rc/friwall
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Consolidate error handling

Browse source 
Do or do not; there is no try. With some exceptions.
This commit is contained in:
Timotej Lazar 2023-07-12 14:18:31 +02:00
parent 8c824fe9e6
commit a5df435931
5 changed files with 106 additions and 159 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
web/__init__.py
View file

@ -81,6 +81,15 @@ def create_app(test_config=None):
def unauth_handler(): def unauth_handler():
return flask.redirect(flask.url_for('auth.login', next=flask.request.endpoint)) return flask.redirect(flask.url_for('auth.login', next=flask.request.endpoint))
@app.errorhandler(TimeoutError)
def timeout_error(e):
return flask.render_template('busy.html')
@app.errorhandler(Exception)
def internal_server_error(e):
return flask.Response(f'something went catastrophically wrong: {e}',
status=500, mimetype='text/plain')
@app.route('/') @app.route('/')
@flask_login.login_required @flask_login.login_required
def home(): def home():

56
web/config.py
View file

@ -11,43 +11,29 @@ blueprint = flask.Blueprint('config', __name__, url_prefix='/config')
@blueprint.route('/', methods=('GET', 'POST')) @blueprint.route('/', methods=('GET', 'POST'))
@flask_login.login_required @flask_login.login_required
def index(): def index():
try: if not flask_login.current_user.is_admin:
if not flask_login.current_user.is_admin: return flask.Response('forbidden', status=403, mimetype='text/plain')
return flask.Response('forbidden', status=403, mimetype='text/plain')
with db.locked(): with db.locked():
settings = db.read('settings') settings = db.read('settings')
if flask.request.method == 'POST':
if flask.request.method == 'POST': form = flask.request.form
form = flask.request.form for name, value in form.items():
for name, value in form.items(): if name in settings:
if name in settings: settings[name] = value
settings[name] = value db.write('settings', settings)
db.write('settings', settings) system.run(system.save_config)
system.run(system.save_config) return flask.redirect(flask.url_for('config.index'))
return flask.redirect(flask.url_for('config.index')) return flask.render_template('config/index.html', settings=settings)
return flask.render_template('config/index.html', settings=settings)
except TimeoutError:
return flask.render_template('busy.html')
except Exception as e:
return flask.Response(f'something went catastrophically wrong: {e}',
status=400, mimetype='text/plain')
@blueprint.route('/edit/<name>', methods=('GET', 'POST')) @blueprint.route('/edit/<name>', methods=('GET', 'POST'))
@flask_login.login_required @flask_login.login_required
def edit(name): def edit(name):
try: if not flask_login.current_user.is_admin:
if not flask_login.current_user.is_admin: return flask.Response('forbidden', status=403, mimetype='text/plain')
return flask.Response('forbidden', status=403, mimetype='text/plain') if flask.request.method == 'POST':
if flask.request.method == 'POST': form = flask.request.form
form = flask.request.form db.save(name, json.loads(form.get('text').replace('\r\n', '\n')))
db.save(name, json.loads(form.get('text').replace('\r\n', '\n'))) system.run(system.save_config)
system.run(system.save_config) content = json.dumps(db.load(name), indent=2)
content = json.dumps(db.load(name), indent=2) return flask.render_template('config/edit.html', **locals())
return flask.render_template('config/edit.html', **locals())
except TimeoutError:
return flask.render_template('busy.html')
except Exception as e:
return flask.Response(f'something went catastrophically wrong: {e}',
status=400, mimetype='text/plain')

37
web/nat.py
View file

@ -9,27 +9,18 @@ blueprint = flask.Blueprint('nat', __name__, url_prefix='/nat')
@blueprint.route('/', methods=('GET', 'POST')) @blueprint.route('/', methods=('GET', 'POST'))
@flask_login.login_required @flask_login.login_required
def index(): def index():
try: if not flask_login.current_user.is_admin:
if not flask_login.current_user.is_admin: return flask.Response('forbidden', status=403, mimetype='text/plain')
return flask.Response('forbidden', status=403, mimetype='text/plain')
with db.locked():
nat = { office: "" for office in db.read('networks') }
nat |= db.read('nat')
if flask.request.method == 'POST':
form = flask.request.form
for office, address in form.items():
if office in nat:
nat[office] = address
db.write('nat', nat)
system.run(system.save_config)
return flask.redirect(flask.url_for('nat.index'))
return flask.render_template('nat/index.html', nat=nat)
except TimeoutError:
return flask.render_template('busy.html')
except Exception as e:
return flask.Response(f'something went catastrophically wrong: {e}',
status=400, mimetype='text/plain')
with db.locked():
nat = { office: "" for office in db.read('networks') }
nat |= db.read('nat')
if flask.request.method == 'POST':
form = flask.request.form
for office, address in form.items():
if office in nat:
nat[office] = address
db.write('nat', nat)
system.run(system.save_config)
return flask.redirect(flask.url_for('nat.index'))
return flask.render_template('nat/index.html', nat=nat)

58
web/rules.py
View file

@ -9,29 +9,23 @@ blueprint = flask.Blueprint('rules', __name__, url_prefix='/rules')
@blueprint.route('/', methods=('GET', 'POST')) @blueprint.route('/', methods=('GET', 'POST'))
@flask_login.login_required @flask_login.login_required
def index(): def index():
try: if not flask_login.current_user.is_admin:
if not flask_login.current_user.is_admin: return flask.Response('forbidden', status=403, mimetype='text/plain')
return flask.Response('forbidden', status=403, mimetype='text/plain')
if flask.request.method == 'POST': if flask.request.method == 'POST':
with db.locked(): with db.locked():
rules = db.read('rules') rules = db.read('rules')
form = flask.request.form form = flask.request.form
oldrules = {rule['name']: rule for rule in rules} oldrules = {rule['name']: rule for rule in rules}
rules = [] rules = []
for index, name in sorted( for index, name in sorted(
zip(form.getlist('index'), form.getlist('name')), key=lambda e: int(e[0] or 0)): zip(form.getlist('index'), form.getlist('name')), key=lambda e: int(e[0] or 0)):
if index and name: if index and name:
rules.append(oldrules.get(name, {'name': name})) rules.append(oldrules.get(name, {'name': name}))
db.write('rules', rules) db.write('rules', rules)
system.run(system.save_config) system.run(system.save_config)
return flask.render_template('rules/index.html', rules=db.load('rules')) return flask.render_template('rules/index.html', rules=db.load('rules'))
except TimeoutError:
return flask.render_template('busy.html')
except Exception as e:
return flask.Response(f'something went catastrophically wrong: {e}',
status=400, mimetype='text/plain')
@blueprint.route('/edit/<int:index>', methods=('GET', 'POST')) @blueprint.route('/edit/<int:index>', methods=('GET', 'POST'))
@flask_login.login_required @flask_login.login_required
@ -53,11 +47,6 @@ def edit(index):
return flask.render_template('rules/edit.html', index=index, rule=db.load('rules')[index]) return flask.render_template('rules/edit.html', index=index, rule=db.load('rules')[index])
except IndexError as e: except IndexError as e:
return flask.Response(f'invalid rule: {index}', status=400, mimetype='text/plain') return flask.Response(f'invalid rule: {index}', status=400, mimetype='text/plain')
except TimeoutError:
return flask.render_template('busy.html')
except Exception as e:
return flask.Response(f'something went catastrophically wrong: {e}',
status=400, mimetype='text/plain')
def can_toggle(user, rule): def can_toggle(user, rule):
return user.is_admin or not user.groups.isdisjoint(rule.get('managers', ())) return user.is_admin or not user.groups.isdisjoint(rule.get('managers', ()))
@ -65,15 +54,9 @@ def can_toggle(user, rule):
@blueprint.route('/manage') @blueprint.route('/manage')
@flask_login.login_required @flask_login.login_required
def manage(): def manage():
try: rules = [rule|{'index': index} for index, rule in enumerate(db.load('rules'))
rules = [rule|{'index': index} for index, rule in enumerate(db.load('rules')) if can_toggle(flask_login.current_user, rule)]
if can_toggle(flask_login.current_user, rule)] return flask.render_template('rules/manage.html', rules=rules)
return flask.render_template('rules/manage.html', rules=rules)
except TimeoutError:
return flask.render_template('busy.html')
except Exception as e:
return flask.Response(f'something went catastrophically wrong: {e}',
status=400, mimetype='text/plain')
@blueprint.route('/toggle/<int:index>/<enable>') @blueprint.route('/toggle/<int:index>/<enable>')
@flask_login.login_required @flask_login.login_required
@ -89,8 +72,3 @@ def toggle(index, enable):
return flask.redirect(flask.url_for('rules.manage')) return flask.redirect(flask.url_for('rules.manage'))
except IndexError as e: except IndexError as e:
return flask.Response(f'invalid rule: {index}', status=400, mimetype='text/plain') return flask.Response(f'invalid rule: {index}', status=400, mimetype='text/plain')
except TimeoutError:
return flask.render_template('busy.html')
except Exception as e:
return flask.Response(f'something went catastrophically wrong: {e}',
status=400, mimetype='text/plain')

