mgrotke/linuxrouter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linuxrouter/docker/routlin-dash/app/pages/dnsblocking/action.py
Matthew Grotke 03ccf44c8c Development
2026-06-09 13:28:59 -04:00

425 lines
15 KiB
Python
Raw Blame History

from pathlib import Path
import copy
import re
import sqlite3
from flask import Blueprint, request, redirect, flash, send_file, jsonify
import auth
import config_utils
import sanitize
import mod_validation as validate
DNS_LOG_FILE = Path(config_utils.BLOCKLISTS_DIR) / '.log'
_PAGE = Path(__file__).parent.name
bp = Blueprint(_PAGE, __name__)
def _row_index():
try:
return int(request.form.get('row_index', ''))
except (ValueError, TypeError):
return None
def _hash_ok():
if not config_utils.verify_config_hash(request.form.get('config_hash', '')):
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
return False
return True
def _save_as_from_name(name, ext):
slug = re.sub(r'[^a-z0-9_-]', '_', name.lower()).strip('_')
return f'{slug}.{ext}'
def _write_local_file(save_as, lines):
"""Write domain list to blocklists dir. Returns error string or None."""
try:
bl_path = Path(config_utils.BLOCKLISTS_DIR) / save_as
bl_path.parent.mkdir(parents=True, exist_ok=True)
bl_path.write_text('\n'.join(lines))
except Exception as ex:
return str(ex)
return None
def _parse_fields():
bl_type = sanitize.filtervalue(request.form.get('bl_type', ''), {'community', 'local'})
name = sanitize.name(request.form.get('name', ''))
description = sanitize.description(request.form.get('description', ''))
if not name:
flash('The configuration has not been saved because a name is required.', 'error')
return None, True
if not bl_type:
flash('The configuration has not been saved because a type is required.', 'error')
return None, True
if bl_type == 'local':
raw = request.form.get('local_entries', '')
local_lines = [ln.strip() for ln in raw.splitlines() if ln.strip()]
return {'name': name, 'description': description, 'bl_type': 'local',
'local_lines': local_lines}, None
url = sanitize.url(request.form.get('url', ''))
if not url:
flash('The configuration has not been saved because a URL is required.', 'error')
return None, True
return {'name': name, 'description': description, 'bl_type': 'community', 'url': url}, None
@bp.route('/api/dnsblocking/search', methods=['GET'])
@auth.require_level('viewer')
def api_blocklist_search():
term = request.args.get('term', '').strip()
match = request.args.get('match', 'partial')
blocklist = request.args.get('blocklist', '').strip()
try:
limit = max(1, min(5000, int(request.args.get('limit', 500))))
except (ValueError, TypeError):
limit = 500
if not term:
return jsonify({'results': [], 'count': 0, 'truncated': False})
if match not in ('exact', 'starts_with', 'ends_with', 'partial'):
match = 'partial'
escaped = term.replace('\\', '\\\\').replace('%', '\\%').replace('_', '\\_')
if match == 'exact':
sql_where = 'WHERE d.domain = ?'
param = term
elif match == 'starts_with':
sql_where = "WHERE d.domain LIKE ? ESCAPE '\\'"
param = escaped + '%'
elif match == 'ends_with':
sql_where = "WHERE d.domain LIKE ? ESCAPE '\\'"
param = '%' + escaped
else:
sql_where = "WHERE d.domain LIKE ? ESCAPE '\\'"
param = '%' + escaped + '%'
db_path = str(Path(config_utils.BLOCKLISTS_DIR) / 'domains.db')
try:
con = sqlite3.connect(db_path)
bl_filter = "AND b.name = ?" if blocklist else ""
sql_params = (param, blocklist) if blocklist else (param,)
rows = con.execute(f"""
SELECT d.domain, GROUP_CONCAT(b.name, '|')
FROM domains d
JOIN blocklists b ON b.id = d.blocklist_id
{sql_where}
{bl_filter}
GROUP BY d.domain
ORDER BY d.domain
LIMIT ?
