DoseNet Summer 2024: William Chen and Eddie (Zijian) Guo’s Report

DoseNet Systems WebUI

William Chen, Eddie (Zijian) Guo

Synopsis

This summer, we wrote a web interface (WebUI) server for DoseNet devices for the purpose of streamlining device setup on-premises, and to simplify the process of device administration. The interface allows for some basic setup and administration to take place, but more advanced configuration is possible through an online web terminal/shell.

Development Setup/ Technologies

The web interface leverages Python for the back end server, while the front end is built using Next.js and styled with Tailwind CSS. The server operates as a system service with root privileges, and it statically hosts the Next.js front end. Root system privileges are required for the back end server to manage and control certain aspects of the DoseNet device it is running on.

Login

By default, the back end uses the username-password combination dosenet:dosenet (“dosenet” is used for both the username and password). It is suggested that this is changed immediately by the end user for security reasons. WebUI sessions are managed using a JWT token, which expires approximately 24 hours after issuance. Rate-limiting is applied to all routes on a per-IP basis.

Configuration

This information is quite straightforward and self-explanatory. The end user is expected to fill out the following fields as provided by a DoseNet network administrator.

Internet Connectivity

 

 

DoseNet devices include support for both Wi-Fi and Ethernet connections. Some basic Wi-Fi authentication support is provided (password OR username & password), although more advanced networking (or uncommon) networks (such as certificate-based authentication) may benefit from the use of the web terminal/shell. Wired 802.1x authentication is not supported by the WebUI at the moment, and requires setup via the terminal/web shell.

 

Run “nmcli dev wifi” in the webshell to obtain a list of Wi-Fi networks.

Logging

(the above screenshot has been pulled from an old WebUI build, hence the mismatching name)

The WebUI allows the end user to view sensor logs, primarily for the purpose of device diagnosis and troubleshooting. Only the last 100 lines are displayed — use “less” in the webshell to view more logs.

Danger Zone

 

Many actions of this page should be relatively self-explanatory, but it is strongly recommended to change credentials after logging in for the first time. Passwords are stored as SHA256 hashes on the DoseNet device.

 

A note on the eject button: This button stops and disables the “webui” systemd service when pressed. This can be easily re-enabled via SSH by running “sudo systemctl enable webui”, followed by “sudo systemctl start webui”.

Posted in Community, Education, Internship, Outreach.