mabdalla/sawa-control-panel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

FEAT(init): initial commit v1.0.0 - Sawa Control Panel

Browse source
This commit is contained in:
mmabdalla 2026-03-14 05:32:37 +02:00
commit c57a6ac172
55 changed files with 10240 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.env.example Normal file
View file

@ -0,0 +1,2 @@
SERVER_IP=10.0.0.10
NGINX_CONF_D=/etc/nginx/conf.d

9
.gitignore vendored Normal file
View file

@ -0,0 +1,9 @@
node_modules/
dist/
certs/*.key
certs/*.crt
certs/*.p12
certs/*.srl
certs/*.csr
.env
*.local

18
CHANGELOG.md Normal file
View file

@ -0,0 +1,18 @@
# Changelog
All changes follow [Keep a Changelog](https://keepachangelog.com)
and [SemVer](https://semver.org) versioning.
Format: MAJOR.MINOR.PATCH
- MAJOR: breaking changes
- MINOR: new features (backward compatible)
- PATCH: bug fixes
## [1.0.0] - 2026-03-14
### Added
- Phase 1: Service control dashboard with mTLS auth
- Phase 2: System monitoring (CPU, RAM, disk, uptime)
- Phase 3: Virtual host management
- Phase 4: UI redesign - sidebar, header, service detail pages
- Phase 5: App Market with recipe-based one-click installs
- Forgejo recipe (Go binary, PostgreSQL, PM2, nginx)
- pgAdmin recipe (Python/pip, nginx, no-auth mode)

15
CONTRIBUTING.md Normal file
View file

@ -0,0 +1,15 @@
# Contributing
We use semantic commit messages to track changes.
FEAT: new feature
FIX: bug fix
PATCH: small fix/tweak
DOCS: documentation only
REFACTOR: code change, no feature/fix
SECURITY: security fix
BREAKING: breaking change (bumps MAJOR)
Format: TYPE(scope): description
Example: FEAT(appmarket): add phpMyAdmin recipe
Example: FIX(auth): resolve mTLS handshake issue

35
backend/index.js Normal file
View file

@ -0,0 +1,35 @@
const express = require('express');
const servicesRouter = require('./routes/services');
const systemRouter = require('./routes/system');
const vhostsRouter = require('./routes/vhosts');
const appsRouter = require('./routes/apps');
const app = express();
app.use(express.json());
// Mount routers under the API version prefix
app.use('/api/v1/services', servicesRouter);
app.use('/api/v1/system', systemRouter);
app.use('/api/v1/vhosts', vhostsRouter);
app.use('/api/v1/apps', appsRouter);
// Fallback JSON handling for 404
app.use((req, res) => {
res.status(404).json({ error: 'Endpoint not found' });
});
// Fallback JSON handling for errors
app.use((err, req, res, next) => {
console.error(err.stack);
res.status(500).json({ error: 'Internal server error' });
});
// Load the configuration from environment mapping
const port = process.env.PORT || 3001;
// Only bind to localhost for security as per the docs
app.listen(port, '127.0.0.1', () => {
console.log(`Backend API listening on 127.0.0.1:${port}`);
});

827
backend/package-lock.json generated Normal file
View file

@ -0,0 +1,827 @@
{
"name": "backend",
"version": "1.0.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "backend",
"version": "1.0.0",
"license": "ISC",
"dependencies": {
"express": "^5.2.1"
}
},
"node_modules/accepts": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/accepts/-/accepts-2.0.0.tgz",
"integrity": "sha512-5cvg6CtKwfgdmVqY1WIiXKc3Q1bkRqGLi+2W/6ao+6Y7gu/RCwRuAhGEzh5B4KlszSuTLgZYuqFqo5bImjNKng==",
"license": "MIT",
"dependencies": {
"mime-types": "^3.0.0",
"negotiator": "^1.0.0"
},
"engines": {
"node": ">= 0.6"
}
},
"node_modules/body-parser": {
"version": "2.2.2",
"resolved": "https://registry.npmjs.org/body-parser/-/body-parser-2.2.2.tgz",
"integrity": "sha512-oP5VkATKlNwcgvxi0vM0p/D3n2C3EReYVX+DNYs5TjZFn/oQt2j+4sVJtSMr18pdRr8wjTcBl6LoV+FUwzPmNA==",
"license": "MIT",
"dependencies": {
"bytes": "^3.1.2",
"content-type": "^1.0.5",
"debug": "^4.4.3",
"http-errors": "^2.0.0",
"iconv-lite": "^0.7.0",
"on-finished": "^2.4.1",
"qs": "^6.14.1",
"raw-body": "^3.0.1",
"type-is": "^2.0.1"
},
"engines": {
"node": ">=18"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/express"
}
},
"node_modules/bytes": {
"version": "3.1.2",
"resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
"integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==",
"license": "MIT",
"engines": {
"node": ">= 0.8"
}
},
"node_modules/call-bind-apply-helpers": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
"integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==",
"license": "MIT",
"dependencies": {
"es-errors": "^1.3.0",
"function-bind": "^1.1.2"
},
"engines": {
"node": ">= 0.4"
}
},
"node_modules/call-bound": {
"version": "1.0.4",
"resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz",
"integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==",
"license": "MIT",
"dependencies": {
"call-bind-apply-helpers": "^1.0.2",
"get-intrinsic": "^1.3.0"
},
"engines": {
"node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/content-disposition": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-1.0.1.tgz",
"integrity": "sha512-oIXISMynqSqm241k6kcQ5UwttDILMK4BiurCfGEREw6+X9jkkpEe5T9FZaApyLGGOnFuyMWZpdolTXMtvEJ08Q==",
"license": "MIT",
"engines": {
"node": ">=18"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/express"
}
},
"node_modules/content-type": {
"version": "1.0.5",
"resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
"integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==",
"license": "MIT",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/cookie": {
"version": "0.7.2",
"resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
"integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
"license": "MIT",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/cookie-signature": {
"version": "1.2.2",
"resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.2.tgz",
"integrity": "sha512-D76uU73ulSXrD1UXF4KE2TMxVVwhsnCgfAyTg9k8P6KGZjlXKrOLe4dJQKI3Bxi5wjesZoFXJWElNWBjPZMbhg==",
"license": "MIT",
"engines": {
"node": ">=6.6.0"
}
},
"node_modules/debug": {
"version": "4.4.3",
"resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
"integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
"license": "MIT",
"dependencies": {
"ms": "^2.1.3"
},
"engines": {
"node": ">=6.0"
},
"peerDependenciesMeta": {
"supports-color": {
"optional": true
}
}
},
"node_modules/depd": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
"integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==",
"license": "MIT",
"engines": {
"node": ">= 0.8"
}
},
"node_modules/dunder-proto": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
"integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==",
"license": "MIT",
"dependencies": {
"call-bind-apply-helpers": "^1.0.1",
"es-errors": "^1.3.0",
"gopd": "^1.2.0"
},
"engines": {
"node": ">= 0.4"
}
},
"node_modules/ee-first": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
"integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==",
"license": "MIT"
},
"node_modules/encodeurl": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
"integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==",
"license": "MIT",
"engines": {
"node": ">= 0.8"
}
},
"node_modules/es-define-property": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz",
"integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==",
"license": "MIT",
"engines": {
"node": ">= 0.4"
}
},
"node_modules/es-errors": {
"version": "1.3.0",
"resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
"integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
"license": "MIT",
"engines": {
"node": ">= 0.4"
}
},
"node_modules/es-object-atoms": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz",
"integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==",
"license": "MIT",
"dependencies": {
"es-errors": "^1.3.0"
},
"engines": {
"node": ">= 0.4"
}
},
"node_modules/escape-html": {
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
"integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==",
"license": "MIT"
},
"node_modules/etag": {
"version": "1.8.1",
"resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
"integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==",
"license": "MIT",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/express": {
"version": "5.2.1",
"resolved": "https://registry.npmjs.org/express/-/express-5.2.1.tgz",
"integrity": "sha512-hIS4idWWai69NezIdRt2xFVofaF4j+6INOpJlVOLDO8zXGpUVEVzIYk12UUi2JzjEzWL3IOAxcTubgz9Po0yXw==",
"license": "MIT",
"dependencies": {
"accepts": "^2.0.0",
"body-parser": "^2.2.1",
"content-disposition": "^1.0.0",
"content-type": "^1.0.5",
"cookie": "^0.7.1",
"cookie-signature": "^1.2.1",
"debug": "^4.4.0",
"depd": "^2.0.0",
"encodeurl": "^2.0.0",
"escape-html": "^1.0.3",
"etag": "^1.8.1",
"finalhandler": "^2.1.0",
"fresh": "^2.0.0",
"http-errors": "^2.0.0",
"merge-descriptors": "^2.0.0",
"mime-types": "^3.0.0",
"on-finished": "^2.4.1",
"once": "^1.4.0",
"parseurl": "^1.3.3",
"proxy-addr": "^2.0.7",
"qs": "^6.14.0",
"range-parser": "^1.2.1",
"router": "^2.2.0",
"send": "^1.1.0",
"serve-static": "^2.2.0",
"statuses": "^2.0.1",
"type-is": "^2.0.1",
"vary": "^1.1.2"
},
"engines": {
"node": ">= 18"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/express"
}
},
"node_modules/finalhandler": {
"version": "2.1.1",
"resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-2.1.1.tgz",
"integrity": "sha512-S8KoZgRZN+a5rNwqTxlZZePjT/4cnm0ROV70LedRHZ0p8u9fRID0hJUZQpkKLzro8LfmC8sx23bY6tVNxv8pQA==",
"license": "MIT",
"dependencies": {
"debug": "^4.4.0",
"encodeurl": "^2.0.0",
"escape-html": "^1.0.3",
"on-finished": "^2.4.1",
"parseurl": "^1.3.3",
"statuses": "^2.0.1"
},
"engines": {
"node": ">= 18.0.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/express"
}
},
"node_modules/forwarded": {
"version": "0.2.0",
"resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
"integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==",
"license": "MIT",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/fresh": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/fresh/-/fresh-2.0.0.tgz",
"integrity": "sha512-Rx/WycZ60HOaqLKAi6cHRKKI7zxWbJ31MhntmtwMoaTeF7XFH9hhBp8vITaMidfljRQ6eYWCKkaTK+ykVJHP2A==",
"license": "MIT",
"engines": {
"node": ">= 0.8"
}
},
"node_modules/function-bind": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
"integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
"license": "MIT",
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/get-intrinsic": {
"version": "1.3.0",
"resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz",
"integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==",
"license": "MIT",
"dependencies": {
"call-bind-apply-helpers": "^1.0.2",
"es-define-property": "^1.0.1",
"es-errors": "^1.3.0",
"es-object-atoms": "^1.1.1",
"function-bind": "^1.1.2",
"get-proto": "^1.0.1",
"gopd": "^1.2.0",
"has-symbols": "^1.1.0",
"hasown": "^2.0.2",
"math-intrinsics": "^1.1.0"
},
"engines": {
"node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/get-proto": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz",
"integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==",
"license": "MIT",
"dependencies": {
"dunder-proto": "^1.0.1",
"es-object-atoms": "^1.0.0"
},
"engines": {
"node": ">= 0.4"
}
},
"node_modules/gopd": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
"integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==",
"license": "MIT",
"engines": {
"node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/has-symbols": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz",
"integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==",
"license": "MIT",
"engines": {
"node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/hasown": {
"version": "2.0.2",
"resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
"integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
"license": "MIT",
"dependencies": {
"function-bind": "^1.1.2"
},
"engines": {
"node": ">= 0.4"
}
},
"node_modules/http-errors": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz",
"integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==",
"license": "MIT",
"dependencies": {
"depd": "~2.0.0",
"inherits": "~2.0.4",
"setprototypeof": "~1.2.0",
"statuses": "~2.0.2",
"toidentifier": "~1.0.1"
},
"engines": {
"node": ">= 0.8"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/express"
}
},
"node_modules/iconv-lite": {
"version": "0.7.2",
"resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.2.tgz",
"integrity": "sha512-im9DjEDQ55s9fL4EYzOAv0yMqmMBSZp6G0VvFyTMPKWxiSBHUj9NW/qqLmXUwXrrM7AvqSlTCfvqRb0cM8yYqw==",
"license": "MIT",
"dependencies": {
"safer-buffer": ">= 2.1.2 < 3.0.0"
},
"engines": {
"node": ">=0.10.0"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/express"
}
},
"node_modules/inherits": {
"version": "2.0.4",
"resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
"integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
"license": "ISC"
},
"node_modules/ipaddr.js": {
"version": "1.9.1",
"resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
"integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==",
"license": "MIT",
"engines": {
"node": ">= 0.10"
}
},
"node_modules/is-promise": {
"version": "4.0.0",
"resolved": "https://registry.npmjs.org/is-promise/-/is-promise-4.0.0.tgz",
"integrity": "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ==",
"license": "MIT"
},
"node_modules/math-intrinsics": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
"integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==",
"license": "MIT",
"engines": {
"node": ">= 0.4"
}
},
"node_modules/media-typer": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/media-typer/-/media-typer-1.1.0.tgz",
"integrity": "sha512-aisnrDP4GNe06UcKFnV5bfMNPBUw4jsLGaWwWfnH3v02GnBuXX2MCVn5RbrWo0j3pczUilYblq7fQ7Nw2t5XKw==",
"license": "MIT",
"engines": {
"node": ">= 0.8"
}
},
"node_modules/merge-descriptors": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-2.0.0.tgz",
"integrity": "sha512-Snk314V5ayFLhp3fkUREub6WtjBfPdCPY1Ln8/8munuLuiYhsABgBVWsozAG+MWMbVEvcdcpbi9R7ww22l9Q3g==",
"license": "MIT",
"engines": {
"node": ">=18"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
"node_modules/mime-db": {
"version": "1.54.0",
"resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz",
"integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==",
"license": "MIT",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/mime-types": {
"version": "3.0.2",
"resolved": "https://registry.npmjs.org/mime-types/-/mime-types-3.0.2.tgz",
"integrity": "sha512-Lbgzdk0h4juoQ9fCKXW4by0UJqj+nOOrI9MJ1sSj4nI8aI2eo1qmvQEie4VD1glsS250n15LsWsYtCugiStS5A==",
"license": "MIT",
"dependencies": {
"mime-db": "^1.54.0"
},
"engines": {
"node": ">=18"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/express"
}
},
"node_modules/ms": {
"version": "2.1.3",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
"integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
"license": "MIT"
},
"node_modules/negotiator": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/negotiator/-/negotiator-1.0.0.tgz",
"integrity": "sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg==",
"license": "MIT",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/object-inspect": {
"version": "1.13.4",
"resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz",
"integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==",
"license": "MIT",
"engines": {
"node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/on-finished": {
"version": "2.4.1",
"resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz",
"integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==",
"license": "MIT",
"dependencies": {
"ee-first": "1.1.1"
},
"engines": {
"node": ">= 0.8"
}
},
"node_modules/once": {
"version": "1.4.0",
"resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
"integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==",
"license": "ISC",
"dependencies": {
"wrappy": "1"
}
},
"node_modules/parseurl": {
"version": "1.3.3",
"resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
"integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==",
"license": "MIT",
"engines": {
"node": ">= 0.8"
}
},
"node_modules/path-to-regexp": {
"version": "8.3.0",
"resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.3.0.tgz",
"integrity": "sha512-7jdwVIRtsP8MYpdXSwOS0YdD0Du+qOoF/AEPIt88PcCFrZCzx41oxku1jD88hZBwbNUIEfpqvuhjFaMAqMTWnA==",
"license": "MIT",
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/express"
}
},
"node_modules/proxy-addr": {
"version": "2.0.7",
"resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
"integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
"license": "MIT",
"dependencies": {
"forwarded": "0.2.0",
"ipaddr.js": "1.9.1"
},
"engines": {
"node": ">= 0.10"
}
},
"node_modules/qs": {
"version": "6.15.0",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.15.0.tgz",
"integrity": "sha512-mAZTtNCeetKMH+pSjrb76NAM8V9a05I9aBZOHztWy/UqcJdQYNsf59vrRKWnojAT9Y+GbIvoTBC++CPHqpDBhQ==",
"license": "BSD-3-Clause",
"dependencies": {
"side-channel": "^1.1.0"
},
"engines": {
"node": ">=0.6"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/range-parser": {
"version": "1.2.1",
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
"integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==",
"license": "MIT",
"engines": {
"node": ">= 0.6"
}
},
"node_modules/raw-body": {
"version": "3.0.2",
"resolved": "https://registry.npmjs.org/raw-body/-/raw-body-3.0.2.tgz",
"integrity": "sha512-K5zQjDllxWkf7Z5xJdV0/B0WTNqx6vxG70zJE4N0kBs4LovmEYWJzQGxC9bS9RAKu3bgM40lrd5zoLJ12MQ5BA==",
"license": "MIT",
"dependencies": {
"bytes": "~3.1.2",
"http-errors": "~2.0.1",
"iconv-lite": "~0.7.0",
"unpipe": "~1.0.0"
},
"engines": {
"node": ">= 0.10"
}
},
"node_modules/router": {
"version": "2.2.0",
"resolved": "https://registry.npmjs.org/router/-/router-2.2.0.tgz",
"integrity": "sha512-nLTrUKm2UyiL7rlhapu/Zl45FwNgkZGaCpZbIHajDYgwlJCOzLSk+cIPAnsEqV955GjILJnKbdQC1nVPz+gAYQ==",
"license": "MIT",
"dependencies": {
"debug": "^4.4.0",
"depd": "^2.0.0",
"is-promise": "^4.0.0",
"parseurl": "^1.3.3",
"path-to-regexp": "^8.0.0"
},
"engines": {
"node": ">= 18"
}
},
"node_modules/safer-buffer": {
"version": "2.1.2",
"resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
"integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
"license": "MIT"
},
"node_modules/send": {
"version": "1.2.1",
"resolved": "https://registry.npmjs.org/send/-/send-1.2.1.tgz",
"integrity": "sha512-1gnZf7DFcoIcajTjTwjwuDjzuz4PPcY2StKPlsGAQ1+YH20IRVrBaXSWmdjowTJ6u8Rc01PoYOGHXfP1mYcZNQ==",
"license": "MIT",
"dependencies": {
"debug": "^4.4.3",
"encodeurl": "^2.0.0",
"escape-html": "^1.0.3",
"etag": "^1.8.1",
"fresh": "^2.0.0",
"http-errors": "^2.0.1",
"mime-types": "^3.0.2",
"ms": "^2.1.3",
"on-finished": "^2.4.1",
"range-parser": "^1.2.1",
"statuses": "^2.0.2"
},
"engines": {
"node": ">= 18"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/express"
}
},
"node_modules/serve-static": {
"version": "2.2.1",
"resolved": "https://registry.npmjs.org/serve-static/-/serve-static-2.2.1.tgz",
"integrity": "sha512-xRXBn0pPqQTVQiC8wyQrKs2MOlX24zQ0POGaj0kultvoOCstBQM5yvOhAVSUwOMjQtTvsPWoNCHfPGwaaQJhTw==",
"license": "MIT",
"dependencies": {
"encodeurl": "^2.0.0",
"escape-html": "^1.0.3",
"parseurl": "^1.3.3",
"send": "^1.2.0"
},
"engines": {
"node": ">= 18"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/express"
}
},
"node_modules/setprototypeof": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
"integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==",
"license": "ISC"
},
"node_modules/side-channel": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz",
"integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==",
"license": "MIT",
"dependencies": {
"es-errors": "^1.3.0",
"object-inspect": "^1.13.3",
"side-channel-list": "^1.0.0",
"side-channel-map": "^1.0.1",
"side-channel-weakmap": "^1.0.2"
},
"engines": {
"node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/side-channel-list": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz",
"integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==",
"license": "MIT",
"dependencies": {
"es-errors": "^1.3.0",
"object-inspect": "^1.13.3"
},
"engines": {
"node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/side-channel-map": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz",
"integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==",
"license": "MIT",
"dependencies": {
"call-bound": "^1.0.2",
"es-errors": "^1.3.0",
"get-intrinsic": "^1.2.5",
"object-inspect": "^1.13.3"
},
"engines": {
"node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/side-channel-weakmap": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz",
"integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==",
"license": "MIT",
"dependencies": {
"call-bound": "^1.0.2",
"es-errors": "^1.3.0",
"get-intrinsic": "^1.2.5",
"object-inspect": "^1.13.3",
"side-channel-map": "^1.0.1"
},
"engines": {
"node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/statuses": {
"version": "2.0.2",
"resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz",
"integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==",
"license": "MIT",
"engines": {
"node": ">= 0.8"
}
},
"node_modules/toidentifier": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
"integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==",
"license": "MIT",
"engines": {
"node": ">=0.6"
}
},
"node_modules/type-is": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/type-is/-/type-is-2.0.1.tgz",
"integrity": "sha512-OZs6gsjF4vMp32qrCbiVSkrFmXtG/AZhY3t0iAMrMBiAZyV9oALtXO8hsrHbMXF9x6L3grlFuwW2oAz7cav+Gw==",
"license": "MIT",
"dependencies": {
"content-type": "^1.0.5",
"media-typer": "^1.1.0",
"mime-types": "^3.0.0"
},
"engines": {
"node": ">= 0.6"
}
},
"node_modules/unpipe": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
"integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==",
"license": "MIT",
"engines": {
"node": ">= 0.8"
}
},
"node_modules/vary": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
"integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==",
"license": "MIT",
"engines": {
"node": ">= 0.8"
}
},
"node_modules/wrappy": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
"integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==",
"license": "ISC"
}
}
}

