from pathlib import Path import copy import re from flask import Blueprint, request, redirect, flash from auth import require_level from config_utils import load_config, save_config_with_snapshot, verify_config_hash, queued_msg import sanitize import validation as validate _PAGE = Path(__file__).parent.name bp = Blueprint(_PAGE, __name__) _VALID_FORMATS_STR = ', '.join(sorted(validate.VALID_BLOCKLIST_FORMATS)) def _row_index(): try: return int(request.form.get('row_index', '')) except (ValueError, TypeError): return None def _hash_ok(): if not verify_config_hash(request.form.get('config_hash', '')): flash('Configuration was modified by another session. Please refresh and try again.', 'error') return False return True def _save_as_from_name(name): slug = re.sub(r'[^a-z0-9_-]', '_', name.lower()).strip('_') return f'{slug}.conf' def _parse_fields(): name = sanitize.name(request.form.get('name', '')) description = sanitize.description(request.form.get('description', '')) fmt = sanitize.filtervalue(request.form.get('format', ''), validate.VALID_BLOCKLIST_FORMATS) url = sanitize.url(request.form.get('url', '')) if not name: flash('The configuration has not been saved because a name is required.', 'error') return None, True if not url: flash('The configuration has not been saved because a URL is required.', 'error') return None, True if not fmt: flash(f'The configuration has not been saved because the format is invalid. ' f'Accepted formats: {_VALID_FORMATS_STR}.', 'error') return None, True return {'name': name, 'description': description, 'format': fmt, 'url': url}, None @bp.route('/action/dnsblocking/blocklists_delete', methods=['POST']) @require_level('administrator') def blocklists_delete(): idx = _row_index() if idx is None: flash('Invalid request.', 'error') return redirect(f'/{_PAGE}') if not _hash_ok(): return redirect(f'/{_PAGE}') cfg = load_config() items = cfg.get('dns_blocking', {}).get('blocklists', []) if idx < 0 or idx >= len(items): flash('Entry not found.', 'error') return redirect(f'/{_PAGE}') before = copy.deepcopy(items[idx]) name = before.get('name', str(idx)) items.pop(idx) errors = validate.validate_config(cfg) if errors: for msg in errors: flash(msg, 'error') return redirect(f'/{_PAGE}') flash(save_config_with_snapshot( cfg, path='dns_blocking', key=name, operation='delete', before=before, after=None, description=f'Deleted blocklist: {name}', queue=False, ), 'success') return redirect(f'/{_PAGE}') @bp.route('/action/dnsblocking/blocklists_edit', methods=['POST']) @require_level('administrator') def blocklists_edit(): idx = _row_index() if idx is None: flash('Invalid request.', 'error') return redirect(f'/{_PAGE}') fields, err = _parse_fields() if err: return redirect(f'/{_PAGE}') if not _hash_ok(): return redirect(f'/{_PAGE}') cfg = load_config() items = cfg.get('dns_blocking', {}).get('blocklists', []) if idx < 0 or idx >= len(items): flash('Entry not found.', 'error') return redirect(f'/{_PAGE}') before = copy.deepcopy(items[idx]) items[idx].update({ 'name': fields['name'], 'description': fields['description'], 'format': fields['format'], 'url': fields['url'], }) errors = validate.validate_config(cfg) if errors: for msg in errors: flash(msg, 'error') return redirect(f'/{_PAGE}') flash(save_config_with_snapshot( cfg, path='dns_blocking', key=fields['name'], operation='edit', before=before, after=copy.deepcopy(items[idx]), description=f'Edited blocklist: {fields["name"]}', queue=False, ), 'success') return redirect(f'/{_PAGE}') @bp.route('/action/dnsblocking/addblocklist_add', methods=['POST']) @require_level('administrator') def addblocklist_add(): fields, err = _parse_fields() if err: return redirect(f'/{_PAGE}') if not _hash_ok(): return redirect(f'/{_PAGE}') cfg = load_config() blocklists = cfg.setdefault('dns_blocking', {}).setdefault('blocklists', []) if any(b.get('name', '').lower() == fields['name'].lower() for b in blocklists): flash('The configuration has not been saved because a blocklist with that name already exists.', 'error') return redirect(f'/{_PAGE}') entry = { 'name': fields['name'], 'description': fields['description'], 'format': fields['format'], 'url': fields['url'], 'save_as': _save_as_from_name(fields['name']), } blocklists.append(entry) errors = validate.validate_config(cfg) if errors: for msg in errors: flash(msg, 'error') return redirect(f'/{_PAGE}') flash(save_config_with_snapshot( cfg, path='dns_blocking', key=fields['name'], operation='add', before=None, after=copy.deepcopy(entry), description=f'Added blocklist: {fields["name"]}', queue=False, ), 'success') return redirect(f'/{_PAGE}') @bp.route('/action/dnsblocking/blocklistrefresh_save', methods=['POST']) @require_level('administrator') def blocklistrefresh_save(): daily_execute_time = validate.time_24h(sanitize.time_24h(request.form.get('daily_execute_time_24hr_local', ''))) if not daily_execute_time: flash('Daily Refresh Time must be a valid 24-hour time (e.g. 02:30).', 'error') return redirect(f'/{_PAGE}') if not verify_config_hash(request.form.get('config_hash', '')): flash('Configuration was modified by another session. Please refresh and try again.', 'error') return redirect(f'/{_PAGE}') cfg = load_config() before = copy.deepcopy(cfg.get('dns_blocking', {}).get('general', {})) cfg.setdefault('dns_blocking', {}).setdefault('general', {})['daily_execute_time_24hr_local'] = daily_execute_time flash(save_config_with_snapshot( cfg, path='dns_blocking', key='general', operation='edit', before=before, after=copy.deepcopy(cfg['dns_blocking']['general']), description='Updated daily blocklist refresh time', cmd='core apply', ), 'success') return redirect(f'/{_PAGE}') @bp.route('/action/dnsblocking/blocklistrefresh_refresh', methods=['POST']) @require_level('administrator') def blocklistrefresh_refresh(): flash(queued_msg('core update-blocklists', action_label='Blocklist refresh queued'), 'success') return redirect(f'/{_PAGE}') @bp.route('/action/dnsblocking/logging_save', methods=['POST']) @require_level('administrator') def logging_save(): log_max_kb_raw = request.form.get('log_max_kb', '').strip() log_errors_only = 'log_errors_only' in request.form log_max_kb = validate.int_range(log_max_kb_raw, 64, None) if log_max_kb is None: flash('Max Log Size must be a number >= 64.', 'error') return redirect(f'/{_PAGE}') if not verify_config_hash(request.form.get('config_hash', '')): flash('Configuration was modified by another session. Please refresh and try again.', 'error') return redirect(f'/{_PAGE}') cfg = load_config() before = copy.deepcopy(cfg.get('dns_blocking', {}).get('general', {})) cfg.setdefault('dns_blocking', {}).setdefault('general', {}).update({ 'log_max_kb': log_max_kb, 'log_errors_only': log_errors_only, }) errors = validate.validate_config(cfg) if errors: for msg in errors: flash(msg, 'error') return redirect(f'/{_PAGE}') flash(save_config_with_snapshot( cfg, path='dns_blocking', key='general', operation='edit', before=before, after=copy.deepcopy(cfg['dns_blocking']['general']), description='Updated DNS blocking log settings', queue=False, ), 'success') return redirect(f'/{_PAGE}')