V1.0.2

2026-04-27 14:15:30 +02:00
parent c7892748dc
commit 607ff0629c
2 changed files with 90 additions and 13 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,18 +1,35 @@
 # Build Rust
 /target/
 # Données runtime
 data/config.json
 data/alerts.json
 # Logs
 *.log
 # macOS
 .DS_Store
 # Variables d'environnement
 .env
 # Dossiers non pertinents
 imput/
 logTest/
 log/
 docs/
 dist/
 build/
 # IDE / outils locaux
 .claude/
 .vscode/
 .idea/
 # Python (héritage)
 __pycache__/
 *.pyc
 .venv/
 venv/
 data/config.json
 data/alerts.json
 *.log
 .env
 imput/
 logTest/
 log/
 CLAUDE.md
 docs/
 .claude/
 *.spec
 build/
 dist/
 docs/
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -0,0 +1,60 @@
 # CLAUDE.md
 This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
 ## Commands
 ```bash
 # Dev server (http://localhost:5000, credentials admin/admin)
 cargo run
 # Release build — produces target/release/supervision (Linux) or target\release\supervision.exe (Windows)
 cargo build --release
 # Cross-compile for Windows from Linux
 rustup target add x86_64-pc-windows-gnu
 cargo build --release --target x86_64-pc-windows-gnu
 # Tests
 cargo test
 # Linting
 cargo clippy
 ```
 ### Windows service (run as Administrator)
 ```cmd
 supervision.exe install     # register as auto-start service named "Supervision"
 sc start Supervision
 sc stop Supervision
 supervision.exe uninstall
 ```
 ## Architecture
 Single-binary Axum web server. All shared mutable state is passed through `AppState` (defined in `src/routes/mod.rs`) which holds `Arc`-wrapped components.
 **`src/main.rs`** — entry point: builds `AppState`, registers all routes, starts background threads (`start_monitoring`, `UserMonitor::start`), and handles Windows service scaffolding (feature-gated on `cfg(windows)`).
 **`src/routes/mod.rs`** — defines `AppState`, the `AuthUser` extractor (redirects to `/login` if session is absent), and `build_tera()` which **embeds all templates at compile time** via `include_str!`. Modifying a template requires a recompile. Also provides `flash`/`get_and_clear_flash` session helpers and `render_html`.
 **`src/routes/{auth,dashboard,settings,alerts,users}.rs`** — all HTTP route handlers. Each protected handler receives `AuthUser` as an extractor to enforce authentication.
 **`src/config.rs`** — `Config` struct serialised to/from `data/config.json`. `ConfigManager` wraps `Config` and the `data/` path; callers lock `Arc<AsyncMutex<ConfigManager>>` to read or write config. Password hashing with bcrypt. Alerts ring-buffered to 500 entries in `data/alerts.json`.
 **`src/monitor.rs`** — `SystemMonitor` collects CPU/RAM/disk/process data via `sysinfo`. `eval_status(value, threshold)` returns `"ok"` / `"warning"` / `"critical"` (warning ≥ 80 %, critical ≥ 100 % of threshold). The background thread calls `collect_metrics` → `check_thresholds`, applies per-key cooldown, persists alerts, and optionally sends email. Sleeps in 5-second chunks so `monitoring_active` changes are picked up promptly.
 **`src/user_monitor.rs`** — `UserMonitor` parses Amadea `awevents_*` and `isoft_*` log files (plain or `.gz`) to build a per-user activity snapshot. `parse_awevents_line` extracts login/action/label from `awevents` files; `isoft` files provide `connected_since` (session open time via `OpenUserSession`). `compute_statuses` assigns `actif` / `inactif` / `absent` / `deconnecte` based on configurable minute thresholds — `absent` means inactive beyond `inactive_minutes` without an explicit logout. `compute_active_time` derives presence and active time by subtracting gaps exceeding `pause_threshold_minutes`. Also provides `get_weekly_activity` / `get_monthly_activity` (peak concurrent users per day) and `get_users_for_date` / `get_user_history`. Log file discovery handles both dated files (`awevents_YY-MM-DD_N.log.gz`) and undated active-log files (`awevents.log`). `UserMonitor.data` is guarded by `std::Mutex` (never held across `.await`).
 **`src/alerter.rs`** — SMTP email dispatch via `lettre`. `is_configured` guards all sends. Uses STARTTLS by default; falls back to unencrypted when `use_tls = false`.
 ### Data directory
 `data/` is created next to the binary at first launch:
 - `config.json` — all settings; written after every settings form submission.
 - `alerts.json` — ring buffer of the last 500 alerts, newest first.
 ### Template context conventions
 Every protected page calls `base_context()` which injects `authenticated`, `flash_messages`, `default_pw`, and `username`. `apply_security_headers()` adds `X-Content-Type-Options`, `X-Frame-Options`, etc. to every response.