Customer Portal Overview
The customer portal is the page end users — the people paying for your internet service — log into. It’s a separate experience from the admin / reseller panel: simpler navigation, no operator vocabulary, designed so a non-technical user can check their usage, top up data, change their plan, or manage their WiFi without help.
This page is the table of contents — what’s on the portal, how to reach it, and what each tab does. Each item links to a detailed page.
How to get here
Section titled “How to get here”Customers reach the portal at the same domain as the operator panel, with a different login. From the panel landing page:
- Click Customer Login at the bottom.
- Or go directly to
/customer/login.
If the operator has set up a custom domain (see Custom Branding), the portal is at https://panel.example.com/customer/.
The portal is mobile-responsive — every page works on a phone screen with no horizontal scroll.
| Field | What to enter |
|---|---|
| Username | PPPoE username, exactly as the operator created it. Often name@domain.lb, sometimes just name. Case-sensitive. |
| Password | The PPPoE password set by the operator. Stored in radcheck as Cleartext-Password — same string used to authenticate the router. |
Login is rate-limited: 5 failed attempts within a short window blocks the source IP for 15 minutes, growing to 1 hour and 24 hours on repeated failure. This brute-force protection (added in v1.0.220) protects against credential-stuffing.
After successful login, the customer gets a JWT valid for 7 days. The token is cleared on Logout (Logout button in the top-right) — the server adds it to a blacklist so it can’t be reused. Closing the browser without logging out leaves the token active until expiry.
What’s in the portal
Section titled “What’s in the portal”The portal has seven tabs along the sidebar (or the bottom navigation on mobile):
| Tab | What it shows | Detail page |
|---|---|---|
| Dashboard | Live download/upload Mbps, daily/monthly usage rings, plan card, balance, expiry countdown. | Dashboard & Live Traffic |
| Usage | Daily breakdown for the last 30 days, expandable into per-session detail. | Usage History |
| Change Plan | List of available plans, prorated upgrade / downgrade. | Change Plan |
| Buy Data | One-tap purchase of extra GB at the operator’s rate. | Buy Extra Data |
| WiFi | SSID / password change + router reboot (TR-069 routers). | WiFi Management |
| Invoices | Past invoices and receipts as PDF. | Invoices & Receipts |
| Support | Open / view tickets to the operator. | Support Tickets |
| Parental | Block adult content, gambling, social media (when enabled by ISP). | Parental Controls |
Tabs are only shown when the underlying feature is enabled. For example, “Change Plan” is hidden if the operator has disabled customer-initiated plan changes; “Buy Data” is hidden if the per-GB price isn’t configured; “Parental” is hidden if the ISP hasn’t enabled parental controls on the network.
What customers can do
Section titled “What customers can do”In one place:
- Check their internet speed and usage right now — live Mbps refreshing every 3 seconds, plus today’s GB.
- See how long until expiry — and renew (via the operator) before it runs out.
- Top up data — buy extra GB when they hit the monthly cap, paid from their wallet balance.
- Change plan — upgrade to faster speeds (charged prorated) or downgrade (refunded prorated, if enabled).
- Manage WiFi — change SSID / password without calling support, reboot the router from the portal.
- Download invoices — keep tax-ready copies of receipts.
- Open a ticket — talk to the operator without leaving the portal.
- Block adult content — toggle category filters that apply at the DNS level for everyone in the home.
What customers cannot do
Section titled “What customers cannot do”- Cannot change their PPPoE password. That’s an operator-only action — they’d have to update the router config too, which they don’t have access to.
- Cannot see other customers. Everything is scoped to the logged-in
username. Cross-tenant isolation is enforced server-side. - Cannot move balance between accounts. Their wallet credits only their own service.
- Cannot create another customer account. The portal has no signup; only the operator creates subscribers.
Mobile parity
Section titled “Mobile parity”Every feature on the portal works on a phone screen. The dashboard rings stack vertically, the usage chart scrolls horizontally, the bulk-action toolbars become a kebab menu, and the WiFi modal becomes a full-screen form.
There’s also a dedicated mobile app (iOS + Android) that mirrors the portal exactly. The mobile app uses the same authentication, sees the same data, and the same restrictions apply — it’s a thinner shell over the same backend.
Branding
Section titled “Branding”When the operator has custom branding enabled, the customer portal inherits the same identity:
- Operator logo replaces the default header logo.
- Operator primary color theme.
- Operator company name in the title bar.
- Operator footer text and tagline.
- Operator custom domain (e.g.
panel.example.com) instead of the default URL.
A subscriber managed by a sub-reseller sees the sub-reseller’s branding when accessing via the sub-reseller’s custom domain — independent from the parent reseller’s branding.
Security model
Section titled “Security model”| Concern | How it’s addressed |
|---|---|
| Credential reuse from elsewhere | Brute-force lockout (5 fails → 15 min, 10 → 1h, 20 → 24h). |
| Stolen JWT | Server-side blacklist on Logout; 7-day max lifetime; bound to username. |
| Session hijack | Token in localStorage, sent in Authorization header only. No cookies. |
| Cross-tenant data leak | Every query filters on c.Locals("customer_username") from the validated JWT — no user-supplied subscriber ID anywhere in the request body. |
| WiFi password change abuse | Rate-limited via the global API limiter; reflected in audit log. |
| Plan change abuse | Operator can disable customer-initiated changes per-reseller (default off). Balance check enforced; insufficient-funds rejection is server-side. |
Common workflows
Section titled “Common workflows”First-time login
Section titled “First-time login”- Customer receives credentials from the operator (in person, via SMS, or printed on the order form).
- Opens the portal URL on phone or laptop.
- Enters username + password. Successful login lands on the Dashboard.
- Glances at the rings — daily / monthly usage so far. Sees the expiry countdown.
- Bookmarks the URL or installs the mobile app.
”My internet is slow — is it the plan or the network?”
Section titled “”My internet is slow — is it the plan or the network?””- Dashboard → glance at the live Download Mbps number (updates every 3 seconds).
- Compare against the Plan card showing nominal speed.
- If live is close to nominal: the network is fine; speed test sites are the issue.
- If live is much lower: check whether FUP tier is shown (1, 2, or 3) on the dashboard — they may have hit a cap.
- If still unclear, open a Support Ticket with category “Slow internet”.
Permissions
Section titled “Permissions”The customer portal has no permission system — every action is gated by ownership: the JWT’s customer_username claim must match the row being acted on. The middleware enforces this on every request.
| Token claim | Effect |
|---|---|
type = customer | The JWT was issued by the customer login endpoint, not the admin one. Customer routes reject other token types. |
customer_username = ali@example.com | All queries filter on username = "ali@example.com". |
Related pages
Section titled “Related pages”- Dashboard & Live Traffic — the landing page.
- Usage History — daily breakdown.
- Change Plan — self-service plan switching.
- Buy Extra Data — extra GB top-ups.
- WiFi Management — SSID / password / reboot.
- Support Tickets — talk to the ISP.