15
backend/package.json Normal file
View file

@ -0,0 +1,15 @@
{
"name": "backend",
"version": "1.0.0",
"main": "index.js",
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"keywords": [],
"author": "",
"license": "ISC",
"description": "",
"dependencies": {
"express": "^5.2.1"
}
}

59
backend/recipes/forgejo/install.sh Normal file
View file

@ -0,0 +1,59 @@
#!/bin/sh
set -e
# Forgejo installation helper for Sawa Panel
# Context: Runs inside /opt/forgejo via sh as root
echo "Configuring Forgejo environment..."
# 1. Create forgejo system user if it doesn't exist
# Handle Alpine BusyBox compatibility (fails silently if exists)
if ! id "forgejo" >/dev/null 2>&1; then
echo "Creating forgejo system user..."
adduser -S -D -H -h /opt/forgejo -s /sbin/nologin forgejo || true
fi
# 2. Setup directory structure for custom config and data
mkdir -p data custom/conf
# 3. Generate initial app.ini
SECRET_KEY=$(head -c 32 /dev/urandom | base64)
echo "Writing app.ini configuration..."
cat <<EOF > custom/conf/app.ini
APP_NAME = Sawa Forgejo
RUN_MODE = prod
RUN_USER = forgejo
[repository]
ROOT = /opt/forgejo/data/forgejo-repositories
[database]
DB_TYPE = postgres
HOST = 127.0.0.1:5432
NAME = forgejo
USER = forgejo
PASSWD = $SAWA_DB_PASSWORD
SSL_MODE = disable
[server]
SSH_DOMAIN = ${SAWA_DOMAIN:-git.home1.local}
HTTP_PORT = 3000
ROOT_URL = https://${SAWA_DOMAIN:-git.home1.local}/
DISABLE_SSH = false
SSH_PORT = 22
OFFLINE_MODE = false
APP_DATA_PATH = /opt/forgejo/data
[security]
INSTALL_LOCK = true
SECRET_KEY = $SECRET_KEY
[service]
DISABLE_REGISTRATION = false
EOF
# 4. Correct ownership so forgejo user can write to its own directories
FORGEJO_GROUP=$(id -gn forgejo 2>/dev/null || echo nogroup)
chown -R forgejo:$FORGEJO_GROUP .
echo "Forgejo installation script completed successfully."

41
backend/recipes/forgejo/recipe.json Normal file
View file

@ -0,0 +1,41 @@
{
"id": "forgejo",
"name": "Forgejo",
"version": "9.0.3",
"category": "Git Service",
"description": "A self-hosted lightweight software forge. Beyond code hosting, it provides a full workflow.",
"installDir": "/opt/forgejo",
"fetch": {
"type": "binary",
"url": "https://codeberg.org/forgejo/forgejo/releases/download/v{version}/forgejo-{version}-linux-amd64",
"filename": "forgejo",
"chmod": "755"
},
"database": {
"type": "postgres",
"dbName": "forgejo",
"dbUser": "forgejo"
},
"service": {
"type": "pm2",
"name": "forgejo",
"command": "./forgejo web",
"user": "forgejo",
"binary": "forgejo"
},
"vhost": {
"type": "proxy",
"proxyPort": 3000,
"defaultSubdomain": "git.home1"
},
"dependencies": [
"git",
"bash"
],
"steps": [
{
"name": "Execute Install Script",
"cmd": "sh \"$SAWA_RECIPE_DIR/install.sh\""
}
]
}

46
backend/recipes/pgadmin/install.sh Normal file
View file

@ -0,0 +1,46 @@
#!/bin/sh
set -e
# pgAdmin installation helper for Sawa Panel
# Context: Runs inside /opt/pgadmin via sh as root
echo "Configuring pgAdmin environment..."
# 1. Install pgadmin4 via pip
echo "Installing pgadmin4 via pip..."
pip install pgadmin4 --break-system-packages --root-user-action=ignore
# 2. Locate the pgAdmin4.py script dynamically
PGADMIN_PATH=$(find /usr -name "pgAdmin4.py" 2>/dev/null | head -1)
if [ -z "$PGADMIN_PATH" ]; then
echo "ERROR: pgAdmin4.py not found after install"
exit 1
fi
echo "PGADMIN_PATH=$PGADMIN_PATH" > /opt/pgadmin/pgadmin.env
# 3. Setup directory structure
mkdir -p data/sessions data/storage
# 4. Generate config_local.py
echo "Writing config_local.py configuration..."
cat <<EOF > config_local.py
SERVER_MODE = True
DATA_DIR = '/opt/pgadmin/data'
LOG_FILE = '/opt/pgadmin/data/pgadmin4.log'
SQLITE_PATH = '/opt/pgadmin/data/pgadmin4.db'
SESSION_DB_PATH = '/opt/pgadmin/data/sessions'
STORAGE_PATH = '/opt/pgadmin/data/storage'
DEFAULT_SERVER = '127.0.0.1'
EOF
# 5. Create pgadmin system user
PGADMIN_GROUP=$(id -gn pgadmin 2>/dev/null || echo nogroup)
if ! id "pgadmin" >/dev/null 2>&1; then
echo "Creating pgadmin system user..."
adduser -S -D -H -h /opt/pgadmin -s /sbin/nologin pgadmin || true
PGADMIN_GROUP=$(id -gn pgadmin 2>/dev/null || echo nogroup)
fi
# 6. Set appropriate ownership
chown -R pgadmin:$PGADMIN_GROUP .
echo "pgAdmin installation script completed successfully."

33
backend/recipes/pgadmin/recipe.json Normal file
View file

@ -0,0 +1,33 @@
{
"id": "pgadmin",
"name": "pgAdmin 4",
"version": "latest",
"category": "Database Utility",
"description": "Comprehensive design and management interface for PostgreSQL.",
"installDir": "/opt/pgadmin",
"fetch": {
"type": "none"
},
"dependencies": [
"python3",
"py3-pip",
"py3-flask"
],
"service": {
"type": "pm2",
"name": "pgadmin",
"command": "sh -c 'source /opt/pgadmin/pgadmin.env && python3 $PGADMIN_PATH'",
"user": "pgadmin"
},
"vhost": {
"type": "proxy",
"proxyPort": 5050,
"defaultSubdomain": "pgadmin.home1"
},
"steps": [
{
"name": "Execute Install Script",
"cmd": "sh \"$SAWA_RECIPE_DIR/install.sh\""
}
]
}

77
backend/routes/apps.js Normal file
View file

@ -0,0 +1,77 @@
const express = require('express');
const router = express.Router();
const appInstaller = require('../services/appInstaller');
/**
* GET /api/v1/apps
* Lists all recipes merged with installed status.
*/
router.get('/', (req, res) => {
try {
const recipes = appInstaller.loadRecipes();
const installed = appInstaller.getInstalledApps();
const merged = recipes.map(recipe => ({
...recipe,
installed: !!installed[recipe.id],
installedInfo: installed[recipe.id] || null
}));
res.json({ success: true, apps: merged });
} catch (err) {
res.status(500).json({ success: false, error: err.message });
}
});
/**
* POST /api/v1/apps/:id/install
* SSE endpoint for app installation streaming log.
*/
router.post('/:id/install', async (req, res) => {
const { id } = req.params;
const { domain, dbPassword, port } = req.body;
// Only domain is strictly required at this layer.
// appInstaller.js handles dbPassword validation if the recipe needs it.
if (!domain) {
return res.status(400).json({ success: false, error: 'Domain is required' });
}
// Set headers for SSE
res.setHeader('Content-Type', 'text/event-stream');
res.setHeader('Cache-Control', 'no-cache');
res.setHeader('Connection', 'keep-alive');
res.flushHeaders();
const onLog = (line) => {
res.write(`data: ${JSON.stringify({ log: line })}\n\n`);
};
try {
const result = await appInstaller.streamInstall(id, { domain, dbPassword, port }, onLog);
res.write(`data: ${JSON.stringify({ success: result.success, completed: true })}\n\n`);
} catch (err) {
res.write(`data: ${JSON.stringify({ error: err.message, completed: true })}\n\n`);
} finally {
res.end();
}
});
/**
* GET /api/v1/apps/:id/status
*/
router.get('/:id/status', (req, res) => {
try {
const installed = appInstaller.getInstalledApps();
const info = installed[req.params.id];
res.json({
success: true,
installed: !!info,
info: info || null
});
} catch (err) {
res.status(500).json({ success: false, error: err.message });
}
});
module.exports = router;

64
backend/routes/services.js Normal file
View file

@ -0,0 +1,64 @@
const express = require('express');
const { getServicesStatus, executeServiceAction, ALLOWED_SERVICES } = require('../services/rcService');
const router = express.Router();
// Middleware to check if a service name is in the whitelist before proceeding
const validateServiceWhitelist = (req, res, next) => {
const serviceName = req.params.name;
if (!ALLOWED_SERVICES.includes(serviceName)) {
return res.status(400).json({ error: `Service '${serviceName}' is not in the allowed whitelist: ${ALLOWED_SERVICES.join(', ')}` });
}
next();
};
/**
* GET /api/v1/services
* Returns the status of all whitelisted services.
*/
router.get('/', (req, res) => {
try {
const statuses = getServicesStatus();
res.json(statuses);
} catch (err) {
res.status(500).json({ error: err.message });
}
});
/**
* POST /api/v1/services/:name/start
*/
router.post('/:name/start', validateServiceWhitelist, (req, res) => {
try {
const result = executeServiceAction(req.params.name, 'start');
res.json(result);
} catch (err) {
res.status(500).json({ error: err.message });
}
});
/**
* POST /api/v1/services/:name/stop
*/
router.post('/:name/stop', validateServiceWhitelist, (req, res) => {
try {
const result = executeServiceAction(req.params.name, 'stop');
res.json(result);
} catch (err) {
res.status(500).json({ error: err.message });
}
});
/**
* POST /api/v1/services/:name/restart
*/
router.post('/:name/restart', validateServiceWhitelist, (req, res) => {
try {
const result = executeServiceAction(req.params.name, 'restart');
res.json(result);
} catch (err) {
res.status(500).json({ error: err.message });
}
});
module.exports = router;

66
backend/routes/system.js Normal file
View file

@ -0,0 +1,66 @@
const express = require('express');
const systemService = require('../services/systemInfo');
const router = express.Router();
/**
* GET /api/v1/system/cpu
*/
router.get('/cpu', async (req, res) => {
try {
const usage = await systemService.getCpuUsage();
res.json({ success: true, usage });
} catch (err) {
res.status(500).json({ success: false, error: err.message });
}
});
/**
* GET /api/v1/system/memory
*/
router.get('/memory', (req, res) => {
try {
const memory = systemService.getMemoryInfo();
res.json({ success: true, ...memory });
} catch (err) {
res.status(500).json({ success: false, error: err.message });
}
});
/**
* GET /api/v1/system/disk
*/
router.get('/disk', (req, res) => {
try {
const disk = systemService.getDiskUsage();
res.json({ success: true, partitions: disk });
} catch (err) {
res.status(500).json({ success: false, error: err.message });
}
});
/**
* GET /api/v1/system/uptime
*/
router.get('/uptime', (req, res) => {
try {
const uptime = systemService.getUptime();
res.json({ success: true, ...uptime });
} catch (err) {
res.status(500).json({ success: false, error: err.message });
}
});
/**
* GET /api/v1/system/load
*/
router.get('/load', (req, res) => {
try {
const load = systemService.getLoadAverage();
res.json({ success: true, ...load });
} catch (err) {
res.status(500).json({ success: false, error: err.message });
}
});
module.exports = router;

84
backend/routes/vhosts.js Normal file
View file

@ -0,0 +1,84 @@
const express = require('express');
const vhostService = require('../services/vhostService');
const router = express.Router();
const validateFilename = (req, res, next) => {
const { filename } = req.params;
if (!/^[a-zA-Z0-9._-]+$/.test(filename) || filename.includes('..') || filename.includes('/')) {
return res.status(400).json({ success: false, error: 'Invalid filename' });
}
next();
};
/**
* GET /api/v1/vhosts
*/
router.get('/', (req, res) => {
try {
const vhosts = vhostService.listVHosts();
res.json({ success: true, vhosts });
} catch (err) {
res.status(500).json({ success: false, error: err.message });
}
});
/**
* POST /api/v1/vhosts
* Creates a new virtual host configuration.
*/
router.post('/', (req, res) => {
try {
const { domain, root, port, type } = req.body;
if (!domain || !root || !port || !type) {
return res.status(400).json({ success: false, error: 'Missing required fields (domain, root, port, type)' });
}
const filename = vhostService.createVHost(domain, root, port, type);
res.json({ success: true, filename });
} catch (err) {
res.status(500).json({ success: false, error: err.message });
}
});
/**
* POST /api/v1/vhosts/:filename/enable
*/
router.post('/:filename/enable', validateFilename, (req, res) => {
try {
const { filename } = req.params;
const newFilename = vhostService.toggleVHost(filename, true);
vhostService.reloadNginx();
res.json({ success: true, filename: newFilename });
} catch (err) {
res.status(500).json({ success: false, error: err.message });
}
});
/**
* POST /api/v1/vhosts/:filename/disable
*/
router.post('/:filename/disable', validateFilename, (req, res) => {
try {
const { filename } = req.params;
const newFilename = vhostService.toggleVHost(filename, false);
vhostService.reloadNginx();
res.json({ success: true, filename: newFilename });
} catch (err) {
res.status(500).json({ success: false, error: err.message });
}
});
/**
* POST /api/v1/vhosts/reload
*/
router.post('/reload', (req, res) => {
try {
vhostService.reloadNginx();
res.json({ success: true });
} catch (err) {
res.status(500).json({ success: false, error: err.message });
}
});
module.exports = router;

