Development

2026-05-27 20:56:30 -04:00 · 2026-05-27 20:56:30 -04:00 · eed1d295dc
commit eed1d295dc
parent d8d1d46fd2
69 changed files with 3355 additions and 3230 deletions
--- a/docker/routlin-dash/app/pages/bannedips/init.py
+++ b/docker/routlin-dash/app/pages/bannedips/init.py
--- a/docker/routlin-dash/app/pages/bannedips/action.py
+++ b/docker/routlin-dash/app/pages/bannedips/action.py
@ -0,0 +1,171 @@
+import copy
+
+from flask import Blueprint, request, redirect, flash
+from auth import require_level
+from config_utils import load_config, save_config_with_snapshot, verify_config_hash
+import sanitize
+import validation as validate
+
+bp = Blueprint('bannedips', __name__)
+
+VIEW = '/view/view_bannedips'
+
+
+def _row_index():
+    try:
+        return int(request.form.get('row_index', ''))
+    except (ValueError, TypeError):
+        return None
+
+
+def _hash_ok():
+    if not verify_config_hash(request.form.get('config_hash', '')):
+        flash('Configuration was modified by another session. Please refresh and try again.', 'error')
+        return False
+    return True
+
+
+def _parse_ip():
+    raw = request.form.get('ip', '').strip()
+    if not raw:
+        flash('The configuration has not been saved because an IP address, CIDR, or wildcard pattern is required.', 'error')
+        return None
+    ip = validate.banned_ip(raw)
+    if not ip:
+        flash(f'The configuration has not been saved because "{raw}" is not a valid IP address, CIDR, or wildcard pattern.', 'error')
+        return None
+    return ip
+
+
+@bp.route('/action/add_banned_ip', methods=['POST'])
+@require_level('administrator')
+def add_banned_ip():
+    description = sanitize.text(request.form.get('description', ''))
+    ip          = _parse_ip()
+    if ip is None:
+        return redirect(VIEW)
+    if not _hash_ok():
+        return redirect(VIEW)
+
+    cfg  = load_config()
+    entry = {'description': description, 'ip': ip, 'enabled': True}
+    cfg.setdefault('banned_ips', []).append(entry)
+    errors = validate.validate_config(cfg)
+    if errors:
+        for msg in errors:
+            flash(msg, 'error')
+        return redirect(VIEW)
+
+    flash(save_config_with_snapshot(
+        cfg,
+        path='banned_ips', key=ip, operation='add',
+        before=None, after=entry,
+        description=f'Added banned IP: {ip}',
+    ), 'success')
+    return redirect(VIEW)
+
+
+@bp.route('/action/toggle_banned_ip', methods=['POST'])
+@require_level('administrator')
+def toggle_banned_ip():
+    idx = _row_index()
+    if idx is None:
+        flash('Invalid request.', 'error')
+        return redirect(VIEW)
+    if not _hash_ok():
+        return redirect(VIEW)
+
+    cfg  = load_config()
+    items = cfg.get('banned_ips', [])
+    if idx < 0 or idx >= len(items):
+        flash('Entry not found.', 'error')
+        return redirect(VIEW)
+
+    old_enabled        = items[idx].get('enabled', True)
+    items[idx]['enabled'] = not old_enabled
+    errors = validate.validate_config(cfg)
+    if errors:
+        for msg in errors:
+            flash(msg, 'error')
+        return redirect(VIEW)
+
+    action = 'Enabled' if not old_enabled else 'Disabled'
+    flash(save_config_with_snapshot(
+        cfg,
+        path='banned_ips', key=items[idx]['ip'], operation='toggle',
+        before={'enabled': old_enabled}, after={'enabled': not old_enabled},
+        description=f'{action} banned IP: {items[idx]["ip"]}',
+    ), 'success')
+    return redirect(VIEW)
+
+
+@bp.route('/action/edit_banned_ip', methods=['POST'])
+@require_level('administrator')
+def edit_banned_ip():
+    idx = _row_index()
+    if idx is None:
+        flash('Invalid request.', 'error')
+        return redirect(VIEW)
+
+    description = sanitize.text(request.form.get('description', ''))
+    ip          = _parse_ip()
+    if ip is None:
+        return redirect(VIEW)
+    enabled = request.form.get('enabled') == 'on'
+
+    if not _hash_ok():
+        return redirect(VIEW)
+
+    cfg  = load_config()
+    items = cfg.get('banned_ips', [])
+    if idx < 0 or idx >= len(items):
+        flash('Entry not found.', 'error')
+        return redirect(VIEW)
+
+    before = copy.deepcopy(items[idx])
+    items[idx].update({'description': description, 'ip': ip, 'enabled': enabled})
+    errors = validate.validate_config(cfg)
+    if errors:
+        for msg in errors:
+            flash(msg, 'error')
+        return redirect(VIEW)
+
+    flash(save_config_with_snapshot(
+        cfg,
