├── .github
    └── workflows
    │   └── python-app.yml
├── .gitignore
├── LICENSE
├── MANIFEST.in
├── README.md
├── config.example.py
├── db-init.py
├── docs
    ├── API.md
    ├── AUTH.md
    ├── DB_BACKUP.md
    ├── DB_LOCAL.md
    ├── DB_MIGRATIONS.md
    ├── INSTALL.md
    ├── apache.conf.example
    ├── api
    │   ├── apiario.md
    │   └── swagger.yaml
    ├── app_schema_en.png
    ├── guarda-service
    │   ├── README.md
    │   └── guarda.service
    ├── schema.png
    └── supervisor
    │   ├── exafs.supervisord.conf
    │   └── supervisord.example.service
├── flowapp
    ├── __about__.py
    ├── __init__.py
    ├── auth.py
    ├── constants.py
    ├── flowspec.py
    ├── forms.py
    ├── instance_config.py
    ├── messages.py
    ├── models.py
    ├── output.py
    ├── static
    │   ├── js
    │   │   ├── check_all.js
    │   │   ├── enable_tooltips.js
    │   │   ├── ip_context.js
    │   │   ├── table.js
    │   │   └── table.jsx
    │   ├── mystyle.css
    │   └── swagger.yml
    ├── templates
    │   ├── errors
    │   │   ├── 401.html
    │   │   ├── 401.j2
    │   │   ├── 404.html
    │   │   └── 500.html
    │   ├── forms
    │   │   ├── api_key.html
    │   │   ├── bulk_user_form.html
    │   │   ├── ipv4_rule.html
    │   │   ├── ipv6_rule.html
    │   │   ├── machine_api_key.html
    │   │   ├── macros.html
    │   │   ├── org.html
    │   │   ├── rtbh_rule.html
    │   │   ├── rule.html
    │   │   └── simple_form.html
    │   ├── layouts
    │   │   └── default.html
    │   ├── macros.html
    │   └── pages
    │   │   ├── actions.html
    │   │   ├── api_key.html
    │   │   ├── as_paths.html
    │   │   ├── communities.html
    │   │   ├── dashboard_admin.html
    │   │   ├── dashboard_search.html
    │   │   ├── dashboard_user.html
    │   │   ├── dashboard_view.html
    │   │   ├── dashboard_whois.html
    │   │   ├── limit_reached.html
    │   │   ├── logout.html
    │   │   ├── logs.html
    │   │   ├── machine_api_key.html
    │   │   ├── org_modal.html
    │   │   ├── orgs.html
    │   │   ├── submenu_dashboard.html
    │   │   ├── submenu_dashboard_view.html
    │   │   ├── user_list.html
    │   │   └── users.html
    ├── tests
    │   ├── __init__.py
    │   ├── conftest.py
    │   ├── test_api_auth.py
    │   ├── test_api_deprecated.py
    │   ├── test_api_v3.py
    │   ├── test_flowapp.py
    │   ├── test_flowspec.py
    │   ├── test_forms.py
    │   ├── test_login.py
    │   ├── test_models.py
    │   ├── test_utils.py
    │   └── test_validators.py
    ├── utils.py
    ├── validators.py
    └── views
    │   ├── __init__.py
    │   ├── admin.py
    │   ├── api_common.py
    │   ├── api_keys.py
    │   ├── api_v1.py
    │   ├── api_v2.py
    │   ├── api_v3.py
    │   ├── dashboard.py
    │   └── rules.py
├── requirements-backup.txt
├── requirements.txt
├── run.example.py
├── setup.cfg
└── setup.py


/.github/workflows/python-app.yml:
--------------------------------------------------------------------------------
 1 | # This workflow will install Python dependencies, run tests and lint with a single version of Python
 2 | # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
 3 | 
 4 | name: Python application
 5 | 
 6 | on:
 7 |   push:
 8 |     branches: [ "master", "develop" ]
 9 |   pull_request:
10 |     branches: [ "master", "develop" ]
11 | 
12 | permissions:
13 |   contents: read
14 | 
15 | jobs:
16 |   build:
17 | 
18 |     runs-on: ubuntu-latest
19 | 
20 |     steps:
21 |     - uses: actions/checkout@v3
22 |     - name: Set up Python 3.9
23 |       uses: actions/setup-python@v3
24 |       with:
25 |         python-version: "3.9"
26 |     - name: Setup timezone
27 |       uses: zcong1993/setup-timezone@master
28 |       with:
29 |         timezone: Europe/Prague
30 |     - name: Install dependencies
31 |       run: |
32 |         python -m pip install --upgrade pip
33 |         pip install flake8 pytest
34 |         if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
35 |     - name: Lint with flake8
36 |       run: |
37 |         # stop the build if there are Python syntax errors or undefined names
38 |         flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
39 |         # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
40 |         flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
41 |     - name: Test with pytest
42 |       run: |
43 |         pytest
44 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | config.py
  2 | run.py
  3 | migrations/
  4 | 
  5 | # PyCharm
  6 | .idea/
  7 | 
  8 | 
  9 | # Byte-compiled / optimized / DLL files
 10 | __pycache__/
 11 | *.py[cod]
 12 | *$py.class
 13 | 
 14 | # C extensions
 15 | *.so
 16 | 
 17 | # Distribution / packaging
 18 | .Python
 19 | build/
 20 | develop-eggs/
 21 | dist/
 22 | downloads/
 23 | eggs/
 24 | .eggs/
 25 | lib/
 26 | lib64/
 27 | parts/
 28 | sdist/
 29 | var/
 30 | wheels/
 31 | *.egg-info/
 32 | .installed.cfg
 33 | *.egg
 34 | MANIFEST
 35 | 
 36 | # PyInstaller
 37 | #  Usually these files are written by a python script from a template
 38 | #  before PyInstaller builds the exe, so as to inject date/other infos into it.
 39 | *.manifest
 40 | *.spec
 41 | 
 42 | # Installer logs
 43 | pip-log.txt
 44 | pip-delete-this-directory.txt
 45 | 
 46 | # Unit test / coverage reports
 47 | htmlcov/
 48 | .tox/
 49 | .coverage
 50 | .coverage.*
 51 | .cache
 52 | nosetests.xml
 53 | coverage.xml
 54 | *.cover
 55 | .hypothesis/
 56 | .pytest_cache/
 57 | 
 58 | # Translations
 59 | *.mo
 60 | *.pot
 61 | 
 62 | # Django stuff:
 63 | *.log
 64 | local_settings.py
 65 | db.sqlite3
 66 | 
 67 | # Flask stuff:
 68 | instance/
 69 | .webassets-cache
 70 | 
 71 | # Scrapy stuff:
 72 | .scrapy
 73 | 
 74 | # Sphinx documentation
 75 | docs/_build/
 76 | 
 77 | # PyBuilder
 78 | target/
 79 | 
 80 | # Jupyter Notebook
 81 | .ipynb_checkpoints
 82 | 
 83 | # pyenv
 84 | .python-version
 85 | 
 86 | # celery beat schedule file
 87 | celerybeat-schedule
 88 | 
 89 | # SageMath parsed files
 90 | *.sage.py
 91 | 
 92 | # Environments
 93 | .env
 94 | .venv
 95 | env/
 96 | venv/
 97 | venv37/
 98 | ENV/
 99 | env.bak/
100 | venv.bak/
101 | 
102 | # Spyder project settings
103 | .spyderproject
104 | .spyproject
105 | 
106 | # Rope project settings
107 | .ropeproject
108 | 
109 | # mkdocs documentation
110 | /site
111 | 
112 | # mypy
113 | .mypy_cache/
114 | 
115 | # vscode
116 | .vscode/
117 | .vscode/settings.json
118 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2018 Jiri Vrany, Petr Adamec, Josef Verich, CESNET
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.


--------------------------------------------------------------------------------
/MANIFEST.in:
--------------------------------------------------------------------------------
1 | include flowapp/static/*
2 | include flowapp/static/js/*
3 | 
4 | include flowapp/templates/*
5 | include flowapp/templates/errors/*
6 | include flowapp/templates/forms/*
7 | include flowapp/templates/layouts/*
8 | include flowapp/templates/pages/*
9 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # ExaFS
 2 | ExaFS brings new functionality to the environment of routing protocols configuration for backbone network hardware security. 
 3 | 
 4 | The tool extends network administrators toolset by adding an extra layer for configuration rules creation, validation, and authorization. With this new layer, a larger group of network administrators can safely create new
 5 |  [BGP protocol](https://github.com/Exa-Networks/exabgp) rules to prevent DDoS and other forms of malicious cyber attacks. 
 6 | 
 7 | ExaFS is open source with MIT license. The system is regularly used at [CESNET](https://www.cesnet.cz/) - the Czech national e-infrastructure for science, research and education operator.
 8 | 
 9 | ExaFS provides both the user Web interface and the REST API for web service. 
10 | 
11 | Key contributions of the system are **user authorization** mechanism and **validation system for BGP commands**.
12 | 
13 | Without ExaFS the system Root privileges are required for direct interaction with ExaBGP and networking hardware. ExaFS provides several user roles and access rights similarly to user roles in other software systems such as SQL. The system allows specifying user rights for various kinds of sub-nets following the network topology.
14 | 
15 | Validation system for BGP commands assures that only error-free messages can pass to the system BGP API. Both syntax and access rights are validated before a new rule can be stored in the database.
16 | 
17 | Thanks to the storage, all the rules can be restored quickly after a system reboot or failure. All rules are validated again, before sending them to ExaBPG from the storage, to prevent any malicious database manipulation.
18 | 
19 | ExaFS is an integral part of cybersecurity tools at CESNET. However, it can be used in any network where ExaBGP is available.
20 | 
21 | See how is ExaFS integrated into the network in the picture below. 
22 | 
23 | 
24 | ![ExaFS integration schema](./docs/schema.png)
25 | 
26 | ## Project presentations
27 | 
28 | * 2020 - CZ [DDoS Protector v prostředí propojovacího uzlu NIX.CZ](https://www.cesnet.cz/wp-content/uploads/2020/02/DDP_v_NIX.pdf), [Seminář o bezpečností sítí a služeb 2020](https://www.cesnet.cz/akce/bss20/)
29 | * 2019 - EN [ExaFS: mitigating unwanted traffic](https://xn--ondej-kcb.caletka.cz/dl/slidy/20191113-SIGNOC-ExaFS.pdf), [10th SIG-NOC meeting](https://wiki.geant.org/display/SIGNOC/10th+SIG-NOC+meeting), Prague
30 | * 2019 - CZ [Potlačení nežádoucího provozu pomocí BGP Flowspec](https://indico.csnog.eu/event/6/contributions/64/attachments/35/61/CESNET-FlowSpec-CSNOG.pdf), [CSNOG 2019](https://indico.csnog.eu/event/6/overview) 
31 | * 2019 - CZ [Nástroje pro FlowSpec a RTBH](https://konference.cesnet.cz/prezentace2019/sal1/3_Adamec.pdf), [Konference e-infrastruktury CESNET](https://konference.cesnet.cz/) 2019
32 | * 2019 - CZ [Nástroje pro obranu proti útokům na páteřních směrovačích](https://konference.cesnet.cz/prezentace2019/sal1/3_Verich.pdf),[Konference e-infrastruktury CESNET](https://konference.cesnet.cz/) 2019
33 | 
34 | 
35 | ## System overview
36 | 
37 | ![ExaFS schema](./docs/app_schema_en.png)
38 | 
39 | The central part of the ExaFS is a web application, written in Python3.6 with Flask framework. It provides a user interface for ExaBGP rule CRUD operations. The application also provides the REST API with CRUD operations for the configuration rules. The web app uses Shibboleth authorization; the REST API is using token-based authorization. 
40 | 
41 | The app creates the ExaBGP commands and forwards them to ExaBGP process. All rules are carefully validated, and only valid rules are stored in the database and sent to the ExaBGP connector.
42 |  
43 | This second part of the system is another application that replicates the received command to the stdout. The connection between ExaBGP daemon and stdout of ExaAPI (ExaBGP process) is specified in the ExaBGP config. 
44 | 
45 | This API was a part of the project, but now has been moved to own repository. You can use [pip package exabgp-process](https://pypi.org/project/exabgp-process/) or clone the git repo. Or you can create your own version.
46 |  
47 | Every time this process gets a command from ExaFS, it replicates this command to the ExaBGP service through the stdout. The registered service then updates the ExaBGP table – create, modify or remove the rule from command.
48 | 
49 | You may also need to monitor the ExaBGP and renew the commands after restart / shutdown. In docs you can find and example of system service named Guarda. This systemctl service is running in the host system and gets a notification on each restart of ExaBGP service via systemctl WantedBy config option. For every restart of ExaBGP the Guarda service will put all the valid and active rules to the ExaBGP rules table again.
50 | 
51 | ## DOCS
52 | * [Install notes](./docs/INSTALL.md)
53 | * [API documentation ](https://exafs.docs.apiary.io/#)
54 | * [Database backup configuration](./docs/DB_BACKUP.md)
55 | * [Local database instalation notes](./docs/DB_LOCAL.md)
56 | 
57 | ## Change Log
58 | - 1.0.2 - fixed bug in IPv6 Flowspec messages
59 | - 1.0.1 . minor bug fixes
60 | - 1.0.0 . Major changes
61 |     - Limits for nuber of rules in the system introduced. There are now limits for rules for organization and overall limit for the instalation. Database changed / migration is required. Migrating the database to version 1.0.x is a bit more complicated, you need to link existing rules to organizations. [A more detailed description is in a separate document](./docs/DB_MIGRATIONS.md).
62 |     - Rules are now tied to organization. If the user belongs to more than one organization, the organization for the session must be selected after login.
63 |     - Bulk import for users enabled for admin.
64 |     - Introduced Swagger docs for API on the local system. Just open /apidocs url. 
65 |     - New format of message for ExaAPI - now sends information about author of rule (user) for logging purposes.
66 |     - ExaAPI and Guarda modules moved outside of the project.
67 |     - ExaAPI is now available as a [pip package exabgp-process](https://pypi.org/project/exabgp-process/), with own [github repostiory](https://github.com/CESNET/exabgp-process).
68 |     - Watch of exabgp restart can be still done by guarda service - see docs. Or it can be done by override of the exabgp service settings.  
69 | - 0.8.1 application is using Flask-Session stored in DB using SQL Alchemy driver. This can be configured for other drivers, however server side session is required for the application proper function.
70 | - 0.8.0 - API keys update.  **Run migration scripts to update your DB**.  Keys can now have expiration date and readonly flag. Admin can create special keys for certain machinnes.
71 | - 0.7.3 - New possibility of external auth proxy. 
72 | - 0.7.2 - Dashboard and Main menu are now customizable in config. App is ready to be packaged using setup.py.
73 | - 0.7.0 - ExaAPI now have two options - HTTP or RabbitMQ. ExaAPI process has been renamed, update of ExaBGP process value is needed for this version.
74 | - 0.6.2 - External config for ExaAPI 
75 | - 0.6.0 - Bootstrap 5 in UI
76 | - 0.5.5 - API v3 - auth api key in cookie not in url
77 | - 0.5.4 - Right click menu on adress / Whois or Copy to clipboard
78 | - 0.5.3 - Dashboard update, forms with default action
79 | - 0.5.2 - API v2 with new keys 
80 | - 0.5.1 - Bug fixes
81 | - 0.5.0 - New format of LOG table in database. **Run migration scripts to update your DB**. Removed foreign key user_id, author email is stored directly to logs for faster grep text search.
82 | - 0.4.8 - Enhanced String Filtering
83 | - 0.4.7 - Multi neighbor support enabled. See config example and update your config.py. 
84 | - 0.4.6 - Route Distinguisher for VRF is now supported. See config example and update your config.py. 
85 | 


--------------------------------------------------------------------------------
/config.example.py:
--------------------------------------------------------------------------------
  1 | class Config:
  2 |     """
  3 |     Default config options
  4 |     """
  5 | 
  6 |     # Limits
  7 |     FLOWSPEC4_MAX_RULES = 9000
  8 |     FLOWSPEC6_MAX_RULES = 9000
  9 |     RTBH_MAX_RULES = 100000
 10 | 
 11 |     # Flask debugging
 12 |     DEBUG = True
 13 |     # Flask testing
 14 |     TESTING = False
 15 | 
 16 |     # Choose your authentication method and set it to True here or
 17 |     # the production / development config
 18 |     # SSO auth enabled
 19 |     SSO_AUTH = False
 20 |     # Authentication is done outside the app, use HTTP header to get the user uuid.
 21 |     # If SSO_AUTH is set to True, this option is ignored and SSO auth is used.
 22 |     HEADER_AUTH = False
 23 |     # Local authentication - used when SSO_AUTH and HEADER_AUTH are set to False
 24 |     LOCAL_AUTH = False
 25 | 
 26 |     # Name of HTTP header containing the UUID of authenticated user.
 27 |     # Only used when HEADER_AUTH is set to True
 28 |     AUTH_HEADER_NAME = "X-Authenticated-User"
 29 |     # SSO LOGOUT
 30 |     LOGOUT_URL = "https://flowspec.example.com/Shibboleth.sso/Logout"
 31 |     # SQL Alchemy config
 32 |     SQLALCHEMY_TRACK_MODIFICATIONS = False
 33 | 
 34 |     # ExaApi configuration
 35 |     # possible values HTTP, RABBIT
 36 |     EXA_API = "RABBIT"
 37 |     # for HTTP EXA_API_URL must be specified
 38 |     EXA_API_URL = "http://localhost:5000/"
 39 |     # for RABBITMQ EXA_API_RABBIT_* must be specified
 40 |     EXA_API_RABBIT_HOST = "your rabbit host"
 41 |     EXA_API_RABBIT_PORT = "rabit port (5672)"
 42 |     EXA_API_RABBIT_PASS = "some secret password"
 43 |     EXA_API_RABBIT_USER = "rabbit user"
 44 |     EXA_API_RABBIT_VHOST = "rabbit vhost"
 45 |     EXA_API_RABBIT_QUEUE = "exa_api"
 46 | 
 47 |     # Secret keys for Flask Session and JWT (API and CSRF protection)
 48 |     JWT_SECRET = "GenerateSomeLongRandomSequence"
 49 |     SECRET_KEY = "GenerateSomeLongRandomSequence"
 50 | 
 51 |     # APP Name - display in main toolbar
 52 |     APP_NAME = "ExaFS"
 53 |     # Route Distinguisher for VRF
 54 |     # When True set your rd string and label to be used in messages
 55 |     USE_RD = True
 56 |     RD_STRING = "7654:3210"
 57 |     RD_LABEL = "label for RD"
 58 | 
 59 | 
 60 | class ProductionConfig(Config):
 61 |     """
 62 |     Production config options
 63 |     """
 64 | 
 65 |     # SQL Alchemy config string - mustl include user and pwd
 66 |     SQLALCHEMY_DATABASE_URI = "Your Productionl Database URI"
 67 |     # Public IP of the production machine
 68 |     LOCAL_IP = "127.0.0.1"
 69 |     LOCAL_IP6 = "::ffff:127.0.0.1"
 70 |     # SSO AUTH enabled in produciion
 71 |     SSO_AUTH = True
 72 |     SSO_ATTRIBUTE_MAP = {
 73 |         "eppn": (False, "eppn"),
 74 |         "HTTP_X_EPPN": (False, "eppn"),
 75 |     }
 76 |     SSO_LOGIN_URL = "/login"
 77 | 
 78 |     # Set true if you need debug in production
 79 |     DEBUG = False
 80 |     DEVEL = False
 81 | 
 82 |     # is production behind a reverse proxy?
 83 |     BEHIND_PROXY = True
 84 | 
 85 |     # Set cookie behavior
 86 |     SESSION_COOKIE_SECURE = (True,)
 87 |     SESSION_COOKIE_HTTPONLY = (True,)
 88 |     SESSION_COOKIE_SAMESITE = ("Lax",)
 89 | 
 90 | 
 91 | class DevelopmentConfig(Config):
 92 |     """
 93 |     Development config options - usually for localhost development and debugging process
 94 |     """
 95 | 
 96 |     SQLALCHEMY_DATABASE_URI = "Your Local Database URI"
 97 |     LOCAL_IP = "127.0.0.1"
 98 |     LOCAL_IP6 = "::ffff:127.0.0.1"
 99 |     DEBUG = True
100 |     DEVEL = True
101 | 
102 |     # LOCAL user parameters - when the app is used without SSO_AUTH
103 |     # Local User must be in the database
104 |     LOCAL_USER_UUID = "admin@example.com"
105 |     LOCAL_AUTH = True
106 | 
107 | 
108 | class TestingConfig(Config):
109 |     TESTING = True
110 | 


--------------------------------------------------------------------------------
/db-init.py:
--------------------------------------------------------------------------------
 1 | 
 2 | from flask import Flask
 3 | from flowapp import db
 4 | from flowapp.models import *
 5 | 
 6 | import config
 7 | from os import environ
 8 | 
 9 | 
10 | def create_app():
11 |     app = Flask('FlowSpecDB init')
12 |     # Configurations
13 |     try:
14 |         env = environ['USERNAME']
15 |     except KeyError as e:
16 |         env = 'Production'
17 | 
18 |     if env == 'albert':
19 |         print("DEVEL")
20 |         app.config.from_object(config.DevelopmentConfig)
21 |     else:
22 |         print("PRODUCTION")
23 |         app.config.from_object(config.ProductionConfig)
24 | 
25 |     db.init_app(app)
26 | 
27 |     with app.app_context():
28 |         print("#: cleaning database")
29 |         db.reflect()
30 |         db.drop_all()
31 |         print("#: creating tables")
32 |         db.create_all()
33 | 
34 | 
35 |     return app
36 | 
37 | 
38 | if __name__ == '__main__':
39 |     create_app().app_context().push()
40 | 


--------------------------------------------------------------------------------
/docs/API.md:
--------------------------------------------------------------------------------
1 | # ExaFS API  
2 | 
3 | Local Swagger API docs is available on https://your.server.name/apidocs
4 | 
5 | ExaFS API documentation can be also [found on Apiary.io](https://exafs.docs.apiary.io/#).


--------------------------------------------------------------------------------
/docs/AUTH.md:
--------------------------------------------------------------------------------
 1 | # ExaFS Auth mechanism
 2 | 
 3 | Since version 0.7.3, the application supports three different forms of user authorization. 
 4 | 
 5 | * SSO using Shibboleth
 6 | * Simple Auth proxy 
 7 | * Local single-user mode 
 8 | 
 9 | ### SSO
10 | To use SSO, you need to set up Apache + Shiboleth in the usual way. Then set `SSO_AUTH = True` in the application configuration file **config.py**
11 | 
12 | In general the whole app should be protected by Shiboleth. However, there certain endpoints should be excluded from Shiboleth for the interaction with BGP. See configuration example bellow. The endpoints which are not protected by Shibboleth are protected by app itself. Either by @localhost_only decorator or by API key. 
13 | 
14 | Shibboleth configuration example:
15 | 
16 | #### shibboleth config (shib.conf):
17 | 
18 | ```
19 | <Location />
20 |   AuthType shibboleth
21 |   ShibRequestSetting requireSession 1
22 |   require shib-session
23 | </Location>
24 | 
25 | 
26 | <LocationMatch /api/>
27 |   Satisfy Any
28 |   allow from All
29 | </LocationMatch>
30 | 
31 | <LocationMatch /rules/announce_all>
32 |   Satisfy Any
33 |   allow from All
34 | </LocationMatch>
35 | 
36 | <LocationMatch /rules/withdraw_expired>
37 |   Satisfy Any
38 |   allow from All
39 | </LocationMatch> 
40 | ```
41 | 
42 | 
43 | #### httpd ssl.conf 
44 | We recomend using app with https only. It's important to configure proxy pass to uwsgi in httpd config.
45 | ```
46 | # Proxy everything to the WSGI server except /Shibboleth.sso and
47 | # /shibboleth-sp
48 | ProxyPass /kon.php !
49 | ProxyPass /Shibboleth.sso !
50 | ProxyPass /shibboleth-sp !
51 | ProxyPass / uwsgi://127.0.0.1:8000/
52 | ```
53 | 
54 | ### Simple Auth
55 | This mode uses a WWW server (usually Apache) as an auth proxy. It is thus possible to use an external user database. Everything needs to be set in the web server configuration, then in **config.py** enable `HEADER_AUTH = True` and set `AUTH_HEADER_NAME = 'X-Authenticated-User'` 
56 | 
57 | See [apache.conf.example](./apache.conf.example) for more information about configuration.
58 | 
59 | ### Local single user mode
60 | This mode is used as a fallback if neither SSO nor Simple Auth is enabled. Configuration is done using **config.py**. The mode is more for testing purposes, it does not allow to set up multiple users with different permission levels and also does not perform user authentication. 


