Development

docker/routlin-dash/app/pages/radius/action.py

@@ -1,6 +1,7 @@
 import copy
 import gzip
 import io
+import ipaddress
 import os
 import re
 from pathlib import Path
@@ -39,17 +40,26 @@ def regenerate():
 def options_save():
     mac_format = request.form.get('mac_format', 'aabbccddeeff')
     apply_to   = request.form.get('apply_to', 'all')
+    ap_ips_raw = request.form.get('ap_ips', '')
 
     if mac_format not in VALID_MAC_FORMATS:
         flash('Invalid MAC format.', 'error')
         return redirect(f'/{_PAGE}')
-    if apply_to not in ('all', 'wireless'):
+    if apply_to not in ('all', 'wireless', 'huntgroup'):
         flash('Invalid apply_to value.', 'error')
         return redirect(f'/{_PAGE}')
 
+    ap_ips = [line.strip() for line in ap_ips_raw.splitlines() if line.strip()]
+    for ip in ap_ips:
+        try:
+            ipaddress.IPv4Address(ip)
+        except ValueError:
+            flash(f'Invalid IP address: {ip}', 'error')
+            return redirect(f'/{_PAGE}')
+
     cfg    = load_config()
     before = copy.deepcopy(cfg.get('radius', {}).get('options', {}))
-    after  = {'mac_format': mac_format, 'apply_to': apply_to}
+    after  = {'mac_format': mac_format, 'apply_to': apply_to, 'ap_ips': ap_ips}
     cfg.setdefault('radius', {})['options'] = after
 
     changes = diff_fields(before, after)
@@ -57,6 +67,42 @@ def options_save():
     return redirect(f'/{_PAGE}')
 
 
+@bp.route('/action/radius/default_vlan_save', methods=['POST'])
+@require_level('administrator')
+def default_vlan_save():
+    chosen = request.form.get('default_vlan', '').strip()
+    cfg    = load_config()
+    vlans  = cfg.get('vlans', [])
+
+    if chosen and not any(v['name'] == chosen for v in vlans):
+        flash('Invalid VLAN selection.', 'error')
+        return redirect(f'/{_PAGE}')
+
+    old_name = next((v['name'] for v in vlans if v.get('radius_default') is True), '')
+    for v in vlans:
+        v['radius_default'] = (v['name'] == chosen) if chosen else False
+
+    changes = diff_fields({'radius_default': old_name}, {'radius_default': chosen})
+    flash(record_group(cfg, 'radius', 'fallback_vlan', chosen or 'none', changes, 'core apply'), 'success')
+    return redirect(f'/{_PAGE}')
+
+
+@bp.route('/action/radius/eap_save', methods=['POST'])
+@require_level('administrator')
+def eap_save():
+    allow_weak_eap = 'allow_weak_eap' in request.form
+    tunneled_reply = 'tunneled_reply' in request.form
+
+    cfg    = load_config()
+    before = copy.deepcopy(cfg.get('radius', {}).get('eap', {}))
+    after  = {'allow_weak_eap': allow_weak_eap, 'tunneled_reply': tunneled_reply}
+    cfg.setdefault('radius', {})['eap'] = after
+
+    changes = diff_fields(before, after)
+    flash(record_group(cfg, 'radius.eap', 'setting', 'radius', changes, 'core apply'), 'success')
+    return redirect(f'/{_PAGE}')
+
+
 @bp.route('/action/radius/logging_save', methods=['POST'])
 @require_level('administrator')
 def logging_save():