linuxrouter/docker/routlin-dash/app/pages/radius/view.py

import json
import os
from config_utils import collect_layout_tokens, CONFIGS_DIR
import license

PRO_LICENSE = license.is_pro()

RADIUS_LOG_MAX  = 50
RADIUS_LOG_FILE = '/var/log/freeradius/radius.log'


def radius_log_tail(cfg):
    try:
        log_max_kb = cfg.get('radius', {}).get('general', {}).get('log_max_kb', 1024)

        current = []
        try:
            with open(RADIUS_LOG_FILE) as f:
                current = f.readlines()
        except FileNotFoundError:
            pass

        prev = []
        if len(current) < RADIUS_LOG_MAX:
            try:
                with open(RADIUS_LOG_FILE + '.1') as f:
                    prev = f.readlines()
            except FileNotFoundError:
                pass

        need  = max(0, RADIUS_LOG_MAX - len(current))
        lines = (prev[-need:] if need and prev else []) + current

        if not lines:
            return '(log is empty)', ''

        log_dir = os.path.dirname(RADIUS_LOG_FILE)
        try:
            size_kb = sum(
                os.path.getsize(os.path.join(log_dir, f))
                for f in os.listdir(log_dir)
                if os.path.isfile(os.path.join(log_dir, f))
            ) / 1024
        except OSError:
            size_kb = 0.0

        tail  = lines[-RADIUS_LOG_MAX:]
        pct   = min(100, round(size_kb / log_max_kb * 100)) if log_max_kb else 0
        note  = ' (includes rotated log)' if (prev and need) else ''
        left  = f'Showing {len(tail)} lines{note}'
        right = f'Total log size: {size_kb:.1f} KB ({pct}% of max)'
        summary = (
            '<div id="radius-log-summary" class="text-muted" style="display:flex;justify-content:space-between;margin-top:0.5em;">'
            f'<span>{left}</span><span>{right}</span></div>'
        )
        return ''.join(tail).strip(), summary
    except Exception:
        return '(error reading log)', ''


def collect_tokens(cfg):
    tokens = collect_layout_tokens(cfg)
    try:
        tokens['RADIUS_SECRET'] = open(f'{CONFIGS_DIR}/.radius-secret').read().strip()
    except OSError:
        tokens['RADIUS_SECRET'] = '(Generation is pending - visit Actions to apply generation command)'
    fr      = cfg.get('radius', {})
    fr_opts = fr.get('options', {})
    fr_gen  = fr.get('general', {})
    tokens['RADIUS_MAC_FORMAT'] = fr_opts.get('mac_format', 'aabbccddeeff')
    tokens['RADIUS_AUTH_MODE']     = fr_opts.get('auth_mode', 'mab')
    tokens['RADIUS_EAP_PROTOCOL']  = fr_opts.get('eap_protocol', 'eap_peap')
    tokens['RADIUS_EAP_PROTOCOL_OPTIONS'] = json.dumps([
        {'value': 'eap_peap', 'label': 'EAP-PEAP'},
        {'value': 'eap_ttls', 'label': 'EAP-TTLS'},
        {'value': 'eap_md5',  'label': 'EAP-MD5'},
    ])
    _eap_proto = fr_opts.get('eap_protocol', 'eap_peap')
    _inner_opts_peap = [
        {'value': 'mschapv2', 'label': 'MSCHAPv2 (Default)'},
        {'value': 'md5',      'label': 'MD5'},
        {'value': 'gtc',      'label': 'GTC'},
    ]
    _inner_opts_ttls = [
        {'value': 'md5',      'label': 'MD5 (Default)'},
        {'value': 'mschapv2', 'label': 'MSCHAPv2'},
        {'value': 'gtc',      'label': 'GTC'},
    ]
    tokens['RADIUS_INNER_PROTOCOL'] = fr_opts.get('inner_protocol', '')
    tokens['RADIUS_INNER_PROTOCOL_OPTIONS'] = json.dumps(
        _inner_opts_ttls if _eap_proto == 'eap_ttls' else _inner_opts_peap
    )
    pro_suffix   = '' if PRO_LICENSE else ' (PRO REQUIRED)'
    pro_disabled = not PRO_LICENSE
    tokens['RADIUS_AUTH_MODE_OPTIONS'] = json.dumps([
        {'value': 'mab',            'label': 'MAC Authentication Bypass (MAB)'},
        {'value': 'eap_password',   'label': f'802.1X - Client Username/Password{pro_suffix}', 'disabled': pro_disabled},
        {'value': 'eap_credential', 'label': f'802.1X - Client Certificate{pro_suffix}',       'disabled': pro_disabled},
    ])
    tokens['RADIUS_APPLY_TO']   = fr_opts.get('apply_to', 'all')
    tokens['RADIUS_AP_IPS']     = json.dumps(fr_opts.get('ap_ips', []))

    all_radius_clients = [r for r in cfg.get('dhcp_reservations', []) if r.get('radius_client') is True]
    n = len(all_radius_clients)
    if n > 0:
        tokens['RADIUS_CLIENT_STATUS_TEXT'] = f"RADIUS will be disabled if there are no RADIUS Clients specified on the DHCP Reservations page. There are currently {n} RADIUS Client{'s' if n != 1 else ''}. RADIUS is enabled."
    else:
        tokens['RADIUS_CLIENT_STATUS_TEXT'] = "RADIUS will be disabled if there are no RADIUS Clients specified on the DHCP Reservations page. There are currently 0 RADIUS Clients. RADIUS is disabled."

    radius_client_reservations = [
        r for r in all_radius_clients
        if r.get('ip') and r.get('ip') not in ('', 'dynamic')
    ]
    tokens['RADIUS_AP_IPS_OPTIONS'] = json.dumps([
        {'value': r['ip'], 'label': f"{r.get('description', r['ip'])} ({r['ip']})"}
        for r in radius_client_reservations
    ])
    tokens['RADIUS_LOGGING']        = 'true' if fr_gen.get('logging', False) else ''
    tokens['RADIUS_LOGGING_HINT']   = 'Unchecking will clear logs.' if fr_gen.get('logging', False) else ''
    tokens['RADIUS_GEN_LOG_MAX_KB'] = str(fr_gen.get('log_max_kb', 1024))

    tokens['RADIUS_TUNNELED_REPLY']  = 'true' if fr_opts.get('tunneled_reply', False) else ''
    tokens['RADIUS_INCLUDE_LENGTH']  = 'true' if fr_opts.get('include_length', False) else ''

    vlans = cfg.get('vlans', [])
    default_vlan = next((v['name'] for v in vlans if v.get('radius_default') is True), '')
    vlan_options = [{'value': '', 'label': 'None (reject unknown devices)'}]
    vlan_options += [
        {'value': v['name'], 'label': f"{v['name']} (VLAN {v.get('vlan_id', '?')})"}
        for v in vlans
    ]
    tokens['RADIUS_DEFAULT_VLAN']         = default_vlan
    tokens['RADIUS_DEFAULT_VLAN_OPTIONS'] = json.dumps(vlan_options)

    tokens['RADIUS_LOG_TAIL'], tokens['RADIUS_LOG_SUMMARY'] = radius_log_tail(cfg)
    return tokens