--------------------------------------------------------------------------------
/docs/DB_BACKUP.md:
--------------------------------------------------------------------------------
 1 | # FlowSpec tool
 2 | ##  MariaDB database backup script
 3 | 
 4 | Example of bashscript for database dump and backup. 
 5 | 
 6 | ### as Mysql root
 7 | * GRANT LOCK TABLES, SELECT, SHOW VIEW, REPLICATION CLIENT ON *.* TO 'db_user_backups'@'%' IDENTIFIED BY 'password';
 8 | * to make sure MySQL is configured to properly restore stored procedures > SET GLOBAL log_bin_trust_function_creators = 1;
 9 | 
10 | ### as root
11 | * mkdir /backups && cd /backups
12 | * touch .env db-backup.sh db-backup.log
13 | * chmod -R 775 /backups
14 | * chmod +x db-backup.sh
15 | 
16 | #### add mysql backup user credentials into environment file
17 | * echo "export MYSQL_USER=db_user_backups" >> /backups/.env
18 | * echo "export MYSQL_PASS={COMPLEX-PASSWORD}" >> /backups/.env
19 | 
20 | #### Backup script
21 | ```
22 | #!/bin/bash
23 | 
24 | BKUP_DIR="/backups"
25 | BKUP_NAME="`date +%Y%m%d%H%M`-backup-flowspec.sql.gz"
26 | 
27 | # get backup users credentials
28 | source $BKUP_DIR/.env
29 | 
30 | # create backups
31 | # NOTE: --routines flag makes sure stored procedures are also backed up
32 | mysqldump --routines flowspec -u ${MYSQL_USER} -p${MYSQL_PASS} | gzip > ${BKUP_DIR}/${BKUP_NAME}
33 | 
34 | ```
35 | 


--------------------------------------------------------------------------------
/docs/DB_LOCAL.md:
--------------------------------------------------------------------------------
 1 | # FlowSpec tool
 2 | ## MariaDB local dev instalation notes
 3 | 
 4 | ### Show database and tables encoding and collation
 5 | 
 6 | ```mysql
 7 | SELECT default_character_set_name, default_collation_name FROM information_schema.schemata WHERE schema_name = 'exafs';
 8 | 
 9 | SHOW table status like '%';
10 | ```
11 | 
12 | ### MariaDB character encoding
13 | set utf-8 if needed
14 | ```
15 | ALTER DATABASE databasename CHARACTER SET utf8 COLLATE utf8_unicode_ci;
16 | ALTER TABLE tablename CONVERT TO CHARACTER SET utf8 COLLATE utf8_unicode_ci;
17 | ```
18 | 
19 | ### Run Mariadb in docker
20 | 
21 | ```
22 | docker run --name=flowspec-db --env="MYSQL_ROOT_PASSWORD=my-secret-pw"  --volume="/home/albert/work/flowspec/datadir:/var/lib/mysql" -p 3306:3306 --restart=no mariadb:5.5 
23 | ```


--------------------------------------------------------------------------------
/docs/DB_MIGRATIONS.md:
--------------------------------------------------------------------------------
 1 | # How to Upgrade the Database  
 2 | 
 3 | ## General Guidelines  
 4 | Migrations can be inconsistent. To avoid issues, we removed migrations from git repostory. To start the migration on your server, it is recomended reset the migration state on the server and run the migration based on the updated database models when switching application versions via Git.  
 5 | 
 6 | ```bash
 7 | rm -rf migrations/
 8 | ```
 9 | 
10 | ```SQL
11 | DROP TABLE alembic_version;
12 | ```
13 | 
14 | ```bash
15 | flask db init
16 | flask db migrate -m "Initial migration based on current DB state"
17 | flask db upgrade
18 | ```
19 | 
20 | ## Steps for Upgrading to v1.0.x
21 | Limits for number of rules were introduced. Some database engines (Mariadb 10.x for example) have issue to set Non Null foreigin key to 0 and automatic migrations fail. The solution may be in diferent version (Mariadb 11.x works fine), or to set limits in db manually later.
22 | 
23 | To set the limit to 0 for existing organizations run
24 | 
25 | ```SQL
26 | UPDATE organization 
27 | SET limit_flowspec4 = 0, limit_flowspec6 = 0, limit_rtbh = 0 
28 | WHERE limit_flowspec4 IS NULL OR limit_flowspec6 IS NULL OR limit_rtbh IS NULL;
29 | ```
30 | 
31 | In all cases we need later assign rules to organizations. There's an admin endpoint for this:  
32 | 
33 | `https://yourexafs.url/admin/set-org-if-zero`
34 | 
35 | Or you can start with clean database and manually migrate data by SQL dump later. Feel free to contact jiri.vrany@cesnet.cz if you need help with the DB migration to 1.0.x. 
36 | 


--------------------------------------------------------------------------------
/docs/INSTALL.md:
--------------------------------------------------------------------------------
  1 | # ExaFS tool
  2 | ## Production install and config notes
  3 | 
  4 | Example of ExaFS installation od RHEL/Centos 9 and deployment in production enviroment. 
  5 | Includes: shibboleth auth, mariadb, uwsgi, supervisord
  6 | 
  7 | The default Python for RHEL9 is Python 3.9
  8 | Virtualenv with Python39 is used by uWSGI server to keep the packages for app separated from system.
  9 | 
 10 | ## Prerequisites
 11 | First, choose how to [authenticate and authorize users](./AUTH.md). The application currently supports three options. 
 12 | 
 13 | Depending on the selected WWW server, set up a proxy. We recommend using Apache + mod_uwsgi. If you use another solution, set up the WWW server as you are used to. 
 14 | 
 15 | ```
 16 | # Proxy everything to the WSGI server
 17 | ProxyPass / uwsgi://127.0.0.1:8000/
 18 | ```
 19 | 
 20 | ### Main app
 21 | The ExaFS is using Flask Python Framework. We are using standard deployment for Flask and Apache
 22 | as is described in the offical docs. 
 23 | 
 24 | #### Install python runtime and other dependencies 
 25 | Install dependencies as root. 
 26 | 
 27 | If you are using Debian or Ubuntu, you must of course use apt and sudo instead yum. 
 28 | 
 29 | Don't forget to enable mod_proxy_uwsgi module in your Apache httpd config. 
 30 | MariaDB is not a strict requirement, the app is using SQL-Alchemy and therefore you can use another RDBMS if needed.
 31 | 
 32 | Install Python, UWSGI and MariaDB.
 33 | ```
 34 | yum install gcc python3 python3-devel
 35 | yum install mod_proxy_uwsgi uwsgi-plugin-python3
 36 | yum install mariadb mariadb-server mariadb-devel
 37 | ```
 38 | 
 39 | Start MariaDB and secure instalation
 40 | ```
 41 | systemctl start mariadb
 42 | mysql_secure_installation
 43 | systemctl enable mariadb
 44 | ```
 45 | 
 46 | Next step is to install VirtualEnv for Python
 47 | ```
 48 | pip install virtualenv
 49 | ```
 50 | 
 51 | #### Setup the database connection
 52 | 
 53 | Now prepare user for the database. Start mysql client with
 54 | ```
 55 | mysql -u root -p 
 56 | ```
 57 | Now create the db and user with password
 58 | ```
 59 | CREATE DATABASE exafs;
 60 | ALTER DATABASE exafs CHARACTER SET utf8 COLLATE utf8_general_ci;
 61 | 
 62 | CREATE USER 'exafs'@'localhost' IDENTIFIED BY 'verysecurepassword'; 
 63 | 
 64 | USE exafs;
 65 | GRANT ALL PRIVILEGES ON exafs.* TO 'exafs'@'localhost';
 66 | FLUSH PRIVILEGES;
 67 | exit;
 68 | ```
 69 | 
 70 | #### App instalation
 71 | Create new user called **deploy** in the system.
 72 | 
 73 | As deploy user pull the source codes from GH, create virtualenv and install required python dependencies.
 74 | ```
 75 | su - deploy
 76 | clone source from repository: git clone https://github.com/CESNET/exafs.git www
 77 | cd www
 78 | virtualenv --python=python3.9 venv
 79 | source venv/bin/activate
 80 | pip install -r requirements.txt
 81 | ```
 82 | 
 83 | #### Next steps (as root)
 84 | 
 85 | Now lets continue as root user once again. 
 86 | 
 87 | First we need to allow httpd connection in SeLinux
 88 | 
 89 | ```
 90 | setsebool -P httpd_can_network_connect 1
 91 | ``` 
 92 | 
 93 | Prepare the log dir and start httpd if not already running.
 94 | If you want to use different log dir name, don't forget to update it in the supervisord config.
 95 | 
 96 | ```
 97 | mkdir /var/log/exafs/
 98 | systemctl start httpd
 99 | ```
100 | 
101 | #### Supervisord - install as root
102 | 
103 | Supervisord is used to run and manage applications, but it is not mandatory for deployment.
104 | You can skip this section if you are using a different deployment method, such as Docker.
105 | 
106 | 1. install:
107 |    `pip install supervisor`
108 | 2. configure:
109 |    1. `mkdir -p /etc/supervisord/conf.d`
110 |    2. `echo_supervisord_conf > /etc/supervisord/supervisord.conf`
111 |    3. `echo "[include]" >> /etc/supervisord/supervisord.conf`
112 |    4. `echo "files = conf.d/*.conf" >> /etc/supervisord/supervisord.conf`
113 |    
114 |    
115 | 3. setup as service:
116 |     `cp docs/supervisor/supervisord.example.service /usr/lib/systemd/system/supervisord.service`
117 | 4. copy exafs.supervisord.conf to /etc/supervisord/
118 |   `cp docs/supervisor/exafs.supervisord.conf /etc/supervisord/conf.d/`
119 | 5. start service
120 |    `systemctl start supervisord`
121 | 6. view service status:
122 |    `systemctl status supervisord`
123 | 7. auto start service on system startup: 
124 |    `systemctl enable supervisord`
125 | 
126 | 
127 | #### Final steps - as deploy user
128 | 
129 | 1. Copy config.example.py to config.py and fill out the DB credetials. 
130 | 
131 | 2. Create and populate database tables.
132 | ```
133 | cd ~/www
134 | source venv/bin/activate
135 | python db-init.py
136 | ```
137 | DB-init script inserts default roles, actions, rule states and two organizations (TUL and Cesnet). But no users.
138 | 
139 | 3. Before start, **use your favorite mysql admin tool and insert some users into database**. 
140 | The **uuid** of user should be set the **eppn** value provided by Shibboleth. 
141 | 
142 | You can use following MYSQL commands to insert the user, give him role 'admin' and add him to the the organization 'Cesnet'.
143 | 
144 | ```
145 | insert into user (uuid,email,name) values ('example@cesnet.cz', 'example@cesnet.cz', 'Mr. Example Admin');
146 | insert into user_role (user_id,role_id) values (1, 3);
147 | insert into user_organization (user_id,organization_id) values (1, 2);
148 | ``` 
149 | You can also modify the models.py for your own default values for db-init.
150 | 
151 | The application is installed and should be working now. The next step is to configure ExaBGP and connect it to the ExaAPI application. We also provide simple service called guarda to reload all the rules in case of ExaBGP restart.
152 | 


--------------------------------------------------------------------------------
/docs/apache.conf.example:
--------------------------------------------------------------------------------
 1 | # mod_dbd configuration
 2 | DBDriver pgsql
 3 | DBDParams "dbname=exafs_users host=localhost user=exafs password=verysecurepassword"
 4 | 
 5 | DBDMin  4
 6 | DBDKeep 8
 7 | DBDMax  20
 8 | DBDExptime 300
 9 | 
10 | # ExaFS authentication
11 | <VirtualHost *:80>
12 |     ServerName example.com
13 |     DocumentRoot /var/www/html
14 | 
15 |     <Location />
16 |     AuthType Basic
17 |     AuthName "Database Authentication"
18 |     AuthBasicProvider dbd
19 |     AuthDBDUserPWQuery "SELECT pass_hash AS password FROM \"users\" WHERE email = %s"
20 |     Require valid-user
21 |     RequestHeader set X-Authenticated-User expr=%{REMOTE_USER}
22 |     ProxyPass http://127.0.0.1:8080/
23 |     </Location>
24 | </VirtualHost>


--------------------------------------------------------------------------------
/docs/api/swagger.yaml:
--------------------------------------------------------------------------------
  1 | swagger: '2.0'
  2 | info:
  3 |   title: ExaFS API
  4 |   version: '3.0'
  5 |   description: ExaFS API allows authorized machines to send commands directly in JSON, without the web forms. The commands are validated in the same way as normal rules.
  6 | securityDefinitions:
  7 |   ApiKeyAuth:
  8 |     type: apiKey
  9 |     in: header
 10 |     name: x-api-key
 11 |     description: API key for initial authentication
 12 |   TokenAuth:
 13 |     type: apiKey
 14 |     in: header
 15 |     name: x-access-token
 16 |     description: auth token received from /auth endpoint
 17 | security:
 18 |   - TokenAuth: []
 19 | 
 20 | tags:
 21 |   - name: Authorization
 22 |     description: Endpoints for obtaining and managing API tokens.
 23 |   - name: Rules
 24 |     description: Endpoints for managing IPv4, IPv6, and RTBH rules.
 25 |   - name: Choices
 26 |     description: Choices for rule actions and communities.
 27 | 
 28 | 
 29 | paths:
 30 |   /auth:
 31 |     get:
 32 |       tags:
 33 |         - Authorization
 34 |       security:
 35 |         - ApiKeyAuth: []
 36 |       summary: Authenticate and get JWT token
 37 |       description: Generate API Key for the logged user using PyJWT
 38 |       responses:
 39 |         '200':
 40 |           description: Successfully authenticated
 41 |           schema:
 42 |             type: object
 43 |             properties:
 44 |               token:
 45 |                 type: string
 46 |                 description: JWT token to be used in subsequent requests
 47 |         '401':
 48 |           description: Authentication failed - token expired
 49 |         '403':
 50 |           description: Authentication failed - token invalid
 51 | 
 52 |   /rules:
 53 |     get:
 54 |       tags:
 55 |         - Rules
 56 |       summary: Get all rules
 57 |       description: Returns all flow rules accessible to the authenticated user
 58 |       parameters:
 59 |         - name: time_format
 60 |           in: query
 61 |           type: string
 62 |           required: false
 63 |           description: Preferred time format for dates in response
 64 |       responses:
 65 |         '200':
 66 |           description: List of all rules
 67 |           schema:
 68 |             type: object
 69 |             properties:
 70 |               flowspec_ipv4_rw:
 71 |                 type: array
 72 |                 items:
 73 |                   $ref: '#/definitions/IPv4Rule'
 74 |               flowspec_ipv6_rw:
 75 |                 type: array
 76 |                 items:
 77 |                   $ref: '#/definitions/IPv6Rule'
 78 |               rtbh_any_rw:
 79 |                 type: array
 80 |                 items:
 81 |                   $ref: '#/definitions/RTBHRule'
 82 |               flowspec_ipv4_ro:
 83 |                 type: array
 84 |                 items:
 85 |                   $ref: '#/definitions/IPv4Rule'
 86 |               flowspec_ipv6_ro:
 87 |                 type: array
 88 |                 items:
 89 |                   $ref: '#/definitions/IPv6Rule'
 90 | 
 91 |  
 92 |   /rules/ipv4:
 93 |     post:
 94 |       tags:
 95 |         - Rules
 96 |       summary: Create IPv4 rule
 97 |       description: Create a new IPv4 flow rule
 98 |       parameters:
 99 |         - name: rule
100 |           in: body
101 |           required: true
102 |           schema:
103 |             $ref: '#/definitions/IPv4RuleInput'
104 |       responses:
105 |         '201':
106 |           description: Rule created successfully
107 |           schema:
108 |             type: object
109 |             properties:
110 |               message:
111 |                 type: string
112 |               rule:
113 |                 $ref: '#/definitions/IPv4Rule'
114 |         '400':
115 |           description: Invalid input data
116 |         '403':
117 |           description: Rule limit reached or read-only token
118 | 
119 |   /rules/ipv6:
120 |     post:
121 |       tags:
122 |         - Rules
123 |       summary: Create IPv6 rule
124 |       description: Create a new IPv6 flow rule
125 |       parameters:
126 |         - name: rule
127 |           in: body
128 |           required: true
129 |           schema:
130 |             $ref: '#/definitions/IPv6RuleInput'
131 |       responses:
132 |         '201':
133 |           description: Rule created successfully
134 |           schema:
135 |             type: object
136 |             properties:
137 |               message:
138 |                 type: string
139 |               rule:
140 |                 $ref: '#/definitions/IPv6Rule'
141 |         '400':
142 |           description: Invalid input data
143 |         '403':
144 |           description: Rule limit reached or read-only token
145 | 
146 |   /rules/rtbh:
147 |     post:
148 |       tags:
149 |         - Rules
150 |       summary: Create RTBH rule
151 |       description: Create a new RTBH rule
152 |       parameters:
153 |         - name: rule
154 |           in: body
155 |           required: true
156 |           schema:
157 |             $ref: '#/definitions/RTBHRuleInput'
158 |       responses:
159 |         '201':
160 |           description: Rule created successfully
161 |           schema:
162 |             type: object
163 |             properties:
164 |               message:
165 |                 type: string
166 |               rule:
167 |                 $ref: '#/definitions/RTBHRule'
168 |         '400':
169 |           description: Invalid input data
170 |         '403':
171 |           description: Rule limit reached or read-only token
172 | 
173 |   /rules/ipv4/{rule_id}:
174 |     parameters:
175 |       - name: rule_id
176 |         in: path
177 |         required: true
178 |         type: integer
179 |         description: ID of the IPv4 rule
180 |     get:
181 |       tags:
182 |         - Rules
183 |       summary: Get IPv4 rule
184 |       description: Get details of a specific IPv4 rule
185 |       responses:
186 |         '200':
187 |           description: Rule details
188 |           schema:
189 |             $ref: '#/definitions/IPv4Rule'
190 |         '401':
191 |           description: Not allowed to view this rule
192 |         '404':
193 |           description: Rule not found
194 |     delete:
195 |       tags:
196 |         - Rules
197 |       summary: Delete IPv4 rule
198 |       description: Delete a specific IPv4 rule
199 |       responses:
200 |         '201':
201 |           description: Rule deleted successfully
202 |         '401':
203 |           description: Not allowed to delete this rule
204 |         '403':
205 |           description: Read-only token
206 |         '404':
207 |           description: Rule not found
208 | 
209 |   /rules/ipv6/{rule_id}:
210 |     parameters:
211 |       - name: rule_id
212 |         in: path
213 |         required: true
214 |         type: integer
215 |         description: ID of the IPv6 rule
216 |     get:
217 |       tags:
218 |         - Rules
219 |       summary: Get IPv6 rule
220 |       description: Get details of a specific IPv6 rule
221 |       responses:
222 |         '200':
223 |           description: Rule details
224 |           schema:
225 |             $ref: '#/definitions/IPv6Rule'
226 |         '401':
227 |           description: Not allowed to view this rule
228 |         '404':
229 |           description: Rule not found
230 |     delete:
231 |       tags:
232 |         - Rules
233 |       summary: Delete IPv6 rule
234 |       description: Delete a specific IPv6 rule
235 |       responses:
236 |         '201':
237 |           description: Rule deleted successfully
238 |         '401':
239 |           description: Not allowed to delete this rule
240 |         '403':
241 |           description: Read-only token
242 |         '404':
243 |           description: Rule not found
244 | 
245 |   /rules/rtbh/{rule_id}:
246 |     parameters:
247 |       - name: rule_id
248 |         in: path
249 |         required: true
250 |         type: integer
251 |         description: ID of the RTBH rule
252 |     get:
253 |       tags:
254 |         - Rules
255 |       summary: Get RTBH rule
256 |       description: Get details of a specific RTBH rule
257 |       responses:
258 |         '200':
259 |           description: Rule details
260 |           schema:
261 |             $ref: '#/definitions/RTBHRule'
262 |         '401':
263 |           description: Not allowed to view this rule
264 |         '404':
265 |           description: Rule not found
266 |     delete:
267 |       tags:
268 |         - Rules
269 |       summary: Delete RTBH rule
270 |       description: Delete a specific RTBH rule
271 |       responses:
272 |         '201':
273 |           description: Rule deleted successfully
274 |         '401':
275 |           description: Not allowed to delete this rule
276 |         '403':
277 |           description: Read-only token
278 |         '404':
279 |           description: Rule not found
280 | 
281 |   /actions:
282 |     get:
283 |       tags:
284 |         - Choices
285 |       summary: Get available actions
286 |       description: Returns actions allowed for current user
287 |       responses:
288 |         '200':
289 |           description: List of available actions
290 |         '404':
291 |           description: No actions found for user
292 | 
293 |   /communities:
294 |     get:
295 |       tags:
296 |         - Choices
297 |       summary: Get available communities
298 |       description: Returns RTBH communities allowed for current user
299 |       responses:
300 |         '200':
301 |           description: List of available communities
302 |         '404':
303 |           description: No communities found for user
304 | 
305 | 
306 | definitions:
307 |   IPv4RuleInput:
308 |     type: object
309 |     required:
310 |       - source
311 |       - source_mask
312 |       - dest
313 |       - dest_mask
314 |       - expires
315 |       - action
316 |     properties:
317 |       source:
318 |         type: string
319 |         description: Source IP address
320 |       source_mask:
321 |         type: integer
322 |         description: Source network mask
323 |       source_port:
324 |         type: string
325 |         description: Source port(s)
326 |       dest:
327 |         type: string
328 |         description: Destination IP address
329 |       dest_mask:
330 |         type: integer
331 |         description: Destination network mask
332 |       destination_port:
333 |         type: string
334 |         description: Destination port(s)
335 |       protocol:
336 |         type: string
337 |         description: Protocol
338 |       flags:
339 |         type: array
340 |         items:
341 |           type: string
342 |         description: TCP flags
343 |       packet_len:
344 |         type: string
345 |         description: Packet length
346 |       fragment:
347 |         type: array
348 |         items:
349 |           type: string
350 |         description: Fragment types
351 |       expires:
352 |         type: string
353 |         format: date-time
354 |         description: Rule expiration time
355 |       comment:
356 |         type: string
357 |         description: Rule comment
358 |       action:
359 |         type: integer
360 |         description: Action ID
361 | 
362 |   IPv4Rule:
363 |     allOf:
364 |       - $ref: '#/definitions/IPv4RuleInput'
365 |       - type: object
366 |         properties:
367 |           id:
368 |             type: integer
369 |           rstate_id:
370 |             type: integer
371 |           user_id:
372 |             type: integer
373 |           org_id:
374 |             type: integer
375 | 
376 |   IPv6RuleInput:
377 |     type: object
378 |     required:
379 |       - source
380 |       - source_mask
381 |       - dest
382 |       - dest_mask
383 |       - expires
384 |       - action
385 |     properties:
386 |       source:
387 |         type: string
388 |         description: Source IPv6 address
389 |       source_mask:
390 |         type: integer
391 |         description: Source network mask
392 |       source_port:
393 |         type: string
394 |         description: Source port(s)
395 |       dest:
396 |         type: string
397 |         description: Destination IPv6 address
398 |       dest_mask:
399 |         type: integer
400 |         description: Destination network mask
401 |       destination_port:
402 |         type: string
403 |         description: Destination port(s)
404 |       next_header:
405 |         type: string
406 |         description: Next header
407 |       flags:
408 |         type: array
409 |         items:
410 |           type: string
411 |         description: TCP flags
412 |       packet_len:
413 |         type: string
414 |         description: Packet length
415 |       expires:
416 |         type: string
417 |         format: date-time
418 |         description: Rule expiration time
419 |       comment:
420 |         type: string
421 |         description: Rule comment
422 |       action:
423 |         type: integer
424 |         description: Action ID
425 | 
426 |   IPv6Rule:
427 |     allOf:
428 |       - $ref: '#/definitions/IPv6RuleInput'
429 |       - type: object
430 |         properties:
431 |           id:
432 |             type: integer
433 |           rstate_id:
434 |             type: integer
435 |           user_id:
436 |             type: integer
437 |           org_id:
438 |             type: integer
439 | 
440 |   RTBHRuleInput:
441 |     type: object
442 |     required:
443 |       - expires
444 |       - community
445 |     properties:
446 |       ipv4:
447 |         type: string
448 |         description: IPv4 address
449 |       ipv4_mask:
450 |         type: integer
451 |         description: IPv4 network mask
452 |       ipv6:
453 |         type: string
454 |         description: IPv6 address
455 |       ipv6_mask:
456 |         type: integer
457 |         description: IPv6 network mask
458 |       community:
459 |         type: integer
460 |         description: Community ID
461 |       expires:
462 |         type: string
463 |         format: date-time
464 |         description: Rule expiration time
465 |       comment:
466 |         type: string
467 |         description: Rule comment
468 | 
469 |   RTBHRule:
470 |     allOf:
471 |       - $ref: '#/definitions/RTBHRuleInput'
472 |       - type: object
473 |         properties:
474 |           id:
475 |             type: integer
476 |           rstate_id:
477 |             type: integer
478 |           user_id:
479 |             type: integer
480 |           org_id:
481 |             type: integer


--------------------------------------------------------------------------------
/docs/app_schema_en.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CESNET/exafs/866f3bab1b207fccc6118efeaa4281a243a36e1b/docs/app_schema_en.png


