Development
This commit is contained in:
parent
563d82daf3
commit
70ccfe2c29
48 changed files with 549 additions and 578 deletions
|
|
@ -5,8 +5,8 @@ import ipaddress
|
|||
import re
|
||||
|
||||
from flask import Blueprint, make_response, redirect, flash, request
|
||||
from auth import require_level
|
||||
from config_utils import load_config, record_group, diff_fields, verify_config_hash, CONFIGS_DIR, WEB_APP_DISPLAY_NAME
|
||||
import auth
|
||||
import config_utils
|
||||
import sanitize
|
||||
import mod_validation as validate
|
||||
|
||||
|
|
@ -53,7 +53,7 @@ def _row_index():
|
|||
|
||||
|
||||
def _hash_ok():
|
||||
if not verify_config_hash(request.form.get('config_hash', '')):
|
||||
if not config_utils.verify_config_hash(request.form.get('config_hash', '')):
|
||||
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
|
||||
return False
|
||||
return True
|
||||
|
|
@ -72,7 +72,7 @@ def _generate_wg_keypair():
|
|||
|
||||
def _server_pubkey(iface):
|
||||
try:
|
||||
with open(f'{CONFIGS_DIR}/.{iface}.pub') as f:
|
||||
with open(f'{config_utils.CONFIGS_DIR}/.{iface}.pub') as f:
|
||||
return f.read().strip()
|
||||
except OSError:
|
||||
return None
|
||||
|
|
@ -101,7 +101,7 @@ def _build_client_conf(vlan, peer_name, peer_ip, private_key, server_pubkey):
|
|||
allowed_ips = f'{subnet}/{prefix}' if split_tunnel else '0.0.0.0/0'
|
||||
|
||||
lines = [
|
||||
f'# Generated by {WEB_APP_DISPLAY_NAME}', '',
|
||||
f'# Generated by {config_utils.WEB_APP_DISPLAY_NAME}', '',
|
||||
'[Interface]',
|
||||
f'PrivateKey = {private_key}',
|
||||
f'Address = {peer_ip}/{prefix}',
|
||||
|
|
@ -117,7 +117,7 @@ def _build_client_conf(vlan, peer_name, peer_ip, private_key, server_pubkey):
|
|||
|
||||
|
||||
def _conf_response(vlan, peer_name, peer_ip, private_key):
|
||||
cfg = load_config()
|
||||
cfg = config_utils.load_config()
|
||||
iface = _wg_iface(vlan, cfg)
|
||||
server_pub = _server_pubkey(iface)
|
||||
if not server_pub:
|
||||
|
|
@ -133,7 +133,7 @@ def _conf_response(vlan, peer_name, peer_ip, private_key):
|
|||
|
||||
|
||||
@bp.route('/action/vpn/wireguard_apply', methods=['POST'])
|
||||
@require_level('administrator')
|
||||
@auth.require_level('administrator')
|
||||
def wireguard_apply():
|
||||
listen_port_raw = request.form.get('vpn_listen_port', '').strip()
|
||||
server_endpoint = validate.domainname(request.form.get('vpn_server_endpoint', ''))
|
||||
|
|
@ -166,7 +166,7 @@ def wireguard_apply():
|
|||
if not _hash_ok():
|
||||
return redirect(f'/{_PAGE}')
|
||||
|
||||
cfg = load_config()
|
||||
cfg = config_utils.load_config()
|
||||
vpn_vlan = _wg_vlan(cfg)
|
||||
if vpn_vlan is None:
|
||||
flash('No WireGuard VLAN found in configuration.', 'error')
|
||||
|
|
@ -201,13 +201,13 @@ def wireguard_apply():
|
|||
return redirect(f'/{_PAGE}')
|
||||
|
||||
vlan_name = vpn_vlan['name']
|
||||
changes = diff_fields(before_info, info)
|
||||
flash(record_group(cfg, f'vlans[name={vlan_name}].vpn_information', None, None, changes, 'core apply'), 'success')
|
||||
changes = config_utils.diff_fields(before_info, info)
|
||||
flash(config_utils.record_group(cfg, f'vlans[name={vlan_name}].vpn_information', None, None, changes, 'core apply'), 'success')
|
||||
return redirect(f'/{_PAGE}')
|
||||
|
||||
|
||||
@bp.route('/action/vpn/addpeer_add', methods=['POST'])
|
||||
@require_level('administrator')
|
||||
@auth.require_level('administrator')
|
||||
def addpeer_add():
|
||||
peer_name = sanitize.name(request.form.get('peer_name', ''))
|
||||
peer_vlan_nm = request.form.get('peer_vlan', '').strip()
|
||||
|
|
@ -228,7 +228,7 @@ def addpeer_add():
|
|||
if not _hash_ok():
|
||||
return redirect(f'/{_PAGE}')
|
||||
|
||||
cfg = load_config()
|
||||
cfg = config_utils.load_config()
|
||||
vpn_vlan = _wg_vlan_by_name(cfg, peer_vlan_nm)
|
||||
if vpn_vlan is None:
|
||||