""", sql_params + (limit + 1,)).fetchall()
capped_rows = rows[:limit]
domain_list = [r[0] for r in capped_rows]
phs = ','.join('?' * len(domain_list))
overridden = set(
r[0] for r in con.execute(
f"SELECT domain FROM overrides WHERE domain IN ({phs})", domain_list
).fetchall()
) if domain_list else set()
con.close()
except Exception:
return jsonify({'error': 'Database unavailable. Run merge-blocklists first.'})
cfg = config_utils.load_config()
bl_vlans = {}
for vlan in cfg.get('vlans', []):
for bl_name in vlan.get('use_blocklists', []):
bl_vlans.setdefault(bl_name, []).append(vlan['name'])
truncated = len(rows) > limit
results = []
for domain, bl_str in capped_rows:
bl_names = bl_str.split('|') if bl_str else []
vlans = []
for bl in bl_names:
for v in bl_vlans.get(bl, []):
if v not in vlans:
vlans.append(v)
results.append({'domain': domain, 'blocklists': bl_names, 'vlans': vlans, 'overridden': domain in overridden})
return jsonify({'results': results, 'count': len(results), 'truncated': truncated})
@bp.route('/api/dnsblocking/override', methods=['POST'])
@auth.require_level('administrator')
def api_blocklist_override():
data = request.get_json(silent=True) or {}
domain = str(data.get('domain', '')).strip().lower()
allow = bool(data.get('allow', False))
if not domain:
return jsonify({'error': 'domain required'})
db_path = str(Path(config_utils.BLOCKLISTS_DIR) / 'domains.db')
try:
con = sqlite3.connect(db_path)
if allow:
con.execute("INSERT OR IGNORE INTO overrides (domain) VALUES (?)", (domain,))
else:
con.execute("DELETE FROM overrides WHERE domain = ?", (domain,))
con.commit()
con.close()
except Exception as e:
return jsonify({'error': str(e)})
config_utils.queue_command('merge blocklists')
return jsonify({'ok': True})
@bp.route('/action/dnsblocking/blocklists_delete', methods=['POST'])
@auth.require_level('administrator')
def blocklists_delete():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(f'/{_PAGE}')
if not _hash_ok():
return redirect(f'/{_PAGE}')
cfg = config_utils.load_config()
items = cfg.get('dns_blocking', {}).get('blocklists', [])
if idx < 0 or idx >= len(items):
flash('Entry not found.', 'error')
return redirect(f'/{_PAGE}')
before = copy.deepcopy(items[idx])
name = before.get('name', str(idx))
items.pop(idx)
for vlan in cfg.get('vlans', []):
current = set(vlan.get('use_blocklists', []))
if name in current:
current.discard(name)
vlan['use_blocklists'] = sorted(current)
errors = validate.validate_config(cfg)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(f'/{_PAGE}')
changes = config_utils.diff_fields(before, None)
flash(config_utils.record_group(cfg, 'dns_blocking.blocklists', 'name', name, changes, 'merge blocklists'), 'success')
return redirect(f'/{_PAGE}')
@bp.route('/action/dnsblocking/blocklists_edit', methods=['POST'])
@auth.require_level('administrator')
def blocklists_edit():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(f'/{_PAGE}')
fields, err = _parse_fields()
if err:
return redirect(f'/{_PAGE}')
if not _hash_ok():
return redirect(f'/{_PAGE}')
cfg = config_utils.load_config()
items = cfg.get('dns_blocking', {}).get('blocklists', [])
if idx < 0 or idx >= len(items):
flash('Entry not found.', 'error')
return redirect(f'/{_PAGE}')
before = copy.deepcopy(items[idx])
err = validate.check_blocklist_name_unique(items, fields['name'], exclude_idx=idx)
if err:
flash(err, 'error')
return redirect(f'/{_PAGE}')
if fields['bl_type'] == 'local':
save_as = items[idx].get('save_as') or _save_as_from_name(fields['name'], 'txt')
write_err = _write_local_file(save_as, fields['local_lines'])
if write_err:
flash(f'Could not save local blocklist file: {write_err}', 'error')
return redirect(f'/{_PAGE}')
items[idx].update({
'name': fields['name'],
'description': fields['description'],
'bl_type': 'local',
'save_as': save_as,
})
items[idx].pop('format', None)
items[idx].pop('url', None)
else:
items[idx].update({
'name': fields['name'],
'description': fields['description'],
'bl_type': 'community',
'url': fields['url'],
})
if not items[idx].get('save_as'):
items[idx]['save_as'] = _save_as_from_name(fields['name'], 'conf')
items[idx].pop('local_lines', None)
old_name = before.get('name', '')
used_by_vlans = set(request.form.getlist('used_by_vlans'))
for vlan in cfg.get('vlans', []):
vlan_name = vlan.get('name', '')
current = set(vlan.get('use_blocklists', []))
if old_name and old_name != fields['name']:
current.discard(old_name)
if vlan_name in used_by_vlans:
current.add(fields['name'])
else:
current.discard(fields['name'])
vlan['use_blocklists'] = sorted(current)
errors = validate.validate_config(cfg)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(f'/{_PAGE}')
changes = config_utils.diff_fields(before, items[idx])
flash(config_utils.record_group(cfg, 'dns_blocking.blocklists', 'name', fields['name'], changes, 'merge blocklists'), 'success')
