import os import syslog import secrets import flask import flask_login def create_app(test_config=None): app = flask.Flask(__name__) syslog.openlog('friwall') # Ensure all required keys exist. settings = { 'secret_key': secrets.token_hex(), 'ldap_host': '', 'ldap_user': '', 'ldap_pass': '', 'ldap_base_dn': '', # search for VPN users under this DN 'user_group': '', # limit VPN users to this LDAP group 'oidc_server': '', 'oidc_client_id': '', 'oidc_client_secret': '', 'admin_group': '', # OIDC group for admin access 'admin_mail': '', # where to report errors 'no_nat_set': '', # name of destination IP set for which no NAT should be done 'wg_endpoint': '', 'wg_port': '51820', 'wg_allowed_nets': '', 'wg_dns': '', 'wg_key': '', 'wg_net': '', # allocate wireguard IPv4 addresses from this prefix 'wg_net6': '', # allocate wireguard IPv6 addresses from this prefix 'version': 0, } from . import db with db.locked(): settings |= db.read('settings') db.write('settings', settings) app.config['SECRET_KEY'] = settings.get('secret_key', '') from . import auth auth.init_app(app, settings) from . import errors errors.init_app(app) from . import system system.init_app(app) from . import config app.register_blueprint(config.blueprint, url_prefix='/config') from . import ipsets app.register_blueprint(ipsets.blueprint, url_prefix='/ipsets') from . import rules app.register_blueprint(rules.blueprint, url_prefix='/rules') from . import vpn app.register_blueprint(vpn.blueprint, url_prefix='/vpn') @app.route('/') @flask_login.login_required def home(): return flask.render_template('index.html') @app.route('/nodes') @flask_login.login_required def nodes(): if not flask_login.current_user.is_admin: return flask.Response('forbidden', status=403, mimetype='text/plain') with db.locked('nodes'): version = db.load('settings').get('version') nodes = db.read('nodes') return flask.render_template('nodes.html', version=version, nodes=nodes) return app