Fixed permissions and referrers
This commit is contained in:
@ -26,6 +26,15 @@ def health():
|
||||
return jsonify(dict(status="OK", version=current_app.config['APP_VERSION']))
|
||||
|
||||
|
||||
@main_blueprint.route('/token', methods=['GET', 'POST'])
|
||||
@auth.authorize_admins('default')
|
||||
def token():
|
||||
user_session = UserSession(session)
|
||||
return jsonify(access_token=user_session.access_token,
|
||||
id_token=user_session.id_token,
|
||||
userinfo=user_session.userinfo)
|
||||
|
||||
|
||||
@main_blueprint.route('/', methods=['GET', 'POST'])
|
||||
@auth.access_control('default')
|
||||
def index():
|
||||
@ -34,17 +43,8 @@ def index():
|
||||
userNodeList = [n for n in Node().list().nodes if n.user.name == hs_user]
|
||||
return render_template('index.html',
|
||||
userNodeList=userNodeList,
|
||||
session=user_session)
|
||||
|
||||
|
||||
@main_blueprint.route('/token', methods=['GET', 'POST'])
|
||||
@auth.authorize_admins('default')
|
||||
def token():
|
||||
user_session = UserSession(session)
|
||||
# return jsonify(user_session.userinfo)
|
||||
return jsonify(access_token=user_session.access_token,
|
||||
id_token=user_session.id_token,
|
||||
userinfo=user_session.userinfo)
|
||||
session=user_session,
|
||||
auth=auth)
|
||||
|
||||
|
||||
@main_blueprint.route('/logout')
|
||||
@ -62,12 +62,14 @@ def nodes():
|
||||
|
||||
|
||||
@main_blueprint.route('/node/<int:nodeId>', methods=['GET'])
|
||||
@auth.authorize_admins('default')
|
||||
@auth.access_control('default')
|
||||
def node(nodeId):
|
||||
# There is a bug in HS api with retrieving a single node
|
||||
# and we added a workaround to hsapi, so node.get() returns a
|
||||
# v1Node object instead of v1NodeResponse, so we access directly
|
||||
# `node`, instead of `node.node`
|
||||
if not auth.userOrAdmin(auth.username):
|
||||
return auth.unathorized
|
||||
node = Node().get(nodeId)
|
||||
routes = Node().routes(nodeId)
|
||||
isExitNode = any(
|
||||
|
||||
@ -4,7 +4,7 @@ from flask import Blueprint, request
|
||||
from flask import redirect, url_for
|
||||
from app import auth
|
||||
|
||||
from ..lib import login_name, username
|
||||
# from ..lib import login_name, username
|
||||
|
||||
from flask import jsonify
|
||||
|
||||
@ -35,86 +35,46 @@ def routeToggle(routeId: int):
|
||||
action = 'enabled'
|
||||
log.info(
|
||||
f"route '{route.prefix}' via '{route.node.givenName}'"
|
||||
f"{action} by '{username()}'")
|
||||
return redirect(url_for("main.routes"))
|
||||
f"{action} by '{auth.username}'")
|
||||
return redirect(request.referrer)
|
||||
|
||||
|
||||
@rest_blueprint.route('/node/<int:nodeId>/expire', methods=['GET'])
|
||||
@auth.authorize_admins('default')
|
||||
@auth.access_control('default')
|
||||
def expireNode(nodeId: int):
|
||||
"""
|
||||
This expires a node from the node page.
|
||||
The difference from above is that it returns to the /node/nodeId page
|
||||
"""
|
||||
Node().expire(nodeId)
|
||||
log.info(f"node '{nodeId}' expired by '{username()}'")
|
||||
return redirect(url_for("main.node", nodeId=nodeId))
|
||||
|
||||
|
||||
@rest_blueprint.route('/node/<int:nodeId>/user-expire', methods=['GET'])
|
||||
@auth.authorize_admins('default')
|
||||
def expireNodeUser(nodeId: int):
|
||||
"""
|
||||
This expires a node from the node page.
|
||||
The difference from above is that it returns to the /node/nodeId page
|
||||
"""
|
||||
node = Node().get(nodeId)
|
||||
userName = node.user.name
|
||||
if not auth.userOrAdmin(node.user.name):
|
||||
return auth.unathorized
|
||||
Node().expire(nodeId)
|
||||
log.info(f"node '{nodeId}' expired by '{username()}'")
|
||||
return redirect(url_for("main.user", userName=userName))
|
||||
log.info(f"node '{nodeId}' expired by '{auth.username}'")
|
||||
return redirect(request.referrer)
|
||||
|
||||
|
||||
@rest_blueprint.route('/node/<int:nodeId>/list-expire', methods=['GET'])
|
||||
@auth.authorize_admins('default')
|
||||
def expireNodeList(nodeId: int):
|
||||
"""
|
||||
This expires a node from the node list.
