Flask app progress

docker/router-dash/app/action_apply_banned_ips.py

@@ -0,0 +1,137 @@
+from flask import Blueprint, request, redirect, flash
+from auth import require_level
+from config_utils import load_core, save_core, verify_core_hash, apply_msg
+import sanitize
+import validate
+
+bp = Blueprint('action_apply_banned_ips', __name__)
+
+VIEW   = '/view/view_banned_ips'
+
+
+def _row_index():
+    try:
+        return int(request.form.get('row_index', ''))
+    except (ValueError, TypeError):
+        return None
+
+
+def _hash_ok():
+    if not verify_core_hash(request.form.get('config_hash', '')):
+        flash('Configuration was modified by another session. Please refresh and try again.', 'error')
+        return False
+    return True
+
+
+def _parse_ip():
+    """Return validated IP string, or None after flashing an error."""
+    raw = request.form.get('ip', '').strip()
+    if not raw:
+        flash('The configuration has not been saved because an IP address, CIDR, or wildcard pattern is required.', 'error')
+        return None
+    ip = validate.banned_ip(raw)
+    if not ip:
+        flash(f'The configuration has not been saved because "{raw}" is not a valid IP address, CIDR, or wildcard pattern.', 'error')
+        return None
+    return ip
+
+
+@bp.route('/action/add_banned_ip', methods=['POST'])
+@require_level('administrator')
+def add_banned_ip():
+    description = sanitize.text(request.form.get('description', ''))
+    ip          = _parse_ip()
+    if ip is None:
+        return redirect(VIEW)
+
+    if not _hash_ok():
+        return redirect(VIEW)
+
+    core = load_core()
+    core.setdefault('banned_ips', []).append({
+        'description': description,
+        'ip':          ip,
+        'enabled':     True,
+    })
+    save_core(core)
+
+    flash(apply_msg(), 'success')
+    return redirect(VIEW)
+
+
+@bp.route('/action/toggle_banned_ip', methods=['POST'])
+@require_level('administrator')
+def toggle_banned_ip():
+    idx = _row_index()
+    if idx is None:
+        flash('Invalid request.', 'error')
+        return redirect(VIEW)
+
+    if not _hash_ok():
+        return redirect(VIEW)
+
+    core  = load_core()
+    items = core.get('banned_ips', [])
+    if idx < 0 or idx >= len(items):
+        flash('Entry not found.', 'error')
+        return redirect(VIEW)
+
+    items[idx]['enabled'] = not items[idx].get('enabled', True)
+    save_core(core)
+
+    flash(apply_msg(), 'success')
+    return redirect(VIEW)
+
+
+@bp.route('/action/edit_banned_ip', methods=['POST'])
+@require_level('administrator')
+def edit_banned_ip():
+    idx = _row_index()
+    if idx is None:
+        flash('Invalid request.', 'error')
+        return redirect(VIEW)
+
+    description = sanitize.text(request.form.get('description', ''))
+    ip          = _parse_ip()
+    if ip is None:
+        return redirect(VIEW)
+    enabled = request.form.get('enabled') == 'on'
+
+    if not _hash_ok():
+        return redirect(VIEW)
+
+    core  = load_core()
+    items = core.get('banned_ips', [])
+    if idx < 0 or idx >= len(items):
+        flash('Entry not found.', 'error')
+        return redirect(VIEW)
+
+    items[idx].update({'description': description, 'ip': ip, 'enabled': enabled})
+    save_core(core)
+
+    flash(apply_msg(), 'success')
+    return redirect(VIEW)
+
+
+@bp.route('/action/delete_banned_ip', methods=['POST'])
+@require_level('administrator')
+def delete_banned_ip():
+    idx = _row_index()
+    if idx is None:
+        flash('Invalid request.', 'error')
+        return redirect(VIEW)
+
+    if not _hash_ok():
+        return redirect(VIEW)
+
+    core  = load_core()
+    items = core.get('banned_ips', [])
+    if idx < 0 or idx >= len(items):
+        flash('Entry not found.', 'error')
+        return redirect(VIEW)
+
+    removed = items.pop(idx)
+    save_core(core)
+
+    flash(apply_msg(), 'success')
+    return redirect(VIEW)