Development

2026-05-27 20:56:30 -04:00 · 2026-05-27 20:56:30 -04:00 · eed1d295dc
commit eed1d295dc
parent d8d1d46fd2
69 changed files with 3355 additions and 3230 deletions
--- a/docker/routlin-dash/app/pages/bannedips/action.py
+++ b/docker/routlin-dash/app/pages/bannedips/action.py
@ -0,0 +1,171 @@
+import copy
+
+from flask import Blueprint, request, redirect, flash
+from auth import require_level
+from config_utils import load_config, save_config_with_snapshot, verify_config_hash
+import sanitize
+import validation as validate
+
+bp = Blueprint('bannedips', __name__)
+
+VIEW = '/view/view_bannedips'
+
+
+def _row_index():
+    try:
+        return int(request.form.get('row_index', ''))
+    except (ValueError, TypeError):
+        return None
+
+
+def _hash_ok():
+    if not verify_config_hash(request.form.get('config_hash', '')):
+        flash('Configuration was modified by another session. Please refresh and try again.', 'error')
+        return False
+    return True
+
+
+def _parse_ip():
+    raw = request.form.get('ip', '').strip()
+    if not raw:
+        flash('The configuration has not been saved because an IP address, CIDR, or wildcard pattern is required.', 'error')
+        return None
+    ip = validate.banned_ip(raw)
+    if not ip:
+        flash(f'The configuration has not been saved because "{raw}" is not a valid IP address, CIDR, or wildcard pattern.', 'error')
+        return None
+    return ip
+
+
+@bp.route('/action/add_banned_ip', methods=['POST'])
+@require_level('administrator')
+def add_banned_ip():
+    description = sanitize.text(request.form.get('description', ''))
+    ip          = _parse_ip()
+    if ip is None:
+        return redirect(VIEW)
+    if not _hash_ok():
+        return redirect(VIEW)
+
+    cfg  = load_config()
+    entry = {'description': description, 'ip': ip, 'enabled': True}
+    cfg.setdefault('banned_ips', []).append(entry)
+    errors = validate.validate_config(cfg)
+    if errors:
+        for msg in errors:
+            flash(msg, 'error')
+        return redirect(VIEW)
+
+    flash(save_config_with_snapshot(
+        cfg,
+        path='banned_ips', key=ip, operation='add',
+        before=None, after=entry,
+        description=f'Added banned IP: {ip}',
+    ), 'success')
+    return redirect(VIEW)
+
+
+@bp.route('/action/toggle_banned_ip', methods=['POST'])
+@require_level('administrator')
+def toggle_banned_ip():
+    idx = _row_index()
+    if idx is None:
+        flash('Invalid request.', 'error')
+        return redirect(VIEW)
+    if not _hash_ok():
+        return redirect(VIEW)
+
+    cfg  = load_config()
+    items = cfg.get('banned_ips', [])
+    if idx < 0 or idx >= len(items):
+        flash('Entry not found.', 'error')
+        return redirect(VIEW)
+
+    old_enabled        = items[idx].get('enabled', True)
+    items[idx]['enabled'] = not old_enabled
+    errors = validate.validate_config(cfg)
+    if errors:
+        for msg in errors:
+            flash(msg, 'error')
+        return redirect(VIEW)
+
+    action = 'Enabled' if not old_enabled else 'Disabled'
+    flash(save_config_with_snapshot(
+        cfg,
+        path='banned_ips', key=items[idx]['ip'], operation='toggle',
+        before={'enabled': old_enabled}, after={'enabled': not old_enabled},
+        description=f'{action} banned IP: {items[idx]["ip"]}',
+    ), 'success')
+    return redirect(VIEW)
+
+
+@bp.route('/action/edit_banned_ip', methods=['POST'])
+@require_level('administrator')
+def edit_banned_ip():
+    idx = _row_index()
+    if idx is None:
+        flash('Invalid request.', 'error')
+        return redirect(VIEW)
+
+    description = sanitize.text(request.form.get('description', ''))
+    ip          = _parse_ip()
+    if ip is None:
+        return redirect(VIEW)
+    enabled = request.form.get('enabled') == 'on'
+
+    if not _hash_ok():
+        return redirect(VIEW)
+
+    cfg  = load_config()
+    items = cfg.get('banned_ips', [])
+    if idx < 0 or idx >= len(items):
+        flash('Entry not found.', 'error')
+        return redirect(VIEW)
+
+    before = copy.deepcopy(items[idx])
+    items[idx].update({'description': description, 'ip': ip, 'enabled': enabled})
+    errors = validate.validate_config(cfg)
+    if errors:
+        for msg in errors:
+            flash(msg, 'error')
+        return redirect(VIEW)
+
+    flash(save_config_with_snapshot(
+        cfg,
+        path='banned_ips', key=ip, operation='edit',
+        before=before, after=copy.deepcopy(items[idx]),
+        description=f'Edited banned IP: {ip}',
+    ), 'success')
+    return redirect(VIEW)
+
+
+@bp.route('/action/delete_banned_ip', methods=['POST'])
+@require_level('administrator')
+def delete_banned_ip():
+    idx = _row_index()
+    if idx is None:
+        flash('Invalid request.', 'error')
+        return redirect(VIEW)
+    if not _hash_ok():
+        return redirect(VIEW)
+
+    cfg  = load_config()
+    items = cfg.get('banned_ips', [])
+    if idx < 0 or idx >= len(items):
+        flash('Entry not found.', 'error')
+        return redirect(VIEW)
+
+    removed = items.pop(idx)
+    errors = validate.validate_config(cfg)
+    if errors:
+        for msg in errors:
+            flash(msg, 'error')
+        return redirect(VIEW)
+
+    flash(save_config_with_snapshot(
+        cfg,
+        path='banned_ips', key=removed['ip'], operation='delete',
+        before=removed, after=None,
+        description=f'Deleted banned IP: {removed["ip"]}',
+    ), 'success')
+    return redirect(VIEW)