--------------------------------------------------------------------------------
/docs/guarda-service/README.md:
--------------------------------------------------------------------------------
 1 | # Guarda Service for ExaBGP
 2 | 
 3 | This is a systemd service designed to monitor ExaBGP and reapply commands after a restart or shutdown. The guarda.service runs on the host system and is triggered whenever the ExaBGP service restarts, thanks to the WantedBy configuration in systemd. After each restart, the Guarda service will reapply all valid and active rules to the ExaBGP rules table.
 4 | 
 5 | ## Usage (as root)
 6 | 
 7 | First, set the environment variable with the correct URL for your installation. The announce_all endpoint is only accessible from localhost within the app, so ensure that your configuration includes the correct local IP address.
 8 | 
 9 | ```bash
10 | export GUARDA_URL=http://127.0.0.1:8080/rules/announce_all
11 | cp guarda.service /usr/lib/systemd/system/guarda.service
12 | systemctl start guarda.service
13 | systemctl enable guarda.service
14 | ```
15 | 


--------------------------------------------------------------------------------
/docs/guarda-service/guarda.service:
--------------------------------------------------------------------------------
 1 | [Unit]
 2 | Description=ExaBGP restart guardian
 3 | After=exabgp.service
 4 | Requires=exabgp.service
 5 | PartOf=exabgp.service
 6 | 
 7 | [Service]
 8 | Type=oneshot
 9 | ExecStart=/bin/sh -c 'sleep 10; curl -s $GUARDA_URL'
10 | StandardOutput=syslog
11 | StandardError=syslog
12 | 
13 | [Install]
14 | WantedBy=exabgp.service
15 | 


--------------------------------------------------------------------------------
/docs/schema.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CESNET/exafs/866f3bab1b207fccc6118efeaa4281a243a36e1b/docs/schema.png


--------------------------------------------------------------------------------
/docs/supervisor/exafs.supervisord.conf:
--------------------------------------------------------------------------------
 1 | [program:web-exafs]
 2 | command=/bin/sh -c 'uwsgi --plugin python3 -s 127.0.0.1:8000 --wsgi-file run.py --callable app --buffer-size=32000 -H venv --py-autoreload 1'
 3 | autostart=true
 4 | autorestart=true
 5 | stopsignal=QUIT
 6 | stdout_logfile=/var/log/exafs/web-exafs.log
 7 | stderr_logfile=/var/log/exafs/web-exafs.error.log
 8 | user=deploy
 9 | directory=/home/deploy/www
10 | environment=PORT=5000
11 | 
12 | [group:exafs]
13 | programs=web-exafs
14 | 


--------------------------------------------------------------------------------
/docs/supervisor/supervisord.example.service:
--------------------------------------------------------------------------------
 1 | [Unit]
 2 | Description=supervisord - Supervisor process control system for UNIX
 3 | Documentation=http://supervisord.org
 4 | After=network.target
 5 | 
 6 | [Service]
 7 | Type=forking
 8 | ExecStart=/usr/local/bin/supervisord -c /etc/supervisord/supervisord.conf
 9 | ExecReload=/usr/local/bin/supervisorctl reload
10 | ExecStop=/usr/local/bin/supervisorctl shutdown
11 | User=root
12 | 
13 | [Install]
14 | WantedBy=multi-user.target
15 | 


--------------------------------------------------------------------------------
/flowapp/__about__.py:
--------------------------------------------------------------------------------
1 | __version__ = "1.0.2"
2 | 


--------------------------------------------------------------------------------
/flowapp/__init__.py:
--------------------------------------------------------------------------------
  1 | # -*- coding: utf-8 -*-
  2 | import babel
  3 | import logging
  4 | from loguru import logger
  5 | 
  6 | from flask import Flask, redirect, render_template, session, url_for, request
  7 | from flask.logging import default_handler
  8 | from flask_sso import SSO
  9 | from flask_sqlalchemy import SQLAlchemy
 10 | from flask_wtf.csrf import CSRFProtect
 11 | from flask_migrate import Migrate
 12 | from flask_session import Session
 13 | from flasgger import Swagger
 14 | from werkzeug.middleware.proxy_fix import ProxyFix
 15 | 
 16 | 
 17 | from .__about__ import __version__
 18 | from .instance_config import InstanceConfig
 19 | 
 20 | 
 21 | db = SQLAlchemy()
 22 | migrate = Migrate()
 23 | csrf = CSRFProtect()
 24 | ext = SSO()
 25 | sess = Session()
 26 | swagger = Swagger(template_file="static/swagger.yml")
 27 | 
 28 | 
 29 | class InterceptHandler(logging.Handler):
 30 | 
 31 |     def emit(self, record):
 32 |         logger_opt = logger.opt(depth=6, exception=record.exc_info, colors=True)
 33 |         logger_opt.log(record.levelname, record.getMessage())
 34 | 
 35 | 
 36 | def create_app(config_object=None):
 37 |     app = Flask(__name__)
 38 | 
 39 |     # SSO configuration
 40 |     SSO_ATTRIBUTE_MAP = {
 41 |         "eppn": (True, "eppn"),
 42 |     }
 43 |     app.config.setdefault("SSO_ATTRIBUTE_MAP", SSO_ATTRIBUTE_MAP)
 44 |     app.config.setdefault("SSO_LOGIN_URL", "/login")
 45 | 
 46 |     # extension init
 47 |     migrate.init_app(app, db)
 48 |     csrf.init_app(app)
 49 | 
 50 |     # Load the default configuration for dashboard and main menu
 51 |     app.config.from_object(InstanceConfig)
 52 |     if config_object:
 53 |         app.config.from_object(config_object)
 54 | 
 55 |     app.config.setdefault("VERSION", __version__)
 56 | 
 57 |     # Init SSO
 58 |     ext.init_app(app)
 59 | 
 60 |     # Init swagger
 61 |     swagger.init_app(app)
 62 | 
 63 |     # handle proxy fix
 64 |     if app.config.get("BEHIND_PROXY", False):
 65 |         app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_prefix=1)
 66 | 
 67 |     from flowapp import models, constants, validators
 68 |     from .views.admin import admin
 69 |     from .views.rules import rules
 70 |     from .views.api_v1 import api as api_v1
 71 |     from .views.api_v2 import api as api_v2
 72 |     from .views.api_v3 import api as api_v3
 73 |     from .views.api_keys import api_keys
 74 |     from .auth import auth_required
 75 |     from .views.dashboard import dashboard
 76 | 
 77 |     # no need for csrf on api because we use JWT
 78 |     csrf.exempt(api_v1)
 79 |     csrf.exempt(api_v2)
 80 |     csrf.exempt(api_v3)
 81 | 
 82 |     app.register_blueprint(admin, url_prefix="/admin")
 83 |     app.register_blueprint(rules, url_prefix="/rules")
 84 |     app.register_blueprint(api_keys, url_prefix="/api_keys")
 85 |     app.register_blueprint(api_v1, url_prefix="/api/v1")
 86 |     app.register_blueprint(api_v2, url_prefix="/api/v2")
 87 |     app.register_blueprint(api_v3, url_prefix="/api/v3")
 88 |     app.register_blueprint(dashboard, url_prefix="/dashboard")
 89 | 
 90 |     # register loguru as handler
 91 |     app.logger.removeHandler(default_handler)
 92 |     app.logger.addHandler(InterceptHandler())
 93 | 
 94 |     @ext.login_handler
 95 |     def login(user_info):
 96 |         try:
 97 |             uuid = user_info.get("eppn")
 98 |         except KeyError:
 99 |             uuid = False
100 |             return render_template("errors/401.html")
101 | 
102 |         return _handle_login(uuid)
103 | 
104 |     @app.route("/logout")
105 |     def logout():
106 |         session["user_uuid"] = False
107 |         session["user_id"] = False
108 |         session.clear()
109 |         return redirect(app.config.get("LOGOUT_URL"))
110 | 
111 |     @app.route("/ext-login")
112 |     def ext_login():
113 |         header_name = app.config.get("AUTH_HEADER_NAME", "X-Authenticated-User")
114 |         if header_name not in request.headers:
115 |             return render_template("errors/401.html")
116 | 
117 |         uuid = request.headers.get(header_name)
118 |         if not uuid:
119 |             return render_template("errors/401.html")
120 | 
121 |         return _handle_login(uuid)
122 | 
123 |     @app.route("/local-login")
124 |     def local_login():
125 |         print("Local login started")
126 |         if not app.config.get("LOCAL_AUTH", False):
127 |             print("Local auth not enabled")
128 |             return render_template("errors/401.html")
129 | 
130 |         uuid = app.config.get("LOCAL_USER_UUID", False)
131 |         if not uuid:
132 |             print("Local user not set")
133 |             return render_template("errors/401.html")
134 | 
135 |         print(f"Local login with {uuid}")
136 |         return _handle_login(uuid)
137 | 
138 |     @app.route("/")
139 |     @auth_required
140 |     def index():
141 | 
142 |         try:
143 |             rtype = session[constants.TYPE_ARG]
144 |         except KeyError:
145 |             rtype = next(iter(app.config["DASHBOARD"].keys()))
146 | 
147 |         try:
148 |             rstate = session[constants.RULE_ARG]
149 |         except KeyError:
150 |             rstate = "active"
151 | 
152 |         try:
153 |             sorter = session[constants.SORT_ARG]
154 |         except KeyError:
155 |             sorter = constants.DEFAULT_SORT
156 | 
157 |         try:
158 |             orderer = session[constants.ORDER_ARG]
159 |         except KeyError:
160 |             orderer = constants.DEFAULT_ORDER
161 | 
162 |         return redirect(
163 |             url_for(
164 |                 "dashboard.index",
165 |                 rtype=rtype,
166 |                 rstate=rstate,
167 |                 sort=sorter,
168 |                 order=orderer,
169 |             )
170 |         )
171 | 
172 |     @app.route("/select_org", defaults={"org_id": None})
173 |     @app.route("/select_org/<int:org_id>")
174 |     @auth_required
175 |     def select_org(org_id=None):
176 |         uuid = session.get("user_uuid")
177 |         user = db.session.query(models.User).filter_by(uuid=uuid).first()
178 | 
179 |         if user is None:
180 |             return render_template("errors/404.html"), 404  # Handle missing user gracefully
181 | 
182 |         orgs = user.organization
183 |         if org_id:
184 |             org = db.session.query(models.Organization).filter_by(id=org_id).first()
185 |             session["user_org_id"] = org.id
186 |             session["user_org"] = org.name
187 |             return redirect("/")
188 | 
189 |         return render_template("pages/org_modal.html", orgs=orgs)
190 | 
191 |     @app.teardown_appcontext
192 |     def shutdown_session(exception=None):
193 |         db.session.remove()
194 | 
195 |     # HTTP error handling
196 |     @app.errorhandler(404)
197 |     def not_found(error):
198 |         return render_template("errors/404.html"), 404
199 | 
200 |     @app.errorhandler(500)
201 |     def internal_error(exception):
202 |         app.logger.exception(exception)
203 |         return render_template("errors/500.html"), 500
204 | 
205 |     @app.context_processor
206 |     def utility_processor():
207 |         def editable_rule(rule):
208 |             if rule:
209 |                 validators.editable_range(rule, models.get_user_nets(session["user_id"]))
210 |                 return True
211 |             return False
212 | 
213 |         return dict(editable_rule=editable_rule)
214 | 
215 |     @app.context_processor
216 |     def inject_main_menu():
217 |         """
218 |         inject main menu config to templates
219 |         used in default template to create main menu
220 |         """
221 |         return {"main_menu": app.config.get("MAIN_MENU")}
222 | 
223 |     @app.context_processor
224 |     def inject_dashboard():
225 |         """
226 |         inject dashboard config to templates
227 |         used in submenu dashboard to create dashboard tables
228 |         """
229 |         return {"dashboard": app.config.get("DASHBOARD")}
230 | 
231 |     @app.template_filter("strftime")
232 |     def format_datetime(value):
233 |         if value is None:
234 |             return app.config.get("MISSING_DATETIME_MESSAGE", "Never")
235 | 
236 |         format = "y/MM/dd HH:mm"
237 |         return babel.dates.format_datetime(value, format)
238 | 
239 |     @app.template_filter("unlimited")
240 |     def unlimited_filter(value):
241 |         return "unlimited" if value == 0 else value
242 | 
243 |     def _handle_login(uuid: str):
244 |         """
245 |         handles rest of login process
246 |         """
247 |         multiple_orgs = False
248 |         try:
249 |             user, multiple_orgs = _register_user_to_session(uuid)
250 |         except AttributeError as e:
251 |             app.logger.exception(e)
252 |             return render_template("errors/401.html")
253 | 
254 |         if multiple_orgs:
255 |             return redirect(url_for("select_org", org_id=None))
256 | 
257 |         # set user org to session
258 |         user_org = user.organization.first()
259 |         session["user_org"] = user_org.name
260 |         session["user_org_id"] = user_org.id
261 | 
262 |         return redirect("/")
263 | 
264 |     def _register_user_to_session(uuid: str):
265 |         print(f"Registering user {uuid} to session")
266 |         user = db.session.query(models.User).filter_by(uuid=uuid).first()
267 |         print(f"Got user {user} from DB")
268 |         session["user_uuid"] = user.uuid
269 |         session["user_email"] = user.uuid
270 |         session["user_name"] = user.name
271 |         session["user_id"] = user.id
272 |         session["user_roles"] = [role.name for role in user.role.all()]
273 |         session["user_role_ids"] = [role.id for role in user.role.all()]
274 |         roles = [i > 1 for i in session["user_role_ids"]]
275 |         session["can_edit"] = True if all(roles) and roles else []
276 |         # check if user has multiple organizations and return True if so
277 |         print(f"DEBUG SESSION {session}")
278 |         return user, len(user.organization.all()) > 1
279 | 
280 |     return app
281 | 


--------------------------------------------------------------------------------
/flowapp/auth.py:
--------------------------------------------------------------------------------
  1 | from functools import wraps
  2 | from flask import current_app, redirect, request, url_for, session, abort
  3 | 
  4 | from flowapp import __version__
  5 | 
  6 | 
  7 | # auth atd.
  8 | def auth_required(f):
  9 |     """
 10 |     auth required decorator
 11 |     """
 12 | 
 13 |     @wraps(f)
 14 |     def decorated(*args, **kwargs):
 15 |         user = get_user()
 16 |         session["app_version"] = __version__
 17 |         if not user:
 18 |             if current_app.config.get("SSO_AUTH"):
 19 |                 current_app.logger.warning("SSO AUTH SET")
 20 |                 return redirect("/login")
 21 | 
 22 |             if current_app.config.get("HEADER_AUTH", False):
 23 |                 return redirect("/ext_login")
 24 | 
 25 |             if current_app.config.get("LOCAL_AUTH"):
 26 |                 return redirect(url_for("local_login"))
 27 | 
 28 |         return f(*args, **kwargs)
 29 | 
 30 |     return decorated
 31 | 
 32 | 
 33 | def admin_required(f):
 34 |     """
 35 |     decorator for admin only endpoints
 36 |     """
 37 | 
 38 |     @wraps(f)
 39 |     def decorated(*args, **kwargs):
 40 |         if 3 not in session["user_role_ids"]:
 41 |             return redirect(url_for("index"))
 42 |         return f(*args, **kwargs)
 43 | 
 44 |     return decorated
 45 | 
 46 | 
 47 | def user_or_admin_required(f):
 48 |     """
 49 |     decorator for admin/user endpoints
 50 |     """
 51 | 
 52 |     @wraps(f)
 53 |     def decorated(*args, **kwargs):
 54 |         if not all(i > 1 for i in session["user_role_ids"]):
 55 |             return redirect(url_for("index"))
 56 |         return f(*args, **kwargs)
 57 | 
 58 |     return decorated
 59 | 
 60 | 
 61 | def localhost_only(f):
 62 |     """
 63 |     auth required decorator
 64 |     """
 65 | 
 66 |     @wraps(f)
 67 |     def decorated(*args, **kwargs):
 68 |         remote = request.remote_addr
 69 |         localv4 = current_app.config.get("LOCAL_IP")
 70 |         localv6 = current_app.config.get("LOCAL_IP6")
 71 |         if remote != localv4 and remote != localv6:
 72 |             current_app.logger.warning(f"AUTH LOCAL ONLY FAIL FROM {remote} / local adresses [{localv4}, {localv6}]")
 73 |             abort(403)  # Forbidden
 74 |         return f(*args, **kwargs)
 75 | 
 76 |     return decorated
 77 | 
 78 | 
 79 | def check_access_rights(current_user, model_id):
 80 |     """
 81 |     Check if the current user has right to edit/delete certain model data
 82 |     Used in API
 83 |     Returns true if the user is owner of the record or if the user is admin
 84 |     :param current_user: api current user object
 85 |     :param model_id: user_id from the model data
 86 |     :return: boolean
 87 |     """
 88 |     if model_id == current_user["id"]:
 89 |         return True
 90 | 
 91 |     if max(current_user["role_ids"]) == 3:
 92 |         return True
 93 | 
 94 |     return False
 95 | 
 96 | 
 97 | def check_access_rights_gui(current_user_id, current_user_roles, model_id):
 98 |     """
 99 |     Check if the current user has right to edit/delete certain model data
100 |     Used in GUI - rules.py etc.
101 |     Returns true if the user is owner of the record or if the user is admin
102 |     :param current_user_id: current user id
103 |     :param current_user_roles: current user roles
104 |     :param model_id: user_id from the model data
105 |     :return: boolean
106 |     """
107 |     if model_id == current_user_id:
108 |         return True
109 | 
110 |     if max(current_user_roles) == 3:
111 |         return True
112 | 
113 |     return False
114 | 
115 | 
116 | def is_admin(current_user_roles):
117 |     """
118 |     Check if the current user is admin
119 |     :param current_user_roles: current user roles
120 |     :return: boolean
121 |     """
122 |     if max(current_user_roles) == 3:
123 |         return True
124 | 
125 |     return False
126 | 
127 | 
128 | def get_user():
129 |     """
130 |     get user from session or return None
131 |     """
132 |     return session.get("user_uuid", None)
133 | 


--------------------------------------------------------------------------------
/flowapp/constants.py:
--------------------------------------------------------------------------------
 1 | """
 2 | This module contains constant values used in application
 3 | """
 4 | 
 5 | from operator import ge, lt
 6 | 
 7 | DEFAULT_SORT = "expires"
 8 | DEFAULT_ORDER = "desc"
 9 | 
10 | # Maximum allowed comma separated values for port string or packet lenght
11 | MAX_COMMA_VALUES = 6
12 | 
13 | SORT_ARG = "sort"
14 | ORDER_ARG = "order"
15 | RULE_ARG = "rule_state"
16 | TYPE_ARG = "rule_type"
17 | SEARCH_ARG = "squery"
18 | ORDSRC_ARG = "ordsrc"
19 | TIME_FORMAT_ARG = "time_format"
20 | TIME_YEAR = "yearfirst"
21 | TIME_US = "us"
22 | TIME_STMP = "timestamp"
23 | 
24 | RULES_KEY = "rules"
25 | 
26 | RULE_TYPES_DICT = {"ipv4": 4, "ipv6": 6, "rtbh": 1}
27 | RULE_NAMES_DICT = {4: "ipv4", 6: "ipv6", 1: "rtbh"}
28 | DEFAULT_COUNT_MATCH = {"ipv4": 0, "ipv6": 0, "rtbh": 0}
29 | 
30 | ANNOUNCE = 1
31 | WITHDRAW = 2
32 | IPV4_DEFMASK = 32
33 | IPV6_DEFMASK = 128
34 | MAX_PORT = 65535
35 | MAX_PACKET = 9216
36 | 
37 | IPV6_NEXT_HEADER = {"tcp": "tcp", "udp": "udp", "icmp": "58", "all": ""}
38 | 
39 | IPV4_PROTOCOL = {"tcp": "tcp", "udp": "udp", "icmp": "icmp", "all": ""}
40 | 
41 | IPV4_FRAGMENT = {
42 |     "dont": "dont-fragment",
43 |     "first": "first-fragment",
44 |     "is": "is-fragment",
45 |     "last": "last-fragment",
46 | }
47 | 
48 | COMP_FUNCS = {"active": ge, "expired": lt, "all": None}
49 | 
50 | TCP_FLAGS = [
51 |     ("SYN", "SYN"),
52 |     ("ACK", "ACK"),
53 |     ("FIN", "FIN"),
54 |     ("RST", "RST"),
55 |     ("PUSH", "PSH"),
56 |     ("URGENT", "URG"),
57 | ]
58 | 
59 | FORM_TIME_PATTERN = "%Y-%m-%dT%H:%M"
60 | 
61 | 
62 | class RuleTypes:
63 |     RTBH = 1
64 |     IPv4 = 4
65 |     IPv6 = 6
66 | 


--------------------------------------------------------------------------------
/flowapp/flowspec.py:
--------------------------------------------------------------------------------
 1 | import re
 2 | 
 3 | from flowapp.constants import MAX_PORT
 4 | 
 5 | NUMBER = re.compile(r"^\d+$", re.IGNORECASE)
 6 | RANGE = re.compile(r"^(\d+)-(\d+)$", re.IGNORECASE)
 7 | NOTRAN = re.compile(r"^>=(\d+)&<=(\d+)$", re.IGNORECASE)
 8 | GREATER = re.compile(r">[=]?(\d+)$", re.IGNORECASE)
 9 | LOWER = re.compile(r"<[=]?(\d+)$", re.IGNORECASE)
10 | 
11 | 
12 | def translate_sequence(sequence, max_val=MAX_PORT):
13 |     """
14 |     translate command sequence sepparated by ; to ExaBGP command format
15 |     @param string sequence
16 |     @param integer max_val
17 |     @return string ExaBgp rule string
18 |     """
19 |     result = [to_exabgp_string(item, max_val) for item in sequence.split(";") if item]
20 |     result = " ".join(result)
21 |     return "[{}]".format(result)
22 | 
23 | 
24 | def to_exabgp_string(value_string, max_val):
25 |     """
26 |     Translate form string to flowspec value or packet size rule
27 |     @param string value_string
28 |     @param integer max_val
29 |     @return string ExaBgp rule string
30 |     @raises ValueError
31 | 
32 |     x (integer)  to =x
33 |     x-y  to >=x&<=y
34 |     >=x&<=y to >=x&<=y
35 |     >x to >=x&<=MAX
36 |     >=x to >=x&<=MAX
37 |     <x to >=0&<=x
38 |     <=x to >=0&<=x
39 |     """
40 |     # simple number
41 |     if NUMBER.match(value_string):
42 |         return "={}".format(check_limit(value_string, max_val))
43 |     elif RANGE.match(value_string):
44 |         m = RANGE.match(value_string)
45 |         return ">={}&<={}".format(
46 |             check_limit(m.group(1), max_val), check_limit(m.group(2), max_val)
47 |         )
48 |     elif NOTRAN.match(value_string):
49 |         return value_string
50 |     elif GREATER.match(value_string):
51 |         m = GREATER.match(value_string)
52 |         return ">={}&<={}".format(check_limit(m.group(1), max_val), max_val)
53 |     elif LOWER.match(value_string):
54 |         m = LOWER.match(value_string)
55 |         return ">=0&<={}".format(check_limit(m.group(1), max_val))
56 |     else:
57 |         raise ValueError("string {} can not be converted".format(value_string))
58 | 
59 | 
60 | def check_limit(value, max_value):
61 |     """
62 |     test if the value is lower than max_value
63 |     raise exception otherwise
64 |     """
65 |     value = int(value)
66 |     if value > max_value:
67 |         raise ValueError(
68 |             "Invalid value number: {} is too big. Max is {}.".format(value, max_value)
69 |         )
70 |     else:
71 |         return value
72 | 
73 | 
74 | def filter_rules_action(user_actions, rules):
75 |     """
76 |     Divide the list of rules by user_actions to editable and viewonly subsets
77 |     :param user_actions: list of actions allowed for normal user
78 |     :param rules: list of rules to be filtered
79 |     :return: editable, viewonly lists
80 |     """
81 |     editable = []
82 |     viewonly = []
83 |     for rule in rules:
84 |         if rule.action_id in user_actions:
85 |             editable.append(rule)
86 |         else:
87 |             viewonly.append(rule)
88 | 
89 |     return editable, viewonly
90 | 


