Merge pull request #77 from CESNET/develop

1.2.0 version

Author: jirivrany

config.example.py

@@ -10,11 +10,6 @@ class Config:
     FLOWSPEC6_MAX_RULES = 9000
     RTBH_MAX_RULES = 100000
 
-    # Flask debugging
-    DEBUG = True
-    # Flask testing
-    TESTING = False
-
     # Choose your authentication method and set it to True here or
     # the production / development config
     # SSO auth enabled
@@ -104,6 +99,8 @@ class DevelopmentConfig(Config):
     SQLALCHEMY_DATABASE_URI = "Your Local Database URI"
     LOCAL_IP = "127.0.0.1"
     LOCAL_IP6 = "::ffff:127.0.0.1"
+
+    # Debug and Devel mode enabled
     DEBUG = True
     DEVEL = True
 

flowapp/__about__.py

@@ -1,4 +1,4 @@
-__version__ = "1.1.9"
+__version__ = "1.2.0"
 __title__ = "ExaFS"
 __description__ = "Tool for creation, validation, and execution of ExaBGP messages."
 __author__ = "CESNET / Jiri Vrany, Petr Adamec, Josef Verich, Jakub Man"

flowapp/__init__.py

@@ -1,6 +1,5 @@
 # -*- coding: utf-8 -*-
-import os
-from flask import Flask, redirect, render_template, session, url_for
+from flask import Flask, redirect, render_template, session, url_for, flash
 
 from flask_sso import SSO
 from flask_sqlalchemy import SQLAlchemy
@@ -128,11 +127,15 @@ def select_org(org_id=None):
         user = db.session.query(models.User).filter_by(uuid=uuid).first()
 
         if user is None:
-            return render_template("errors/404.html"), 404  # Handle missing user gracefully
+            return render_template("errors/404.html"), 404
 
         orgs = user.organization
         if org_id:
-            org = db.session.query(models.Organization).filter_by(id=org_id).first()
+            # Verify user belongs to this organization
+            org = user.organization.filter_by(id=org_id).first()
+            if not org:
+                flash("You don't have access to this organization", "alert-danger")
+                return redirect(url_for("index"))
             session["user_org_id"] = org.id
             session["user_org"] = org.name
             return redirect("/")

flowapp/auth.py

@@ -48,11 +48,13 @@ def decorated(*args, **kwargs):
 def user_or_admin_required(f):
     """
     decorator for admin/user endpoints
+    Allows access if the user has at least one role with ID > 1 (user or admin)
+    Role IDs: 1=view (read-only), 2=user (can create/edit), 3=admin
     """
 
     @wraps(f)
     def decorated(*args, **kwargs):
-        if not all(i > 1 for i in session["user_role_ids"]):
+        if not any(i > 1 for i in session["user_role_ids"]):
             return redirect(url_for("index"))
         return f(*args, **kwargs)
 

flowapp/constants.py

@@ -35,9 +35,9 @@
 MAX_PORT = 65535
 MAX_PACKET = 9216
 
-IPV6_NEXT_HEADER = {"tcp": "tcp", "udp": "udp", "icmp": "58", "all": ""}
+IPV6_NEXT_HEADER = {"tcp": "tcp", "udp": "udp", "icmp": "58", "gre": "gre", "all": ""}
 
-IPV4_PROTOCOL = {"tcp": "tcp", "udp": "udp", "icmp": "icmp", "all": ""}
+IPV4_PROTOCOL = {"tcp": "tcp", "udp": "udp", "icmp": "icmp", "gre": "gre", "all": ""}
 
