mgrotke/linuxrouter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Development

Browse source
This commit is contained in:
Matthew Grotke 2026-05-21 01:34:42 -04:00
parent 8766c6c9a2
commit ee31a18ac6
43 changed files with 54 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

8
docker/routlin-dash/Dockerfile Normal file
View file

@ -0,0 +1,8 @@
FROM python:3.12-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
ARG CACHE_BUST
COPY app/*.py .
EXPOSE 25327
CMD ["python", "main.py"]

65
docker/routlin-dash/app/action_add_account.py Normal file
View file

@ -0,0 +1,65 @@
from flask import Blueprint, request, session, redirect, flash
import json, re
from datetime import datetime, timezone
from auth import require_level
import sanitize
bp = Blueprint('action_add_account', __name__)
DATA_DIR = '/data'
ACCOUNTS_FILE = f'{DATA_DIR}/authorized_accounts.json'
VALID_LEVELS = {'viewer', 'administrator', 'manager'}
def _load_accounts():
try:
with open(ACCOUNTS_FILE) as f:
return json.load(f)
except Exception:
return {'accounts': []}
def _save_accounts(data):
with open(ACCOUNTS_FILE, 'w') as f:
json.dump(data, f, indent=2)
@bp.route('/action/add_account', methods=['POST'])
@require_level('manager')
def add_account():
email = sanitize.email(request.form.get('email_address', ''))
access_level = request.form.get('access_level', '').strip()
if not email:
flash('Email address is required.', 'error')
return redirect('/view/view_manage_accounts')
if not re.match(r'^[^@\s]+@[^@\s]+\.[^@\s]+$', email):
flash('Email address does not appear to be valid.', 'error')
return redirect('/view/view_manage_accounts')
if access_level not in VALID_LEVELS:
flash('Invalid access level.', 'error')
return redirect('/view/view_manage_accounts')
data = _load_accounts()
accounts = data.get('accounts', [])
if any(a.get('email_address', '').lower() == email for a in accounts):
flash('An account with that email address already exists.', 'error')
return redirect('/view/view_manage_accounts')
now = datetime.now(tz=timezone.utc).strftime('%Y-%m-%dT%H:%M:%SZ')
accounts.append({
'email_address': email,
'access_level': access_level,
'account_created_utc': now,
'account_created_by': session.get('email_address', ''),
'hashed_password': '',
'timezone': '',
})
data['accounts'] = accounts
_save_accounts(data)
flash(f'Authorization added for {email}. User must complete account setup via the Create Account page.', 'success')
return redirect('/view/view_manage_accounts')

157
docker/routlin-dash/app/action_apply_banned_ips.py Normal file
View file

@ -0,0 +1,157 @@
from flask import Blueprint, request, redirect, flash
from auth import require_level
from config_utils import load_core, save_core, verify_core_hash, queued_msg
import sanitize
import validation as validate
bp = Blueprint('action_apply_banned_ips', __name__)
VIEW = '/view/view_banned_ips'
def _row_index():
try:
return int(request.form.get('row_index', ''))
except (ValueError, TypeError):
return None
def _hash_ok():
if not verify_core_hash(request.form.get('config_hash', '')):
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
return False
return True
def _parse_ip():
"""Return validated IP string, or None after flashing an error."""
raw = request.form.get('ip', '').strip()
if not raw:
flash('The configuration has not been saved because an IP address, CIDR, or wildcard pattern is required.', 'error')
return None
ip = validate.banned_ip(raw)
if not ip:
flash(f'The configuration has not been saved because "{raw}" is not a valid IP address, CIDR, or wildcard pattern.', 'error')
return None
return ip
@bp.route('/action/add_banned_ip', methods=['POST'])
@require_level('administrator')
def add_banned_ip():
description = sanitize.text(request.form.get('description', ''))
ip = _parse_ip()
if ip is None:
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
core.setdefault('banned_ips', []).append({
'description': description,
'ip': ip,
'enabled': True,
})
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/toggle_banned_ip', methods=['POST'])
@require_level('administrator')
def toggle_banned_ip():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
items = core.get('banned_ips', [])
if idx < 0 or idx >= len(items):
flash('Entry not found.', 'error')
return redirect(VIEW)
items[idx]['enabled'] = not items[idx].get('enabled', True)
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/edit_banned_ip', methods=['POST'])
@require_level('administrator')
def edit_banned_ip():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
description = sanitize.text(request.form.get('description', ''))
ip = _parse_ip()
if ip is None:
return redirect(VIEW)
enabled = request.form.get('enabled') == 'on'
if not _hash_ok():
return redirect(VIEW)
core = load_core()
items = core.get('banned_ips', [])
if idx < 0 or idx >= len(items):
flash('Entry not found.', 'error')
return redirect(VIEW)
items[idx].update({'description': description, 'ip': ip, 'enabled': enabled})
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/delete_banned_ip', methods=['POST'])
@require_level('administrator')
def delete_banned_ip():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
items = core.get('banned_ips', [])
if idx < 0 or idx >= len(items):
flash('Entry not found.', 'error')
return redirect(VIEW)
removed = items.pop(idx)
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)

162
docker/routlin-dash/app/action_apply_blocklists.py Normal file
View file

@ -0,0 +1,162 @@
from flask import Blueprint, request, redirect, flash
from auth import require_level
from config_utils import load_core, save_core, verify_core_hash, queued_msg
import re
import sanitize
import validation as validate
bp = Blueprint('action_apply_blocklists', __name__)
VIEW = '/view/view_blocklists'
_VALID_FORMATS_STR = ', '.join(sorted(validate.VALID_BLOCKLIST_FORMATS))
def _row_index():
try:
return int(request.form.get('row_index', ''))
except (ValueError, TypeError):
return None
def _hash_ok():
if not verify_core_hash(request.form.get('config_hash', '')):
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
return False
return True
def _save_as_from_name(name):
slug = re.sub(r'[^a-z0-9_-]', '_', name.lower()).strip('_')
return f'{slug}.conf'
def _parse_fields():
"""Parse and validate add/edit form fields. Returns (fields_dict, None) or (None, already_flashed)."""
name = sanitize.name(request.form.get('name', ''))
description = sanitize.description(request.form.get('description', ''))
fmt = sanitize.filtervalue(request.form.get('format', ''), validate.VALID_BLOCKLIST_FORMATS)
url = sanitize.url(request.form.get('url', ''))
if not name:
flash('The configuration has not been saved because a name is required.', 'error')
return None, True
if not url:
flash('The configuration has not been saved because a URL is required.', 'error')
return None, True
if not fmt:
flash(f'The configuration has not been saved because the format is invalid. '
f'Accepted formats: {_VALID_FORMATS_STR}.', 'error')
return None, True
return {'name': name, 'description': description, 'format': fmt, 'url': url}, None
@bp.route('/action/add_blocklist', methods=['POST'])
@require_level('administrator')
def add_blocklist():
fields, err = _parse_fields()
if err:
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
blocklists = core.setdefault('blocklists', [])
if any(b.get('name', '').lower() == fields['name'].lower() for b in blocklists):
flash('The configuration has not been saved because a blocklist with that name already exists.', 'error')
return redirect(VIEW)
blocklists.append({
'name': fields['name'],
'description': fields['description'],
'format': fields['format'],
'url': fields['url'],
'save_as': _save_as_from_name(fields['name']),
})
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/edit_blocklist', methods=['POST'])
@require_level('administrator')
def edit_blocklist():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
fields, err = _parse_fields()
if err:
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
items = core.get('blocklists', [])
if idx < 0 or idx >= len(items):
flash('Entry not found.', 'error')
return redirect(VIEW)
items[idx].update({
'name': fields['name'],
'description': fields['description'],
'format': fields['format'],
'url': fields['url'],
})
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/delete_blocklist', methods=['POST'])
@require_level('administrator')
def delete_blocklist():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
items = core.get('blocklists', [])
if idx < 0 or idx >= len(items):
flash('Entry not found.', 'error')
return redirect(VIEW)
removed = items.pop(idx)
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/update_blocklists', methods=['POST'])
@require_level('administrator')
def update_blocklists():
flash(queued_msg('core update-blocklists'), 'success')
return redirect(VIEW)

144
docker/routlin-dash/app/action_apply_ddns_providers.py Normal file
View file

@ -0,0 +1,144 @@
from flask import Blueprint, request, redirect, flash
from auth import require_level
import json
import sanitize
import validation as validate
bp = Blueprint('action_apply_ddns_providers', __name__)
DDNS_FILE = '/configs/ddns.json'
@bp.route('/action/add_ddns_provider', methods=['POST'])
@require_level('administrator')
def add_ddns_provider():
provider_type = sanitize.filtervalue(request.form.get('provider', ''), validate.VALID_DDNS_PROVIDERS)
description = sanitize.description(request.form.get('description', ''))
hostnames = sanitize.domainlist(request.form.get('hostnames', '').splitlines())
if not description:
flash('Description is required.', 'error')
return redirect('/view/view_ddns')
if not hostnames:
flash('At least one hostname is required.', 'error')
return redirect('/view/view_ddns')
if not provider_type:
flash('Unknown provider type.', 'error')
return redirect('/view/view_ddns')
try:
with open(DDNS_FILE) as f:
data = json.load(f)
except Exception as ex:
flash(f'Could not read config: {ex}', 'error')
return redirect('/view/view_ddns')
entry = {
'description': description,
'provider': provider_type,
'enabled': True,
'hostnames': hostnames,
}
if provider_type == 'noip':
entry['username'] = request.form.get('username', '').strip()
entry['password'] = request.form.get('password', '').strip()
else:
entry['api_token'] = request.form.get('api_token', '').strip()
data.setdefault('providers', []).append(entry)
try:
with open(DDNS_FILE, 'w') as f:
json.dump(data, f, indent=2)
flash(f'DDNS provider "{description}" added.', 'success')
except Exception as ex:
flash(f'Could not save config: {ex}', 'error')
return redirect('/view/view_ddns')
@bp.route('/action/edit_ddns_provider', methods=['POST'])
@require_level('administrator')
def edit_ddns_provider():
try:
row_index = int(request.form.get('row_index', -1))
except (TypeError, ValueError):
flash('Invalid row index.', 'error')
return redirect('/view/view_ddns')
provider_type = sanitize.filtervalue(request.form.get('provider', ''), validate.VALID_DDNS_PROVIDERS)
description = sanitize.description(request.form.get('description', ''))
hostnames_raw = request.form.get('hostnames', '')
enabled = request.form.get('enabled') == 'on'
hostnames = [h.strip() for h in hostnames_raw.splitlines() if h.strip()]
if not provider_type:
flash('Unknown provider type.', 'error')
return redirect('/view/view_ddns')
try:
with open(DDNS_FILE) as f:
data = json.load(f)
except Exception as ex:
flash(f'Could not read config: {ex}', 'error')
return redirect('/view/view_ddns')
providers = data.get('providers', [])
if row_index < 0 or row_index >= len(providers):
flash('Invalid provider index.', 'error')
return redirect('/view/view_ddns')
entry = {
'description': description,
'provider': provider_type,
'enabled': enabled,
'hostnames': hostnames,
}
if provider_type == 'noip':
entry['username'] = request.form.get('username', '').strip()
entry['password'] = request.form.get('password', '').strip()
else:
entry['api_token'] = request.form.get('api_token', '').strip()
providers[row_index] = entry
data['providers'] = providers
try:
with open(DDNS_FILE, 'w') as f:
json.dump(data, f, indent=2)
flash('DDNS provider updated.', 'success')
except Exception as ex:
flash(f'Could not save config: {ex}', 'error')
return redirect('/view/view_ddns')
@bp.route('/action/delete_ddns_provider', methods=['POST'])
@require_level('administrator')
def delete_ddns_provider():
try:
row_index = int(request.form.get('row_index', -1))
except (TypeError, ValueError):
flash('Invalid row index.', 'error')
return redirect('/view/view_ddns')
try:
with open(DDNS_FILE) as f:
data = json.load(f)
except Exception as ex:
flash(f'Could not read config: {ex}', 'error')
return redirect('/view/view_ddns')
providers = data.get('providers', [])
if row_index < 0 or row_index >= len(providers):
flash('Invalid provider index.', 'error')
return redirect('/view/view_ddns')
del providers[row_index]
data['providers'] = providers
try:
with open(DDNS_FILE, 'w') as f:
json.dump(data, f, indent=2)
flash('DDNS provider deleted.', 'success')
except Exception as ex:
flash(f'Could not save config: {ex}', 'error')
return redirect('/view/view_ddns')

