diff --git a/.planning/REQUIREMENTS.md b/.planning/REQUIREMENTS.md index af3bbee..5f18657 100644 --- a/.planning/REQUIREMENTS.md +++ b/.planning/REQUIREMENTS.md @@ -218,8 +218,8 @@ Requirements for initial release. Each maps to roadmap phases. ### Web Dashboard -- [ ] **WEB-01**: Embedded HTTP server (chi + htmx + Tailwind CSS) -- [ ] **WEB-02**: Dashboard overview page with summary statistics +- [x] **WEB-01**: Embedded HTTP server (chi + htmx + Tailwind CSS) +- [x] **WEB-02**: Dashboard overview page with summary statistics - [ ] **WEB-03**: Scan history and scan detail pages - [ ] **WEB-04**: Key listing page with filtering and "Reveal Key" toggle - [ ] **WEB-05**: OSINT/Recon launcher and results page @@ -227,7 +227,7 @@ Requirements for initial release. Each maps to roadmap phases. - [ ] **WEB-07**: Dork management page - [ ] **WEB-08**: Settings configuration page - [ ] **WEB-09**: REST API (/api/v1/*) for programmatic access -- [ ] **WEB-10**: Optional basic auth / token auth +- [x] **WEB-10**: Optional basic auth / token auth - [ ] **WEB-11**: Server-Sent Events for live scan progress ### Telegram Bot diff --git a/.planning/ROADMAP.md b/.planning/ROADMAP.md index 712fdba..9ecd7f5 100644 --- a/.planning/ROADMAP.md +++ b/.planning/ROADMAP.md @@ -29,7 +29,7 @@ Decimal phases appear between their surrounding integers in numeric order. - [x] **Phase 15: OSINT Forums, Collaboration & Log Aggregators** - StackOverflow/Reddit/HN, Notion/Trello, Elasticsearch/Grafana/Sentry (completed 2026-04-06) - [x] **Phase 16: OSINT Threat Intel, Mobile, DNS & API Marketplaces** - VirusTotal/IntelX, APK scanning, crt.sh, Postman/SwaggerHub (completed 2026-04-06) - [x] **Phase 17: Telegram Bot & Scheduled Scanning** - Remote control bot and cron-based recurring scans with auto-notify (completed 2026-04-06) -- [ ] **Phase 18: Web Dashboard** - Embedded htmx + Tailwind dashboard aggregating all subsystems with SSE live updates +- [x] **Phase 18: Web Dashboard** - Embedded htmx + Tailwind dashboard aggregating all subsystems with SSE live updates (completed 2026-04-06) ## Phase Details @@ -392,4 +392,4 @@ Phases execute in numeric order: 1 → 2 → 3 → ... → 18 | 15. OSINT Forums, Collaboration & Log Aggregators | 2/4 | Complete | 2026-04-06 | | 16. OSINT Threat Intel, Mobile, DNS & API Marketplaces | 0/? | Complete | 2026-04-06 | | 17. Telegram Bot & Scheduled Scanning | 3/5 | Complete | 2026-04-06 | -| 18. Web Dashboard | 0/? | Not started | - | +| 18. Web Dashboard | 1/1 | Complete | 2026-04-06 | diff --git a/.planning/STATE.md b/.planning/STATE.md index 5ec92af..31672e5 100644 --- a/.planning/STATE.md +++ b/.planning/STATE.md @@ -3,14 +3,14 @@ gsd_state_version: 1.0 milestone: v1.0 milestone_name: milestone status: executing -stopped_at: Completed 17-04-PLAN.md -last_updated: "2026-04-06T14:50:49.687Z" +stopped_at: Completed 18-01-PLAN.md +last_updated: "2026-04-06T15:03:51.830Z" last_activity: 2026-04-06 progress: total_phases: 18 - completed_phases: 15 - total_plans: 90 - completed_plans: 88 + completed_phases: 16 + total_plans: 91 + completed_plans: 89 percent: 20 --- @@ -102,6 +102,7 @@ Progress: [██░░░░░░░░] 20% | Phase 16 P01 | 4min | 2 tasks | 6 files | | Phase 17 P01 | 3min | 2 tasks | 4 files | | Phase 17 P04 | 3min | 2 tasks | 4 files | +| Phase 18 P01 | 3min | 2 tasks | 9 files | ## Accumulated Context @@ -156,6 +157,7 @@ Recent decisions affecting current work: - [Phase 16]: URLhaus tag lookup with payload endpoint fallback - [Phase 17]: telego v1.8.0 promoted from indirect to direct; context cancellation for graceful shutdown; rate limit 60s scan/verify/recon, 5s others - [Phase 17]: Separated format from send for testable notifications without telego mock +- [Phase 18]: html/template over templ for v1; Tailwind CDN; nil-safe handlers; constant-time auth comparison ### Pending Todos @@ -170,6 +172,6 @@ None yet. ## Session Continuity -Last session: 2026-04-06T14:34:18.710Z -Stopped at: Completed 17-04-PLAN.md +Last session: 2026-04-06T15:03:51.826Z +Stopped at: Completed 18-01-PLAN.md Resume file: None diff --git a/.planning/phases/18-web-dashboard/18-01-SUMMARY.md b/.planning/phases/18-web-dashboard/18-01-SUMMARY.md new file mode 100644 index 0000000..be43959 --- /dev/null +++ b/.planning/phases/18-web-dashboard/18-01-SUMMARY.md @@ -0,0 +1,125 @@ +--- +phase: 18-web-dashboard +plan: 01 +subsystem: web +tags: [chi, htmx, go-embed, html-template, auth-middleware, dashboard] + +requires: + - phase: 01-foundation + provides: storage.DB, providers.Registry + - phase: 09-osint-infrastructure + provides: recon.Engine + - phase: 08-dork-engine + provides: dorks.Registry +provides: + - "pkg/web package with chi v5 router, embedded static assets, auth middleware" + - "Overview dashboard page with stats from providers/recon/storage" + - "Server struct with NewServer constructor, Config, Router(), ListenAndServe()" +affects: [18-02, 18-03, 18-04, 18-05] + +tech-stack: + added: [chi v5.2.5, htmx v2.0.4] + patterns: [go:embed for static assets and templates, html/template with layout pattern, nil-safe handler for optional dependencies] + +key-files: + created: + - pkg/web/server.go + - pkg/web/auth.go + - pkg/web/handlers.go + - pkg/web/embed.go + - pkg/web/static/htmx.min.js + - pkg/web/static/style.css + - pkg/web/templates/layout.html + - pkg/web/templates/overview.html + - pkg/web/server_test.go + modified: + - go.mod + - go.sum + +key-decisions: + - "html/template over templ for v1 per CONTEXT.md deferred decision" + - "Tailwind via CDN for v1 rather than standalone CLI build step" + - "Nil-safe handlers: overview works with zero Config (no DB, no providers)" + - "AuthMiddleware uses crypto/subtle constant-time comparison for timing-attack resistance" + +patterns-established: + - "Web handler pattern: method on Server struct, nil-check dependencies before use" + - "go:embed layout: static/ and templates/ subdirs under pkg/web/" + - "Template composition: define layout + block content pattern" + +requirements-completed: [WEB-01, WEB-02, WEB-10] + +duration: 3min +completed: 2026-04-06 +--- + +# Phase 18 Plan 01: Web Dashboard Foundation Summary + +**chi v5 router with go:embed static assets (htmx, CSS), html/template layout, overview dashboard, and Basic/Bearer auth middleware** + +## Performance + +- **Duration:** 3 min +- **Started:** 2026-04-06T14:59:54Z +- **Completed:** 2026-04-06T15:02:56Z +- **Tasks:** 2 +- **Files modified:** 9 + +## Accomplishments +- chi v5.2.5 HTTP router with middleware stack (RealIP, Logger, Recoverer) +- Vendored htmx v2.0.4, embedded via go:embed alongside CSS and HTML templates +- Overview page with 4 stat cards (Total Keys, Providers, Recon Sources, Last Scan) and recent findings table +- Auth middleware supporting Basic and Bearer token with constant-time comparison, no-op when unconfigured +- 7 tests covering overview rendering, static serving, auth enforcement, and passthrough + +## Task Commits + +Each task was committed atomically: + +1. **Task 1: chi v5 dependency + go:embed static assets + layout template** - `dd2c8c5` (feat) +2. **Task 2 RED: failing tests for server/auth/overview** - `3541c82` (test) +3. **Task 2 GREEN: implement server, auth, handlers** - `268a769` (feat) + +## Files Created/Modified +- `pkg/web/server.go` - chi router setup, NewServer constructor, ListenAndServe +- `pkg/web/auth.go` - Basic auth and bearer token middleware with constant-time compare +- `pkg/web/handlers.go` - Overview handler with OverviewData struct, nil-safe DB/provider access +- `pkg/web/embed.go` - go:embed directives for static/ and templates/ +- `pkg/web/static/htmx.min.js` - Vendored htmx v2.0.4 (50KB) +- `pkg/web/static/style.css` - Custom overrides for stat cards, findings table, nav +- `pkg/web/templates/layout.html` - Base layout with nav bar, Tailwind CDN, htmx script +- `pkg/web/templates/overview.html` - Dashboard with stat cards grid and findings table +- `pkg/web/server_test.go` - 7 integration tests for server, auth, overview +- `go.mod` / `go.sum` - Added chi v5.2.5 + +## Decisions Made +- Used html/template (not templ) per CONTEXT.md deferred decision for v1 +- Tailwind via CDN rather than standalone build step for v1 simplicity +- Nil-safe handlers allow server to start with zero config (no DB required) +- Auth uses crypto/subtle.ConstantTimeCompare to prevent timing attacks + +## Deviations from Plan + +None - plan executed exactly as written. + +## Issues Encountered +None + +## User Setup Required +None - no external service configuration required. + +## Known Stubs +None - all data paths are wired to real sources (providers.Registry, recon.Engine, storage.DB) or gracefully show zeroes when dependencies are nil. + +## Self-Check: PASSED + +All 9 files verified present. All 3 commit hashes verified in git log. + +## Next Phase Readiness +- Server skeleton ready for Plans 02-05 to add keys page, providers page, API endpoints, SSE +- Router exposed via Router() for easy route additions +- Template parsing supports adding new .html files to templates/ + +--- +*Phase: 18-web-dashboard* +*Completed: 2026-04-06*