Files
server-manager/views/admin/security.php
Agent c3009fbbf7 Add views directory and UI improvements
- Add all view templates (servers, auth, dashboard, admin, layouts, errors, terminal)
- Fix SSH double decryption bug in SSHService
- Fix router parameter type casting for strict_types
- Add missing error views (401, 403, 404)
- Add nginx manager with file editing
- Add SSL certificates management
- Add database manager with phpMyAdmin-like interface
- Add sidebar server accordion
2026-06-06 17:59:13 -04:00

124 lines
5.2 KiB
PHP
Executable File

<div class="page-header">
<h1 class="page-title">Security Settings</h1>
<p class="page-subtitle">Configure security parameters and view status</p>
</div>
<div class="dashboard-grid">
<div class="dashboard-card">
<div class="card-header">
<h2><i class="fas fa-lock"></i> Encryption Status</h2>
</div>
<div class="card-body">
<div class="security-status">
<div class="security-item">
<span>Master Encryption Key</span>
<?php
$config = \ServerManager\Core\App::getConfig();
$keyConfigured = !empty($config['encryption']['master_key']) ||
(isset($config['encryption']['master_key_file']) && file_exists($config['encryption']['master_key_file']));
?>
<span class="badge badge-<?= $keyConfigured ? 'success' : 'danger' ?>">
<?= $keyConfigured ? 'Configured' : 'Not Configured' ?>
</span>
</div>
<div class="security-item">
<span>Password Hashing</span>
<span class="badge badge-success">Argon2id</span>
</div>
<div class="security-item">
<span>AES-256-CBC Encryption</span>
<span class="badge badge-success">Active</span>
</div>
<div class="security-item">
<span>Session Configuration</span>
<span class="badge badge-<?= $config['session']['secure'] ? 'success' : 'warning' ?>">
<?= $config['session']['secure'] ? 'Secure' : 'HTTP' ?>
</span>
</div>
</div>
</div>
</div>
<div class="dashboard-card">
<div class="card-header">
<h2><i class="fas fa-shield-alt"></i> Security Features</h2>
</div>
<div class="card-body">
<div class="security-status">
<div class="security-item">
<span>CSRF Protection</span>
<span class="badge badge-success">Enabled</span>
</div>
<div class="security-item">
<span>XSS Prevention</span>
<span class="badge badge-success">Enabled</span>
</div>
<div class="security-item">
<span>Rate Limiting</span>
<span class="badge badge-success">Enabled (<?= $config['rate_limit']['max_attempts'] ?> attempts/<?= $config['rate_limit']['decay_minutes'] ?>min)</span>
</div>
<div class="security-item">
<span>Input Validation</span>
<span class="badge badge-success">Enabled</span>
</div>
<div class="security-item">
<span>Audit Logging</span>
<span class="badge badge-success">Enabled</span>
</div>
<div class="security-item">
<span>Session Security</span>
<span class="badge badge-success">HTTP Only + SameSite</span>
</div>
<div class="security-item">
<span>API Authentication</span>
<span class="badge badge-success">Bearer Token</span>
</div>
</div>
</div>
</div>
<div class="dashboard-card">
<div class="card-header">
<h2><i class="fas fa-key"></i> Master Key Management</h2>
</div>
<div class="card-body">
<div class="alert alert-warning">
<i class="fas fa-exclamation-triangle"></i>
<strong>Important:</strong> The master encryption key is stored outside the database.
If lost, ALL encrypted SSH credentials will be unrecoverable.
</div>
<div class="form-group">
<label>Key File Location</label>
<code><?= htmlspecialchars($config['encryption']['master_key_file'] ?? '/etc/servermanager/master.key') ?></code>
</div>
<div class="form-actions" style="margin-top: 1rem;">
<button class="btn btn-warning" onclick="generateKey()">
<i class="fas fa-key"></i> Generate New Master Key
</button>
</div>
</div>
</div>
</div>
<script>
function generateKey() {
if (!confirm('WARNING: Generating a new master key will make all existing encrypted credentials UNREADABLE. ' +
'You will need to re-enter all SSH credentials. Continue?')) return;
fetch('/admin/security/generate-key', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]')?.content || '',
},
body: '_csrf_token=' + encodeURIComponent(document.querySelector('meta[name="csrf-token"]')?.content || ''),
})
.then(r => r.json())
.then(data => {
showToast(data.success ? 'success' : 'error', data.message);
});
}
</script>