236
docker/routlin-dash/app/action_apply_dhcp_reservations.py Normal file
View file

@ -0,0 +1,236 @@
import ipaddress
from flask import Blueprint, request, redirect, flash
from auth import require_level
from config_utils import load_core, save_core, verify_core_hash, queued_msg
import sanitize
import validation as validate
bp = Blueprint('action_apply_dhcp_reservations', __name__)
VIEW = '/view/view_dhcp'
def _row_index():
try:
return int(request.form.get('row_index', ''))
except (ValueError, TypeError):
return None
def _hash_ok():
if not verify_core_hash(request.form.get('config_hash', '')):
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
return False
return True
def _flat_index_to_vlan_res(vlans, flat_idx):
pos = 0
for vi, vlan in enumerate(vlans):
for ri in range(len(vlan.get('reservations', []))):
if pos == flat_idx:
return vi, ri
pos += 1
return None, None
def _parse_ip():
"""Return validated IP string, or None after flashing an error."""
raw = request.form.get('ip', '').strip()
if not raw:
flash('The configuration has not been saved because an IP address is required.', 'error')
return None
ip = validate.ip(raw)
if not ip:
flash(f'The configuration has not been saved because "{raw}" is not a valid IP address.', 'error')
return None
return ip
def _check_ip_conflicts(ip, vlan):
"""Return an error message if ip conflicts with pool range or server identities, else None."""
dhcp = vlan.get('dhcp_information', {})
pool_start = dhcp.get('dynamic_pool_start')
pool_end = dhcp.get('dynamic_pool_end')
if pool_start and pool_end:
try:
if (ipaddress.IPv4Address(pool_start) <= ipaddress.IPv4Address(ip)
<= ipaddress.IPv4Address(pool_end)):
return f'{ip} falls within the dynamic pool range ({pool_start}{pool_end}).'
except Exception:
pass
identity_ips = {s['ip'] for s in vlan.get('server_identities', []) if s.get('ip')}
if ip in identity_ips:
return f'{ip} is already assigned as a server identity IP.'
return None
@bp.route('/action/add_dhcp_reservation', methods=['POST'])
@require_level('administrator')
def add_dhcp_reservation():
vlan_name = sanitize.name(request.form.get('vlan_name', ''))
description = sanitize.text(request.form.get('description', ''))
hostname = validate.domainname(request.form.get('hostname', ''))
mac = sanitize.mac(request.form.get('mac', ''))
ip = _parse_ip()
radius_client = 'radius_client' in request.form
if ip is None:
return redirect(VIEW)
if not vlan_name:
flash('The configuration has not been saved because a VLAN is required.', 'error')
return redirect(VIEW)
if not mac:
flash('The configuration has not been saved because a MAC address is required.', 'error')
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
vlans = core.get('vlans', [])
vlan = next((v for v in vlans if v.get('name') == vlan_name), None)
if vlan is None:
flash(f'The configuration has not been saved because VLAN "{vlan_name}" was not found.', 'error')
return redirect(VIEW)
conflict = _check_ip_conflicts(ip, vlan)
if conflict:
flash(f'The configuration has not been saved because {conflict}', 'error')
return redirect(VIEW)
vlan.setdefault('reservations', []).append({
'description': description,
'hostname': hostname,
'mac': mac,
'ip': ip,
'radius_client': radius_client,
'enabled': True,
})
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/toggle_dhcp_reservation', methods=['POST'])
@require_level('administrator')
def toggle_dhcp_reservation():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
vlans = core.get('vlans', [])
vi, ri = _flat_index_to_vlan_res(vlans, idx)
if vi is None:
flash('Entry not found.', 'error')
return redirect(VIEW)
res = vlans[vi]['reservations'][ri]
res['enabled'] = not res.get('enabled', True)
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/edit_dhcp_reservation', methods=['POST'])
@require_level('administrator')
def edit_dhcp_reservation():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
description = sanitize.text(request.form.get('description', ''))
hostname = validate.domainname(request.form.get('hostname', ''))
mac = sanitize.mac(request.form.get('mac', ''))
ip = _parse_ip()
radius_client = 'radius_client' in request.form
if ip is None:
return redirect(VIEW)
if not mac:
flash('The configuration has not been saved because a MAC address is required.', 'error')
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
vlans = core.get('vlans', [])
vi, ri = _flat_index_to_vlan_res(vlans, idx)
if vi is None:
flash('Entry not found.', 'error')
return redirect(VIEW)
conflict = _check_ip_conflicts(ip, vlans[vi])
if conflict:
flash(f'The configuration has not been saved because {conflict}', 'error')
return redirect(VIEW)
res = vlans[vi]['reservations'][ri]
res.update({
'description': description,
'hostname': hostname,
'mac': mac,
'ip': ip,
'radius_client': radius_client,
'enabled': 'enabled' in request.form,
})
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/delete_dhcp_reservation', methods=['POST'])
@require_level('administrator')
def delete_dhcp_reservation():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
vlans = core.get('vlans', [])
vi, ri = _flat_index_to_vlan_res(vlans, idx)
if vi is None:
flash('Entry not found.', 'error')
return redirect(VIEW)
removed = vlans[vi]['reservations'].pop(ri)
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)

42
docker/routlin-dash/app/action_apply_general.py Normal file
View file

@ -0,0 +1,42 @@
from flask import Blueprint, request, redirect, flash
from auth import require_level
from config_utils import load_core, save_core, verify_core_hash, queued_msg
import sanitize
import validation as validate
bp = Blueprint('action_apply_general', __name__)
@bp.route('/action/apply_general', methods=['POST'])
@require_level('administrator')
def apply_general():
log_max_kb_raw = request.form.get('log_max_kb', '').strip()
log_errors_only = 'log_errors_only' in request.form
dnsmasq_log_queries = 'dnsmasq_log_queries' in request.form
daily_execute_time = sanitize.time_24h(request.form.get('daily_execute_time_24hr_local', ''))
log_max_kb = validate.int_range(log_max_kb_raw, 64, None)
if log_max_kb is None:
flash('Max Log Size must be a number >= 64.', 'error')
return redirect('/view/view_general')
if not verify_core_hash(request.form.get('config_hash', '')):
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
return redirect('/view/view_general')
core = load_core()
core.setdefault('general', {}).update({
'log_max_kb': log_max_kb,
'log_errors_only': log_errors_only,
'dnsmasq_log_queries': dnsmasq_log_queries,
'daily_execute_time_24hr_local': daily_execute_time,
})
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect('/view/view_general')
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect('/view/view_general')

184
docker/routlin-dash/app/action_apply_host_overrides.py Normal file
View file

@ -0,0 +1,184 @@
import ipaddress
from flask import Blueprint, request, redirect, flash
from auth import require_level
from config_utils import load_core, save_core, verify_core_hash, queued_msg
import sanitize
import validation as validate
bp = Blueprint('action_apply_host_overrides', __name__)
VIEW = '/view/view_host_overrides'
def _vlan_networks(core):
nets = []
for v in core.get('vlans', []):
subnet = v.get('subnet', '')
mask = v.get('subnet_mask', '')
if subnet and mask:
try:
nets.append(ipaddress.IPv4Network(f"{subnet}/{mask}", strict=False))
except ValueError:
pass
return nets
def _ip_in_vlan(ip_str, core):
"""Return True if ip_str falls within at least one configured VLAN subnet."""
try:
addr = ipaddress.IPv4Address(ip_str)
except ValueError:
return False
nets = _vlan_networks(core)
return not nets or any(addr in net for net in nets)
def _row_index():
try:
return int(request.form.get('row_index', ''))
except (ValueError, TypeError):
return None
def _hash_ok():
if not verify_core_hash(request.form.get('config_hash', '')):
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
return False
return True
@bp.route('/action/add_host_override', methods=['POST'])
@require_level('administrator')
def add_host_override():
description = sanitize.text(request.form.get('description', ''))
host = validate.domainname(request.form.get('host', ''))
ip = sanitize.ip(request.form.get('ip', ''))
if not host or not ip:
flash('Hostname and IP address are required.', 'error')
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
if not _ip_in_vlan(ip, core):
flash('IP address does not fall within any configured VLAN subnet.', 'error')
return redirect(VIEW)
core.setdefault('host_overrides', []).append({
'description': description,
'host': host,
'ip': ip,
'enabled': True,
})
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/toggle_host_override', methods=['POST'])
@require_level('administrator')
def toggle_host_override():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
items = core.get('host_overrides', [])
if idx < 0 or idx >= len(items):
flash('Entry not found.', 'error')
return redirect(VIEW)
items[idx]['enabled'] = not items[idx].get('enabled', True)
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/edit_host_override', methods=['POST'])
@require_level('administrator')
def edit_host_override():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
description = sanitize.text(request.form.get('description', ''))
host = validate.domainname(request.form.get('host', ''))
ip = sanitize.ip(request.form.get('ip', ''))
enabled = request.form.get('enabled') == 'on'
if not host or not ip:
flash('Hostname and IP address are required.', 'error')
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
if not _ip_in_vlan(ip, core):
flash('IP address does not fall within any configured VLAN subnet.', 'error')
return redirect(VIEW)
items = core.get('host_overrides', [])
if idx < 0 or idx >= len(items):
flash('Entry not found.', 'error')
return redirect(VIEW)
items[idx].update({'description': description, 'host': host, 'ip': ip, 'enabled': enabled})
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/delete_host_override', methods=['POST'])
@require_level('administrator')
def delete_host_override():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
items = core.get('host_overrides', [])
if idx < 0 or idx >= len(items):
flash('Entry not found.', 'error')
return redirect(VIEW)
removed = items.pop(idx)
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)