301
backend/services/appInstaller.js Normal file
View file

@ -0,0 +1,301 @@
const fs = require('fs');
const path = require('path');
const { execFileSync } = require('child_process');
const vhostService = require('./vhostService');
const RECIPES_DIR = path.join(__dirname, '../recipes');
const INSTALLED_FILE = '/var/lib/sawa/installed.json';
// Ensure data directory exists
if (!fs.existsSync(path.dirname(INSTALLED_FILE))) {
try {
execFileSync('mkdir', ['-p', path.dirname(INSTALLED_FILE)]);
execFileSync('chown', ['root:root', path.dirname(INSTALLED_FILE)]);
} catch (e) {
console.error('Failed to prepare /var/lib/sawa:', e.message);
}
}
/**
* Validates identifiers for security (dbName, dbUser, recipeId).
*/
const validateIdentifier = (str) => {
if (!/^[a-zA-Z0-9_-]+$/.test(str)) {
throw new Error(`Invalid identifier: ${str}`);
}
};
/**
* Validates password to prevent issues with quoting.
*/
const validatePassword = (str) => {
// We escape single quotes now, but still good to avoid some patterns if necessary.
// For now, removing the $$ restriction since we use stdin and single quote escaping.
};
/**
* Escapes single quotes for standard SQL.
*/
const escapeSql = (str) => str.replace(/'/g, "''");
/**
* Loads all recipe.json files from the recipes directory.
*/
const loadRecipes = () => {
try {
if (!fs.existsSync(RECIPES_DIR)) return [];
const folders = fs.readdirSync(RECIPES_DIR);
return folders.map(folder => {
const recipePath = path.join(RECIPES_DIR, folder, 'recipe.json');
if (fs.existsSync(recipePath)) {
return JSON.parse(fs.readFileSync(recipePath, 'utf-8'));
}
return null;
}).filter(Boolean);
} catch (err) {
console.error('Failed to load recipes:', err);
return [];
}
};
/**
* Reads the status of installed applications.
*/
const getInstalledApps = () => {
try {
if (!fs.existsSync(INSTALLED_FILE)) return {};
return JSON.parse(fs.readFileSync(INSTALLED_FILE, 'utf-8'));
} catch (err) {
return {};
}
};
/**
* Executes installation for a specific recipe.
* Shared logic for both standard and streaming installs.
*/
const installApp = async (recipeId, options, onLog = null) => {
validateIdentifier(recipeId);
const logs = [];
const log = (msg) => {
const line = `[${new Date().toLocaleTimeString()}] ${msg}`;
logs.push(line);
if (onLog) onLog(line);
console.log(`[Installer:${recipeId}] ${line}`);
return line;
};
try {
const recipes = loadRecipes();
const recipe = recipes.find(r => r.id === recipeId);
if (!recipe) throw new Error(`Recipe ${recipeId} not found`);
log(`Starting installation of ${recipe.name} v${recipe.version}...`);
// Clean start: remove existing installDir if any
if (recipe.installDir) {
log(`Cleaning up existing directory: ${recipe.installDir}...`);
try { execFileSync('rm', ['-rf', recipe.installDir]); } catch (e) { }
}
// 0. Dependencies
if (recipe.dependencies) {
await _stepDependencies(recipe, log);
}
// 1. Fetch
await _stepFetch(recipe, log);
// 2. Database
if (recipe.database) {
validateIdentifier(recipe.database.dbName);
validateIdentifier(recipe.database.dbUser);
await _stepDatabase(recipe.database, options.dbPassword, log);
}
// 3. Custom Steps
if (recipe.steps) {
await _stepCustom(recipe, options, options.dbPassword, log);
}
// 4. Service (PM2)
if (recipe.service) {
await _stepService(recipe.service, recipe.installDir, log);
}
// 5. VHost
if (recipe.vhost) {
await _stepVHost(recipe, options, log);
}
// Finalize
const installed = getInstalledApps();
installed[recipeId] = {
version: recipe.version,
installedAt: new Date().toISOString(),
domain: options.domain
};
fs.writeFileSync(INSTALLED_FILE, JSON.stringify(installed, null, 2));
log(`Successfully installed ${recipe.name}!`);
return { success: true, logs };
} catch (err) {
log(`FATAL ERROR: ${err.message}`);
return { success: false, logs };
}
};
/**
* SSE-friendly wrapper for installation.
*/
const streamInstall = async (recipeId, options, onLog) => {
return await installApp(recipeId, options, onLog);
};
// --- PRIVATE STEP HELPERS ---
const _stepDependencies = async (recipe, log) => {
const { dependencies } = recipe;
if (!dependencies || !Array.isArray(dependencies)) return;
log(`Installing dependencies: ${dependencies.join(', ')}...`);
for (const item of dependencies) {
log(`Adding package: ${item}...`);
execFileSync('apk', ['add', item]);
}
log('Dependencies installed.');
};
const _stepFetch = async (recipe, log) => {
const { fetch, version, installDir } = recipe;
log(`Preparing directory: ${installDir}...`);
// Panel runs as root, no sudo needed
execFileSync('mkdir', ['-p', installDir]);
execFileSync('chown', ['root:root', installDir]);
if (fetch.type === 'none') {
log('No fetch required, skipping...');
return;
}
if (fetch.type === 'binary') {
const url = fetch.url.replace(/{version}/g, version);
const dest = path.join(installDir, fetch.filename);
log(`Downloading binary...`);
execFileSync('curl', ['-L', '-o', dest, url]);
if (fetch.chmod) {
execFileSync('chmod', [fetch.chmod, dest]);
}
}
log('Fetch completed.');
};
const _stepDatabase = async (dbConfig, password, log) => {
const { type, dbName, dbUser } = dbConfig;
log(`Provisioning ${type} database: ${dbName}...`);
if (type === 'postgres') {
const escapedPassword = escapeSql(password);
// Idempotent Cleanup
const cleanupSql =
`DROP DATABASE IF EXISTS ${dbName};\n` +
`DROP USER IF EXISTS ${dbUser};\n`;
const createSql =
`CREATE USER ${dbUser} WITH PASSWORD '${escapedPassword}';\n` +
`CREATE DATABASE ${dbName} OWNER ${dbUser};\n`;
try {
log(`Cleaning up existing database/user if any...`);
execFileSync('sudo', ['-u', 'postgres', 'psql'], {
input: cleanupSql,
env: { ...process.env }
});
log(`Creating database and user...`);
execFileSync('sudo', ['-u', 'postgres', 'psql'], {
input: createSql,
env: { ...process.env }
});
} catch (e) {
log(`Database note: ${e.message.split('\n')[0]}`);
}
} else if (type === 'mariadb') {
// MariaDB idempotency
execFileSync('mysql', ['-e', `DROP DATABASE IF EXISTS ${dbName};`]);
execFileSync('mysql', ['-e', `DROP USER IF EXISTS '${dbUser}'@'localhost';`]);
execFileSync('mysql', ['-e', `CREATE DATABASE ${dbName};`]);
execFileSync('mysql', ['-e', `CREATE USER '${dbUser}'@'localhost' IDENTIFIED BY '${password}';`]);
execFileSync('mysql', ['-e', `GRANT ALL PRIVILEGES ON ${dbName}.* TO '${dbUser}'@'localhost';`]);
execFileSync('mysql', ['-e', 'FLUSH PRIVILEGES;']);
}
log('Database provisioning completed.');
};
const _stepCustom = async (recipe, options, password, log) => {
const { steps, installDir } = recipe;
for (const step of steps) {
log(`Executing: ${step.name}...`);
execFileSync('sh', ['-c', step.cmd], {
cwd: installDir,
env: {
...process.env,
SAWA_DB_PASSWORD: password,
SAWA_DOMAIN: options.domain,
SAWA_RECIPE_DIR: path.join(RECIPES_DIR, recipe.id)
}
});
}
log('Custom steps completed.');
};
const _stepService = async (serviceConfig, installDir, log) => {
const { type, name, command, user } = serviceConfig;
log(`Registering ${type} service: ${name}...`);
if (type === 'pm2') {
try { execFileSync('pm2', ['delete', name]); } catch (e) { }
const args = ['start', command, '--name', name];
if (user) {
args.push('--user', user);
}
execFileSync('pm2', args, { cwd: installDir });
execFileSync('pm2', ['save']);
}
log('Service registration completed.');
};
const _stepVHost = async (recipe, options, log) => {
const { vhost, installDir } = recipe;
const { domain } = options;
const port = options.port || vhost.proxyPort || 80;
log(`Configuring Nginx vhost for ${domain}...`);
const type = vhost.type === 'proxy' ? 'proxy' : 'static';
const rootOrUrl = type === 'proxy' ? `http://127.0.0.1:${port}` : installDir;
// createVHost returns filename like "domain.conf.disabled"
const filename = await vhostService.createVHost(domain, rootOrUrl, port, type);
// Enable and reload
await vhostService.toggleVHost(filename, true);
await vhostService.reloadNginx();
log('Nginx vhost configured, enabled and reloaded.');
};
module.exports = {
loadRecipes,
getInstalledApps,
installApp,
streamInstall
};

90
backend/services/rcService.js Normal file
View file

@ -0,0 +1,90 @@
const { execSync, execFileSync } = require('child_process');
// Parse ALLOWED_SERVICES from the environment, defaulting to the fallback list in docs
const ALLOWED_SERVICES = process.env.ALLOWED_SERVICES
? process.env.ALLOWED_SERVICES.split(',').map(s => s.trim())
: ['nginx', 'postgresql', 'mariadb', 'redis', 'memcached', 'sshd', 'nftables'];
/**
* Executes an rc-service command for the specified service
* @param {string} serviceName Name of the service
* @param {string} action action to perform: 'start', 'stop', 'restart', 'status'
* @returns {object} { stdout, stderr, code }
*/
const runRcService = (serviceName, action) => {
// Final safeguard inside the child_process wrapper, even though the router uses middleware.
if (!ALLOWED_SERVICES.includes(serviceName)) {
throw new Error('Service not in whitelist');
}
// Define valid actions to prevent command injection
const VALID_ACTIONS = ['start', 'stop', 'restart', 'status'];
if (!VALID_ACTIONS.includes(action)) {
throw new Error('Invalid service action');
}
try {
// execFileSync bypasses the shell entirely and is safer.
const output = execFileSync('sudo', ['rc-service', serviceName, action], {
encoding: 'utf-8',
stdio: ['pipe', 'pipe', 'pipe']
});
return {
success: true,
service: serviceName,
action: action,
output: output.trim()
};
} catch (err) {
return {
success: false,
service: serviceName,
action: action,
error: err.message,
code: err.status || 1,
stderr: err.stderr ? err.stderr.toString().trim() : '',
stdout: err.stdout ? err.stdout.toString().trim() : ''
};
}
};
/**
* Retrieves the status of all allowed services.
* In Alpine's rc-service, status exits with 0 if running, and non-zero if stopped/failed.
*/
const getServicesStatus = () => {
const statuses = {};
for (const service of ALLOWED_SERVICES) {
try {
// execFileSync returns 0 (completes) if service is running, throws if not
execFileSync('sudo', ['rc-service', service, 'status'], {
encoding: 'utf-8',
stdio: ['ignore', 'ignore', 'ignore']
});
statuses[service] = 'started';
} catch (e) {
// Exited with non-zero
statuses[service] = 'stopped';
}
}
return {
success: true,
services: statuses
};
};
/**
* Execute start, stop, or restart action for a specific service.
*/
const executeServiceAction = (serviceName, action) => {
return runRcService(serviceName, action);
};
module.exports = {
ALLOWED_SERVICES,
getServicesStatus,
executeServiceAction
};

139
backend/services/systemInfo.js Normal file
View file

@ -0,0 +1,139 @@
const fs = require('fs');
const os = require('os');
const { execFileSync } = require('child_process');
/**
* Reads and parses /proc/stat to calculate CPU usage.
* To get a real-time percentage, it samples twice with a small delay.
* @returns {Promise<number>} CPU usage percent (0-100)
*/
const getCpuUsage = async () => {
const getStats = () => {
const data = fs.readFileSync('/proc/stat', 'utf8');
const lines = data.split('\n');
const cpuLine = lines[0].split(/\s+/).slice(1);
const idle = parseInt(cpuLine[3], 10);
const total = cpuLine.reduce((acc, val) => acc + parseInt(val, 10), 0);
return { idle, total };
};
const stats1 = getStats();
await new Promise(resolve => setTimeout(resolve, 200));
const stats2 = getStats();
const idleDiff = stats2.idle - stats1.idle;
const totalDiff = stats2.total - stats1.total;
if (totalDiff === 0) return 0;
const usage = 100 * (1 - idleDiff / totalDiff);
return parseFloat(usage.toFixed(1));
};
/**
* Reads /proc/meminfo to calculate memory stats in MB.
* @returns {object} { total, used, free }
*/
const getMemoryInfo = () => {
const data = fs.readFileSync('/proc/meminfo', 'utf8');
const lines = data.split('\n');
const stats = {};
lines.forEach(line => {
const parts = line.split(':');
if (parts.length === 2) {
stats[parts[0].trim()] = parseInt(parts[1].trim().split(' ')[0], 10);
}
});
const total = Math.round(stats.MemTotal / 1024);
const free = Math.round(stats.MemFree / 1024);
const buffers = Math.round((stats.Buffers || 0) / 1024);
const cached = Math.round((stats.Cached || 0) / 1024);
const available = Math.round((stats.MemAvailable || (stats.MemFree + stats.Buffers + stats.Cached)) / 1024);
const used = total - available;
return {
total,
used: Math.max(0, used),
free: available
};
};
const getDiskUsage = () => {
try {
// -T shows filesystem type
const output = execFileSync('df', ['-T'], { encoding: 'utf-8' });
const lines = output.trim().split('\n').slice(1); // Skip header
const allowedFS = ['ext4', 'ext3', 'xfs', 'btrfs', 'vfat'];
return lines.map(line => {
const parts = line.split(/\s+/);
const totalBlocks = parseInt(parts[2]);
const usedBlocks = parseInt(parts[3]);
const availBlocks = parseInt(parts[4]);
return {
mount: parts[6],
type: parts[1],
total: (totalBlocks * 1024 / 1e9).toFixed(1), // GB
used: (usedBlocks * 1024 / 1e9).toFixed(1), // GB
free: (availBlocks * 1024 / 1e9).toFixed(1),// GB
percent: parts[5], // Keep as string with % for now as per current frontend usage
unit: 'GB'
};
}).filter(d =>
allowedFS.includes(d.type) &&
parseFloat(d.total) > 0 &&
d.mount.startsWith('/')
);
} catch (err) {
console.error('Error getting disk usage:', err.message);
return [];
}
};
/**
* Calculates system uptime.
* @returns {object} { seconds, human }
*/
const getUptime = () => {
const seconds = Math.floor(os.uptime());
const days = Math.floor(seconds / (24 * 3600));
const hours = Math.floor((seconds % (24 * 3600)) / 3600);
const minutes = Math.floor((seconds % 3600) / 60);
let human = '';
if (days > 0) human += `${days} day${days > 1 ? 's' : ''}, `;
if (hours > 0) human += `${hours} hour${hours > 1 ? 's' : ''}, `;
human += `${minutes} minute${minutes > 1 ? 's' : ''}`;
return {
seconds,
human
};
};
/**
* Reads /proc/loadavg to get system load.
* @returns {object} { one, five, fifteen }
*/
const getLoadAverage = () => {
const data = fs.readFileSync('/proc/loadavg', 'utf8');
const parts = data.trim().split(/\s+/);
return {
one: parseFloat(parts[0]),
five: parseFloat(parts[1]),
fifteen: parseFloat(parts[2])
};
};
module.exports = {
getCpuUsage,
getMemoryInfo,
getDiskUsage,
getUptime,
getLoadAverage
};

170
backend/services/vhostService.js Normal file
View file

@ -0,0 +1,170 @@
const fs = require('fs');
const path = require('path');
const { execFileSync } = require('child_process');
const NGINX_DIR = process.env.NGINX_CONF_D || '/etc/nginx/conf.d';
/**
* Validates filename to prevent path traversal.
* @param {string} filename
*/
const validateFilename = (filename) => {
if (!/^[a-zA-Z0-9._-]+$/.test(filename)) {
throw new Error('Invalid filename');
}
if (filename.includes('..') || filename.includes('/')) {
throw new Error('Invalid filename');
}
};
/**
* Validates filesystem path characters.
* @param {string} pathStr
*/
const validatePath = (pathStr) => {
if (!/^[a-zA-Z0-9/_.-]+$/.test(pathStr)) {
throw new Error('Invalid path characters');
}
};
/**
* Lists all virtual hosts in the Nginx config directory.
* Looks for .conf and .conf.disabled files.
* @returns {Array<object>} [{ filename, serverName, root, enabled }]
*/
const listVHosts = () => {
try {
if (!fs.existsSync(NGINX_DIR)) {
console.warn(`Nginx config directory not found: ${NGINX_DIR}`);
return [];
}
const files = fs.readdirSync(NGINX_DIR);
const vhosts = [];
files.forEach(file => {
const isEnabled = file.endsWith('.conf');
const isDisabled = file.endsWith('.conf.disabled');
if (isEnabled || isDisabled) {
const fullPath = path.join(NGINX_DIR, file);
const content = fs.readFileSync(fullPath, 'utf8');
// Extract server_name and root using regex
const serverNameMatch = content.match(/server_name\s+([^;]+);/);
const rootMatch = content.match(/root\s+([^;]+);/);
vhosts.push({
filename: file,
serverName: serverNameMatch ? serverNameMatch[1].trim() : 'unknown',
root: rootMatch ? rootMatch[1].trim() : 'unknown',
enabled: isEnabled
});
}
});
return vhosts;
} catch (err) {
console.error('Error listing vhosts:', err.message);
throw err;
}
};
/**
* Renames a vhost file to enable or disable it.
* @param {string} filename
* @param {boolean} enable
*/
const toggleVHost = (filename, enable) => {
validateFilename(filename);
const currentPath = path.join(NGINX_DIR, filename);
let newFilename = filename;
if (enable && filename.endsWith('.conf.disabled')) {
newFilename = filename.replace('.conf.disabled', '.conf');
} else if (!enable && filename.endsWith('.conf')) {
newFilename = filename + '.disabled';
} else {
// Already in desired state or unexpected filename
return filename;
}
const newPath = path.join(NGINX_DIR, newFilename);
// Using sudo mv via execFileSync might be safer if permissions are tight,
// but the app should have permission if setup correctly.
// We'll try fs.renameSync first.
fs.renameSync(currentPath, newPath);
return newFilename;
};
/**
* Creates a new virtual host configuration.
* @param {string} domain
* @param {string} documentRoot
* @param {number} port
* @param {string} type - 'static' | 'proxy'
*/
const createVHost = (domain, documentRoot, port, type) => {
validateFilename(domain);
validatePath(documentRoot);
const filename = `${domain}.conf.disabled`;
const fullPath = path.join(NGINX_DIR, filename);
let config = '';
if (type === 'static') {
config = `server {
listen ${port};
server_name ${domain};
root ${documentRoot};
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
}
`;
} else if (type === 'proxy') {
config = `server {
listen 80;
server_name ${domain};
location / {
proxy_pass http://127.0.0.1:${port};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
`;
}
fs.writeFileSync(fullPath, config);
return filename;
};
/**
* Reloads Nginx using rc-service.
*/
const reloadNginx = () => {
try {
// First test config
execFileSync('sudo', ['nginx', '-t']);
// Then reload
execFileSync('sudo', ['rc-service', 'nginx', 'reload']);
return true;
} catch (err) {
console.error('Nginx reload failed:', err.message);
throw new Error(`Nginx reload failed: ${err.stderr || err.message}`);
}
};
module.exports = {
listVHosts,
toggleVHost,
createVHost,
reloadNginx
};

52
backend/test-api.sh Normal file
View file

@ -0,0 +1,52 @@
#!/bin/bash
# Configuration
API_URL="http://127.0.0.1:3001/api/v1"
# Colors for output
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m'
echo "Starting Backend API tests..."
echo "----------------------------"
test_endpoint() {
local method=$1
local endpoint=$2
local expected_status=$3
local description=$4
echo -n "Test: $description... "
# Execute curl and capture http status code
local response=$(curl -s -o /dev/null -w "%{http_code}" -X "$method" "$API_URL$endpoint")
if [ "$response" -eq "$expected_status" ]; then
echo -e "${GREEN}PASS${NC} (Status: $response)"
else
echo -e "${RED}FAIL${NC} (Expected: $expected_status, Got: $response)"
return 1
fi
}
# 1. Test GET /services
test_endpoint "GET" "/services" 200 "GET services list"
# 2. Test POST redis start
test_endpoint "POST" "/services/redis/start" 200 "POST start redis"
# 3. Test POST redis stop
test_endpoint "POST" "/services/redis/stop" 200 "POST stop redis"
# 4. Test POST redis restart
test_endpoint "POST" "/services/redis/restart" 200 "POST restart redis"
# 5. Test Whitelist Enforcement (Invalid Service)
test_endpoint "POST" "/services/rm-rf-slash/start" 400 "Reject non-whitelisted service"
# 6. Test 404
test_endpoint "GET" "/non-existent" 404 "Handle non-existent endpoint"
echo "----------------------------"
echo "Tests completed."

