324 lines
12 KiB
Python
324 lines
12 KiB
Python
from pathlib import Path
|
|
import copy
|
|
import re
|
|
from flask import Blueprint, request, redirect, flash, send_file
|
|
import auth
|
|
import config_utils
|
|
import sanitize
|
|
import mod_validation as validate
|
|
|
|
DNS_LOG_FILE = Path(config_utils.BLOCKLISTS_DIR) / '.log'
|
|
|
|
_PAGE = Path(__file__).parent.name
|
|
|
|
bp = Blueprint(_PAGE, __name__)
|
|
|
|
|
|
def _row_index():
|
|
try:
|
|
return int(request.form.get('row_index', ''))
|
|
except (ValueError, TypeError):
|
|
return None
|
|
|
|
|
|
def _hash_ok():
|
|
if not config_utils.verify_config_hash(request.form.get('config_hash', '')):
|
|
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
|
|
return False
|
|
return True
|
|
|
|
|
|
def _save_as_from_name(name, ext):
|
|
slug = re.sub(r'[^a-z0-9_-]', '_', name.lower()).strip('_')
|
|
return f'{slug}.{ext}'
|
|
|
|
|
|
def _write_local_file(save_as, lines):
|
|
"""Write domain list to blocklists dir. Returns error string or None."""
|
|
try:
|
|
bl_path = Path(config_utils.BLOCKLISTS_DIR) / save_as
|
|
bl_path.parent.mkdir(parents=True, exist_ok=True)
|
|
bl_path.write_text('\n'.join(lines))
|
|
except Exception as ex:
|
|
return str(ex)
|
|
return None
|
|
|
|
|
|
def _parse_fields():
|
|
bl_type = sanitize.filtervalue(request.form.get('bl_type', ''), {'community', 'local'})
|
|
name = sanitize.name(request.form.get('name', ''))
|
|
description = sanitize.description(request.form.get('description', ''))
|
|
|
|
if not name:
|
|
flash('The configuration has not been saved because a name is required.', 'error')
|
|
return None, True
|
|
if not bl_type:
|
|
flash('The configuration has not been saved because a type is required.', 'error')
|
|
return None, True
|
|
|
|
if bl_type == 'local':
|
|
raw = request.form.get('local_entries', '')
|
|
local_lines = [ln.strip() for ln in raw.splitlines() if ln.strip()]
|
|
return {'name': name, 'description': description, 'bl_type': 'local',
|
|
'local_lines': local_lines}, None
|
|
|
|
url = sanitize.url(request.form.get('url', ''))
|
|
if not url:
|
|
flash('The configuration has not been saved because a URL is required.', 'error')
|
|
return None, True
|
|
return {'name': name, 'description': description, 'bl_type': 'community', 'url': url}, None
|
|
|
|
|
|
@bp.route('/action/dnsblocking/blocklists_delete', methods=['POST'])
|
|
@auth.require_level('administrator')
|
|
def blocklists_delete():
|
|
idx = _row_index()
|
|
if idx is None:
|
|
flash('Invalid request.', 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
if not _hash_ok():
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
cfg = config_utils.load_config()
|
|
items = cfg.get('dns_blocking', {}).get('blocklists', [])
|
|
if idx < 0 or idx >= len(items):
|
|
flash('Entry not found.', 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
before = copy.deepcopy(items[idx])
|
|
name = before.get('name', str(idx))
|
|
items.pop(idx)
|
|
|
|
for vlan in cfg.get('vlans', []):
|
|
current = set(vlan.get('use_blocklists', []))
|
|
if name in current:
|
|
current.discard(name)
|
|
vlan['use_blocklists'] = sorted(current)
|
|
|
|
errors = validate.validate_config(cfg)
|
|
if errors:
|
|
for msg in errors:
|
|
flash(msg, 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
changes = config_utils.diff_fields(before, None)
|
|
flash(config_utils.record_group(cfg, 'dns_blocking.blocklists', 'name', name, changes, 'merge blocklists'), 'success')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
|
|
@bp.route('/action/dnsblocking/blocklists_edit', methods=['POST'])
|
|
@auth.require_level('administrator')
|
|
def blocklists_edit():
|
|
idx = _row_index()
|
|
if idx is None:
|
|
flash('Invalid request.', 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
fields, err = _parse_fields()