78
docker/routlin-dash/app/action_apply_iface_config.py Normal file
View file

@ -0,0 +1,78 @@
import os
from flask import Blueprint, request, redirect, flash
from auth import require_level
from config_utils import verify_core_hash, queued_msg, queue_command
import sanitize
import validation as validate
bp = Blueprint('action_apply_iface_config', __name__)
_VIEW = '/view/view_general'
_EXCLUDE_PREFIXES = ('lo', 'wg', 'docker', 'br-', 'veth',
'tun', 'tap', 'ppp', 'virbr',
'podman', 'vnet', 'macvtap', 'fc-')
def _valid_interface(name):
try:
return name in {
n for n in os.listdir('/sys/class/net')
if not n.startswith(_EXCLUDE_PREFIXES)
and os.path.exists(f'/sys/class/net/{n}/device')
}
except Exception:
return False
@bp.route('/action/apply_iface_config', methods=['POST'])
@require_level('administrator')
def apply_iface_config():
if not verify_core_hash(request.form.get('config_hash', '')):
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
return redirect(_VIEW)
iface = sanitize.interface_name(request.form.get('iface', ''))
mtu = request.form.get('mtu', '').strip()
mac = sanitize.mac(request.form.get('mac', ''))
original_mtu = request.form.get('original_mtu', '').strip()
original_mac = sanitize.mac(request.form.get('original_mac', ''))
if not iface:
flash('No interface specified.', 'error')
return redirect(_VIEW)
if not _valid_interface(iface):
flash(f"Interface '{iface}' does not exist on this system.", 'error')
return redirect(_VIEW)
mtu_int = None
if mtu:
mtu_int = validate.int_range(mtu, 68, 9000)
if mtu_int is None:
flash('MTU must be an integer between 68 and 9000.', 'error')
return redirect(_VIEW)
mac_raw = request.form.get('mac', '').strip()
if mac_raw and not mac:
flash('MAC address must be in the format aa:bb:cc:dd:ee:ff.', 'error')
return redirect(_VIEW)
if not mtu_int and not mac:
flash('No changes specified.', 'error')
return redirect(_VIEW)
queued = False
if mtu_int and str(mtu_int) != original_mtu:
queue_command(f'mtu {iface} {mtu_int}')
queued = True
if mac and mac != original_mac:
queue_command(f'mac {iface} {mac}')
queued = True
if not queued:
flash('No changes detected.', 'info')
return redirect(_VIEW)
flash(queued_msg(), 'success')
return redirect(_VIEW)

186
docker/routlin-dash/app/action_apply_inter_vlan.py Normal file
View file

@ -0,0 +1,186 @@
from flask import Blueprint, request, redirect, flash
from auth import require_level
from config_utils import load_core, save_core, verify_core_hash, queued_msg
import sanitize
import validation as validate
bp = Blueprint('action_apply_inter_vlan', __name__)
VIEW = '/view/view_inter_vlan'
_VALID_PROTOS_STR = ', '.join(sorted(validate.VALID_PROTOCOLS))
def _row_index():
try:
return int(request.form.get('row_index', ''))
except (ValueError, TypeError):
return None
def _hash_ok():
if not verify_core_hash(request.form.get('config_hash', '')):
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
return False
return True
def _parse_entry():
"""Parse and validate form fields. Returns (entry_dict, None) or (None, already_flashed)."""
description = sanitize.text(request.form.get('description', ''))
protocol = sanitize.filtervalue(request.form.get('protocol', ''), validate.VALID_PROTOCOLS)
src_raw = request.form.get('src_ip_or_subnet', '').strip()
dst_raw = request.form.get('dst_ip_or_subnet', '').strip()
dst_port_raw = request.form.get('dst_port', '').strip()
if not protocol:
flash(f'The configuration has not been saved because the protocol is invalid. '
f'Accepted values: {_VALID_PROTOS_STR}.', 'error')
return None, True
if not src_raw:
flash('The configuration has not been saved because a source IP or subnet is required.', 'error')
return None, True
src = validate.ip_or_cidr(src_raw)
if not src:
flash(f'The configuration has not been saved because "{src_raw}" is not a valid IP address or subnet.', 'error')
return None, True
if not dst_raw:
flash('The configuration has not been saved because a destination IP or subnet is required.', 'error')
return None, True
dst = validate.ip_or_cidr(dst_raw)
if not dst:
flash(f'The configuration has not been saved because "{dst_raw}" is not a valid IP address or subnet.', 'error')
return None, True
dst_port = ''
if dst_port_raw:
dst_port = validate.port(dst_port_raw)
if not dst_port:
flash(f'The configuration has not been saved because "{dst_port_raw}" is not a valid port number (1-65535).', 'error')
return None, True
return {
'description': description,
'protocol': protocol,
'src_ip_or_subnet': src,
'dst_ip_or_subnet': dst,
'dst_port': dst_port,
'enabled': True,
}, None
@bp.route('/action/add_inter_vlan', methods=['POST'])
@require_level('administrator')
def add_inter_vlan():
entry, err = _parse_entry()
if err:
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
core.setdefault('inter_vlan_exceptions', []).append(entry)
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/toggle_inter_vlan', methods=['POST'])
@require_level('administrator')
def toggle_inter_vlan():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
items = core.get('inter_vlan_exceptions', [])
if idx < 0 or idx >= len(items):
flash('Entry not found.', 'error')
return redirect(VIEW)
items[idx]['enabled'] = not items[idx].get('enabled', True)
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/edit_inter_vlan', methods=['POST'])
@require_level('administrator')
def edit_inter_vlan():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
entry, err = _parse_entry()
if err:
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
items = core.get('inter_vlan_exceptions', [])
if idx < 0 or idx >= len(items):
flash('Entry not found.', 'error')
return redirect(VIEW)
items[idx] = entry
items[idx]['enabled'] = request.form.get('enabled') == 'on'
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/delete_inter_vlan', methods=['POST'])
@require_level('administrator')
def delete_inter_vlan():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
items = core.get('inter_vlan_exceptions', [])
if idx < 0 or idx >= len(items):
flash('Entry not found.', 'error')
return redirect(VIEW)
items.pop(idx)
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)

65
docker/routlin-dash/app/action_apply_interface.py Normal file
View file

@ -0,0 +1,65 @@
import os
from flask import Blueprint, request, redirect, flash
from auth import require_level
from config_utils import load_core, save_core, verify_core_hash, queued_msg
import sanitize
import validation as validate
bp = Blueprint('action_apply_interface', __name__)
_VIEW = '/view/view_general'
_EXCLUDE_PREFIXES = ('lo', 'wg', 'docker', 'br-', 'veth',
'tun', 'tap', 'ppp', 'virbr',
'podman', 'vnet', 'macvtap', 'fc-')
def _get_system_interfaces():
try:
return {
n for n in os.listdir('/sys/class/net')
if not n.startswith(_EXCLUDE_PREFIXES)
and os.path.exists(f'/sys/class/net/{n}/device')
}
except Exception:
return set()
@bp.route('/action/apply_interface', methods=['POST'])
@require_level('administrator')
def apply_interface():
wan = sanitize.interface_name(request.form.get('wan_interface', ''))
lan = sanitize.interface_name(request.form.get('lan_interface', ''))
if not wan or not lan:
flash('Both WAN and LAN interfaces are required.', 'error')
return redirect(_VIEW)
if wan == lan:
flash('WAN and LAN interfaces must be different.', 'error')
return redirect(_VIEW)
if not verify_core_hash(request.form.get('config_hash', '')):
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
return redirect(_VIEW)
available = _get_system_interfaces()
for iface in (wan, lan):
if available and iface not in available:
flash(f"Interface '{iface}' does not exist on this system.", 'error')
return redirect(_VIEW)
core = load_core()
gen = core.setdefault('general', {})
gen['wan_interface'] = wan
gen['lan_interface'] = lan
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(_VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(_VIEW)

35
docker/routlin-dash/app/action_apply_mdns.py Normal file
View file

@ -0,0 +1,35 @@
from flask import Blueprint, request, redirect, flash
from auth import require_level
from config_utils import load_core, save_core, verify_core_hash, queued_msg
import sanitize
import validation as validate
bp = Blueprint('action_apply_mdns', __name__)
@bp.route('/action/apply_mdns', methods=['POST'])
@require_level('administrator')
def apply_mdns():
mdns_enabled = 'mdns_enabled' in request.form
if not verify_core_hash(request.form.get('config_hash', '')):
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
return redirect('/view/view_mdns')
core = load_core()
mdns_reflect_vlans = sanitize.filterlist(request.form.getlist('mdns_reflect_vlans'),
{v.get('name') for v in core.get('vlans', [])})
core.setdefault('mdns_reflection', {}).update({
'enabled': mdns_enabled,
'reflect_vlans': mdns_reflect_vlans,
})
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect('/view/view_mdns')
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect('/view/view_mdns')

187
docker/routlin-dash/app/action_apply_port_forwarding.py Normal file
View file

@ -0,0 +1,187 @@
from flask import Blueprint, request, redirect, flash
from auth import require_level
from config_utils import load_core, save_core, verify_core_hash, queued_msg
import sanitize
import validation as validate
bp = Blueprint('action_apply_port_forwarding', __name__)
VIEW = '/view/view_port_forwarding'
_VALID_PROTOS_STR = ', '.join(sorted(validate.VALID_PROTOCOLS))
def _row_index():
try:
return int(request.form.get('row_index', ''))
except (ValueError, TypeError):
return None
def _hash_ok():
if not verify_core_hash(request.form.get('config_hash', '')):
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
return False
return True
def _parse_entry():
"""Parse and validate form fields. Returns (entry_dict, None) or (None, already_flashed)."""
description = sanitize.text(request.form.get('description', ''))
protocol = sanitize.filtervalue(request.form.get('protocol', ''), validate.VALID_PROTOCOLS)
dest_port_raw = request.form.get('dest_port', '').strip()
nat_ip_raw = request.form.get('nat_ip', '').strip()
nat_port_raw = request.form.get('nat_port', '').strip()
if not protocol:
flash(f'The configuration has not been saved because the protocol is invalid. '
f'Accepted values: {_VALID_PROTOS_STR}.', 'error')
return None, True
if not dest_port_raw:
flash('The configuration has not been saved because the external port is required.', 'error')
return None, True
dest_port = validate.port(dest_port_raw)
if not dest_port:
flash(f'The configuration has not been saved because "{dest_port_raw}" is not a valid port number (1-65535).', 'error')
return None, True
if not nat_ip_raw:
flash('The configuration has not been saved because the NAT IP address is required.', 'error')
return None, True
nat_ip = validate.ip(nat_ip_raw)
if not nat_ip:
flash(f'The configuration has not been saved because "{nat_ip_raw}" is not a valid IP address.', 'error')
return None, True
if not nat_port_raw:
flash('The configuration has not been saved because the NAT port is required.', 'error')
return None, True
nat_port = validate.port(nat_port_raw)
if not nat_port:
flash(f'The configuration has not been saved because "{nat_port_raw}" is not a valid port number (1-65535).', 'error')
return None, True
return {
'description': description,
'protocol': protocol,
'dest_port': dest_port,
'nat_ip': nat_ip,
'nat_port': nat_port,
'enabled': True,
}, None
@bp.route('/action/add_port_forward', methods=['POST'])
@require_level('administrator')
def add_port_forward():
entry, err = _parse_entry()
if err:
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
core.setdefault('port_forwarding', []).append(entry)
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/toggle_port_forward', methods=['POST'])
@require_level('administrator')
def toggle_port_forward():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
items = core.get('port_forwarding', [])
if idx < 0 or idx >= len(items):
flash('Entry not found.', 'error')
return redirect(VIEW)
items[idx]['enabled'] = not items[idx].get('enabled', True)
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/edit_port_forward', methods=['POST'])
@require_level('administrator')
def edit_port_forward():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
entry, err = _parse_entry()
if err:
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
items = core.get('port_forwarding', [])
if idx < 0 or idx >= len(items):
flash('Entry not found.', 'error')
return redirect(VIEW)
items[idx] = entry
items[idx]['enabled'] = request.form.get('enabled') == 'on'
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/delete_port_forward', methods=['POST'])
@require_level('administrator')
def delete_port_forward():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
items = core.get('port_forwarding', [])
if idx < 0 or idx >= len(items):
flash('Entry not found.', 'error')
return redirect(VIEW)
removed = items.pop(idx)
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)

