diff --git a/.version b/.version
index 27f9cd3..53adb84 100644
--- a/.version
+++ b/.version
@@ -1 +1 @@
-1.8.0
+1.8.2
diff --git a/cmd/server/main.go b/cmd/server/main.go
index adca330..2bd0902 100644
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -18,6 +18,8 @@ import (
"github.com/container-census/container-census/internal/migration"
"github.com/container-census/container-census/internal/models"
"github.com/container-census/container-census/internal/notifications"
+ "github.com/container-census/container-census/internal/plugins"
+ "github.com/container-census/container-census/internal/plugins/builtin/npm"
"github.com/container-census/container-census/internal/registry"
"github.com/container-census/container-census/internal/scanner"
"github.com/container-census/container-census/internal/storage"
@@ -236,6 +238,25 @@ func main() {
// Store API server reference for hot-reload
services.apiServer = apiServer
+ // Initialize plugin manager
+ containerProvider := &containerProviderImpl{db: db}
+ hostProvider := &hostProviderImpl{db: db}
+ pluginManager := plugins.NewManager(db, containerProvider, hostProvider)
+ pluginManager.SetRouter(apiServer.GetRouter())
+ apiServer.SetPluginManager(pluginManager)
+
+ // Register built-in plugins
+ npm.Register(pluginManager)
+
+ // Load and start plugins
+ if err := pluginManager.LoadBuiltInPlugins(context.Background()); err != nil {
+ log.Printf("Warning: Failed to load built-in plugins: %v", err)
+ }
+ if err := pluginManager.Start(context.Background()); err != nil {
+ log.Printf("Warning: Failed to start plugins: %v", err)
+ }
+ log.Println("Plugin manager initialized")
+
server := &http.Server{
Addr: addr,
Handler: apiServer.Router(),
@@ -916,3 +937,34 @@ func runImageUpdateChecker(ctx context.Context, db *storage.DB, scan *scanner.Sc
}
}
}
+
+// containerProviderImpl implements plugins.ContainerProvider
+type containerProviderImpl struct {
+ db *storage.DB
+}
+
+func (p *containerProviderImpl) GetContainers() []models.Container {
+ containers, err := p.db.GetLatestContainers()
+ if err != nil {
+ log.Printf("Error getting containers for plugin: %v", err)
+ return nil
+ }
+ return containers
+}
+
+func (p *containerProviderImpl) GetContainerByID(hostID int64, containerID string) (*models.Container, error) {
+ return p.db.GetContainerByID(hostID, containerID)
+}
+
+// hostProviderImpl implements plugins.HostProvider
+type hostProviderImpl struct {
+ db *storage.DB
+}
+
+func (p *hostProviderImpl) GetHosts() ([]models.Host, error) {
+ return p.db.GetHosts()
+}
+
+func (p *hostProviderImpl) GetHostByID(id int64) (*models.Host, error) {
+ return p.db.GetHost(id)
+}
diff --git a/internal/agent/agent.go b/internal/agent/agent.go
index 6c4521d..8d0541f 100644
--- a/internal/agent/agent.go
+++ b/internal/agent/agent.go
@@ -228,18 +228,34 @@ func (a *Agent) handleListContainers(w http.ResponseWriter, r *http.Request) {
// Inspect container for detailed connection info
var restartCount int
var networks []string
+ var networkDetails []models.NetworkDetail
var volumes []models.VolumeMount
var links []string
var composeProject string
+ var startedAt time.Time
containerJSON, err := a.dockerClient.ContainerInspect(ctx, c.ID)
if err == nil {
restartCount = containerJSON.RestartCount
- // Extract network connections
+ // Extract StartedAt for uptime tracking
+ if containerJSON.State != nil && containerJSON.State.StartedAt != "" {
+ if parsed, parseErr := time.Parse(time.RFC3339Nano, containerJSON.State.StartedAt); parseErr == nil {
+ startedAt = parsed
+ }
+ }
+
+ // Extract network connections with details
if containerJSON.NetworkSettings != nil && containerJSON.NetworkSettings.Networks != nil {
- for networkName := range containerJSON.NetworkSettings.Networks {
+ for networkName, networkSettings := range containerJSON.NetworkSettings.Networks {
networks = append(networks, networkName)
+ // Add detailed network info for plugin matching
+ networkDetails = append(networkDetails, models.NetworkDetail{
+ NetworkName: networkName,
+ IPAddress: networkSettings.IPAddress,
+ Gateway: networkSettings.Gateway,
+ Aliases: networkSettings.Aliases,
+ })
}
}
@@ -288,9 +304,11 @@ func (a *Agent) handleListContainers(w http.ResponseWriter, r *http.Request) {
Created: time.Unix(c.Created, 0),
ScannedAt: now,
Networks: networks,
+ NetworkDetails: networkDetails,
Volumes: volumes,
Links: links,
ComposeProject: composeProject,
+ StartedAt: startedAt,
}
result = append(result, container)
diff --git a/internal/api/handlers.go b/internal/api/handlers.go
index 23213d7..164ae1e 100644
--- a/internal/api/handlers.go
+++ b/internal/api/handlers.go
@@ -15,6 +15,7 @@ import (
"github.com/container-census/container-census/internal/auth"
"github.com/container-census/container-census/internal/models"
"github.com/container-census/container-census/internal/notifications"