+        path='banned_ips', key=ip, operation='edit',
+        before=before, after=copy.deepcopy(items[idx]),
+        description=f'Edited banned IP: {ip}',
+    ), 'success')
+    return redirect(VIEW)
+
+
+@bp.route('/action/delete_banned_ip', methods=['POST'])
+@require_level('administrator')
+def delete_banned_ip():
+    idx = _row_index()
+    if idx is None:
+        flash('Invalid request.', 'error')
+        return redirect(VIEW)
+    if not _hash_ok():
+        return redirect(VIEW)
+
+    cfg  = load_config()
+    items = cfg.get('banned_ips', [])
+    if idx < 0 or idx >= len(items):
+        flash('Entry not found.', 'error')
+        return redirect(VIEW)
+
+    removed = items.pop(idx)
+    errors = validate.validate_config(cfg)
+    if errors:
+        for msg in errors:
+            flash(msg, 'error')
+        return redirect(VIEW)
+
+    flash(save_config_with_snapshot(
+        cfg,
+        path='banned_ips', key=removed['ip'], operation='delete',
+        before=removed, after=None,
+        description=f'Deleted banned IP: {removed["ip"]}',
+    ), 'success')
+    return redirect(VIEW)
--- a/docker/routlin-dash/app/pages/bannedips/content.json
+++ b/docker/routlin-dash/app/pages/bannedips/content.json
@ -0,0 +1,121 @@
+{
+  "id": "view_bannedips",
+  "client_requirement": "client_is_viewer+",
+  "items": [
+    {
+      "type": "header_page_title",
+      "items": [
+        {
+          "type": "h1",
+          "text": "Banned IPs"
+        },
+        {
+          "type": "p",
+          "text": "IPs and ranges blocked in both directions at the nftables firewall."
+        }
+      ]
+    },
+    {
+      "type": "info_bar",
+      "variant": "info",
+      "text": "Supports single IPs, CIDR (94.130.0.0/16), wildcards (94.130.*.*), and ranges (94.130.52.1-20). IPv4 and IPv6 are both supported."
+    },
+    {
+      "type": "table",
+      "datasource": "config:banned_ips",
+      "empty_message": "No IP bans configured.",
+      "columns": [
+        {
+          "label": "Description",
+          "field": "description"
+        },
+        {
+          "label": "IP / Range",
+          "field": "ip",
+          "class": "col-mono"
+        },
+        {
+          "label": "Status",
+          "field": "enabled",
+          "render": "badge_enabled_disabled"
+        }
+      ],
+      "row_actions": [
+        {
+          "client_requirement": "client_is_administrator+",
+          "action": "/action/edit_banned_ip",
+          "method": "inline_edit",
+          "text": "Edit",
+          "class": "btn-ghost btn-sm",
+          "fields": [
+            {
+              "col": "description",
+              "input_type": "text"
+            },
+            {
+              "col": "ip",
+              "input_type": "text"
+            },
+            {
+              "col": "enabled",
+              "input_type": "checkbox",
+              "checkbox_label": "Enabled"
+            }
+          ]
+        },
+        {
+          "client_requirement": "client_is_administrator+",
+          "action": "/action/delete_banned_ip",
+          "method": "post",
+          "text": "Delete",
+          "class": "btn-danger btn-sm"
+        }
+      ]
+    },
+    {
+      "type": "card",
+      "id": "add-form",
+      "label": "Add Banned IP",
+      "client_requirement": "client_is_administrator+",
+      "items": [
+        {
+          "type": "form",
+          "action": "/action/add_banned_ip",
+          "method": "post",
+          "items": [
+            {
+              "type": "field",
+              "label": "Description",
+              "name": "description",
+              "input_type": "text",
+              "placeholder": "e.g. Bad actor",
+              "hint": "Optional label for this entry."
+            },
+            {
+              "type": "field",
+              "label": "IP / Range",
+              "name": "ip",
+              "input_type": "text",
+              "placeholder": "e.g. 1.2.3.4 or 1.2.3.0/24"
+            },
+            {
+              "type": "button_row",
+              "items": [
+                {
+                  "type": "button_primary",
+                  "action": "/action/add_banned_ip",
+                  "method": "post",
+                  "text": "Add Banned IP"
+                },
+                {
+                  "type": "button_cancel",
+                  "text": "Cancel"
+                }
+              ]
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}