59
docker/routlin-dash/app/action_apply_upstream_dns.py Normal file
View file

@ -0,0 +1,59 @@
from flask import Blueprint, request, redirect, flash
from auth import require_level
from config_utils import load_core, save_core, verify_core_hash, queued_msg
import sanitize
import validation as validate
bp = Blueprint('action_apply_upstream_dns', __name__)
@bp.route('/action/apply_upstream_dns', methods=['POST'])
@require_level('administrator')
def apply_upstream_dns():
strict_order = 'strict_order' in request.form
cache_size_raw = request.form.get('cache_size', '').strip()
submitted = request.form.getlist('upstream_servers')
for s in submitted:
if not s.strip():
flash('Remove blank server entries before saving.', 'error')
return redirect('/view/view_upstream_dns')
upstream_servers = []
for s in submitted:
clean = sanitize.ip(s.strip())
if not clean:
flash(f"'{s.strip()}' is not a valid IP address.", 'error')
return redirect('/view/view_upstream_dns')
upstream_servers.append(clean)
cache_size = validate.int_range(cache_size_raw, 0, None)
if cache_size is None:
flash('Cache Size must be a non-negative integer.', 'error')
return redirect('/view/view_upstream_dns')
if not verify_core_hash(request.form.get('config_hash', '')):
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
return redirect('/view/view_upstream_dns')
core = load_core()
current = core.get('upstream_dns', {})
if (strict_order == bool(current.get('strict_order', False)) and
cache_size == int(current.get('cache_size', 0)) and
upstream_servers == current.get('upstream_servers', [])):
flash('No changes detected.', 'info')
return redirect('/view/view_upstream_dns')
core.setdefault('upstream_dns', {}).update({
'strict_order': strict_order,
'cache_size': cache_size,
'upstream_servers': upstream_servers,
})
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect('/view/view_upstream_dns')
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect('/view/view_upstream_dns')

210
docker/routlin-dash/app/action_apply_vlans.py Normal file
View file

@ -0,0 +1,210 @@
from flask import Blueprint, request, redirect, flash
from auth import require_level
from config_utils import load_core, save_core, verify_core_hash, queued_msg
import sanitize
import validation as validate
bp = Blueprint('action_apply_vlans', __name__)
VIEW = '/view/view_vlans'
def _row_index():
try:
return int(request.form.get('row_index', ''))
except (ValueError, TypeError):
return None
def _hash_ok():
if not verify_core_hash(request.form.get('config_hash', '')):
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
return False
return True
@bp.route('/action/add_vlan', methods=['POST'])
@require_level('administrator')
def add_vlan():
name = sanitize.name(request.form.get('name', ''))
is_vpn = 'is_vpn' in request.form
subnet = sanitize.ip(request.form.get('subnet', ''))
subnet_mask = sanitize.subnet_mask(request.form.get('subnet_mask', ''))
radius_default = 'radius_default' in request.form
mdns_reflection = 'mdns_reflection' in request.form
use_blocklists = sanitize.filterlist(request.form.getlist('use_blocklists'),
{b.get('name') for b in load_core().get('blocklists', [])})
if not name:
flash('Name is required.', 'error')
return redirect(VIEW)
if not subnet:
flash('Subnet IP is required.', 'error')
return redirect(VIEW)
if subnet_mask is None:
flash('Invalid subnet prefix (must be 1-30).', 'error')
return redirect(VIEW)
vlan_id = validate.derive_vlan_id(subnet, subnet_mask)
if vlan_id is None:
flash('Cannot derive a valid VLAN ID (1-4094) from this subnet/prefix combination.', 'error')
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
vlans = core.setdefault('vlans', [])
if any(validate.derive_vlan_id(v.get('subnet', ''), v.get('subnet_mask', 24)) == vlan_id for v in vlans):
flash(f'VLAN {vlan_id} (derived from subnet) already exists.', 'error')
return redirect(VIEW)
if radius_default and any(v.get('radius_default') for v in vlans):
flash('Only one VLAN can be the RADIUS default.', 'error')
return redirect(VIEW)
entry = {
'name': name,
'is_vpn': is_vpn,
'subnet': subnet,
'subnet_mask': subnet_mask,
'use_blocklists': use_blocklists,
'radius_default': radius_default,
'mdns_reflection': mdns_reflection,
}
if is_vpn:
entry['peers'] = []
else:
entry['reservations'] = []
vlans.append(entry)
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/edit_vlan', methods=['POST'])
@require_level('administrator')
def edit_vlan():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
name = sanitize.name(request.form.get('name', ''))
subnet = sanitize.ip(request.form.get('subnet', ''))
radius_default = 'radius_default' in request.form
mdns_reflection = 'mdns_reflection' in request.form
use_blocklists = sanitize.filterlist(request.form.getlist('use_blocklists'),
{b.get('name') for b in load_core().get('blocklists', [])})
# subnet_mask is only present when the column is visible (not all edit paths send it).
# Validate if submitted; fall back to the stored value otherwise.
subnet_mask_raw = request.form.get('subnet_mask')
if subnet_mask_raw is not None:
subnet_mask = sanitize.subnet_mask(subnet_mask_raw)
if subnet_mask is None:
flash('Invalid subnet prefix (must be 1-30).', 'error')
return redirect(VIEW)
else:
subnet_mask = None # resolved below after loading core
if not name:
flash('Name is required.', 'error')
return redirect(VIEW)
if not subnet:
flash('Subnet IP is required.', 'error')
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
vlans = core.get('vlans', [])
if idx < 0 or idx >= len(vlans):
flash('VLAN not found.', 'error')
return redirect(VIEW)
existing = vlans[idx]
# is_vpn is never changed via edit -- toggling it would invalidate peers/reservations.
is_vpn = existing.get('is_vpn', False)
# Use submitted subnet_mask, or fall back to whatever is already stored.
final_mask = subnet_mask if subnet_mask is not None else existing.get('subnet_mask', 24)
vlan_id = validate.derive_vlan_id(subnet, final_mask)
if vlan_id is None:
flash('Cannot derive a valid VLAN ID (1-4094) from this subnet/prefix combination.', 'error')
return redirect(VIEW)
current_id = validate.derive_vlan_id(existing.get('subnet', ''), existing.get('subnet_mask', 24))
if current_id == 1 and vlan_id != 1:
flash('VLAN 1 is the physical interface; change its subnet so the derived ID remains 1.', 'error')
return redirect(VIEW)
if vlan_id != current_id and any(
validate.derive_vlan_id(v.get('subnet', ''), v.get('subnet_mask', 24)) == vlan_id
for i, v in enumerate(vlans) if i != idx
):
flash(f'VLAN {vlan_id} (derived from subnet) already exists.', 'error')
return redirect(VIEW)
if radius_default and any(i != idx and v.get('radius_default') for i, v in enumerate(vlans)):
flash('Only one VLAN can be the RADIUS default.', 'error')
return redirect(VIEW)
existing.update({
'name': name,
'is_vpn': is_vpn,
'subnet': subnet,
'subnet_mask': final_mask,
'radius_default': radius_default,
'mdns_reflection': mdns_reflection,
'use_blocklists': use_blocklists,
})
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)
@bp.route('/action/delete_vlan', methods=['POST'])
@require_level('administrator')
def delete_vlan():
idx = _row_index()
if idx is None:
flash('Invalid request.', 'error')
return redirect(VIEW)
if not _hash_ok():
return redirect(VIEW)
core = load_core()
vlans = core.get('vlans', [])
if idx < 0 or idx >= len(vlans):
flash('VLAN not found.', 'error')
return redirect(VIEW)
removed = vlans.pop(idx)
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(VIEW)