+ "github.com/container-census/container-census/internal/plugins"
"github.com/container-census/container-census/internal/registry"
"github.com/container-census/container-census/internal/scanner"
"github.com/container-census/container-census/internal/storage"
@@ -40,6 +41,8 @@ type Server struct {
notificationService *notifications.NotificationService
vulnScanner VulnerabilityScanner
vulnScheduler VulnerabilityScheduler
+ pluginManager *plugins.Manager
+ apiRouter *mux.Router // Subrouter for /api with auth middleware
}
// TelemetryScheduler interface for submitting telemetry on demand
@@ -171,6 +174,7 @@ func (s *Server) setupRoutes() {
// Protected API routes
api := s.router.PathPrefix("/api").Subrouter()
api.Use(sessionMiddleware)
+ s.apiRouter = api // Store for plugin route mounting
// Host endpoints
api.HandleFunc("/hosts", s.handleGetHosts).Methods("GET")
@@ -291,6 +295,9 @@ func (s *Server) setupRoutes() {
// Changelog endpoint
api.HandleFunc("/changelog", s.handleGetChangelog).Methods("GET")
+ // Plugin endpoints
+ s.setupPluginRoutes(api)
+
// Serve static files with selective authentication
// Login pages are public, everything else requires auth
// Add cache control headers for JS files to ensure updates are seen
diff --git a/internal/api/plugins.go b/internal/api/plugins.go
new file mode 100644
index 0000000..1e6a9c9
--- /dev/null
+++ b/internal/api/plugins.go
@@ -0,0 +1,282 @@
+package api
+
+import (
+ "encoding/json"
+ "net/http"
+ "strconv"
+
+ "github.com/container-census/container-census/internal/models"
+ "github.com/container-census/container-census/internal/plugins"
+ "github.com/gorilla/mux"
+)
+
+// SetPluginManager sets the plugin manager
+func (s *Server) SetPluginManager(pm *plugins.Manager) {
+ s.pluginManager = pm
+}
+
+// GetRouter returns the API subrouter for plugin route mounting (with auth middleware)
+func (s *Server) GetRouter() *mux.Router {
+ return s.apiRouter
+}
+
+// setupPluginRoutes sets up routes for plugin management
+func (s *Server) setupPluginRoutes(api *mux.Router) {
+ // Plugin management endpoints
+ api.HandleFunc("/plugins", s.handleGetPlugins).Methods("GET")
+ api.HandleFunc("/plugins/tabs", s.handleGetPluginTabs).Methods("GET")
+ api.HandleFunc("/plugins/badges", s.handleGetPluginBadges).Methods("GET")
+ api.HandleFunc("/plugins/{id}", s.handleGetPlugin).Methods("GET")
+ api.HandleFunc("/plugins/{id}/enable", s.handleEnablePlugin).Methods("PUT")
+ api.HandleFunc("/plugins/{id}/disable", s.handleDisablePlugin).Methods("PUT")
+ api.HandleFunc("/plugins/{id}/settings", s.handleGetPluginSettings).Methods("GET")
+ api.HandleFunc("/plugins/{id}/settings", s.handleUpdatePluginSettings).Methods("PUT")
+}
+
+// handleGetPlugins returns all registered plugins
+func (s *Server) handleGetPlugins(w http.ResponseWriter, r *http.Request) {
+ if s.pluginManager == nil {
+ respondJSON(w, http.StatusOK, []interface{}{})
+ return
+ }
+
+ infos, err := s.pluginManager.GetAllPluginInfo()
+ if err != nil {
+ respondError(w, http.StatusInternalServerError, err.Error())
+ return
+ }
+
+ // Add enabled status from database
+ type PluginWithStatus struct {
+ plugins.PluginInfo
+ Enabled bool `json:"enabled"`
+ }
+
+ result := make([]PluginWithStatus, len(infos))
+ for i, info := range infos {
+ // Check if loaded (loaded means enabled)
+ _, loaded := s.pluginManager.GetPlugin(info.ID)
+ result[i] = PluginWithStatus{
+ PluginInfo: info,
+ Enabled: loaded,
+ }
+ }
+
+ respondJSON(w, http.StatusOK, result)
+}
+
+// handleGetPlugin returns a specific plugin
+func (s *Server) handleGetPlugin(w http.ResponseWriter, r *http.Request) {
+ if s.pluginManager == nil {
+ respondError(w, http.StatusServiceUnavailable, "Plugin system not initialized")
+ return
+ }
+
+ vars := mux.Vars(r)
+ id := vars["id"]
+
+ plugin, ok := s.pluginManager.GetPlugin(id)
+ if !ok {
+ respondError(w, http.StatusNotFound, "Plugin not found")
+ return
+ }
+
+ info := plugin.Info()
+
+ // Get settings definition if available
+ type PluginDetails struct {
+ plugins.PluginInfo
+ Enabled bool `json:"enabled"`
+ Settings *plugins.SettingsDefinition `json:"settings,omitempty"`
+ Tab *plugins.TabDefinition `json:"tab,omitempty"`
+ }
+
+ details := PluginDetails{
+ PluginInfo: info,
+ Enabled: true, // If we got it, it's enabled
+ Settings: plugin.Settings(),
+ Tab: plugin.Tab(),
+ }
+
+ respondJSON(w, http.StatusOK, details)
+}
+
+// handleGetPluginTabs returns all plugin tabs for navigation
+func (s *Server) handleGetPluginTabs(w http.ResponseWriter, r *http.Request) {
+ if s.pluginManager == nil {
+ respondJSON(w, http.StatusOK, []interface{}{})
+ return
+ }
+
+ tabs := s.pluginManager.GetAllTabs()
+ respondJSON(w, http.StatusOK, tabs)
+}
+
+// handleGetPluginBadges returns badges for a container from all plugins
+func (s *Server) handleGetPluginBadges(w http.ResponseWriter, r *http.Request) {
