Merge d2653741aa into 5e26f3c67a

2022-04-05 20:38:56 +02:00 · 2022-04-05 20:38:56 +02:00 · b1dd184729
parent 5e26f3c67a d2653741aa
commit b1dd184729
2 changed files with 51 additions and 1 deletions
--- a/lg.cfg.example
+++ b/lg.cfg.example
@ -40,3 +40,7 @@ ASN_ZONE = "asn.cymru.com"

 # Used for secure session storage, change this
 SESSION_KEY = '\xd77\xf9\xfa\xc2\xb5\xcd\x85)`+H\x9d\xeeW\\%\xbe/\xbaT\x89\xe8\xa7'
+
+# specifies an alternative start page template for the "/" route.
+# If not specified default action is redirection to /summary/%s/ipv4.
+# DEFAULT_TEMPLATE="/etc/bird-lg/index.html"
--- a/lg.py
+++ b/lg.py
@ -37,11 +37,12 @@ from toolbox import mask_is_valid, ipv6_is_valid, ipv4_is_valid, resolve, save_c


 import pydot
-from flask import Flask, render_template, jsonify, redirect, session, request, abort, Response, Markup
+from flask import Flask, render_template, render_template_string, jsonify, redirect, session, request, abort, Response, Markup
 parser = argparse.ArgumentParser()
 parser.add_argument('-c', dest='config_file', help='path to config file', default='lg.cfg')
 args = parser.parse_args()

+
 app = Flask(__name__)
 app.config.from_pyfile(args.config_file)
 app.secret_key = app.config["SESSION_KEY"]
@ -180,6 +181,8 @@ def inject_commands():
            ("adv", "show route ..."),
            ("adv_bgpmap", "show route ... (bgpmap)"),
        ]
+
+    commands =  [i for i in commands if i[0] not in app.config.get("BLACKLIST_COMMANDS", [])]
    commands_dict = {}
    for id, text in commands:
        commands_dict[id] = text
@ -193,6 +196,17 @@ def inject_all_host():

@app.route("/")
 def hello():
+    if app.config.get("DEFAULT_TEMPLATE", False):
+        # initializes session with first command of commands_dict, first host and ipv4 for rendering layout.html.
+        first_command = next(iter(inject_commands()['commands_dict']))
+        set_session(first_command, "+".join(app.config["PROXY"].keys()), "ipv4", "")
+
+        # usage of open + render_template_string instead of render_template allows
+        # file location outside of template directory.
+        with open(app.config.get("DEFAULT_TEMPLATE"), 'r') as filehandle:
+            filecontent = filehandle.read()
+        return render_template_string(filecontent)
+
    return redirect("/summary/%s/ipv4" % "+".join(app.config["PROXY"].keys()))


@ -236,6 +250,8 @@ SUMMARY_UNWANTED_PROTOS = ["Kernel", "Static", "Device", "Direct"]
@app.route("/summary/<hosts>")
@app.route("/summary/<hosts>/<proto>")
 def summary(hosts, proto="ipv4"):
+    if 'summary' not in iter(inject_commands()['commands_dict']):
+        return render_template('error.html', errors=["Access denied"]), 403

    set_session("summary", hosts, proto, "")
    command = "show protocols"
@ -278,6 +294,9 @@ def summary(hosts, proto="ipv4"):

@app.route("/detail/<hosts>/<proto>")
 def detail(hosts, proto):
+    if 'detail' not in iter(inject_commands()['commands_dict']):
+        return render_template('error.html', errors=["Access denied"]), 403
+
    name = get_query()

    if not name:
@ -307,6 +326,9 @@ def detail(hosts, proto):

@app.route("/traceroute/<hosts>/<proto>")
 def traceroute(hosts, proto):
+    if 'traceroute' not in iter(inject_commands()['commands_dict']):
+        return render_template('error.html', errors=["Access denied"]), 403
+
    q = get_query()

    if not q:
@ -340,41 +362,65 @@ def traceroute(hosts, proto):

@app.route("/adv/<hosts>/<proto>")
 def show_route_filter(hosts, proto):
+    if 'adv' not in iter(inject_commands()['commands_dict']):
+        return render_template('error.html', errors=["Access denied"]), 403
+
    return show_route("adv", hosts, proto)


@app.route("/adv_bgpmap/<hosts>/<proto>")
 def show_route_filter_bgpmap(hosts, proto):
+    if 'adv_bgpmap' not in iter(inject_commands()['commands_dict']):
+        return render_template('error.html', errors=["Access denied"]), 403
+
    return show_route("adv_bgpmap", hosts, proto)


@app.route("/where/<hosts>/<proto>")
 def show_route_where(hosts, proto):
+    if 'where' not in iter(inject_commands()['commands_dict']):
+        return render_template('error.html', errors=["Access denied"]), 403
+
    return show_route("where", hosts, proto)


@app.route("/where_detail/<hosts>/<proto>")
 def show_route_where_detail(hosts, proto):
+    if 'where_detail' not in iter(inject_commands()['commands_dict']):
+        return render_template('error.html', errors=["Access denied"]), 403
+
    return show_route("where_detail", hosts, proto)


@app.route("/where_bgpmap/<hosts>/<proto>")
 def show_route_where_bgpmap(hosts, proto):
+    if 'where_bgpmap' not in iter(inject_commands()['commands_dict']):
+        return render_template('error.html', errors=["Access denied"]), 403
+
    return show_route("where_bgpmap", hosts, proto)


@app.route("/prefix/<hosts>/<proto>")
 def show_route_for(hosts, proto):
+    if 'prefix' not in iter(inject_commands()['commands_dict']):
+        return render_template('error.html', errors=["Access denied"]), 403
+
    return show_route("prefix", hosts, proto)


@app.route("/prefix_detail/<hosts>/<proto>")
 def show_route_for_detail(hosts, proto):
+    if 'prefix_detail' not in iter(inject_commands()['commands_dict']):
+        return render_template('error.html', errors=["Access denied"]), 403
+
    return show_route("prefix_detail", hosts, proto)


@app.route("/prefix_bgpmap/<hosts>/<proto>")
 def show_route_for_bgpmap(hosts, proto):
+    if 'prefix_bgpmap' not in iter(inject_commands()['commands_dict']):
+        return render_template('error.html', errors=["Access denied"]), 403
+
    return show_route("prefix_bgpmap", hosts, proto)