49
backend/test-system.sh Normal file
View file

@ -0,0 +1,49 @@
#!/bin/bash
# backend/test-system.sh — Test system monitoring endpoints
# Configuration
API_URL="http://127.0.0.1:3001/api/v1/system"
# Colors for output
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m'
echo "Starting System Monitoring API tests..."
echo "---------------------------------------"
test_endpoint() {
local endpoint=$1
local description=$2
echo -n "Test: $description... "
# Execute curl and capture response + status code
local response=$(curl -s -X GET "$API_URL$endpoint")
local status=$(curl -s -o /dev/null -w "%{http_code}" -X GET "$API_URL$endpoint")
if [ "$status" -eq 200 ]; then
echo -e "${GREEN}PASS${NC} (Status: $status)"
# Basic JSON validation (check if success: true is present)
if echo "$response" | grep -q '"success":true'; then
echo " Data: $response"
else
echo -e " ${RED}ERROR: Invalid JSON response${NC}"
return 1
fi
else
echo -e "${RED}FAIL${NC} (Status: $status)"
echo " Error: $response"
return 1
fi
}
# Run tests
test_endpoint "/cpu" "GET CPU Usage"
test_endpoint "/memory" "GET Memory Info"
test_endpoint "/disk" "GET Disk Usage"
test_endpoint "/uptime" "GET System Uptime"
test_endpoint "/load" "GET Load Averages"
echo "---------------------------------------"
echo "Tests completed."

35
backend/test-vhosts.sh Normal file
View file

@ -0,0 +1,35 @@
#!/bin/bash
# backend/test-vhosts.sh — Test Nginx VHost management endpoints
# Configuration
API_URL="http://127.0.0.1:3001/api/v1/vhosts"
# Colors for output
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m'
echo "Starting Nginx VHost API tests..."
echo "-----------------------------------"
test_get() {
echo -n "Test: GET VHost list... "
local response=$(curl -s -X GET "$API_URL/")
local status=$(curl -s -o /dev/null -w "%{http_code}" -X GET "$API_URL/")
if [ "$status" -eq 200 ]; then
echo -e "${GREEN}PASS${NC}"
echo " Data: $response"
else
echo -e "${RED}FAIL${NC} (Status: $status)"
echo " Error: $response"
fi
}
# Note: Toggle tests are dangerous in production, so we only test GET here.
# For full verification, a mock NGINX_DIR should be used.
test_get
echo "-----------------------------------"
echo "Tests completed."

6
certs/.gitignore vendored Normal file
View file

@ -0,0 +1,6 @@
# Ignore generated certificates and keys
*.key
*.crt
*.p12
*.srl
*.csr

24
certs/create-ca.sh Normal file
View file

@ -0,0 +1,24 @@
#!/bin/sh
# certs/create-ca.sh — Generate Root CA for Sawa Control Panel
# Exit on error
set -e
CERT_DIR=$(dirname "$0")
CA_KEY="$CERT_DIR/ca.key"
CA_CRT="$CERT_DIR/ca.crt"
echo "Step 1: Generating Root CA Private Key (4096-bit RSA)..."
openssl genrsa -out "$CA_KEY" 4096
echo "Step 2: Generating self-signed Root CA Certificate (valid for 10 years)..."
echo "Using Subject: /CN=Sawa Control Panel Root CA/O=Sawa/C=XX"
openssl req -x509 -new -nodes -key "$CA_KEY" -sha256 -days 3650 -out "$CA_CRT" -subj "/CN=Sawa Control Panel Root CA/O=Sawa/C=XX"
echo ""
echo "--------------------------------------------------------"
echo "ROOT CA SUCCESSFUL"
echo "--------------------------------------------------------"
echo "Generated $CA_KEY (Keep this extremely secure!)"
echo "Generated $CA_CRT (Distribute this to client devices)"
echo "--------------------------------------------------------"

55
certs/create-client.sh Normal file
View file

@ -0,0 +1,55 @@
#!/bin/sh
# certs/create-client.sh — Generate Client Certificate for Sawa Control Panel
# Exit on error
set -e
if [ -z "$1" ]; then
echo "Usage: $0 <device-name>"
echo "Example: $0 my-phone"
exit 1
fi
DEVICE_NAME=$1
CERT_DIR=$(dirname "$0")
CA_KEY="$CERT_DIR/ca.key"
CA_CRT="$CERT_DIR/ca.crt"
CLIENT_KEY="$CERT_DIR/$DEVICE_NAME.key"
CLIENT_CSR="$CERT_DIR/$DEVICE_NAME.csr"
CLIENT_CRT="$CERT_DIR/$DEVICE_NAME.crt"
CLIENT_P12="$CERT_DIR/$DEVICE_NAME.p12"
# Validation
if [ ! -f "$CA_KEY" ] || [ ! -f "$CA_CRT" ]; then
echo "Error: Root CA not found. Please run create-ca.sh first."
exit 1
fi
echo "Step 1: Generating 2048-bit RSA private key for $DEVICE_NAME..."
openssl genrsa -out "$CLIENT_KEY" 2048
echo "Step 2: Generating Certificate Signing Request (CSR)..."
openssl req -new -key "$CLIENT_KEY" -out "$CLIENT_CSR" -subj "/CN=$DEVICE_NAME/O=Sawa/C=XX"
echo "Step 3: Signing the client certificate with Root CA (valid for 2 years)..."
printf "extendedKeyUsage=clientAuth\nkeyUsage=digitalSignature" > "$CERT_DIR/client_ext.cnf"
openssl x509 -req -in "$CLIENT_CSR" -CA "$CA_CRT" -CAkey "$CA_KEY" \
-CAcreateserial -out "$CLIENT_CRT" -days 730 -sha256 \
-extfile "$CERT_DIR/client_ext.cnf"
rm "$CERT_DIR/client_ext.cnf"
echo "Step 4: Exporting to PKCS12 (.p12) for mobile/browser installation..."
echo "IMPORTANT: iOS requires a non-empty password. You will be prompted for one now:"
openssl pkcs12 -export -out "$CLIENT_P12" -inkey "$CLIENT_KEY" -in "$CLIENT_CRT" -certfile "$CA_CRT"
# Cleanup temporary CSR
rm "$CLIENT_CSR"
echo ""
echo "--------------------------------------------------------"
echo "CLIENT CERTIFICATE SUCCESSFUL for: $DEVICE_NAME"
echo "--------------------------------------------------------"
echo "PEM Key: $CLIENT_KEY"
echo "PEM Cert: $CLIENT_CRT"
echo "PKCS12: $CLIENT_P12 (Use this for phone/browser)"
echo "--------------------------------------------------------"

131
deploy.ps1 Normal file
View file

@ -0,0 +1,131 @@
# deploy.ps1 -- Sawa Control Panel Deployment Script
# Run from the project root: .\deploy.ps1 -All
# Or specific steps: .\deploy.ps1 -Certs -Frontend -Backend
param(
[switch]$All,
[switch]$Certs,
[switch]$Backend,
[switch]$Frontend,
[switch]$Nginx,
[switch]$Recipes
)
# CONFIG
$SERVER_IP = "10.0.0.10"
$SERVER_USER = "root"
$PROJECT_DIR = $PSScriptRoot
$SERVER = "$SERVER_USER@$SERVER_IP"
# HELPERS
function Pass { param($msg) Write-Host " PASS: $msg" -ForegroundColor Green }
function Fail { param($msg) Write-Host " FAIL: $msg" -ForegroundColor Red; exit 1 }
function Step { param($msg) Write-Host "" ; Write-Host ">> $msg" -ForegroundColor Cyan }
function Run {
param($cmd)
Invoke-Expression $cmd
if ($LASTEXITCODE -ne 0) { Fail "Command failed: $cmd" }
}
function Deploy-Certs {
Step "Deploying CA certificate to server..."
$caFile = "$PROJECT_DIR\certs\ca.crt"
if (-not (Test-Path $caFile)) { Fail "ca.crt not found. Run create-ca.sh first." }
Run "ssh ${SERVER} 'mkdir -p /etc/nginx/ssl'"
Run "scp `"$caFile`" ${SERVER}:/etc/nginx/ssl/ca.crt"
Pass "CA certificate deployed"
}
function Deploy-Backend {
Step "Bundling backend into single tar.gz..."
$TMP_TAR = "$env:TEMP\sawa-backend.tar.gz"
Push-Location "$PROJECT_DIR\backend"
tar -czf $TMP_TAR --exclude="*.sh" --exclude="*.md" .
if ($LASTEXITCODE -ne 0) { Fail "tar failed. Requires Windows 10 build 17063+" }
Pass "Backend bundled"
Pop-Location
Step "Uploading archive to server (1 file)..."
Run "scp `"$TMP_TAR`" ${SERVER}:/tmp/sawa-backend.tar.gz"
Pass "Archive uploaded"
Step "Extracting and restarting PM2 on server..."
$remoteCmd = "mkdir -p /opt/sawa-panel && tar -xzf /tmp/sawa-backend.tar.gz -C /opt/sawa-panel && rm /tmp/sawa-backend.tar.gz && cd /opt/sawa-panel && npm install --omit=dev --silent && pm2 restart panel-api 2>/dev/null || pm2 start index.js --name panel-api && pm2 save"
Run "ssh ${SERVER} `"$remoteCmd`""
Pass "Backend running via PM2"
Remove-Item $TMP_TAR -ErrorAction SilentlyContinue
}
function Deploy-Frontend {
Step "Building React frontend..."
Push-Location "$PROJECT_DIR\frontend"
Run "npm run build"
Pass "Frontend built"
Pop-Location
Step "Bundling frontend dist into single tar.gz..."
$TMP_FRONT = "$env:TEMP\sawa-frontend.tar.gz"
Push-Location "$PROJECT_DIR\frontend\dist"
tar -czf $TMP_FRONT .
Pop-Location
Pass "Frontend bundled"
Step "Uploading and extracting on server (1 file)..."
Run "scp `"$TMP_FRONT`" ${SERVER}:/tmp/sawa-frontend.tar.gz"
$remoteCmd = "mkdir -p /var/www/panel && tar -xzf /tmp/sawa-frontend.tar.gz -C /var/www/panel && rm /tmp/sawa-frontend.tar.gz"
Run "ssh ${SERVER} `"$remoteCmd`""
Pass "Frontend deployed to /var/www/panel/"
Remove-Item $TMP_FRONT -ErrorAction SilentlyContinue
}
function Deploy-Nginx {
Step "Deploying nginx config..."
Run "scp `"$PROJECT_DIR\nginx\sawa-panel.conf`" ${SERVER}:/etc/nginx/conf.d/sawa-panel.conf"
Pass "nginx config copied"
Step "Testing and reloading nginx..."
Run "ssh ${SERVER} `"nginx -t && rc-service nginx reload`""
Pass "nginx reloaded"
}
function Deploy-Recipes {
Step "Deploying recipes..."
Run "ssh ${SERVER} `"mkdir -p /opt/sawa-panel/recipes`""
Run "scp -r `"$PROJECT_DIR\backend\recipes\*`" ${SERVER}:/opt/sawa-panel/recipes/"
Pass "Recipes deployed"
}
# MAIN
Write-Host "============================================" -ForegroundColor Yellow
Write-Host " Sawa Control Panel -- Deploy Script" -ForegroundColor Yellow
Write-Host " Target: $SERVER" -ForegroundColor Yellow
Write-Host "============================================" -ForegroundColor Yellow
if (-not ($All -or $Certs -or $Backend -or $Frontend -or $Nginx -or $Recipes)) {
Write-Host ""
Write-Host "Usage:"
Write-Host " .\deploy.ps1 -All # Full deployment"
Write-Host " .\deploy.ps1 -Certs # Certs only"
Write-Host " .\deploy.ps1 -Backend # Backend only"
Write-Host " .\deploy.ps1 -Frontend # Frontend only"
Write-Host " .\deploy.ps1 -Nginx # nginx config only"
Write-Host " .\deploy.ps1 -Recipes # Recipes only"
Write-Host " .\deploy.ps1 -Backend -Frontend # Backend + Frontend"
Write-Host ""
exit 0
}
if ($All -or $Certs) { Deploy-Certs }
if ($All -or $Nginx) { Deploy-Nginx }
if ($All -or $Backend) { Deploy-Backend }
if ($All -or $Frontend) { Deploy-Frontend }
if ($All -or $Recipes) { Deploy-Recipes }
Write-Host ""
Write-Host "============================================" -ForegroundColor Green
Write-Host " DEPLOYMENT COMPLETE!" -ForegroundColor Green
Write-Host " Panel: https://$SERVER_IP" -ForegroundColor Green
Write-Host "============================================" -ForegroundColor Green

49
deploy.sh Normal file
View file

@ -0,0 +1,49 @@
#!/bin/sh
# deploy.sh — Build and deploy Sawa Control Panel to the server
# Exit on any error
set -e
# Load environment variables from .env
if [ -f .env ]; then
set -a
. ./.env
set +a
else
echo "FAIL: .env file not found in project root."
exit 1
fi
if [ -z "$SERVER_IP" ]; then
echo "FAIL: SERVER_IP not set in .env."
exit 1
fi
echo "Step 1: Building frontend app..."
if (cd frontend && npm run build); then
echo "PASS: Frontend built successfully."
else
echo "FAIL: Frontend build failed."
exit 1
fi
echo "Step 2: Deploying static files to $SERVER_IP..."
# Note: This assumes SSH key-based auth to root is configured
if scp -r frontend/dist/* root@$SERVER_IP:/var/www/panel/; then
echo "PASS: Frontend deployed successfully."
else
echo "FAIL: Frontend deployment failed."
exit 1
fi
echo "Step 3: Restarting backend API via PM2..."
if ssh root@$SERVER_IP "pm2 restart panel-api"; then
echo "PASS: Backend API restarted successfully."
else
echo "FAIL: Backend API restart failed."
exit 1
fi
echo "--------------------------------------------------"
echo "DEPLOYMENT COMPLETE ✅"
echo "--------------------------------------------------"

169
docs/CLAUDE.md Normal file
View file

@ -0,0 +1,169 @@
# CLAUDE.md — Sawa Control Panel
**Project:** sawa-control-panel
**Stack:** React + Node.js + Alpine Linux
**Purpose:** Web-based server control panel for Sawa home servers
---
## Project Overview
A lightweight, self-hosted web control panel for managing Alpine Linux server instances running the Sawa stack. Served by nginx on the local server. Accessible from LAN and remotely via client certificate authentication — no login page, no password prompt. Unauthorized devices cannot reach the interface at all.
---
## Tech Stack
- **Frontend:** React (Vite), Tailwind CSS
- **Backend:** Node.js with Express — thin API layer
- **Auth:** nginx mutual TLS (mTLS) — client certificates only
- **Transport:** HTTPS only, self-signed cert on local network
- **Deployment:** Built React app served as static files by nginx
- **Process manager:** PM2 with OpenRC on Alpine
---
## Architecture
The control panel has two parts:
- **Static frontend** — React app built and served from `/var/www/panel/`
- **API backend** — Node.js Express app running on `127.0.0.1:3001`, proxied by nginx
nginx handles:
- TLS termination with client certificate verification
- Serving the React static build
- Reverse proxying `/api/*` to the Node.js backend
The Node.js backend executes OpenRC commands via `child_process` to control services. It never exposes raw shell access — only a whitelist of allowed actions.
---
## Security Model
- Client certificates issued manually — one per device (laptop, phone, etc.)
- nginx `ssl_verify_client on` — connection dropped before HTTP if no valid cert
- API backend binds only to `127.0.0.1` — never exposed directly
- All service control actions are whitelisted — no arbitrary command execution
- nftables firewall — port 443 open, everything else locked
---
## Directory Structure
```
sawa-control-panel/
├── frontend/ # React Vite app
│ ├── src/
│ │ ├── components/
│ │ ├── pages/
│ │ └── App.jsx
│ └── package.json
├── backend/ # Node.js Express API
│ ├── routes/
│ ├── services/
│ └── index.js
├── nginx/ # nginx config snippets
├── certs/ # cert generation scripts
└── CLAUDE.md
```
---
## Environment Variables
```
PORT=3001
ALLOWED_SERVICES=nginx,postgresql,mariadb,redis,memcached,sshd,nftables
LOG_PATH=/var/log
```
---
## Key Commands
```bash
npm run dev # start frontend dev server
npm run build # build frontend for production
node backend/index.js # start API server
pm2 start backend/index.js --name panel-api # production start
```
---
## API Structure
All endpoints prefixed with `/api/v1/`
```
GET /api/v1/services # list all services with status
POST /api/v1/services/:name/start # start a service
POST /api/v1/services/:name/stop # stop a service
POST /api/v1/services/:name/restart # restart a service
GET /api/v1/system/cpu # CPU usage percent
GET /api/v1/system/memory # used/total/free RAM
GET /api/v1/system/disk # disk usage per partition
GET /api/v1/system/uptime # system uptime
GET /api/v1/system/load # 1/5/15 min load averages
GET /api/v1/logs/:service # last 100 lines of service log
GET /api/v1/vhosts # list virtual hosts
POST /api/v1/vhosts # create virtual host
DELETE /api/v1/vhosts/:name # remove virtual host
POST /api/v1/vhosts/:name/enable # enable site
POST /api/v1/vhosts/:name/disable # disable site
POST /api/v1/nginx/reload # reload nginx config
```
---
## Coding Conventions
- React functional components only — no class components
- Tailwind for all styling — no separate CSS files
- API routes prefixed with `/api/v1/`
- All service actions POST only — never GET for mutations
- Error responses always return JSON with `{ error: string }`
- Never execute arbitrary shell commands — use whitelist pattern only
---
## Alpine Linux / Server Notes
**Critical for AI agents working on this project:**
- This is Alpine Linux — use **OpenRC**, not systemd
- Service control: `rc-service <name> start|stop|restart|status`
- Service autostart: `rc-update add <name> default`
- Config persistence: always run `lbu ci` after editing config files or the changes will be lost on reboot
- The server runs in `sys` mode on a USB stick — write operations should be minimized
- All data lives under `/data/` (postgresql, mysql, redis subdirs)
- The backend must run as a non-root user with a strict sudoers whitelist for rc-service
- Deployments go to `/var/www/` on the server via SFTP (WinSCP or scp)
- Test all API endpoints with curl before wiring to frontend
- nginx virtual host configs live in `/etc/nginx/conf.d/` — one file per site
- After any nginx config change: `nginx -t` first, then `rc-service nginx reload`
---
## Managed Services
The following services are installed and managed on the server:
| Service | Port/Socket | Purpose |
|---------|-------------|---------|
| nginx | 80, 443 | Web server / reverse proxy |
| postgresql | 127.0.0.1:5432 | PostgreSQL 18 (data at /data/postgresql) |
| mariadb | 127.0.0.1:3306 | MariaDB (data at /data/mysql) |
| redis | 127.0.0.1:6379 | Redis with persistence (data at /data/redis) |
| memcached | 127.0.0.1:11211 | Memcached cache |
| sshd | 22 | SSH (key auth only) |
| nftables | — | Firewall |
---
## Future Scope
- Multi-node support — manage multiple Sawa servers from one panel
- Traffic analytics — nginx access log parsing (AWStats-style)
- Distributed LLM inference management via exo/llama.cpp
- Node cluster view — aggregate resource monitoring across all nodes