+ if s.pluginManager == nil {
+ respondJSON(w, http.StatusOK, []interface{}{})
+ return
+ }
+
+ // Get container ID and host ID from query params
+ hostIDStr := r.URL.Query().Get("host_id")
+ containerID := r.URL.Query().Get("container_id")
+
+ if hostIDStr == "" || containerID == "" {
+ respondError(w, http.StatusBadRequest, "Missing host_id or container_id query parameter")
+ return
+ }
+
+ hostID, err := strconv.ParseInt(hostIDStr, 10, 64)
+ if err != nil {
+ respondError(w, http.StatusBadRequest, "Invalid host_id")
+ return
+ }
+
+ // Get the container from storage
+ containers, err := s.db.GetLatestContainers()
+ if err != nil {
+ respondError(w, http.StatusInternalServerError, err.Error())
+ return
+ }
+
+ var targetContainer *models.Container
+ for i := range containers {
+ if containers[i].HostID == hostID && containers[i].ID == containerID {
+ targetContainer = &containers[i]
+ break
+ }
+ }
+
+ if targetContainer == nil {
+ respondJSON(w, http.StatusOK, []interface{}{})
+ return
+ }
+
+ badges := s.pluginManager.GetBadgesForContainer(r.Context(), *targetContainer)
+ respondJSON(w, http.StatusOK, badges)
+}
+
+// handleEnablePlugin enables a plugin
+func (s *Server) handleEnablePlugin(w http.ResponseWriter, r *http.Request) {
+ if s.pluginManager == nil {
+ respondError(w, http.StatusServiceUnavailable, "Plugin system not initialized")
+ return
+ }
+
+ vars := mux.Vars(r)
+ id := vars["id"]
+
+ if err := s.pluginManager.EnablePlugin(r.Context(), id); err != nil {
+ respondError(w, http.StatusInternalServerError, err.Error())
+ return
+ }
+
+ respondJSON(w, http.StatusOK, map[string]interface{}{
+ "success": true,
+ "message": "Plugin enabled",
+ })
+}
+
+// handleDisablePlugin disables a plugin
+func (s *Server) handleDisablePlugin(w http.ResponseWriter, r *http.Request) {
+ if s.pluginManager == nil {
+ respondError(w, http.StatusServiceUnavailable, "Plugin system not initialized")
+ return
+ }
+
+ vars := mux.Vars(r)
+ id := vars["id"]
+
+ if err := s.pluginManager.DisablePlugin(r.Context(), id); err != nil {
+ respondError(w, http.StatusInternalServerError, err.Error())
+ return
+ }
+
+ respondJSON(w, http.StatusOK, map[string]interface{}{
+ "success": true,
+ "message": "Plugin disabled",
+ })
+}
+
+// handleGetPluginSettings returns settings for a plugin
+func (s *Server) handleGetPluginSettings(w http.ResponseWriter, r *http.Request) {
+ if s.pluginManager == nil {
+ respondError(w, http.StatusServiceUnavailable, "Plugin system not initialized")
+ return
+ }
+
+ vars := mux.Vars(r)
+ id := vars["id"]
+
+ // Get plugin to verify it exists
+ plugin, ok := s.pluginManager.GetPlugin(id)
+ if !ok {
+ respondError(w, http.StatusNotFound, "Plugin not found")
+ return
+ }
+
+ // Get settings from database
+ settings, err := s.db.GetAllPluginSettings(id)
+ if err != nil {
+ respondError(w, http.StatusInternalServerError, err.Error())
+ return
+ }
+
+ // Get schema for defaults
+ schema := plugin.Settings()
+
+ // Merge defaults with stored values
+ result := make(map[string]string)
+ if schema != nil {
+ for _, field := range schema.Fields {
+ if val, exists := settings[field.Key]; exists {
+ result[field.Key] = val
+ } else {
+ result[field.Key] = field.Default
+ }
+ }
+ } else {
+ result = settings
+ }
+
+ respondJSON(w, http.StatusOK, result)
+}
+
+// handleUpdatePluginSettings updates settings for a plugin
+func (s *Server) handleUpdatePluginSettings(w http.ResponseWriter, r *http.Request) {
+ if s.pluginManager == nil {
+ respondError(w, http.StatusServiceUnavailable, "Plugin system not initialized")
+ return
+ }
+
+ vars := mux.Vars(r)
+ id := vars["id"]
+
+ // Get plugin to verify it exists
+ _, ok := s.pluginManager.GetPlugin(id)
+ if !ok {
+ respondError(w, http.StatusNotFound, "Plugin not found")
+ return
+ }
+
+ var settings map[string]string
+ if err := json.NewDecoder(r.Body).Decode(&settings); err != nil {
+ respondError(w, http.StatusBadRequest, "Invalid JSON")
+ return
+ }
+
+ // Save each setting
+ for key, value := range settings {
+ if err := s.db.SetPluginSetting(id, key, value); err != nil {
+ respondError(w, http.StatusInternalServerError, err.Error())
+ return
+ }
+ }
+
+ respondJSON(w, http.StatusOK, map[string]interface{}{
+ "success": true,
+ "message": "Settings updated",
+ })
+}
diff --git a/internal/models/models.go b/internal/models/models.go
index 4a57db1..7641eb4 100644
--- a/internal/models/models.go
+++ b/internal/models/models.go
@@ -53,6 +53,20 @@ type Container struct {
// Image update tracking
UpdateAvailable bool `json:"update_available"`
LastUpdateCheck time.Time `json:"last_update_check,omitempty"`
+ // Container uptime tracking
+ StartedAt time.Time `json:"started_at,omitempty"`
+ // Network details for plugin matching (e.g., NPM integration)
+ NetworkDetails []NetworkDetail `json:"network_details,omitempty"`
