def ipv4_rule(): net_ranges = get_user_nets(session['user_id']) form = IPv4Form(request.form) # add values to form instance form.action.choices = get_user_actions(session['user_role_ids']) form.net_ranges = net_ranges if request.method == 'POST' and form.validate(): model = get_ipv4_model_if_exists(form.data, 1) if model: model.expires = round_to_ten_minutes(webpicker_to_datetime(form.expires.data)) flash_message = u'Existing IPv4 Rule found. Expiration time was updated to new value.' else: model = Flowspec4( source=form.source.data, source_mask=form.source_mask.data, source_port=form.source_port.data, destination=form.dest.data, destination_mask=form.dest_mask.data, destination_port=form.dest_port.data, protocol=form.protocol.data, flags=";".join(form.flags.data), packet_len=form.packet_len.data, expires=round_to_ten_minutes(webpicker_to_datetime(form.expires.data)), comment=quote_to_ent(form.comment.data), action_id=form.action.data, user_id=session['user_id'], rstate_id=get_state_by_time(webpicker_to_datetime(form.expires.data)) ) flash_message = u'IPv4 Rule saved' db.session.add(model) db.session.commit() flash(flash_message, 'alert-success') # announce route if model is in active state if model.rstate_id == 1: route = messages.create_ipv4(model, constants.ANNOUNCE) announce_route(route) # log changes log_route(session['user_id'], model, RULE_TYPES['IPv4']) return redirect(url_for('index')) else: for field, errors in form.errors.items(): for error in errors: print(u"Error in the %s field - %s" % ( getattr(form, field).label.text, error )) default_expires = datetime.now() + timedelta(days=7) form.expires.data = datetime_to_webpicker(default_expires) return render_template('forms/ipv4_rule.j2', form=form, action_url=url_for('rules.ipv4_rule'))
def create_ipv4(current_user): """ Api method for new IPv4 rule :param data: parsed json request :param current_user: data from jwt token :return: json response """ net_ranges = get_user_nets(current_user['id']) json_request_data = request.get_json() form = IPv4Form(data=json_request_data, meta={'csrf': False}) # add values to form instance form.action.choices = get_user_actions(current_user['role_ids']) form.net_ranges = net_ranges # if the form is not valid, we should return 404 with errors if not form.validate(): form_errors = get_form_errors(form) if form_errors: return jsonify(form_errors), 400 model = get_ipv4_model_if_exists(form.data, 1) if model: model.expires, pref_format = parse_api_time(form.expires.data) flash_message = u'Existing IPv4 Rule found. Expiration time was updated to new value.' else: expires, pref_format = parse_api_time(form.expires.data) model = Flowspec4(source=form.source.data, source_mask=form.source_mask.data, source_port=form.source_port.data, destination=form.dest.data, destination_mask=form.dest_mask.data, destination_port=form.dest_port.data, protocol=form.protocol.data, flags=";".join(form.flags.data), packet_len=form.packet_len.data, expires=expires, comment=quote_to_ent(form.comment.data), action_id=form.action.data, user_id=current_user['id'], rstate_id=get_state_by_time(expires)) flash_message = u'IPv4 Rule saved' db.session.add(model) db.session.commit() # announce route if model is in active state if model.rstate_id == 1: route = messages.create_ipv4(model, ANNOUNCE) announce_route(route) # log changes log_route(current_user['id'], model, RULE_TYPES['IPv4']) pref_format = output_date_format(json_request_data, pref_format) return jsonify({ 'message': flash_message, 'rule': model.to_dict(pref_format) }), 201
def all_actions(current_user): """ Returns Actions allowed for current user :param current_user: :return: json response """ actions = get_user_actions(current_user["role_ids"]) if actions: return jsonify(actions) else: return jsonify({"message": "no actions for this user?"}), 404