|
|
if err:
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
if not _hash_ok():
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
cfg = config_utils.load_config()
|
|
items = cfg.get('dns_blocking', {}).get('blocklists', [])
|
|
if idx < 0 or idx >= len(items):
|
|
flash('Entry not found.', 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
before = copy.deepcopy(items[idx])
|
|
|
|
err = validate.check_blocklist_name_unique(items, fields['name'], exclude_idx=idx)
|
|
if err:
|
|
flash(err, 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
if fields['bl_type'] == 'local':
|
|
save_as = items[idx].get('save_as') or _save_as_from_name(fields['name'], 'txt')
|
|
write_err = _write_local_file(save_as, fields['local_lines'])
|
|
if write_err:
|
|
flash(f'Could not save local blocklist file: {write_err}', 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
items[idx].update({
|
|
'name': fields['name'],
|
|
'description': fields['description'],
|
|
'bl_type': 'local',
|
|
'save_as': save_as,
|
|
})
|
|
items[idx].pop('format', None)
|
|
items[idx].pop('url', None)
|
|
else:
|
|
items[idx].update({
|
|
'name': fields['name'],
|
|
'description': fields['description'],
|
|
'bl_type': 'community',
|
|
'url': fields['url'],
|
|
})
|
|
if not items[idx].get('save_as'):
|
|
items[idx]['save_as'] = _save_as_from_name(fields['name'], 'conf')
|
|
items[idx].pop('local_lines', None)
|
|
|
|
old_name = before.get('name', '')
|
|
used_by_vlans = set(request.form.getlist('used_by_vlans'))
|
|
for vlan in cfg.get('vlans', []):
|
|
vlan_name = vlan.get('name', '')
|
|
current = set(vlan.get('use_blocklists', []))
|
|
if old_name and old_name != fields['name']:
|
|
current.discard(old_name)
|
|
if vlan_name in used_by_vlans:
|
|
current.add(fields['name'])
|
|
else:
|
|
current.discard(fields['name'])
|
|
vlan['use_blocklists'] = sorted(current)
|
|
|
|
errors = validate.validate_config(cfg)
|
|
if errors:
|
|
for msg in errors:
|
|
flash(msg, 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
changes = config_utils.diff_fields(before, items[idx])
|
|
flash(config_utils.record_group(cfg, 'dns_blocking.blocklists', 'name', fields['name'], changes, 'merge blocklists'), 'success')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
|
|
@bp.route('/action/dnsblocking/addblocklist_add', methods=['POST'])
|
|
@auth.require_level('administrator')
|
|
def addblocklist_add():
|
|
fields, err = _parse_fields()
|
|
if err:
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
if not _hash_ok():
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
cfg = config_utils.load_config()
|
|
blocklists = cfg.setdefault('dns_blocking', {}).setdefault('blocklists', [])
|
|
|
|
err = validate.check_blocklist_name_unique(blocklists, fields['name'])
|
|
if err:
|
|
flash(err, 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
if fields['bl_type'] == 'local':
|
|
save_as = _save_as_from_name(fields['name'], 'txt')
|
|
write_err = _write_local_file(save_as, fields['local_lines'])
|
|
if write_err:
|
|
flash(f'Could not save local blocklist file: {write_err}', 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
entry = {
|
|
'name': fields['name'],
|
|
'description': fields['description'],
|
|
'bl_type': 'local',
|
|
'save_as': save_as,
|
|
}
|
|
else:
|
|
entry = {
|
|
'name': fields['name'],
|
|
'description': fields['description'],
|
|
'bl_type': 'community',
|
|
'url': fields['url'],
|
|
'save_as': _save_as_from_name(fields['name'], 'conf'),
|
|
}
|
|
|
|
blocklists.append(entry)
|
|
|
|
used_by_vlans = set(request.form.getlist('used_by_vlans'))
|
|
for vlan in cfg.get('vlans', []):
|
|
vlan_name = vlan.get('name', '')
|
|
current = set(vlan.get('use_blocklists', []))
|
|
if vlan_name in used_by_vlans:
|
|
current.add(fields['name'])
|
|
else:
|
|
current.discard(fields['name'])