 IPV4_FRAGMENT = {
     "dont": "dont-fragment",

flowapp/instance_config.py

@@ -102,8 +102,14 @@ class InstanceConfig:
                 "divide_before": True,
             },
             {"name": "Add action", "url": "admin.action"},
-            {"name": "RTBH Communities", "url": "admin.communities"},
+            {
+                "name": "RTBH Communities",
+                "url": "admin.communities",
+                "divide_before": True,
+            },
             {"name": "Add RTBH Comm.", "url": "admin.community"},
+            {"name": "AS Paths", "url": "admin.as_paths"},
+            {"name": "Add AS Path", "url": "admin.as_path"},
         ],
     }
     DASHBOARD = {

flowapp/templates/macros.html

@@ -52,9 +52,12 @@
                 <a class="btn btn-info btn-sm" href="{{ url_for('rules.reactivate_rule', rule_type=rtype_int, rule_id=rule.id) }}" role="button" data-bs-toggle="tooltip" data-bs-placement="top" title="set expiration">
                     <i class="bi bi-clock table-icon"></i>
                 </a>
-                <a class="btn btn-danger btn-sm" href="{{ url_for('rules.delete_rule', rule_type=rtype_int, rule_id=rule.id) }}" role="button" data-bs-toggle="tooltip" data-bs-placement="top" title="delete">
-                    <i class="bi bi-x-lg"></i>
-                </a>
+                <form method="POST" action="{{ url_for('rules.delete_rule', rule_type=rtype_int, rule_id=rule.id) }}" style="display:inline;" onsubmit="return confirm('Are you sure you want to delete this rule?');">
+                    <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
+                    <button type="submit" class="btn btn-danger btn-sm" data-bs-toggle="tooltip" data-bs-placement="top" title="delete">
+                        <i class="bi bi-x-lg"></i>
+                    </button>
+                </form>
             {% endif %}
             {% if rule.comment %}
                 <button type="button" class="btn btn-info btn-sm" data-bs-toggle="tooltip" data-bs-placement="top" title="{{ rule.comment }}">
@@ -108,14 +111,20 @@
                 <a class="btn btn-info btn-sm" href="{{ url_for('rules.reactivate_rule', rule_type=1, rule_id=rule.id) }}" role="button" data-bs-toggle="tooltip" data-bs-placement="top" title="set expiration">
                     <i class="bi bi-clock table-icon"></i>
                 </a>
-                <a class="btn btn-danger btn-sm" href="{{ url_for('rules.delete_rule', rule_type=1, rule_id=rule.id) }}" role="button" data-bs-toggle="tooltip" data-bs-placement="top" title="delete">
-                    <i class="bi bi-x-lg"></i>
-                </a>
-                {% if rule.community.id in allowed_communities %}    
-                    <a class="btn btn-success btn-sm" href="{{ url_for('rules.delete_and_whitelist', rule_type=1, rule_id=rule.id) }}" role="button" data-bs-toggle="tooltip" data-bs-placement="top" title="whitelist and delete">
-                        <i class="bi bi-shield-x"></i>
-                    </a>
-                {% endif %}    
+                <form method="POST" action="{{ url_for('rules.delete_rule', rule_type=1, rule_id=rule.id) }}" style="display:inline;" onsubmit="return confirm('Are you sure you want to delete this rule?');">
+                    <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
+                    <button type="submit" class="btn btn-danger btn-sm" data-bs-toggle="tooltip" data-bs-placement="top" title="delete">
+                        <i class="bi bi-x-lg"></i>
+                    </button>
+                </form>
+                {% if rule.community.id in allowed_communities %}
+                    <form method="POST" action="{{ url_for('rules.delete_and_whitelist', rule_type=1, rule_id=rule.id) }}" style="display:inline;" onsubmit="return confirm('Are you sure you want to whitelist and delete this rule?');">
+                        <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
+                        <button type="submit" class="btn btn-success btn-sm" data-bs-toggle="tooltip" data-bs-placement="top" title="whitelist and delete">
+                            <i class="bi bi-shield-x"></i>
+                        </button>
+                    </form>
+                {% endif %}
             {% endif %}
             {% if rule.comment %}
             <button type="button" class="btn btn-info btn-sm" data-bs-toggle="tooltip" data-bs-placement="top" title="{{ rule.comment }}">
@@ -153,9 +162,12 @@
         <a class="btn btn-info btn-sm" href="{{ url_for('whitelist.reactivate', wl_id=rule.id) }}" role="button" data-bs-toggle="tooltip" data-bs-placement="top" title="set expiration">
             <i class="bi bi-clock table-icon"></i>
         </a>
-        <a class="btn btn-danger btn-sm" href="{{ url_for('whitelist.delete', wl_id=rule.id) }}" role="button" data-bs-toggle="tooltip" data-bs-placement="top" title="delete">
-            <i class="bi bi-x-lg"></i>
-        </a>
+        <form method="POST" action="{{ url_for('whitelist.delete', wl_id=rule.id) }}" style="display:inline;" onsubmit="return confirm('Are you sure you want to delete this whitelist?');">
+            <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
+            <button type="submit" class="btn btn-danger btn-sm" data-bs-toggle="tooltip" data-bs-placement="top" title="delete">
+                <i class="bi bi-x-lg"></i>
+            </button>
+        </form>
         {% endif %}
         {% if rule.comment %}
            <button type="button" class="btn btn-info btn-sm" data-bs-toggle="tooltip" data-bs-placement="top" title="{{ rule.comment }}">