396
docker/routlin-dash/app/action_apply_vpn.py Normal file
View file

@ -0,0 +1,396 @@
import base64
import ipaddress
import re
from flask import Blueprint, make_response, redirect, flash, request
from auth import require_level
from config_utils import load_core, save_core, verify_core_hash, queued_msg, CONFIGS_DIR, PRODUCT_DISPLAY_NAME
import sanitize
import validation as validate
bp = Blueprint('action_apply_vpn', __name__)
_VIEW = '/view/view_vpn'
_MTU_MIN = 576
_MTU_MAX = 9000
def _wg_vlan(core):
return next((v for v in core.get('vlans', []) if v.get('is_vpn')), None)
def _wg_vlan_by_name(core, name):
return next((v for v in core.get('vlans', []) if v.get('is_vpn') and v.get('name') == name), None)
def _find_peer_by_flat_idx(core, flat_idx):
"""Return (vlan, peer_list_index) by flat index across all VPN VLANs in order."""
i = 0
for vlan in core.get('vlans', []):
if not vlan.get('is_vpn'):
continue
peers = vlan.get('peers', [])
for j in range(len(peers)):
if i == flat_idx:
return vlan, j
i += 1
return None, None
def _wg_iface(vlan, core):
"""Return the WireGuard interface name (wg0, wg1, ...) for a VPN VLAN."""
wg_vlans = [v for v in core.get('vlans', []) if v.get('is_vpn')]
idx = next((i for i, v in enumerate(wg_vlans) if v is vlan), 0)
return f'wg{idx}'
def _row_index():
try:
return int(request.form.get('row_index', ''))
except (ValueError, TypeError):
return None
def _hash_ok():
if not verify_core_hash(request.form.get('config_hash', '')):
flash('Configuration was modified by another session. Please refresh and try again.', 'error')
return False
return True
def _generate_wg_keypair():
"""Generate an X25519 keypair compatible with WireGuard. Returns (private_b64, public_b64)."""
from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey
from cryptography.hazmat.primitives.serialization import (
Encoding, PublicFormat, PrivateFormat, NoEncryption,
)
private = X25519PrivateKey.generate()
priv_raw = private.private_bytes(Encoding.Raw, PrivateFormat.Raw, NoEncryption())
pub_raw = private.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)
return base64.b64encode(priv_raw).decode(), base64.b64encode(pub_raw).decode()
def _server_pubkey(iface):
"""Read the server public key written by core.py --apply."""
try:
with open(f'{CONFIGS_DIR}/.wg-{iface}.pub') as f:
return f.read().strip()
except OSError:
return None
def _build_client_conf(vlan, peer_name, peer_ip, private_key, server_pubkey):
"""Build WireGuard client .conf content."""
info = vlan.get('vpn_information', {})
overrides = info.get('explicit_overrides', {})
subnet = vlan.get('subnet', '')
mask = vlan.get('subnet_mask', '')
network = ipaddress.IPv4Network(f'{subnet}/{mask}', strict=False)
ident_ips = [s['ip'] for s in vlan.get('server_identities', []) if s.get('ip')]
default = str(min((ipaddress.IPv4Address(ip) for ip in ident_ips),
key=lambda x: x.packed[-1])) if ident_ips else str(next(network.hosts()))
gateway = overrides.get('gateway') or default
dns = overrides.get('dns_server') or gateway
prefix = network.prefixlen
mtu = overrides.get('mtu', '')
endpoint = info.get('server_endpoint', '')
listen_port = info.get('listen_port', 51820)
split_tunnel = next(
(p.get('split_tunnel', False) for p in vlan.get('peers', []) if p.get('name') == peer_name),
False
)
allowed_ips = f'{subnet}/{prefix}' if split_tunnel else '0.0.0.0/0'
lines = [
f'# Generated by {PRODUCT_DISPLAY_NAME}',
'',
'[Interface]',
f'PrivateKey = {private_key}',
f'Address = {peer_ip}/{prefix}',
f'DNS = {dns}',
]
if mtu:
lines.append(f'MTU = {mtu}')
lines += ['', '[Peer]', f'PublicKey = {server_pubkey}']
if endpoint:
lines.append(f'Endpoint = {endpoint}:{listen_port}')
lines += [f'AllowedIPs = {allowed_ips}', 'PersistentKeepalive = 25', '']
return '\n'.join(lines)
def _conf_response(vlan, peer_name, peer_ip, private_key):
"""Return a .conf file download response, or redirect with error if pubkey unavailable."""
core = load_core()
iface = _wg_iface(vlan, core)
server_pub = _server_pubkey(iface)
if not server_pub:
flash('Peer saved. Run sudo python3 ~/routlin/core.py --apply to generate the server '
'public key, then regenerate this peer to download the client config.', 'warning')
return redirect(_VIEW)
conf = _build_client_conf(vlan, peer_name, peer_ip, private_key, server_pub)
safe = re.sub(r'[^A-Za-z0-9_\-]', '_', peer_name)
resp = make_response(conf)
resp.headers['Content-Type'] = 'text/plain; charset=utf-8'
resp.headers['Content-Disposition'] = f'attachment; filename="vpn-client-{safe}.conf"'
return resp
@bp.route('/action/apply_vpn', methods=['POST'])
@require_level('administrator')
def apply_vpn():
listen_port_raw = request.form.get('vpn_listen_port', '').strip()
server_endpoint = validate.domainname(request.form.get('vpn_server_endpoint', ''))
domain = validate.domainname(request.form.get('vpn_domain', ''))
dns_raw = request.form.get('vpn_dns_server', '').strip()
mtu_raw = request.form.get('vpn_mtu', '').strip()
if not listen_port_raw:
flash('Listen port is required.', 'error')
return redirect(_VIEW)
listen_port = validate.int_range(listen_port_raw, 1, 65535)
if listen_port is None:
flash(f'"{listen_port_raw}" is not a valid port number (1-65535).', 'error')
return redirect(_VIEW)
dns_server = ''
if dns_raw:
dns_server = validate.ip(dns_raw)
if not dns_server:
flash(f'"{dns_raw}" is not a valid IP address for DNS server.', 'error')
return redirect(_VIEW)
mtu = None
if mtu_raw:
mtu = validate.int_range(mtu_raw, _MTU_MIN, _MTU_MAX)
if mtu is None:
flash(f'"{mtu_raw}" is not a valid MTU (must be {_MTU_MIN}-{_MTU_MAX}).', 'error')
return redirect(_VIEW)
if not _hash_ok():
return redirect(_VIEW)
core = load_core()
vpn_vlan = _wg_vlan(core)
if vpn_vlan is None:
flash('No WireGuard VLAN found in configuration.', 'error')
return redirect(_VIEW)
for v in core.get('vlans', []):
if v.get('is_vpn') and v is not vpn_vlan and v.get('vpn_information', {}).get('listen_port') == listen_port:
flash(f'Listen port {listen_port} is already used by another VPN VLAN.', 'error')
return redirect(_VIEW)
info = vpn_vlan.setdefault('vpn_information', {})
info['listen_port'] = listen_port
info['server_endpoint'] = server_endpoint
info['domain'] = domain
overrides = info.setdefault('explicit_overrides', {})
if dns_server:
overrides['dns_server'] = dns_server
else:
overrides.pop('dns_server', None)
if mtu is not None:
overrides['mtu'] = mtu
else:
overrides.pop('mtu', None)
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(_VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(_VIEW)
@bp.route('/action/add_vpn_peer', methods=['POST'])
@require_level('administrator')
def add_vpn_peer():
peer_name = sanitize.name(request.form.get('peer_name', ''))
peer_vlan_nm = request.form.get('peer_vlan', '').strip()
peer_ip_raw = request.form.get('peer_ip', '').strip()
split_tunnel = 'split_tunnel' in request.form
enabled = 'enabled' in request.form
if not peer_name:
flash('Peer name is required.', 'error')
return redirect(_VIEW)
if not peer_vlan_nm:
flash('Assigned VLAN is required.', 'error')
return redirect(_VIEW)
peer_ip = validate.ip(peer_ip_raw)
if not peer_ip:
flash(f'"{peer_ip_raw}" is not a valid IP address.', 'error')
return redirect(_VIEW)
if not _hash_ok():
return redirect(_VIEW)
core = load_core()
vpn_vlan = _wg_vlan_by_name(core, peer_vlan_nm)
if vpn_vlan is None:
flash(f'VPN VLAN "{peer_vlan_nm}" not found.', 'error')
return redirect(_VIEW)
try:
network = ipaddress.IPv4Network(f"{vpn_vlan['subnet']}/{vpn_vlan['subnet_mask']}", strict=False)
if ipaddress.IPv4Address(peer_ip) not in network:
flash(f'{peer_ip} is not within the subnet {vpn_vlan["subnet"]}/{vpn_vlan["subnet_mask"]} of {peer_vlan_nm}.', 'error')
return redirect(_VIEW)
except Exception:
pass
peers = vpn_vlan.setdefault('peers', [])
if any(p.get('name') == peer_name for p in peers):
flash(f'A peer named "{peer_name}" already exists.', 'error')
return redirect(_VIEW)
for v in core.get('vlans', []):
if not v.get('is_vpn'):
continue
if any(p.get('ip') == peer_ip for p in v.get('peers', [])):
flash(f'IP address {peer_ip} is already assigned to another peer.', 'error')
return redirect(_VIEW)
private_key, public_key = _generate_wg_keypair()
peers.append({
'name': peer_name,
'ip': peer_ip,
'public_key': public_key,
'split_tunnel': split_tunnel,
'enabled': enabled,
})
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(_VIEW)
save_core(core)
return _conf_response(vpn_vlan, peer_name, peer_ip, private_key)
@bp.route('/action/edit_vpn_peer', methods=['POST'])
@require_level('administrator')
def edit_vpn_peer():
flat_idx = _row_index()
if flat_idx is None:
flash('Invalid request.', 'error')
return redirect(_VIEW)
peer_name = sanitize.name(request.form.get('name', ''))
split_tunnel = request.form.get('split_tunnel') in ('true', '1', 'on', 'yes')
enabled = request.form.get('enabled') not in ('false', '0', '')
if not peer_name:
flash('Peer name is required.', 'error')
return redirect(_VIEW)
if not _hash_ok():
return redirect(_VIEW)
core = load_core()
vlan, peer_idx = _find_peer_by_flat_idx(core, flat_idx)
if vlan is None:
flash('Peer not found.', 'error')
return redirect(_VIEW)
peers = vlan.get('peers', [])
if any(j != peer_idx and p.get('name') == peer_name for j, p in enumerate(peers)):
flash(f'A peer named "{peer_name}" already exists.', 'error')
return redirect(_VIEW)
peers[peer_idx].update({'name': peer_name, 'split_tunnel': split_tunnel, 'enabled': enabled})
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(_VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(_VIEW)
@bp.route('/action/toggle_vpn_peer', methods=['POST'])
@require_level('administrator')
def toggle_vpn_peer():
flat_idx = _row_index()
if flat_idx is None:
flash('Invalid request.', 'error')
return redirect(_VIEW)
if not _hash_ok():
return redirect(_VIEW)
core = load_core()
vlan, peer_idx = _find_peer_by_flat_idx(core, flat_idx)
if vlan is None:
flash('Peer not found.', 'error')
return redirect(_VIEW)
peers = vlan.get('peers', [])
peers[peer_idx]['enabled'] = not peers[peer_idx].get('enabled', True)
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(_VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(_VIEW)
@bp.route('/action/delete_vpn_peer', methods=['POST'])
@require_level('administrator')
def delete_vpn_peer():
flat_idx = _row_index()
if flat_idx is None:
flash('Invalid request.', 'error')
return redirect(_VIEW)
if not _hash_ok():
return redirect(_VIEW)
core = load_core()
vlan, peer_idx = _find_peer_by_flat_idx(core, flat_idx)
if vlan is None:
flash('Peer not found.', 'error')
return redirect(_VIEW)
vlan.get('peers', []).pop(peer_idx)
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(_VIEW)
save_core(core)
flash(queued_msg('core apply'), 'success')
return redirect(_VIEW)
@bp.route('/action/regenerate_vpn_peer', methods=['POST'])
@require_level('administrator')
def regenerate_vpn_peer():
flat_idx = _row_index()
if flat_idx is None:
flash('Invalid request.', 'error')
return redirect(_VIEW)
if not _hash_ok():
return redirect(_VIEW)
core = load_core()
vlan, peer_idx = _find_peer_by_flat_idx(core, flat_idx)
if vlan is None:
flash('Peer not found.', 'error')
return redirect(_VIEW)
private_key, public_key = _generate_wg_keypair()
peer = vlan['peers'][peer_idx]
peer['public_key'] = public_key
errors = validate.validate_config(core)
if errors:
for msg in errors:
flash(msg, 'error')
return redirect(_VIEW)
save_core(core)
return _conf_response(vlan, peer['name'], peer['ip'], private_key)

64
docker/routlin-dash/app/action_change_password.py Normal file
View file

@ -0,0 +1,64 @@
from flask import Blueprint, request, session, redirect, flash
import json, bcrypt
from auth import require_level
bp = Blueprint('action_change_password', __name__)
DATA_DIR = '/data'
ACCOUNTS_FILE = f'{DATA_DIR}/authorized_accounts.json'
def _load_accounts():
try:
with open(ACCOUNTS_FILE) as f:
return json.load(f)
except Exception:
return {'accounts': []}
def _save_accounts(data):
with open(ACCOUNTS_FILE, 'w') as f:
json.dump(data, f, indent=2)
@bp.route('/action/change_password', methods=['POST'])
@require_level('viewer')
def change_password():
current_password = request.form.get('current_password', '')
new_password = request.form.get('new_password', '')
confirm_password = request.form.get('confirm_password', '')
if not current_password or not new_password or not confirm_password:
flash('All fields are required.', 'error')
return redirect('/view/view_preferences')
if new_password != confirm_password:
flash('New passwords do not match.', 'error')
return redirect('/view/view_preferences')
if len(new_password) < 8:
flash('New password must be at least 8 characters.', 'error')
return redirect('/view/view_preferences')
email = session.get('email_address', '').lower()
data = _load_accounts()
accounts = data.get('accounts', [])
account = next((a for a in accounts if a.get('email_address', '').lower() == email), None)
if account is None:
flash('Account not found. Please log in again.', 'error')
return redirect('/view/view_log_in')
stored_hash = account.get('hashed_password', '').encode('utf-8')
if not bcrypt.checkpw(current_password.encode('utf-8'), stored_hash):
flash('Current password is incorrect.', 'error')
return redirect('/view/view_preferences')
salt = bcrypt.gensalt()
hashed = bcrypt.hashpw(new_password.encode('utf-8'), salt)
account['hashed_password'] = hashed.decode('utf-8')
account['salt'] = salt.decode('utf-8')
_save_accounts(data)
flash('Password changed successfully.', 'success')
return redirect('/view/view_preferences')

17
docker/routlin-dash/app/action_clear_ddns_log.py Normal file
View file

@ -0,0 +1,17 @@
from flask import Blueprint, redirect, flash
from auth import require_level
bp = Blueprint('action_clear_ddns_log', __name__)
LOG_FILE = '/configs/ddns.log'
@bp.route('/action/clear_ddns_log', methods=['POST'])
@require_level('administrator')
def clear_ddns_log():
try:
open(LOG_FILE, 'w').close()
flash('DDNS log cleared.', 'success')
except Exception as ex:
flash(f'Could not clear log: {ex}', 'error')
return redirect('/view/view_ddns')