|
|
vlan['use_blocklists'] = sorted(current)
|
|
|
|
errors = validate.validate_config(cfg)
|
|
if errors:
|
|
for msg in errors:
|
|
flash(msg, 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
changes = config_utils.diff_fields(None, entry)
|
|
flash(config_utils.record_group(cfg, 'dns_blocking.blocklists', 'name', fields['name'], changes, 'merge blocklists'), 'success')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
|
|
@bp.route('/action/dnsblocking/blocklistrefresh_save', methods=['POST'])
|
|
@auth.require_level('administrator')
|
|
def blocklistrefresh_save():
|
|
daily_execute_time = validate.time_24h(sanitize.time_24h(request.form.get('daily_execute_time_24hr_local', '')))
|
|
|
|
if not daily_execute_time:
|
|
flash('Daily Refresh Time must be a valid 24-hour time (e.g. 02:30).', 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
if not config_utils.verify_config_hash(request.form.get('config_hash', '')):
|
|
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
cfg = config_utils.load_config()
|
|
before = copy.deepcopy(cfg.get('dns_blocking', {}).get('general', {}))
|
|
cfg.setdefault('dns_blocking', {}).setdefault('general', {})['daily_execute_time_24hr_local'] = daily_execute_time
|
|
changes = config_utils.diff_fields(before, cfg['dns_blocking']['general'])
|
|
flash(config_utils.record_group(cfg, 'dns_blocking.general', None, None, changes, 'core apply'), 'success')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
|
|
@bp.route('/action/dnsblocking/blocklistrefresh_refresh', methods=['POST'])
|
|
@auth.require_level('administrator')
|
|
def blocklistrefresh_refresh():
|
|
config_utils.queue_command('download blocklists')
|
|
config_utils.queue_command('merge blocklists')
|
|
flash('Blocklist download and merge queued.', 'success')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
|
|
@bp.route('/action/dnsblocking/logging_save', methods=['POST'])
|
|
@auth.require_level('administrator')
|
|
def logging_save():
|
|
log_max_kb_raw = request.form.get('log_max_kb', '').strip()
|
|
log_errors_only = 'log_errors_only' in request.form
|
|
|
|
log_max_kb = validate.int_range(log_max_kb_raw, 64, None)
|
|
if log_max_kb is None:
|
|
flash('Max Log Size must be a number >= 64.', 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
if not config_utils.verify_config_hash(request.form.get('config_hash', '')):
|
|
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
cfg = config_utils.load_config()
|
|
before = copy.deepcopy(cfg.get('dns_blocking', {}).get('general', {}))
|
|
cfg.setdefault('dns_blocking', {}).setdefault('general', {}).update({
|
|
'log_max_kb': log_max_kb,
|
|
'log_errors_only': log_errors_only,
|
|
})
|
|
errors = validate.validate_config(cfg)
|
|
if errors:
|
|
for msg in errors:
|
|
flash(msg, 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
changes = config_utils.diff_fields(before, cfg['dns_blocking']['general'])
|
|
flash(config_utils.record_group(cfg, 'dns_blocking.general', None, None, changes, 'core apply', queue=False), 'success')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
|
|
@bp.route('/action/dnsblocking/logging_clear', methods=['POST'])
|
|
@auth.require_level('administrator')
|
|
def logging_clear():
|
|
try:
|
|
DNS_LOG_FILE.write_text('')
|
|
flash('DNS blocking log cleared.', 'success')
|
|
except Exception as ex:
|
|
flash(f'Could not clear log: {ex}', 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
|
|
|
|
@bp.route('/action/dnsblocking/logging_download', methods=['GET'])
|
|
@auth.require_level('administrator')
|
|
def logging_download():
|
|
if not DNS_LOG_FILE.is_file():
|
|
flash('Log file not found.', 'error')
|
|
return redirect(f'/{_PAGE}')
|
|
return send_file(DNS_LOG_FILE, as_attachment=True, download_name='blocklists.log', mimetype='text/plain')
|