--------------------------------------------------------------------------------
/flowapp/instance_config.py:
--------------------------------------------------------------------------------
  1 | # -*- coding: utf-8 -*-
  2 | 
  3 | # column names for tables
  4 | RTBH_COLUMNS = (
  5 |     ("ipv4", "IP adress (v4 or v6)"),
  6 |     ("community_id", "Community"),
  7 |     ("expires", "Expires"),
  8 |     ("user_id", "User"),
  9 | )
 10 | 
 11 | RULES_COLUMNS_V4 = (
 12 |     ("source", "Source addr."),
 13 |     ("source_port", "S port"),
 14 |     ("dest", "Dest. addr."),
 15 |     ("dest_port", "D port"),
 16 |     ("protocol", "Proto"),
 17 |     ("packet_len", "Packet len"),
 18 |     ("expires", "Expires"),
 19 |     ("action_id", "Action"),
 20 |     ("flags", "Flags"),
 21 |     ("user_id", "User"),
 22 | )
 23 | 
 24 | RULES_COLUMNS_V6 = (
 25 |     ("source", "Source addr."),
 26 |     ("source_port", "S port"),
 27 |     ("dest", "Dest. addr."),
 28 |     ("dest_port", "D port"),
 29 |     ("next_header", "Next header"),
 30 |     ("packet_len", "Packet len"),
 31 |     ("expires", "Expires"),
 32 |     ("action_id", "Action"),
 33 |     ("flags", "Flags"),
 34 |     ("user_id", "User"),
 35 | )
 36 | 
 37 | 
 38 | class InstanceConfig:
 39 |     """
 40 |     Mandatory app configuration
 41 |     Values for dashboard, main menu and other configurable objects
 42 |     WARNING: changing these values may break the app
 43 | 
 44 |     If you need to add new item to main menu, add it to MAIN_MENU dict
 45 | 
 46 |     Items in "edit" list are visible only for logged in users with edit role.
 47 |         - the names are visible in main menu
 48 |         - they have "name" and "url" keys where "url" must be a valid
 49 |         - endpoint handled by url_for in Jinja template
 50 | 
 51 |     Ttems in "admin" list are visible only for logged in users with admin role.
 52 |         - they are used to create dropdown menu
 53 |         - they have "name" and "url" keys with the same property as edit
 54 |         - in addtion they have "divide_before" key which is boolean and adds a bs5 divider
 55 |         during rendering of the menu
 56 | 
 57 |     If you need to add new dashboard item, add it to DASHBOARD dict with the following keys:
 58 |     "rule_type_key": {
 59 |             "name": "dashboard name",
 60 |             "macro_file": "file with macros to render your dashboard",
 61 |             "macro_tbody": "macro for rendering table body",
 62 |             "macro_thead": "macro for rendering table header",
 63 |             "macro_tfoot": "macro for rendering group operations buttons at the bottom of the table",
 64 |             "table_colspan": "colspan for buttons under the table rows",
 65 |             "table_columns": "your table columnus",
 66 |             'data_handler': "module where your data handler is defined, default is models",
 67 |             'data_handler_method': "method to get data, must have same signature as models.get_ip_rules"
 68 |         },
 69 | 
 70 |     """
 71 | 
 72 |     MAIN_MENU = {
 73 |         "edit": [
 74 |             {"name": "Add IPv4", "url": "rules.ipv4_rule"},
 75 |             {"name": "Add IPv6", "url": "rules.ipv6_rule"},
 76 |             {"name": "Add RTBH", "url": "rules.rtbh_rule"},
 77 |             {"name": "API Key", "url": "api_keys.all"},
 78 |         ],
 79 |         "admin": [
 80 |             {"name": "Commands Log", "url": "admin.log"},
 81 |             {"name": "Machine keys", "url": "admin.machine_keys"},
 82 |             {
 83 |                 "name": "Users",
 84 |                 "url": "admin.users",
 85 |                 "divide_before": True,
 86 |             },
 87 |             {"name": "Add User", "url": "admin.user"},
 88 |             {"name": "Add Multiple Users", "url": "admin.bulk_import_users"},
 89 |             {"name": "Organizations", "url": "admin.organizations"},
 90 |             {"name": "Add Org.", "url": "admin.organization"},
 91 |             {
 92 |                 "name": "Action",
 93 |                 "url": "admin.actions",
 94 |                 "divide_before": True,
 95 |             },
 96 |             {"name": "Add action", "url": "admin.action"},
 97 |             {"name": "RTBH Communities", "url": "admin.communities"},
 98 |             {"name": "Add RTBH Comm.", "url": "admin.community"},
 99 |         ],
100 |     }
101 |     DASHBOARD = {
102 |         "ipv4": {
103 |             "name": "IPv4",
104 |             "macro_file": "macros.html",
105 |             "macro_tbody": "build_ip_tbody",
106 |             "macro_thead": "build_rules_thead",
107 |             "table_colspan": 10,
108 |             "table_columns": RULES_COLUMNS_V4,
109 |         },
110 |         "ipv6": {
111 |             "name": "IPv6",
112 |             "macro_file": "macros.html",
113 |             "macro_tbody": "build_ip_tbody",
114 |             "macro_thead": "build_rules_thead",
115 |             "table_colspan": 10,
116 |             "table_columns": RULES_COLUMNS_V6,
117 |         },
118 |         "rtbh": {
119 |             "name": "RTBH",
120 |             "macro_file": "macros.html",
121 |             "macro_tbody": "build_rtbh_tbody",
122 |             "macro_thead": "build_rules_thead",
123 |             "table_colspan": 5,
124 |             "table_columns": RTBH_COLUMNS,
125 |         },
126 |     }
127 | 
128 |     COUNT_MATCH = {"ipv4": 0, "ipv6": 0, "rtbh": 0}
129 | 


--------------------------------------------------------------------------------
/flowapp/messages.py:
--------------------------------------------------------------------------------
  1 | from flowapp.constants import (
  2 |     ANNOUNCE,
  3 |     WITHDRAW,
  4 |     IPV4_DEFMASK,
  5 |     IPV6_DEFMASK,
  6 |     MAX_PACKET,
  7 |     IPV4_PROTOCOL,
  8 |     IPV6_NEXT_HEADER,
  9 | )
 10 | from flowapp.flowspec import translate_sequence as trps
 11 | from flask import current_app
 12 | from flowapp.models import ASPath
 13 | from flowapp import db
 14 | 
 15 | 
 16 | def create_ipv4(rule, message_type=ANNOUNCE):
 17 |     """
 18 |     create ExaBpg text message for IPv4 rule
 19 |     @param rule models.Flowspec4
 20 |     @return string message
 21 |     """
 22 |     protocol = ""
 23 |     if rule.protocol and rule.protocol != "all":
 24 |         protocol = "protocol ={};".format(IPV4_PROTOCOL[rule.protocol])
 25 | 
 26 |     flagstring = rule.flags.replace(";", " ") if rule.flags else ""
 27 | 
 28 |     flags = "tcp-flags {};".format(flagstring) if rule.flags and rule.protocol == "tcp" else ""
 29 | 
 30 |     fragment_string = rule.fragment.replace(";", " ") if rule.fragment else ""
 31 |     fragment = "fragment [ {} ];".format(fragment_string) if rule.fragment else ""
 32 | 
 33 |     spec = {
 34 |         "protocol": protocol,
 35 |         "flags": flags,
 36 |         "fragment": fragment,
 37 |         "mask": IPV4_DEFMASK,
 38 |     }
 39 | 
 40 |     return create_message(rule, spec, message_type)
 41 | 
 42 | 
 43 | def create_ipv6(rule, message_type=ANNOUNCE):
 44 |     """
 45 |     create ExaBpg text message for IPv6 rule
 46 |     @param rule models.Flowspec6
 47 |     @return string message
 48 |     :param message_type:
 49 |     """
 50 |     protocol = ""
 51 |     if rule.next_header and rule.next_header != "all":
 52 |         protocol = "next-header ={};".format(IPV6_NEXT_HEADER[rule.next_header])
 53 |     flagstring = rule.flags.replace(";", " ")
 54 |     flags = "tcp-flags {};".format(flagstring) if rule.flags and rule.next_header == "tcp" else ""
 55 | 
 56 |     spec = {"protocol": protocol, "mask": IPV6_DEFMASK, "flags": flags}
 57 | 
 58 |     return create_message(rule, spec, message_type)
 59 | 
 60 | 
 61 | def create_rtbh(rule, message_type=ANNOUNCE):
 62 |     """
 63 |     create RTBH message in ExaBgp text format
 64 |     route 10.10.10.1/32 next-hop 192.0.2.1 community 65001:666 no-export
 65 |     """
 66 |     action = "announce"
 67 |     if message_type == WITHDRAW:
 68 |         action = "withdraw"
 69 | 
 70 |     if rule.ipv4:
 71 |         my_4mask = sanitize_mask(rule.ipv4_mask, IPV4_DEFMASK)
 72 |         source = "{}".format(rule.ipv4) if rule.ipv4 else ""
 73 |         source += "/{}".format(my_4mask) if rule.ipv4 else ""
 74 |         nexthop = "192.0.2.1"
 75 | 
 76 |     if rule.ipv6:
 77 |         my_6mask = sanitize_mask(rule.ipv6_mask, IPV6_DEFMASK)
 78 |         source = "{}".format(rule.ipv6) if rule.ipv6 else ""
 79 |         source += "/{}".format(my_6mask) if rule.ipv6 else ""
 80 |         nexthop = "100::1"
 81 | 
 82 |     try:
 83 |         if current_app.config["USE_RD"]:
 84 |             rd_string = "rd {rd} label {label}".format(
 85 |                 rd=current_app.config["RD_STRING"], label=current_app.config["RD_LABEL"]
 86 |             )
 87 |         else:
 88 |             rd_string = ""
 89 |     except KeyError:
 90 |         rd_string = ""
 91 | 
 92 |     try:
 93 |         if current_app.config["USE_MULTI_NEIGHBOR"] and rule.community.comm:
 94 |             if rule.community.comm in current_app.config["MULTI_NEIGHBOR"].keys():
 95 |                 targets = current_app.config["MULTI_NEIGHBOR"].get(rule.community.comm)
 96 |             else:
 97 |                 targets = current_app.config["MULTI_NEIGHBOR"].get("primary")
 98 | 
 99 |             neighbor = prepare_multi_neighbor(targets)
100 |         else:
101 |             neighbor = ""
102 |     except KeyError:
103 |         neighbor = ""
104 | 
105 |     community_string = "community [{}]".format(rule.community.comm) if rule.community.comm else ""
106 |     large_community_string = "large-community [{}]".format(rule.community.larcomm) if rule.community.larcomm else ""
107 |     extended_community_string = (
108 |         "extended-community [{}]".format(rule.community.extcomm) if rule.community.extcomm else ""
109 |     )
110 | 
111 |     as_path_string = ""
112 |     if rule.community.as_path:
113 |         match = db.session.query(ASPath).filter(ASPath.prefix == source).first()
114 |         as_path_string = f"as-path [ {match.as_path} ]" if match else ""
115 | 
116 |     return "{neighbor}{action} route {source} next-hop {nexthop} {as_path} {community} {large_community} {extended_community}{rd_string}".format(
117 |         neighbor=neighbor,
118 |         action=action,
119 |         source=source,
120 |         as_path=as_path_string,
121 |         community=community_string,
122 |         large_community=large_community_string,
123 |         extended_community=extended_community_string,
124 |         nexthop=nexthop,
125 |         rd_string=rd_string,
126 |     )
127 | 
128 | 
129 | def create_message(rule, ipv_specific, message_type=ANNOUNCE):
130 |     """
131 |     create text message using format
132 | 
133 |     tcp-flagy
134 | 
135 |     flow route { match { source 147.230.17.6/32;protocol =tcp;tcp-flags fin
136 |     syn;destination-port =3128 >=8080&<=8088;} then {rate-limit 10000; } }
137 | 
138 |     announce flow route source 4.0.0.0/24 destination 127.0.0.0/24 protocol
139 |     [ udp ] source-port [ =53 ] destination-port [ =80 ]
140 |     packet-length [ =777 =1122 ] fragment [ is-fragment dont-fragment ] rate-limit 1024"
141 | 
142 | 
143 |     """
144 |     action = "announce"
145 |     if message_type == WITHDRAW:
146 |         action = "withdraw"
147 | 
148 |     smask = sanitize_mask(rule.source_mask, ipv_specific["mask"])
149 |     source = "source {}".format(rule.source) if rule.source else ""
150 |     source += "/{};".format(smask) if rule.source else ""
151 | 
152 |     source_port = "source-port {};".format(trps(rule.source_port)) if rule.source_port else ""
153 | 
154 |     dmask = sanitize_mask(rule.dest_mask, ipv_specific["mask"])
155 |     dest = " destination {}".format(rule.dest) if rule.dest else ""
156 |     dest += "/{};".format(dmask) if rule.dest else ""
157 | 
158 |     dest_port = "destination-port {};".format(trps(rule.dest_port)) if rule.dest_port else ""
159 | 
160 |     protocol = ipv_specific.get("protocol", "")
161 |     flags = ipv_specific.get("flags", "")
162 |     fragment = ipv_specific.get("fragment", "")
163 | 
164 |     packet_len = "packet-length {};".format(trps(rule.packet_len, MAX_PACKET)) if rule.packet_len else ""
165 | 
166 |     values = [source, source_port, dest, dest_port, protocol, fragment, flags, packet_len]
167 |     match_body = " ".join(v for v in values if v)
168 | 
169 |     command = "{};".format(rule.action.command)
170 | 
171 |     try:
172 |         if current_app.config["USE_RD"]:
173 |             rd_string = "route-distinguisher {rd};".format(rd=current_app.config["RD_STRING"])
174 |             rt_string = "extended-community target:{rt};".format(rt=current_app.config["RT_STRING"])
175 |         else:
176 |             rd_string = ""
177 |             rt_string = ""
178 |     except KeyError:
179 |         rd_string = ""
180 |         rt_string = ""
181 | 
182 |     try:
183 |         if current_app.config["USE_MULTI_NEIGHBOR"]:
184 |             targets = current_app.config["MULTI_NEIGHBOR"].get("primary")
185 |             neighbor = prepare_multi_neighbor(targets)
186 |         else:
187 |             neighbor = ""
188 |     except KeyError:
189 |         neighbor = ""
190 | 
191 |     message_body = "{neighbor}{action} flow route {{ {rd_string} match {{ {match_body} }} then {{ {command} {rt_string} }} }}".format(
192 |         neighbor=neighbor,
193 |         action=action,
194 |         match_body=match_body,
195 |         command=command,
196 |         rd_string=rd_string,
197 |         rt_string=rt_string,
198 |     )
199 | 
200 |     return message_body
201 | 
202 | 
203 | def sanitize_mask(rule_mask, default_mask=IPV4_DEFMASK):
204 |     """
205 |     Sanitize mask / prefix of rule
206 |     :param default_mask: default mask to return if mask is not in the rule
207 |     :param rule: flowspec rule
208 |     :return: int mask
209 |     """
210 |     if rule_mask is None:
211 |         return default_mask
212 | 
213 |     if 0 <= rule_mask <= default_mask:
214 |         return rule_mask
215 |     else:
216 |         return default_mask
217 | 
218 | 
219 | def prepare_multi_neighbor(targets: list):
220 |     """
221 |     prepare multi neighbor string
222 |     """
223 |     neigbors = [f"neighbor {tgt}" for tgt in targets]
224 |     return ", ".join(neigbors) + " "
225 | 


--------------------------------------------------------------------------------
/flowapp/output.py:
--------------------------------------------------------------------------------
  1 | """
  2 | Module for message announcing and logging
  3 | """
  4 | 
  5 | from dataclasses import dataclass, asdict
  6 | from datetime import datetime
  7 | 
  8 | import requests
  9 | import pika
 10 | import json
 11 | from flask import current_app
 12 | 
 13 | from flowapp import db, messages
 14 | from flowapp.models import Log
 15 | 
 16 | ROUTE_MODELS = {
 17 |     1: messages.create_rtbh,
 18 |     4: messages.create_ipv4,
 19 |     6: messages.create_ipv6,
 20 | }
 21 | 
 22 | 
 23 | class RouteSources:
 24 |     UI = "UI"
 25 |     API = "API"
 26 | 
 27 | 
 28 | @dataclass
 29 | class Route:
 30 |     author: str
 31 |     source: RouteSources
 32 |     command: str
 33 | 
 34 |     def __dict__(self):
 35 |         return asdict(self)
 36 | 
 37 | 
 38 | def announce_route(route: Route):
 39 |     """
 40 |     Dispatch route as dict to ExaBGP API
 41 |     API must be set in app config.py
 42 |     defaults to HTTP API
 43 |     """
 44 |     current_app.logger.debug(asdict(route))
 45 |     if current_app.config.get("EXA_API") == "RABBIT":
 46 |         announce_to_rabbitmq(asdict(route))
 47 |     else:
 48 |         announce_to_http(asdict(route))
 49 | 
 50 | 
 51 | def announce_to_http(route):
 52 |     """
 53 |     Announce route to ExaBGP HTTP API process
 54 |     """
 55 |     if not current_app.config["TESTING"]:
 56 |         try:
 57 |             resp = requests.post(current_app.config["EXA_API_URL"], data={"command": json.dumps(route)})
 58 |             resp.raise_for_status()
 59 |         except requests.exceptions.HTTPError as err:
 60 |             current_app.logger.error("ExaAPI HTTP Error: ", err)
 61 |         except requests.exceptions.RequestException as ce:
 62 |             current_app.logger.error("Connection to ExaAPI failed: ", ce)
 63 |     else:
 64 |         current_app.logger.debug(f"Testing: {route}")
 65 | 
 66 | 
 67 | def announce_to_rabbitmq(route):
 68 |     """
 69 |     Announce rout to ExaBGP RabbitMQ API process
 70 |     """
 71 |     if not current_app.config["TESTING"]:
 72 |         user = current_app.config["EXA_API_RABBIT_USER"]
 73 |         passwd = current_app.config["EXA_API_RABBIT_PASS"]
 74 |         queue = current_app.config["EXA_API_RABBIT_QUEUE"]
 75 |         credentials = pika.PlainCredentials(user, passwd)
 76 |         parameters = pika.ConnectionParameters(
 77 |             current_app.config["EXA_API_RABBIT_HOST"],
 78 |             current_app.config["EXA_API_RABBIT_PORT"],
 79 |             current_app.config["EXA_API_RABBIT_VHOST"],
 80 |             credentials,
 81 |         )
 82 | 
 83 |         connection = pika.BlockingConnection(parameters)
 84 |         channel = connection.channel()
 85 |         channel.queue_declare(queue=queue)
 86 |         channel.basic_publish(exchange="", routing_key=queue, body=json.dumps(route))
 87 |     else:
 88 |         current_app.logger.debug("Testing: {route}")
 89 | 
 90 | 
 91 | def log_route(user_id, route_model, rule_type, author):
 92 |     """
 93 |     Convert route to EXAFS message and log it to database
 94 |     :param user_id : int curent user
 95 |     :param route_model: model with route object
 96 |     :param rule_type: string
 97 |     :return: None
 98 |     """
 99 |     converter = ROUTE_MODELS[rule_type]
100 |     task = converter(route_model)
101 |     log = Log(
102 |         time=datetime.now(),
103 |         task=task,
104 |         rule_type=rule_type,
105 |         rule_id=route_model.id,
106 |         user_id=user_id,
107 |         author=author,
108 |     )
109 |     db.session.add(log)
110 |     db.session.commit()
111 | 
112 | 
113 | def log_withdraw(user_id, task, rule_type, deleted_id, author):
114 |     """
115 |     Log the withdraw command to database
116 |     :param task: command message
117 |     """
118 |     log = Log(
119 |         time=datetime.now(),
120 |         task=task,
121 |         rule_type=rule_type,
122 |         rule_id=deleted_id,
123 |         user_id=user_id,
124 |         author=author,
125 |     )
126 |     db.session.add(log)
127 |     db.session.commit()
128 | 


--------------------------------------------------------------------------------
/flowapp/static/js/check_all.js:
--------------------------------------------------------------------------------
 1 | document.getElementById("check-all").addEventListener("click", function(event){
 2 |     /**
 3 |      * find all checkboxes in current dashboard and toggle checked all / none
 4 |      */
 5 |     const inputs = document.querySelectorAll("input[type='checkbox']");
 6 |     if (this.checked) {
 7 |         for(let minput of inputs) {
 8 |             minput.checked = true;   
 9 |         }
10 |     } else {
11 |         for(let minput of inputs) {
12 |             minput.checked = false;   
13 |         }
14 |     }
15 | });


--------------------------------------------------------------------------------
/flowapp/static/js/enable_tooltips.js:
--------------------------------------------------------------------------------
1 | var tooltipTriggerList = [].slice.call(document.querySelectorAll('[data-bs-toggle="tooltip"]'))
2 | var tooltipList = tooltipTriggerList.map(function (tooltipTriggerEl) {
3 |   return new bootstrap.Tooltip(tooltipTriggerEl)
4 | })


--------------------------------------------------------------------------------
/flowapp/static/js/ip_context.js:
--------------------------------------------------------------------------------
  1 | /*
  2 | source https://codepen.io/SitePoint/pen/MYLoWY
  3 | */
  4 | 
  5 | 
  6 | /**
  7 |  * Variables.
  8 |  */
  9 | var contextMenuClassName = "context-menu";
 10 | var contextMenuItemClassName = "context-menu__item";
 11 | var contextMenuLinkClassName = "context-menu__link";
 12 | var contextMenuActive = "context-menu--active";
 13 | 
 14 | var taskItemClassName = "task";
 15 | var taskItemInContext;
 16 | 
 17 | var clickCoords;
 18 | var clickCoordsX;
 19 | var clickCoordsY;
 20 | 
 21 | var menu = document.querySelector("#context-menu");
 22 | var menuItems = menu.querySelectorAll(".context-menu__item");
 23 | var menuState = 0;
 24 | var menuWidth;
 25 | var menuHeight;
 26 | var menuPosition;
 27 | var menuPositionX;
 28 | var menuPositionY;
 29 | 
 30 | var windowWidth;
 31 | var windowHeight;
 32 | 
 33 | /**
 34 |  * Function to check if we clicked inside an element with a particular class
 35 |  * name.
 36 |  * 
 37 |  * @param {Object} e The event
 38 |  * @param {String} className The class name to check against
 39 |  * @return {Boolean}
 40 |  */
 41 |  function clickInsideElement( e, className ) {
 42 |     var el = e.srcElement || e.target;
 43 |     
 44 |     if ( el.classList.contains(className) ) {
 45 |     return el;
 46 |     } else {
 47 |     while ( el = el.parentNode ) {
 48 |         if ( el.classList && el.classList.contains(className) ) {
 49 |         return el;
 50 |         }
 51 |     }
 52 |     }
 53 | 
 54 |     return false;
 55 | }
 56 | 
 57 | /**
 58 |  * Get's exact position of event.
 59 |  * 
 60 |  * @param {Object} e The event passed in
 61 |  * @return {Object} Returns the x and y position
 62 |  */
 63 | function getPosition(e) {
 64 |     var posx = 0;
 65 |     var posy = 0;
 66 | 
 67 |     if (!e) var e = window.event;
 68 |     
 69 |     if (e.pageX || e.pageY) {
 70 |     posx = e.pageX;
 71 |     posy = e.pageY;
 72 |     } else if (e.clientX || e.clientY) {
 73 |     posx = e.clientX + document.body.scrollLeft + document.documentElement.scrollLeft;
 74 |     posy = e.clientY + document.body.scrollTop + document.documentElement.scrollTop;
 75 |     }
 76 | 
 77 |     return {
 78 |     x: posx,
 79 |     y: posy
 80 |     }
 81 | }
 82 | 
 83 | /**
 84 |  * Listens for contextmenu events.
 85 |  */
 86 | function contextListener() {
 87 |     document.addEventListener( "contextmenu", function(e) {
 88 |     taskItemInContext = clickInsideElement( e, taskItemClassName );
 89 | 
 90 |     if ( taskItemInContext ) {
 91 |         e.preventDefault();
 92 |         toggleMenuOn();
 93 |         positionMenu(e);
 94 |     } else {
 95 |         taskItemInContext = null;
 96 |         toggleMenuOff();
 97 |     }
 98 |     });
 99 | }
100 | 
101 | /**
102 |  * Listens for click events.
103 |  */
104 | function clickListener() {
105 |     document.addEventListener( "click", function(e) {
106 |     var clickeElIsLink = clickInsideElement( e, contextMenuLinkClassName );
107 | 
108 |     if ( clickeElIsLink ) {
109 |         e.preventDefault();
110 |         menuItemListener( clickeElIsLink );
111 |     } else {
112 |         var button = e.which || e.button;
113 |         if ( button === 1 ) {
114 |         toggleMenuOff();
115 |         }
116 |     }
117 |     });
118 | }
119 | 
120 | /**
121 |  * Listens for keyup events.
122 |  */
123 | function keyupListener() {
124 |     window.onkeyup = function(e) {
125 |     if ( e.keyCode === 27 ) {
126 |         toggleMenuOff();
127 |     }
128 |     }
129 | }
130 | 
131 | /**
132 |  * Window resize event listener
133 |  */
134 | function resizeListener() {
135 |     window.onresize = function(e) {
136 |     toggleMenuOff();
137 |     };
138 | }
139 | 
140 | /**
141 |  * Turns the custom context menu on.
142 |  */
143 | function toggleMenuOn() {
144 |     if ( menuState !== 1 ) {
145 |     menuState = 1;
146 |     menu.classList.add( contextMenuActive );
147 |     }
148 | }
149 | 
150 | /**
151 |  * Turns the custom context menu off.
152 |  */
153 | function toggleMenuOff() {
154 |     if ( menuState !== 0 ) {
155 |     menuState = 0;
156 |     menu.classList.remove( contextMenuActive );
157 |     }
158 | }
159 | 
160 | /**
161 |  * Positions the menu properly.
162 |  * 
163 |  * @param {Object} e The event
164 |  */
165 | function positionMenu(e) {
166 |     clickCoords = getPosition(e);
167 |     clickCoordsX = clickCoords.x;
168 |     clickCoordsY = clickCoords.y;
169 | 
170 |     menuWidth = menu.offsetWidth + 4;
171 |     menuHeight = menu.offsetHeight + 4;
172 | 
173 |     windowWidth = window.innerWidth;
174 |     windowHeight = window.innerHeight;
175 | 
176 |     if ( (windowWidth - clickCoordsX) < menuWidth ) {
177 |     menu.style.left = windowWidth - menuWidth + "px";
178 |     } else {
179 |     menu.style.left = clickCoordsX + "px";
180 |     }
181 | 
182 |     if ( (windowHeight - clickCoordsY) < menuHeight ) {
183 |     menu.style.top = windowHeight - menuHeight + "px";
184 |     } else {
185 |     menu.style.top = clickCoordsY + "px";
186 |     }
187 | }
188 | 
189 | 
190 | /**
191 |  * Initialise our application's code.
192 |  */
193 |  function init() {
194 |     contextListener();
195 |     clickListener();
196 |     keyupListener();
197 |     resizeListener();
198 | }
199 | 
200 | 
201 | 
202 | /**
203 |  * Dispatcher function that performes search action based on data-action attribute
204 |  * 
205 |  * @param {HTMLElement} link The link that was clicked
206 |  */
207 | function menuItemListener( link ) {
208 |     console.log( "Task " + taskItemInContext.innerHTML + " action - " + link.getAttribute("data-action"));
209 |     toggleMenuOff();
210 |     let action = link.getAttribute("data-action"); 
211 |     
212 |     if (action === "whois") {
213 |         window.open('/dashboard/whois/' +  taskItemInContext.innerHTML, '_blank').focus();
214 |     }
215 |     else if (action == "copy") {
216 |         console.log("COPY")
217 |         var r = document.createRange();
218 |         r.selectNode(taskItemInContext);
219 |         window.getSelection().removeAllRanges();
220 |         window.getSelection().addRange(r);
221 |         document.execCommand('copy');
222 |         window.getSelection().removeAllRanges();
223 |     }
224 |     
225 | }
226 | 
227 | 
228 | /**
229 |  * Run the app.
230 |  */
231 | document.addEventListener('DOMContentLoaded', init);
232 | 