flowapp/templates/pages/actions.html

@@ -25,9 +25,12 @@
         <a class="btn btn-info btn-sm" href="{{ url_for('admin.edit_action', action_id=action.id) }}" role="button">
             <i class="bi bi-pen"></i>
         </a>
-        <a class="btn btn-danger btn-sm" href="{{ url_for('admin.delete_action', action_id=action.id) }}" role="button">
-            <i class="bi bi-x-lg"></i>
-        </a>
+        <form method="POST" action="{{ url_for('admin.delete_action', action_id=action.id) }}" style="display:inline;" onsubmit="return confirm('Are you sure you want to delete this action?');">
+            <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
+            <button type="submit" class="btn btn-danger btn-sm">
+                <i class="bi bi-x-lg"></i>
+            </button>
+        </form>
         </td>
         </tr>
     {% endfor %}

flowapp/templates/pages/as_paths.html

@@ -17,9 +17,12 @@
         <a class="btn btn-info btn-sm" href="{{ url_for('admin.edit_as_path', path_id=pth.id) }}" role="button">
             <i class="bi bi-pen"></i>
         </a>
-        <a class="btn btn-danger btn-sm" href="{{ url_for('admin.delete_as_path', path_id=pth.id) }}" role="button">
-            <i class="bi bi-x-lg"></i>
-        </a>
+        <form method="POST" action="{{ url_for('admin.delete_as_path', path_id=pth.id) }}" style="display:inline;" onsubmit="return confirm('Are you sure you want to delete this AS path?');">
+            <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
+            <button type="submit" class="btn btn-danger btn-sm">
+                <i class="bi bi-x-lg"></i>
+            </button>
+        </form>
         </td>
         </tr>
     {% endfor %}

flowapp/templates/pages/communities.html

@@ -31,9 +31,12 @@
         <a class="btn btn-info btn-sm" href="{{ url_for('admin.edit_community', community_id=community.id) }}" role="button">
             <i class="bi bi-pen"></i>
         </a>
-        <a class="btn btn-danger btn-sm" href="{{ url_for('admin.delete_community', community_id=community.id) }}" role="button">
-            <i class="bi bi-x-lg"></i>
-        </a>
+        <form method="POST" action="{{ url_for('admin.delete_community', community_id=community.id) }}" style="display:inline;" onsubmit="return confirm('Are you sure you want to delete this community?');">
+            <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
+            <button type="submit" class="btn btn-danger btn-sm">
+                <i class="bi bi-x-lg"></i>
+            </button>
+        </form>
         </td>
         </tr>
     {% endfor %}