flash(f'VPN VLAN "{peer_vlan_nm}" not found.', 'error')
|
||||
|
|
@ -269,13 +269,13 @@ def addpeer_add():
|
|||
flash(msg, 'error')
|
||||
return redirect(f'/{_PAGE}')
|
||||
|
||||
changes = diff_fields(None, entry)
|
||||
record_group(cfg, f'vlans[name={peer_vlan_nm}].peers', 'name', peer_name, changes, 'core apply')
|
||||
changes = config_utils.diff_fields(None, entry)
|
||||
config_utils.record_group(cfg, f'vlans[name={peer_vlan_nm}].peers', 'name', peer_name, changes, 'core apply')
|
||||
return _conf_response(vpn_vlan, peer_name, peer_ip, private_key)
|
||||
|
||||
|
||||
@bp.route('/action/vpn/peers_edit', methods=['POST'])
|
||||
@require_level('administrator')
|
||||
@auth.require_level('administrator')
|
||||
def peers_edit():
|
||||
flat_idx = _row_index()
|
||||
if flat_idx is None:
|
||||
|
|
@ -292,7 +292,7 @@ def peers_edit():
|
|||
if not _hash_ok():
|
||||
return redirect(f'/{_PAGE}')
|
||||
|
||||
cfg = load_config()
|
||||
cfg = config_utils.load_config()
|
||||
vlan, peer_idx = _find_peer_by_flat_idx(cfg, flat_idx)
|
||||
if vlan is None:
|
||||
flash('Peer not found.', 'error')
|
||||
|
|
@ -313,13 +313,13 @@ def peers_edit():
|
|||
return redirect(f'/{_PAGE}')
|
||||
|
||||
vlan_name = vlan['name']
|
||||
changes = diff_fields(before, {'name': peer_name, 'split_tunnel': split_tunnel, 'enabled': enabled})
|
||||
flash(record_group(cfg, f'vlans[name={vlan_name}].peers', 'name', peer_name, changes, 'core apply'), 'success')
|
||||
changes = config_utils.diff_fields(before, {'name': peer_name, 'split_tunnel': split_tunnel, 'enabled': enabled})
|
||||
flash(config_utils.record_group(cfg, f'vlans[name={vlan_name}].peers', 'name', peer_name, changes, 'core apply'), 'success')
|
||||
return redirect(f'/{_PAGE}')
|
||||
|
||||
|
||||
@bp.route('/action/vpn/peers_toggle', methods=['POST'])
|
||||
@require_level('administrator')
|
||||
@auth.require_level('administrator')
|
||||
def peers_toggle():
|
||||
flat_idx = _row_index()
|
||||
if flat_idx is None:
|
||||
|
|
@ -328,7 +328,7 @@ def peers_toggle():
|
|||
if not _hash_ok():
|
||||
return redirect(f'/{_PAGE}')
|
||||
|
||||
cfg = load_config()
|
||||
cfg = config_utils.load_config()
|
||||
vlan, peer_idx = _find_peer_by_flat_idx(cfg, flat_idx)
|
||||
if vlan is None:
|
||||
flash('Peer not found.', 'error')
|
||||
|
|
@ -346,13 +346,13 @@ def peers_toggle():
|
|||
|
||||
peer_name = peers[peer_idx]['name']
|
||||
vlan_name = vlan['name']
|
||||
changes = diff_fields(before, peers[peer_idx])
|
||||
flash(record_group(cfg, f'vlans[name={vlan_name}].peers', 'name', peer_name, changes, 'core apply'), 'success')
|
||||
changes = config_utils.diff_fields(before, peers[peer_idx])
|
||||
flash(config_utils.record_group(cfg, f'vlans[name={vlan_name}].peers', 'name', peer_name, changes, 'core apply'), 'success')
|
||||
return redirect(f'/{_PAGE}')
|
||||
|
||||
|
||||
@bp.route('/action/vpn/peers_delete', methods=['POST'])
|
||||
@require_level('administrator')
|
||||
@auth.require_level('administrator')
|
||||
def peers_delete():
|
||||
flat_idx = _row_index()
|
||||
if flat_idx is None:
|
||||
|
|
@ -361,7 +361,7 @@ def peers_delete():
|
|||
if not _hash_ok():
|
||||
return redirect(f'/{_PAGE}')
|
||||
|
||||
cfg = load_config()
|
||||
cfg = config_utils.load_config()
|
||||
vlan, peer_idx = _find_peer_by_flat_idx(cfg, flat_idx)
|
||||
if vlan is None:
|
||||
flash('Peer not found.', 'error')
|
||||
|
|
@ -376,13 +376,13 @@ def peers_delete():
|
|||
return redirect(f'/{_PAGE}')
|
||||
|
||||
vlan_name = vlan['name']
|
||||
changes = diff_fields(removed, None)
|
||||
flash(record_group(cfg, f'vlans[name={vlan_name}].peers', 'name', removed['name'], changes, 'core apply'), 'success')
|
||||
changes = config_utils.diff_fields(removed, None)
|
||||
flash(config_utils.record_group(cfg, f'vlans[name={vlan_name}].peers', 'name', removed['name'], changes, 'core apply'), 'success')