--------------------------------------------------------------------------------
/flowapp/static/mystyle.css:
--------------------------------------------------------------------------------
  1 | body {
  2 |     font-family: "Helvetica Neue",Helvetica,Arial,sans-serif;
  3 |     font-size: 14px;
  4 |     line-height: 1.42857143;
  5 |     color: #333;
  6 |     background-color: #fff;
  7 |     padding-top: 70px;
  8 |     padding-bottom: 30px;
  9 | }
 10 | 
 11 | label {
 12 |   display: inline-block;
 13 |   max-width: 100%;
 14 |   margin-bottom: 5px;
 15 |   font-weight: 700;
 16 | }
 17 | 
 18 | .form-group {
 19 |   margin-bottom: 15px;
 20 | }
 21 | 
 22 | .h1, .h2, .h3, h1, h2, h3 {
 23 |   margin-top: 20px;
 24 |   margin-bottom: 10px;
 25 | }
 26 | 
 27 | .h1, .h2, .h3, .h4, .h5, .h6, h1, h2, h3, h4, h5, h6 {
 28 |   font-family: inherit;
 29 |   font-weight: 500;
 30 |   line-height: 1.1;
 31 |   color: inherit;
 32 | }
 33 | 
 34 | .h2, h2 {
 35 |   font-size: 30px;
 36 | }
 37 | 
 38 | #dashboard-search {
 39 |     margin-top: 10px;
 40 | }
 41 | 
 42 | .theme-dropdown .dropdown-menu {
 43 |     position: static;
 44 |     display: block;
 45 |     margin-bottom: 20px;
 46 | }
 47 | 
 48 | .theme-showcase > p > .btn {
 49 |     margin: 5px 0;
 50 | }
 51 | 
 52 | .theme-showcase .navbar .container {
 53 |     width: auto;
 54 | }
 55 | 
 56 | 
 57 | tr.bottom_row > td {
 58 |     border-bottom: solid black 1px;
 59 |     padding-bottom: 1em;
 60 | }
 61 | 
 62 | tr.bottom_row > th {
 63 |     border-bottom: solid black 1px;
 64 |     padding-bottom: 1em;
 65 | }
 66 | 
 67 | 
 68 | td.bottom_row {
 69 |     border-bottom: solid black 1px;
 70 |     padding-bottom: 1em;
 71 | }
 72 | 
 73 | 
 74 | .ip-table thead {
 75 |     background-color: #adadad;
 76 |     cursor: pointer;
 77 | }
 78 | 
 79 | #dashboard-nav .nav > li > a {
 80 |     padding-top: 5px;
 81 |     padding-bottom: 5px;
 82 |     margin-top: 10px;
 83 |     font-size: 130%;
 84 | }
 85 | 
 86 | #dashboard-nav a.active {
 87 |     background-color: #1b67ad;
 88 |     color: white;
 89 | }
 90 | 
 91 | #dashboard-nav h1 {
 92 |     font-size: 130%;
 93 |     font-weight: bold;
 94 |     margin-top: 10px;
 95 | }
 96 | 
 97 | 
 98 | .sort-direction {
 99 |     display: inline-block;
100 |     height: 0;
101 |     width: 0;
102 |     border-left: 5px solid transparent;
103 |     border-right: 5px solid transparent;
104 | }
105 | 
106 | .asc {
107 |     border-bottom: 5px solid black;
108 | }
109 | 
110 | .desc {
111 |     border-top: 5px solid black;
112 | }
113 | 
114 | .table-sorter a {
115 |     color: #0a0a0a;
116 |     text-decoration: none;
117 | }
118 | 
119 | .table-sorter a:visited {
120 |     color: #0a0a0a;
121 | }
122 | 
123 | /* tasks */
124 | 
125 | .tasks {
126 |   list-style: none;
127 |   margin: 0;
128 |   padding: 0;
129 | }
130 | 
131 | .task {
132 |   justify-content: space-between;
133 | }
134 | 
135 | .task:last-child {
136 |   border-bottom: none;
137 | }
138 | 
139 | /* context menu */
140 | 
141 | .context-menu {
142 |   display: none;
143 |   position: absolute;
144 |   z-index: 10;
145 |   padding: 12px 0;
146 |   width: 240px;
147 |   background-color: #fff;
148 |   border: solid 1px #dfdfdf;
149 |   box-shadow: 1px 1px 2px #cfcfcf;
150 | }
151 | 
152 | .context-menu--active {
153 |   display: block;
154 | }
155 | 
156 | .context-menu__items {
157 |   list-style: none;
158 |   margin: 0;
159 |   padding: 0;
160 | }
161 | 
162 | .context-menu__item {
163 |   display: block;
164 |   margin-bottom: 4px;
165 | }
166 | 
167 | .context-menu__item:last-child {
168 |   margin-bottom: 0;
169 | }
170 | 
171 | .context-menu__link {
172 |   display: block;
173 |   padding: 4px 12px;
174 |   color: #0066aa;
175 |   text-decoration: none;
176 | }
177 | 
178 | .context-menu__link:hover {
179 |   color: #fff;
180 |   background-color: #0066aa;
181 | }
182 | 
183 | tbody .bi {
184 |   -webkit-text-stroke: 1px;
185 |   font-size: 105%;
186 |   color: white;
187 | }
188 | 
189 | .alert {
190 |   border-radius: 10px;
191 | }
192 | 


--------------------------------------------------------------------------------
/flowapp/templates/errors/401.html:
--------------------------------------------------------------------------------
1 | {% extends 'layouts/default.html' %}
2 | {% block content %}
3 |   <h1>Could not log you in.</h1>
4 |   <p class="form-text">401: Unauthorized</p>
5 |   <p>Please log out and try logging in again.</p>
6 |   <p><a href="{{url_for('logout')}}">Log out</a></p>
7 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/errors/401.j2:
--------------------------------------------------------------------------------
1 | {% extends 'layouts/default.j2' %}
2 | {% block content %}
3 |   <h1>Could not log you in.</h1>
4 |   <p class="form-text">401: Unauthorized</p>
5 |   <p>Please log out and try logging in again.</p>
6 |   <p><a href="{{url_for('logout')}}">Log out</a></p>
7 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/errors/404.html:
--------------------------------------------------------------------------------
1 | {% extends 'layouts/default.html' %}
2 | {% block content %}
3 |   <h1>Sorry ...</h1>
4 |   <p>There's nothing here!</p>
5 |   <p><a href="{{url_for('index')}}">Back</a></p>
6 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/errors/500.html:
--------------------------------------------------------------------------------
1 | {% extends 'layouts/default.html' %}
2 | {% block content %}
3 |   <h1>Error ...</h1>
4 |   <p>Sorry ;-)</p>
5 |   <p><a href="{{url_for('index')}}">Back</a></p>
6 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/forms/api_key.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% from 'forms/macros.html' import render_field,  render_checkbox_field %}
 3 | {% block title %}Add New Machine with ApiKey{% endblock %}
 4 | {% block content %}
 5 |   <h2>Add new ApiKey for your machine</h2>
 6 | 
 7 |   <div class="row">
 8 |     
 9 |     <div class="col-sm-12">
10 |         <h6>ApiKey: {{ generated_key }}</h6>
11 |     </div>  
12 | 
13 |   <form action="{{ action_url }}" method="POST">
14 |   {{ form.hidden_tag() if form.hidden_tag }}
15 |   <div class="row">
16 |     <div class="col-smfut-5">
17 |           {{ render_field(form.machine) }}
18 |     </div>
19 |     <div class="col-sm-2">
20 |       {{ render_checkbox_field(form.readonly) }}
21 |     </div>
22 |     <div class="col-sm-5">
23 |       {{ render_field(form.expires) }}
24 |     </div>
25 |   </div>  
26 |    
27 |   </div>
28 |   <div class="row">
29 |     <div class="col-sm-10">
30 |       {{ render_field(form.comment) }}
31 |     </div>
32 | 
33 |   <div class="row">
34 |     <div class="col-sm-10">
35 |       <button type="submit" class="btn btn-primary">Save</button>
36 |     </div>
37 |   </div>
38 | 
39 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/forms/bulk_user_form.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% from 'forms/macros.html' import render_field,  render_checkbox_field %}
 3 | {% block title %}Add New Machine with ApiKey{% endblock %}
 4 | {% block content %}
 5 | <h2>Create multiple users.</h2>
 6 | <form method="POST">
 7 |     {{ form.hidden_tag() if form.hidden_tag }}
 8 |     <div class="row">
 9 |         <div class="col-sm-6">
10 |             {{ render_field(form.users, rows=12) }}
11 |         </div>
12 |         <div class="col-sm-6">
13 |             <table class="table table-striped">
14 |                 <thead>
15 |                     <tr class="table-primary">
16 |                         <th>Organization name</th>
17 |                         <th>ID</th>
18 |                     </tr>
19 |                 </thead>
20 |                 <tbody>
21 |                     {% for org in orgs %}
22 |                     <tr>
23 |                         <td>{{ org.name }}</td>
24 |                         <td>{{ org.id }}</td>
25 |                     </tr>
26 |                     {% endfor %}
27 |                 </tbody>
28 |             </table>
29 |         </div>
30 |     </div>  
31 |     
32 |     <div class="row">
33 |         <div class="col-sm-6">
34 |         <button type="submit" class="btn btn-primary">Save</button>
35 |         </div>
36 |     </div>
37 | </form>
38 | <div class="row">
39 |     <div class="col-sm-6">
40 |         <h3>Example CSV data</h3>
41 |         <p>CSV data must contain header row when posting</p>
42 |         <pre>
43 |             <code>
44 | uuid-eppn,name,telefon,email,role,organizace,poznamka
45 | view@example.com,Test View,123,view@example.com,1,1,View
46 | user@example.com,Test User,123456,user@example.com,2,1,User
47 | admin@example.com,Test Admin,+420 111 111 111,admin@example.com,3,1,Admin
48 |             </code>
49 |         </pre>
50 |         <h3>Role</h3>
51 |         <ul>
52 |             <li>1 - View</li>
53 |             <li>2 - User</li>
54 |             <li>3 - Admin</li>
55 |         </ul>
56 |     </div>
57 | </div>      
58 | 
59 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/forms/ipv4_rule.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% from 'forms/macros.html' import render_field %}
 3 | {% block title %}Add IPv4 rule{% endblock %}
 4 | {% block content %}
 5 |   <h2>{{ title or 'New'}} IPv4 rule</h2>
 6 |   <form action="{{ action_url }}" method="POST">
 7 |   {{ form.hidden_tag() if form.hidden_tag }}
 8 |   <div class="row">
 9 |     <div class="col-sm-8">
10 |       <div class="row">
11 |         <div class="col-sm-8">
12 |           {{ render_field(form.source) }}
13 |         </div>
14 |         <div class="col-sm-4">
15 |             {{ render_field(form.source_mask) }}
16 |         </div>
17 |       </div>
18 |       <div class="row">
19 |         <div class="col-sm-8">
20 |           {{ render_field(form.dest) }}
21 |         </div>
22 |         <div class="col-sm-4">
23 |             {{ render_field(form.dest_mask) }}
24 |         </div>
25 |       </div>
26 |     </div>
27 |     <div class="col-sm-2">
28 |       <div class="row">
29 |             {{ render_field(form.protocol) }}
30 |       </div>
31 |         <div class="row">
32 |             {{ render_field(form.fragment, size=4) }}
33 |         </div>
34 |     </div>
35 |     <div class="col-sm-2">
36 |           {{ render_field(form.flags, size=9) }}
37 |     </div>
38 | 
39 |   </div>
40 | 
41 |   <div class="row">
42 |     <div class="col-sm-4">
43 |         {{ render_field(form.source_port, tooltip="Possible values: x;>x;x-y;<x;<=x;>=x") }}
44 |     </div>
45 |     <div class="col-sm-4">
46 |         {{ render_field(form.dest_port, tooltip="Possible values: x;>x;x-y;<x;<=x;>=x") }}
47 |     </div>
48 |     <div class="col-sm-4">
49 |         {{ render_field(form.packet_len, tooltip="Possible values: x;>x;x-y;<x;<=x;>=x")  }}
50 |     </div>
51 |   </div>
52 | 
53 | 
54 |   <div class="row">
55 |     <div class="col-sm-4">
56 |       {{ render_field(form.action) }}
57 |     </div>
58 |     <div class="col-sm-4">
59 |       <div class="form-group">
60 |         <label for="inputExpiration" class="control-label">Expiration date</label>
61 |         <div class='input-group date' id='dateTimeExpires'>
62 |                       <!--
63 |                       <input type='text' name="expires" class="form-control" />
64 | 
65 |                       -->
66 |                       {{ form.expires(class_='form-control') }}
67 |                       <span class="input-group-addon">
68 |                           <span class="glyphicon glyphicon-calendar"></span>
69 |                       </span>
70 |         </div>
71 | 
72 |         {% if form.expires.errors %}
73 |             {% for e in form.expires.errors %}
74 |                 <p class="help-block">{{ e }}</p>
75 |             {% endfor %}
76 |         {% endif %}
77 |       </div>
78 |     </div>
79 |     <div class="col-sm-4">
80 |     </div>  
81 |   </div>
82 | 
83 |   <div class="row">
84 |     <div class="col-sm-12">
85 |          {{ render_field(form.comment) }}
86 |     </div>
87 |   </div>
88 | 
89 |   <div class="row">
90 |     <div class="col-sm-10">
91 |       <button type="submit" class="btn btn-primary">Save</button>
92 |     </div>
93 |   </div>
94 |   </form>
95 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/forms/ipv6_rule.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% from 'forms/macros.html' import render_field %}
 3 | {% block title %}Add IPv6 rule{% endblock %}
 4 | {% block content %}
 5 |   <h2>{{ title or 'New'}} IPv6 rule</h2>
 6 |   <form action="{{ action_url }}" method="POST">
 7 |   {{ form.hidden_tag() if form.hidden_tag }}
 8 |   <div class="row">
 9 |     <div class="col-sm-8">
10 |       <div class="row">
11 |         <div class="col-sm-8">
12 |           {{ render_field(form.source) }}
13 |         </div>
14 |         <div class="col-sm-4">
15 |             {{ render_field(form.source_mask) }}
16 |         </div>
17 |       </div>
18 |       <div class="row">
19 |         <div class="col-sm-8">
20 |           {{ render_field(form.dest) }}
21 |         </div>
22 |         <div class="col-sm-4">
23 |             {{ render_field(form.dest_mask) }}
24 |         </div>
25 |       </div>
26 |     </div>
27 |     <div class="col-sm-2">
28 |             {{ render_field(form.next_header) }}
29 |     </div>
30 |     <div class="col-sm-2">
31 |         {{ render_field(form.flags, size=9) }}
32 |     </div>
33 |   </div>  
34 | 
35 |   <div class="row">
36 |     <div class="col-sm-4">
37 |         {{ render_field(form.source_port, tooltip="Possible values: x;>x;x-y;<x;<=x;>=x") }}
38 |     </div>
39 |     <div class="col-sm-4">
40 |         {{ render_field(form.dest_port, tooltip="Possible values: x;>x;x-y;<x;<=x;>=x") }}
41 |     </div>
42 |     <div class="col-sm-4">
43 |         {{ render_field(form.packet_len, tooltip="Possible values: x;>x;x-y;<x;<=x;>=x")  }}
44 |     </div>
45 |   </div>
46 | 
47 | 
48 |   <div class="row">
49 |     <div class="col-sm-4">
50 |       {{ render_field(form.action) }}
51 |     </div>    
52 |     <div class="col-sm-4">
53 |       <div class="form-group">
54 |         <label for="inputExpiration" class="control-label">Expiration date</label>
55 |         <div class='input-group date' id='dateTimeExpires'>
56 |                       <!--
57 |                       <input type='text' name="expires" class="form-control" />
58 |                       -->
59 |                       {{ form.expires(class_='form-control') }}
60 |                       <span class="input-group-addon">
61 |                           <span class="glyphicon glyphicon-calendar"></span>
62 |                       </span>
63 |         </div>
64 | 
65 |         {% if form.expires.errors %}
66 |             {% for e in form.expires.errors %}
67 |                 <p class="help-block">{{ e }}</p>
68 |             {% endfor %}
69 |         {% endif %}
70 |       </div>            
71 |     </div>
72 |     <div class="col-sm-4">
73 |     </div> 
74 |   </div>
75 | 
76 |   <div class="row">
77 |     <div class="col-sm-12">
78 |          {{ render_field(form.comment) }}
79 |     </div>
80 |   </div>
81 | 
82 |   <div class="row">
83 |     <div class="col-sm-10">
84 |       <button type="submit" class="btn btn-primary">Save</button>
85 |     </div>
86 |   </div>
87 |   </form>
88 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/forms/machine_api_key.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% from 'forms/macros.html' import render_field,  render_checkbox_field %}
 3 | {% block title %}Add New Machine with ApiKey{% endblock %}
 4 | {% block content %}
 5 |   <h2>Add new ApiKey for machine.</h2>
 6 |   <p>
 7 |     In general, the keys should be Read Only and with expiration.
 8 |     If you need to create a full access Read/Write key, consider using usual user form
 9 |     with your organization settings.
10 | </p>
11 | 
12 |   <div class="row">
13 |     
14 |     <div class="col-sm-12">
15 |         <h6>Machine Api Key: {{ generated_key }}</h6>
16 |     </div>  
17 | 
18 |   <form action="{{ url_for('admin.add_machine_key') }}" method="POST">
19 |   {{ form.hidden_tag() if form.hidden_tag }}
20 |   <div class="row">
21 |     <div class="col-sm-5">
22 |           {{ render_field(form.machine) }}
23 |     </div>
24 |     <div class="col-sm-2">
25 |       {{ render_checkbox_field(form.readonly, checked="checked") }}
26 |     </div>
27 |     <div class="col-sm-5">
28 |       {{ render_field(form.expires) }}
29 |     </div>
30 |   </div>  
31 |    
32 |   </div>
33 |   <div class="row">
34 |     <div class="col-sm-10">
35 |       {{ render_field(form.comment) }}
36 |     </div>
37 | 
38 |   <div class="row">
39 |     <div class="col-sm-10">
40 |       <button type="submit" class="btn btn-primary">Save</button>
41 |     </div>
42 |   </div>
43 | 
44 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/forms/macros.html:
--------------------------------------------------------------------------------
  1 | {# Renders field for bootstrap 5 standards.
  2 | 
  3 |     Params:
  4 |         field - WTForm field
  5 |         kwargs - pass any arguments you want in order to put them into the html attributes.
  6 |         There are few exceptions: for - for_, class - class_, class__ - class_
  7 | 
  8 |     Example usage:
  9 |         {{ macros.render_field(form.email, placeholder='Input email', type='email') }}
 10 | #}
 11 | {% macro render_field(field, label_visible=true, tooltip=False) -%}
 12 |     <div class="form-group {% if field.errors %}has-error{% endif %} {{ kwargs.pop('class_', '') }}">
 13 |         {% if (field.type != 'HiddenField' and field.type !='CSRFTokenField') and label_visible %}
 14 |           <label for="{{ field.id }}" class="control-label">{{ field.label }} {% if field.flags.required %}<span class="text-danger">*</span>{% endif %}</label>
 15 |         {% endif %}
 16 |         {% if field.type == 'SelectField' %}
 17 |             {% set input_class = 'form-select' %}
 18 |         {% else %}
 19 |             {% set input_class = 'form-control' %}
 20 |         {% endif %}
 21 |         {% if field.errors %}
 22 |             {% set input_class = input_class + ' is-invalid' %}
 23 |         {% endif %}
 24 |         {% if tooltip %}
 25 |             <div class="input-group">
 26 |                 {{ field(class_=input_class, **kwargs) }}
 27 |                 <span class="input-group-text" data-bs-toggle="tooltip" data-bs-placement="top" title="{{ tooltip }}">
 28 |                     <i class="bi bi-question-square-fill"></i>
 29 |               </span>
 30 |             </div>
 31 |         {% else %}
 32 |             {{ field(class_=input_class, **kwargs) }}
 33 |         {% endif %}
 34 |         {% if field.errors %}
 35 |             {% for e in field.errors %}
 36 |                 <p class="help-block text-danger">{{ e }}</p>
 37 |             {% endfor %}
 38 |         {% endif %}
 39 |     </div>
 40 | {%- endmacro %}
 41 | 
 42 | 
 43 | 
 44 | 
 45 | 
 46 | 
 47 | {# Renders checkbox fields since they are represented differently in bootstrap
 48 |     Params:
 49 |         field - WTForm field (there are no check, but you should put here only BooleanField.
 50 |         kwargs - pass any arguments you want in order to put them into the html attributes.
 51 |         There are few exceptions: for - for_, class - class_, class__ - class_
 52 | 
 53 |     Example usage:
 54 |         {{ macros.render_checkbox_field(form.remember_me) }}
 55 |  #}
 56 | {% macro render_checkbox_field(field) -%}
 57 |     <div class="form-check">
 58 |         {{ field(type='checkbox', class_='form-check-input', **kwargs) }}
 59 |         <label class="form-check-label" for="{{ field.id }}">
 60 |              {{ field.label }}
 61 |         </label>
 62 |     </div>
 63 | {%- endmacro %}
 64 | 
 65 | {# Renders radio field
 66 |     Params:
 67 |         field - WTForm field (there are no check, but you should put here only BooleanField.
 68 |         kwargs - pass any arguments you want in order to put them into the html attributes.
 69 |         There are few exceptions: for - for_, class - class_, class__ - class_
 70 | 
 71 |     Example usage:
 72 |         {{ macros.render_radio_field(form.answers) }}
 73 |  #}
 74 | {% macro render_radio_field(field) -%}
 75 |     {% for value, label, _ in field.iter_choices() %}
 76 |         <div class="form-check">
 77 |             <input type="radio" class="form-check-input" name="{{ field.id }}" id="{{ field.id }}" value="{{ value }}">
 78 |             <label class="form-check-label" for="{{ field.id }}">
 79 |                 {{ label }}
 80 |             </label>
 81 |         </div>
 82 |     {% endfor %}
 83 | {%- endmacro %}
 84 | 
 85 | {# Renders WTForm in bootstrap way. There are two ways to call function:
 86 |      - as macros: it will render all field forms using cycle to iterate over them
 87 |      - as call: it will insert form fields as you specify:
 88 |      e.g. {% call macros.render_form(form, action_url=url_for('login_view'), action_text='Login',
 89 |                                         class_='login-form') %}
 90 |                 {{ macros.render_field(form.email, placeholder='Input email', type='email') }}
 91 |                 {{ macros.render_field(form.password, placeholder='Input password', type='password') }}
 92 |                 {{ macros.render_checkbox_field(form.remember_me, type='checkbox') }}
 93 |             {% endcall %}
 94 | 
 95 |      Params:
 96 |         form - WTForm class
 97 |         action_url - url where to submit this form
 98 |         action_text - text of submit button
 99 |         class_ - sets a class for form
100 |     #}
101 | {% macro render_form(form, action_url='', action_text='Submit', class_='', btn_class='btn btn-primary') -%}
102 | 
103 |     <form method="POST" action="{{ action_url }}" role="form" class="{{ class_ }}">
104 |         {{ form.hidden_tag() if form.hidden_tag }}
105 |         {% if caller %}
106 |             {{ caller() }}
107 |         {% else %}
108 |             {% for f in form %}
109 |                 {% if f.type == 'BooleanField' %}
110 |                     {{ render_checkbox_field(f) }}
111 |                 {% elif f.type == 'RadioField' %}
112 |                     {{ render_radio_field(f) }}
113 |                 {% else %}
114 |                     {{ render_field(f) }}
115 |                 {% endif %}
116 |             {% endfor %}
117 |         {% endif %}
118 |         <button type="submit" class="{{ btn_class }}">{{ action_text }} </button>
119 |     </form>
120 | {%- endmacro %}


