vortex-5 / ddwrt-bwmon

An Individual Bandwidth Monitor For DD-WRT
171 stars 37 forks source link

Feature: Reset button #31

Closed valkala closed 8 years ago

valkala commented 8 years ago

I've been using the clean.sh to reset the counter which is great, however it would be even more great if not convenient to have that function serve as a button on the gui/monitoring page.

image

Thanks!

vortex-5 commented 8 years ago

Unless you are running the lighttpd version of the script there is no way to execute services on command of the client it will always be read only.

I put the script as an executable command in the webui.

Another reason for omitting it was that the page is unprotected so anyone in any household / business can just clear it whenever they like.

valkala commented 8 years ago

You're right, totally missed this part, and it works without logging in.

Realistically, if someone were to fork this, how complex would it be to add user authentication component? Is it possible to use current DDWRT authentication?

vortex-5 commented 8 years ago

If you're serving off lighttpd then you can add authentication realtively easy. If you want authentication in the user folder you need to instead of having an http page make an sh script to generate the HTML that DDWRT can run using the mypage api.

There was another tool that utilized this it was near impossible to maintain and created a lot of extra load for the router. This tool is technically an evolution of that solution.

for real authentication the router would have to act more like a server and for the simple router/user/*.html module I don't think it's capable of doing that.

For lighttpd since you effectively have php pages you can build an authentication mechanism.

I thought about building an "obscuring" layer aka a pincode or something to hide the actual UI until you "log in" where the user/pass are configured on the router itself but I realized that all the data would still be available and it would give an impression that the tool is secure when it really wasn't since any normal user can just specify the url for the resources and get access to the actual UI.

Additionally anyone can bring up F12 and edit the javascript values to let you in. When it comes to security it's better to not have a half measure since people are lead to believe things are more secure than they are and might do dangerous things like expose the ui over the WAN. I decided against having screen lock for this reason if people start requesting that feature I can ad one with the caveat that it only looks secure in reality the users still have access to all the data and can manipulate javascript state so you only can hide things from clueless users you should assume any savvy user has access to all the internal views and functions.

vortex-5 commented 8 years ago

Oh and if you want a simple reset button you can add /jffs/clean.sh to the custom scripts section of DDWRT and you can run it from the router. It has the benefit that it will require authentication through the router's own mechanism and it's a reasonable work around for now.

sparkym3 commented 8 years ago

I was about to ask for the same button, but I see the issue. I will most likely take your suggestion about the custom script and make that my monthly routine.

vortex-5 commented 8 years ago

I'm not going to exclude having a reset button but it will only be available on the lighttpd versions since that's the only one that supports running things when the user makes a request.