MikroTik Network Monitor (Flask)

Dashboard ringan & aman untuk memantau DHCP lease MikroTik, deteksi aplikasi/game, dan eksekusi aksi cepat: Reset Counters, Clear Address-List, Unblock Massal, hingga Restart Router.
UI tema Dark Neon + Login profesional dengan animasi techno.

🎬 Video Demo

Heads-up: Aksi Unblock Massal akan menghapus firewall rule drop yang dibuat dashboard dan membersihkan tabel blocked_devices di SQLite.

✨ Fitur

• Device list dari /ip/dhcp-server/lease (hostname, IP, MAC, status bound).
• Deteksi apps/games via Address-List: PUBG_USERS, ML_USERS, FF_USERS, TIKTOK_USERS.
• TOOL (compact mini):
• 🧮 Reset Counters (/ip/firewall/filter reset-counters)
• 🗑️ Clear Address-List (hapus semua entry)
• 🔓 Unblock Massal (hapus rule drop buatan dashboard + bersihkan DB)
• ⚠️ Restart Router
• Block / Unblock IP individual (buat/hapus rule drop + sinkron DB).
• UX responsif: toast notif, spinner, overlay shimmer.
• Shortcut: Shift+R Refresh, Shift+C Reset, Shift+A Clear AL, Shift+U Unblock Massal, Shift+X Restart.
• Login profesional: animasi techno (canvas + neon grid), Caps-Lock indicator, toggle lihat password.

📦 Prasyarat

• Python 3.10+
• RouterOS API aktif (default 8728)
• Akun MikroTik khusus API dengan hak minimum

🚀 Quick Start

git clone https://github.com/<username>/<repo>.git
cd <repo>

python -m venv .venv
# Windows: .venv\Scripts\activate
# Linux/Mac:
source .venv/bin/activate

pip install -r requirements.txt

Jika belum ada requirements.txt, minimal:

Flask
Flask-Cors
routeros_api
Werkzeug

🔧 Konfigurasi Environment

Buat file .env (atau export variabel di shell):

# Auth Dashboard
export MONITOR_USER="admin"
export MONITOR_PASS_HASH="scrypt:32768:8:1$...$..."   # hash dari Werkzeug
export FLASK_SECRET_KEY="ganti-ini-dengan-random-key"
export APP_VERSION="1.0.0"

# MikroTik
export MIKROTIK_HOST="192.168.28.1"
export MIKROTIK_USER="api-user"
export MIKROTIK_PASS="password-ku"
export MIKROTIK_PORT=8728

Generate hash password (Werkzeug):

python - <<'PY'
from werkzeug.security import generate_password_hash
print(generate_password_hash("password_ku"))
PY

Jangan commit .env ke repo publik.

▶️ Menjalankan Aplikasi

Dev:

python app.py
# akses: http://0.0.0.0:5000

Production (contoh Gunicorn):

pip install gunicorn
gunicorn -w 3 -b 0.0.0.0:5000 app:app

Contoh systemd service (opsional):

[Unit]
Description=MikroTik Network Monitor
After=network.target

[Service]
User=www-data
Group=www-data
EnvironmentFile=/etc/mikromon.env
WorkingDirectory=/opt/mikromon
ExecStart=/opt/mikromon/.venv/bin/gunicorn -w 3 -b 0.0.0.0:5000 app:app
Restart=always

[Install]
WantedBy=multi-user.target

🌐 API Endpoints

Beberapa endpoint dilindungi @login_required.

🧰 Deteksi Apps/Games (Address-List)

Tambahkan rule (L7/TLS SNI/host match/mangle) yang menambahkan IP klien ke salah satu Address-List ini: - PUBG_USERS - ML_USERS - FF_USERS - TIKTOK_USERS

Contoh placeholder (sesuaikan signature real):

#/ip firewall layer7-protocol add name=tiktok regexp="tiktokcdn|tiktokv"
#/ip firewall mangle add chain=prerouting layer7-protocol=tiktok action=add-src-to-address-list address-list=TIKTOK_USERS address-list-timeout=1h

Signature bisa berubah; pertimbangkan match SNI/host/IP list resmi jika tersedia.

🔒 Rekomendasi Keamanan

• Buat user RouterOS khusus API dengan hak minimum.
• Jalankan dashboard di belakang VPN atau IP allowlist.
• Terminate HTTPS (Nginx) di depan Gunicorn.
• Simpan kredensial/secret di ENV/secret manager (bukan hardcode).
• Jika UI & API beda origin, batasi CORS secara ketat.

🗃️ Database

SQLite: network_monitor.db
Tabel: blocked_devices

CREATE TABLE IF NOT EXISTS blocked_devices (
  id INTEGER PRIMARY KEY AUTOINCREMENT,
  address TEXT UNIQUE,
  device_name TEXT,
  blocked_at DATETIME DEFAULT CURRENT_TIMESTAMP,
  reason TEXT,
  blocked_by TEXT DEFAULT 'manual'
);

⌨️ Keyboard Shortcuts

• Shift+R — Refresh data
• Shift+C — Reset Counters
• Shift+A — Clear Address-List
• Shift+U — Unblock Massal
• Shift+X — Restart Router

📸 Screenshots

Login	Dashboard

🧪 Troubleshooting

• Tidak bisa konek RouterOS
• Cek MIKROTIK_HOST, port API (8728), user/pass, dan firewall router.
• Login gagal terus
• Pastikan MONITOR_USER + MONITOR_PASS_HASH benar; generate ulang hash.
• Unblock massal tidak hapus semua
• Hanya rule drop buatan dashboard yang dibersihkan. Audit rule manual terpisah.
• Toast/Loading tidak muncul
• Cek Console & Network di DevTools browser.

🗺️ Roadmap

• [ ] 2FA (TOTP) opsional
• [ ] Mode read-only (tanpa aksi tulis)
• [ ] Export CSV / audit log
• [ ] Live polling resources (opsional, throttled)

🤝 Kontribusi

PR & issue dipersilakan. Sertakan: - Deskripsi perubahan - Langkah uji - Screenshot (jika menyentuh UI)

🪪 Lisensi

Untuk private/internal Internal Use.

MIT License

Copyright (c) 2025 Sulthanullah Haqqi Hidayat

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

🙌 Kredit

Dikembangkan oleh SULTHANULLAH HAQQI HIDAYAT
Teknologi: Flask, routeros_api, SQLite, Vanilla JS