def create_user_response(rtype, rstate, rules, sort_key, sort_order, search_query="", count_match=COUNT_MATCH): """ Filter out the rules for normal users :param rules: :param rstate: :return: """ net_ranges = models.get_user_nets(session['user_id']) if rtype == 'rtbh': rules_editable, read_only_rules = validators.split_rtbh_rules_for_user( net_ranges, rules) else: user_rules, read_only_rules = validators.split_rules_for_user( net_ranges, rules) user_actions = models.get_user_actions(session['user_role_ids']) user_actions = [act[0] for act in user_actions] rules_editable, rules_visible = flowspec.filter_rules_action( user_actions, user_rules) read_only_rules = read_only_rules + rules_visible # we don't want the read only rules if they are not active if rstate != 'active': read_only_rules = [] res = make_response( render_template('pages/dashboard_user.j2', table_title=RULE_TYPE_DISPATCH[rtype]['title'], button_colspan=COLSPANS[rtype], rules_columns=RULE_TYPE_DISPATCH[rtype]['columns'], rules_editable=rules_editable, rules_visible=read_only_rules, css_classes=active_css_rstate(rtype, rstate), sort_order=sort_order, sort_key=sort_key, search_query=search_query, count_match=count_match, rstate=rstate, rtype=rtype, rtype_int=RULE_TYPES[rtype], today=datetime.now())) encoded = create_rules_payload(rules_editable, rtype) return res, encoded
def index(current_user, key_map): prefered_tf = (request.args.get(TIME_FORMAT_ARG) if request.args.get(TIME_FORMAT_ARG) else "") net_ranges = get_user_nets(current_user["id"]) rules4 = db.session.query(Flowspec4).order_by( Flowspec4.expires.desc()).all() rules6 = db.session.query(Flowspec6).order_by( Flowspec6.expires.desc()).all() rules_rtbh = db.session.query(RTBH).order_by(RTBH.expires.desc()).all() # admin can see and edit any rules if 3 in current_user["role_ids"]: payload = { key_map["ipv4_rules"]: [rule.to_dict(prefered_tf) for rule in rules4], key_map["ipv6_rules"]: [rule.to_dict(prefered_tf) for rule in rules6], key_map["rtbh_rules"]: [rule.to_dict(prefered_tf) for rule in rules_rtbh], } return jsonify(payload) # filter out the rules for normal users else: rules4 = validators.filter_rules_in_network(net_ranges, rules4) rules6 = validators.filter_rules_in_network(net_ranges, rules6) rules_rtbh = validators.filter_rtbh_rules(net_ranges, rules_rtbh) user_actions = get_user_actions(current_user["role_ids"]) user_actions = [act[0] for act in user_actions] rules4_editable, rules4_visible = flowspec.filter_rules_action( user_actions, rules4) rules6_editable, rules6_visible = flowspec.filter_rules_action( user_actions, rules6) payload = { key_map["ipv4_rules"]: [rule.to_dict(prefered_tf) for rule in rules4_editable], key_map["ipv6_rules"]: [rule.to_dict(prefered_tf) for rule in rules6_editable], key_map["ipv4_rules_readonly"]: [rule.to_dict(prefered_tf) for rule in rules4_visible], key_map["ipv6_rules_readonly"]: [rule.to_dict(prefered_tf) for rule in rules6_visible], key_map["rtbh_rules"]: [rule.to_dict(prefered_tf) for rule in rules_rtbh], } return jsonify(payload)
def create_ipv6(current_user): """ Create new IPv6 rule :param data: parsed json request :param current_user: data from jwt token :return: """ net_ranges = get_user_nets(current_user["id"]) json_request_data = request.get_json() form = IPv6Form(data=json_request_data, meta={"csrf": False}) form.action.choices = get_user_actions(current_user["role_ids"]) form.net_ranges = net_ranges if not form.validate(): form_errors = get_form_errors(form) if form_errors: return jsonify(form_errors), 400 model = get_ipv6_model_if_exists(form.data, 1) if model: model.expires, pref_format = parse_api_time(form.expires.data) flash_message = ( u"Existing IPv6 Rule found. Expiration time was updated to new value." ) else: expires, pref_format = parse_api_time(form.expires.data) model = Flowspec6( source=form.source.data, source_mask=form.source_mask.data, source_port=form.source_port.data, destination=form.dest.data, destination_mask=form.dest_mask.data, destination_port=form.dest_port.data, next_header=form.next_header.data, flags=";".join(form.flags.data), packet_len=form.packet_len.data, expires=expires, comment=quote_to_ent(form.comment.data), action_id=form.action.data, user_id=current_user["id"], rstate_id=get_state_by_time(expires), ) flash_message = u"IPv6 Rule saved" db.session.add(model) db.session.commit() # announce routes if model.rstate_id == 1: route = messages.create_ipv6(model, ANNOUNCE) announce_route(route) # log changes log_route( current_user["id"], model, RULE_TYPES["IPv6"], "{} / {}".format(current_user["uuid"], current_user["org"]), ) pref_format = output_date_format(json_request_data, pref_format) return jsonify({ "message": flash_message, "rule": model.to_dict(pref_format) }), 201