+ // Plugin-provided enrichment data
+ PluginData map[string]interface{} `json:"plugin_data,omitempty"`
+}
+
+// NetworkDetail contains per-network container connection info
+type NetworkDetail struct {
+ NetworkName string `json:"network_name"`
+ IPAddress string `json:"ip_address"`
+ Gateway string `json:"gateway,omitempty"`
+ Aliases []string `json:"aliases,omitempty"`
}
// PortMapping represents a container port mapping
diff --git a/internal/plugins/builtin/npm/client.go b/internal/plugins/builtin/npm/client.go
new file mode 100644
index 0000000..f67fca4
--- /dev/null
+++ b/internal/plugins/builtin/npm/client.go
@@ -0,0 +1,212 @@
+package npm
+
+import (
+ "bytes"
+ "encoding/json"
+ "fmt"
+ "io"
+ "net/http"
+ "sync"
+ "time"
+)
+
+// Client handles communication with NPM API
+type Client struct {
+ mu sync.RWMutex
+ baseURL string
+ email string
+ password string
+ token string
+ tokenExp time.Time
+ httpClient *http.Client
+}
+
+// NewClient creates a new NPM API client
+func NewClient(baseURL, email, password string) *Client {
+ return &Client{
+ baseURL: baseURL,
+ email: email,
+ password: password,
+ httpClient: &http.Client{
+ Timeout: 30 * time.Second,
+ },
+ }
+}
+
+// TokenResponse represents the NPM token API response
+type TokenResponse struct {
+ Token string `json:"token"`
+ Expires time.Time `json:"expires"`
+}
+
+// ProxyHost represents an NPM proxy host
+type ProxyHost struct {
+ ID int `json:"id"`
+ CreatedOn string `json:"created_on"`
+ ModifiedOn string `json:"modified_on"`
+ DomainNames []string `json:"domain_names"`
+ ForwardScheme string `json:"forward_scheme"`
+ ForwardHost string `json:"forward_host"`
+ ForwardPort int `json:"forward_port"`
+ CertificateID int `json:"certificate_id"`
+ SSLForced bool `json:"ssl_forced"`
+ HSTSEnabled bool `json:"hsts_enabled"`
+ HSTSSubdomains bool `json:"hsts_subdomains"`
+ HTTP2Support bool `json:"http2_support"`
+ BlockExploits bool `json:"block_exploits"`
+ CachingEnabled bool `json:"caching_enabled"`
+ AllowWebsocket bool `json:"allow_websocket_upgrade"`
+ AccessListID int `json:"access_list_id"`
+ Enabled bool `json:"enabled"`
+ Meta struct {
+ LetsencryptAgree bool `json:"letsencrypt_agree"`
+ DNSChallenge bool `json:"dns_challenge"`
+ LetsencryptEmail string `json:"letsencrypt_email"`
+ NginxOnline bool `json:"nginx_online"`
+ NginxErr string `json:"nginx_err"`
+ } `json:"meta"`
+}
+
+// authenticate gets a new token from NPM
+func (c *Client) authenticate() error {
+ payload := map[string]string{
+ "identity": c.email,
+ "secret": c.password,
+ }
+
+ body, err := json.Marshal(payload)
+ if err != nil {
+ return fmt.Errorf("failed to marshal auth request: %w", err)
+ }
+
+ req, err := http.NewRequest("POST", c.baseURL+"/api/tokens", bytes.NewBuffer(body))
+ if err != nil {
+ return fmt.Errorf("failed to create auth request: %w", err)
+ }
+
+ req.Header.Set("Content-Type", "application/json")
+
+ resp, err := c.httpClient.Do(req)
+ if err != nil {
+ return fmt.Errorf("auth request failed: %w", err)
+ }
+ defer resp.Body.Close()
+
+ if resp.StatusCode != http.StatusOK {
+ bodyBytes, _ := io.ReadAll(resp.Body)
+ return fmt.Errorf("auth failed with status %d: %s", resp.StatusCode, string(bodyBytes))
+ }
+
+ var tokenResp TokenResponse
+ if err := json.NewDecoder(resp.Body).Decode(&tokenResp); err != nil {
+ return fmt.Errorf("failed to decode token response: %w", err)
+ }
+
+ c.mu.Lock()
+ c.token = tokenResp.Token
+ c.tokenExp = tokenResp.Expires
+ c.mu.Unlock()
+
+ return nil
+}
+
+// getToken returns a valid token, refreshing if necessary
+func (c *Client) getToken() (string, error) {
+ c.mu.RLock()
+ token := c.token
+ exp := c.tokenExp
+ c.mu.RUnlock()
+
+ // Refresh if token is empty or expired (with 5 minute buffer)
+ if token == "" || time.Now().Add(5*time.Minute).After(exp) {
+ if err := c.authenticate(); err != nil {
+ return "", err
+ }
+ c.mu.RLock()
+ token = c.token
+ c.mu.RUnlock()
+ }
+
+ return token, nil
+}
+
+// doRequest performs an authenticated request to NPM API
+func (c *Client) doRequest(method, path string, body io.Reader) (*http.Response, error) {
+ token, err := c.getToken()
+ if err != nil {
+ return nil, err
+ }
+
+ req, err := http.NewRequest(method, c.baseURL+path, body)
+ if err != nil {
+ return nil, err
+ }
+
+ req.Header.Set("Authorization", "Bearer "+token)
+ req.Header.Set("Content-Type", "application/json")
+
+ resp, err := c.httpClient.Do(req)
+ if err != nil {
+ return nil, err
+ }
+
+ // If we get a 401, try to re-authenticate once
+ if resp.StatusCode == http.StatusUnauthorized {
+ resp.Body.Close()
+ if err := c.authenticate(); err != nil {
+ return nil, fmt.Errorf("re-authentication failed: %w", err)
+ }
+
+ token, _ = c.getToken()
+ req, err = http.NewRequest(method, c.baseURL+path, body)
+ if err != nil {
+ return nil, err
+ }
