from pathlib import Path import copy from flask import Blueprint, request, redirect, flash from auth import require_level from config_utils import load_config, record_group, diff_fields, verify_config_hash import sanitize import mod_validation as validate _PAGE = Path(__file__).parent.name bp = Blueprint(_PAGE, __name__) _VALID_PROTOS_STR = ', '.join(sorted(validate.VALID_PROTOCOLS)) def _row_index(): try: return int(request.form.get('row_index', '')) except (ValueError, TypeError): return None def _hash_ok(): if not verify_config_hash(request.form.get('config_hash', '')): flash('Configuration was modified by another session. Please refresh and try again.', 'error') return False return True def _parse_entry(): description = sanitize.text(request.form.get('description', '')) protocol = sanitize.filtervalue(request.form.get('protocol', ''), validate.VALID_PROTOCOLS) dest_port_raw = request.form.get('dest_port', '').strip() nat_ip_raw = request.form.get('nat_ip', '').strip() nat_port_raw = request.form.get('nat_port', '').strip() if not protocol: flash(f'The configuration has not been saved because the protocol is invalid. ' f'Accepted values: {_VALID_PROTOS_STR}.', 'error') return None, True if not dest_port_raw: flash('The configuration has not been saved because the external port is required.', 'error') return None, True dest_port = validate.port(dest_port_raw) if not dest_port: flash(f'The configuration has not been saved because "{dest_port_raw}" is not a valid port number (1-65535).', 'error') return None, True if not nat_ip_raw: flash('The configuration has not been saved because the NAT IP address is required.', 'error') return None, True nat_ip = validate.ip(nat_ip_raw) if not nat_ip: flash(f'The configuration has not been saved because "{nat_ip_raw}" is not a valid IP address.', 'error') return None, True if not nat_port_raw: flash('The configuration has not been saved because the NAT port is required.', 'error') return None, True nat_port = validate.port(nat_port_raw) if not nat_port: flash(f'The configuration has not been saved because "{nat_port_raw}" is not a valid port number (1-65535).', 'error') return None, True return { 'description': description, 'protocol': protocol, 'dest_port': dest_port, 'nat_ip': nat_ip, 'nat_port': nat_port, 'enabled': True, }, None @bp.route('/action/portforwarding/addrule_add', methods=['POST']) @require_level('administrator') def addrule_add(): entry, err = _parse_entry() if err: return redirect(f'/{_PAGE}') if not _hash_ok(): return redirect(f'/{_PAGE}') cfg = load_config() cfg.setdefault('port_forwarding', []).append(entry) errors = validate.validate_config(cfg) if errors: for msg in errors: flash(msg, 'error') return redirect(f'/{_PAGE}') dest_port = entry.get('dest_port', '') changes = diff_fields(None, entry) flash(record_group(cfg, 'port_forwarding', 'dest_port', dest_port, changes, 'core apply'), 'success') return redirect(f'/{_PAGE}') @bp.route('/action/portforwarding/rules_toggle', methods=['POST']) @require_level('administrator') def rules_toggle(): idx = _row_index() if idx is None: flash('Invalid request.', 'error') return redirect(f'/{_PAGE}') if not _hash_ok(): return redirect(f'/{_PAGE}') cfg = load_config() items = cfg.get('port_forwarding', []) if idx < 0 or idx >= len(items): flash('Entry not found.', 'error') return redirect(f'/{_PAGE}') old_enabled = items[idx].get('enabled', True) before = copy.deepcopy(items[idx]) items[idx]['enabled'] = not old_enabled errors = validate.validate_config(cfg) if errors: for msg in errors: flash(msg, 'error') return redirect(f'/{_PAGE}') dest_port = items[idx].get('dest_port', '') changes = diff_fields(before, items[idx]) flash(record_group(cfg, 'port_forwarding', 'dest_port', dest_port, changes, 'core apply'), 'success') return redirect(f'/{_PAGE}') @bp.route('/action/portforwarding/rules_edit', methods=['POST']) @require_level('administrator') def rules_edit(): idx = _row_index() if idx is None: flash('Invalid request.', 'error') return redirect(f'/{_PAGE}') entry, err = _parse_entry() if err: return redirect(f'/{_PAGE}') if not _hash_ok(): return redirect(f'/{_PAGE}') cfg = load_config() items = cfg.get('port_forwarding', []) if idx < 0 or idx >= len(items): flash('Entry not found.', 'error') return redirect(f'/{_PAGE}') before = copy.deepcopy(items[idx]) items[idx] = entry items[idx]['enabled'] = request.form.get('enabled') == 'on' errors = validate.validate_config(cfg) if errors: for msg in errors: flash(msg, 'error') return redirect(f'/{_PAGE}') dest_port = items[idx].get('dest_port', '') changes = diff_fields(before, items[idx]) flash(record_group(cfg, 'port_forwarding', 'dest_port', dest_port, changes, 'core apply'), 'success') return redirect(f'/{_PAGE}') @bp.route('/action/portforwarding/rules_delete', methods=['POST']) @require_level('administrator') def rules_delete(): idx = _row_index() if idx is None: flash('Invalid request.', 'error') return redirect(f'/{_PAGE}') if not _hash_ok(): return redirect(f'/{_PAGE}') cfg = load_config() items = cfg.get('port_forwarding', []) if idx < 0 or idx >= len(items): flash('Entry not found.', 'error') return redirect(f'/{_PAGE}') removed = items.pop(idx) errors = validate.validate_config(cfg) if errors: for msg in errors: flash(msg, 'error') return redirect(f'/{_PAGE}') dest_port = removed.get('dest_port', '') changes = diff_fields(removed, None) flash(record_group(cfg, 'port_forwarding', 'dest_port', dest_port, changes, 'core apply'), 'success') return redirect(f'/{_PAGE}')