friwall/web/__init__.py

106 lines
3.1 KiB
Python

import os
import syslog
import secrets
import flask
import flask_ldap3_login
import flask_login
def create_app(test_config=None):
app = flask.Flask(__name__)
syslog.openlog('friwall')
# Ensure all required keys exist.
settings = {
'secret_key': secrets.token_hex(),
'ldap_host': '',
'ldap_port': '636',
'ldap_user': '',
'ldap_pass': '',
'ldap_admin': '',
'ldap_base_dn': '',
'ldap_user_dn': '',
'ldap_login_attr': 'userPrincipalName',
'admin_mail': '',
'wg_endpoint': '',
'wg_port': '51820',
'wg_key': '',
'wg_net': '',
'version': 0,
}
from . import db
with db.locked():
settings |= db.read('settings')
db.write('settings', settings)
app.config['SECRET_KEY'] = settings.get('secret_key', '')
app.config['LDAP_USE_SSL'] = True
app.config['LDAP_HOST'] = settings.get('ldap_host', '')
app.config['LDAP_PORT'] = int(settings.get('ldap_port', '636'))
app.config['LDAP_BASE_DN'] = settings.get('ldap_base_dn', '')
app.config['LDAP_USER_DN'] = settings.get('ldap_user_dn', '')
app.config['LDAP_BIND_USER_DN'] = settings.get('ldap_user', '')
app.config['LDAP_BIND_USER_PASSWORD'] = settings.get('ldap_pass', '')
app.config['LDAP_USER_LOGIN_ATTR'] = settings.get('ldap_login_attr', 'userPrincipalName')
app.config['LDAP_USER_SEARCH_SCOPE'] = 'SUBTREE'
from . import auth
app.register_blueprint(auth.blueprint)
from . import config
app.register_blueprint(config.blueprint)
from . import nat
app.register_blueprint(nat.blueprint)
from . import rules
app.register_blueprint(rules.blueprint)
from . import vpn
app.register_blueprint(vpn.blueprint)
from . import system
system.init_app(app)
login_manager = flask_login.LoginManager(app)
ldap_manager = flask_ldap3_login.LDAP3LoginManager(app)
users = {}
@login_manager.user_loader
def load_user(id):
return users.get(id)
@ldap_manager.save_user
def save_user(dn, username, data, memberships):
user = auth.User(dn, username, data)
users[dn] = user
return user
@login_manager.unauthorized_handler
def unauth_handler():
return flask.redirect(flask.url_for('auth.login', next=flask.request.endpoint))
@app.route('/')
@flask_login.login_required
def home():
return flask.render_template('index.html')
@app.route('/nodes')
@flask_login.login_required
def nodes():
try:
if not flask_login.current_user.is_admin:
return flask.Response('forbidden', status=403, mimetype='text/plain')
with db.locked('nodes'):
version = db.load('settings').get('version')
nodes = db.read('nodes')
return flask.render_template('nodes.html', version=version, nodes=nodes)
except TimeoutError:
return flask.render_template('busy.html')
except Exception as e:
return flask.Response(f'something went catastrophically wrong: {e}',
status=400, mimetype='text/plain')
return app