import copy from flask import Blueprint, request, redirect, flash from auth import require_level from config_utils import load_config, save_config_with_snapshot, verify_config_hash import sanitize import validation as validate bp = Blueprint('action_apply_inter_vlan', __name__) VIEW = '/view/view_inter_vlan' _VALID_PROTOS_STR = ', '.join(sorted(validate.VALID_PROTOCOLS)) def _row_index(): try: return int(request.form.get('row_index', '')) except (ValueError, TypeError): return None def _hash_ok(): if not verify_config_hash(request.form.get('config_hash', '')): flash('Configuration was modified by another session. Please refresh and try again.', 'error') return False return True def _parse_entry(): description = sanitize.text(request.form.get('description', '')) protocol = sanitize.filtervalue(request.form.get('protocol', ''), validate.VALID_PROTOCOLS) src_raw = request.form.get('src_ip_or_subnet', '').strip() dst_raw = request.form.get('dst_ip_or_subnet', '').strip() dst_port_raw = request.form.get('dst_port', '').strip() if not protocol: flash(f'The configuration has not been saved because the protocol is invalid. ' f'Accepted values: {_VALID_PROTOS_STR}.', 'error') return None, True if not src_raw: flash('The configuration has not been saved because a source IP or subnet is required.', 'error') return None, True src = validate.ip_or_cidr(src_raw) if not src: flash(f'The configuration has not been saved because "{src_raw}" is not a valid IP address or subnet.', 'error') return None, True if not dst_raw: flash('The configuration has not been saved because a destination IP or subnet is required.', 'error') return None, True dst = validate.ip_or_cidr(dst_raw) if not dst: flash(f'The configuration has not been saved because "{dst_raw}" is not a valid IP address or subnet.', 'error') return None, True dst_port = '' if dst_port_raw: dst_port = validate.port(dst_port_raw) if not dst_port: flash(f'The configuration has not been saved because "{dst_port_raw}" is not a valid port number (1-65535).', 'error') return None, True return { 'description': description, 'protocol': protocol, 'src_ip_or_subnet': src, 'dst_ip_or_subnet': dst, 'dst_port': dst_port, 'enabled': True, }, None def _entry_key(entry): port = f':{entry["dst_port"]}' if entry.get('dst_port') else '' return f'{entry["protocol"]}:{entry["src_ip_or_subnet"]}→{entry["dst_ip_or_subnet"]}{port}' @bp.route('/action/add_inter_vlan', methods=['POST']) @require_level('administrator') def add_inter_vlan(): entry, err = _parse_entry() if err: return redirect(VIEW) if not _hash_ok(): return redirect(VIEW) cfg = load_config() cfg.setdefault('inter_vlan_exceptions', []).append(entry) errors = validate.validate_config(cfg) if errors: for msg in errors: flash(msg, 'error') return redirect(VIEW) key = _entry_key(entry) flash(save_config_with_snapshot( cfg, path='inter_vlan_exceptions', key=key, operation='add', before=None, after=entry, description=f'Added inter-VLAN rule: {key}', ), 'success') return redirect(VIEW) @bp.route('/action/toggle_inter_vlan', methods=['POST']) @require_level('administrator') def toggle_inter_vlan(): idx = _row_index() if idx is None: flash('Invalid request.', 'error') return redirect(VIEW) if not _hash_ok(): return redirect(VIEW) cfg = load_config() items = cfg.get('inter_vlan_exceptions', []) if idx < 0 or idx >= len(items): flash('Entry not found.', 'error') return redirect(VIEW) old_enabled = items[idx].get('enabled', True) items[idx]['enabled'] = not old_enabled errors = validate.validate_config(cfg) if errors: for msg in errors: flash(msg, 'error') return redirect(VIEW) key = _entry_key(items[idx]) action = 'Enabled' if not old_enabled else 'Disabled' flash(save_config_with_snapshot( cfg, path='inter_vlan_exceptions', key=key, operation='toggle', before={'enabled': old_enabled}, after={'enabled': not old_enabled}, description=f'{action} inter-VLAN rule: {key}', ), 'success') return redirect(VIEW) @bp.route('/action/edit_inter_vlan', methods=['POST']) @require_level('administrator') def edit_inter_vlan(): idx = _row_index() if idx is None: flash('Invalid request.', 'error') return redirect(VIEW) entry, err = _parse_entry() if err: return redirect(VIEW) if not _hash_ok(): return redirect(VIEW) cfg = load_config() items = cfg.get('inter_vlan_exceptions', []) if idx < 0 or idx >= len(items): flash('Entry not found.', 'error') return redirect(VIEW) before = copy.deepcopy(items[idx]) items[idx] = entry items[idx]['enabled'] = request.form.get('enabled') == 'on' errors = validate.validate_config(cfg) if errors: for msg in errors: flash(msg, 'error') return redirect(VIEW) key = _entry_key(entry) flash(save_config_with_snapshot( cfg, path='inter_vlan_exceptions', key=key, operation='edit', before=before, after=copy.deepcopy(items[idx]), description=f'Edited inter-VLAN rule: {key}', ), 'success') return redirect(VIEW) @bp.route('/action/delete_inter_vlan', methods=['POST']) @require_level('administrator') def delete_inter_vlan(): idx = _row_index() if idx is None: flash('Invalid request.', 'error') return redirect(VIEW) if not _hash_ok(): return redirect(VIEW) cfg = load_config() items = cfg.get('inter_vlan_exceptions', []) if idx < 0 or idx >= len(items): flash('Entry not found.', 'error') return redirect(VIEW) removed = items.pop(idx) errors = validate.validate_config(cfg) if errors: for msg in errors: flash(msg, 'error') return redirect(VIEW) key = _entry_key(removed) flash(save_config_with_snapshot( cfg, path='inter_vlan_exceptions', key=key, operation='delete', before=removed, after=None, description=f'Deleted inter-VLAN rule: {key}', ), 'success') return redirect(VIEW)