--------------------------------------------------------------------------------
/flowapp/templates/forms/org.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% from 'forms/macros.html' import render_field %}
 3 | {% block title %}Add / Edit Organization{% endblock %}
 4 | {% block content %}
 5 | <h2>{{ title or 'New'}} Organization</h2>
 6 | <form action="{{ action_url }}" method="POST">
 7 |     {{ form.hidden_tag() if form.hidden_tag }}
 8 |     <div class="row">
 9 |         <div class="col-sm-8">
10 |             {{ render_field(form.name) }}
11 |         </div>
12 |     </div>
13 |     <div class="row">
14 |         <div class="col-sm-4">
15 |             {{ render_field(form.limit_flowspec4) }}
16 |         </div>
17 |         <div class="col-sm-4">
18 |             {{ render_field(form.limit_flowspec6) }}
19 |         </div>
20 |         <div class="col-sm-4">
21 |             {{ render_field(form.limit_rtbh) }}
22 |         </div>
23 |     </div>
24 |     <div class="row">
25 |         <div class="col-sm-12">
26 |             {{ render_field(form.arange) }}
27 |         </div>
28 |     </div>
29 |     <div class="row">
30 |         <div class="col-sm-10">
31 |             <button type="submit" class="btn btn-primary">Save</button>
32 |         </div>
33 |     </div>
34 | </form>
35 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/forms/rtbh_rule.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% from 'forms/macros.html' import render_field %}
 3 | {% block title %}Add RTBH rule{% endblock %}
 4 | {% block content %}
 5 |   <h2>{{ title or 'New'}} RTBH rule</h2>
 6 |   <form action="{{ action_url }}" method="POST">
 7 |   {{ form.hidden_tag() if form.hidden_tag }}
 8 |   <div class="row">
 9 |     <div class="col-sm-8">
10 |       <div class="row">
11 |         <div class="col-sm-8">
12 |           {{ render_field(form.ipv4) }}
13 |         </div>
14 |         <div class="col-sm-4">
15 |             {{ render_field(form.ipv4_mask) }}
16 |         </div>
17 |       </div>
18 |       <div class="row">
19 |         <div class="col-sm-8">
20 |           {{ render_field(form.ipv6) }}
21 |         </div>
22 |         <div class="col-sm-4">
23 |             {{ render_field(form.ipv6_mask) }}
24 |         </div>
25 |       </div>
26 |     </div>
27 |     <div class="col-sm-4">
28 |       <div class="row">
29 |         {{ render_field(form.community) }}
30 |       </div>
31 |     </div>  
32 |   </div>  
33 | 
34 |   <div class="row">
35 |     <div class="col-sm-6">
36 |       <div class="form-group">
37 |         <label for="inputExpiration" class="control-label">Expiration date</label>
38 |         <div class='input-group date' id='dateTimeExpires'>
39 |                       <!--
40 |                       <input type='text' name="expires" class="form-control" />
41 |                       -->
42 |                       {{ form.expires(class_='form-control') }}
43 |                       <span class="input-group-addon">
44 |                           <span class="glyphicon glyphicon-calendar"></span>
45 |                       </span>
46 |         </div>
47 | 
48 |         {% if form.expires.errors %}
49 |             {% for e in form.expires.errors %}
50 |                 <p class="help-block">{{ e }}</p>
51 |             {% endfor %}
52 |         {% endif %}
53 |       </div>            
54 |     </div>
55 |   </div>
56 | 
57 |   <div class="row">
58 |     <div class="col-sm-12">
59 |          {{ render_field(form.comment) }}
60 |     </div>
61 |   </div>
62 | 
63 |   <div class="row">
64 |     <div class="col-sm-10">
65 |       <button type="submit" class="btn btn-primary">Save</button>
66 |     </div>
67 |   </div>
68 |   </form>
69 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/forms/rule.html:
--------------------------------------------------------------------------------
  1 | {% extends 'layouts/default.html' %}
  2 | {% block title %}Add IPv4 rule{% endblock %}
  3 | {% block content %}
  4 |   <form action="/addrule" method="post">
  5 |   <div class="row">
  6 |     <div class="col-sm-8">
  7 |       <div class="form-group">
  8 |         <label for="inputSourceAdress" class="control-label">Source address</label>
  9 |         <input type="text" class="form-control" name="source_adress" id="inputSourceAdress" placeholder="S Network address" />
 10 |       </div>
 11 |       <div class="form-group">  
 12 |         <label for="inputDestinationAdress" class="control-label">Destination address</label>
 13 |         <input type="text" class="form-control" name="destination_adress" id="inputDestinationAdress" placeholder="Network address" />
 14 |       </div>  
 15 |     </div>
 16 |     <div class="col-sm-4">
 17 |         <div class="form-group "> 
 18 |           <label for="inputProtocol" class="control-label">Protocol</label>
 19 |             <div class="radio">
 20 |             <label>
 21 |               <input type="radio" name="protocol" value="icmp">
 22 |               ICMP
 23 |             </label>
 24 |           </div>
 25 |           <div class="radio">
 26 |             <label>
 27 |               <input type="radio" name="protocol" value="tcp">
 28 |               TCP
 29 |             </label>
 30 |           </div>
 31 |           <div class="radio">
 32 |             <label>
 33 |               <input type="radio" name="protocol" value="udp">
 34 |               UDP
 35 |             </label>
 36 |           </div>
 37 |         </div>
 38 |     </div>
 39 |   </div>  
 40 | 
 41 |   <div class="row">
 42 |     <div class="col-sm-4">
 43 |       <div class="form-group">
 44 |         <label for="sourcePort" class="control-label">Source port</label>
 45 |         <input type="text" class="form-control date" name="source_port">
 46 |       </div>  
 47 |     </div>
 48 |     <div class="col-sm-4">
 49 |       <div class="form-group">
 50 |         <label for="destinationPort" class="control-label">Destination port</label>
 51 |         <input type="text" class="form-control date" name="destination_port">
 52 |       </div>  
 53 |     </div>
 54 |     <div class="col-sm-4">
 55 |       <div class="form-group">
 56 |         <label for="packetLength" class="control-label">Packet length</label>
 57 |         <input type="text" class="form-control date" name="packet_length">
 58 |       </div>  
 59 |     </div>
 60 |   </div>
 61 | 
 62 | 
 63 |   <div class="row">
 64 |     <div class="col-sm-6">
 65 |       <div class="form-group">  
 66 |         <label for="inputAction" class="control-label">Action</label>
 67 |           <select class="form-control" name="action" id="inputAction">
 68 |               <option>1</option>
 69 |               <option>2</option>
 70 |               <option>3</option>
 71 |               <option>4</option>
 72 |               <option>5</option>
 73 |             </select>
 74 |       </div>  
 75 |     </div>    
 76 |     <div class="col-sm-6">
 77 |       <div class="form-group">
 78 |         <label for="inputExpiration" class="control-label">Expiration date</label>
 79 |         <div class='input-group date' id='dateTimeExpires'>
 80 |                       <input type='text' name="expire_date" class="form-control" />
 81 |                       <span class="input-group-addon">
 82 |                           <span class="glyphicon glyphicon-calendar"></span>
 83 |                       </span>
 84 |                   </div>
 85 |       </div>            
 86 |     </div>
 87 |   </div>
 88 | 
 89 |   <div class="row">
 90 |     <div class="col-sm-12">
 91 |       <div class="form-group">
 92 |         <label for="inputComment" class="control-label">Comments</label>
 93 |         <textarea class="form-control" rows="3" name="comment" id="inputComment"></textarea>
 94 |       </div>
 95 |     </div>
 96 |   </div>
 97 | 
 98 |   <div class="row">
 99 |     <div class="col-sm-10">
100 |       <button type="submit" class="btn btn-primary">Save</button>
101 |     </div>
102 |   </div>
103 | </form>
104 | 
105 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/forms/simple_form.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% from 'forms/macros.html' import render_form %}
 3 | 
 4 | {% block title %}
 5 | {{ title }}
 6 | {% endblock %}
 7 | {% block content %}
 8 |     <div class="simple-form">
 9 |         {{ render_form(form, action_url=action_url, action_text='Save') }}
10 |     </div>
11 | {% endblock content %}


--------------------------------------------------------------------------------
/flowapp/templates/layouts/default.html:
--------------------------------------------------------------------------------
  1 | 
  2 | <!DOCTYPE html>
  3 | <html lang="en">
  4 |   <head>
  5 |     <meta charset="utf-8">
  6 |     <meta http-equiv="X-UA-Compatible" content="IE=edge">
  7 |     <meta name="viewport" content="width=device-width, initial-scale=1">
  8 |     <meta name="description" content="EXAFS tool for EXABGP messages">
  9 |     <meta name="author" content="CESNET / Jiri Vrany, Petr Adamec, Josef Verich">
 10 |     <meta name="google" content="notranslate">
 11 |     <meta http-equiv="Content-Language" content="en">
 12 |     <link rel="icon" href="../../favicon.ico">
 13 | 
 14 |     <title>{% block title %}{% endblock %}</title>
 15 | 
 16 |     <!-- Bootstrap core CSS 
 17 |     <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous">
 18 |     <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-MrcW6ZMFYlzcLA8Nl+NtUVF0sA7MsXsP1UyJoMp4YLEuNSfAP+JcXn/tWtIaxVXM" crossorigin="anonymous"></script>
 19 |     <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css">
 20 |     -->
 21 |     <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" crossorigin="anonymous">
 22 |     <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-YvpcrYf0tY3lHB60NNkmXc5s9fDVZLESaAA55NDzOxhy9GkcIdslK1eN7N6jIeHz" crossorigin="anonymous"></script>
 23 |     <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css">
 24 |     <!-- Custom styles for this template -->
 25 |     <link href="/static/mystyle.css" rel="stylesheet">
 26 |     <!-- Add more styles or javacsript if needed in template -->
 27 |     {% block head %}{% endblock %}
 28 | 
 29 | 
 30 |   </head>
 31 | 
 32 |   <body>
 33 | 
 34 |     <div class="container">
 35 |       <nav class="navbar fixed-top navbar-expand-lg navbar-dark bg-dark">
 36 |         <div class="container">
 37 |           <a class="navbar-brand" href="/">{{ config['APP_NAME'] }}</a>
 38 |           <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbar" aria-controls="navbarNavDropdown" aria-expanded="false" aria-label="Toggle navigation">
 39 |                 <span class="navbar-toggler-icon"></span>
 40 |           </button>
 41 |           <div class="collapse navbar-collapse" id="navbar">
 42 |             <ul class="navbar-nav me-auto mb-2 mb-lg-0">
 43 |               {% if session['can_edit'] %}
 44 |                   {% for item in main_menu['edit'] %}
 45 |                     <li class="nav-item"><a class="nav-link" href="{{ url_for(item.url) }}">{{ item.name}}</a></li>
 46 |                   {% endfor %}
 47 |               {% endif %}
 48 |               {% if 3 in session['user_role_ids'] %}
 49 |               <li class="nav-item dropdown">
 50 |                 <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false">
 51 |                   Admin
 52 |                 </a>
 53 |                 <ul class="dropdown-menu" aria-labelledby="navbarDropdown">
 54 |                   {% for item in main_menu['admin'] %}
 55 |                     {% if item.divide_before %}
 56 |                       <li><hr class="dropdown-divider"></li>
 57 |                     {% endif %}
 58 |                     <li><a class="dropdown-item" href="{{ url_for(item.url) }}">{{ item.name }}</a></li>
 59 |                   {% endfor %}
 60 |                   <li><hr class="dropdown-divider"></li>
 61 |                   <li><span class="dropdown-item">ExaFS version {{ session['app_version'] }}</span></li>
 62 |                 </ul>
 63 |               </li>
 64 |               {% endif %}
 65 |             </ul>
 66 |             <span class="navbar-text">
 67 |               {{ session['user_name']}} &lt;{{ session['user_email'] }}&gt;, 
 68 |               role: {{ session['user_roles']|join(", ") }}, org: {{ session['user_org'] }}</span>
 69 |           </div>    
 70 |         
 71 |         </div>
 72 |       </nav>
 73 |     </div>  
 74 |     <div class="container theme-showcase" role="main">
 75 | 
 76 |       {% with messages = get_flashed_messages(with_categories=true)  %}
 77 |         {% if messages %}
 78 |           {% for category, message in messages %}
 79 |             <div class="alert alert-dismissible fade show {{category}} shadow-sm" role="alert">
 80 |               {{ message }}
 81 |               <button type="button" class="btn-close" data-bs-dismiss="alert"
 82 |                             aria-label="Close"></button>
 83 |             </div>
 84 |           {% endfor %}
 85 |         {% endif %}
 86 |       {% endwith %}
 87 | 
 88 |       {% block content %}{% endblock %}
 89 |     </div>
 90 |     <nav id="context-menu" class="context-menu">
 91 |         <ul class="context-menu__items">
 92 |             <li class="context-menu__item">
 93 |             <a href="#" class="context-menu__link" data-action="whois"><i class="fa fa-eye"></i>WHOIS</a>
 94 |             </li>
 95 |             <li class="context-menu__item">
 96 |             <a href="#" class="context-menu__link" data-action="copy"><i class="fa fa-copy"></i>Copy</a>
 97 |             </li>
 98 |         </ul>
 99 |     </nav>
100 |     <p class="position-fixed bottom-0 end-0 form-text p-2 me-2">ExaFS {{ session['app_version'] }}</p>
101 | 
102 |     <script type="text/javascript" src="/static/js/ip_context.js"></script>  
103 |     <script type="text/javascript" src="/static/js/enable_tooltips.js"></script>
104 |   </body>
105 | </html>
106 | 


--------------------------------------------------------------------------------
/flowapp/templates/macros.html:
--------------------------------------------------------------------------------
  1 | 
  2 | {% macro build_ip_tbody(rules, today, editable=True, group_op=True) %}
  3 | <tbody>
  4 |     {% for rule in rules %}
  5 |         {% if rule.next_header is defined %}
  6 |             {% set rtype_int = 6 %}
  7 |         {% else %}
  8 |             {% set rtype_int = 4 %}
  9 |         {% endif %}
 10 | 
 11 |         <tr {% if rule.expires < today %} class="warning" {% endif %}>
 12 |             <td>
 13 |                 <span class="task">{{ rule.source }}</span>{% if rule.source_mask != none %}{{ '/' if rule.source_mask >= 0 else '' }}{{ rule.source_mask if rule.source_mask >= 0 else '' }}{% endif %}
 14 |             </td>
 15 |             <td>
 16 |                 {{ rule.source_port }}
 17 |             </td>
 18 |             <td>
 19 |                 <span class="task">{{ rule.dest }}</span>{% if rule.dest_mask != none %}{{ '/' if rule.dest_mask >= 0 else '' }}{{ rule.dest_mask if rule.dest_mask >= 0 else '' }}{% endif %}
 20 |             </td>
 21 |             <td>
 22 |                 {{ rule.dest_port }}
 23 |             </td>
 24 |             <td>
 25 |                 {% if rtype_int == 4 %}
 26 |                     {{ rule.protocol }}
 27 |                 {% elif rtype_int == 6 %}
 28 |                     {{ rule.next_header }}
 29 |                 {% endif %}
 30 |             </td>
 31 |             <td>
 32 |                 {{ rule.packet_len }}
 33 |             </td>
 34 |             <td>
 35 |                 {{ rule.expires|strftime }}
 36 |             </td>
 37 |             <td>
 38 |                 {{ rule.action.name }}
 39 |             </td>
 40 |             <td>
 41 |                 {{ rule.flags}}
 42 |             </td>
 43 |             <td>
 44 |                 {{ rule.user.name }}
 45 |             </td>
 46 |             <td>
 47 |             {% if editable %}
 48 |                 <a class="btn btn-info btn-sm" href="{{ url_for('rules.reactivate_rule', rule_type=rtype_int, rule_id=rule.id) }}" role="button">
 49 |                     <i class="bi bi-clock table-icon"></i>
 50 |                 </a>
 51 |                 <a class="btn btn-danger btn-sm" href="{{ url_for('rules.delete_rule', rule_type=rtype_int, rule_id=rule.id) }}" role="button">
 52 |                     <i class="bi bi-x-lg"></i>
 53 |                 </a>
 54 |             {% endif %}
 55 |             {% if rule.comment %}
 56 |                 <button type="button" class="btn btn-info btn-sm" data-bs-toggle="tooltip" data-bs-placement="top" title="{{ rule.comment }}">
 57 |                     <i class="bi bi-chat-left-text-fill"></i>
 58 |                 </button>
 59 |             {% endif %}
 60 |             </td>
 61 | 
 62 |             {% if editable and group_op %}
 63 |                 <td class="text-center">
 64 |                     <input type="checkbox" name="delete-id" value="{{rule.id}}" />
 65 |                 </td>
 66 |             {% endif %}
 67 | 
 68 |         </tr>
 69 | 
 70 | 
 71 |     {% endfor %}
 72 | </tbody>
 73 | {% endmacro %}
 74 | 
 75 | 
 76 | {% macro build_rtbh_tbody(rules, today, editable=True, group_op=True) %}
 77 |     <tbody>
 78 | {% for rule in rules %}
 79 |     <tr {% if rule.expires < today %} class="warning"  {% endif %}>
 80 |     <td>
 81 |     {% if rule.ipv4 %}
 82 |         <span class="task">{{ rule.ipv4 }}</span>{{ '/' if rule.ipv4_mask else '' }}{{rule.ipv4_mask|default("", True)}}
 83 |     {% endif %}
 84 |     {% if rule.ipv6 %}
 85 |         <span class="task">{{ rule.ipv6 }}</span>{{ '/' if rule.ipv6_mask else '' }} {{rule.ipv6_mask|default("", True)}}
 86 |     {% endif %}
 87 |     </td>
 88 |      <td>
 89 |         {{ rule.community.name }}
 90 |     </td>
 91 | 
 92 |      <td>
 93 |         {{ rule.expires|strftime }}
 94 |     </td>
 95 |     <td>
 96 |         {{ rule.user.name }}
 97 |     </td>
 98 |     <td>
 99 |         {% if editable %}
100 |         <a class="btn btn-info btn-sm" href="{{ url_for('rules.reactivate_rule', rule_type=1, rule_id=rule.id) }}" role="button">
101 |             <i class="bi bi-clock table-icon"></i>
102 |         </a>
103 |         <a class="btn btn-danger btn-sm" href="{{ url_for('rules.delete_rule', rule_type=1, rule_id=rule.id) }}" role="button">
104 |             <i class="bi bi-x-lg"></i>
105 |         </a>
106 |         {% endif %}
107 |         {% if rule.comment %}
108 |            <button type="button" class="btn btn-info btn-sm" data-bs-toggle="tooltip" data-bs-placement="top" title="{{ rule.comment }}">
109 |               <i class="bi bi-chat-left-text-fill"></i>
110 |            </button>
111 |          {% endif %}
112 |     </td>
113 |      {% if editable and group_op %}
114 |             <td class="text-center">
115 |                 <input type="checkbox" name="delete-id" value="{{rule.id}}" />
116 |             </td>
117 |     {% endif %}
118 | 
119 |     </tr>
120 | {% endfor %}
121 | </tbody>
122 | {% endmacro %}
123 | 
124 | 
125 | {% macro build_rules_thead(rules_columns, rtype, rstate, sort_key, sort_order, search_query='', group_op=True) %}
126 | <thead>
127 |     <tr class="table-sorter">
128 |     {% for sort_key, col_name in rules_columns %}
129 |     <th>
130 |         {% if search_query %}
131 |             <a href="{{ url_for('dashboard.index', rtype=rtype, rstate=rstate, sort=sort_key, order=sort_order, ordsrc='link', squery=search_query) }}" >
132 |         {% else %}
133 |             <a href="{{ url_for('dashboard.index', rtype=rtype, rstate=rstate, sort=sort_key, order=sort_order, ordsrc='link') }}" >
134 |         {% endif %}
135 |         {{ col_name }}
136 |         </a>
137 |         <span class="sort-direction {{ sort_order }}"></span>
138 |     </th>
139 |     {% endfor %}
140 |     <th>Edit</th>
141 |     {% if group_op %}
142 |         <th class="text-center">
143 |             <input id="check-all" type="checkbox">
144 |         </th>
145 |     {% endif %}
146 |     </tr>
147 | </thead>
148 | {% endmacro %}
149 | 
150 | {% macro build_group_buttons_tfoot(button_colspan=10) %}
151 | <tr>
152 |     <td colspan="{{ button_colspan }}">
153 |     </td>
154 |     <td  class="text-center">
155 | 
156 |         <button type="submit" name="action" value="group-delete" class="btn btn-danger btn-sm" id="group-delete"  data-bs-toggle="tooltip" data-bs-placement="top" title="delete selected rules">
157 |             <i class="bi bi-x-lg"></i>
158 |         </button>
159 | 
160 |         <button type="submit" name="action" value="group-update" class="btn btn-primary btn-sm" id="group-update" data-bs-toggle="tooltip" data-bs-placement="top" title="update selected rules">
161 |             <i class="bi bi-clock"></i>
162 |         </button>
163 |     </td>
164 | </tr>
165 | {% endmacro %}