107
docker/routlin-dash/app/action_create_account.py Normal file
View file

@ -0,0 +1,107 @@
from flask import Blueprint, request, session, redirect, flash
import json, os, bcrypt, secrets, smtplib
from datetime import datetime, timezone, timedelta
from email.message import EmailMessage
from auth import require_level
from config_utils import PRODUCT_DISPLAY_NAME
import sanitize
bp = Blueprint('action_create_account', __name__)
DATA_DIR = '/data'
ACCOUNTS_FILE = f'{DATA_DIR}/authorized_accounts.json'
CODE_TTL_MIN = 15
def _load_accounts():
try:
with open(ACCOUNTS_FILE) as f:
return json.load(f)
except Exception:
return {'accounts': []}
def _send_verification_email(to_address, code):
host = os.environ.get('SMTP_HOST', '')
port = int(os.environ.get('SMTP_PORT', 587))
user = os.environ.get('SMTP_USER', '')
password = os.environ.get('SMTP_PASSWORD', '')
from_addr = os.environ.get('SMTP_FROM', user)
if not host:
raise RuntimeError('SMTP_HOST is not configured.')
msg = EmailMessage()
msg['Subject'] = f'{PRODUCT_DISPLAY_NAME} - Email Verification'
msg['From'] = from_addr
msg['To'] = to_address
msg.set_content(
f'Your verification code is: {code}\n\n'
f'This code expires in {CODE_TTL_MIN} minutes.\n\n'
f'If you did not request this, you can ignore this email.'
)
with smtplib.SMTP(host, port) as smtp:
smtp.ehlo()
if port != 465:
smtp.starttls()
if user and password:
smtp.login(user, password)
smtp.send_message(msg)
@bp.route('/action/create_account', methods=['POST'])
@require_level('nothing')
def create_account():
# Abort if already logged in
if session.get('access_level', 'nothing') != 'nothing':
return redirect('/view/view_overview')
email = sanitize.email(request.form.get('email', ''))
password = request.form.get('password', '')
password_confirm = request.form.get('password_confirm', '')
tz = sanitize.timezone(request.form.get('timezone', '').strip())
if not email or not password or not password_confirm or not tz:
flash('All fields are required.', 'error')
return redirect('/view/view_create_account')
if password != password_confirm:
flash('Passwords do not match.', 'error')
return redirect('/view/view_create_account')
if len(password) < 8:
flash('Password must be at least 8 characters.', 'error')
return redirect('/view/view_create_account')
accounts = _load_accounts().get('accounts', [])
account = next((a for a in accounts if a.get('email_address', '').lower() == email), None)
if account is None:
flash('Email address not recognised. Contact your manager.', 'error')
return redirect('/view/view_create_account')
if account.get('hashed_password'):
flash('This account is already set up. Please log in instead.', 'error')
return redirect('/view/view_create_account')
salt = bcrypt.gensalt()
hashed = bcrypt.hashpw(password.encode('utf-8'), salt)
code = f'{secrets.randbelow(1000000):06d}'
expires = (datetime.now(tz=timezone.utc) + timedelta(minutes=CODE_TTL_MIN)).isoformat()
try:
_send_verification_email(account['email_address'], code)
except Exception as exc:
flash(f'Could not send verification email: {exc}', 'error')
return redirect('/view/view_create_account')
session['pending_create_account'] = {
'email': account['email_address'],
'hashed_password': hashed.decode('utf-8'),
'timezone': tz,
'code': code,
'expires': expires,
}
return redirect('/view/view_verify_email')

51
docker/routlin-dash/app/action_delete_account.py Normal file
View file

@ -0,0 +1,51 @@
from flask import Blueprint, request, session, redirect, flash
import json
from auth import require_level
bp = Blueprint('action_delete_account', __name__)
DATA_DIR = '/data'
ACCOUNTS_FILE = f'{DATA_DIR}/authorized_accounts.json'
def _load_accounts():
try:
with open(ACCOUNTS_FILE) as f:
return json.load(f)
except Exception:
return {'accounts': []}
def _save_accounts(data):
with open(ACCOUNTS_FILE, 'w') as f:
json.dump(data, f, indent=2)
@bp.route('/action/delete_account', methods=['POST'])
@require_level('manager')
def delete_account():
try:
row_index = int(request.form.get('row_index', ''))
except (ValueError, TypeError):
flash('Invalid request.', 'error')
return redirect('/view/view_manage_accounts')
data = _load_accounts()
accounts = data.get('accounts', [])
if row_index < 0 or row_index >= len(accounts):
flash('Account not found.', 'error')
return redirect('/view/view_manage_accounts')
target = accounts[row_index]
if target.get('email_address', '').lower() == session.get('email_address', '').lower():
flash('You cannot remove your own account.', 'error')
return redirect('/view/view_manage_accounts')
removed_email = target.get('email_address', '')
accounts.pop(row_index)
data['accounts'] = accounts
_save_accounts(data)
flash(f'Account for {removed_email} has been removed.', 'success')
return redirect('/view/view_manage_accounts')

55
docker/routlin-dash/app/action_log_in.py Normal file
View file

@ -0,0 +1,55 @@
from flask import Blueprint, request, session, redirect, flash
import json, bcrypt
from auth import require_level
import sanitize
bp = Blueprint('action_log_in', __name__)
DATA_DIR = '/data'
def _load_accounts():
try:
with open(f'{DATA_DIR}/authorized_accounts.json') as f:
return json.load(f)
except Exception:
return {'accounts': []}
@bp.route('/action/log_in', methods=['POST'])
@require_level('nothing')
def log_in():
# Abort if already logged in
if session.get('access_level', 'nothing') != 'nothing':
return redirect('/view/view_overview')
email = sanitize.email(request.form.get('email', ''))
password = request.form.get('password', '')
if not email or not password:
flash('Email address and password are required.', 'error')
return redirect('/view/view_log_in')
accounts = _load_accounts().get('accounts', [])
account = next((a for a in accounts if a.get('email_address', '').lower() == email), None)
if account is None:
flash('Email address not recognised.', 'error')
return redirect('/view/view_log_in')
if not account.get('hashed_password'):
flash('Account setup is not complete. Please use Create Account to set your password first.', 'error')
return redirect('/view/view_log_in')
stored_hash = account['hashed_password'].encode('utf-8')
if not bcrypt.checkpw(password.encode('utf-8'), stored_hash):
flash('Invalid email address or password.', 'error')
return redirect('/view/view_log_in')
session.clear()
session['email_address'] = account['email_address']
session['access_level'] = account.get('access_level', 'viewer')
session['timezone'] = account.get('timezone', '')
session.permanent = True
return redirect('/view/view_overview')

11
docker/routlin-dash/app/action_log_out.py Normal file
View file

@ -0,0 +1,11 @@
from flask import Blueprint, session, redirect
from auth import require_level
bp = Blueprint('action_log_out', __name__)
@bp.route('/action/log_out', methods=['POST'])
@require_level('viewer')
def log_out():
session.clear()
return redirect('/view/view_overview')

48
docker/routlin-dash/app/action_save_preferences.py Normal file
View file

@ -0,0 +1,48 @@
from flask import Blueprint, request, session, redirect, flash
import json
from auth import require_level
import sanitize
bp = Blueprint('action_save_preferences', __name__)
DATA_DIR = '/data'
ACCOUNTS_FILE = f'{DATA_DIR}/authorized_accounts.json'
def _load_accounts():
try:
with open(ACCOUNTS_FILE) as f:
return json.load(f)
except Exception:
return {'accounts': []}
def _save_accounts(data):
with open(ACCOUNTS_FILE, 'w') as f:
json.dump(data, f, indent=2)
@bp.route('/action/save_preferences', methods=['POST'])
@require_level('viewer')
def save_preferences():
tz = sanitize.timezone(request.form.get('timezone', '').strip())
if not tz:
flash('Timezone is required.', 'error')
return redirect('/view/view_preferences')
email = session.get('email_address', '').lower()
data = _load_accounts()
accounts = data.get('accounts', [])
account = next((a for a in accounts if a.get('email_address', '').lower() == email), None)
if account is None:
flash('Account not found. Please log in again.', 'error')
return redirect('/view/view_log_in')
account['timezone'] = tz
_save_accounts(data)
session['timezone'] = tz
flash('Preferences saved.', 'success')
return redirect('/view/view_preferences')

113
docker/routlin-dash/app/action_verify_email.py Normal file
View file

@ -0,0 +1,113 @@
from flask import Blueprint, request, session, redirect, flash
import json, os, secrets
from datetime import datetime, timezone, timedelta
from auth import require_level
bp = Blueprint('action_verify_email', __name__)
DATA_DIR = '/data'
ACCOUNTS_FILE = f'{DATA_DIR}/authorized_accounts.json'
def _load_accounts():
try:
with open(ACCOUNTS_FILE) as f:
return json.load(f)
except Exception:
return {'accounts': []}
def _save_accounts(data):
with open(ACCOUNTS_FILE, 'w') as f:
json.dump(data, f, indent=2)
@bp.route('/action/verify_email', methods=['POST'])
@require_level('nothing')
def verify_email():
# Abort if already logged in
if session.get('access_level', 'nothing') != 'nothing':
return redirect('/view/view_overview')
pending = session.get('pending_create_account')
if not pending:
flash('No pending account creation found. Please start over.', 'error')
return redirect('/view/view_create_account')
expires = datetime.fromisoformat(pending['expires'])
if datetime.now(tz=timezone.utc) > expires:
session.pop('pending_create_account', None)
flash('Verification code has expired. Please start over.', 'error')
return redirect('/view/view_create_account')
submitted = request.form.get('code', '').strip()
if submitted != pending['code']:
flash('Incorrect verification code.', 'error')
return redirect('/view/view_verify_email')
data = _load_accounts()
accounts = data.get('accounts', [])
account = next(
(a for a in accounts if a.get('email_address', '').lower() == pending['email'].lower()),
None
)
if account is None:
session.pop('pending_create_account', None)
flash('Account no longer exists. Contact your manager.', 'error')
return redirect('/view/view_create_account')
if account.get('hashed_password'):
session.pop('pending_create_account', None)
flash('This account is already set up. Please log in.', 'error')
return redirect('/view/view_log_in')
now = datetime.now(tz=timezone.utc).strftime('%Y-%m-%dT%H:%M:%SZ')
account['hashed_password'] = pending['hashed_password']
account['timezone'] = pending['timezone']
if not account.get('account_created_utc'):
account['account_created_utc'] = now
if not account.get('account_created_by'):
account['account_created_by'] = 'self'
_save_accounts(data)
session.pop('pending_create_account', None)
session['email_address'] = account['email_address']
session['access_level'] = account.get('access_level', 'viewer')
session['timezone'] = pending['timezone']
session.permanent = True
return redirect('/view/view_overview')
@bp.route('/action/resend_verification')
@require_level('nothing')
def resend_verification():
# Abort if already logged in
if session.get('access_level', 'nothing') != 'nothing':
return redirect('/view/view_overview')
from action_create_account import _send_verification_email, CODE_TTL_MIN
pending = session.get('pending_create_account')
if not pending:
flash('No pending account creation found. Please start over.', 'error')
return redirect('/view/view_create_account')
code = f'{secrets.randbelow(1000000):06d}'
expires = (datetime.now(tz=timezone.utc) + timedelta(minutes=CODE_TTL_MIN)).isoformat()
try:
_send_verification_email(pending['email'], code)
except Exception as exc:
flash(f'Could not resend verification email: {exc}', 'error')
return redirect('/view/view_verify_email')
pending['code'] = code
pending['expires'] = expires
session['pending_create_account'] = pending
flash('A new verification code has been sent.', 'success')
return redirect('/view/view_verify_email')

