2022-01-03 10:33:02 +00:00
|
|
|
import os
|
2023-07-03 13:55:49 +00:00
|
|
|
import syslog
|
2023-01-26 15:11:32 +00:00
|
|
|
import secrets
|
2022-01-03 10:33:02 +00:00
|
|
|
|
|
|
|
import flask
|
|
|
|
import flask_login
|
|
|
|
|
|
|
|
def create_app(test_config=None):
|
|
|
|
app = flask.Flask(__name__)
|
2023-07-03 13:55:49 +00:00
|
|
|
syslog.openlog('friwall')
|
2022-01-03 10:33:02 +00:00
|
|
|
|
2023-01-26 15:11:32 +00:00
|
|
|
# Ensure all required keys exist.
|
|
|
|
settings = {
|
2023-05-29 11:34:44 +00:00
|
|
|
'secret_key': secrets.token_hex(),
|
2023-01-26 15:11:32 +00:00
|
|
|
'ldap_host': '',
|
|
|
|
'ldap_user': '',
|
|
|
|
'ldap_pass': '',
|
2024-09-16 14:24:09 +00:00
|
|
|
'ldap_base_dn': '', # search for VPN users under this DN
|
|
|
|
'user_group': '', # limit VPN users to this LDAP group
|
2023-09-14 08:09:45 +00:00
|
|
|
'oidc_server': '',
|
2023-09-06 12:28:06 +00:00
|
|
|
'oidc_client_id': '',
|
|
|
|
'oidc_client_secret': '',
|
2024-09-16 14:24:09 +00:00
|
|
|
'admin_group': '', # OIDC group for admin access
|
|
|
|
'admin_mail': '', # where to report errors
|
|
|
|
'no_nat_set': '', # name of destination IP set for which no NAT should be done
|
2023-01-26 15:11:32 +00:00
|
|
|
'wg_endpoint': '',
|
|
|
|
'wg_port': '51820',
|
2023-09-15 11:59:04 +00:00
|
|
|
'wg_allowed_nets': '',
|
2024-07-29 09:16:08 +00:00
|
|
|
'wg_dns': '',
|
2023-01-26 15:11:32 +00:00
|
|
|
'wg_key': '',
|
2024-09-16 14:24:09 +00:00
|
|
|
'wg_net': '', # allocate wireguard IPv4 addresses from this prefix
|
|
|
|
'wg_net6': '', # allocate wireguard IPv6 addresses from this prefix
|
2023-01-26 15:11:32 +00:00
|
|
|
'version': 0,
|
|
|
|
}
|
2022-01-03 10:33:02 +00:00
|
|
|
|
|
|
|
from . import db
|
2023-05-19 07:30:28 +00:00
|
|
|
with db.locked():
|
2023-01-26 15:11:32 +00:00
|
|
|
settings |= db.read('settings')
|
|
|
|
db.write('settings', settings)
|
|
|
|
|
|
|
|
app.config['SECRET_KEY'] = settings.get('secret_key', '')
|
2022-01-03 10:33:02 +00:00
|
|
|
|
|
|
|
from . import auth
|
2023-09-14 08:09:45 +00:00
|
|
|
auth.init_app(app, settings)
|
2023-09-06 12:28:06 +00:00
|
|
|
|
|
|
|
from . import errors
|
|
|
|
errors.init_app(app)
|
|
|
|
|
|
|
|
from . import system
|
|
|
|
system.init_app(app)
|
2022-01-03 10:33:02 +00:00
|
|
|
|
|
|
|
from . import config
|
2023-12-04 08:46:37 +00:00
|
|
|
app.register_blueprint(config.blueprint, url_prefix='/config')
|
2022-01-03 10:33:02 +00:00
|
|
|
|
2023-07-24 13:45:45 +00:00
|
|
|
from . import ipsets
|
2023-12-04 08:46:37 +00:00
|
|
|
app.register_blueprint(ipsets.blueprint, url_prefix='/ipsets')
|
2023-07-24 13:45:45 +00:00
|
|
|
|
2023-05-29 10:24:21 +00:00
|
|
|
from . import rules
|
2023-12-04 08:46:37 +00:00
|
|
|
app.register_blueprint(rules.blueprint, url_prefix='/rules')
|
2023-05-29 10:24:21 +00:00
|
|
|
|
2022-01-03 10:33:02 +00:00
|
|
|
from . import vpn
|
2023-12-04 08:46:37 +00:00
|
|
|
app.register_blueprint(vpn.blueprint, url_prefix='/vpn')
|
2022-01-03 10:33:02 +00:00
|
|
|
|
|
|
|
@app.route('/')
|
|
|
|
@flask_login.login_required
|
|
|
|
def home():
|
|
|
|
return flask.render_template('index.html')
|
|
|
|
|
2023-07-07 07:16:51 +00:00
|
|
|
@app.route('/nodes')
|
|
|
|
@flask_login.login_required
|
|
|
|
def nodes():
|
2023-09-06 12:28:06 +00:00
|
|
|
if not flask_login.current_user.is_admin:
|
|
|
|
return flask.Response('forbidden', status=403, mimetype='text/plain')
|
|
|
|
with db.locked('nodes'):
|
|
|
|
version = db.load('settings').get('version')
|
|
|
|
nodes = db.read('nodes')
|
|
|
|
return flask.render_template('nodes.html', version=version, nodes=nodes)
|
2023-07-07 07:16:51 +00:00
|
|
|
|
2022-01-03 10:33:02 +00:00
|
|
|
return app
|