137
docs/ISSUES.md Normal file
View file

@ -0,0 +1,137 @@
# Sawa Control Panel — Issues & Decisions
*Track open questions, known problems, and architectural decisions here.*
---
## Open Issues
### ISSUE-001 — sudo whitelist scope
**Status:** Partially resolved ✅
**Note:** Sudoers whitelist deployed. Panel still runs as root via PM2 — migration to `panel` user pending.
---
### ISSUE-002 — Client cert distribution to mobile
**Status:** Open
**Priority:** High
Installing a client certificate on Android/iOS requires PKCS12 (.p12) format. Script generates .p12 correctly. Transfer mechanism not yet implemented.
**Options:**
- One-time HTTPS download endpoint on server (auto-deletes after download)
- AirDrop (iOS only)
- Manual USB transfer
---
### ISSUE-003 — Service status parsing reliability
**Status:** Open
**Priority:** Medium
`rc-service <name> status` returns inconsistent output across services. Should normalize to `started | stopped | crashed | unknown`.
**Suggested fix:** Use `rc-status` instead — returns structured view of all services in one call.
---
### ISSUE-004 — Build and deploy workflow
**Status:** Resolved ✅
`deploy.ps1` implemented. Tar+gzip bundles, single file upload per component, server-side extract. Flags: `-All -Backend -Frontend -Nginx -Certs`.
---
### ISSUE-005 — wlan0 fails on boot
**Status:** Open — low priority
wpa_supplicant starts before WiFi hardware is ready. `sleep 5` pre-up workaround in `/etc/network/interfaces` — not yet confirmed stable across reboots.
---
### ISSUE-006 — Diskless/RAM mode not configured
**Status:** Open — planned
Currently in `sys` mode. USB wear reduction requires diskless conversion. Test on spare USB clone first — never on master.
---
### ISSUE-007 — Disk usage shows corrupt data intermittently
**Status:** Open
**Priority:** High — fix in Phase 4
Disk panel shows `/` at 445% full with 224GB size, then snaps back to correct values on next poll. Virtual/pseudo filesystems leaking through filter in `systemInfo.js`.
**Fix:** Filter by filesystem type — only include `ext4`, `ext3`, `xfs`, `btrfs`, `vfat`. Exclude `tmpfs`, `devtmpfs`, `sysfs`, `proc`, `cgroup`, `overlay`, and any mount where size is 0.
---
### ISSUE-008 — MariaDB restart shows false error in UI
**Status:** Open — cosmetic
**Priority:** Low
Panel shows error dialog on MariaDB restart:
```
/usr/bin/mysqld_safe: Deprecated program name.
Use 'mariadbd-safe' instead.
* ERROR: mariadb failed to start
```
Service actually starts correctly. Exit code is non-zero due to deprecation warning being misread as failure.
**Fix:** In `rcService.js`, treat this specific stderr pattern as warning not error for mariadb.
---
### ISSUE-009 — TLS 1.3 incompatible with nginx mTLS client cert request
**Status:** Resolved ✅
With TLS 1.3, nginx never sends `CertificateRequest` — browsers never prompt for or send client cert. Fixed by setting `ssl_protocols TLSv1.2;` in `sawa-panel.conf`. Revisit when nginx adds proper TLS 1.3 post-handshake auth support.
---
### ISSUE-010 — Rogue default.conf intercepted mTLS requests
**Status:** Resolved ✅
`/etc/nginx/conf.d/default.conf` had a `listen 443 ssl` catch-all block with no mTLS, intercepting all requests before `sawa-panel.conf`. Deleted. `http.d/default.conf` (port 80 → 404) retained.
**Prevention needed:** Deploy script should warn about conflicting 443 server blocks.
---
## Resolved Decisions
### DECISION-001 — Authentication: nginx mTLS ✅
Client certificates only. No login page. Unauthorized devices get TLS handshake failure.
### DECISION-002 — Frontend: React + Vite + Tailwind CSS ✅
### DECISION-003 — Backend: Node.js + Express ✅
### DECISION-004 — Database stack convention ✅
| Use case | Database |
|----------|----------|
| WordPress, Laravel | MariaDB |
| Node.js apps | PostgreSQL |
| Sessions, queues | Redis (RDB+AOF) |
| Pure caching | Memcached |
### DECISION-005 — Panel on LAN only, port 443 ✅
### DECISION-006 — Phase 4 UI redesign ✅
- **Header:** persistent CPU% + RAM% + Uptime + Live dot
- **Sidebar:** collapsible sections — System / Services (tree) / Websites
- **Services:** toggle switches, each service gets own detail page
- **Websites:** add/remove form + enable/disable toggles
- **Per-service pages:** relevant stats + controls (pgAdmin iframe for PostgreSQL, phpMyAdmin for MariaDB — Phase 5)
---
## Technical Debt
- [ ] Panel runs as `root` via PM2 — migrate to `panel` user
- [ ] `noatime` not set on fstab — USB write wear pending
- [ ] Diskless mode not configured — ISSUE-006
- [ ] MariaDB deprecated binary warning — ISSUE-008
- [ ] `resolv.conf` not protected from `networking restart` overwrite
- [ ] `firstboot.sh` clone logic not tested on real hardware clone
- [ ] No log rotation — logs will grow unbounded
- [ ] SSH on port 22 — move to non-standard port to reduce scan noise
- [ ] Deploy script does not warn about conflicting nginx 443 server blocks
- [ ] `create-client.sh` uses temp file workaround for EKU extension — works but fragile

151
docs/ISSUES.md.old Normal file
View file

@ -0,0 +1,151 @@
# Sawa Control Panel — Issues & Decisions
*Track open questions, known problems, and architectural decisions here.*
---
## Open Issues
### ISSUE-001 — sudo whitelist scope
**Status:** Open
**Priority:** Must resolve before Phase 1 complete
The backend needs to run `rc-service` commands without being root. A sudoers whitelist is required. The exact scope needs to be defined.
**Options:**
- Whitelist per service per action — most secure, most verbose sudoers file
- Whitelist `rc-service` for a named panel user with NOPASSWD — simpler, still scoped to that user
**Suggested resolution:** Create a dedicated `panel` system user. Grant NOPASSWD sudo access to `rc-service` only, for the specific whitelisted service names. Example:
```
panel ALL=(ALL) NOPASSWD: /sbin/rc-service nginx *, /sbin/rc-service mariadb *, ...
```
---
### ISSUE-002 — Client cert distribution to mobile
**Status:** Open
**Priority:** Must resolve before Phase 1 complete
Installing a client certificate on Android/iOS for nginx mTLS requires PKCS12 (.p12) format. The cert generation script must output `.p12` alongside `.pem`.
Safe transfer options to phone:
- Generate a one-time HTTPS download URL on the server (temporary endpoint, auto-deletes after download)
- AirDrop (iOS only)
- Manual transfer via USB cable
**Decision needed:** Which transfer method to implement in the cert script.
---
### ISSUE-003 — Service status parsing reliability
**Status:** Open
**Priority:** Should resolve before Phase 1 complete
`rc-service <n> status` returns inconsistent output formats across different services. Need to normalize into a consistent `started | stopped | crashed | unknown` enum.
**Suggested resolution:** Parse `rc-status` output instead of per-service status calls — it returns a structured view of all services in the current runlevel. More reliable and one call instead of N calls.
---
### ISSUE-004 — Build and deploy workflow
**Status:** Open
**Priority:** Needed for Phase 1
React app needs to be built locally then deployed to `/var/www/panel/` on the server. Need a repeatable deploy process.
**Options:**
- `npm run deploy` script — builds then SCPs to server using stored SSH key
- rsync watch mode for development iteration
- GitHub Actions CI/CD (Phase 3+)
**Suggested resolution for now:** Simple deploy script using scp. Keep it manual until the project stabilizes.
---
### ISSUE-005 — wlan0 fails on boot (server-side)
**Status:** Open — pre-existing server issue, not a panel issue
**Priority:** Low (eth0 works fine when server is docked at router)
wlan0 interface fails to come up during boot with `ifup: failed to change interface wlan0 state to up`. wpa_supplicant appears to start before the Intel WiFi 5100 hardware is fully initialized.
**Attempted fix:** Add `sleep 3` to pre-up in `/etc/network/interfaces` — not yet tested after reboot.
**Workaround:** Manual bring-up after boot:
```sh
wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf
ip route add default via 10.0.0.1 dev wlan0 metric 200
```
---
### ISSUE-006 — Diskless/RAM mode not yet configured
**Status:** Open — planned experiment
**Priority:** Medium (USB write wear reduction)
Currently running in `sys` mode — OS reads/writes directly to USB. Should convert to diskless mode to reduce USB wear. However the partition layout (separate ext4 boot partition sdb1, not vfat) is non-standard and the conversion is risky.
**Plan:** Test diskless conversion on a cloned spare USB first. Never attempt on the master image.
---
## Resolved Decisions
### DECISION-001 — Authentication mechanism
**Status:** Decided ✅
Use nginx mutual TLS (mTLS) with client certificates. No login page. Unauthorized devices get a TLS handshake failure — no HTTP response at all.
**Rationale:** Minimizes attack surface. No password to brute-force. No session management. Works seamlessly on authorized devices after one-time cert install. Accessible from outside LAN without VPN.
---
### DECISION-002 — Frontend framework
**Status:** Decided ✅
React with Vite and Tailwind CSS.
**Rationale:** Fast dev experience, small production build. Tailwind avoids CSS file management overhead. No SSR needed — the panel is not public-facing or SEO-sensitive.
---
### DECISION-003 — Backend language
**Status:** Decided ✅
Node.js with Express.
**Rationale:** Node.js is already installed on the server as part of the Sawa stack. No additional runtime needed. Express is minimal and well understood.
---
### DECISION-004 — Database stack convention
**Status:** Decided ✅
| Use case | Database |
|----------|----------|
| WordPress, Laravel | MariaDB |
| Node.js apps | PostgreSQL |
| Sessions, queues, app state | Redis (persistent, RDB+AOF) |
| Pure caching | Memcached |
---
### DECISION-005 — Panel not served on public internet directly
**Status:** Decided ✅
The control panel is accessible on LAN via its local IP and optionally via dynamic DNS from outside. It is not served on a named public domain. It runs on port 443 alongside other nginx virtual hosts, differentiated by the client certificate requirement.
---
## Technical Debt
These are known issues on the server that should be addressed before or alongside panel development:
- [ ] `noatime` not yet set on fstab — USB write reduction pending
- [ ] Diskless/RAM mode not yet configured — see ISSUE-006
- [ ] MariaDB still using deprecated binary names (`mysql` vs `mariadb`) — harmless but noisy in logs
- [ ] `resolv.conf` not protected from being overwritten by `networking restart`
- [ ] `firstboot.sh` lbu overlay rename logic not yet tested on a real clone
- [ ] Redis password currently passed on command line in some test calls — should use AUTH in config only
- [ ] SSH on port 22 — consider moving to non-standard port to reduce scan noise
- [ ] No log rotation configured — logs will grow unbounded on long-running servers

160
docs/ROADMAP.md Normal file
View file

@ -0,0 +1,160 @@
# Sawa Control Panel — Roadmap
*Living document. Phases are sequential. Within each phase, items are ordered by priority.*
---
## Phase 1 — Foundation (MVP)
**Goal:** A working panel accessible from the local network with basic service control.
### 1.1 Project Setup
- [x] Vite + React + Tailwind frontend scaffold
- [x] Express backend scaffold with health check endpoint
- [x] nginx reverse proxy config for `/api/*` to backend
- [x] PM2 config for backend process management
- [x] Basic deploy script — build + scp to server
### 1.2 Service Control API
- [x] `GET /api/v1/services` — list all managed services with status
- [x] `POST /api/v1/services/:name/start`
- [x] `POST /api/v1/services/:name/stop`
- [x] `POST /api/v1/services/:name/restart`
- [x] Service whitelist enforcement in backend
- [x] sudoers config for non-root rc-service execution
### 1.3 Dashboard UI
- [x] Service cards — name, status indicator, start/stop/restart buttons
- [x] Status polling every 10 seconds — auto-refresh without page reload
- [x] Green/red/yellow visual indicator per service state
- [x] Confirmation dialog before stopping critical services (nginx, sshd, nftables)
### 1.4 Security — Client Certificates (mTLS)
- [x] CA key and cert generation script (`certs/create-ca.sh`)
- [x] Per-device client cert generation script (`certs/create-client.sh <device-name>`)
- [x] nginx mTLS config — `ssl_verify_client on`
- [x] PKCS12 (.p12) export for mobile device installation
- [x] Instructions: install cert on Windows laptop + Android/iOS phone
- [x] Verify: unauthorized device gets TLS handshake failure, no HTTP response
---
## Phase 2 — System Monitoring
**Goal:** Real-time visibility into server health.
### 2.1 Resource Metrics API
- [x] `GET /api/v1/system/cpu` — current CPU usage percent
- [x] `GET /api/v1/system/memory` — used/total/free RAM
- [x] `GET /api/v1/system/disk` — usage per mounted partition
- [x] `GET /api/v1/system/uptime` — system uptime in seconds
- [x] `GET /api/v1/system/load` — 1/5/15 min load averages
### 2.2 Monitoring UI
- [x] CPU usage gauge — animated, updates every 5 seconds
- [x] RAM bar — used vs available with percentage
- [x] Disk usage bars — one per partition
- [x] Uptime counter — live display
- [x] Load average — color coded (green < 1.0, yellow < 2.0, red >= 2.0)
### 2.3 Service Logs
- [x] `GET /api/v1/logs/:service` — last 100 lines of service log
- [x] Log viewer panel per service — expandable in UI
- [x] Auto-scroll to latest entries
- [x] Tail mode — live log streaming via SSE or WebSocket
---
## Phase 3 — Virtual Host Management
**Goal:** Add/remove/configure nginx virtual hosts from the UI without touching the CLI.
### 3.1 Virtual Host API
- [x] `GET /api/v1/vhosts` — list all configured virtual hosts
- [x] `POST /api/v1/vhosts` — create new virtual host config file
- [x] `DELETE /api/v1/vhosts/:name` — remove virtual host
- [x] `POST /api/v1/vhosts/:name/enable`
- [x] `POST /api/v1/vhosts/:name/disable`
- [x] `POST /api/v1/nginx/reload` — nginx -t then reload if ok
### 3.2 Virtual Host UI
- [x] List of all domains/sites with status
- [x] Add new site form — domain, port, document root, backend type (static/PHP/Node/proxy)
- [x] Enable/disable toggle per site
- [x] nginx config test result shown before applying changes
### 3.3 SSL/TLS Management
- [x] Self-signed cert generation per domain (local/LAN use)
- [x] Certbot integration — request Let's Encrypt cert per domain
- [x] Cert expiry display per domain with renewal status
---
## Phase 4 — UI Redesign ✅
**Goal:** Overhaul the panel with a professional dashboard-style interface.
- [x] Persistent header with real-time metrics
- [x] Left sidebar navigation with collapsible services tree
- [x] Direct service detail pages with log viewer and controls
- [x] Refactored health dashboard
- [x] Integrated virtual host creation form
---
## Phase 5 — App Market (Current)
**Goal:** One-click installation, configuration, and management of server applications. Shield the user from the CLI entirely.
### 5.1 Recipe System
- [ ] Define recipe.json schema (id, name, version, category, steps, database, service, vhost, ssl)
- [ ] backend/recipes/ folder — one subfolder per app
- [ ] Each recipe folder contains recipe.json + install.sh
- [ ] Recipe loader service reads all recipes at startup
### 5.2 Installation Engine (backend)
- [ ] backend/routes/apps.js
- GET /api/v1/apps — list all recipes with status
- POST /api/v1/apps/:id/install — execute recipe
- GET /api/v1/apps/:id/status — installed/not installed
- POST /api/v1/apps/:id/uninstall
- [ ] backend/services/appInstaller.js — recipe executor:
- fetch → configure → database → service → vhost → ssl
- [ ] Database provisioning helper (postgres + mariadb)
- [ ] PM2 registration helper
- [ ] VHost writer (reuse vhostService.js)
- [ ] Certbot integration — optional SSL per domain
- [ ] Install log streaming via SSE
### 5.3 Initial Recipe Library
- [ ] forgejo — Go binary, postgres, PM2, nginx
- [ ] phpmyadmin — PHP-FPM, nginx, mariadb
- [ ] pgadmin — Python, PM2, nginx, postgres
- [ ] static-site — folder
---
## Phase 6 — Traffic Analytics (Future)
**Goal:** nginx access log analysis built into the panel — no external tools needed.
- [ ] Parse nginx access logs per virtual host
- [ ] Daily/weekly/monthly request counts per domain
- [ ] Top pages, top IPs, top user agents
- [ ] Error rate tracking — 4xx and 5xx breakdown
- [ ] Bandwidth usage per domain
- [ ] Geo-IP visitor origins using local MaxMind DB
- [ ] Internal charts for visualization
---
## Phase 7 — Multi-Node / Cluster Support (Future)
**Goal:** Manage multiple Sawa server nodes from one panel instance.
- [ ] Node registry via SSH key auth
- [ ] SSH-based remote command execution
- [ ] Unified dashboard for all nodes
- [ ] Aggregate resource monitoring
- [ ] Distributed LLM inference management (exo cluster)
- [ ] Node health alerts and notifications

24
frontend/.gitignore vendored Normal file
View file

@ -0,0 +1,24 @@
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
pnpm-debug.log*
lerna-debug.log*
node_modules
dist
dist-ssr
*.local
# Editor directories and files
.vscode/*
!.vscode/extensions.json
.idea
.DS_Store
*.suo
*.ntvs*
*.njsproj
*.sln
*.sw?