+ req.Header.Set("Authorization", "Bearer "+token)
+ req.Header.Set("Content-Type", "application/json")
+
+ resp, err = c.httpClient.Do(req)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ return resp, nil
+}
+
+// GetProxyHosts retrieves all proxy hosts from NPM
+func (c *Client) GetProxyHosts() ([]ProxyHost, error) {
+ resp, err := c.doRequest("GET", "/api/nginx/proxy-hosts", nil)
+ if err != nil {
+ return nil, fmt.Errorf("failed to get proxy hosts: %w", err)
+ }
+ defer resp.Body.Close()
+
+ if resp.StatusCode != http.StatusOK {
+ bodyBytes, _ := io.ReadAll(resp.Body)
+ return nil, fmt.Errorf("get proxy hosts failed with status %d: %s", resp.StatusCode, string(bodyBytes))
+ }
+
+ var hosts []ProxyHost
+ if err := json.NewDecoder(resp.Body).Decode(&hosts); err != nil {
+ return nil, fmt.Errorf("failed to decode proxy hosts: %w", err)
+ }
+
+ return hosts, nil
+}
+
+// TestConnection tests if the NPM instance is reachable and credentials are valid
+func (c *Client) TestConnection() error {
+ _, err := c.getToken()
+ if err != nil {
+ return fmt.Errorf("authentication failed: %w", err)
+ }
+
+ // Try to get proxy hosts to verify full access
+ _, err = c.GetProxyHosts()
+ if err != nil {
+ return fmt.Errorf("failed to access proxy hosts: %w", err)
+ }
+
+ return nil
+}
diff --git a/internal/plugins/builtin/npm/plugin.go b/internal/plugins/builtin/npm/plugin.go
new file mode 100644
index 0000000..3c7b4f2
--- /dev/null
+++ b/internal/plugins/builtin/npm/plugin.go
@@ -0,0 +1,827 @@
+package npm
+
+import (
+ "context"
+ "encoding/json"
+ "fmt"
+ "log"
+ "net/http"
+ "strconv"
+ "sync"
+ "time"
+
+ "github.com/container-census/container-census/internal/models"
+ "github.com/container-census/container-census/internal/plugins"
+ "github.com/gorilla/mux"
+)
+
+// Plugin implements the NPM (Nginx Proxy Manager) integration
+type Plugin struct {
+ mu sync.RWMutex
+ deps plugins.PluginDependencies
+ instances map[int64]*NPMInstance
+ proxyHosts map[int64][]ProxyHost // instanceID -> proxy hosts
+ mappings map[string][]ProxyHostMapping // containerKey -> proxy host mappings
+ stopChan chan struct{}
+ syncTicker *time.Ticker
+}
+
+// NPMInstance represents a configured NPM instance
+type NPMInstance struct {
+ ID int64 `json:"id"`
+ Name string `json:"name"`
+ URL string `json:"url"`
+ Email string `json:"email"`
+ Password string `json:"-"` // Don't expose password in JSON
+ Enabled bool `json:"enabled"`
+ LastSync time.Time `json:"last_sync,omitempty"`
+ LastError string `json:"last_error,omitempty"`
+ client *Client
+}
+
+// ProxyHostMapping maps a container to an NPM proxy host
+type ProxyHostMapping struct {
+ InstanceID int64 `json:"instance_id"`
+ InstanceName string `json:"instance_name"`
+ ProxyHostID int `json:"proxy_host_id"`
+ DomainNames []string `json:"domain_names"`
+ SSLEnabled bool `json:"ssl_enabled"`
+ Enabled bool `json:"enabled"`
+ MatchType string `json:"match_type"` // "ip_port" or "hostname"
+}
+
+// New creates a new NPM plugin instance
+func New() plugins.Plugin {
+ return &Plugin{
+ instances: make(map[int64]*NPMInstance),
+ proxyHosts: make(map[int64][]ProxyHost),
+ mappings: make(map[string][]ProxyHostMapping),
+ stopChan: make(chan struct{}),
+ }
+}
+
+// Register registers the NPM plugin with the plugin manager
+func Register(manager *plugins.Manager) {
+ manager.RegisterBuiltIn("npm", New)
+}
+
+// Info returns plugin metadata
+func (p *Plugin) Info() plugins.PluginInfo {
+ return plugins.PluginInfo{
+ ID: "npm",
+ Name: "Nginx Proxy Manager",
+ Description: "Integration with Nginx Proxy Manager to show which containers are exposed externally",
+ Version: "1.0.0",
+ Author: "Container Census",
+ Capabilities: []string{
+ "data_source",
+ "ui_tab",
+ "ui_badge",
+ "settings",
+ },
+ BuiltIn: true,
+ }
+}
+
+// Init initializes the plugin
+func (p *Plugin) Init(ctx context.Context, deps plugins.PluginDependencies) error {
+ p.deps = deps
+
+ // Load instances from storage
+ if err := p.loadInstances(); err != nil {
+ log.Printf("NPM plugin: failed to load instances: %v", err)
+ }
+
+ return nil
+}
+
+// Start starts the plugin background tasks
+func (p *Plugin) Start(ctx context.Context) error {
+ // Initial sync
+ p.syncAllInstances()
+
+ // Start periodic sync (every 5 minutes)
+ p.syncTicker = time.NewTicker(5 * time.Minute)
+ go func() {
+ for {
+ select {
+ case <-p.syncTicker.C:
+ p.syncAllInstances()
+ case <-p.stopChan:
+ return
+ }
+ }
+ }()
+
+ return nil
+}
+
+// Stop stops the plugin
+func (p *Plugin) Stop(ctx context.Context) error {
+ if p.syncTicker != nil {
+ p.syncTicker.Stop()
+ }
+ close(p.stopChan)
+ return nil
+}
+
+// Routes returns the plugin's API routes
+func (p *Plugin) Routes() []plugins.Route {
+ return []plugins.Route{
+ {Path: "/instances", Method: "GET", Handler: p.handleGetInstances},
+ {Path: "/instances", Method: "POST", Handler: p.handleAddInstance},
