friwall/web/__init__.py

80 lines
2.3 KiB
Python
Raw Normal View History

2022-01-03 10:33:02 +00:00
import os
import syslog
2023-01-26 15:11:32 +00:00
import secrets
2022-01-03 10:33:02 +00:00
import flask
import flask_login
def create_app(test_config=None):
app = flask.Flask(__name__)
syslog.openlog('friwall')
2022-01-03 10:33:02 +00:00
2023-01-26 15:11:32 +00:00
# Ensure all required keys exist.
settings = {
'secret_key': secrets.token_hex(),
2023-01-26 15:11:32 +00:00
'ldap_host': '',
'ldap_user': '',
'ldap_pass': '',
'ldap_base_dn': '', # search for VPN users under this DN
'user_group': '', # limit VPN users to this LDAP group
'oidc_server': '',
2023-09-06 12:28:06 +00:00
'oidc_client_id': '',
'oidc_client_secret': '',
'admin_group': '', # OIDC group for admin access
'admin_mail': '', # where to report errors
'no_nat_set': '', # name of destination IP set for which no NAT should be done
2023-01-26 15:11:32 +00:00
'wg_endpoint': '',
'wg_port': '51820',
2023-09-15 11:59:04 +00:00
'wg_allowed_nets': '',
'wg_dns': '',
2023-01-26 15:11:32 +00:00
'wg_key': '',
'wg_net': '', # allocate wireguard IPv4 addresses from this prefix
'wg_net6': '', # allocate wireguard IPv6 addresses from this prefix
2023-01-26 15:11:32 +00:00
'version': 0,
}
2022-01-03 10:33:02 +00:00
from . import db
with db.locked():
2023-01-26 15:11:32 +00:00
settings |= db.read('settings')
db.write('settings', settings)
app.config['SECRET_KEY'] = settings.get('secret_key', '')
2022-01-03 10:33:02 +00:00
from . import auth
auth.init_app(app, settings)
2023-09-06 12:28:06 +00:00
from . import errors
errors.init_app(app)
from . import system
system.init_app(app)
2022-01-03 10:33:02 +00:00
from . import config
app.register_blueprint(config.blueprint, url_prefix='/config')
2022-01-03 10:33:02 +00:00
2023-07-24 13:45:45 +00:00
from . import ipsets
app.register_blueprint(ipsets.blueprint, url_prefix='/ipsets')
2023-07-24 13:45:45 +00:00
from . import rules
app.register_blueprint(rules.blueprint, url_prefix='/rules')
2022-01-03 10:33:02 +00:00
from . import vpn
app.register_blueprint(vpn.blueprint, url_prefix='/vpn')
2022-01-03 10:33:02 +00:00
@app.route('/')
@flask_login.login_required
def home():
return flask.render_template('index.html')
2023-07-07 07:16:51 +00:00
@app.route('/nodes')
@flask_login.login_required
def nodes():
2023-09-06 12:28:06 +00:00
if not flask_login.current_user.is_admin:
return flask.Response('forbidden', status=403, mimetype='text/plain')
with db.locked('nodes'):
version = db.load('settings').get('version')
nodes = db.read('nodes')
return flask.render_template('nodes.html', version=version, nodes=nodes)
2023-07-07 07:16:51 +00:00
2022-01-03 10:33:02 +00:00
return app