8
frontend/README.md Normal file
View file

@ -0,0 +1,8 @@
# React + Vite
This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules.
Currently, two official plugins are available:
- [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/README.md) uses [Babel](https://babeljs.io/) for Fast Refresh
- [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react-swc) uses [SWC](https://swc.rs/) for Fast Refresh

38
frontend/eslint.config.js Normal file
View file

@ -0,0 +1,38 @@
import js from '@eslint/js'
import globals from 'globals'
import react from 'eslint-plugin-react'
import reactHooks from 'eslint-plugin-react-hooks'
import reactRefresh from 'eslint-plugin-react-refresh'
export default [
{ ignores: ['dist'] },
{
files: ['**/*.{js,jsx}'],
languageOptions: {
ecmaVersion: 2020,
globals: globals.browser,
parserOptions: {
ecmaVersion: 'latest',
ecmaFeatures: { jsx: true },
sourceType: 'module',
},
},
settings: { react: { version: '18.3' } },
plugins: {
react,
'react-hooks': reactHooks,
'react-refresh': reactRefresh,
},
rules: {
...js.configs.recommended.rules,
...react.configs.recommended.rules,
...react.configs['jsx-runtime'].rules,
...reactHooks.configs.recommended.rules,
'react/jsx-no-target-blank': 'off',
'react-refresh/only-export-components': [
'warn',
{ allowConstantExport: true },
],
},
},
]

16
frontend/index.html Normal file
View file

@ -0,0 +1,16 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<link rel="icon" type="image/svg+xml" href="/vite.svg" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Sawa Control Panel</title>
</head>
<body>
<div id="root"></div>
<script type="module" src="/src/main.jsx"></script>
</body>
</html>

5582
frontend/package-lock.json generated Normal file
View file

File diff suppressed because it is too large Load diff

31
frontend/package.json Normal file
View file

@ -0,0 +1,31 @@
{
"name": "frontend",
"private": true,
"version": "1.0.0",
"type": "module",
"scripts": {
"dev": "vite",
"build": "vite build",
"lint": "eslint .",
"preview": "vite preview"
},
"dependencies": {
"react": "^18.3.1",
"react-dom": "^18.3.1"
},
"devDependencies": {
"@eslint/js": "^9.13.0",
"@types/react": "^18.3.12",
"@types/react-dom": "^18.3.1",
"@vitejs/plugin-react": "^4.3.3",
"autoprefixer": "^10.4.27",
"eslint": "^9.13.0",
"eslint-plugin-react": "^7.37.2",
"eslint-plugin-react-hooks": "^5.0.0",
"eslint-plugin-react-refresh": "^0.4.14",
"globals": "^15.11.0",
"postcss": "^8.5.8",
"tailwindcss": "^3.4.19",
"vite": "^5.4.10"
}
}

6
frontend/postcss.config.js Normal file
View file

@ -0,0 +1,6 @@
export default {
plugins: {
tailwindcss: {},
autoprefixer: {},
},
}

1
frontend/public/vite.svg Normal file
View file

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="31.88" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 257"><defs><linearGradient id="IconifyId1813088fe1fbc01fb466" x1="-.828%" x2="57.636%" y1="7.652%" y2="78.411%"><stop offset="0%" stop-color="#41D1FF"></stop><stop offset="100%" stop-color="#BD34FE"></stop></linearGradient><linearGradient id="IconifyId1813088fe1fbc01fb467" x1="43.376%" x2="50.316%" y1="2.242%" y2="89.03%"><stop offset="0%" stop-color="#FFEA83"></stop><stop offset="8.333%" stop-color="#FFDD35"></stop><stop offset="100%" stop-color="#FFA800"></stop></linearGradient></defs><path fill="url(#IconifyId1813088fe1fbc01fb466)" d="M255.153 37.938L134.897 252.976c-2.483 4.44-8.862 4.466-11.382.048L.875 37.958c-2.746-4.814 1.371-10.646 6.827-9.67l120.385 21.517a6.537 6.537 0 0 0 2.322-.004l117.867-21.483c5.438-.991 9.574 4.796 6.877 9.62Z"></path><path fill="url(#IconifyId1813088fe1fbc01fb467)" d="M185.432.063L96.44 17.501a3.268 3.268 0 0 0-2.634 3.014l-5.474 92.456a3.268 3.268 0 0 0 3.997 3.378l24.777-5.718c2.318-.535 4.413 1.507 3.936 3.838l-7.361 36.047c-.495 2.426 1.782 4.5 4.151 3.78l15.304-4.649c2.372-.72 4.652 1.36 4.15 3.788l-11.698 56.621c-.732 3.542 3.979 5.473 5.943 2.437l1.313-2.028l72.516-144.72c1.215-2.423-.88-5.186-3.54-4.672l-25.505 4.922c-2.396.462-4.435-1.77-3.759-4.114l16.646-57.705c.677-2.35-1.37-4.583-3.769-4.113Z"></path></svg>
Side by side

After

Width:  |  Height:  |  Size: 1.5 KiB

150
frontend/src/App.jsx Normal file
View file

@ -0,0 +1,150 @@
import React, { useState, useEffect, useCallback } from 'react';
import Layout from './components/Layout';
import Header from './components/Header';
import Sidebar from './components/Sidebar';
import SystemMonitor from './pages/SystemMonitor';
import VHostManager from './pages/VHostManager';
import ServiceDetail from './pages/ServiceDetail';
import AppMarket from './pages/AppMarket';
import AppDetail from './pages/AppDetail';
function App() {
const [activePage, setActivePage] = useState('system');
const [selectedService, setSelectedService] = useState(null);
const [selectedApp, setSelectedApp] = useState(null);
const [services, setServices] = useState([]);
const [systemMetrics, setSystemMetrics] = useState({
cpu: 0,
memory: { used: 0, total: 0, percent: 0 },
uptime: 'Loading...'
});
const [isLive, setIsLive] = useState(false);
// --- DATA FETCHING ---
const fetchSystemMetrics = useCallback(async () => {
try {
const [cpuRes, memRes, uptimeRes] = await Promise.all([
fetch('/api/v1/system/cpu'),
fetch('/api/v1/system/memory'),
fetch('/api/v1/system/uptime')
]);
const cpuData = await cpuRes.json();
const memData = await memRes.json();
const uptimeData = await uptimeRes.json();
setSystemMetrics({
cpu: cpuData.usage || 0,
memory: {
used: memData.used,
total: memData.total,
percent: Math.round((memData.used / memData.total) * 100)
},
uptime: uptimeData.human || 'Unknown'
});
setIsLive(true);
} catch (err) {
console.error('Failed to fetch system metrics:', err);
setIsLive(false);
}
}, []);
const fetchServices = useCallback(async () => {
try {
const response = await fetch('/api/v1/services');
const data = await response.json();
if (data.success) {
const servicesArray = Object.entries(data.services).map(([name, status]) => ({
name,
status
}));
setServices(servicesArray);
}
} catch (err) {
console.error('Failed to fetch services:', err);
}
}, []);
useEffect(() => {
fetchSystemMetrics();
fetchServices();
const systemInterval = setInterval(fetchSystemMetrics, 5000);
const servicesInterval = setInterval(fetchServices, 10000);
return () => {
clearInterval(systemInterval);
clearInterval(servicesInterval);
};
}, [fetchSystemMetrics, fetchServices]);
// --- NAVIGATION HANDLERS ---
const handleNavigate = (page) => {
setActivePage(page);
setSelectedService(null);
setSelectedApp(null);
};
const handleSelectService = (name) => {
setSelectedService(name);
setActivePage('service-detail');
};
// --- RENDER LOGIC ---
const renderActivePage = () => {
switch (activePage) {
case 'system':
return <SystemMonitor />;
case 'websites':
return <VHostManager />;
case 'appmarket':
return <AppMarket onSelectApp={(app) => {
setSelectedApp(app);
setActivePage('appdetail');
}} />;
case 'appdetail':
return <AppDetail
app={selectedApp}
onBack={() => setActivePage('appmarket')}
/>;
case 'service-detail':
const currentService = services.find(s => s.name === selectedService);
return (
<ServiceDetail
service={currentService || { name: selectedService, status: 'unknown' }}
onBack={() => handleNavigate('system')}
/>
);
default:
return <SystemMonitor />;
}
};
return (
<Layout
header={
<Header
cpu={systemMetrics.cpu}
memory={systemMetrics.memory}
uptime={systemMetrics.uptime}
isLive={isLive}
/>
}
sidebar={
<Sidebar
activePage={activePage === 'service-detail' ? `service-${selectedService}` : activePage}
services={services}
onNavigate={handleNavigate}
onSelectService={handleSelectService}
/>
}
>
{renderActivePage()}
</Layout>
);
}
export default App;

1
frontend/src/assets/react.svg Normal file
View file

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="35.93" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 228"><path fill="#00D8FF" d="M210.483 73.824a171.49 171.49 0 0 0-8.24-2.597c.465-1.9.893-3.777 1.273-5.621c6.238-30.281 2.16-54.676-11.769-62.708c-13.355-7.7-35.196.329-57.254 19.526a171.23 171.23 0 0 0-6.375 5.848a155.866 155.866 0 0 0-4.241-3.917C100.759 3.829 77.587-4.822 63.673 3.233C50.33 10.957 46.379 33.89 51.995 62.588a170.974 170.974 0 0 0 1.892 8.48c-3.28.932-6.445 1.924-9.474 2.98C17.309 83.498 0 98.307 0 113.668c0 15.865 18.582 31.778 46.812 41.427a145.52 145.52 0 0 0 6.921 2.165a167.467 167.467 0 0 0-2.01 9.138c-5.354 28.2-1.173 50.591 12.134 58.266c13.744 7.926 36.812-.22 59.273-19.855a145.567 145.567 0 0 0 5.342-4.923a168.064 168.064 0 0 0 6.92 6.314c21.758 18.722 43.246 26.282 56.54 18.586c13.731-7.949 18.194-32.003 12.4-61.268a145.016 145.016 0 0 0-1.535-6.842c1.62-.48 3.21-.974 4.76-1.488c29.348-9.723 48.443-25.443 48.443-41.52c0-15.417-17.868-30.326-45.517-39.844Zm-6.365 70.984c-1.4.463-2.836.91-4.3 1.345c-3.24-10.257-7.612-21.163-12.963-32.432c5.106-11 9.31-21.767 12.459-31.957c2.619.758 5.16 1.557 7.61 2.4c23.69 8.156 38.14 20.213 38.14 29.504c0 9.896-15.606 22.743-40.946 31.14Zm-10.514 20.834c2.562 12.94 2.927 24.64 1.23 33.787c-1.524 8.219-4.59 13.698-8.382 15.893c-8.067 4.67-25.32-1.4-43.927-17.412a156.726 156.726 0 0 1-6.437-5.87c7.214-7.889 14.423-17.06 21.459-27.246c12.376-1.098 24.068-2.894 34.671-5.345a134.17 134.17 0 0 1 1.386 6.193ZM87.276 214.515c-7.882 2.783-14.16 2.863-17.955.675c-8.075-4.657-11.432-22.636-6.853-46.752a156.923 156.923 0 0 1 1.869-8.499c10.486 2.32 22.093 3.988 34.498 4.994c7.084 9.967 14.501 19.128 21.976 27.15a134.668 134.668 0 0 1-4.877 4.492c-9.933 8.682-19.886 14.842-28.658 17.94ZM50.35 144.747c-12.483-4.267-22.792-9.812-29.858-15.863c-6.35-5.437-9.555-10.836-9.555-15.216c0-9.322 13.897-21.212 37.076-29.293c2.813-.98 5.757-1.905 8.812-2.773c3.204 10.42 7.406 21.315 12.477 32.332c-5.137 11.18-9.399 22.249-12.634 32.792a134.718 134.718 0 0 1-6.318-1.979Zm12.378-84.26c-4.811-24.587-1.616-43.134 6.425-47.789c8.564-4.958 27.502 2.111 47.463 19.835a144.318 144.318 0 0 1 3.841 3.545c-7.438 7.987-14.787 17.08-21.808 26.988c-12.04 1.116-23.565 2.908-34.161 5.309a160.342 160.342 0 0 1-1.76-7.887Zm110.427 27.268a347.8 347.8 0 0 0-7.785-12.803c8.168 1.033 15.994 2.404 23.343 4.08c-2.206 7.072-4.956 14.465-8.193 22.045a381.151 381.151 0 0 0-7.365-13.322Zm-45.032-43.861c5.044 5.465 10.096 11.566 15.065 18.186a322.04 322.04 0 0 0-30.257-.006c4.974-6.559 10.069-12.652 15.192-18.18ZM82.802 87.83a323.167 323.167 0 0 0-7.227 13.238c-3.184-7.553-5.909-14.98-8.134-22.152c7.304-1.634 15.093-2.97 23.209-3.984a321.524 321.524 0 0 0-7.848 12.897Zm8.081 65.352c-8.385-.936-16.291-2.203-23.593-3.793c2.26-7.3 5.045-14.885 8.298-22.6a321.187 321.187 0 0 0 7.257 13.246c2.594 4.48 5.28 8.868 8.038 13.147Zm37.542 31.03c-5.184-5.592-10.354-11.779-15.403-18.433c4.902.192 9.899.29 14.978.29c5.218 0 10.376-.117 15.453-.343c-4.985 6.774-10.018 12.97-15.028 18.486Zm52.198-57.817c3.422 7.8 6.306 15.345 8.596 22.52c-7.422 1.694-15.436 3.058-23.88 4.071a382.417 382.417 0 0 0 7.859-13.026a347.403 347.403 0 0 0 7.425-13.565Zm-16.898 8.101a358.557 358.557 0 0 1-12.281 19.815a329.4 329.4 0 0 1-23.444.823c-7.967 0-15.716-.248-23.178-.732a310.202 310.202 0 0 1-12.513-19.846h.001a307.41 307.41 0 0 1-10.923-20.627a310.278 310.278 0 0 1 10.89-20.637l-.001.001a307.318 307.318 0 0 1 12.413-19.761c7.613-.576 15.42-.876 23.31-.876H128c7.926 0 15.743.303 23.354.883a329.357 329.357 0 0 1 12.335 19.695a358.489 358.489 0 0 1 11.036 20.54a329.472 329.472 0 0 1-11 20.722Zm22.56-122.124c8.572 4.944 11.906 24.881 6.52 51.026c-.344 1.668-.73 3.367-1.15 5.09c-10.622-2.452-22.155-4.275-34.23-5.408c-7.034-10.017-14.323-19.124-21.64-27.008a160.789 160.789 0 0 1 5.888-5.4c18.9-16.447 36.564-22.941 44.612-18.3ZM128 90.808c12.625 0 22.86 10.235 22.86 22.86s-10.235 22.86-22.86 22.86s-22.86-10.235-22.86-22.86s10.235-22.86 22.86-22.86Z"></path></svg>
Side by side

After

Width:  |  Height:  |  Size: 4 KiB

51
frontend/src/components/Header.jsx Normal file
View file

@ -0,0 +1,51 @@
const Header = ({ cpu, memory, uptime, isLive }) => {
return (
<header className="h-full px-6 flex items-center justify-between">
<div className="flex items-center space-x-3">
<div className="w-8 h-8 bg-blue-600 rounded-lg flex items-center justify-center font-bold text-lg shadow-lg shadow-blue-500/20">S</div>
<h1 className="text-xl font-bold tracking-tight text-white">Sawa Panel</h1>
</div>
<div className="flex items-center space-x-8">
{/* CPU Stats */}
<div className="flex flex-col">
<span className="text-[10px] text-gray-500 uppercase font-bold tracking-wider">CPU Usage</span>
<div className="flex items-baseline space-x-1">
<span className="text-lg font-mono font-bold text-blue-400">{cpu}%</span>
</div>
</div>
{/* RAM Stats */}
<div className="flex flex-col w-32">
<div className="flex justify-between items-baseline mb-1">
<span className="text-[10px] text-gray-500 uppercase font-bold tracking-wider">Memory</span>
<span className="text-[10px] font-mono text-gray-400">{memory.percent}%</span>
</div>
<div className="h-1.5 w-full bg-gray-800 rounded-full overflow-hidden">
<div
className="h-full bg-blue-500 transition-all duration-500"
style={{ width: `${memory.percent}%` }}
></div>
</div>
</div>
{/* Uptime */}
<div className="hidden md:flex flex-col">
<span className="text-[10px] text-gray-500 uppercase font-bold tracking-wider">Uptime</span>
<span className="text-sm font-medium text-gray-300">{uptime}</span>
</div>
{/* Live Indicator */}
<div className="flex items-center space-x-2 pl-4 border-l border-gray-800">
<span className="relative flex h-2 w-2">
{isLive && <span className="animate-ping absolute inline-flex h-full w-full rounded-full bg-green-400 opacity-75"></span>}
<span className={`relative inline-flex rounded-full h-2 w-2 ${isLive ? 'bg-green-500' : 'bg-red-500'}`}></span>
</span>
<span className="text-[10px] text-gray-500 uppercase font-bold tracking-widest leading-none">Live</span>
</div>
</div>
</header>
);
};
export default Header;

26
frontend/src/components/Layout.jsx Normal file
View file

@ -0,0 +1,26 @@
const Layout = ({ children, header, sidebar }) => {
return (
<div className="min-h-screen bg-gray-950 text-gray-100 font-sans flex flex-col">
{/* Fixed Header */}
<div className="fixed top-0 left-0 right-0 z-50 h-16 bg-gray-900/80 backdrop-blur-md border-b border-gray-800">
{header}
</div>
<div className="flex flex-1 pt-16 h-screen overflow-hidden">
{/* Fixed Sidebar */}
<div className="w-64 flex-shrink-0 border-r border-gray-800 bg-gray-900/50">
{sidebar}
</div>
{/* Scrollable Main Content */}
<main className="flex-1 overflow-y-auto bg-gray-950 p-8 custom-scrollbar">
<div className="max-w-6xl mx-auto">
{children}
</div>
</main>
</div>
</div>
);
};
export default Layout;

48
frontend/src/components/ServiceCard.jsx Normal file
View file

@ -0,0 +1,48 @@
import React from 'react';
const ServiceCard = ({ name, status, onAction }) => {
const getStatusColor = (s) => {
switch (s) {
case 'started': return 'bg-green-500';
case 'stopped': return 'bg-red-500';
default: return 'bg-yellow-500';
}
};
return (
<div className="bg-gray-800 border border-gray-700 rounded-lg p-5 shadow-lg transition-all hover:border-gray-600">
<div className="flex items-center justify-between mb-4">
<h3 className="text-xl font-semibold text-white capitalize">{name}</h3>
<div className="flex items-center space-x-2">
<span className={`h-3 w-3 rounded-full ${getStatusColor(status)} shadow-[0_0_8px_rgba(34,197,94,0.5)]`}></span>
<span className="text-gray-400 text-sm uppercase tracking-wider">{status || 'unknown'}</span>
</div>
</div>
<div className="grid grid-cols-3 gap-2">
<button
onClick={() => onAction(name, 'start')}
disabled={status === 'started'}
className="bg-green-600 hover:bg-green-500 disabled:opacity-30 disabled:cursor-not-allowed text-white text-sm font-medium py-2 px-4 rounded transition-colors"
>
Start
</button>
<button
onClick={() => onAction(name, 'stop')}
disabled={status === 'stopped'}
className="bg-red-600 hover:bg-red-500 disabled:opacity-30 disabled:cursor-not-allowed text-white text-sm font-medium py-2 px-4 rounded transition-colors"
>
Stop
</button>
<button
onClick={() => onAction(name, 'restart')}
className="bg-blue-600 hover:bg-blue-500 text-white text-sm font-medium py-2 px-4 rounded transition-colors"
>
Restart
</button>
</div>
</div>
);
};
export default ServiceCard;