28
docker/routlin-dash/app/api_apply_status.py Normal file
View file

@ -0,0 +1,28 @@
from flask import Blueprint, request, jsonify
from auth import require_level
from config_utils import (
_load_done_set, _is_locked, _lock_mtime,
_seconds_until_next_run, _entry_ts_from_queue,
)
bp = Blueprint('api_apply_status', __name__)
@bp.route('/api/apply-status')
@require_level('viewer')
def apply_status():
entry_uuid = request.args.get('uuid', '')
if not entry_uuid:
return jsonify({'status': 'unknown'})
if entry_uuid in _load_done_set():
return jsonify({'status': 'complete'})
if _is_locked():
mtime = _lock_mtime()
entry_ts = _entry_ts_from_queue(entry_uuid)
if mtime and entry_ts is not None and entry_ts < mtime:
return jsonify({'status': 'running'})
return jsonify({'status': 'pending', 'next_in': None})
return jsonify({'status': 'pending', 'next_in': _seconds_until_next_run()})

21
docker/routlin-dash/app/auth.py Normal file
View file

@ -0,0 +1,21 @@
from flask import session, redirect, flash
from functools import wraps
LEVEL_RANK = {'nothing': 0, 'viewer': 1, 'administrator': 2, 'manager': 3}
def require_level(minimum):
"""Decorator that enforces a minimum access level on an action route."""
def decorator(f):
@wraps(f)
def wrapper(*args, **kwargs):
current = session.get('access_level', 'nothing')
if LEVEL_RANK.get(current, 0) < LEVEL_RANK.get(minimum, 0):
if current == 'nothing':
flash('Please log in to continue.', 'error')
return redirect('/view/view_log_in')
flash('You do not have permission to perform this action.', 'error')
return redirect('/view/view_overview')
return f(*args, **kwargs)
return wrapper
return decorator

205
docker/routlin-dash/app/config_utils.py Normal file
View file

@ -0,0 +1,205 @@
import json, subprocess, hashlib, os, uuid
from datetime import datetime, timezone
from flask import session
CONFIGS_DIR = '/configs'
CORE_FILE = f'{CONFIGS_DIR}/core.json'
DASHBOARD_QUEUE = f'{CONFIGS_DIR}/.dashboard-queue'
DASHBOARD_DONE = f'{CONFIGS_DIR}/.dashboard-done'
DASHBOARD_LAST_RUN = f'{CONFIGS_DIR}/.dashboard-last-run'
DASHBOARD_LOCK = f'{CONFIGS_DIR}/.dashboard-lock'
DASHB_TIMER_NAME = 'routlin-dashboard-queue'
PRODUCT_DISPLAY_NAME = os.environ.get('PRODUCT_DISPLAY_NAME', 'Routlin Dashboard')
DASHB_INTERVAL_SECS = 60
QUEUE_MAX_LINES = 50
def load_core():
try:
with open(CORE_FILE) as f:
return json.load(f)
except Exception:
return {}
def save_core(data):
with open(CORE_FILE, 'w') as f:
json.dump(data, f, indent=2)
def core_hash():
try:
with open(CORE_FILE, 'rb') as f:
return hashlib.md5(f.read()).hexdigest()
except Exception:
return ''
def verify_core_hash(submitted):
if not submitted:
return True
return submitted == core_hash()
def _load_done_set():
try:
done = set()
for line in open(DASHBOARD_DONE).read().splitlines():
parts = line.split()
if parts:
done.add(parts[0])
return done
except Exception:
return set()
def _read_pending(done_set):
pending = []
try:
lines = open(DASHBOARD_QUEUE).read().splitlines()
except Exception:
return pending
for line in lines:
try:
parts = line.split(None, 3)
if len(parts) == 4:
entry_uuid, entry_ts, _dt, rest = parts
cmd_user = rest.rsplit(' (', 1)
entry_cmd = cmd_user[0].strip('[]')
entry_user = cmd_user[1].rstrip(')') if len(cmd_user) == 2 else ''
if entry_uuid not in done_set:
pending.append((entry_uuid, int(entry_ts), entry_cmd, entry_user))
except Exception:
pass
return pending
def get_pending_entries():
return _read_pending(_load_done_set())
def _format_timing(secs):
if secs is None:
return None
if secs <= 5:
return 'momentarily'
if secs < 60:
return f'in about {secs} seconds'
mins = round(secs / 60)
return f'in about {mins} minute{"s" if mins != 1 else ""}'
def _trim_if_needed():
try:
lines = [l for l in open(DASHBOARD_QUEUE).read().splitlines() if l]
if len(lines) <= QUEUE_MAX_LINES:
return
done_set = _load_done_set()
pending = [l for l in lines if l.split()[0] not in done_set]
with open(DASHBOARD_QUEUE, 'w') as f:
f.write('\n'.join(pending) + ('\n' if pending else ''))
open(DASHBOARD_DONE, 'w').close()
except Exception:
pass
def _queue_command(cmd):
done_set = _load_done_set()
pending = _read_pending(done_set)
current_user = session.get('email_address', 'unknown')
for entry_uuid, entry_ts, entry_cmd, entry_user in pending:
if entry_cmd == cmd and entry_user == current_user:
return entry_uuid, entry_ts
entry_uuid = str(uuid.uuid4())
now = datetime.now()
entry_ts = int(now.timestamp())
dt_str = now.strftime('%Y-%m-%dT%H:%M:%S')
user = session.get('email_address', 'unknown')
with open(DASHBOARD_QUEUE, 'a') as f:
f.write(f'{entry_uuid} {entry_ts} {dt_str} [{cmd}] ({user})\n')
_trim_if_needed()
return entry_uuid, entry_ts
def _entry_ts_from_queue(entry_uuid):
try:
for line in open(DASHBOARD_QUEUE).read().splitlines():
parts = line.split(None, 2)
if len(parts) >= 2 and parts[0] == entry_uuid:
return int(parts[1])
except Exception:
pass
return None
def _seconds_until_next_run():
try:
last_run = float(open(DASHBOARD_LAST_RUN).read().strip())
elapsed = datetime.now(timezone.utc).timestamp() - last_run
return int(max(0, DASHB_INTERVAL_SECS - elapsed))
except Exception:
return None
def _is_locked():
try:
return os.path.getsize(DASHBOARD_LOCK) > 0
except Exception:
return False
def _lock_mtime():
try:
return os.path.getmtime(DASHBOARD_LOCK)
except Exception:
return None
def queue_command(cmd):
"""Queue a command without generating a flash message."""
return _queue_command(cmd)
def queued_msg(cmd=None):
"""Queue cmd if given, then return a timing message.
Without cmd, just returns timing (for commands already queued by the caller)."""
entry_ts = None
if cmd is not None:
_entry_uuid, entry_ts = queue_command(cmd)
if _is_locked():
mtime = _lock_mtime()
if entry_ts is not None and mtime and entry_ts < mtime:
return 'Configuration saved. Changes are being applied now.'
return 'Configuration saved. Changes will be applied on the next run.'
timing = _format_timing(_seconds_until_next_run())
if timing:
return f'Configuration saved. Changes will be applied {timing}.'
if cmd is None:
return 'Changes queued. The processing service is not running.'
parts = cmd.split()
cli_cmd = f'sudo python3 {parts[0]}.py --{parts[1]}' if len(parts) == 2 else cmd
install_cmd = f'sudo python3 {parts[0]}.py --install' if len(parts) >= 1 else 'core.py --install'
from markupsafe import Markup
return Markup(f'Configuration saved. The command processing service is not installed. '
f'Run <strong>{install_cmd}</strong> to enable it, '
f'or <strong>{cli_cmd}</strong> to apply manually.')
def run_apply():
try:
subprocess.run(
['python3', f'{CONFIGS_DIR}/core.py', '--apply'],
capture_output=True, timeout=30
)
except Exception:
pass
def run_update_blocklists():
try:
subprocess.run(
['python3', f'{CONFIGS_DIR}/core.py', '--update-blocklists'],
capture_output=True, timeout=120
)
except Exception:
pass

90
docker/routlin-dash/app/main.py Normal file
View file

@ -0,0 +1,90 @@
import os, json, sys
from flask import Flask
from view_page import bp as view_page_bp
from action_apply_general import bp as action_apply_general_bp
from action_apply_upstream_dns import bp as action_apply_upstream_dns_bp
from action_apply_mdns import bp as action_apply_mdns_bp
from action_apply_vpn import bp as action_apply_vpn_bp
from action_apply_banned_ips import bp as action_apply_banned_ips_bp
from action_apply_host_overrides import bp as action_apply_host_overrides_bp
from action_apply_blocklists import bp as action_apply_blocklists_bp
from action_apply_vlans import bp as action_apply_vlans_bp
from action_apply_inter_vlan import bp as action_apply_inter_vlan_bp
from action_apply_port_forwarding import bp as action_apply_port_forwarding_bp
from action_apply_dhcp_reservations import bp as action_apply_dhcp_reservations_bp
from action_create_account import bp as action_create_account_bp
from action_log_in import bp as action_log_in_bp
from action_log_out import bp as action_log_out_bp
from action_verify_email import bp as action_verify_email_bp
from action_add_account import bp as action_add_account_bp
from action_delete_account import bp as action_delete_account_bp
from action_save_preferences import bp as action_save_preferences_bp
from action_change_password import bp as action_change_password_bp
from action_clear_ddns_log import bp as action_clear_ddns_log_bp
from action_apply_ddns_providers import bp as action_apply_ddns_providers_bp
from action_apply_interface import bp as action_apply_interface_bp
from action_apply_iface_config import bp as action_apply_iface_config_bp
from api_apply_status import bp as api_apply_status_bp
app = Flask(__name__)
app.secret_key = os.environ.get('SECRET_KEY', os.urandom(24))
app.register_blueprint(view_page_bp)
app.register_blueprint(action_apply_general_bp)
app.register_blueprint(action_apply_upstream_dns_bp)
app.register_blueprint(action_apply_mdns_bp)
app.register_blueprint(action_apply_vpn_bp)
app.register_blueprint(action_apply_banned_ips_bp)
app.register_blueprint(action_apply_host_overrides_bp)
app.register_blueprint(action_apply_blocklists_bp)
app.register_blueprint(action_apply_vlans_bp)
app.register_blueprint(action_apply_inter_vlan_bp)
app.register_blueprint(action_apply_port_forwarding_bp)
app.register_blueprint(action_apply_dhcp_reservations_bp)
app.register_blueprint(action_create_account_bp)
app.register_blueprint(action_log_in_bp)
app.register_blueprint(action_log_out_bp)
app.register_blueprint(action_verify_email_bp)
app.register_blueprint(action_add_account_bp)
app.register_blueprint(action_delete_account_bp)
app.register_blueprint(action_save_preferences_bp)
app.register_blueprint(action_change_password_bp)
app.register_blueprint(action_clear_ddns_log_bp)
app.register_blueprint(action_apply_ddns_providers_bp)
app.register_blueprint(action_apply_interface_bp)
app.register_blueprint(action_apply_iface_config_bp)
app.register_blueprint(api_apply_status_bp)
def _seed_initial_account():
email = os.environ.get('INITIAL_MANAGER_EMAIL', '').strip().lower()
if not email:
try:
with open(accounts_file) as f:
data = json.load(f)
except Exception:
data = {'accounts': []}
if not data.get('accounts'):
print('[main] WARNING: No accounts exist and INITIAL_MANAGER_EMAIL is not set. '
'Set it in docker-compose.yml to seed the initial manager account.', file=sys.stderr)
return
accounts_file = '/data/authorized_accounts.json'
try:
with open(accounts_file) as f:
data = json.load(f)
except Exception:
data = {'accounts': []}
if data.get('accounts'):
return
data['accounts'] = [{
'email_address': email,
'access_level': 'manager',
'hashed_password': '',
'timezone': '',
}]
with open(accounts_file, 'w') as f:
json.dump(data, f, indent=2)
print(f'[main] Seeded initial manager account: {email}', file=sys.stderr)
_seed_initial_account()
if __name__ == "__main__":
app.run(host="0.0.0.0", port=25327)

