- Add all view templates (servers, auth, dashboard, admin, layouts, errors, terminal) - Fix SSH double decryption bug in SSHService - Fix router parameter type casting for strict_types - Add missing error views (401, 403, 404) - Add nginx manager with file editing - Add SSL certificates management - Add database manager with phpMyAdmin-like interface - Add sidebar server accordion
124 lines
5.2 KiB
PHP
Executable File
124 lines
5.2 KiB
PHP
Executable File
<div class="page-header">
|
|
<h1 class="page-title">Security Settings</h1>
|
|
<p class="page-subtitle">Configure security parameters and view status</p>
|
|
</div>
|
|
|
|
<div class="dashboard-grid">
|
|
<div class="dashboard-card">
|
|
<div class="card-header">
|
|
<h2><i class="fas fa-lock"></i> Encryption Status</h2>
|
|
</div>
|
|
<div class="card-body">
|
|
<div class="security-status">
|
|
<div class="security-item">
|
|
<span>Master Encryption Key</span>
|
|
<?php
|
|
$config = \ServerManager\Core\App::getConfig();
|
|
$keyConfigured = !empty($config['encryption']['master_key']) ||
|
|
(isset($config['encryption']['master_key_file']) && file_exists($config['encryption']['master_key_file']));
|
|
?>
|
|
<span class="badge badge-<?= $keyConfigured ? 'success' : 'danger' ?>">
|
|
<?= $keyConfigured ? 'Configured' : 'Not Configured' ?>
|
|
</span>
|
|
</div>
|
|
<div class="security-item">
|
|
<span>Password Hashing</span>
|
|
<span class="badge badge-success">Argon2id</span>
|
|
</div>
|
|
<div class="security-item">
|
|
<span>AES-256-CBC Encryption</span>
|
|
<span class="badge badge-success">Active</span>
|
|
</div>
|
|
<div class="security-item">
|
|
<span>Session Configuration</span>
|
|
<span class="badge badge-<?= $config['session']['secure'] ? 'success' : 'warning' ?>">
|
|
<?= $config['session']['secure'] ? 'Secure' : 'HTTP' ?>
|
|
</span>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="dashboard-card">
|
|
<div class="card-header">
|
|
<h2><i class="fas fa-shield-alt"></i> Security Features</h2>
|
|
</div>
|
|
<div class="card-body">
|
|
<div class="security-status">
|
|
<div class="security-item">
|
|
<span>CSRF Protection</span>
|
|
<span class="badge badge-success">Enabled</span>
|
|
</div>
|
|
<div class="security-item">
|
|
<span>XSS Prevention</span>
|
|
<span class="badge badge-success">Enabled</span>
|
|
</div>
|
|
<div class="security-item">
|
|
<span>Rate Limiting</span>
|
|
<span class="badge badge-success">Enabled (<?= $config['rate_limit']['max_attempts'] ?> attempts/<?= $config['rate_limit']['decay_minutes'] ?>min)</span>
|
|
</div>
|
|
<div class="security-item">
|
|
<span>Input Validation</span>
|
|
<span class="badge badge-success">Enabled</span>
|
|
</div>
|
|
<div class="security-item">
|
|
<span>Audit Logging</span>
|
|
<span class="badge badge-success">Enabled</span>
|
|
</div>
|
|
<div class="security-item">
|
|
<span>Session Security</span>
|
|
<span class="badge badge-success">HTTP Only + SameSite</span>
|
|
</div>
|
|
<div class="security-item">
|
|
<span>API Authentication</span>
|
|
<span class="badge badge-success">Bearer Token</span>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="dashboard-card">
|
|
<div class="card-header">
|
|
<h2><i class="fas fa-key"></i> Master Key Management</h2>
|
|
</div>
|
|
<div class="card-body">
|
|
<div class="alert alert-warning">
|
|
<i class="fas fa-exclamation-triangle"></i>
|
|
<strong>Important:</strong> The master encryption key is stored outside the database.
|
|
If lost, ALL encrypted SSH credentials will be unrecoverable.
|
|
</div>
|
|
|
|
<div class="form-group">
|
|
<label>Key File Location</label>
|
|
<code><?= htmlspecialchars($config['encryption']['master_key_file'] ?? '/etc/servermanager/master.key') ?></code>
|
|
</div>
|
|
|
|
<div class="form-actions" style="margin-top: 1rem;">
|
|
<button class="btn btn-warning" onclick="generateKey()">
|
|
<i class="fas fa-key"></i> Generate New Master Key
|
|
</button>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<script>
|
|
function generateKey() {
|
|
if (!confirm('WARNING: Generating a new master key will make all existing encrypted credentials UNREADABLE. ' +
|
|
'You will need to re-enter all SSH credentials. Continue?')) return;
|
|
|
|
fetch('/admin/security/generate-key', {
|
|
method: 'POST',
|
|
headers: {
|
|
'Content-Type': 'application/x-www-form-urlencoded',
|
|
'X-CSRF-Token': document.querySelector('meta[name="csrf-token"]')?.content || '',
|
|
},
|
|
body: '_csrf_token=' + encodeURIComponent(document.querySelector('meta[name="csrf-token"]')?.content || ''),
|
|
})
|
|
.then(r => r.json())
|
|
.then(data => {
|
|
showToast(data.success ? 'success' : 'error', data.message);
|
|
});
|
|
}
|
|
</script>
|