79
frontend/src/components/Sidebar.jsx Normal file
View file

@ -0,0 +1,79 @@
import { useState } from 'react';
const Sidebar = ({ activePage, services, onNavigate, onSelectService }) => {
const [servicesOpen, setServicesOpen] = useState(true);
const getStatusColor = (status) => {
if (status === 'started') return 'bg-green-500';
if (status === 'stopped') return 'bg-red-500';
return 'bg-yellow-500';
};
const navItem = (id, label, icon) => (
<button
onClick={() => onNavigate(id)}
className={`w-full flex items-center space-x-3 px-4 py-2 rounded-lg transition-all ${activePage === id
? 'bg-blue-600/10 text-blue-400 border border-blue-500/20'
: 'text-gray-400 hover:text-white hover:bg-gray-800'
}`}
>
<span className="text-lg">{icon}</span>
<span className="font-medium">{label}</span>
</button>
);
return (
<aside className="h-full p-4 flex flex-col space-y-6">
<nav className="space-y-1">
<span className="px-4 text-[10px] text-gray-500 uppercase font-bold tracking-widest">Main Navigation</span>
<div className="mt-2 space-y-1">
{navItem('system', 'System Overview', '📊')}
{navItem('websites', 'Websites', '🌐')}
{navItem('appmarket', 'App Market', '🛒')}
</div>
</nav>
<div className="space-y-1">
<button
onClick={() => setServicesOpen(!servicesOpen)}
className="w-full px-4 flex items-center justify-between text-[10px] text-gray-500 uppercase font-bold tracking-widest hover:text-gray-300 transition-colors"
>
<span>Services</span>
<span className={`transition-transform duration-200 ${servicesOpen ? 'rotate-180' : ''}`}></span>
</button>
{servicesOpen && (
<div className="mt-2 space-y-1 pl-2">
{services.map(({ name, status }) => (
<button
key={name}
onClick={() => onSelectService(name)}
className={`w-full text-left px-4 py-1.5 rounded-md text-sm transition-all ${activePage === `service-${name}`
? 'text-blue-400 font-medium bg-blue-600/5'
: 'text-gray-500 hover:text-gray-300 hover:bg-gray-800'
}`}
>
<div className="flex items-center space-x-2">
<span className={`w-1.5 h-1.5 rounded-full ${getStatusColor(status)}`}></span>
<span>{name}</span>
</div>
</button>
))}
</div>
)}
</div>
<div className="mt-auto p-4 bg-gray-900/50 rounded-xl border border-gray-800">
<div className="flex items-center space-x-3">
<div className="w-8 h-8 rounded-full bg-gray-800 flex items-center justify-center text-xs">👤</div>
<div className="flex flex-col">
<span className="text-xs font-bold text-gray-300">Admin</span>
<span className="text-[10px] text-gray-500">mTLS Verified</span>
</div>
</div>
</div>
</aside>
);
};
export default Sidebar;

3
frontend/src/index.css Normal file
View file

@ -0,0 +1,3 @@
@tailwind base;
@tailwind components;
@tailwind utilities;

10
frontend/src/main.jsx Normal file
View file

@ -0,0 +1,10 @@
import { StrictMode } from 'react'
import { createRoot } from 'react-dom/client'
import './index.css'
import App from './App.jsx'
createRoot(document.getElementById('root')).render(
<StrictMode>
<App />
</StrictMode>,
)

227
frontend/src/pages/AppDetail.jsx Normal file
View file

@ -0,0 +1,227 @@
import React, { useState, useEffect, useRef } from 'react';
const AppDetail = ({ app, onBack }) => {
const [formData, setFormData] = useState({
domain: '',
dbPassword: '',
port: app.vhost?.proxyPort || ''
});
const [installing, setInstalling] = useState(false);
const [logs, setLogs] = useState([]);
const [status, setStatus] = useState(null); // 'success' | 'error'
const logEndRef = useRef(null);
const scrollToBottom = () => {
logEndRef.current?.scrollIntoView({ behavior: 'smooth' });
};
useEffect(() => {
scrollToBottom();
}, [logs]);
const handleInstall = async (e) => {
e.preventDefault();
setInstalling(true);
setLogs([]);
setStatus(null);
try {
// Use fetch with stream reader to handle POST with SSE-like response
const response = await fetch(`/api/v1/apps/${app.id}/install`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(formData)
});
const reader = response.body.getReader();
const decoder = new TextDecoder();
while (true) {
const { value, done } = await reader.read();
if (done) break;
const chunk = decoder.decode(value);
const lines = chunk.split('\n');
lines.forEach(line => {
if (line.trim().startsWith('data: ')) {
try {
const data = JSON.parse(line.trim().slice(6));
if (data.log) {
setLogs(prev => [...prev, data.log]);
}
if (data.completed) {
setStatus(data.success ? 'success' : 'error');
if (data.error) setLogs(prev => [...prev, `ERROR: ${data.error}`]);
}
} catch (e) {
console.error('Error parsing SSE line', e);
}
}
});
}
} catch (err) {
setLogs(prev => [...prev, `FATAL: ${err.message}`]);
setStatus('error');
} finally {
setInstalling(false);
}
};
return (
<div className="max-w-4xl mx-auto space-y-6">
{/* Header */}
<div className="flex items-center justify-between">
<button
onClick={onBack}
className="flex items-center text-sm text-gray-400 hover:text-white transition-colors"
>
<svg className="w-4 h-4 mr-1" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M15 19l-7-7 7-7" />
</svg>
Back to Marketplace
</button>
<div className="px-3 py-1 bg-gray-800 rounded-full text-xs font-medium text-blue-400 border border-blue-500/20">
{app.category}
</div>
</div>
<div className="bg-gray-900/50 border border-gray-800 rounded-2xl overflow-hidden">
<div className="p-8 border-b border-gray-800 flex items-start gap-6">
<div className="w-20 h-20 bg-gray-800 rounded-2xl flex items-center justify-center text-4xl shadow-inner">
{app.id === 'forgejo' ? '🏗️' : '📦'}
</div>
<div className="flex-1">
<div className="flex items-center gap-3 mb-2">
<h1 className="text-3xl font-bold text-white">{app.name}</h1>
<span className="px-2 py-0.5 bg-gray-800 text-gray-400 rounded text-xs font-mono">v{app.version}</span>
</div>
<p className="text-gray-400 leading-relaxed max-w-2xl">{app.description}</p>
</div>
</div>
<div className="p-8">
{app.installed ? (
<div className="space-y-6">
<div className="p-6 bg-green-500/10 border border-green-500/20 rounded-xl flex items-center justify-between">
<div>
<h3 className="text-green-400 font-bold mb-1">Application Installed</h3>
<p className="text-sm text-green-400/70">
Deployed to <b>{app.installedInfo?.domain}</b> on {new Date(app.installedInfo?.installedAt).toLocaleDateString()}
</p>
</div>
<a
href={`https://${app.installedInfo?.domain}`}
target="_blank"
rel="noreferrer"
className="px-6 py-2 bg-green-600 hover:bg-green-500 text-white rounded-lg font-bold transition-all"
>
Open Application
</a>
</div>
</div>
) : (
<div className="grid grid-cols-1 lg:grid-cols-2 gap-12">
{/* Install Form */}
<form onSubmit={handleInstall} className="space-y-6">
<h3 className="text-lg font-bold text-white mb-4">Installation Settings</h3>
<div className="space-y-4">
<div>
<label className="block text-xs font-bold text-gray-400 uppercase tracking-wider mb-2">Target Domain</label>
<input
type="text"
required
placeholder="e.g. git.example.com"
value={formData.domain}
onChange={e => setFormData({ ...formData, domain: e.target.value })}
disabled={installing}
className="w-full bg-gray-800/50 border border-gray-700 rounded-lg px-4 py-3 text-white focus:outline-none focus:border-blue-500 transition-colors"
/>
</div>
{app.database && (
<div>
<label className="block text-xs font-bold text-gray-400 uppercase tracking-wider mb-2">Database Password</label>
<input
type="password"
required
placeholder="Secure password for DB"
value={formData.dbPassword}
onChange={e => setFormData({ ...formData, dbPassword: e.target.value })}
disabled={installing}
className="w-full bg-gray-800/50 border border-gray-700 rounded-lg px-4 py-3 text-white focus:outline-none focus:border-blue-500 transition-colors"
/>
</div>
)}
{app.vhost && (
<div>
<label className="block text-xs font-bold text-gray-400 uppercase tracking-wider mb-2">Port Override (Optional)</label>
<input
type="number"
placeholder={app.vhost.proxyPort}
value={formData.port}
onChange={e => setFormData({ ...formData, port: e.target.value })}
disabled={installing}
className="w-full bg-gray-800/50 border border-gray-700 rounded-lg px-4 py-3 text-white focus:outline-none focus:border-blue-500 transition-colors"
/>
</div>
)}
</div>
<button
type="submit"
disabled={installing}
className={`w-full py-4 rounded-xl font-bold text-lg transition-all ${installing
? 'bg-gray-800 text-gray-500 cursor-not-allowed'
: 'bg-blue-600 hover:bg-blue-500 text-white shadow-lg shadow-blue-500/20'
}`}
>
{installing ? 'Installing...' : 'Install Now'}
</button>
</form>
{/* Live Logs */}
<div className="flex flex-col h-full min-h-[400px]">
<h3 className="text-lg font-bold text-white mb-4">Installation Logs</h3>
<div className="flex-1 bg-black/50 border border-gray-800 rounded-xl p-4 font-mono text-xs overflow-y-auto space-y-1 scrollbar-thin scrollbar-thumb-gray-800">
{logs.length === 0 && !installing && (
<div className="h-full flex items-center justify-center text-gray-600 italic">
Logs will appear here during installation...
</div>
)}
{logs.map((log, i) => (
<div key={i} className={log.includes('ERROR') ? 'text-red-400' : 'text-gray-300'}>
{log}
</div>
))}
<div ref={logEndRef} />
</div>
{status === 'success' && (
<div className="mt-4 p-4 bg-green-500/20 border border-green-500/50 rounded-xl text-green-400 text-sm font-bold flex items-center">
<svg className="w-5 h-5 mr-2" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M5 13l4 4L19 7" />
</svg>
Installation Complete!
</div>
)}
{status === 'error' && (
<div className="mt-4 p-4 bg-red-500/20 border border-red-500/50 rounded-xl text-red-400 text-sm font-bold flex items-center">
<svg className="w-5 h-5 mr-2" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 8v4m0 4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z" />
</svg>
Installation Failed.
</div>
)}
</div>
</div>
)}
</div>
</div>
</div>
);
};
export default AppDetail;

138
frontend/src/pages/AppMarket.jsx Normal file
View file

@ -0,0 +1,138 @@
import React, { useState, useEffect } from 'react';
const AppMarket = ({ onSelectApp }) => {
const [apps, setApps] = useState([]);
const [loading, setLoading] = useState(true);
const [error, setError] = useState(null);
const [filter, setFilter] = useState('All');
useEffect(() => {
fetchApps();
}, []);
const fetchApps = async () => {
try {
setLoading(true);
const response = await fetch('/api/v1/apps');
const data = await response.json();
if (data.success) {
setApps(data.apps);
} else {
setError(data.error);
}
} catch (err) {
setError('Failed to fetch applications');
} finally {
setLoading(false);
}
};
const categories = ['All', ...new Set(apps.map(app => app.category))];
const filteredApps = filter === 'All'
? apps
: apps.filter(app => app.category === filter);
const getEmoji = (appId) => {
const emojis = {
forgejo: '🏗️',
phpmyadmin: '🐘',
pgadmin: '🐘',
'static-site': '🌐'
};
return emojis[appId] || '📦';
};
if (loading) {
return (
<div className="flex items-center justify-center min-h-[400px]">
<div className="animate-spin rounded-full h-8 w-8 border-b-2 border-blue-500"></div>
</div>
);
}
return (
<div className="space-y-6">
<div className="flex flex-col md:flex-row md:items-center justify-between gap-4">
<div>
<h1 className="text-2xl font-bold text-white">App Market</h1>
<p className="text-gray-400">One-click installation for your server</p>
</div>
<div className="flex flex-wrap gap-2">
{categories.map(cat => (
<button
key={cat}
onClick={() => setFilter(cat)}
className={`px-4 py-1.5 rounded-full text-sm font-medium transition-all ${filter === cat
? 'bg-blue-600 text-white shadow-lg shadow-blue-500/20'
: 'bg-gray-800 text-gray-400 hover:bg-gray-700 hover:text-gray-200'
}`}
>
{cat}
</button>
))}
</div>
</div>
{error && (
<div className="p-4 bg-red-900/20 border border-red-500/50 rounded-xl text-red-400 text-sm">
{error}
</div>
)}
{apps.length === 0 && !loading ? (
<div className="flex flex-col items-center justify-center min-h-[300px] border-2 border-dashed border-gray-800 rounded-2xl bg-gray-900/30 p-8 text-center">
<div className="text-5xl mb-4">🏪</div>
<h3 className="text-xl font-medium text-white mb-2">Marketplace Empty</h3>
<p className="text-gray-400 max-w-sm">No applications are available in the repository at the moment. Check back later!</p>
</div>
) : (
<div className="grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-3 xl:grid-cols-4 gap-6">
{filteredApps.map(app => (
<div
key={app.id}
onClick={() => onSelectApp(app)}
className="group relative bg-gray-900/50 border border-gray-800 rounded-2xl p-6 hover:border-gray-600 transition-all cursor-pointer hover:shadow-2xl hover:shadow-blue-500/5"
>
<div className="flex items-start justify-between mb-4">
<div className="w-12 h-12 bg-gray-800 rounded-xl flex items-center justify-center text-2xl shadow-inner group-hover:scale-110 transition-transform">
{getEmoji(app.id)}
</div>
{app.installed && (
<span className="flex items-center space-x-1.5 px-2 py-1 bg-green-500/10 border border-green-500/20 rounded-md text-[10px] font-bold text-green-400 uppercase tracking-wider">
<span className="w-1.5 h-1.5 rounded-full bg-green-500 animate-pulse"></span>
<span>Installed</span>
</span>
)}
</div>
<div className="space-y-1">
<div className="flex items-center justify-between">
<h3 className="text-lg font-bold text-white group-hover:text-blue-400 transition-colors">
{app.name}
</h3>
<span className="text-xs text-gray-500">v{app.version}</span>
</div>
<div className="text-xs font-medium text-blue-500/80">{app.category}</div>
</div>
<p className="mt-3 text-sm text-gray-400 line-clamp-2 leading-relaxed">
{app.description}
</p>
<div className="mt-6 flex items-center text-xs font-semibold text-gray-300 group-hover:text-blue-400 transition-colors uppercase tracking-[0.05em]">
<span>View Details</span>
<svg className="w-4 h-4 ml-1 transform group-hover:translate-x-1 transition-transform" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5l7 7-7 7" />
</svg>
</div>
</div>
))}
</div>
)}
</div>
);
};
export default AppMarket;

144
frontend/src/pages/ServiceDetail.jsx Normal file
View file

@ -0,0 +1,144 @@
import React, { useState, useEffect, useCallback } from 'react';
const ServiceDetail = ({ service, onBack }) => {
const [logs, setLogs] = useState([]);
const [loadingLogs, setLoadingLogs] = useState(true);
const [actionLoading, setActionLoading] = useState(false);
const [logError, setLogError] = useState(false);
const { name, status } = service;
const fetchLogs = useCallback(async () => {
try {
const response = await fetch(`/api/v1/logs/${name}`);
if (!response.ok) throw new Error('Logs not available');
const data = await response.json();
if (data.success && data.logs) {
const logLines = Array.isArray(data.logs) ? data.logs : data.logs.split('\n');
setLogs(logLines.slice(-20));
setLogError(false);
} else {
setLogError(true);
}
} catch (err) {
console.error('Failed to fetch logs:', err);
setLogError(true);
} finally {
setLoadingLogs(false);
}
}, [name]);
useEffect(() => {
fetchLogs();
const interval = setInterval(fetchLogs, 10000);
return () => clearInterval(interval);
}, [fetchLogs]);
const handleAction = async (action) => {
if (action === 'stop') {
if (!window.confirm(`Are you sure you want to STOP ${name}? This may interrupt server functionality.`)) {
return;
}
}
setActionLoading(true);
try {
const response = await fetch(`/api/v1/services/${name}/${action}`, {
method: 'POST',
});
const data = await response.json();
if (!data.success) {
alert(`Error: ${data.error || 'Action failed'}`);
}
} catch (err) {
alert(`Network error: ${err.message}`);
} finally {
setActionLoading(false);
}
};
return (
<div className="space-y-8 animate-in fade-in slide-in-from-bottom-2 duration-300">
{/* Navigation & Title */}
<div className="flex items-center justify-between">
<div className="flex items-center space-x-4">
<button
onClick={onBack}
className="p-2 hover:bg-gray-800 rounded-lg text-gray-400 hover:text-white transition-colors"
>
Back
</button>
<h2 className="text-3xl font-bold text-white uppercase tracking-tight">{name}</h2>
<div className={`px-3 py-1 rounded-full text-xs font-bold uppercase tracking-widest ${status === 'started' ? 'bg-green-500/10 text-green-500 border border-green-500/20' :
status === 'stopped' ? 'bg-red-500/10 text-red-500 border border-red-500/20' :
'bg-yellow-500/10 text-yellow-500 border border-yellow-500/20'
}`}>
{status}
</div>
</div>
</div>
{/* Control Panel */}
<div className="grid grid-cols-1 md:grid-cols-3 gap-4">
<button
disabled={actionLoading || status === 'started'}
onClick={() => handleAction('start')}
className="flex items-center justify-center space-x-2 p-4 bg-gray-900 border border-gray-800 rounded-xl hover:bg-green-600/10 hover:border-green-500/30 transition-all disabled:opacity-50"
>
<span className="text-xl"></span>
<span className="font-bold">Start</span>
</button>
<button
disabled={actionLoading || status === 'stopped'}
onClick={() => handleAction('stop')}
className="flex items-center justify-center space-x-2 p-4 bg-gray-900 border border-gray-800 rounded-xl hover:bg-red-600/10 hover:border-red-500/30 transition-all disabled:opacity-50"
>
<span className="text-xl"></span>
<span className="font-bold">Stop</span>
</button>
<button
disabled={actionLoading}
onClick={() => handleAction('restart')}
className="flex items-center justify-center space-x-2 p-4 bg-gray-900 border border-gray-800 rounded-xl hover:bg-blue-600/10 hover:border-blue-500/30 transition-all disabled:opacity-50"
>
<span className="text-xl"></span>
<span className="font-bold">Restart</span>
</button>
</div>
{/* Log Viewer */}
<div className="space-y-4">
<div className="flex items-center justify-between">
<h3 className="text-sm font-bold text-gray-500 uppercase tracking-widest">Service Logs (Last 20 lines)</h3>
<button
onClick={fetchLogs}
className="text-[10px] text-gray-500 hover:text-blue-400 font-bold uppercase tracking-tighter transition-colors"
>
Refresh Logs
</button>
</div>
<div className="bg-gray-900 border border-gray-800 rounded-xl p-4 h-96 overflow-y-auto font-mono text-sm custom-scrollbar">
{loadingLogs ? (
<div className="flex items-center justify-center h-full text-gray-600 italic">Loading logs...</div>
) : logError ? (
<div className="flex items-center justify-center h-full text-red-500/50 italic">Logs not available</div>
) : logs.length === 0 ? (
<div className="flex items-center justify-center h-full text-gray-600 italic">No log entries found</div>
) : (
<pre className="text-gray-400 whitespace-pre-wrap">
{logs.map((line, i) => (
<div key={i} className="mb-1 border-l-2 border-gray-800 pl-3 hover:border-blue-500/30 transition-colors">
{line}
</div>
))}
</pre>
)}
</div>
</div>
</div>
);
};
export default ServiceDetail;