224
docker/routlin-dash/app/sanitize.py Normal file
View file

@ -0,0 +1,224 @@
import re
import ipaddress
# Curated IANA timezone list for the dropdown. Validation accepts any entry from this set.
VALID_TIMEZONES = [
'UTC',
# Americas
'America/New_York',
'America/Detroit',
'America/Indiana/Indianapolis',
'America/Chicago',
'America/Denver',
'America/Phoenix',
'America/Los_Angeles',
'America/Anchorage',
'America/Adak',
'Pacific/Honolulu',
'America/Toronto',
'America/Vancouver',
'America/Winnipeg',
'America/Halifax',
'America/St_Johns',
'America/Mexico_City',
'America/Bogota',
'America/Lima',
'America/Santiago',
'America/Caracas',
'America/Sao_Paulo',
'America/Argentina/Buenos_Aires',
'America/Montevideo',
# Europe
'Europe/London',
'Europe/Dublin',
'Europe/Lisbon',
'Europe/Paris',
'Europe/Berlin',
'Europe/Amsterdam',
'Europe/Brussels',
'Europe/Madrid',
'Europe/Rome',
'Europe/Zurich',
'Europe/Vienna',
'Europe/Stockholm',
'Europe/Oslo',
'Europe/Copenhagen',
'Europe/Helsinki',
'Europe/Warsaw',
'Europe/Prague',
'Europe/Budapest',
'Europe/Bucharest',
'Europe/Athens',
'Europe/Istanbul',
'Europe/Moscow',
'Europe/Kyiv',
# Africa
'Africa/Casablanca',
'Africa/Lagos',
'Africa/Cairo',
'Africa/Nairobi',
'Africa/Johannesburg',
# Asia
'Asia/Dubai',
'Asia/Tbilisi',
'Asia/Tehran',
'Asia/Karachi',
'Asia/Kolkata',
'Asia/Colombo',
'Asia/Dhaka',
'Asia/Yangon',
'Asia/Bangkok',
'Asia/Ho_Chi_Minh',
'Asia/Singapore',
'Asia/Kuala_Lumpur',
'Asia/Jakarta',
'Asia/Shanghai',
'Asia/Hong_Kong',
'Asia/Taipei',
'Asia/Manila',
'Asia/Seoul',
'Asia/Tokyo',
'Asia/Yakutsk',
'Asia/Vladivostok',
# Australia / Pacific
'Australia/Perth',
'Australia/Darwin',
'Australia/Adelaide',
'Australia/Brisbane',
'Australia/Sydney',
'Australia/Melbourne',
'Australia/Hobart',
'Pacific/Auckland',
'Pacific/Fiji',
'Pacific/Guam',
'Pacific/Honolulu',
]
_TIMEZONE_SET = set(VALID_TIMEZONES)
def _strip(value, pattern, max_len):
return re.sub(pattern, '', str(value).strip())[:max_len]
def text(value, max_len=200):
"""General description: letters, digits, spaces, basic punctuation. No quotes/braces/brackets/slashes."""
return _strip(value, r'''["'{}\[\]\\/<>;`^~]''', max_len)
def description(value, max_len=200):
"""Human-readable description: letters, digits, hyphens, parentheses, commas, forward slashes, spaces.
Whitespace collapsed; no sequential commas or slashes."""
s = re.sub(r'[^A-Za-z0-9\-()/,\s]', '', str(value))
s = re.sub(r'\s+', ' ', s)
s = re.sub(r',{2,}', ',', s)
s = re.sub(r'/{2,}', '/', s)
s = re.sub(r'-{2,}', '-', s)
s = re.sub(r'\({2,}', '(', s)
s = re.sub(r'\){2,}', ')', s)
return s.strip()[:max_len]
def name(value, max_len=40):
"""Identifier: lowercase letters, digits, hyphens only. No sequential hyphens."""
s = re.sub(r'[\s_]+', '-', str(value).strip().lower())
s = re.sub(r'[^a-z0-9-]', '', s)[:max_len]
s = re.sub(r'-{2,}', '-', s)
return s.strip('-')
def domainname(value, max_len=253):
"""Hostname or domain: letters, digits, hyphens, dots. Lowercased."""
return _strip(value.lower(), r'[^a-z0-9\-.]', max_len)
def domainlist(lines):
"""Sanitize a list of domain name strings, returning only non-empty results."""
return [h for v in lines if (h := domainname(v))]
def ip(value, max_len=45):
"""IPv4 or IPv6 address. Returns '' if not a valid address."""
cleaned = _strip(value, r'[^0-9a-fA-F.:]', max_len)
try:
ipaddress.ip_address(cleaned)
return cleaned
except ValueError:
return ''
def ip_or_cidr(value, max_len=49):
"""IP address or CIDR subnet. Returns '' if not valid."""
cleaned = _strip(value, r'[^0-9a-fA-F.:/]', max_len)
try:
if '/' in cleaned:
ipaddress.ip_network(cleaned, strict=False)
else:
ipaddress.ip_address(cleaned)
return cleaned
except ValueError:
return ''
def mac(value):
"""MAC address in aa:bb:cc:dd:ee:ff format. Colons required; no other separators accepted.
Returns lowercase colon-separated MAC if valid, '' otherwise."""
s = str(value).strip().lower()
if re.fullmatch(r'([0-9a-f]{2}:){5}[0-9a-f]{2}', s):
return s
return ''
def url(value, max_len=500):
"""URL: printable ASCII except quotes, braces, brackets, backslash, spaces."""
return _strip(value, r'''["'{}\[\]\\ ]''', max_len)
def interface_name(value, max_len=32):
"""Network interface name: letters, digits, hyphens, underscores, dots."""
return _strip(value, r'[^A-Za-z0-9\-_.]', max_len)
def port(value):
"""Port number string, validated 1-65535. Returns '' if invalid."""
digits = re.sub(r'[^0-9]', '', str(value))
try:
n = int(digits)
if 1 <= n <= 65535:
return str(n)
except (ValueError, TypeError):
pass
return ''
def time_24h(value, max_len=5):
"""24-hour time HH:MM: digits and colon only."""
return _strip(value, r'[^0-9:]', max_len)
def email(value, max_len=254):
"""Email address: letters, digits, @, dot, hyphen, underscore, plus. Lowercased."""
return _strip(value.lower(), r'[^a-z0-9@.\-_+]', max_len)
def timezone(value):
"""Timezone string: must be in VALID_TIMEZONES list. Returns '' if not found."""
return value if value in _TIMEZONE_SET else ''
def filterlist(submitted, allowed):
"""Filter a list of submitted values to those present in the allowed set, after sanitizing each."""
allowed = set(allowed)
return [n for v in submitted if (n := name(v)) in allowed]
def filtervalue(value, allowed):
"""Return the sanitized value if it exists in the allowed set, otherwise ''."""
n = name(value)
return n if n in set(allowed) else ''
_DOTTED_TO_PREFIX = {
'255.0.0.0': 8, '255.255.0.0': 16, '255.255.255.0': 24,
'255.255.255.128': 25, '255.255.255.192': 26,
'255.255.255.224': 27, '255.255.255.240': 28,
'255.255.255.248': 29, '255.255.255.252': 30,
}
def subnet_mask(value):
"""Subnet prefix length 1-30 (integer). Also accepts legacy dotted notation.
Returns int on success, None if invalid."""
s = str(value).strip()
if s in _DOTTED_TO_PREFIX:
return _DOTTED_TO_PREFIX[s]
try:
n = int(s)
if 1 <= n <= 30:
return n
except (ValueError, TypeError):
pass
return None

2377
docker/routlin-dash/app/view_page.py Normal file
View file

File diff suppressed because it is too large Load diff

1
docker/routlin-dash/data/authorized_accounts.json Normal file
View file

@ -0,0 +1 @@
{"accounts": []}

53
docker/routlin-dash/data/navbar_content.json Normal file
View file

@ -0,0 +1,53 @@
{
"items": [
{
"type": "nav_item",
"label": "Overview",
"map_to": "view_overview",
"client_requirement": "client_is_nothing+"
},
{
"type": "nav_menu",
"label": "%MENU_LABEL%",
"client_requirement": "client_is_viewer+",
"items": [
{ "type": "nav_item", "label": "General", "map_to": "view_general", "client_requirement": "client_is_administrator+" },
{ "type": "nav_item", "label": "VLANs", "map_to": "view_vlans", "client_requirement": "client_is_administrator+" },
{ "type": "nav_item", "label": "Inter-VLAN Exceptions","map_to": "view_inter_vlan", "client_requirement": "client_is_administrator+" },
{ "type": "nav_item", "label": "Upstream DNS", "map_to": "view_upstream_dns", "client_requirement": "client_is_administrator+" },
{ "type": "nav_item", "label": "DNS Blocklists", "map_to": "view_blocklists", "client_requirement": "client_is_administrator+" },
{ "type": "nav_item", "label": "Port Forwarding", "map_to": "view_port_forwarding","client_requirement": "client_is_administrator+" },
{ "type": "nav_item", "label": "DHCP", "map_to": "view_dhcp" },
{ "type": "nav_item", "label": "Host Overrides", "map_to": "view_host_overrides", "client_requirement": "client_is_administrator+" },
{ "type": "nav_item", "label": "DDNS", "map_to": "view_ddns" },
{ "type": "nav_item", "label": "VPN", "map_to": "view_vpn" },
{ "type": "nav_item", "label": "Banned IPs", "map_to": "view_banned_ips", "client_requirement": "client_is_administrator+" }
]
},
{
"type": "nav_menu",
"label": "Profile",
"align": "right",
"client_requirement": "client_is_viewer+",
"items": [
{ "type": "nav_item", "label": "Preferences", "map_to": "view_preferences" },
{ "type": "nav_item", "label": "Manage Accounts", "map_to": "view_manage_accounts", "client_requirement": "client_is_manager+" },
{ "type": "nav_action", "label": "Log Out", "action": "log_out" }
]
},
{
"type": "nav_item",
"label": "Log In",
"map_to": "view_log_in",
"align": "right",
"client_requirement": "client_is_nothing="
},
{
"type": "nav_item",
"label": "Create Account",
"map_to": "view_create_account",
"align": "right",
"client_requirement": "client_is_nothing="
}
]
}

2694
docker/routlin-dash/data/page_content.json Normal file
View file

File diff suppressed because it is too large Load diff

24
docker/routlin-dash/docker-compose.yml Normal file
View file

@ -0,0 +1,24 @@
name: routlin-dash
services:
flask-app:
container_name: routlin-dash
build: .
ports:
- "25327:25327"
volumes:
- ./data:/data
- $HOME/routlin:/configs
- $HOME/routlin/validation.py:/app/validation.py
- /sys/class/net:/sys/class/net:ro
- /sys/devices:/sys/devices:ro
environment:
- PRODUCT_DISPLAY_NAME=Routlin Dashboard
- INITIAL_MANAGER_EMAIL=mgrotke@gmail.com
- SECRET_KEY=ey8hSQCCYE5kQXV8nOg1CB44LSd3AoUet2ZBc3aZlFrwBbazE7aHcxXWyuT97eAObet5jmOL0CjMg0rB1hE4d2SBVYHPfl8De55EiFv307r1QP3Mf5XgOSSCxD3TuD
- SMTP_HOST=smtp.gmail.com
- SMTP_PORT=587
- SMTP_USER=grotek.industries@gmail.com
- SMTP_PASSWORD=lfhrygyuwvlaczaw
- SMTP_FROM=grotek.industries@gmail.com
restart: unless-stopped

2
docker/routlin-dash/requirements.txt Normal file
View file

@ -0,0 +1,2 @@
flask
bcrypt