+ {Path: "/instances/{id}", Method: "GET", Handler: p.handleGetInstance},
+ {Path: "/instances/{id}", Method: "PUT", Handler: p.handleUpdateInstance},
+ {Path: "/instances/{id}", Method: "DELETE", Handler: p.handleDeleteInstance},
+ {Path: "/instances/{id}/test", Method: "POST", Handler: p.handleTestInstance},
+ {Path: "/instances/{id}/sync", Method: "POST", Handler: p.handleSyncInstance},
+ {Path: "/proxy-hosts", Method: "GET", Handler: p.handleGetProxyHosts},
+ {Path: "/exposed", Method: "GET", Handler: p.handleGetExposed},
+ {Path: "/tab", Method: "GET", Handler: p.handleGetTab},
+ }
+}
+
+// Tab returns the tab definition for the plugin
+func (p *Plugin) Tab() *plugins.TabDefinition {
+ return &plugins.TabDefinition{
+ ID: "npm",
+ Label: "Nginx Proxy Manager",
+ Icon: "π",
+ Order: 100,
+ ScriptURL: "/plugins/npm.js",
+ InitFunc: "npmPluginInit",
+ }
+}
+
+// Badges returns badge providers
+func (p *Plugin) Badges() []plugins.BadgeProvider {
+ return []plugins.BadgeProvider{p}
+}
+
+// GetBadge returns a badge for a container if it's exposed via NPM
+func (p *Plugin) GetBadge(ctx context.Context, container models.Container) (*plugins.Badge, error) {
+ containerKey := fmt.Sprintf("%d-%s", container.HostID, container.ID)
+
+ p.mu.RLock()
+ mappings, exists := p.mappings[containerKey]
+ p.mu.RUnlock()
+
+ if !exists || len(mappings) == 0 {
+ return nil, nil
+ }
+
+ // Get the first (primary) mapping
+ mapping := mappings[0]
+ domain := ""
+ if len(mapping.DomainNames) > 0 {
+ domain = mapping.DomainNames[0]
+ }
+
+ badge := &plugins.Badge{
+ ID: "npm-exposed",
+ Label: domain,
+ Icon: "π",
+ Color: "info",
+ Priority: 100,
+ Tooltip: fmt.Sprintf("Exposed via %s", mapping.InstanceName),
+ }
+
+ if domain != "" {
+ scheme := "http"
+ if mapping.SSLEnabled {
+ scheme = "https"
+ }
+ badge.Link = fmt.Sprintf("%s://%s", scheme, domain)
+ }
+
+ return badge, nil
+}
+
+// GetBadgeID returns a unique identifier for this badge provider
+func (p *Plugin) GetBadgeID() string {
+ return "npm-exposed"
+}
+
+// ContainerEnricher returns the container enricher
+func (p *Plugin) ContainerEnricher() plugins.ContainerEnricher {
+ return p
+}
+
+// Enrich adds NPM data to a container
+func (p *Plugin) Enrich(ctx context.Context, container *models.Container) error {
+ containerKey := fmt.Sprintf("%d-%s", container.HostID, container.ID)
+
+ p.mu.RLock()
+ mappings, exists := p.mappings[containerKey]
+ p.mu.RUnlock()
+
+ if !exists || len(mappings) == 0 {
+ return nil
+ }
+
+ if container.PluginData == nil {
+ container.PluginData = make(map[string]interface{})
+ }
+
+ container.PluginData["npm"] = map[string]interface{}{
+ "exposed": true,
+ "mappings": mappings,
+ }
+
+ return nil
+}
+
+// GetEnrichmentKey returns the key used in PluginData map
+func (p *Plugin) GetEnrichmentKey() string {
+ return "npm"
+}
+
+// Settings returns the settings definition
+func (p *Plugin) Settings() *plugins.SettingsDefinition {
+ return &plugins.SettingsDefinition{
+ Fields: []plugins.SettingsField{
+ {
+ Key: "sync_interval",
+ Label: "Sync Interval (minutes)",
+ Type: "number",
+ Default: "5",
+ Description: "How often to sync with NPM instances",
+ },
+ },
+ }
+}
+
+// NotificationChannelFactory returns nil (NPM doesn't provide notification channels)
+func (p *Plugin) NotificationChannelFactory() plugins.ChannelFactory {
+ return nil
+}
+
+// loadInstances loads NPM instances from storage
+func (p *Plugin) loadInstances() error {
+ data, err := p.deps.DB.List("instances/")
+ if err != nil {
+ return err
+ }
+
+ p.mu.Lock()
+ defer p.mu.Unlock()
+
+ for _, v := range data {
+ var inst NPMInstance
+ if err := json.Unmarshal(v, &inst); err != nil {
+ continue
+ }
+ inst.client = NewClient(inst.URL, inst.Email, inst.Password)
+ p.instances[inst.ID] = &inst
+ }
+
+ return nil
+}
+
+// saveInstance saves an NPM instance to storage
+func (p *Plugin) saveInstance(inst *NPMInstance) error {
+ data, err := json.Marshal(inst)
+ if err != nil {
+ return err
+ }
+ return p.deps.DB.Set(fmt.Sprintf("instances/%d", inst.ID), data)
+}
+
+// deleteInstance removes an NPM instance from storage
+func (p *Plugin) deleteInstance(id int64) error {
+ return p.deps.DB.Delete(fmt.Sprintf("instances/%d", id))
+}
+
+// syncAllInstances syncs all enabled NPM instances
+func (p *Plugin) syncAllInstances() {
+ p.mu.RLock()
+ instances := make([]*NPMInstance, 0, len(p.instances))
+ for _, inst := range p.instances {
+ if inst.Enabled {
+ instances = append(instances, inst)
+ }
+ }
+ p.mu.RUnlock()
+
+ for _, inst := range instances {
+ p.syncInstance(inst)
+ }
+
+ // Rebuild container mappings
+ p.rebuildMappings()
+}
+
+// syncInstance syncs a single NPM instance
+func (p *Plugin) syncInstance(inst *NPMInstance) {
+ if inst.client == nil {
+ inst.client = NewClient(inst.URL, inst.Email, inst.Password)
+ }
+