--------------------------------------------------------------------------------
/flowapp/templates/pages/actions.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% block title %}Flowspec Actions{% endblock %}
 3 | {% block content %}
 4 |     <table class="table table-hover">
 5 |     <tr>
 6 |     <th>Id</th>
 7 |     <th>Name</th>
 8 |     <th>Command</th>
 9 |     <th>Description</th>
10 |     <th>Minimum level</th>
11 |     <th>action</th>
12 |     </tr>
13 |     {% for action in actions %}
14 |         <tr>
15 |         <td>{{ action.id }}</td>
16 |         <td>{{ action.name }}</td>
17 |         <td>{{ action.command }}</td>
18 |         <td>
19 |             {{ action.description }}
20 |         </td>
21 |         <td>
22 |             {{ action.role }}
23 |         </td>
24 |         <td>
25 |         <a class="btn btn-info btn-sm" href="{{ url_for('admin.edit_action', action_id=action.id) }}" role="button">
26 |             <i class="bi bi-pen"></i>
27 |         </a>
28 |         <a class="btn btn-danger btn-sm" href="{{ url_for('admin.delete_action', action_id=action.id) }}" role="button">
29 |             <i class="bi bi-x-lg"></i>
30 |         </a>
31 |         </td>
32 |         </tr>
33 |     {% endfor %}
34 |     </table>
35 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/pages/api_key.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% block title %}ExaFS - ApiKeys{% endblock %}
 3 | {% block content %}
 4 |     <h1>Your machines and ApiKeys</h1>
 5 |     <table class="table table-hover">
 6 |     <tr>
 7 |     <th>Machine address</th>
 8 |     <th>ApiKey</th>
 9 |     <th>Organization</th>
10 |     <th>Expires</th>
11 |     <th>Read only</th>
12 |     <th>Action</th>
13 |     </tr>
14 |     {% for row in keys %}
15 |         <tr>
16 |         <td>
17 |             {{ row.machine }}
18 |         </td>
19 |         <td>
20 |             {{ row.key }}
21 |         </td>
22 |         <td>
23 |             {{ row.org.name }}
24 |         <td>
25 |             {{ row.expires|strftime }}
26 |         </td>
27 |         <td>
28 |             {% if row.readonly %}
29 |             <button type="button" class="btn btn-success btn-sm" title="Read Only">
30 |                 <i class="bi bi-check-lg"></i>
31 |             </button>
32 |                 
33 |             {% endif %}
34 |         </td>
35 |         <td>
36 |             <a class="btn btn-danger btn-sm" href="{{ url_for('api_keys.delete', key_id=row.id) }}" role="button">
37 |                 <i class="bi bi-x-lg"></i>
38 |             </a>
39 |             {% if row.comment %}
40 |                 <button type="button" class="btn btn-info btn-sm" data-bs-toggle="tooltip" data-bs-placement="top" title="{{ row.comment }}">
41 |                     <i class="bi bi-chat-left-text-fill"></i>
42 |                 </button>
43 |             {% endif %}
44 |         </td>    
45 |         </tr>
46 |     {% endfor %}
47 |     </table>
48 |     <a class="btn btn-primary" href="{{ url_for('api_keys.add') }}" role="button">
49 |                          Add new ApiKey
50 |                     </a>
51 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/pages/as_paths.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% block title %}AS Paths{% endblock %}
 3 | {% block content %}
 4 |     <table class="table table-hover">
 5 |     <tr>
 6 |     <th>Prefix</th>
 7 |     <th>AS-path</th>
 8 |     <th>Action</th>
 9 |     </tr>
10 |     {% for pth in paths %}
11 |         <tr>
12 |         <td>{{ pth.prefix }}</td>
13 |         <td>
14 |             {{ pth.as_path }}
15 |         </td>
16 |         <td>
17 |         <a class="btn btn-info btn-sm" href="{{ url_for('admin.edit_as_path', path_id=pth.id) }}" role="button">
18 |             <i class="bi bi-pen"></i>
19 |         </a>
20 |         <a class="btn btn-danger btn-sm" href="{{ url_for('admin.delete_as_path', path_id=pth.id) }}" role="button">
21 |             <i class="bi bi-x-lg"></i>
22 |         </a>
23 |         </td>
24 |         </tr>
25 |     {% endfor %}
26 |     </table>
27 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/pages/communities.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% block title %}Flowspec RTBH communities{% endblock %}
 3 | {% block content %}
 4 |     <table class="table table-hover">
 5 |     <tr>
 6 |     <th>Id</th>
 7 |     <th>Display Name</th>
 8 |     <th>Community</th>
 9 |     <th>Large comm.</th>
10 |     <th>Extended comm.</th>
11 |     <th>AS-path</th>
12 |     <th>Description</th>
13 |     <th>Minimum level</th>
14 |     <th>Edit</th>
15 |     </tr>
16 |     {% for community in communities %}
17 |         <tr>
18 |         <td>{{ community.id }}</td>
19 |         <td>{{ community.name }}</td>
20 |         <td>{{ community.comm }}</td>
21 |         <td>{{ community.larcomm }}</td>
22 |         <td>{{ community.extcomm }}</td>
23 |         <td>{{ community.as_path }}</td>
24 |         <td>
25 |             {{ community.description }}
26 |         </td>
27 |         <td>
28 |             {{ community.role }}
29 |         </td>
30 |         <td>
31 |         <a class="btn btn-info btn-sm" href="{{ url_for('admin.edit_community', community_id=community.id) }}" role="button">
32 |             <i class="bi bi-pen"></i>
33 |         </a>
34 |         <a class="btn btn-danger btn-sm" href="{{ url_for('admin.delete_community', community_id=community.id) }}" role="button">
35 |             <i class="bi bi-x-lg"></i>
36 |         </a>
37 |         </td>
38 |         </tr>
39 |     {% endfor %}
40 |     </table>
41 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/pages/dashboard_admin.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | 
 3 | 
 4 | {% block title %}Flowspec{% endblock %}
 5 | {% block content %}
 6 | 
 7 |     {% include 'pages/submenu_dashboard.html' %}
 8 |     {% if display_rules %}
 9 |     <div class="row">
10 |         <form action="{{ url_for('rules.group_operation') }}" method="post">
11 |          <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
12 |         <table class="table table-hover ip-table">
13 |             {{ dashboard_table_head }} 
14 |             
15 |             {{ dashboard_table_body }}
16 |             
17 |             {{ dashboard_table_foot }}
18 |         </table>
19 |         </form>
20 |     </div>
21 |     <script type="text/javascript" src="{{ url_for('static', filename='js/check_all.js') }}"></script>
22 |     {% else %}
23 |         <h2>There are no {{ rstate|capitalize }} {{ table_title }}.</h2>
24 |     {% endif %}
25 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/pages/dashboard_search.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% from 'macros.html' import build_ip_tbody, build_rtbh_tbody, build_rules_thead %}
 3 | 
 4 | {% block title %}Flowspec{% endblock %}
 5 | {% block content %}
 6 | 
 7 |     {% include 'pages/submenu_dashboard.html' %}
 8 | 
 9 |     <div class="row">
10 |         <table class="table table-hover ip-table">
11 |             {{ build_rules_thead(rules_columns, rtype, rstate, sort_key, sort_order) }}
12 |             {% if rtype_int == 1 %}
13 |                 {{ build_rtbh_tbody(rules, today, rtype_int) }}
14 |             {% else %}
15 |                 {{ build_ip_tbody(rules, today, rtype_int) }}
16 |             {% endif %}
17 |         </table>
18 |     </div>
19 | 
20 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/pages/dashboard_user.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% from 'macros.html' import build_ip_tbody, build_rtbh_tbody, build_rules_thead %}
 3 | 
 4 | 
 5 | {% block title %}Flowspec{% endblock %}
 6 | {% block content %}
 7 | 
 8 |     {% include 'pages/submenu_dashboard.html' %}
 9 | 
10 | 
11 | 
12 |     {% if display_editable %}
13 |     <h2>{{ rstate|capitalize }} {{ table_title }} that you can modify</h2>
14 |     <form action="{{ url_for('rules.group_operation') }}" method="post">
15 |          <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
16 |         <table class="table table-hover ip-table">
17 |         {{ dashboard_table_editable_head }}
18 |         {{ dashboard_table_editable }}
19 |         {{ dashboard_table_foot }}
20 |         </table>
21 |     </form>
22 |     <script type="text/javascript" src="{{ url_for('static', filename='js/check_all.js') }}"></script>
23 |     {% else %}
24 |         <h2>There are no {{ rstate|capitalize }} {{ table_title }}.</h2>
25 |     {% endif %}
26 | 
27 |     {% if display_readonly %}
28 |     <h2>{{ rstate|capitalize }}  {{ table_title }} that are read-only for you</h2>
29 |         <p>Those rules somehow including your network ranges. You can see them all for your information. However, you can not modify their expiration time or delete them.</p>
30 |         <table class="table table-hover ip-table">
31 |         {{ dashboard_table_readonly_head }}
32 |         {{ dashboard_table_readonly }}
33 |         </table>
34 |     {% else %}
35 |         <h2>There are no read only {{ rstate }}  {{ table_title }}.</h2>
36 |     {% endif %}
37 | 
38 |     <script type="text/javascript">
39 |     </script>
40 | 
41 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/pages/dashboard_view.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% from 'macros.html' import build_ip_tbody, build_rtbh_tbody, build_rules_thead %}
 3 | 
 4 | 
 5 | {% block title %}Flowspec{% endblock %}
 6 | {% block content %}
 7 | 
 8 |     {% include 'pages/submenu_dashboard_view.html' %}
 9 | 
10 |     {% if display_rules %}
11 |     <h2>{{ rstate|capitalize }}  {{ table_title }}</h2>
12 |         <p>You can see the rules for your information. However, you can not modify their expiration time or delete them.</p>
13 |         <table class="table table-hover ip-table">
14 |         {{ dashboard_table_head }}
15 |         {{ dashboard_table_body }}
16 | 
17 |         </table>
18 |     {% else %}
19 |         <h2>There are no {{ rstate|capitalize }} {{ table_title }}.</h2>
20 |     {% endif %}
21 | 
22 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/pages/dashboard_whois.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | 
 3 | {% block title %}Flowspec{% endblock %}
 4 | {% block content %}
 5 |     <h2>WHOIS for {{ ip_address }}</h2>
 6 | 
 7 |     <div class="row">
 8 |         <pre>{{ result }}</pre>        
 9 |     </div>
10 | 
11 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/pages/limit_reached.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% block title %}Rule limit reached{% endblock %}
 3 | {% block content %}
 4 |     <div class="row">
 5 |         <div class="col-md-6">
 6 |             <h2>You can't add new  / reactivate {{ rule_type }} rule.</h2>
 7 |             <h5>{{ message }}</h5>
 8 |             <table class="table">
 9 |                 <tr class="table-primary">
10 |                     <th>Rule type</th><th class="text-center">Current count</th><th class="text-center">Limit</th>
11 |                 </tr>
12 |                 <tr>
13 |                 <td>IPv4 (Flowspec4)</td><td class="text-center">{{ count_4 }}</td><td class="text-center">{{ org.limit_flowspec4|unlimited }}</td>
14 |                 </tr>
15 |                 <tr>
16 |                 <td>IPv6 {Flowspec6)</td><td class="text-center">{{ count_6 }}</td><td class="text-center">{{ org.limit_flowspec6|unlimited }}</td>
17 |                 </tr>
18 |                 <tr>    
19 |                 <td>RTBH</td><td class="text-center">{{ count_rtbh }}</td><td class="text-center">{{ org.limit_rtbh|unlimited }}</td>
20 |                 </tr>
21 |             </table >       
22 |             <p>Please delete some unnecesary rules, or contact system Administrator.</p>
23 |         </div>
24 |     </div>
25 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/pages/logout.html:
--------------------------------------------------------------------------------
1 | {% extends 'layouts/default.html' %}
2 | {% block title %}Flowspec - logout{% endblock %}
3 | {% block content %}
4 |     <h1>Good Bye</h1>
5 |     <h2>Server time: {{ time }}</h2>
6 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/pages/logs.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% block title %}Flowspec Users{% endblock %}
 3 | {% block content %}
 4 |     <h2>Commands log / latest on top</h2>
 5 |     {% if logs %}
 6 |         <h5>
 7 |         {% if logs.has_prev %}<a href="{{ url_for('admin.log', page=logs.prev_num) }}">&lt;&lt; Newer logs</a>{% else %}&lt;&lt; Newer logs{% endif %} | 
 8 |         {% if logs.has_next %}<a href="{{ url_for('admin.log', page=logs.next_num) }}">Older logs &gt;&gt;</a>{% else %}Older logs &gt;&gt;{% endif %}
 9 |         </h5>
10 |         <table class="table table-hover">
11 |         <tr>
12 |         <th>time</th>
13 |         <th>task</th>
14 |         <th>rule_type</th>
15 |         <th>rule_id</th>
16 |         <th>author</th>
17 |         </tr>
18 |         {% for log in logs.items %}
19 |             <tr>
20 |             <td>{{ log.time|strftime }}</td>
21 |             <td>{{ log.task }}</td>
22 |             <td>{{ log.rule_type }}</td>
23 |             <td>{{ log.rule_id }}</td>
24 |             <td>{{ log.author }}</td>
25 |             </tr>
26 |         {% endfor %}
27 |         </table>
28 |         <h5>
29 |         {% if logs.has_prev %}<a href="{{ url_for('admin.log', page=logs.prev_num) }}">&lt;&lt; Newer logs</a>{% else %}&lt;&lt; Newer logs{% endif %} | 
30 |         {% if logs.has_next %}<a href="{{ url_for('admin.log', page=logs.next_num) }}">Older logs &gt;&gt;</a>{% else %}Older logs &gt;&gt;{% endif %}
31 |         </h5>
32 |     {% else %}
33 |         <h3>No logs for last two days</h3>
34 |     {% endif %}
35 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/pages/machine_api_key.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% block title %}ExaFS - ApiKeys{% endblock %}
 3 | {% block content %}
 4 |     <h1>Machines and ApiKeys</h1>
 5 |     <p>
 6 |         This is the list of all machines and their API keys, created by admin(s).
 7 |         In general, the keys should be Read Only and with expiration.
 8 |         If you need to create a full access Read/Write key, use usual user form with your organization settings.
 9 |     </p>
10 |     <table class="table table-hover">
11 |     <tr>
12 |     <th>Machine address</th>
13 |     <th>ApiKey</th>
14 |     <th>Created by</th>
15 |     <th>Created for</th>
16 |     <th>Expires</th>
17 |     <th>Read/Write ?</th>
18 |     <th>Action</th>
19 |     </tr>
20 |     {% for row in keys %}
21 |         <tr>
22 |         <td>
23 |             {{ row.machine }}
24 |         </td>
25 |         <td>
26 |             {{ row.key }}
27 |         </td>
28 |         <td>
29 |             {{ row.user.name }}
30 |         </td>
31 |         <td>
32 |             {{ row.comment }}    
33 |         <td>
34 |             {{ row.expires|strftime }}
35 |         </td>
36 |         <td>
37 |             {% if not row.readonly %}
38 |             <button type="button" class="btn btn-warning btn-sm" title="Read Only">
39 |                 <i class="bi bi-exclamation-lg"></i>
40 |             </button>
41 |                 
42 |             {% endif %}
43 |         </td>
44 |         <td>
45 |             <a class="btn btn-danger btn-sm" href="{{ url_for('admin.delete_machine_key', key_id=row.id) }}" role="button">
46 |                 <i class="bi bi-x-lg"></i>
47 |             </a>
48 |         </td>    
49 |         </tr>
50 |     {% endfor %}
51 |     </table>
52 |     <a class="btn btn-primary" href="{{ url_for('admin.add_machine_key') }}" role="button">
53 |     Add new Machine ApiKey
54 |     </a>
55 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/pages/org_modal.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% block title %}ExaFS - choose our organization{% endblock %}
 3 | {% block content %}
 4 | 
 5 | <div class="modal modal-sheet position-static d-block bg-body-secondary p-4 py-md-5" tabindex="-1" role="dialog" id="modalSheet">
 6 |     <div class="modal-dialog" role="document">
 7 |       <div class="modal-content rounded-4 shadow">
 8 |         <div class="modal-header border-bottom-0">
 9 |           <h1 class="modal-title fs-5">Select Organization</h1>
10 |         </div>
11 |         <div class="modal-body py-0">
12 |           <p>You are a member of more than one organisation. Please select an organization for this session, due to the rules counting towards the organization limit.</p>
13 |         </div>
14 |         <div class="modal-footer flex-column align-items-stretch w-100 gap-2 pb-3 border-top-0">
15 |             {% for org in orgs %}
16 |             <a class="btn btn-primary" href="{{ url_for('select_org', org_id=org.id) }}" role="button">{{ org.name }}</a>
17 |             {% endfor %}
18 |           
19 |         </div>
20 |       </div>
21 |     </div>
22 |   </div>
23 |   {% endblock %}  


--------------------------------------------------------------------------------
/flowapp/templates/pages/orgs.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% block title %}Flowspec Organizations{% endblock %}
 3 | {% block content %}
 4 |     <table class="table">
 5 |         <tr>
 6 |             <th>RTBH All Count</th>
 7 |             <th>Flowspec4 All Count</th>
 8 |             <th>Flowspec6 All Count</th>
 9 |         </tr>
10 |         <tr>
11 |             <td>{{ rtbh_all_count }} / {{ rtbh_limit }} </td>
12 |             <td>{{ flowspec4_all_count }} / {{ flowspec_limit }} </td>
13 |             <td>{{ flowspec6_all_count }} / {{ flowspec_limit }} </td>
14 |         </tr>
15 |         
16 |         
17 |     </table>
18 |     <table class="table table-hover">
19 |     <tr>
20 |     <th>Name</th>
21 |     <th>Limit for rules</th>
22 |     <th>Adress Ranges</th>
23 |     <th>action</th>
24 |     </tr>
25 |     {% for org in orgs %}
26 |     <tr>
27 |         <td width="20%">{{ org.name }}</td>
28 |         <td width="20%">
29 |             IPv4: {{ org.limit_flowspec4 | unlimited }} / {{ flowspec4_counts[org.id] | default(0)  }}<br />
30 |             IPv6: {{ org.limit_flowspec6 | unlimited }} / {{ flowspec6_counts[org.id] | default(0)  }}<br />
31 |             RTBH: {{ org.limit_rtbh | unlimited }} / {{ rtbh_counts[org.id] | default(0) }}
32 |         </td>
33 |         <td width="40%">
34 |             {% set rows = org.arange.split() %}
35 |             <ul class="list-group">
36 |             {% for row in rows %}
37 |                 <li class="list-group-item">{{ row }}</li>
38 |             {% endfor %}
39 |             </ul>
40 |         </td>
41 |         <td width="20%">
42 |             <a class="btn btn-info btn-sm" href="{{ url_for('admin.edit_organization', org_id=org.id) }}" role="button">
43 |                 <i class="bi bi-pen"></i>
44 |             </a>
45 |             <a class="btn btn-danger btn-sm" href="{{ url_for('admin.delete_organization', org_id=org.id) }}" role="button">
46 |                 <i class="bi bi-x-lg"></i>
47 |             </a>
48 |         </td>
49 |     </tr>
50 |     {% endfor %}
51 | 
52 |     </table>
53 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/pages/submenu_dashboard.html:
--------------------------------------------------------------------------------
 1 | 
 2 | {% block submenu_dashboard %}
 3 |     <div class="container" id="dashboard-nav">
 4 |     
 5 |     <h1>{{ rstate|capitalize }} {{ table_title }}</h1>
 6 |     <div class="row">  
 7 |         <div class="col-6">
 8 |             <ul class="nav nav-pills">
 9 |             {% for key, item in dashboard.items() %}
10 |                 <li class="nav-item">
11 |                     <a class="nav-link {{ css_classes[key] }}" href="{{ url_for('dashboard.index', rtype=key, rstate=rstate) }}" >
12 |                     {{ item.name }} 
13 |                     {% if count_match %}
14 |                         ({{ count_match[key] }})
15 |                     {% endif %}
16 |                     </a>
17 |                 </li>
18 |             {% endfor %}    
19 |             </ul>
20 |         </div>
21 |         <div class="col-6">
22 |             <ul class="nav nav-pills justify-content-end">
23 |                 <li class="nav-item"> 
24 |                     <form id="dashboard-search" class="navbar-form mx-3" role="search" action="{{ url_for('dashboard.index', rtype=rtype, rstate=rstate) }}">
25 |                      <div class="input-group">
26 |                         <input 
27 |                             class="form-control"
28 |                             type="search" 
29 |                             name="squery"
30 |                             {% if search_query %}
31 |                                 value="{{search_query}}"
32 |                             {% else %}
33 |                                 placeholder="Search..."
34 |                             {% endif %}    
35 |                         >
36 |                         <button class="btn btn-outline-secondary" type="submit">
37 |                             <i class="bi bi-search"></i>
38 |                         </button>
39 |                     
40 |                     </div>
41 |                     <input
42 |                             type="hidden"
43 |                             name="sort"
44 |                             value={{ sort_key }}
45 |                         />
46 |                         <input
47 |                             type="hidden"
48 |                             name="order"
49 |                             value={{ sort_order }}
50 |                         />
51 |                 </form>
52 |                 </li>
53 |                 <li class="nav-item">
54 |                     <a class="nav-link {{ css_classes['active'] }}" href="{{ url_for('dashboard.index', rtype=rtype, rstate='active') }}" >Active</a>
55 |                 </li>
56 |                 <li class="nav-item">
57 |                     <a class="nav-link {{ css_classes['expired'] }}" href="{{ url_for('dashboard.index', rtype=rtype, rstate='expired') }}" >Expired</a>
58 |                 </li>
59 |                 <li class="nav-item">
60 |                     <a class="nav-link {{ css_classes['all'] }}" href="{{ url_for('dashboard.index', rtype=rtype, rstate='all') }}" >All</a>
61 |                 </li>
62 |             </ul>
63 |         </div>
64 |     </div>
65 |     <hr />
66 | 
67 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/pages/submenu_dashboard_view.html:
--------------------------------------------------------------------------------
 1 | 
 2 | {% block submenu_dashboard %}
 3 | 
 4 |   <h1>{{ rstate|capitalize }} {{ table_title }}</h1>
 5 | 
 6 |     <div class="row">
 7 |              <div class="container" id="dashboard-nav">
 8 |                  <div class="col-md-6">
 9 |                      <ul class="nav nav-pills">
10 |                          {% for key, item in dashboard.items() %}
11 |                             <li class="nav-item">
12 |                                 <a class="nav-link {{ css_classes[key] }}" href="{{ url_for('dashboard.index', rtype=key, rstate=rstate) }}" >
13 |                                 {{ item.name }} 
14 |                                 {% if count_match %}
15 |                                     ({{ count_match[key] }})
16 |                                 {% endif %}
17 |                                 </a>
18 |                             </li>
19 |                         {% endfor %} 
20 |                      </ul>
21 |                  </div>
22 |                  <div class="col-md-6">
23 |                      <ul class="nav nav-pills pull-right">
24 |                          <li>
25 |                              <form class="navbar-form pull-right" role="search" action="{{ url_for('dashboard.index', rtype=rtype, rstate=rstate) }}">
26 |                                 <div class="input-group">
27 |                                     <input
28 |                                         class="form-control"
29 |                                         type="text"
30 |                                         name="squery"
31 |                                         {% if search_query %}
32 |                                             value="{{search_query}}"
33 |                                         {% else %}
34 |                                             placeholder="Search..."
35 |                                         {% endif %}
36 |                                     />
37 |                                     <input
38 |                                         type="hidden"
39 |                                         name="sort"
40 |                                         value={{ sort_key }}
41 |                                     />
42 |                                     <input
43 |                                         type="hidden"
44 |                                         name="order"
45 |                                         value={{ sort_order }}
46 |                                     />
47 |                                     <div class="input-group-btn">
48 |                                         <button class="btn btn-default"><i class="glyphicon glyphicon-search"></i></button>
49 |                                     </div>
50 |                                 </div>
51 |                             </form>
52 |                          </li>
53 |                      </ul>
54 |                  </div>
55 |     </div>
56 |     <hr />
57 | 
58 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/pages/user_list.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% block title %}Flowspec Actions{% endblock %}
 3 | {% block content %}
 4 |     <h2>Updated {{ updated}} records.</h2>
 5 |     <h2>Users with multiple organizations</h2>
 6 |     <p>Records of users with multilple orgs could not be updated.</p>
 7 |     {% for user, orgs in users.items() %}
 8 |         <p>
 9 |             <strong>{{ user }}</strong>
10 |             <ul>
11 |                 {% for org in orgs %}
12 |                     <li>{{ org }}</li>
13 |                 {% endfor %}
14 |             </ul>
15 |         </p>
16 |     {% endfor %}
17 |     
18 | 
19 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/templates/pages/users.html:
--------------------------------------------------------------------------------
 1 | {% extends 'layouts/default.html' %}
 2 | {% block title %}Flowspec Users{% endblock %}
 3 | {% block content %}
 4 |     <table class="table table-hover">
 5 |     <tr>
 6 |     <th>UUID</th>
 7 |     <th>Name</th>
 8 |     <th>Email</th>
 9 |     <th>Phone</th>
10 |     <th>Notice</th>
11 |     <th>Role(s)</th>
12 |     <th>Organization(s)</th>
13 |     <th>Action</th>
14 |     </tr>
15 |     {% for user in users %}
16 |         <tr>
17 |         <td>{{ user.uuid }}</td>
18 |         <td>{{ user.name if user.name }}</td>
19 |         <td>{{ user.email if user.name }}</td>
20 |         <td>{{ user.phone if user.name }}</td>
21 |         <td>{{ user.comment if user.comment }}</td>
22 |         <td>
23 |         {% for role in user.role %}
24 |           {{ role.name }} 
25 |         {% endfor %}
26 |         </td>
27 |         <td>
28 |         {% for org in user.organization %}
29 |             {{ org.name }}
30 |         {% endfor %}
31 |         </td>
32 |         <td>
33 |         <a class="btn btn-info btn-sm" href="{{ url_for('admin.edit_user', user_id=user.id) }}" role="button">
34 |             <i class="bi bi-pen"></i>
35 |         </a>
36 |         <a class="btn btn-danger btn-sm" href="{{ url_for('admin.delete_user', user_id=user.id) }}" role="button">
37 |             <i class="bi bi-x-lg"></i>
38 |         </a>
39 |         </td>
40 |         </tr>
41 |     {% endfor %}
42 |     </table>
43 | {% endblock %}


--------------------------------------------------------------------------------
/flowapp/tests/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CESNET/exafs/866f3bab1b207fccc6118efeaa4281a243a36e1b/flowapp/tests/__init__.py


