from flask import Blueprint, request, redirect, flash from auth import require_level from config_utils import load_core, save_core, verify_core_hash, queued_msg import re import sanitize import validation as validate bp = Blueprint('action_apply_blocklists', __name__) VIEW = '/view/view_blocklists' _VALID_FORMATS_STR = ', '.join(sorted(validate.VALID_BLOCKLIST_FORMATS)) def _row_index(): try: return int(request.form.get('row_index', '')) except (ValueError, TypeError): return None def _hash_ok(): if not verify_core_hash(request.form.get('config_hash', '')): flash('Configuration was modified by another session. Please refresh and try again.', 'error') return False return True def _save_as_from_name(name): slug = re.sub(r'[^a-z0-9_-]', '_', name.lower()).strip('_') return f'{slug}.conf' def _parse_fields(): """Parse and validate add/edit form fields. Returns (fields_dict, None) or (None, already_flashed).""" name = sanitize.name(request.form.get('name', '')) description = sanitize.description(request.form.get('description', '')) fmt = sanitize.filtervalue(request.form.get('format', ''), validate.VALID_BLOCKLIST_FORMATS) url = sanitize.url(request.form.get('url', '')) if not name: flash('The configuration has not been saved because a name is required.', 'error') return None, True if not url: flash('The configuration has not been saved because a URL is required.', 'error') return None, True if not fmt: flash(f'The configuration has not been saved because the format is invalid. ' f'Accepted formats: {_VALID_FORMATS_STR}.', 'error') return None, True return {'name': name, 'description': description, 'format': fmt, 'url': url}, None @bp.route('/action/add_blocklist', methods=['POST']) @require_level('administrator') def add_blocklist(): fields, err = _parse_fields() if err: return redirect(VIEW) if not _hash_ok(): return redirect(VIEW) core = load_core() blocklists = core.setdefault('blocklists', []) if any(b.get('name', '').lower() == fields['name'].lower() for b in blocklists): flash('The configuration has not been saved because a blocklist with that name already exists.', 'error') return redirect(VIEW) blocklists.append({ 'name': fields['name'], 'description': fields['description'], 'format': fields['format'], 'url': fields['url'], 'save_as': _save_as_from_name(fields['name']), }) errors = validate.validate_config(core) if errors: for msg in errors: flash(msg, 'error') return redirect(VIEW) save_core(core) flash(queued_msg('core apply'), 'success') return redirect(VIEW) @bp.route('/action/edit_blocklist', methods=['POST']) @require_level('administrator') def edit_blocklist(): idx = _row_index() if idx is None: flash('Invalid request.', 'error') return redirect(VIEW) fields, err = _parse_fields() if err: return redirect(VIEW) if not _hash_ok(): return redirect(VIEW) core = load_core() items = core.get('blocklists', []) if idx < 0 or idx >= len(items): flash('Entry not found.', 'error') return redirect(VIEW) items[idx].update({ 'name': fields['name'], 'description': fields['description'], 'format': fields['format'], 'url': fields['url'], }) errors = validate.validate_config(core) if errors: for msg in errors: flash(msg, 'error') return redirect(VIEW) save_core(core) flash(queued_msg('core apply'), 'success') return redirect(VIEW) @bp.route('/action/delete_blocklist', methods=['POST']) @require_level('administrator') def delete_blocklist(): idx = _row_index() if idx is None: flash('Invalid request.', 'error') return redirect(VIEW) if not _hash_ok(): return redirect(VIEW) core = load_core() items = core.get('blocklists', []) if idx < 0 or idx >= len(items): flash('Entry not found.', 'error') return redirect(VIEW) removed = items.pop(idx) errors = validate.validate_config(core) if errors: for msg in errors: flash(msg, 'error') return redirect(VIEW) save_core(core) flash(queued_msg('core apply'), 'success') return redirect(VIEW) @bp.route('/action/update_blocklists', methods=['POST']) @require_level('administrator') def update_blocklists(): flash(queued_msg('core update-blocklists'), 'success') return redirect(VIEW)