Add form for editing NAT addresses

web/__init__.py

@@ -51,6 +51,9 @@ def create_app(test_config=None):
     from . import config
     app.register_blueprint(config.blueprint)
 
+    from . import nat
+    app.register_blueprint(nat.blueprint)
+
     from . import rules
     app.register_blueprint(rules.blueprint)
 

web/nat.py

@@ -0,0 +1,34 @@
+import flask
+import flask_login
+
+from . import db
+from . import system
+
+blueprint = flask.Blueprint('nat', __name__, url_prefix='/nat')
+
+@blueprint.route('/', methods=('GET', 'POST'))
+@flask_login.login_required
+def index():
+    try:
+        if not flask_login.current_user.is_admin:
+            return flask.Response('forbidden', status=403, mimetype='text/plain')
+
+        with db.locked():
+            nat = { office: "" for office in db.read('networks') }
+            nat |= db.read('nat')
+
+            if flask.request.method == 'POST':
+                form = flask.request.form
+                for office, address in form.items():
+                    if office in nat:
+                        nat[office] = address
+                db.write('nat', nat)
+                system.run(system.save_config)
+                return flask.redirect(flask.url_for('nat.index'))
+
+            return flask.render_template('nat/index.html', nat=nat)
+
+    except Exception as e:
+        return flask.Response(f'something went catastrophically wrong: {e}',
+                status=400, mimetype='text/plain')
+

web/system.py

@@ -68,7 +68,7 @@ def save_config():
             settings = db.read('settings')
             version = settings['version'] = int(settings.get('version', 0)) + 1
 
-            # Populate IP sets and translation maps for NAT.
+            # Populate IP sets.
             ipsets = collections.defaultdict(set)
             for name, network in db.read('ipsets').items():
                 ipsets[name].update(network.get('ip', ()))
@@ -123,7 +123,8 @@ map {name} {{
             with open(f'{output}/etc/nftables.d/nat.nft', 'w', encoding='utf-8') as f:
                 nat = db.read('nat') # { network name: public range… }
                 for network, address in nat.items():
-                    print(f'iif @inside oif @outside ip saddr @{network} snat to {address}', file=f)
+                    if address:
+                        print(f'iif @inside oif @outside ip saddr @{network} snat to {address}', file=f)
 
             # Print forwarding rules.
             with open(f'{output}/etc/nftables.d/forward.nft', 'w', encoding='utf-8') as f:

web/templates/index.html

@@ -10,7 +10,7 @@
 <dd>definicije obsegov IP
 <dt><a href="{{ url_for('rules.index') }}">Urejanje pravil</a>
 <dd>pravila za posredovanje prometa
-<dt><a href="{{ url_for('config.edit', name='nat') }}">NAT</a>
+<dt><a href="{{ url_for('nat.index') }}">NAT</a>
 <dd>javni naslovi za pisarniška omrežja
 <dt><a href="{{ url_for('config.edit', name='netmap') }}">Netmap</a>
 <dd>statične 1:1 preslikave naslovov za strežniška omrežja

web/templates/nat/index.html

@@ -0,0 +1,19 @@
+{% extends 'base.html' %}
+
+{% block content %}
+<p>
+Urejate naslove NAT za pisarniška omrežja.
+
+<form id="request" method="POST">
+<table>
+<tbody>
+{% for office, address in nat.items() %}
+<tr>
+<td><label for="{{ office }}">{{ office }}</label>
+<td><input id="{{ office }}" name="{{ office }}" value="{{ address }}" />
+{% endfor %}
+</table>
+<p><button id="submit" type="submit">Shrani</button>
+</form>
+
+{% endblock %}