Re: Web UI for NPF as a GSoC project

[Marc Balmer <marc%msys.ch@localhost>]

Good morning!

> Am 14.03.2016 um 08:03 schrieb Mateusz Kocielski <shm%digitalsun.pl@localhost>:
> 
> On Sun, Mar 13, 2016 at 10:24:35PM +0100, Kamil Rytarowski wrote:
>> On 13.03.2016 22:11, Martin Husemann wrote:
>>> On Sun, Mar 13, 2016 at 08:59:58PM +0000, Christos Zoulas wrote:
>>>> I meant using some of the javascript frameworks like angular
>>>> etc...
>>> 
>>> I am not the right one to comment on pros and conse here, but I
>>> have some very nice browser based router configuration interfaces
>>> seen implemented in Lua, so I guess there is some lua html5 lib out
>>> there that helps.
>>> 
>>> Martin
>>> 
>> 
>> The idea looks very promising.
>> 
>> I propose to start with a webui plugin (bozohttp works with
>> plugin-like approach) for blacklistd, once finished add a more
>> advanced one for npf(7).
>> 
>> An example of a Lua plugin is is located here:
>> src/libexec/httpd/printenv.lua
> 
> I think that mbalmer@ can say something more about LUA frameworks (as he wrote
> one). :-)

TL;DR: Enjoy the new week, it only began!

Using Lua for dynamic content in bozohttpd is really easy.  But you have to keep one thing in mind (at least for now):  bozohttpd forks for each request.  While this is a problem for some use cases, it can be a big advantage for others. FWIW,  here is what I am currently working on:

- Adding websocket support.  This is mostly done and is currently in a feedback loop with some developers.  Websocket support in bozohttpd will allow you to upgrade a http/https connection to a Websocket.  This is one use case where bozohttpd’s fork model is a true advantage. The websocket support for bozohttpd has been adapted from https://github.com/arcapos/luawebsocket/.
- JSON support, to faciliate data exchange between a websocket server app running in bozohttpd and a web browser.  This will be added once the websocket support in bozohttpd is committet (currently you can find it at https://gothub.com/arcapos/luajson/).  The JSON modules allows to convert Lua tables to JSON and vice versa.
- Support for a very flexible templating engine, Lua Templates, See http://lua.space/webdev/introducing-lua-templates for an introduction. To call make real use of this, the fork model of bozohttpd must be changed to not fork for every request.  Lua Templates compile a template to Lua byte code when it is first being rendered and call the byte code directly for already rendered templates.  This is fast and allows for high transaction rates (we use it for some quite well visited e-commerce sites).

All this code has been in production use for years, I am bringing it to NetBSD to make NetBSD an interesting and modern platform for web based application of all sorts (IoT, anyone..?).  And yes, I can always speed things up a bit if any of these would make sense for a GSoC project…  Our own project is a web gui for a WLAN based payment gateway.

With these components it should be possible to write web guis for system administration tasks using modern, state of the art technologies like websockets. Writing a NPF Gui certainly is a very promising idea. I see, however, at least two issues right now:

1) A process manipulating npf must run as root, it could well be that you don’t want the webserver to run as root, so you need a web gui to act as a frontend to some backend server process, maybe, or run privileged commands.

2) As I understand, you can not extract npf rules in text form from the running kernel, so you might need to store your rule sets somewehere in text form or a database (sqlite is in base for a reason, and there is a Lua binding for sqlite in base).  Then your GUI manipulates the rules in a database, using npf to check their validity and eventually loads them into the kernel.

- mb

PS: If you want to see Websockets in action, you may visit http://www.zoobasel-tembea.ch/de/index.php and look at the counter (yellow, LED-like font) and inspect the page source code.  You will notice how easy websockets are to use in the client side.  The counter value changes whenever the counter value in a database changes and the new value is pushed from the server to the browser using the websocket connection.