105
web/vpn.py
View file

@ -21,13 +21,8 @@ def index():
@blueprint.route('/list') @blueprint.route('/list')
@flask_login.login_required @flask_login.login_required
def list(): def list():
try: user = flask_login.current_user.get_id()
user = flask_login.current_user.get_id() return flask.jsonify({k: v for k, v in db.load('wireguard').items() if v.get('user') == user})
return flask.jsonify({k: v for k, v in db.load('wireguard').items() if v.get('user') == user})
except TimeoutError:
return flask.render_template('busy.html')
except Exception as e:
return flask.Response(f'failed: {e}', status=500, mimetype='text/plain')
@blueprint.route('/new', methods=('POST',)) @blueprint.route('/new', methods=('POST',))
@flask_login.login_required @flask_login.login_required
@ -36,52 +31,46 @@ def new():
if not re.match(wgkey_regex, pubkey): if not re.match(wgkey_regex, pubkey):
return flask.Response('invalid key', status=400, mimetype='text/plain') return flask.Response('invalid key', status=400, mimetype='text/plain')
try: settings = db.load('settings')
settings = db.load('settings') server_pubkey = subprocess.run([f'wg pubkey'], input=settings.get('wg_key'),
server_pubkey = subprocess.run([f'wg pubkey'], input=settings.get('wg_key'), text=True, capture_output=True, shell=True).stdout.strip()
text=True, capture_output=True, shell=True).stdout.strip()
host = ipaddress.ip_interface(settings.get('wg_net', '10.0.0.1/24')) host = ipaddress.ip_interface(settings.get('wg_net', '10.0.0.1/24'))
with db.locked(): with db.locked():
# Find a free address for the new key. # Find a free address for the new key.
ips = db.read('wireguard') ips = db.read('wireguard')
for ip in host.network.hosts(): for ip in host.network.hosts():
if ip != host.ip and str(ip) not in ips: if ip != host.ip and str(ip) not in ips:
break break
else: else:
return flask.Response('no more available IP addresses', status=500, mimetype='text/plain') return flask.Response('no more available IP addresses', status=500, mimetype='text/plain')
now = datetime.datetime.utcnow() now = datetime.datetime.utcnow()
name = re.sub('[^\w ]', '', flask.request.json.get('name', '')) name = re.sub('[^\w ]', '', flask.request.json.get('name', ''))
ips[str(ip)] = { ips[str(ip)] = {
'key': pubkey, 'key': pubkey,
'time': now.timestamp(), 'time': now.timestamp(),
'user': flask_login.current_user.get_id(), 'user': flask_login.current_user.get_id(),
'name': name,
}
db.write('wireguard', ips)
# Generate a new config archive for firewall nodes.
system.run(system.save_config)
# Template arguments.
args = {
'server': f'{settings.get("wg_endpoint")}',
'port': f'{settings.get("wg_port", 51820)}',
'server_key': server_pubkey,
'pubkey': pubkey,
'ip': str(ip),
'timestamp': now,
'name': name, 'name': name,
'add_default': flask.request.json.get('add_default', False),
'use_dns': flask.request.json.get('use_dns', True),
} }
return flask.render_template('vpn/wg-fri.conf', **args) db.write('wireguard', ips)
except TimeoutError:
return flask.render_template('busy.html') # Generate a new config archive for firewall nodes.
except Exception as e: system.run(system.save_config)
return flask.Response(f'something went catastrophically wrong: {e}',
status=400, mimetype='text/plain') # Template arguments.
args = {
'server': f'{settings.get("wg_endpoint")}',
'port': f'{settings.get("wg_port", 51820)}',
'server_key': server_pubkey,
'pubkey': pubkey,
'ip': str(ip),
'timestamp': now,
'name': name,
'add_default': flask.request.json.get('add_default', False),
'use_dns': flask.request.json.get('use_dns', True),
}
return flask.render_template('vpn/wg-fri.conf', **args)
@blueprint.route('/del', methods=('POST',)) @blueprint.route('/del', methods=('POST',))
@flask_login.login_required @flask_login.login_required
@ -90,17 +79,11 @@ def delete():
if not wgkey_regex.match(pubkey): if not wgkey_regex.match(pubkey):
return flask.Response('invalid key', status=400, mimetype='text/plain') return flask.Response('invalid key', status=400, mimetype='text/plain')
try: with db.locked():
with db.locked(): user = flask_login.current_user.get_id()
user = flask_login.current_user.get_id() ips = {k: v for k, v in db.read('wireguard').items() if v.get('user') != user or v.get('key') != pubkey}
ips = {k: v for k, v in db.read('wireguard').items() if v.get('user') != user or v.get('key') != pubkey} db.write('wireguard', ips)
db.write('wireguard', ips)
system.run(system.save_config) system.run(system.save_config)
return flask.Response(f'deleted key {pubkey}', status=200, mimetype='text/plain') return flask.Response(f'deleted key {pubkey}', status=200, mimetype='text/plain')
except TimeoutError:
return flask.render_template('busy.html')
except Exception as e:
return flask.Response(f'something went catastrophically wrong: {e}',
status=400, mimetype='text/plain')