From 5add39a8a713c8850e2827db54eb18bbe70c9107 Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Mon, 24 Jul 2023 15:45:45 +0200
Subject: [PATCH] Add form for editing ipsets

---
 web/__init__.py                 |  3 +++
 web/ipsets.py                   | 32 ++++++++++++++++++++++++++++++++
 web/rules.py                    |  6 +++++-
 web/templates/base.html         |  6 ++++++
 web/templates/index.html        |  4 ++--
 web/templates/ipsets/index.html | 27 +++++++++++++++++++++++++++
 web/templates/rules/edit.html   | 14 +++++++++++++-
 7 files changed, 88 insertions(+), 4 deletions(-)
 create mode 100644 web/ipsets.py
 create mode 100644 web/templates/ipsets/index.html

diff --git a/web/__init__.py b/web/__init__.py
index 9afeecc..5587f2e 100644
--- a/web/__init__.py
+++ b/web/__init__.py
@@ -51,6 +51,9 @@ def create_app(test_config=None):
     from . import config
     app.register_blueprint(config.blueprint)
 
+    from . import ipsets
+    app.register_blueprint(ipsets.blueprint)
+
     from . import nat
     app.register_blueprint(nat.blueprint)
 
diff --git a/web/ipsets.py b/web/ipsets.py
new file mode 100644
index 0000000..42935a3
--- /dev/null
+++ b/web/ipsets.py
@@ -0,0 +1,32 @@
+import json
+
+import flask
+import flask_login
+
+from . import db
+from . import system
+
+blueprint = flask.Blueprint('ipsets', __name__, url_prefix='/ipsets')
+
+@blueprint.route('/', methods=('GET', 'POST'))
+@flask_login.login_required
+def index():
+    if not flask_login.current_user.is_admin:
+        return flask.Response('forbidden', status=403, mimetype='text/plain')
+
+    with db.locked():
+        ipsets = db.read('ipsets')
+        networks = db.read('networks')
+        if flask.request.method == 'POST':
+            form = flask.request.form
+            ipsets = {}
+            for name, ip, ip6 in zip(form.getlist('name'), form.getlist('ip'), form.getlist('ip6')):
+                if name and name not in networks:
+                    ipsets[name] = {
+                        'ip': ip.split(),
+                        'ip6': ip6.split()
+                    }
+            db.write('ipsets', ipsets)
+            system.run(system.save_config)
+            return flask.redirect(flask.url_for('ipsets.index'))
+        return flask.render_template('ipsets/index.html', ipsets=ipsets)
diff --git a/web/rules.py b/web/rules.py
index f1d9422..63b35ba 100644
--- a/web/rules.py
+++ b/web/rules.py
@@ -44,7 +44,11 @@ def edit(index):
                 db.write('rules', rules)
             system.run(system.save_config)
 
-        return flask.render_template('rules/edit.html', index=index, rule=db.load('rules')[index])
+        with db.locked():
+            ipsets = db.read('ipsets')
+            for network, data in db.read('networks').items():
+                ipsets[network] = {'ip': data.get('ip', []), 'ip6': data.get('ip6', [])}
+        return flask.render_template('rules/edit.html', index=index, rule=db.load('rules')[index], ipsets=ipsets)
     except IndexError as e:
         return flask.Response(f'invalid rule: {index}', status=400, mimetype='text/plain')
 
diff --git a/web/templates/base.html b/web/templates/base.html
index 068e57e..7a2c545 100644
--- a/web/templates/base.html
+++ b/web/templates/base.html
@@ -33,6 +33,12 @@ pre {
     padding: 0.5em;
     margin: 0;
 }
+th {
+    text-align: left;
+}
+th, td {
+    padding-right: 1em;
+}
 ul.keys {
     margin: 0 0.5em 0.5em;
     padding-left: 1em;
diff --git a/web/templates/index.html b/web/templates/index.html
index 857bd29..eb837e2 100644
--- a/web/templates/index.html
+++ b/web/templates/index.html
@@ -8,8 +8,8 @@
 <dd>status opek v požarnem zidu
 <dt><a href="{{ url_for('config.index') }}">Nastavitve</a>
 <dd>nastavitve aplikacije FRIwall
-<dt><a href="{{ url_for('config.edit', name='ipsets') }}">Obsegi IP</a>
-<dd>definicije obsegov IP
+<dt><a href="{{ url_for('ipsets.index') }}">Območja IP</a>
+<dd>definicije območij IP
 <dt><a href="{{ url_for('rules.index') }}">Urejanje pravil</a>
 <dd>pravila za posredovanje prometa
 <dt><a href="{{ url_for('nat.index') }}">NAT</a>
diff --git a/web/templates/ipsets/index.html b/web/templates/ipsets/index.html
new file mode 100644
index 0000000..6e80bad
--- /dev/null
+++ b/web/templates/ipsets/index.html
@@ -0,0 +1,27 @@
+{% extends 'base.html' %}
+
+{% block content %}
+<p>
+Urejate območja IP. Za vsako območje lahko dodate enega ali več obsegov IP in/ali IPv6, ločenih s presledki.
+
+<form id="request" method="POST">
+<table>
+<thead>
+<th>Ime<th>IP<th>IPv6
+<tbody>
+<tbody>
+{% for name, addresses in ipsets.items() %}
+<tr>
+<td><input name="name" value="{{ name }}" />
+<td><input name="ip" value="{{ addresses.ip|join(' ') }}" />
+<td><input name="ip6" value="{{ addresses.ip6|join(' ') }}" />
+{% endfor %}
+<tr>
+<td><input name="name" />
+<td><input name="ip" />
+<td><input name="ip6" />
+</table>
+<p><button id="submit" type="submit">Shrani</button>
+</form>
+
+{% endblock %}
diff --git a/web/templates/rules/edit.html b/web/templates/rules/edit.html
index 372ed0c..2e26e1e 100644
--- a/web/templates/rules/edit.html
+++ b/web/templates/rules/edit.html
@@ -2,7 +2,7 @@
 
 {% block content %}
 <p>
-Urejate pravilo #{{ index }}. <a href="{{ url_for('rules.index') }}">Seznam pravil.</a>
+Urejate pravilo #{{ index }}. V pravilih lahko uporabljate imena območij IP, prikazana spodaj. <a href="{{ url_for('rules.index') }}">Seznam pravil.</a>
 
 <form id="request" method="POST">
 <p>
@@ -22,4 +22,16 @@ Uporabniki, ki lahko o(ne)mogočijo pravilo<br>
 <p><button id="submit" type="submit">Shrani</button>
 </form>
 
+<table>
+<thead>
+<th>Območje<th>IP<th>IPv6
+<tbody>
+{% for network, addresses in ipsets.items() %}
+<tr>
+<td>{{ network }}
+<td>{{ addresses.ip|join('<br>')|safe }}
+<td>{{ addresses.ip6|join('<br>')|safe }}
+{% endfor %}
+</table>
+
 {% endblock %}