225
frontend/src/pages/SystemMonitor.jsx Normal file
View file

@ -0,0 +1,225 @@
import React, { useState, useEffect } from 'react';
const SystemMonitor = () => {
const [metrics, setMetrics] = useState({
cpu: 0,
memory: { total: 0, used: 0, free: 0 },
disk: [],
uptime: { seconds: 0, human: 'Loading...' },
load: { one: 0, five: 0, fifteen: 0 }
});
const [error, setError] = useState(null);
const fetchCPU = async () => {
try {
const res = await fetch('/api/v1/system/cpu');
const json = await res.json();
if (json.success) setMetrics(prev => ({ ...prev, cpu: json.usage }));
} catch (err) {
console.error('CPU fetch failed', err);
}
};
const fetchOtherMetrics = async () => {
try {
const [memRes, diskRes, uptimeRes, loadRes] = await Promise.all([
fetch('/api/v1/system/memory'),
fetch('/api/v1/system/disk'),
fetch('/api/v1/system/uptime'),
fetch('/api/v1/system/load')
]);
const [memJson, diskJson, uptimeJson, loadJson] = await Promise.all([
memRes.json(),
diskRes.json(),
uptimeRes.json(),
loadRes.json()
]);
setMetrics(prev => ({
...prev,
memory: memJson.success ? { total: memJson.total, used: memJson.used, free: memJson.free } : prev.memory,
disk: diskJson.success ? diskJson.partitions : prev.disk,
uptime: uptimeJson.success ? { seconds: uptimeJson.seconds, human: uptimeJson.human } : prev.uptime,
load: loadJson.success ? { one: loadJson.one, five: loadJson.five, fifteen: loadJson.fifteen } : prev.load
}));
setError(null);
} catch (err) {
setError('Failed to fetch system metrics');
console.error('Metrics fetch failed', err);
}
};
useEffect(() => {
fetchCPU();
fetchOtherMetrics();
const cpuInterval = setInterval(fetchCPU, 5000);
const otherInterval = setInterval(fetchOtherMetrics, 10000);
return () => {
clearInterval(cpuInterval);
clearInterval(otherInterval);
};
}, []);
const getStatusColor = (percent, thresholds) => {
if (percent < thresholds.yellow) return 'text-green-500 bg-green-500';
if (percent < thresholds.red) return 'text-yellow-500 bg-yellow-500';
return 'text-red-500 bg-red-500';
};
const ProgressBar = ({ label, used, total, unit = 'MB', colorClass }) => {
const percent = total > 0 ? (used / total) * 100 : 0;
const barColor = colorClass.split(' ')[1];
const textColor = colorClass.split(' ')[0];
return (
<div className="mb-6">
<div className="flex justify-between items-center mb-2">
<span className="text-gray-400 font-medium">{label}</span>
<span className={`font-bold ${textColor}`}>
{used} / {total} {unit} ({percent.toFixed(1)}%)
</span>
</div>
<div className="w-full bg-gray-800 rounded-full h-3 overflow-hidden">
<div
className={`h-full ${barColor} transition-all duration-1000 ease-out`}
style={{ width: `${percent}%` }}
/>
</div>
</div>
);
};
const Gauge = ({ value, label }) => {
const radius = 40;
const circumference = 2 * Math.PI * radius;
const offset = circumference - (value / 100) * circumference;
const colorClass = getStatusColor(value, { yellow: 50, red: 80 }).split(' ')[0];
return (
<div className="flex flex-col items-center">
<div className="relative w-32 h-32 flex items-center justify-center">
<svg className="w-full h-full transform -rotate-90">
<circle
cx="64" cy="64" r={radius}
className="stroke-gray-800 fill-none"
strokeWidth="10"
/>
<circle
cx="64" cy="64" r={radius}
className={`${colorClass} stroke-current fill-none transition-all duration-1000 ease-out`}
strokeWidth="10"
strokeDasharray={circumference}
strokeDashoffset={offset}
strokeLinecap="round"
/>
</svg>
<div className="absolute inset-0 flex flex-col items-center justify-center">
<span className={`text-2xl font-bold ${colorClass}`}>{value}%</span>
</div>
</div>
<span className="text-gray-400 mt-2 font-medium">{label}</span>
</div>
);
};
const getLoadColor = (load) => {
if (load < 1.0) return 'text-green-500';
if (load < 2.0) return 'text-yellow-500';
return 'text-red-500';
};
return (
<div className="space-y-8 animate-in fade-in slide-in-from-bottom-2 duration-300">
{error && (
<div className="bg-red-900/30 border border-red-500 text-red-500 px-4 py-3 rounded-lg flex justify-between items-center">
<span>{error}</span>
<button onClick={() => fetchOtherMetrics()} className="underline text-sm hover:no-underline font-bold">Retry</button>
</div>
)}
<div className="grid grid-cols-1 md:grid-cols-3 gap-6">
{/* CPU Gauge Card */}
<div className="bg-gray-900 border border-gray-800 rounded-xl p-6 flex items-center justify-center shadow-lg">
<Gauge value={metrics.cpu} label="CPU Usage" />
</div>
{/* Load Average Card */}
<div className="bg-gray-900 border border-gray-800 rounded-xl p-6 shadow-lg">
<h3 className="text-gray-500 font-bold mb-6 text-center uppercase tracking-widest text-[10px]">Load Average</h3>
<div className="grid grid-cols-3 gap-4 text-center">
<div>
<div className={`text-xl font-bold ${getLoadColor(metrics.load.one)}`}>
{metrics.load.one.toFixed(2)}
</div>
<div className="text-[10px] text-gray-500 mt-1 font-bold uppercase">1 Min</div>
</div>
<div>
<div className="text-xl font-bold text-gray-200">{metrics.load.five.toFixed(2)}</div>
<div className="text-[10px] text-gray-500 mt-1 font-bold uppercase">5 Min</div>
</div>
<div>
<div className="text-xl font-bold text-gray-200">{metrics.load.fifteen.toFixed(2)}</div>
<div className="text-[10px] text-gray-500 mt-1 font-bold uppercase">15 Min</div>
</div>
</div>
</div>
{/* Uptime Card */}
<div className="bg-gray-900 border border-gray-800 rounded-xl p-6 flex flex-col items-center justify-center shadow-lg text-center">
<h3 className="text-gray-500 font-bold mb-2 uppercase tracking-widest text-[10px]">System Uptime</h3>
<div className="text-xl font-bold text-blue-400">{metrics.uptime.human}</div>
</div>
</div>
<div className="grid grid-cols-1 lg:grid-cols-2 gap-6">
{/* Memory Usage */}
<div className="bg-gray-900 border border-gray-800 rounded-xl p-6 shadow-lg">
<h3 className="text-gray-500 font-bold mb-6 flex items-center uppercase tracking-widest text-[10px]">
<span className="w-1.5 h-1.5 bg-blue-500 rounded-full mr-2"></span>
Memory Breakdown
</h3>
<ProgressBar
label="RAM"
used={metrics.memory.used}
total={metrics.memory.total}
colorClass={getStatusColor((metrics.memory.used / metrics.memory.total) * 100, { yellow: 70, red: 85 })}
/>
</div>
{/* Disk Usage */}
<div className="bg-gray-900 border border-gray-800 rounded-xl p-6 shadow-lg">
<h3 className="text-gray-500 font-bold mb-6 flex items-center uppercase tracking-widest text-[10px]">
<span className="w-1.5 h-1.5 bg-purple-500 rounded-full mr-2"></span>
Storage Health
</h3>
{metrics.disk.length > 0 ? (
metrics.disk.map((p, idx) => {
const usedVal = parseFloat(p.used);
const totalVal = parseFloat(p.total);
const unit = p.unit || 'GB';
const percentNum = parseInt(p.percent);
return (
<ProgressBar
key={idx}
label={p.mount}
used={usedVal}
total={totalVal}
unit={unit}
colorClass={getStatusColor(percentNum, { yellow: 70, red: 85 })}
/>
);
})
) : (
<div className="text-gray-600 italic text-center py-4 text-xs font-bold uppercase">Scanning disks...</div>
)}
</div>
</div>
</div>
);
};
export default SystemMonitor;

251
frontend/src/pages/VHostManager.jsx Normal file
View file

@ -0,0 +1,251 @@
import React, { useState, useEffect } from 'react';
const NewSiteForm = ({ onCancel, onSuccess }) => {
const [formData, setFormData] = useState({
domain: '',
root: '',
port: '80',
type: 'static'
});
const [loading, setLoading] = useState(false);
const [error, setError] = useState(null);
const handleSubmit = async (e) => {
e.preventDefault();
setLoading(true);
setError(null);
try {
const res = await fetch('/api/v1/vhosts', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(formData)
});
const data = await res.json();
if (data.success) {
onSuccess();
} else {
setError(data.error || 'Failed to create virtual host');
}
} catch (err) {
setError('Network error: ' + err.message);
} finally {
setLoading(false);
}
};
return (
<div className="bg-gray-900 border border-gray-800 rounded-xl p-6 mb-8 animate-in slide-in-from-top-4 duration-300">
<h3 className="text-lg font-bold text-white mb-4">Create New Virtual Host</h3>
<form onSubmit={handleSubmit} className="grid grid-cols-1 md:grid-cols-2 gap-4">
<div className="space-y-1">
<label className="text-[10px] text-gray-500 uppercase font-bold tracking-widest">Domain / Server Name</label>
<input
required
type="text"
placeholder="example.com"
className="w-full bg-gray-950 border border-gray-800 rounded-lg px-4 py-2 focus:ring-1 focus:ring-blue-500 outline-none text-gray-200"
value={formData.domain}
onChange={e => setFormData({ ...formData, domain: e.target.value })}
/>
</div>
<div className="space-y-1">
<label className="text-[10px] text-gray-500 uppercase font-bold tracking-widest">Document Root / Backend URL</label>
<input
required
type="text"
placeholder="/var/www/html or http://127.0.0.1:3000"
className="w-full bg-gray-950 border border-gray-800 rounded-lg px-4 py-2 focus:ring-1 focus:ring-blue-500 outline-none text-gray-200"
value={formData.root}
onChange={e => setFormData({ ...formData, root: e.target.value })}
/>
</div>
<div className="space-y-1">
<label className="text-[10px] text-gray-500 uppercase font-bold tracking-widest">Port</label>
<input
required
type="text"
className="w-full bg-gray-950 border border-gray-800 rounded-lg px-4 py-2 focus:ring-1 focus:ring-blue-500 outline-none text-gray-200"
value={formData.port}
onChange={e => setFormData({ ...formData, port: e.target.value })}
/>
</div>
<div className="space-y-1">
<label className="text-[10px] text-gray-500 uppercase font-bold tracking-widest">Type</label>
<select
className="w-full bg-gray-950 border border-gray-800 rounded-lg px-4 py-2 focus:ring-1 focus:ring-blue-500 outline-none text-gray-200 appearance-none"
value={formData.type}
onChange={e => setFormData({ ...formData, type: e.target.value })}
>
<option value="static">Static Site (Root path)</option>
<option value="proxy">Reverse Proxy (Backend URL)</option>
</select>
</div>
{error && <div className="md:col-span-2 text-red-500 text-sm font-bold bg-red-500/10 p-2 rounded border border-red-500/20">{error}</div>}
<div className="md:col-span-2 flex justify-end space-x-3 mt-2">
<button
type="button"
onClick={onCancel}
className="px-6 py-2 rounded-lg text-sm font-bold text-gray-400 hover:text-white transition-colors"
>
Cancel
</button>
<button
disabled={loading}
type="submit"
className="px-6 py-2 bg-blue-600 hover:bg-blue-500 text-white rounded-lg text-sm font-bold shadow-lg shadow-blue-500/20 transition-all disabled:opacity-50"
>
{loading ? 'Creating...' : 'Create VHost'}
</button>
</div>
</form>
</div>
);
};
const VHostManager = () => {
const [vhosts, setVhosts] = useState([]);
const [loading, setLoading] = useState(true);
const [error, setError] = useState(null);
const [toggling, setToggling] = useState(null);
const [showForm, setShowForm] = useState(false);
const fetchVHosts = async () => {
try {
const res = await fetch('/api/v1/vhosts');
const data = await res.json();
if (data.success) {
setVhosts(data.vhosts);
setError(null);
} else {
setError(data.error || 'Failed to fetch virtual hosts');
}
} catch (err) {
setError('Failed to connect to backend API');
} finally {
setLoading(false);
}
};
useEffect(() => {
fetchVHosts();
}, []);
const handleToggle = async (filename, currentState) => {
const action = currentState ? 'disable' : 'enable';
if (!window.confirm(`Are you sure you want to ${action} this virtual host? This will reload Nginx.`)) {
return;
}
setToggling(filename);
try {
const res = await fetch(`/api/v1/vhosts/${filename}/${action}`, {
method: 'POST'
});
const data = await res.json();
if (data.success) {
await fetchVHosts();
} else {
alert(`Error: ${data.error}`);
}
} catch (err) {
alert('Failed to update virtual host status');
} finally {
setToggling(null);
}
};
return (
<div className="space-y-8 animate-in fade-in slide-in-from-bottom-2 duration-300">
<div className="flex items-center justify-between">
<div>
<h2 className="text-3xl font-bold text-white tracking-tight">Websites</h2>
<p className="text-gray-500 text-sm font-medium mt-1">Manage Nginx Virtual Hosts</p>
</div>
<button
onClick={() => setShowForm(!showForm)}
className="px-6 py-2 bg-blue-600 hover:bg-blue-500 text-white rounded-lg text-sm font-bold shadow-lg shadow-blue-500/20 transition-all"
>
{showForm ? 'Cancel' : '+ New Site'}
</button>
</div>
{showForm && (
<NewSiteForm
onCancel={() => setShowForm(false)}
onSuccess={() => {
setShowForm(false);
fetchVHosts();
}}
/>
)}
{error && (
<div className="bg-red-900/30 border border-red-500 text-red-500 px-4 py-3 rounded-lg flex justify-between items-center">
<span className="font-medium text-sm"> {error}</span>
<button onClick={fetchVHosts} className="text-xs font-bold underline hover:no-underline">Retry</button>
</div>
)}
<div className="bg-gray-900 border border-gray-800 rounded-xl overflow-hidden shadow-xl">
<div className="overflow-x-auto">
<table className="w-full text-left">
<thead>
<tr className="bg-gray-950/50 border-b border-gray-800">
<th className="px-6 py-4 text-[10px] uppercase tracking-widest text-gray-500 font-bold">Status</th>
<th className="px-6 py-4 text-[10px] uppercase tracking-widest text-gray-500 font-bold">Domain</th>
<th className="px-6 py-4 text-[10px] uppercase tracking-widest text-gray-500 font-bold">Root / Proxy</th>
<th className="px-6 py-4 text-[10px] uppercase tracking-widest text-gray-500 font-bold text-right">Actions</th>
</tr>
</thead>
<tbody className="divide-y divide-gray-800/50">
{vhosts.length > 0 ? vhosts.map((vhost) => (
<tr key={vhost.filename} className="hover:bg-gray-800/20 transition-colors">
<td className="px-6 py-4">
<div className="flex items-center space-x-2">
<span className={`w-2 h-2 rounded-full ${vhost.enabled ? 'bg-green-500 shadow-[0_0_8px_rgba(34,197,94,0.4)]' : 'bg-gray-600'}`}></span>
<span className={`text-[10px] font-bold uppercase tracking-tighter ${vhost.enabled ? 'text-green-500' : 'text-gray-500'}`}>
{vhost.enabled ? 'Active' : 'Disabled'}
</span>
</div>
</td>
<td className="px-6 py-4">
<div className="text-sm font-mono text-gray-200 font-bold">{vhost.serverName}</div>
<div className="text-[10px] text-gray-500 font-mono mt-0.5">{vhost.filename}</div>
</td>
<td className="px-6 py-4">
<div className="text-xs font-mono text-gray-400 truncate max-w-xs" title={vhost.root}>
{vhost.root}
</div>
</td>
<td className="px-6 py-4 text-right">
<button
disabled={toggling === vhost.filename}
onClick={() => handleToggle(vhost.filename, vhost.enabled)}
className={`px-4 py-1.5 rounded-lg text-[10px] font-bold uppercase tracking-wider transition-all border ${vhost.enabled
? 'bg-gray-950 text-gray-400 border-gray-800 hover:bg-red-500/10 hover:text-red-500 hover:border-red-500/30'
: 'bg-blue-600/10 text-blue-400 border-blue-500/20 hover:bg-blue-600 hover:text-white'
} disabled:opacity-50`}
>
{toggling === vhost.filename ? '...' : (vhost.enabled ? 'Disable' : 'Enable')}
</button>
</td>
</tr>
)) : (
<tr>
<td colSpan="4" className="px-6 py-12 text-center text-gray-600 italic text-sm">
{loading ? 'Scanning configurations...' : 'No virtual hosts found.'}
</td>
</tr>
)}
</tbody>
</table>
</div>
</div>
</div>
);
};
export default VHostManager;

11
frontend/tailwind.config.js Normal file
View file

@ -0,0 +1,11 @@
/** @type {import('tailwindcss').Config} */
export default {
content: [
'./index.html',
'./src/**/*.{js,jsx}',
],
theme: {
extend: {},
},
plugins: [],
}

7
frontend/vite.config.js Normal file
View file

@ -0,0 +1,7 @@
import { defineConfig } from 'vite'
import react from '@vitejs/plugin-react'
// https://vite.dev/config/
export default defineConfig({
plugins: [react()],
})

54
nginx/sawa-panel.conf Normal file
View file

@ -0,0 +1,54 @@
# Sawa Control Panel — nginx Configuration Snippet
# Path on server: /etc/nginx/conf.d/sawa-panel.conf
server {
# Set this to your server's IP or hostname e.g. 10.0.0.10
listen 443 ssl;
server_name 10.0.0.10;
# Server TLS Certificates
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
# Client Certificate Authentication (mTLS)
ssl_client_certificate /etc/nginx/ssl/ca.crt;
ssl_verify_client on;
# Best practices for security
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_session_timeout 1d;
# Static Frontend
root /var/www/panel;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
# API Backend Reverse Proxy
location /api/ {
proxy_pass http://127.0.0.1:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Deny access to . files
location ~ /\. {
deny all;
}
}
# Redirect HTTP to HTTPS
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}