156 lines
4.8 KiB
Python
156 lines
4.8 KiB
Python
from pathlib import Path
|
|
import copy
|
|
|
|
from flask import Blueprint, request, redirect, flash
|
|
import auth
|
|
import config_utils
|
|
import sanitize
|
|
import mod_validation as validate
|
|
|
|
_PAGE = Path(__file__).parent.name
|
|
|
|
bp = Blueprint(_PAGE, __name__)
|
|
|
|
def _row_index():
|
|
try:
|
|
return int(request.form.get('row_index', ''))
|
|
except (ValueError, TypeError):
|
|
return None
|
|
|
|
|
|
def _hash_ok():
|
|
if not config_utils.verify_config_hash(request.form.get('config_hash', '')):
|
|
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
|
|
return False
|
|
return True
|
|
|
|
|
|
def _parse_ip():
|
|
raw = request.form.get('ip', '').strip()
|
|
if not raw:
|
|
flash('The configuration has not been saved because an IP address, CIDR, or wildcard pattern is required.', 'error')
|
|
return None
|
|
ip = validate.banned_ip(raw)
|
|
if not ip:
|
|
flash(f'The configuration has not been saved because "{raw}" is not a valid IP address, CIDR, or wildcard pattern.', 'error')
|
|
return None
|
|
return ip
|
|
|
|
|
|
@bp.route('/action/bannedips/addip_add', methods=['POST'])
|
|
@auth.require_level('administrator')
|
|
def addip_add():
|
|
description = sanitize.text(request.form.get('description', ''))
|
|
ip = _parse_ip()
|
|
if ip is None:
|
|
return redirect(f'/{_PAGE}')
|
|
if not _hash_ok():
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
cfg = config_utils.load_config()
|
|
entry = {'description': description, 'ip': ip, 'enabled': True}
|
|
cfg.setdefault('banned_ips', []).append(entry)
|
|
errors = validate.validate_config(cfg)
|
|
if errors:
|
|
for msg in errors:
|
|
flash(msg, 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
changes = config_utils.diff_fields(None, entry)
|
|
flash(config_utils.record_group(cfg, 'banned_ips', 'ip', ip, changes, 'core apply'), 'success')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
|
|
@bp.route('/action/bannedips/table_toggle', methods=['POST'])
|
|
@auth.require_level('administrator')
|
|
def table_toggle():
|
|
idx = _row_index()
|
|
if idx is None:
|
|
flash('Invalid request.', 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
if not _hash_ok():
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
cfg = config_utils.load_config()
|
|
items = cfg.get('banned_ips', [])
|
|
if idx < 0 or idx >= len(items):
|
|
flash('Entry not found.', 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
old_enabled = items[idx].get('enabled', True)
|
|
before = copy.deepcopy(items[idx])
|
|
items[idx]['enabled'] = not old_enabled
|
|
errors = validate.validate_config(cfg)
|
|
if errors:
|
|
for msg in errors:
|
|
flash(msg, 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
ip = items[idx]['ip']
|
|
changes = config_utils.diff_fields(before, items[idx])
|
|
flash(config_utils.record_group(cfg, 'banned_ips', 'ip', ip, changes, 'core apply'), 'success')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
|
|
@bp.route('/action/bannedips/table_edit', methods=['POST'])
|
|
@auth.require_level('administrator')
|
|
def table_edit():
|
|
idx = _row_index()
|
|
if idx is None:
|
|
flash('Invalid request.', 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
description = sanitize.text(request.form.get('description', ''))
|
|
ip = _parse_ip()
|
|
if ip is None:
|
|
return redirect(f'/{_PAGE}')
|
|
enabled = request.form.get('enabled') == 'on'
|
|
|
|
if not _hash_ok():
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
cfg = config_utils.load_config()
|
|
items = cfg.get('banned_ips', [])
|
|
if idx < 0 or idx >= len(items):
|
|
flash('Entry not found.', 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
before = copy.deepcopy(items[idx])
|
|
items[idx].update({'description': description, 'ip': ip, 'enabled': enabled})
|
|
errors = validate.validate_config(cfg)
|
|
if errors:
|
|
for msg in errors:
|
|
flash(msg, 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
changes = config_utils.diff_fields(before, items[idx])
|
|
flash(config_utils.record_group(cfg, 'banned_ips', 'ip', ip, changes, 'core apply'), 'success')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
|
|
@bp.route('/action/bannedips/table_delete', methods=['POST'])
|
|
@auth.require_level('administrator')
|
|
def table_delete():
|
|
idx = _row_index()
|
|
if idx is None:
|
|
flash('Invalid request.', 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
if not _hash_ok():
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
cfg = config_utils.load_config()
|
|
items = cfg.get('banned_ips', [])
|
|
if idx < 0 or idx >= len(items):
|
|
flash('Entry not found.', 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
removed = items.pop(idx)
|
|
errors = validate.validate_config(cfg)
|
|
if errors:
|
|
for msg in errors:
|
|
flash(msg, 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
changes = config_utils.diff_fields(removed, None)
|
|
flash(config_utils.record_group(cfg, 'banned_ips', 'ip', removed['ip'], changes, 'core apply'), 'success')
|
|
return redirect(f'/{_PAGE}')
|