github
/
haproxy-wi
mirror of https://github.com/Aidaho12/haproxy-wi
1
0
Fork 0
Code Issues Releases Wiki Activity

v8.1.7: Refactor and enhance cert routes and frontend blacklist handling 

Replaced unsafe input checks with Pydantic validation, improving route type safety. Adjusted blacklist handling logic in the frontend and templates for better consistency. Fixed minor JS selector bugs and added hidden input for group_id in the config template.
pull/418/head
Aidaho 2025-04-10 08:52:37 +03:00
parent 53d319f5e0
commit 61a7c342a8
4 changed files with 28 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
app/routes/add/routes.py
View File

@ -1,12 +1,12 @@
import os
from typing import Union
from typing import Literal
from flask import render_template, request, jsonify, redirect, url_for, g
from flask_jwt_extended import jwt_required, get_jwt
from flask_pydantic import validate
from pydantic import IPvAnyAddress
from app.modules.roxywi.class_models import SSLCertUploadRequest, DataStrResponse, SavedServerRequest, BaseResponse
from app.modules.roxywi.class_models import SSLCertUploadRequest, DataStrResponse, SavedServerRequest, BaseResponse, \
EscapedString
from app.routes.add import bp
import app.modules.db.add as add_sql
import app.modules.db.server as server_sql
@ -19,7 +19,6 @@ import app.modules.roxy_wi_tools as roxy_wi_tools
from app.views.service.haproxy_section_views import (GlobalSectionView, DefaultsSectionView, ListenSectionView,
UserListSectionView, PeersSectionView)
from app.views.service.haproxy_lists_views import HaproxyListView
from app.modules.roxywi.class_models import DomainName
get_config = roxy_wi_tools.GetConfigVar()
@ -106,9 +105,8 @@ def get_section_html():
@bp.route('/haproxy/bwlists/<color>/<int:group>')
def get_bwlists(color, group):
color = common.checkAjaxInput(color)
@validate()
def get_bwlists(color: Literal['black', 'white'], group):
return add_mod.get_bwlists_for_autocomplete(color, group)
@ -196,8 +194,8 @@ def get_certs(server_id: int):
@bp.route('/cert/<int:server_id>/<cert_id>', methods=['DELETE', 'GET'])
def get_cert(server_id: int, cert_id: str):
cert_id = common.checkAjaxInput(cert_id)
@validate()
def get_cert(server_id: int, cert_id: EscapedString):
server_ip = server_sql.get_server(server_id).ip
if request.method == 'DELETE':
return add_mod.del_ssl_cert(server_ip, cert_id)
@ -209,17 +207,17 @@ def get_cert(server_id: int, cert_id: str):
@validate(body=SSLCertUploadRequest)
def upload_cert(body: SSLCertUploadRequest):
try:
data = add_mod.upload_ssl_cert(body.server_ip, body.name, body.cert.replace("'", ""))
data = add_mod.upload_ssl_cert(body.server_ip, body.name, body.cert.replace("'", ""), body.cert_type)
return jsonify(data), 201
except Exception as e:
return roxywi_common.handler_exceptions_for_json_data(e, 'Cannot upload SSL certificate')
@bp.route('/cert/get/raw/<server_ip>/<cert_id>')
@bp.route('/cert/get/raw/<server_id>/<cert_id>')
@validate()
def get_cert_raw(server_ip: Union[IPvAnyAddress, DomainName], cert_id):
cert_id = common.checkAjaxInput(cert_id)
return add_mod.get_ssl_raw_cert(str(server_ip), cert_id)
def get_cert_raw(server_id: int, cert_id: EscapedString):
server_ip = server_sql.get_server(server_id).ip
return add_mod.get_ssl_raw_cert(server_ip, cert_id)
@bp.route('/map', methods=['POST', 'PUT', 'DELETE', 'GET'])

2
app/scripts/ansible/roles/haproxy_section/templates/section.j2
View File

@ -32,7 +32,7 @@
tcp-request content reject
{% endif %}
{% if config.blacklist and config.blacklist != 'None' -%}
tcp-request connection reject if { src -f {{ haproxy_dir }}/white/{{ config.blacklist }} }
tcp-request connection reject if { src -f {{ haproxy_dir }}/black/{{ config.blacklist }} }
{% endif %}
{% if config.acls != 'None' -%}

16
app/static/js/edit_config.js
View File

@ -93,6 +93,18 @@ function openSection(section) {
$(section_id + ' input[name="port"]').get(i).value = bind.port;
i++;
}
if (data.blacklist) {
$('#'+section_type+'_blacklist_checkbox').prop("checked", true);
$("#" + section_type + "_blacklist-hide").show("fast");
} else {
$('#'+section_type+'_blacklist_checkbox').prop("checked", false);
}
if (data.whitelist) {
$('#'+section_type+'_whitelist_checkbox').prop("checked", true);
$("#" + section_type + "_whitelist-hide").show("fast");
} else {
$('#'+section_type+'_whitelist_checkbox').prop("checked", false);
}
}
if (section_type === 'listen' || section_type === 'backend') {
if (data.config.backend_servers) {
@ -366,7 +378,7 @@ function addProxy(form_name, generate=false) {
data.data = data.data.replace(/\n/g, "<br>");
if (returnNiceCheckingConfig(data.data) === 0) {
toastr.info('Section has been added. Do not forget to restart the server');
let ip = frm.find('select[name=serv]').val();
let ip = $('select[name=serv]').val();
localStorage.setItem('restart', ip);
resetProxySettings();
}
@ -401,7 +413,7 @@ function editProxy(form_name, dialog_id, generate=false) {
data.data = data.data.replace(/\n/g, "<br>");
if (returnNiceCheckingConfig(data.data) === 0) {
toastr.info('Section has been updated. Do not forget to restart the server');
let ip = frm.find('select[name=serv]').val();
let ip = $('select[name=serv]').val();
localStorage.setItem('restart', ip);
showConfig();
$(dialog_id).dialog( "close" );

1
app/templates/ajax/config_show.html
View File

@ -424,6 +424,7 @@
openSection('{{ edit_section }}');
{% endif %}
</script>
<input type="hidden" id="group_id" value="{{ g.user_params['group_id']|string() }}">
<div id="edit-section" style="display: none;"></div>
<div id="dialog-confirm" style="display: none;">
<p><span class="ui-icon ui-icon-alert" style="float:left; margin:3px 12px 20px 0;"></span>Are you sure?</p>