
+    <span class="meta">${escHtml(data.source)} / ${escHtml(data.filename)}</span>
+    <ul class="reasons">${data.reasons.map(r => `<li>${escHtml(r)}</li>`).join("")}</ul>
+  `;
+  feed.prepend(card);
+});
+
+function escHtml(s) {
+  return String(s).replace(/[&<>"']/g, c => ({"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;"})[c]);
+}
+</script>
+
+{% endblock %}