import copy from flask import Blueprint, request, redirect, flash from auth import require_level from config_utils import load_config, save_config_with_snapshot, verify_config_hash import sanitize import validation as validate bp = Blueprint('action_apply_banned_ips', __name__) VIEW = '/view/view_banned_ips' def _row_index(): try: return int(request.form.get('row_index', '')) except (ValueError, TypeError): return None def _hash_ok(): if not verify_config_hash(request.form.get('config_hash', '')): flash('Configuration was modified by another session. Please refresh and try again.', 'error') return False return True def _parse_ip(): raw = request.form.get('ip', '').strip() if not raw: flash('The configuration has not been saved because an IP address, CIDR, or wildcard pattern is required.', 'error') return None ip = validate.banned_ip(raw) if not ip: flash(f'The configuration has not been saved because "{raw}" is not a valid IP address, CIDR, or wildcard pattern.', 'error') return None return ip @bp.route('/action/add_banned_ip', methods=['POST']) @require_level('administrator') def add_banned_ip(): description = sanitize.text(request.form.get('description', '')) ip = _parse_ip() if ip is None: return redirect(VIEW) if not _hash_ok(): return redirect(VIEW) cfg = load_config() entry = {'description': description, 'ip': ip, 'enabled': True} cfg.setdefault('banned_ips', []).append(entry) errors = validate.validate_config(cfg) if errors: for msg in errors: flash(msg, 'error') return redirect(VIEW) flash(save_config_with_snapshot( cfg, path='banned_ips', key=ip, operation='add', before=None, after=entry, description=f'Added banned IP: {ip}', ), 'success') return redirect(VIEW) @bp.route('/action/toggle_banned_ip', methods=['POST']) @require_level('administrator') def toggle_banned_ip(): idx = _row_index() if idx is None: flash('Invalid request.', 'error') return redirect(VIEW) if not _hash_ok(): return redirect(VIEW) cfg = load_config() items = cfg.get('banned_ips', []) if idx < 0 or idx >= len(items): flash('Entry not found.', 'error') return redirect(VIEW) old_enabled = items[idx].get('enabled', True) items[idx]['enabled'] = not old_enabled errors = validate.validate_config(cfg) if errors: for msg in errors: flash(msg, 'error') return redirect(VIEW) action = 'Enabled' if not old_enabled else 'Disabled' flash(save_config_with_snapshot( cfg, path='banned_ips', key=items[idx]['ip'], operation='toggle', before={'enabled': old_enabled}, after={'enabled': not old_enabled}, description=f'{action} banned IP: {items[idx]["ip"]}', ), 'success') return redirect(VIEW) @bp.route('/action/edit_banned_ip', methods=['POST']) @require_level('administrator') def edit_banned_ip(): idx = _row_index() if idx is None: flash('Invalid request.', 'error') return redirect(VIEW) description = sanitize.text(request.form.get('description', '')) ip = _parse_ip() if ip is None: return redirect(VIEW) enabled = request.form.get('enabled') == 'on' if not _hash_ok(): return redirect(VIEW) cfg = load_config() items = cfg.get('banned_ips', []) if idx < 0 or idx >= len(items): flash('Entry not found.', 'error') return redirect(VIEW) before = copy.deepcopy(items[idx]) items[idx].update({'description': description, 'ip': ip, 'enabled': enabled}) errors = validate.validate_config(cfg) if errors: for msg in errors: flash(msg, 'error') return redirect(VIEW) flash(save_config_with_snapshot( cfg, path='banned_ips', key=ip, operation='edit', before=before, after=copy.deepcopy(items[idx]), description=f'Edited banned IP: {ip}', ), 'success') return redirect(VIEW) @bp.route('/action/delete_banned_ip', methods=['POST']) @require_level('administrator') def delete_banned_ip(): idx = _row_index() if idx is None: flash('Invalid request.', 'error') return redirect(VIEW) if not _hash_ok(): return redirect(VIEW) cfg = load_config() items = cfg.get('banned_ips', []) if idx < 0 or idx >= len(items): flash('Entry not found.', 'error') return redirect(VIEW) removed = items.pop(idx) errors = validate.validate_config(cfg) if errors: for msg in errors: flash(msg, 'error') return redirect(VIEW) flash(save_config_with_snapshot( cfg, path='banned_ips', key=removed['ip'], operation='delete', before=removed, after=None, description=f'Deleted banned IP: {removed["ip"]}', ), 'success') return redirect(VIEW)