5 changed files with 7 additions and 170 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +0,0 @@
 /user.txt
--- a/README.md
+++ b/README.md
@ -1,79 +1,7 @@
-# MALP - Monitor A Linux Platform
+# MALP - Monitor Active Linux Pulses
 A lightweight Ruby CGI status page for home server monitoring.
 ## Install
-Copy this repository directory to `/var/www`, so `/var/www/malp/cgi-bin` exists.
+Copy repository directory to `/var/www/malp`.
 ```
 mkdir /var/www/malp/data
 chown apache:apache /var/www/malp/data
 ```
 ### If using SELinux (e.g. AlmaLinux)
 ```
 chcon -R -t httpd_sys_script_exec_t /var/www/malp/cgi-bin
 chcon -R -t httpd_sys_rw_content_t /var/www/malp/data
 ```
 ### Example Apache HTTPD Setup
 Here is my example setup.
 My server's name is `anubis`.
 Replace as desired.
 #### Create self-signed TLS certificate
 ```
 mkdir /etc/httpd/tls
 cd /etc/httpd/tls
 openssl ecparam -name secp384r1 -genkey -noout -out anubis.key
 openssl req -new -x509 -key anubis.key -out anubis.crt -days 3650 -sha384
 ```
 #### /etc/httpd/conf.d/anubis.conf
 ```
 <VirtualHost *:80>
    ServerName anubis
    ServerAlias anubis
    # Permanent redirect to the same URI on HTTPS
    Redirect permanent / https://anubis/
 </VirtualHost>
 <VirtualHost *:443>
    ServerName anubis
    DocumentRoot /var/www/html
    SSLEngine on
    SSLCertificateFile /etc/httpd/tls/anubis.crt
    SSLCertificateKeyFile /etc/httpd/tls/anubis.key
    # Modern TLS Security (Recommended for ECDSA)
    SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
    SSLHonorCipherOrder     off
    SSLSessionTickets       off
    ErrorLog /var/log/httpd/anubis-error.log
    CustomLog /var/log/httpd/anubis-access.log combined
    <Directory /var/www/html>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
    ScriptAlias / /var/www/malp/cgi-bin/malp.rb
 </VirtualHost>
 ```
 ### Set user name and password
 ```
 /var/www/malp/bin/setpasswd
 ```
--- a/assets/login.erb
+++ b/assets/login.erb
@ -3,7 +3,7 @@
 <head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title><%= hostname %> status - MALP</title>
+  <title>Home Server Status</title>
  <style>
    body {
      background: #0f1117;
@ -115,7 +115,7 @@
 <body>
 <header>
-  <h1><span><%= hostname %></span> status - MALP</h1>
+  <h1><span>homelab</span> &middot; status</h1>
 </header>
 <div class="card">
@ -123,7 +123,7 @@
  <form method="post">
    <div class="form-group">
      <label for="username">Username</label>
-      <input type="text" id="username" name="username" autocomplete="username" required autofocus>
+      <input type="text" id="username" name="username" autocomplete="username" required>
    </div>
    <div class="form-group">
      <label for="password">Password</label>
--- a/bin/setpasswd
+++ b/bin/setpasswd
@ -1,29 +0,0 @@
 #!/usr/bin/env ruby
 require "digest"
 require "fileutils"
 require "io/console"
 require "securerandom"
 DATA_DIR = File.join(__dir__, "../data")
 USER_FILE = File.join(DATA_DIR, "user.txt")
 print "User name: "
 username = $stdin.gets.chomp
 unless username =~ /^[a-zA-Z0-9_]+$/
  $stderr.puts "Invalid characters in user name"
  exit(1)
 end
 print "Password: "
 password = $stdin.noecho(&:gets).chomp
 salt = SecureRandom.hex(8)
 input = salt + password
 hash = Digest::SHA256.hexdigest(input)
 hashhex = hash.chars.map {|c| sprintf("%02X", c.ord)}.join
 user_file_contents = "#{username}:#{salt}:#{hashhex}\n"
 File.binwrite(USER_FILE, user_file_contents)
 puts "User and password set"
--- a/cgi-bin/malp.rb
+++ b/cgi-bin/malp.rb
@ -2,74 +2,13 @@
 require "cgi"
 require "erb"
 require "digest"
 require "securerandom"
 ASSETS_DIR = File.join(__dir__, "../assets")
 DATA_DIR = File.join(__dir__, "../data")
 SESSIONS_FILE = File.join(DATA_DIR, "sessions.txt")
 USER_FILE = File.join(DATA_DIR, "user.txt")
 cgi = CGI.new
-hostname = File.read("/etc/hostname").strip rescue "localhost"
+template = ERB.new(File.read(File.join(ASSETS_DIR, "login.erb")))
-def load_sessions
+cgi.out("type" => "text/html", "charset" => "UTF-8") do
  return [] unless File.exist?(SESSIONS_FILE)
  now = Time.now.to_i
  max_age = 3 * 7 * 24 * 60 * 60 # 3 weeks
  sessions = File.readlines(SESSIONS_FILE).filter_map do |line|
    token, timestamp = line.strip.split(":", 2)
    next if token.nil? || token.empty?
    [token, timestamp.to_i]
  end
  active, expired = sessions.partition { |_, ts| now - ts < max_age }
  if expired.any?
    File.write(SESSIONS_FILE, active.map { |t, ts| "#{t}:#{ts}" }.join("\n") + "\n")
  end
  active
 end
 def valid_session?(token)
  return false if token.nil? || token.empty?
  load_sessions.any? { |t, _| t == token }
 end
 def check_credentials(username, password)
  return false unless File.exist?(USER_FILE)
  stored_user, salt, stored_hash_hex2 = File.read(USER_FILE).strip.split(":", 3)
  return false unless username == stored_user
  stored_hash = [stored_hash_hex2].pack("H*")
  computed_hash = Digest::SHA256.hexdigest(salt + password)
  stored_hash == computed_hash
 end
 def create_session
  token = SecureRandom.hex(32)
  File.open(SESSIONS_FILE, "a") { |f| f.puts("#{token}:#{Time.now.to_i}") }
  token
 end
 session_token = (cgi.cookies["MALP"] || []).first
 authenticated = valid_session?(session_token)
 cookie = nil
 if cgi.request_method == "POST" && !authenticated
  username = cgi.params["username"]&.first.to_s
  password = cgi.params["password"]&.first.to_s
  if check_credentials(username, password)
    token = create_session
    cookie = CGI::Cookie.new("name" => "MALP", "value" => token, "path" => "/")
    authenticated = true
  end
 end
 template = ERB.new(File.read(File.join(ASSETS_DIR, "page.erb")))
 out_params = { "type" => "text/html", "charset" => "UTF-8" }
 out_params["cookie"] = cookie if cookie
 cgi.out(out_params) do
  template.result(binding)
 end