|
||||
return redirect(f'/{_PAGE}')
|
||||
|
||||
|
||||
@bp.route('/action/vpn/peers_regenerate', methods=['POST'])
|
||||
@require_level('administrator')
|
||||
@auth.require_level('administrator')
|
||||
def peers_regenerate():
|
||||
flat_idx = _row_index()
|
||||
if flat_idx is None:
|
||||
|
|
@ -391,7 +391,7 @@ def peers_regenerate():
|
|||
if not _hash_ok():
|
||||
return redirect(f'/{_PAGE}')
|
||||
|
||||
cfg = load_config()
|
||||
cfg = config_utils.load_config()
|
||||
vlan, peer_idx = _find_peer_by_flat_idx(cfg, flat_idx)
|
||||
if vlan is None:
|
||||
flash('Peer not found.', 'error')
|
||||
|
|
@ -408,6 +408,6 @@ def peers_regenerate():
|
|||
return redirect(f'/{_PAGE}')
|
||||
|
||||
vlan_name = vlan['name']
|
||||
changes = diff_fields({'public_key': old_pub_key}, {'public_key': public_key})
|
||||
record_group(cfg, f'vlans[name={vlan_name}].peers', 'name', peer['name'], changes, 'core apply')
|
||||
changes = config_utils.diff_fields({'public_key': old_pub_key}, {'public_key': public_key})
|
||||
config_utils.record_group(cfg, f'vlans[name={vlan_name}].peers', 'name', peer['name'], changes, 'core apply')
|
||||
return _conf_response(vlan, peer['name'], peer['ip'], private_key)
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
import json
|
||||
from config_utils import collect_layout_tokens, load_datasource, fmt_timestamp, fmt_bytes
|
||||
from factory import run, load_json, build_table, table_token_key, iter_table_items, PAGES_DIR
|
||||
import config_utils
|
||||
import factory
|
||||
|
||||
|
||||
def live_vpn_sessions():
|
||||
rows = []
|
||||
out = run('wg show all dump 2>/dev/null')
|
||||
out = factory.run('wg show all dump 2>/dev/null')
|
||||
for line in out.splitlines():
|
||||
parts = line.split('\t')
|
||||
if len(parts) == 9:
|
||||
|
|
@ -15,15 +15,15 @@ def live_vpn_sessions():
|
|||
'interface': interface,
|
||||
'tunnel_ip': allowed_ips.split(',')[0].split('/')[0] if allowed_ips else '-',
|
||||
'endpoint': endpoint if endpoint != '(none)' else '-',
|
||||
'last_handshake': fmt_timestamp(int(last_hs)) if last_hs.isdigit() and last_hs != '0' else 'Never',
|
||||
'rx_bytes': fmt_bytes(int(rx)) if rx.isdigit() else '-',
|
||||
'tx_bytes': fmt_bytes(int(tx)) if tx.isdigit() else '-',
|
||||
'last_handshake': config_utils.fmt_timestamp(int(last_hs)) if last_hs.isdigit() and last_hs != '0' else 'Never',
|
||||
'rx_bytes': config_utils.fmt_bytes(int(rx)) if rx.isdigit() else '-',
|
||||
'tx_bytes': config_utils.fmt_bytes(int(tx)) if tx.isdigit() else '-',
|
||||
})
|
||||
return rows
|
||||
|
||||
|
||||
def collect_tokens(cfg):
|
||||
tokens = collect_layout_tokens(cfg)
|
||||
tokens = config_utils.collect_layout_tokens(cfg)
|
||||
vlans = cfg.get('vlans', [])
|
||||
wg_vlans_list = sorted(
|
||||
[v for v in vlans if v.get('is_vpn')],
|
||||
|
|
@ -55,9 +55,9 @@ def collect_tokens(cfg):
|
|||
tokens['VPN_DNS_SERVER'] = str(overrides.get('dns_servers', ''))
|
||||
tokens['VPN_MTU'] = str(overrides.get('mtu', ''))
|
||||
tokens['VPN_GATEWAY'] = vpn_gateway
|
||||
content = load_json(f'{PAGES_DIR}/vpn/content.json')
|
||||
for table_item in iter_table_items(content.get('items', [])):
|
||||
content = factory.load_json(f'{factory.PAGES_DIR}/vpn/content.json')
|
||||
for table_item in factory.iter_table_items(content.get('items', [])):
|
||||
ds = table_item.get('datasource', '')
|
||||
rows = live_vpn_sessions() if ds == 'live:vpn_sessions' else load_datasource(ds)
|
||||
tokens[table_token_key(ds)] = build_table(table_item, tokens, rows)
|
||||
rows = live_vpn_sessions() if ds == 'live:vpn_sessions' else config_utils.load_datasource(ds)
|
||||
tokens[factory.table_token_key(ds)] = factory.build_table(table_item, tokens, rows)
|
||||
return tokens
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue