Consolidate error handling

Do or do not; there is no try. With some exceptions.
2023-07-12 14:18:31 +02:00 · 2023-07-12 14:18:31 +02:00 · a5df435931
parent 8c824fe9e6
commit a5df435931
5 changed files with 106 additions and 159 deletions
--- a/web/init.py
+++ b/web/init.py
@ -81,6 +81,15 @@ def create_app(test_config=None):
    def unauth_handler():
        return flask.redirect(flask.url_for('auth.login', next=flask.request.endpoint))

+    @app.errorhandler(TimeoutError)
+    def timeout_error(e):
+        return flask.render_template('busy.html')
+
+    @app.errorhandler(Exception)
+    def internal_server_error(e):
+        return flask.Response(f'something went catastrophically wrong: {e}',
+                status=500, mimetype='text/plain')
+
    @app.route('/')
    @flask_login.login_required
    def home():
--- a/web/config.py
+++ b/web/config.py
@ -11,43 +11,29 @@ blueprint = flask.Blueprint('config', __name__, url_prefix='/config')
@blueprint.route('/', methods=('GET', 'POST'))
@flask_login.login_required
 def index():
-    try:
-        if not flask_login.current_user.is_admin:
-            return flask.Response('forbidden', status=403, mimetype='text/plain')
+    if not flask_login.current_user.is_admin:
+        return flask.Response('forbidden', status=403, mimetype='text/plain')

-        with db.locked():
-            settings = db.read('settings')
-
-            if flask.request.method == 'POST':
-                form = flask.request.form
-                for name, value in form.items():
-                    if name in settings:
-                        settings[name] = value
-                    db.write('settings', settings)
-                system.run(system.save_config)
-                return flask.redirect(flask.url_for('config.index'))
-
-            return flask.render_template('config/index.html', settings=settings)
-    except TimeoutError:
-        return flask.render_template('busy.html')
-    except Exception as e:
-        return flask.Response(f'something went catastrophically wrong: {e}',
-                status=400, mimetype='text/plain')
+    with db.locked():
+        settings = db.read('settings')
+        if flask.request.method == 'POST':
+            form = flask.request.form
+            for name, value in form.items():
+                if name in settings:
+                    settings[name] = value
+                db.write('settings', settings)
+            system.run(system.save_config)
+            return flask.redirect(flask.url_for('config.index'))
+        return flask.render_template('config/index.html', settings=settings)

@blueprint.route('/edit/<name>', methods=('GET', 'POST'))
@flask_login.login_required
 def edit(name):
-    try:
-        if not flask_login.current_user.is_admin:
-            return flask.Response('forbidden', status=403, mimetype='text/plain')
-        if flask.request.method == 'POST':
-            form = flask.request.form
-            db.save(name, json.loads(form.get('text').replace('\r\n', '\n')))
-            system.run(system.save_config)
-        content = json.dumps(db.load(name), indent=2)
-        return flask.render_template('config/edit.html', **locals())
-    except TimeoutError:
-        return flask.render_template('busy.html')
-    except Exception as e:
-        return flask.Response(f'something went catastrophically wrong: {e}',
-                status=400, mimetype='text/plain')
+    if not flask_login.current_user.is_admin:
+        return flask.Response('forbidden', status=403, mimetype='text/plain')
+    if flask.request.method == 'POST':
+        form = flask.request.form
+        db.save(name, json.loads(form.get('text').replace('\r\n', '\n')))
+        system.run(system.save_config)
+    content = json.dumps(db.load(name), indent=2)
+    return flask.render_template('config/edit.html', **locals())
--- a/web/nat.py
+++ b/web/nat.py
@ -9,27 +9,18 @@ blueprint = flask.Blueprint('nat', __name__, url_prefix='/nat')
@blueprint.route('/', methods=('GET', 'POST'))
@flask_login.login_required
 def index():
-    try:
-        if not flask_login.current_user.is_admin:
-            return flask.Response('forbidden', status=403, mimetype='text/plain')
-
-        with db.locked():
-            nat = { office: "" for office in db.read('networks') }
-            nat |= db.read('nat')
-
-            if flask.request.method == 'POST':
-                form = flask.request.form
-                for office, address in form.items():
-                    if office in nat:
-                        nat[office] = address
-                db.write('nat', nat)
-                system.run(system.save_config)
-                return flask.redirect(flask.url_for('nat.index'))
-
-            return flask.render_template('nat/index.html', nat=nat)
-    except TimeoutError:
-        return flask.render_template('busy.html')
-    except Exception as e:
-        return flask.Response(f'something went catastrophically wrong: {e}',
-                status=400, mimetype='text/plain')
+    if not flask_login.current_user.is_admin:
+        return flask.Response('forbidden', status=403, mimetype='text/plain')

+    with db.locked():
+        nat = { office: "" for office in db.read('networks') }
+        nat |= db.read('nat')
+        if flask.request.method == 'POST':
+            form = flask.request.form
+            for office, address in form.items():
+                if office in nat:
+                    nat[office] = address
+            db.write('nat', nat)
+            system.run(system.save_config)
+            return flask.redirect(flask.url_for('nat.index'))
+        return flask.render_template('nat/index.html', nat=nat)
--- a/web/rules.py
+++ b/web/rules.py
@ -9,29 +9,23 @@ blueprint = flask.Blueprint('rules', __name__, url_prefix='/rules')
@blueprint.route('/', methods=('GET', 'POST'))
@flask_login.login_required
 def index():
-    try:
-        if not flask_login.current_user.is_admin:
-            return flask.Response('forbidden', status=403, mimetype='text/plain')
+    if not flask_login.current_user.is_admin:
+        return flask.Response('forbidden', status=403, mimetype='text/plain')

-        if flask.request.method == 'POST':
-            with db.locked():
-                rules = db.read('rules')
-                form = flask.request.form
-                oldrules = {rule['name']: rule for rule in rules}
-                rules = []
-                for index, name in sorted(
-                        zip(form.getlist('index'), form.getlist('name')), key=lambda e: int(e[0] or 0)):
-                    if index and name:
-                        rules.append(oldrules.get(name, {'name': name}))
-                db.write('rules', rules)
-            system.run(system.save_config)
+    if flask.request.method == 'POST':
+        with db.locked():
+            rules = db.read('rules')
+            form = flask.request.form
+            oldrules = {rule['name']: rule for rule in rules}
+            rules = []
+            for index, name in sorted(
+                    zip(form.getlist('index'), form.getlist('name')), key=lambda e: int(e[0] or 0)):
+                if index and name:
+                    rules.append(oldrules.get(name, {'name': name}))
+            db.write('rules', rules)
+        system.run(system.save_config)

-        return flask.render_template('rules/index.html', rules=db.load('rules'))
-    except TimeoutError:
-        return flask.render_template('busy.html')
-    except Exception as e:
-        return flask.Response(f'something went catastrophically wrong: {e}',
-                status=400, mimetype='text/plain')
+    return flask.render_template('rules/index.html', rules=db.load('rules'))

@blueprint.route('/edit/<int:index>', methods=('GET', 'POST'))
@flask_login.login_required
@ -53,11 +47,6 @@ def edit(index):
        return flask.render_template('rules/edit.html', index=index, rule=db.load('rules')[index])
    except IndexError as e:
        return flask.Response(f'invalid rule: {index}', status=400, mimetype='text/plain')
-    except TimeoutError:
-        return flask.render_template('busy.html')
-    except Exception as e:
-        return flask.Response(f'something went catastrophically wrong: {e}',
-                status=400, mimetype='text/plain')

 def can_toggle(user, rule):
    return user.is_admin or not user.groups.isdisjoint(rule.get('managers', ()))
@ -65,15 +54,9 @@ def can_toggle(user, rule):
@blueprint.route('/manage')
@flask_login.login_required
 def manage():
-    try:
-        rules = [rule|{'index': index} for index, rule in enumerate(db.load('rules'))
-                 if can_toggle(flask_login.current_user, rule)]
-        return flask.render_template('rules/manage.html', rules=rules)
-    except TimeoutError:
-        return flask.render_template('busy.html')
-    except Exception as e:
-        return flask.Response(f'something went catastrophically wrong: {e}',
-                status=400, mimetype='text/plain')
+    rules = [rule|{'index': index} for index, rule in enumerate(db.load('rules'))
+                if can_toggle(flask_login.current_user, rule)]
+    return flask.render_template('rules/manage.html', rules=rules)

@blueprint.route('/toggle/<int:index>/<enable>')
@flask_login.login_required
@ -89,8 +72,3 @@ def toggle(index, enable):
        return flask.redirect(flask.url_for('rules.manage'))
    except IndexError as e:
        return flask.Response(f'invalid rule: {index}', status=400, mimetype='text/plain')
-    except TimeoutError:
-        return flask.render_template('busy.html')
-    except Exception as e:
-        return flask.Response(f'something went catastrophically wrong: {e}',
-                status=400, mimetype='text/plain')
--- a/web/vpn.py
+++ b/web/vpn.py
@ -21,13 +21,8 @@ def index():
@blueprint.route('/list')
@flask_login.login_required
 def list():
-    try:
-        user = flask_login.current_user.get_id()
-        return flask.jsonify({k: v for k, v in db.load('wireguard').items() if v.get('user') == user})
-    except TimeoutError:
-        return flask.render_template('busy.html')
-    except Exception as e:
-        return flask.Response(f'failed: {e}', status=500, mimetype='text/plain')
+    user = flask_login.current_user.get_id()
+    return flask.jsonify({k: v for k, v in db.load('wireguard').items() if v.get('user') == user})

