122 lines
4.1 KiB
Markdown
122 lines
4.1 KiB
Markdown
# Phase 18: Web Dashboard - Context
|
|
|
|
**Gathered:** 2026-04-06
|
|
**Status:** Ready for planning
|
|
**Mode:** Auto-generated
|
|
|
|
<domain>
|
|
## Phase Boundary
|
|
|
|
Embedded web dashboard: htmx + Tailwind CSS + chi router + go:embed. All HTML/CSS/JS embedded in the binary. Pages: overview, keys, providers, recon, dorks, settings. REST API at /api/v1/*. SSE for live scan progress. Auth: optional basic/token auth.
|
|
|
|
</domain>
|
|
|
|
<decisions>
|
|
## Implementation Decisions
|
|
|
|
### Stack (per CLAUDE.md)
|
|
- chi v5 HTTP router — 100% net/http compatible
|
|
- templ v0.3.1001 — type-safe HTML templates (compile to Go)
|
|
- htmx v2.x — server-rendered interactivity, vendored via go:embed
|
|
- Tailwind CSS v4.x standalone — compiled to single CSS file, go:embed
|
|
- SSE for live updates — native browser EventSource API
|
|
|
|
### Package Layout
|
|
```
|
|
pkg/web/
|
|
server.go — chi router setup, middleware, go:embed assets
|
|
handlers.go — page handlers (overview, keys, providers, recon, dorks, settings)
|
|
api.go — REST API handlers (/api/v1/*)
|
|
sse.go — SSE endpoint for live scan/recon progress
|
|
auth.go — optional basic/token auth middleware
|
|
static/
|
|
htmx.min.js — vendored htmx
|
|
style.css — compiled Tailwind CSS
|
|
templates/
|
|
layout.templ — base layout with nav
|
|
overview.templ — dashboard overview
|
|
keys.templ — keys list + detail modal
|
|
providers.templ — provider list + stats
|
|
recon.templ — recon launcher + live results
|
|
dorks.templ — dork management
|
|
settings.templ — config editor
|
|
```
|
|
|
|
### Pragmatic Scope (v1)
|
|
Given this is the final phase, focus on:
|
|
1. Working chi server with go:embed static assets
|
|
2. REST API endpoints (JSON) for all operations
|
|
3. Simple HTML pages with htmx for interactivity
|
|
4. SSE for live scan progress
|
|
5. Optional auth middleware
|
|
|
|
NOT in scope for v1:
|
|
- Full templ compilation pipeline (use html/template for now, templ can be added later)
|
|
- Tailwind compilation step (use CDN link or pre-compiled CSS)
|
|
- Full-featured SPA experience
|
|
|
|
### REST API Endpoints
|
|
```
|
|
GET /api/v1/stats — overview statistics
|
|
GET /api/v1/keys — list findings
|
|
GET /api/v1/keys/:id — get finding detail
|
|
DELETE /api/v1/keys/:id — delete finding
|
|
GET /api/v1/providers — list providers
|
|
GET /api/v1/providers/:name — provider detail
|
|
POST /api/v1/scan — trigger scan
|
|
GET /api/v1/scan/progress — SSE stream
|
|
POST /api/v1/recon — trigger recon
|
|
GET /api/v1/recon/progress — SSE stream
|
|
GET /api/v1/dorks — list dorks
|
|
POST /api/v1/dorks — add custom dork
|
|
GET /api/v1/config — current config
|
|
PUT /api/v1/config — update config
|
|
```
|
|
|
|
### Integration
|
|
- Wire into cmd/serve.go — serve starts HTTP server alongside optional Telegram bot
|
|
- All handlers call the same packages as CLI commands (pkg/storage, pkg/engine, pkg/recon, pkg/providers, pkg/dorks)
|
|
|
|
</decisions>
|
|
|
|
<code_context>
|
|
## Existing Code Insights
|
|
|
|
### Reusable Assets
|
|
- cmd/serve.go — wire HTTP server
|
|
- pkg/storage/ — all DB operations
|
|
- pkg/engine/ — scan engine
|
|
- pkg/recon/ — recon engine
|
|
- pkg/providers/ — provider registry
|
|
- pkg/dorks/ — dork registry
|
|
- pkg/output/ — formatters (JSON reusable for API)
|
|
|
|
### Dependencies
|
|
- chi v5 — already in go.mod
|
|
- go:embed — stdlib
|
|
- htmx — vendor the minified JS file
|
|
- Tailwind — use CDN for v1 (standalone CLI can be added later)
|
|
|
|
</code_context>
|
|
|
|
<specifics>
|
|
## Specific Ideas
|
|
|
|
- Dashboard should be functional but not pretty — basic Tailwind utility classes
|
|
- Keys page: table with masked keys, click to reveal, click to copy
|
|
- Recon page: select sources from checkboxes, click "Sweep", see live results via SSE
|
|
- Overview: simple stat cards (total keys, providers, last scan, scheduled jobs)
|
|
|
|
</specifics>
|
|
|
|
<deferred>
|
|
## Deferred Ideas
|
|
|
|
- templ compilation pipeline — use html/template for v1
|
|
- Tailwind standalone build — use CDN for v1
|
|
- WebSocket instead of SSE — SSE is simpler and sufficient
|
|
- Full auth system (OAuth, sessions) — basic auth is enough for v1
|
|
- Dark mode toggle — out of scope
|
|
|
|
</deferred>
|