Richard Nixon
3ca228cc15
Without auth, the WS server at 0.0.0.0:6789 exposed every device's
metrics to anyone on the network — useful reconnaissance for an
attacker (saturated nodes are easier DoS targets) and trivial pivot
from a compromised host.
Server side:
- WS_AUTH_TOKEN env defaults to empty (open mode for local dev),
- when set, ws_handler reads ?token=... from the handshake target
and rejects with WS close 1008 unless secrets.compare_digest
matches; the comparison is constant-time to avoid timing oracles.
Client side:
- frontend reads VITE_WS_URL and VITE_WS_TOKEN, so the same build
works in dev (localhost, no token) and prod (proxied wss, token).
- frontend/.env.sample documents the variables; .gitignore extended
to keep .env / .env.* out of the repo while allowing .env.sample.
env_sample also documents ALERT_COOLDOWN, MAX_PAYLOAD_BYTES and
MAX_DEVICES that the previous commits introduced.
27 lines
782 B
Text
27 lines
782 B
Text
MQTT_BROKER=XXXXAAAAFFFBBBB.REGION.amazonaws.com
|
|
MQTT_PORT=8883
|
|
TOPIC=devices/+/metrics
|
|
|
|
#websocket from backend
|
|
WS_HOST=0.0.0.0
|
|
WS_PORT=6789
|
|
# Shared secret required by dashboards on the WS handshake (?token=...).
|
|
# Leave empty for local dev; set to a long random value in production.
|
|
WS_AUTH_TOKEN=
|
|
PRUNE_SECONDS=30
|
|
CPU_ALERT_TH=90
|
|
# Alert cooldown (s) per device for Slack notifications.
|
|
ALERT_COOLDOWN=60
|
|
# Hard caps on untrusted MQTT input.
|
|
MAX_PAYLOAD_BYTES=16384
|
|
MAX_DEVICES=1000
|
|
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/XXXXXXXXXX/YYYYYY
|
|
DEVICE_ID=YourDeviceID
|
|
|
|
# collect data every 10s
|
|
INTERVAL=10
|
|
|
|
# Certificates (exact file names in your agent directory)
|
|
CA_CERT=AmazonRootCA1.pem
|
|
CLIENT_CERT=clientcert-certificate.pem.crt
|
|
CLIENT_KEY=clientkey-private.pem.key
|