return redirect(f'/{_PAGE}')
@bp.route('/action/dnsblocking/addblocklist_add', methods=['POST'])
@auth.require_level('administrator')
def addblocklist_add():
fields, err = _parse_fields()
if err:
return redirect(f'/{_PAGE}')
if not _hash_ok():
return redirect(f'/{_PAGE}')
cfg = config_utils.load_config()
blocklists = cfg.setdefault('dns_blocking', {}).setdefault('blocklists', [])
err = validate.check_blocklist_name_unique(blocklists, fields['name'])
if err:
flash(err, 'error')
return redirect(f'/{_PAGE}')
if fields['bl_type'] == 'local':
save_as = _save_as_from_name(fields['name'], 'txt')
write_err = _write_local_file(save_as, fields['local_lines'])
if write_err:
flash(f'Could not save local blocklist file: {write_err}', 'error')
return redirect(f'/{_PAGE}')
entry = {
'name': fields['name'],
'description': fields['description'],
'bl_type': 'local',
'save_as': save_as,
}
else:
entry = {
'name': fields['name'],
'description': fields['description'],
'bl_type': 'community',
'url': fields['url'],
'save_as': _save_as_from_name(fields['name'], 'conf'),
}
blocklists.append(entry)
used_by_vlans = set(request.form.getlist('used_by_vlans'))
for vlan in cfg.get('vlans', []):
vlan_name = vlan.get('name', '')
current = set(vlan.get('use_blocklists', []))
if vlan_name in used_by_vlans:
current.add(fields['name'])
else:
current.discard(fields['name'])
vlan['use_blocklists'] = sorted(current)
errors = validate.validate_config(cfg)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(f'/{_PAGE}')
changes = config_utils.diff_fields(None, entry)
flash(config_utils.record_group(cfg, 'dns_blocking.blocklists', 'name', fields['name'], changes, 'merge blocklists'), 'success')
return redirect(f'/{_PAGE}')
@bp.route('/action/dnsblocking/blocklistrefresh_save', methods=['POST'])
@auth.require_level('administrator')
def blocklistrefresh_save():
daily_execute_time = validate.time_24h(sanitize.time_24h(request.form.get('daily_execute_time_24hr_local', '')))
if not daily_execute_time:
flash('Daily Refresh Time must be a valid 24-hour time (e.g. 02:30).', 'error')
return redirect(f'/{_PAGE}')
if not config_utils.verify_config_hash(request.form.get('config_hash', '')):
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
return redirect(f'/{_PAGE}')
cfg = config_utils.load_config()
before = copy.deepcopy(cfg.get('dns_blocking', {}).get('general', {}))
cfg.setdefault('dns_blocking', {}).setdefault('general', {})['daily_execute_time_24hr_local'] = daily_execute_time
changes = config_utils.diff_fields(before, cfg['dns_blocking']['general'])
flash(config_utils.record_group(cfg, 'dns_blocking.general', None, None, changes, 'core apply'), 'success')
return redirect(f'/{_PAGE}')
@bp.route('/action/dnsblocking/blocklistrefresh_refresh', methods=['POST'])
@auth.require_level('administrator')
def blocklistrefresh_refresh():
config_utils.queue_command('download blocklists')
config_utils.queue_command('merge blocklists')
flash('Blocklist download and merge queued.', 'success')
return redirect(f'/{_PAGE}')
@bp.route('/action/dnsblocking/logging_save', methods=['POST'])
@auth.require_level('administrator')
def logging_save():
log_max_kb_raw = request.form.get('log_max_kb', '').strip()
log_errors_only = 'log_errors_only' in request.form
log_max_kb = validate.int_range(log_max_kb_raw, 64, None)
if log_max_kb is None:
flash('Max Log Size must be a number >= 64.', 'error')
return redirect(f'/{_PAGE}')
if not config_utils.verify_config_hash(request.form.get('config_hash', '')):
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
return redirect(f'/{_PAGE}')
cfg = config_utils.load_config()
before = copy.deepcopy(cfg.get('dns_blocking', {}).get('general', {}))
cfg.setdefault('dns_blocking', {}).setdefault('general', {}).update({
'log_max_kb': log_max_kb,
'log_errors_only': log_errors_only,
})
errors = validate.validate_config(cfg)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(f'/{_PAGE}')
changes = config_utils.diff_fields(before, cfg['dns_blocking']['general'])
flash(config_utils.record_group(cfg, 'dns_blocking.general', None, None, changes, 'core apply', queue=False), 'success')
return redirect(f'/{_PAGE}')
@bp.route('/action/dnsblocking/logging_clear', methods=['POST'])
@auth.require_level('administrator')
def logging_clear():
try:
DNS_LOG_FILE.write_text('')
flash('DNS blocking log cleared.', 'success')
except Exception as ex:
flash(f'Could not clear log: {ex}', 'error')
return redirect(f'/{_PAGE}')
@bp.route('/action/dnsblocking/logging_download', methods=['GET'])
@auth.require_level('administrator')
def logging_download():
if not DNS_LOG_FILE.is_file():
flash('Log file not found.', 'error')
return redirect(f'/{_PAGE}')
return send_file(DNS_LOG_FILE, as_attachment=True, download_name='blocklists.log', mimetype='text/plain')
Reference in a new issue View git blame Copy permalink