DoseNet Systems WebUI
William Chen, Eddie (Zijian) Guo
Synopsis
This summer, we wrote a web interface (WebUI) server for DoseNet devices for the purpose of streamlining device setup on-premises, and to simplify the process of device administration. The interface allows for some basic setup and administration to take place, but more advanced configuration is possible through an online web terminal/shell.
Development Setup/ Technologies
The web interface leverages Python for the back end server, while the front end is built using Next.js and styled with Tailwind CSS. The server operates as a system service with root privileges, and it statically hosts the Next.js front end. Root system privileges are required for the back end server to manage and control certain aspects of the DoseNet device it is running on.
Login
By default, the back end uses the username-password combination dosenet:dosenet (“dosenet” is used for both the username and password). It is suggested that this is changed immediately by the end user for security reasons. WebUI sessions are managed using a JWT token, which expires approximately 24 hours after issuance. Rate-limiting is applied to all routes on a per-IP basis.
Configuration
Internet Connectivity
DoseNet devices include support for both Wi-Fi and Ethernet connections. Some basic Wi-Fi authentication support is provided (password OR username & password), although more advanced networking (or uncommon) networks (such as certificate-based authentication) may benefit from the use of the web terminal/shell. Wired 802.1x authentication is not supported by the WebUI at the moment, and requires setup via the terminal/web shell.
Run “nmcli dev wifi” in the webshell to obtain a list of Wi-Fi networks.
Logging
The WebUI allows the end user to view sensor logs, primarily for the purpose of device diagnosis and troubleshooting. Only the last 100 lines are displayed — use “less” in the webshell to view more logs.
Danger Zone
Many actions of this page should be relatively self-explanatory, but it is strongly recommended to change credentials after logging in for the first time. Passwords are stored as SHA256 hashes on the DoseNet device.
A note on the eject button: This button stops and disables the “webui” systemd service when pressed. This can be easily re-enabled via SSH by running “sudo systemctl enable webui”, followed by “sudo systemctl start webui”.