|
||||
The difference from above is that it returns to the /nodes page
|
||||
"""
|
||||
Node().expire(nodeId)
|
||||
log.info(f"node '{nodeId}' expired by '{username()}'")
|
||||
return redirect(url_for("main.nodes"))
|
||||
|
||||
|
||||
@ rest_blueprint.route('/node/<int:nodeId>/delete', methods=['GET'])
|
||||
@ auth.authorize_admins('default')
|
||||
@rest_blueprint.route('/node/<int:nodeId>/delete', methods=['GET'])
|
||||
@auth.access_control('default')
|
||||
def deleteNode(nodeId: int):
|
||||
Node().delete(nodeId)
|
||||
log.info(f"node '{nodeId}' deleted by '{username()}'")
|
||||
return redirect(url_for("main.nodes"))
|
||||
|
||||
|
||||
@rest_blueprint.route('/node/<int:nodeId>/delete-own', methods=['GET'])
|
||||
@auth.access_control('default')
|
||||
def deleteOwnNode(nodeId: int):
|
||||
node = Node().get(nodeId)
|
||||
if node.user.name != username():
|
||||
response = jsonify({'message': 'not authorized'})
|
||||
return response, 401
|
||||
if not auth.userOrAdmin(node.user.name):
|
||||
return auth.unathorized
|
||||
Node().expire(nodeId)
|
||||
Node().delete(nodeId)
|
||||
log.info(f"'{username()}' delete their own node '{nodeId}'")
|
||||
return redirect(url_for("main.index"))
|
||||
log.info(f"node '{nodeId}' deleted by '{auth.username}'")
|
||||
return redirect(request.referrer)
|
||||
|
||||
|
||||
@rest_blueprint.route('/node/<int:nodeId>/delete-user', methods=['GET'])
|
||||
@auth.access_control('default')
|
||||
def deleteNodeUser(nodeId: int):
|
||||
node = Node().get(nodeId)
|
||||
Node().delete(nodeId)
|
||||
log.info(f"'{username()}' delete their own node '{nodeId}'")
|
||||
return redirect(url_for("main.user", userName=node.user.name))
|
||||
|
||||
|
||||
@ rest_blueprint.route('/node/<int:nodeId>/rename/<newName>', methods=['GET'])
|
||||
@ auth.authorize_admins('default')
|
||||
@rest_blueprint.route('/node/<int:nodeId>/rename/<newName>', methods=['GET'])
|
||||
@auth.authorize_admins('default')
|
||||
def renameNode(nodeId: int, newName: str):
|
||||
Node().rename(nodeId, newName)
|
||||
return jsonify(dict(newName=newName))
|
||||
|
||||
|
||||
@ rest_blueprint.route('/user/<userName>/delete', methods=['GET'])
|
||||
@ auth.authorize_admins('default')
|
||||
@rest_blueprint.route('/user/<userName>/delete', methods=['GET'])
|
||||
@auth.authorize_admins('default')
|
||||
def deleteUser(userName: str):
|
||||
nodes = Node().byUser(userName)
|
||||
for node in nodes.nodes:
|
||||
@ -124,8 +84,8 @@ def deleteUser(userName: str):
|
||||
return redirect(url_for("main.users"))
|
||||
|
||||
|
||||
@ rest_blueprint.route('/user/<userName>/pakcreate', methods=['POST'])
|
||||
@ auth.authorize_admins('default')
|
||||
@rest_blueprint.route('/user/<userName>/pakcreate', methods=['POST'])
|
||||
@auth.authorize_admins('default')
|
||||
def createPKA(userName: str):
|
||||
data = request.json
|
||||
log.debug(data)
|
||||
@ -138,8 +98,8 @@ def createPKA(userName: str):
|
||||
return jsonify(dict(key=pak.preAuthKey.key))
|
||||
|
||||
|
||||
@ rest_blueprint.route('/user/<userName>/expire/<key>', methods=['GET'])
|
||||
@ auth.authorize_admins('default')
|
||||
@rest_blueprint.route('/user/<userName>/expire/<key>', methods=['GET'])
|
||||
@auth.authorize_admins('default')
|
||||
def expirePKA(userName: str, key: str):
|
||||
log.debug(key)
|
||||
req = v1ExpirePreAuthKeyRequest(user=userName, key=key)
|
||||
|
||||
Reference in New Issue
Block a user