diff --git a/.gitignore b/.gitignore index c3395e7..7ca1759 100644 --- a/.gitignore +++ b/.gitignore @@ -1,18 +1,35 @@ +# Build Rust +/target/ + +# Données runtime +data/config.json +data/alerts.json + +# Logs +*.log + +# macOS +.DS_Store + +# Variables d'environnement +.env + +# Dossiers non pertinents +imput/ +logTest/ +log/ +docs/ +dist/ +build/ + +# IDE / outils locaux +.claude/ +.vscode/ +.idea/ + +# Python (héritage) __pycache__/ *.pyc .venv/ venv/ -data/config.json -data/alerts.json -*.log -.env -imput/ -logTest/ -log/ -CLAUDE.md -docs/ -.claude/ *.spec -build/ -dist/ -docs/ diff --git a/CLAUDE.md b/CLAUDE.md new file mode 100644 index 0000000..17913b5 --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1,60 @@ +# CLAUDE.md + +This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. + +## Commands + +```bash +# Dev server (http://localhost:5000, credentials admin/admin) +cargo run + +# Release build — produces target/release/supervision (Linux) or target\release\supervision.exe (Windows) +cargo build --release + +# Cross-compile for Windows from Linux +rustup target add x86_64-pc-windows-gnu +cargo build --release --target x86_64-pc-windows-gnu + +# Tests +cargo test + +# Linting +cargo clippy +``` + +### Windows service (run as Administrator) + +```cmd +supervision.exe install # register as auto-start service named "Supervision" +sc start Supervision +sc stop Supervision +supervision.exe uninstall +``` + +## Architecture + +Single-binary Axum web server. All shared mutable state is passed through `AppState` (defined in `src/routes/mod.rs`) which holds `Arc`-wrapped components. + +**`src/main.rs`** — entry point: builds `AppState`, registers all routes, starts background threads (`start_monitoring`, `UserMonitor::start`), and handles Windows service scaffolding (feature-gated on `cfg(windows)`). + +**`src/routes/mod.rs`** — defines `AppState`, the `AuthUser` extractor (redirects to `/login` if session is absent), and `build_tera()` which **embeds all templates at compile time** via `include_str!`. Modifying a template requires a recompile. Also provides `flash`/`get_and_clear_flash` session helpers and `render_html`. + +**`src/routes/{auth,dashboard,settings,alerts,users}.rs`** — all HTTP route handlers. Each protected handler receives `AuthUser` as an extractor to enforce authentication. + +**`src/config.rs`** — `Config` struct serialised to/from `data/config.json`. `ConfigManager` wraps `Config` and the `data/` path; callers lock `Arc>` to read or write config. Password hashing with bcrypt. Alerts ring-buffered to 500 entries in `data/alerts.json`. + +**`src/monitor.rs`** — `SystemMonitor` collects CPU/RAM/disk/process data via `sysinfo`. `eval_status(value, threshold)` returns `"ok"` / `"warning"` / `"critical"` (warning ≥ 80 %, critical ≥ 100 % of threshold). The background thread calls `collect_metrics` → `check_thresholds`, applies per-key cooldown, persists alerts, and optionally sends email. Sleeps in 5-second chunks so `monitoring_active` changes are picked up promptly. + +**`src/user_monitor.rs`** — `UserMonitor` parses Amadea `awevents_*` and `isoft_*` log files (plain or `.gz`) to build a per-user activity snapshot. `parse_awevents_line` extracts login/action/label from `awevents` files; `isoft` files provide `connected_since` (session open time via `OpenUserSession`). `compute_statuses` assigns `actif` / `inactif` / `absent` / `deconnecte` based on configurable minute thresholds — `absent` means inactive beyond `inactive_minutes` without an explicit logout. `compute_active_time` derives presence and active time by subtracting gaps exceeding `pause_threshold_minutes`. Also provides `get_weekly_activity` / `get_monthly_activity` (peak concurrent users per day) and `get_users_for_date` / `get_user_history`. Log file discovery handles both dated files (`awevents_YY-MM-DD_N.log.gz`) and undated active-log files (`awevents.log`). `UserMonitor.data` is guarded by `std::Mutex` (never held across `.await`). + +**`src/alerter.rs`** — SMTP email dispatch via `lettre`. `is_configured` guards all sends. Uses STARTTLS by default; falls back to unencrypted when `use_tls = false`. + +### Data directory + +`data/` is created next to the binary at first launch: +- `config.json` — all settings; written after every settings form submission. +- `alerts.json` — ring buffer of the last 500 alerts, newest first. + +### Template context conventions + +Every protected page calls `base_context()` which injects `authenticated`, `flash_messages`, `default_pw`, and `username`. `apply_security_headers()` adds `X-Content-Type-Options`, `X-Frame-Options`, etc. to every response.