@blueprint.route('/new', methods=('POST',))
@flask_login.login_required
@ -36,52 +31,46 @@ def new():
    if not re.match(wgkey_regex, pubkey):
        return flask.Response('invalid key', status=400, mimetype='text/plain')

-    try:
-        settings = db.load('settings')
-        server_pubkey = subprocess.run([f'wg pubkey'], input=settings.get('wg_key'),
-                text=True, capture_output=True, shell=True).stdout.strip()
+    settings = db.load('settings')
+    server_pubkey = subprocess.run([f'wg pubkey'], input=settings.get('wg_key'),
+            text=True, capture_output=True, shell=True).stdout.strip()

-        host = ipaddress.ip_interface(settings.get('wg_net', '10.0.0.1/24'))
-        with db.locked():
-            # Find a free address for the new key.
-            ips = db.read('wireguard')
-            for ip in host.network.hosts():
-                if ip != host.ip and str(ip) not in ips:
-                    break
-            else:
-                return flask.Response('no more available IP addresses', status=500, mimetype='text/plain')
-            now = datetime.datetime.utcnow()
-            name = re.sub('[^\w ]', '', flask.request.json.get('name', ''))
+    host = ipaddress.ip_interface(settings.get('wg_net', '10.0.0.1/24'))
+    with db.locked():
+        # Find a free address for the new key.
+        ips = db.read('wireguard')
+        for ip in host.network.hosts():
+            if ip != host.ip and str(ip) not in ips:
+                break
+        else:
+            return flask.Response('no more available IP addresses', status=500, mimetype='text/plain')
+        now = datetime.datetime.utcnow()
+        name = re.sub('[^\w ]', '', flask.request.json.get('name', ''))

-            ips[str(ip)] = {
-                'key': pubkey,
-                'time': now.timestamp(),
-                'user': flask_login.current_user.get_id(),
-                'name': name,
-            }
-            db.write('wireguard', ips)
-
-        # Generate a new config archive for firewall nodes.
-        system.run(system.save_config)
-
-        # Template arguments.
-        args = {
-            'server': f'{settings.get("wg_endpoint")}',
-            'port': f'{settings.get("wg_port", 51820)}',
-            'server_key': server_pubkey,
-            'pubkey': pubkey,
-            'ip': str(ip),
-            'timestamp': now,
+        ips[str(ip)] = {
+            'key': pubkey,
+            'time': now.timestamp(),
+            'user': flask_login.current_user.get_id(),
            'name': name,
-            'add_default': flask.request.json.get('add_default', False),
-            'use_dns': flask.request.json.get('use_dns', True),
        }
-        return flask.render_template('vpn/wg-fri.conf', **args)
-    except TimeoutError:
-        return flask.render_template('busy.html')
-    except Exception as e:
-        return flask.Response(f'something went catastrophically wrong: {e}',
-                status=400, mimetype='text/plain')
+        db.write('wireguard', ips)
+
+    # Generate a new config archive for firewall nodes.
+    system.run(system.save_config)
+
+    # Template arguments.
+    args = {
+        'server': f'{settings.get("wg_endpoint")}',
+        'port': f'{settings.get("wg_port", 51820)}',
+        'server_key': server_pubkey,
+        'pubkey': pubkey,
+        'ip': str(ip),
+        'timestamp': now,
+        'name': name,
+        'add_default': flask.request.json.get('add_default', False),
+        'use_dns': flask.request.json.get('use_dns', True),
+    }
+    return flask.render_template('vpn/wg-fri.conf', **args)

@blueprint.route('/del', methods=('POST',))
@flask_login.login_required
@ -90,17 +79,11 @@ def delete():
    if not wgkey_regex.match(pubkey):
        return flask.Response('invalid key', status=400, mimetype='text/plain')

-    try:
-        with db.locked():
-            user = flask_login.current_user.get_id()
-            ips = {k: v for k, v in db.read('wireguard').items() if v.get('user') != user or v.get('key') != pubkey}
-            db.write('wireguard', ips)
+    with db.locked():
+        user = flask_login.current_user.get_id()
+        ips = {k: v for k, v in db.read('wireguard').items() if v.get('user') != user or v.get('key') != pubkey}
+        db.write('wireguard', ips)

-        system.run(system.save_config)
+    system.run(system.save_config)

-        return flask.Response(f'deleted key {pubkey}', status=200, mimetype='text/plain')
-    except TimeoutError:
-        return flask.render_template('busy.html')
-    except Exception as e:
-        return flask.Response(f'something went catastrophically wrong: {e}',
-                status=400, mimetype='text/plain')
+    return flask.Response(f'deleted key {pubkey}', status=200, mimetype='text/plain')