80 lines
2.3 KiB
Python
80 lines
2.3 KiB
Python
import os
|
|
import syslog
|
|
import secrets
|
|
|
|
import flask
|
|
import flask_login
|
|
|
|
def create_app(test_config=None):
|
|
app = flask.Flask(__name__)
|
|
syslog.openlog('friwall')
|
|
|
|
# Ensure all required keys exist.
|
|
settings = {
|
|
'secret_key': secrets.token_hex(),
|
|
'ldap_host': '',
|
|
'ldap_user': '',
|
|
'ldap_pass': '',
|
|
'ldap_base_dn': '', # search for VPN users under this DN
|
|
'user_group': '', # limit VPN users to this LDAP group
|
|
'oidc_server': '',
|
|
'oidc_client_id': '',
|
|
'oidc_client_secret': '',
|
|
'admin_group': '', # OIDC group for admin access
|
|
'admin_mail': '', # where to report errors
|
|
'no_nat_set': '', # name of destination IP set for which no NAT should be done
|
|
'wg_endpoint': '',
|
|
'wg_port': '51820',
|
|
'wg_allowed_nets': '',
|
|
'wg_dns': '',
|
|
'wg_key': '',
|
|
'wg_net': '', # allocate wireguard IPv4 addresses from this prefix
|
|
'wg_net6': '', # allocate wireguard IPv6 addresses from this prefix
|
|
'version': 0,
|
|
}
|
|
|
|
from . import db
|
|
with db.locked():
|
|
settings |= db.read('settings')
|
|
db.write('settings', settings)
|
|
|
|
app.config['SECRET_KEY'] = settings.get('secret_key', '')
|
|
|
|
from . import auth
|
|
auth.init_app(app, settings)
|
|
|
|
from . import errors
|
|
errors.init_app(app)
|
|
|
|
from . import system
|
|
system.init_app(app)
|
|
|
|
from . import config
|
|
app.register_blueprint(config.blueprint, url_prefix='/config')
|
|
|
|
from . import ipsets
|
|
app.register_blueprint(ipsets.blueprint, url_prefix='/ipsets')
|
|
|
|
from . import rules
|
|
app.register_blueprint(rules.blueprint, url_prefix='/rules')
|
|
|
|
from . import vpn
|
|
app.register_blueprint(vpn.blueprint, url_prefix='/vpn')
|
|
|
|
@app.route('/')
|
|
@flask_login.login_required
|
|
def home():
|
|
return flask.render_template('index.html')
|
|
|
|
@app.route('/nodes')
|
|
@flask_login.login_required
|
|
def nodes():
|
|
if not flask_login.current_user.is_admin:
|
|
return flask.Response('forbidden', status=403, mimetype='text/plain')
|
|
with db.locked('nodes'):
|
|
version = db.load('settings').get('version')
|
|
nodes = db.read('nodes')
|
|
return flask.render_template('nodes.html', version=version, nodes=nodes)
|
|
|
|
return app
|