+ hosts, err := inst.client.GetProxyHosts()
+ if err != nil {
+ p.mu.Lock()
+ inst.LastError = err.Error()
+ p.mu.Unlock()
+ log.Printf("NPM plugin: failed to sync instance %s: %v", inst.Name, err)
+ return
+ }
+
+ p.mu.Lock()
+ p.proxyHosts[inst.ID] = hosts
+ inst.LastSync = time.Now()
+ inst.LastError = ""
+ p.mu.Unlock()
+
+ if err := p.saveInstance(inst); err != nil {
+ log.Printf("NPM plugin: failed to save instance state: %v", err)
+ }
+
+ log.Printf("NPM plugin: synced %d proxy hosts from %s", len(hosts), inst.Name)
+}
+
+// rebuildMappings rebuilds container-to-proxy-host mappings
+func (p *Plugin) rebuildMappings() {
+ containers := p.deps.Containers.GetContainers()
+
+ newMappings := make(map[string][]ProxyHostMapping)
+
+ p.mu.RLock()
+ for instanceID, hosts := range p.proxyHosts {
+ inst := p.instances[instanceID]
+ if inst == nil {
+ continue
+ }
+
+ for _, host := range hosts {
+ for _, container := range containers {
+ if p.matchContainer(container, host) {
+ containerKey := fmt.Sprintf("%d-%s", container.HostID, container.ID)
+ mapping := ProxyHostMapping{
+ InstanceID: instanceID,
+ InstanceName: inst.Name,
+ ProxyHostID: host.ID,
+ DomainNames: host.DomainNames,
+ SSLEnabled: host.CertificateID > 0,
+ Enabled: host.Enabled,
+ MatchType: "ip_port",
+ }
+ newMappings[containerKey] = append(newMappings[containerKey], mapping)
+ }
+ }
+ }
+ }
+ p.mu.RUnlock()
+
+ p.mu.Lock()
+ p.mappings = newMappings
+ p.mu.Unlock()
+}
+
+// matchContainer checks if a container matches an NPM proxy host
+func (p *Plugin) matchContainer(container models.Container, host ProxyHost) bool {
+ // Match by container IP + port
+ for _, nd := range container.NetworkDetails {
+ for _, port := range container.Ports {
+ if nd.IPAddress == host.ForwardHost && port.PrivatePort == host.ForwardPort {
+ return true
+ }
+ }
+ }
+
+ // Match by container name (if NPM uses Docker DNS)
+ if host.ForwardHost == container.Name {
+ return true
+ }
+
+ // Match by container name prefix (common pattern: container_name or containername)
+ containerNameClean := container.Name
+ if len(containerNameClean) > 0 && containerNameClean[0] == '/' {
+ containerNameClean = containerNameClean[1:]
+ }
+ if host.ForwardHost == containerNameClean {
+ return true
+ }
+
+ return false
+}
+
+// HTTP Handlers
+
+func (p *Plugin) handleGetInstances(w http.ResponseWriter, r *http.Request) {
+ p.mu.RLock()
+ instances := make([]*NPMInstance, 0, len(p.instances))
+ for _, inst := range p.instances {
+ // Don't include password
+ safe := &NPMInstance{
+ ID: inst.ID,
+ Name: inst.Name,
+ URL: inst.URL,
+ Email: inst.Email,
+ Enabled: inst.Enabled,
+ LastSync: inst.LastSync,
+ LastError: inst.LastError,
+ }
+ instances = append(instances, safe)
+ }
+ p.mu.RUnlock()
+
+ writeJSON(w, instances)
+}
+
+func (p *Plugin) handleAddInstance(w http.ResponseWriter, r *http.Request) {
+ var inst NPMInstance
+ if err := json.NewDecoder(r.Body).Decode(&inst); err != nil {
+ http.Error(w, err.Error(), http.StatusBadRequest)
+ return
+ }
+
+ // Generate ID
+ p.mu.Lock()
+ maxID := int64(0)
+ for id := range p.instances {
+ if id > maxID {
+ maxID = id
+ }
+ }
+ inst.ID = maxID + 1
+ inst.Enabled = true
+ inst.client = NewClient(inst.URL, inst.Email, inst.Password)
+ p.instances[inst.ID] = &inst
+ p.mu.Unlock()
+
+ if err := p.saveInstance(&inst); err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+
+ // Sync the new instance
+ go func() {
+ p.syncInstance(&inst)
+ p.rebuildMappings()
+ }()
+
+ writeJSON(w, map[string]interface{}{"id": inst.ID})
+}
+
+func (p *Plugin) handleGetInstance(w http.ResponseWriter, r *http.Request) {
+ id := getPathParam(r, "id")
+ instID, err := strconv.ParseInt(id, 10, 64)
+ if err != nil {
+ http.Error(w, "invalid instance ID", http.StatusBadRequest)
+ return
+ }
+
+ p.mu.RLock()
+ inst, exists := p.instances[instID]
+ p.mu.RUnlock()
+
+ if !exists {
+ http.Error(w, "instance not found", http.StatusNotFound)
+ return
+ }
+
+ safe := &NPMInstance{
+ ID: inst.ID,
+ Name: inst.Name,
+ URL: inst.URL,
+ Email: inst.Email,
+ Enabled: inst.Enabled,
+ LastSync: inst.LastSync,
+ LastError: inst.LastError,
+ }
+ writeJSON(w, safe)
+}
+
+func (p *Plugin) handleUpdateInstance(w http.ResponseWriter, r *http.Request) {
+ id := getPathParam(r, "id")
+ instID, err := strconv.ParseInt(id, 10, 64)
+ if err != nil {
+ http.Error(w, "invalid instance ID", http.StatusBadRequest)
+ return
+ }
+
+ p.mu.Lock()
+ inst, exists := p.instances[instID]
+ if !exists {
+ p.mu.Unlock()
+ http.Error(w, "instance not found", http.StatusNotFound)
+ return
+ }
+
+ var update NPMInstance
+ if err := json.NewDecoder(r.Body).Decode(&update); err != nil {
+ p.mu.Unlock()
+ http.Error(w, err.Error(), http.StatusBadRequest)
+ return
+ }
+
+ inst.Name = update.Name
+ inst.URL = update.URL
+ inst.Email = update.Email
+ if update.Password != "" {
