Add form for editing ipsets

2023-07-24 15:45:45 +02:00 · 2023-07-24 15:45:45 +02:00 · 5add39a8a7
parent a5df435931
commit 5add39a8a7
7 changed files with 88 additions and 4 deletions
--- a/web/init.py
+++ b/web/init.py
@ -51,6 +51,9 @@ def create_app(test_config=None):
    from . import config
    app.register_blueprint(config.blueprint)

+    from . import ipsets
+    app.register_blueprint(ipsets.blueprint)
+
    from . import nat
    app.register_blueprint(nat.blueprint)

--- a/web/ipsets.py
+++ b/web/ipsets.py
@ -0,0 +1,32 @@
+import json
+
+import flask
+import flask_login
+
+from . import db
+from . import system
+
+blueprint = flask.Blueprint('ipsets', __name__, url_prefix='/ipsets')
+
+@blueprint.route('/', methods=('GET', 'POST'))
+@flask_login.login_required
+def index():
+    if not flask_login.current_user.is_admin:
+        return flask.Response('forbidden', status=403, mimetype='text/plain')
+
+    with db.locked():
+        ipsets = db.read('ipsets')
+        networks = db.read('networks')
+        if flask.request.method == 'POST':
+            form = flask.request.form
+            ipsets = {}
+            for name, ip, ip6 in zip(form.getlist('name'), form.getlist('ip'), form.getlist('ip6')):
+                if name and name not in networks:
+                    ipsets[name] = {
+                        'ip': ip.split(),
+                        'ip6': ip6.split()
+                    }
+            db.write('ipsets', ipsets)
+            system.run(system.save_config)
+            return flask.redirect(flask.url_for('ipsets.index'))
+        return flask.render_template('ipsets/index.html', ipsets=ipsets)
--- a/web/rules.py
+++ b/web/rules.py
@ -44,7 +44,11 @@ def edit(index):
                db.write('rules', rules)
            system.run(system.save_config)

-        return flask.render_template('rules/edit.html', index=index, rule=db.load('rules')[index])
+        with db.locked():
+            ipsets = db.read('ipsets')
+            for network, data in db.read('networks').items():
+                ipsets[network] = {'ip': data.get('ip', []), 'ip6': data.get('ip6', [])}
+        return flask.render_template('rules/edit.html', index=index, rule=db.load('rules')[index], ipsets=ipsets)
    except IndexError as e:
        return flask.Response(f'invalid rule: {index}', status=400, mimetype='text/plain')

--- a/web/templates/base.html
+++ b/web/templates/base.html
@ -33,6 +33,12 @@ pre {
    padding: 0.5em;
    margin: 0;
 }
+th {
+    text-align: left;
+}
+th, td {
+    padding-right: 1em;
+}
 ul.keys {
    margin: 0 0.5em 0.5em;
    padding-left: 1em;
--- a/web/templates/index.html
+++ b/web/templates/index.html
@ -8,8 +8,8 @@
 <dd>status opek v požarnem zidu
 <dt><a href="{{ url_for('config.index') }}">Nastavitve</a>
 <dd>nastavitve aplikacije FRIwall
-<dt><a href="{{ url_for('config.edit', name='ipsets') }}">Obsegi IP</a>
-<dd>definicije obsegov IP
+<dt><a href="{{ url_for('ipsets.index') }}">Območja IP</a>
+<dd>definicije območij IP
 <dt><a href="{{ url_for('rules.index') }}">Urejanje pravil</a>
 <dd>pravila za posredovanje prometa
 <dt><a href="{{ url_for('nat.index') }}">NAT</a>
--- a/web/templates/ipsets/index.html
+++ b/web/templates/ipsets/index.html
@ -0,0 +1,27 @@
+{% extends 'base.html' %}
+
+{% block content %}
+<p>
+Urejate območja IP. Za vsako območje lahko dodate enega ali več obsegov IP in/ali IPv6, ločenih s presledki.
+
+<form id="request" method="POST">
+<table>
+<thead>
+<th>Ime<th>IP<th>IPv6
+<tbody>
+<tbody>
+{% for name, addresses in ipsets.items() %}
+<tr>
+<td><input name="name" value="{{ name }}" />
+<td><input name="ip" value="{{ addresses.ip|join(' ') }}" />
+<td><input name="ip6" value="{{ addresses.ip6|join(' ') }}" />
+{% endfor %}
+<tr>
+<td><input name="name" />
+<td><input name="ip" />
+<td><input name="ip6" />
+</table>
+<p><button id="submit" type="submit">Shrani</button>
+</form>
+
+{% endblock %}
--- a/web/templates/rules/edit.html
+++ b/web/templates/rules/edit.html
@ -2,7 +2,7 @@

 {% block content %}
 <p>
-Urejate pravilo #{{ index }}. <a href="{{ url_for('rules.index') }}">Seznam pravil.</a>
+Urejate pravilo #{{ index }}. V pravilih lahko uporabljate imena območij IP, prikazana spodaj. <a href="{{ url_for('rules.index') }}">Seznam pravil.</a>

 <form id="request" method="POST">
 <p>
@ -22,4 +22,16 @@ Uporabniki, ki lahko o(ne)mogočijo pravilo<br>
 <p><button id="submit" type="submit">Shrani</button>
 </form>

+<table>
+<thead>
+<th>Območje<th>IP<th>IPv6
+<tbody>
+{% for network, addresses in ipsets.items() %}
+<tr>
+<td>{{ network }}
+<td>{{ addresses.ip|join('<br>')|safe }}
+<td>{{ addresses.ip6|join('<br>')|safe }}
+{% endfor %}
+</table>
+
 {% endblock %}