+ inst.Password = update.Password
+ }
+ inst.Enabled = update.Enabled
+ inst.client = NewClient(inst.URL, inst.Email, inst.Password)
+ p.mu.Unlock()
+
+ if err := p.saveInstance(inst); err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+
+ w.WriteHeader(http.StatusOK)
+}
+
+func (p *Plugin) handleDeleteInstance(w http.ResponseWriter, r *http.Request) {
+ id := getPathParam(r, "id")
+ instID, err := strconv.ParseInt(id, 10, 64)
+ if err != nil {
+ http.Error(w, "invalid instance ID", http.StatusBadRequest)
+ return
+ }
+
+ p.mu.Lock()
+ delete(p.instances, instID)
+ delete(p.proxyHosts, instID)
+ p.mu.Unlock()
+
+ if err := p.deleteInstance(instID); err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+
+ p.rebuildMappings()
+ w.WriteHeader(http.StatusOK)
+}
+
+func (p *Plugin) handleTestInstance(w http.ResponseWriter, r *http.Request) {
+ id := getPathParam(r, "id")
+ instID, err := strconv.ParseInt(id, 10, 64)
+ if err != nil {
+ http.Error(w, "invalid instance ID", http.StatusBadRequest)
+ return
+ }
+
+ p.mu.RLock()
+ inst, exists := p.instances[instID]
+ p.mu.RUnlock()
+
+ if !exists {
+ http.Error(w, "instance not found", http.StatusNotFound)
+ return
+ }
+
+ client := NewClient(inst.URL, inst.Email, inst.Password)
+ if err := client.TestConnection(); err != nil {
+ writeJSON(w, map[string]interface{}{
+ "success": false,
+ "error": err.Error(),
+ })
+ return
+ }
+
+ writeJSON(w, map[string]interface{}{
+ "success": true,
+ })
+}
+
+func (p *Plugin) handleSyncInstance(w http.ResponseWriter, r *http.Request) {
+ id := getPathParam(r, "id")
+ instID, err := strconv.ParseInt(id, 10, 64)
+ if err != nil {
+ http.Error(w, "invalid instance ID", http.StatusBadRequest)
+ return
+ }
+
+ p.mu.RLock()
+ inst, exists := p.instances[instID]
+ p.mu.RUnlock()
+
+ if !exists {
+ http.Error(w, "instance not found", http.StatusNotFound)
+ return
+ }
+
+ p.syncInstance(inst)
+ p.rebuildMappings()
+
+ p.mu.RLock()
+ hostCount := len(p.proxyHosts[instID])
+ lastError := inst.LastError
+ p.mu.RUnlock()
+
+ writeJSON(w, map[string]interface{}{
+ "success": lastError == "",
+ "host_count": hostCount,
+ "error": lastError,
+ })
+}
+
+func (p *Plugin) handleGetProxyHosts(w http.ResponseWriter, r *http.Request) {
+ p.mu.RLock()
+ defer p.mu.RUnlock()
+
+ allHosts := make([]map[string]interface{}, 0)
+ for instanceID, hosts := range p.proxyHosts {
+ inst := p.instances[instanceID]
+ for _, host := range hosts {
+ allHosts = append(allHosts, map[string]interface{}{
+ "instance_id": instanceID,
+ "instance_name": inst.Name,
+ "host": host,
+ })
+ }
+ }
+
+ writeJSON(w, allHosts)
+}
+
+func (p *Plugin) handleGetExposed(w http.ResponseWriter, r *http.Request) {
+ p.mu.RLock()
+ defer p.mu.RUnlock()
+
+ exposed := make([]map[string]interface{}, 0)
+ for containerKey, mappings := range p.mappings {
+ exposed = append(exposed, map[string]interface{}{
+ "container_key": containerKey,
+ "mappings": mappings,
+ })
+ }
+
+ writeJSON(w, exposed)
+}
+
+func (p *Plugin) handleGetTab(w http.ResponseWriter, r *http.Request) {
+ w.Header().Set("Content-Type", "text/html")
+ w.Write([]byte(npmTabHTML))
+}
+
+// Helper functions
+
+func writeJSON(w http.ResponseWriter, data interface{}) {
+ w.Header().Set("Content-Type", "application/json")
+ json.NewEncoder(w).Encode(data)
+}
+
+func getPathParam(r *http.Request, name string) string {
+ vars := mux.Vars(r)
+ return vars[name]
+}
+
+// Tab HTML template - JavaScript is loaded from /plugins/npm.js
+const npmTabHTML = `
+
+
+
+
+
+
+
+
+
Exposed Services
+
+
Loading exposed services...
+
+
+
@@ -1461,7 +1462,7 @@ function renderCompactCard(cont) {
π ${escapeHtml(cont.host_name)}
${cont.state}
π·οΈ ${escapeHtml(extractImageTag(cont.image, cont.image_tags))}
- β±οΈ ${createdTime}
+ ${uptime ? `β±οΈ ${uptime}` : `π
${createdTime}`}
@@ -1561,6 +1562,7 @@ function renderMaterialCard(cont) {
const stateIcon = isRunning ? 'β
' : isStopped ? 'βΉοΈ' : isPaused ? 'βΈοΈ' : 'β';
const createdTime = formatDate(cont.created);
const statusText = cont.status || '-';
+ const uptime = isRunning && cont.started_at ? formatUptime(cont.started_at) : '';
return `
@@ -1574,7 +1576,7 @@ function renderMaterialCard(cont) {
β’
π·οΈ ${escapeHtml(extractImageTag(cont.image, cont.image_tags))}
β’
- β±οΈ ${createdTime}
+ ${uptime ? `β±οΈ ${uptime}` : `π
${createdTime}`}
@@ -1686,6 +1688,7 @@ function renderDashboardCard(cont) {
const createdTime = formatDate(cont.created);
const statusText = cont.status || '-';
+ const uptime = isRunning && cont.started_at ? formatUptime(cont.started_at) : '';
return `
@@ -1695,7 +1698,7 @@ function renderDashboardCard(cont) {
${escapeHtml(cont.name)}
${escapeHtml(cont.host_name)}
π·οΈ ${escapeHtml(extractImageTag(cont.image, cont.image_tags))}
- ${createdTime}
+ ${uptime ? `β±οΈ ${uptime}` : createdTime}
${cont.update_available ? 'β¬οΈ Update' : ''}