--------------------------------------------------------------------------------
/flowapp/tests/conftest.py:
--------------------------------------------------------------------------------
  1 | """
  2 | PyTest configuration file for all tests
  3 | """
  4 | 
  5 | import os
  6 | import json
  7 | import pytest
  8 | from sqlalchemy import create_engine
  9 | from sqlalchemy.orm import sessionmaker
 10 | 
 11 | from flowapp import create_app
 12 | from flowapp import db as _db
 13 | from datetime import datetime
 14 | import flowapp.models
 15 | 
 16 | 
 17 | TESTDB = "test_project.db"
 18 | TESTDB_PATH = "/tmp/{}".format(TESTDB)
 19 | TEST_DATABASE_URI = "sqlite:///" + TESTDB_PATH
 20 | 
 21 | 
 22 | class FieldMock:
 23 |     def __init__(self):
 24 |         self.data = None
 25 |         self.errors = []
 26 | 
 27 | 
 28 | class RuleMock:
 29 |     def __init__(self):
 30 |         self.source = None
 31 |         self.source_mask = None
 32 |         self.dest = None
 33 |         self.dest_mask = None
 34 | 
 35 | 
 36 | @pytest.fixture
 37 | def field():
 38 |     return FieldMock()
 39 | 
 40 | 
 41 | @pytest.fixture
 42 | def field_class():
 43 |     return FieldMock
 44 | 
 45 | 
 46 | @pytest.fixture
 47 | def rule():
 48 |     return RuleMock()
 49 | 
 50 | 
 51 | @pytest.fixture(scope="session")
 52 | def app(request):
 53 |     """
 54 |     Create a Flask app, and override settings, for the whole test session.
 55 |     """
 56 | 
 57 |     _app = create_app()
 58 | 
 59 |     _app.config.update(
 60 |         EXA_API="HTTP",
 61 |         EXA_API_URL="http://localhost:5000/",
 62 |         TESTING=True,
 63 |         SQLALCHEMY_DATABASE_URI=TEST_DATABASE_URI,
 64 |         SQLALCHEMY_TRACK_MODIFICATIONS=False,
 65 |         JWT_SECRET="testing",
 66 |         API_KEY="testkey",
 67 |         SECRET_KEY="testkeysession",
 68 |         LOCAL_USER_UUID="jiri.vrany@cesnet.cz",
 69 |         LOCAL_AUTH=True,
 70 |     )
 71 | 
 72 |     print("\n----- CREATE FLASK APPLICATION\n")
 73 |     context = _app.app_context()
 74 |     context.push()
 75 |     yield _app
 76 |     print("\n----- CREATE FLASK APPLICATION CONTEXT\n")
 77 | 
 78 |     context.pop()
 79 |     print("\n----- RELEASE FLASK APPLICATION CONTEXT\n")
 80 | 
 81 | 
 82 | @pytest.fixture(scope="session")
 83 | def client(app, request):
 84 |     """
 85 |     Get the test_client from the app, for the whole test session.
 86 |     """
 87 |     print("\n----- CREATE FLASK TEST CLIENT\n")
 88 |     return app.test_client()
 89 | 
 90 | 
 91 | @pytest.fixture(scope="session")
 92 | def db(app, request):
 93 |     """
 94 |     Create entire database for every test.
 95 |     """
 96 |     engine = create_engine(app.config["SQLALCHEMY_DATABASE_URI"], echo=True)
 97 |     sessionmaker(bind=engine)
 98 |     print("\n----- CREATE TEST DB CONNECTION POOL\n")
 99 |     if os.path.exists(TESTDB_PATH):
100 |         os.unlink(TESTDB_PATH)
101 | 
102 |     with app.app_context():
103 |         _db.init_app(app)
104 |         print("#: cleaning database")
105 |         _db.reflect()
106 |         _db.drop_all()
107 |         print("#: creating tables")
108 |         _db.create_all()
109 | 
110 |         users = [
111 |             {"name": "jiri.vrany@cesnet.cz", "role_id": 3, "org_id": 1},
112 |             {"name": "petr.adamec@cesnet.cz", "role_id": 3, "org_id": 1},
113 |         ]
114 |         print("#: inserting users")
115 |         flowapp.models.insert_users(users)
116 | 
117 |     def teardown():
118 |         _db.session.commit()
119 |         _db.drop_all()
120 |         os.unlink(TESTDB_PATH)
121 | 
122 |     request.addfinalizer(teardown)
123 |     return _db
124 | 
125 | 
126 | @pytest.fixture(scope="session")
127 | def jwt_token(client, app, db, request):
128 |     """
129 |     Get the test_client from the app, for the whole test session.
130 |     """
131 |     mkey = "testkey"
132 | 
133 |     with app.app_context():
134 |         model = flowapp.models.ApiKey(machine="127.0.0.1", key=mkey, user_id=1, org_id=1)
135 |         db.session.add(model)
136 |         db.session.commit()
137 | 
138 |     print("\n----- GET JWT TEST TOKEN\n")
139 |     url = "/api/v3/auth"
140 |     headers = {"x-api-key": mkey}
141 |     token = client.get(url, headers=headers)
142 |     data = json.loads(token.data)
143 |     return data["token"]
144 | 
145 | 
146 | @pytest.fixture(scope="session")
147 | def expired_auth_token(client, app, db, request):
148 |     """
149 |     Get the test_client from the app, for the whole test session.
150 |     """
151 |     test_key = "expired_test_key"
152 |     expired_date = datetime.strptime("2019-01-01", "%Y-%m-%d")
153 |     with app.app_context():
154 |         model = flowapp.models.ApiKey(machine="127.0.0.1", key=test_key, user_id=1, expires=expired_date, org_id=1)
155 |         db.session.add(model)
156 |         db.session.commit()
157 | 
158 |     return test_key
159 | 
160 | 
161 | @pytest.fixture(scope="session")
162 | def readonly_jwt_token(client, app, db, request):
163 |     """
164 |     Get the test_client from the app, for the whole test session.
165 |     """
166 |     readonly_key = "readonly-testkey"
167 |     with app.app_context():
168 |         model = flowapp.models.ApiKey(machine="127.0.0.1", key=readonly_key, user_id=1, readonly=True, org_id=1)
169 |         db.session.add(model)
170 |         db.session.commit()
171 | 
172 |     print("\n----- GET JWT TEST TOKEN\n")
173 |     url = "/api/v3/auth"
174 |     headers = {"x-api-key": readonly_key}
175 |     token = client.get(url, headers=headers)
176 |     data = json.loads(token.data)
177 |     return data["token"]
178 | 
179 | 
180 | @pytest.fixture(scope="session")
181 | def auth_client(client):
182 |     """
183 |     Get the test_client from the app, for the whole test session.
184 |     """
185 |     print("\n----- CREATE AUTHENTICATED FLASK TEST CLIENT\n")
186 |     client.get("/local-login")
187 |     return client
188 | 


--------------------------------------------------------------------------------
/flowapp/tests/test_api_auth.py:
--------------------------------------------------------------------------------
 1 | # Test for api authorization
 2 | import json
 3 | 
 4 | 
 5 | def test_token(client, jwt_token):
 6 |     """
 7 |     test that token authorization works
 8 |     """
 9 |     req = client.get("/api/v3/test_token", headers={"x-access-token": jwt_token})
10 | 
11 |     assert req.status_code == 200
12 | 
13 | 
14 | def test_expired_token(client, expired_auth_token):
15 |     """
16 |     test that expired token authorization return 401
17 |     """
18 |     req = client.get("/api/v3/auth", headers={"x-api-key": expired_auth_token})
19 | 
20 |     assert req.status_code == 401
21 | 
22 | 
23 | def test_withnout_token(client):
24 |     """
25 |     test that without token authorization return 401
26 |     """
27 |     req = client.get("/api/v3/test_token")
28 | 
29 |     assert req.status_code == 401
30 | 
31 | 
32 | def test_readonly_token(client, readonly_jwt_token):
33 |     """
34 |     test that readonly flag is set correctly
35 |     """
36 |     req = client.get("/api/v3/test_token", headers={"x-access-token": readonly_jwt_token})
37 | 
38 |     assert req.status_code == 200
39 |     data = json.loads(req.data)
40 |     assert data['readonly']
41 | 
42 | 
43 | def test_readonly_token_ipv4_create(client, db, readonly_jwt_token):
44 |     """
45 |     test that readonly token can't create ipv4 rule
46 |     """
47 |     headers = {"x-access-token": readonly_jwt_token}
48 | 
49 |     req = client.post(
50 |         "/api/v3/rules/ipv4",
51 |         headers=headers,
52 |         json={
53 |             "action": 2,
54 |             "protocol": "tcp",
55 |             "source": "147.230.17.117",
56 |             "source_mask": 32,
57 |             "source_port": "",
58 |             "expires": "1444913400",
59 |         },
60 |     )
61 | 
62 |     assert req.status_code == 403
63 | 


--------------------------------------------------------------------------------
/flowapp/tests/test_api_deprecated.py:
--------------------------------------------------------------------------------
 1 | V_PREFIX = "/api/v1"
 2 | 
 3 | 
 4 | def test_token(client, jwt_token):
 5 |     """
 6 |     test that token authorization works
 7 |     """
 8 |     req = client.get(f"{V_PREFIX}/test_token", headers={"x-access-token": jwt_token})
 9 | 
10 |     assert req.status_code == 400
11 | 
12 | 
13 | def test_withnout_token(client):
14 |     """
15 |     test that without token authorization return 401
16 |     """
17 |     req = client.get(f"{V_PREFIX}/test_token")
18 | 
19 |     assert req.status_code == 400
20 | 
21 | 
22 | def test_rules(client, db, jwt_token):
23 |     """
24 |     test that there is one ipv4 rule created in the first test
25 |     """
26 |     req = client.get(f"{V_PREFIX}/rules", headers={"x-access-token": jwt_token})
27 | 
28 |     assert req.status_code == 400
29 | 


--------------------------------------------------------------------------------
/flowapp/tests/test_flowapp.py:
--------------------------------------------------------------------------------
 1 | def test_dashboard_not_auth(client):
 2 | 
 3 |     response = client.get("/dashboard/ipv4/active/?sort=expires&order=desc")
 4 | 
 5 |     # Expecting a 302 redirect to login
 6 |     assert response.status_code == 302
 7 | 
 8 | 
 9 | def test_dashboard(auth_client):
10 | 
11 |     response = auth_client.get("/dashboard/ipv4/active/?sort=expires&order=desc")
12 | 
13 |     # Check that the request is successful and renders the correct template
14 |     assert response.status_code == 200  # Expecting a 200 OK if the user is authenticated
15 | 


--------------------------------------------------------------------------------
/flowapp/tests/test_flowspec.py:
--------------------------------------------------------------------------------
 1 | import pytest
 2 | import flowapp.flowspec
 3 | 
 4 | 
 5 | def test_translate_number():
 6 |     """
 7 |     tests for x (integer)  to =x
 8 |     """
 9 |     assert "[=10]" == flowapp.flowspec.translate_sequence("10")
10 | 
11 | 
12 | def test_raises():
13 |     """
14 |     tests for translator
15 |     """
16 |     with pytest.raises(ValueError):
17 |         flowapp.flowspec.translate_sequence("ahoj")
18 | 
19 | 
20 | def test_raises_bad_number():
21 |     """
22 |     tests for translator
23 |     """
24 |     with pytest.raises(ValueError):
25 |         flowapp.flowspec.translate_sequence("75555")
26 | 
27 | 
28 | def test_translate_range():
29 |     """
30 |     tests for x-y  to >=x&<=y
31 |     """
32 |     assert "[>=10&<=20]" == flowapp.flowspec.translate_sequence("10-20")
33 | 
34 | 
35 | def test_exact_rule():
36 |     """
37 |     test for >=x&<=y to >=x&<=y
38 |     """
39 |     assert "[>=10&<=20]" == flowapp.flowspec.translate_sequence(">=10&<=20")
40 | 
41 | 
42 | def test_greater_than():
43 |     """
44 |     test for >x to >=x&<=65535
45 |     """
46 |     assert "[>=10&<=65535]" == flowapp.flowspec.translate_sequence(">10")
47 | 
48 | 
49 | def test_greater_equal_than():
50 |     """
51 |     test for >=x to >=x&<=65535
52 |     """
53 |     assert "[>=10&<=65535]" == flowapp.flowspec.translate_sequence(">=10")
54 | 
55 | 
56 | def test_lower_than():
57 |     """
58 |     test for <x to >=0&<=0
59 |     """
60 |     assert "[>=0&<=10]" == flowapp.flowspec.translate_sequence("<10")
61 | 
62 | 
63 | def test_lower_equal_than():
64 |     """
65 |     test for <x to >=0&<=0
66 |     """
67 |     assert "[>=0&<=10]" == flowapp.flowspec.translate_sequence("<=10")
68 | 


--------------------------------------------------------------------------------
/flowapp/tests/test_forms.py:
--------------------------------------------------------------------------------
 1 | import pytest
 2 | from flask import Flask
 3 | import flowapp.forms
 4 | 
 5 | 
 6 | @pytest.fixture()
 7 | def app():
 8 |     app = Flask(__name__)
 9 |     app.secret_key = "test"
10 |     return app
11 | 
12 | 
13 | @pytest.fixture()
14 | def ip_form(app, field_class):
15 |     with app.test_request_context():  # Push the request context
16 |         form = flowapp.forms.IPForm()
17 |         form.source = field_class()
18 |         form.dest = field_class()
19 |         form.source_mask = field_class()
20 |         form.dest_mask = field_class()
21 |         return form
22 | 
23 | 
24 | def test_ip_form_created(ip_form):
25 |     assert ip_form.source.data is None
26 |     assert ip_form.source.errors == []
27 | 
28 | 
29 | @pytest.mark.parametrize(
30 |     "address, mask, expected",
31 |     [
32 |         ("147.230.23.25", "24", False),
33 |         ("147.230.23.0", "24", True),
34 |         ("0.0.0.0", "0", True),
35 |         ("2001:718:1C01:1111::1111", "64", False),
36 |         ("2001:718:1C01:1111::", "64", True),
37 |     ],
38 | )
39 | def test_ip_form_validate_source_address(ip_form, address, mask, expected):
40 |     ip_form.source.data = address
41 |     ip_form.source_mask.data = mask
42 |     assert ip_form.validate_source_address() == expected
43 | 
44 | 
45 | @pytest.mark.parametrize(
46 |     "address, mask, expected",
47 |     [
48 |         ("147.230.23.25", "24", False),
49 |         ("147.230.23.0", "24", True),
50 |         ("0.0.0.0", "0", True),
51 |         ("2001:718:1C01:1111::1111", "64", False),
52 |         ("2001:718:1C01:1111::", "64", True),
53 |     ],
54 | )
55 | def test_ip_form_validate_dest_address(ip_form, address, mask, expected):
56 |     ip_form.dest.data = address
57 |     ip_form.dest_mask.data = mask
58 |     assert ip_form.validate_dest_address() == expected
59 | 
60 | 
61 | @pytest.mark.parametrize(
62 |     "address, mask, ranges, expected",
63 |     [
64 |         ("147.230.23.0", "24", ["147.230.0.0/16", "2001:718:1c01::/48"], True),
65 |         ("0.0.0.0", "0", ["147.230.0.0/16", "2001:718:1c01::/48"], False),
66 |         ("195.113.0.0", "16", ["195.113.0.0/18", "195.113.64.0/21"], False),
67 |     ],
68 | )
69 | def test_ip_form_validate_address_mask(ip_form, address, mask, ranges, expected):
70 |     ip_form.net_ranges = ranges
71 |     ip_form.source.data = address
72 |     ip_form.source_mask.data = mask
73 |     assert ip_form.validate_address_ranges() == expected
74 | 


--------------------------------------------------------------------------------
/flowapp/tests/test_login.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CESNET/exafs/866f3bab1b207fccc6118efeaa4281a243a36e1b/flowapp/tests/test_login.py


--------------------------------------------------------------------------------
/flowapp/tests/test_models.py:
--------------------------------------------------------------------------------
  1 | from datetime import datetime
  2 | 
  3 | import flowapp.models as models
  4 | 
  5 | 
  6 | def test_insert_ipv4(db):
  7 |     """
  8 |     test the record can be inserted
  9 |     :param db: conftest fixture
 10 |     :return:
 11 |     """
 12 |     model = models.Flowspec4(
 13 |         source="192.168.1.1",
 14 |         source_mask="32",
 15 |         source_port="80",
 16 |         destination="",
 17 |         destination_mask="",
 18 |         destination_port="",
 19 |         protocol="tcp",
 20 |         flags="",
 21 |         packet_len="",
 22 |         fragment="",
 23 |         action_id=1,
 24 |         expires=datetime.now(),
 25 |         user_id=1,
 26 |         org_id=1,
 27 |         rstate_id=1,
 28 |     )
 29 |     db.session.add(model)
 30 |     db.session.commit()
 31 | 
 32 | 
 33 | def test_get_ipv4_model_if_exists(db):
 34 |     """
 35 |     test if the function find existing model correctly
 36 |     :param db: conftest fixture
 37 |     :return:
 38 |     """
 39 |     model = models.Flowspec4(
 40 |         source="192.168.1.1",
 41 |         source_mask="32",
 42 |         source_port="80",
 43 |         destination="",
 44 |         destination_mask="",
 45 |         destination_port="",
 46 |         protocol="tcp",
 47 |         flags="",
 48 |         fragment="",
 49 |         packet_len="",
 50 |         action_id=1,
 51 |         expires=datetime.now(),
 52 |         user_id=1,
 53 |         org_id=1,
 54 |         rstate_id=1,
 55 |     )
 56 |     db.session.add(model)
 57 |     db.session.commit()
 58 | 
 59 |     form_data = {
 60 |         "source": "192.168.1.1",
 61 |         "source_mask": "32",
 62 |         "source_port": "80",
 63 |         "dest": "",
 64 |         "dest_mask": "",
 65 |         "dest_port": "",
 66 |         "protocol": "tcp",
 67 |         "flags": "",
 68 |         "packet_len": "",
 69 |         "action": 1,
 70 |     }
 71 | 
 72 |     result = models.get_ipv4_model_if_exists(form_data, 1)
 73 |     assert result
 74 |     assert result == model
 75 | 
 76 | 
 77 | def test_get_ipv6_model_if_exists(db):
 78 |     """
 79 |     test if the function find existing model correctly
 80 |     :param db: conftest fixture
 81 |     :return:
 82 |     """
 83 |     model = models.Flowspec6(
 84 |         source="2001:0db8:85a3:0000:0000:8a2e:0370:7334",
 85 |         source_mask="32",
 86 |         source_port="80",
 87 |         destination="",
 88 |         destination_mask="",
 89 |         destination_port="",
 90 |         next_header="tcp",
 91 |         flags="",
 92 |         packet_len="",
 93 |         action_id=1,
 94 |         expires=datetime.now(),
 95 |         user_id=1,
 96 |         org_id=1,
 97 |         rstate_id=1,
 98 |     )
 99 |     db.session.add(model)
100 |     db.session.commit()
101 | 
102 |     form_data = {
103 |         "source": "2001:0db8:85a3:0000:0000:8a2e:0370:7334",
104 |         "source_mask": "32",
105 |         "source_port": "80",
106 |         "dest": "",
107 |         "dest_mask": "",
108 |         "dest_port": "",
109 |         "next_header": "tcp",
110 |         "flags": "",
111 |         "packet_len": "",
112 |         "action": 1,
113 |     }
114 | 
115 |     result = models.get_ipv6_model_if_exists(form_data, 1)
116 |     assert result
117 |     assert result == model
118 | 
119 | 
120 | def test_ipv4_eq(db):
121 |     """
122 |     test that creating with valid data returns 201
123 |     """
124 |     model_A = models.Flowspec4(
125 |         source="192.168.1.1",
126 |         source_mask="32",
127 |         source_port="80",
128 |         destination="",
129 |         destination_mask="",
130 |         destination_port="",
131 |         protocol="tcp",
132 |         flags="",
133 |         fragment="",
134 |         packet_len="",
135 |         action_id=1,
136 |         expires="123",
137 |         user_id=1,
138 |         org_id=1,
139 |         rstate_id=1,
140 |     )
141 | 
142 |     model_B = models.Flowspec4(
143 |         source="192.168.1.1",
144 |         source_mask="32",
145 |         source_port="80",
146 |         destination="",
147 |         destination_mask="",
148 |         destination_port="",
149 |         protocol="tcp",
150 |         flags="",
151 |         fragment="",
152 |         packet_len="",
153 |         action_id=1,
154 |         expires="123456",
155 |         user_id=1,
156 |         org_id=1,
157 |         rstate_id=1,
158 |     )
159 | 
160 |     assert model_A == model_B
161 | 
162 | 
163 | def test_ipv4_ne(db):
164 |     """
165 |     test that creating with valid data returns 201
166 |     """
167 |     model_A = models.Flowspec4(
168 |         source="192.168.2.2",
169 |         source_mask="32",
170 |         source_port="80",
171 |         destination="",
172 |         destination_mask="",
173 |         destination_port="",
174 |         protocol="tcp",
175 |         flags="",
176 |         fragment="",
177 |         packet_len="",
178 |         action_id=1,
179 |         expires="123",
180 |         user_id=1,
181 |         org_id=1,
182 |         rstate_id=1,
183 |     )
184 | 
185 |     model_B = models.Flowspec4(
186 |         source="192.168.1.1",
187 |         source_mask="32",
188 |         source_port="80",
189 |         destination="",
190 |         destination_mask="",
191 |         destination_port="",
192 |         protocol="tcp",
193 |         flags="",
194 |         fragment="",
195 |         packet_len="",
196 |         action_id=1,
197 |         expires="123456",
198 |         user_id=1,
199 |         org_id=1,
200 |         rstate_id=1,
201 |     )
202 | 
203 |     assert model_A != model_B
204 | 
205 | 
206 | def test_rtbj_eq(db):
207 |     """
208 |     test that two equal rtbh rules are equal
209 |     """
210 |     model_A = models.RTBH(
211 |         ipv4="192.168.1.1",
212 |         ipv4_mask="32",
213 |         ipv6="",
214 |         ipv6_mask="",
215 |         community_id=1,
216 |         expires="123",
217 |         user_id=1,
218 |         org_id=1,
219 |         rstate_id=1,
220 |     )
221 | 
222 |     model_B = models.RTBH(
223 |         ipv4="192.168.1.1",
224 |         ipv4_mask="32",
225 |         ipv6="",
226 |         ipv6_mask="",
227 |         community_id=1,
228 |         expires="123456",
229 |         user_id=1,
230 |         org_id=1,
231 |         rstate_id=1,
232 |     )
233 | 
234 |     assert model_A == model_B
235 | 


--------------------------------------------------------------------------------
/flowapp/tests/test_utils.py:
--------------------------------------------------------------------------------
 1 | import ipaddress
 2 | import pytest
 3 | 
 4 | from datetime import datetime, timedelta
 5 | 
 6 | from flowapp import utils
 7 | 
 8 | 
 9 | @pytest.mark.parametrize(
10 |     "apitime, preformat",
11 |     [
12 |         ("10/15/2015 14:46", "us"),
13 |         ("2015/10/15 14:46", "yearfirst"),
14 |         ("1444913400", "timestamp"),
15 |         (1444913400, "timestamp"),
16 |     ],
17 | )
18 | def test_parse_api_time(apitime, preformat):
19 |     """
20 |     is the time parsed correctly
21 |     """
22 |     result = utils.parse_api_time(apitime)
23 |     assert isinstance(result, tuple)
24 |     assert result[0] == datetime(2015, 10, 15, 14, 50)
25 |     assert result[1] == preformat
26 | 
27 | 
28 | @pytest.mark.parametrize(
29 |     "apitime", ["10/152015 14:46", "201/10/15 14:46", "144123254913400", "abcd"]
30 | )
31 | def test_parse_api_time_bad_time(apitime):
32 |     """
33 |     is the time parsed correctly
34 |     """
35 |     assert not utils.parse_api_time(apitime)
36 | 
37 | 
38 | def test_get_rule_state_by_time():
39 |     """
40 |     Test if time in the past returns 2
41 |     """
42 |     past = datetime.now() - timedelta(days=1)
43 | 
44 |     assert utils.get_state_by_time(past) == 2
45 | 
46 | 
47 | def test_round_to_ten():
48 |     """
49 |     Test if the time is rounded correctly
50 |     """
51 |     d1 = datetime(2013, 9, 2, 16, 25, 59)
52 |     d2 = datetime(2013, 9, 2, 16, 32, 59)
53 |     dround = datetime(2013, 9, 2, 16, 30, 00)
54 | 
55 |     assert utils.round_to_ten_minutes(d1) == dround
56 |     assert utils.round_to_ten_minutes(d2) == dround
57 | 
58 | 
59 | @pytest.mark.parametrize(
60 |     "address_a, address_b",
61 |     [
62 |         (
63 |             "2001:718:1c01:16:f1c4:c682:817:7e23",
64 |             "2001:0718:1c01:0016:f1c4:c682:0817:7e23",
65 |         ),
66 |         ("2001:718::", "2001:718::0"),
67 |         ("2001:718::0", "2001:0718:0000:0000:0000:0000:0000:0000"),
68 |     ],
69 | )
70 | def test_ipv6_comparsion(address_a, address_b):
71 |     assert ipaddress.ip_address(address_a) == ipaddress.ip_address(address_b)
72 | 


--------------------------------------------------------------------------------
/flowapp/tests/test_validators.py:
--------------------------------------------------------------------------------
  1 | import pytest
  2 | import flowapp.validators
  3 | 
  4 | 
  5 | def test_port_string_len_raises(field):
  6 |     port = flowapp.validators.PortString()
  7 |     field.data = "1;2;3;4;5;6;7;8"
  8 |     with pytest.raises(flowapp.validators.ValidationError):
  9 |         port(None, field)
 10 | 
 11 | 
 12 | @pytest.mark.parametrize(
 13 |     "address, mask, expected",
 14 |     [
 15 |         ("147.230.23.25", "24", False),
 16 |         ("147.230.23.0", "24", True),
 17 |         ("0.0.0.0", "0", True),
 18 |         ("2001:718:1C01:1111::1111", "64", False),
 19 |         ("2001:718:1C01:1111::", "64", True),
 20 |     ],
 21 | )
 22 | def test_is_valid_address_with_mask(address, mask, expected):
 23 |     assert flowapp.validators.address_with_mask(address, mask) == expected
 24 | 
 25 | 
 26 | @pytest.mark.parametrize("address", ["147.230.23.25", "147.230.23.0"])
 27 | def test_ip4address_passes(field, address):
 28 |     adr = flowapp.validators.IPv4Address()
 29 |     field.data = address
 30 |     adr(None, field)
 31 | 
 32 | 
 33 | @pytest.mark.parametrize(
 34 |     "address",
 35 |     [
 36 |         "2001:718:1C01:1111::1111",
 37 |         "2001:718:1C01:1111::",
 38 |     ],
 39 | )
 40 | def test_ip6address_passes(field, address):
 41 |     adr = flowapp.validators.IPv6Address()
 42 |     field.data = address
 43 |     adr(None, field)
 44 | 
 45 | 
 46 | @pytest.mark.parametrize(
 47 |     "address",
 48 |     [
 49 |         "2001:718:1C01:1111::1111",
 50 |         "2001:718:1C01:1111::",
 51 |     ],
 52 | )
 53 | def test_bad_ip6address_raises(field, address):
 54 |     adr = flowapp.validators.IPv4Address()
 55 |     field.data = address
 56 |     with pytest.raises(flowapp.validators.ValidationError):
 57 |         adr(None, field)
 58 | 
 59 | 
 60 | @pytest.mark.parametrize(
 61 |     "expired", ["2018/10/25 14:46", "2018/12/20 9:46", "2019/05/22 12:33"]
 62 | )
 63 | def test_expired_date_raises(field, expired):
 64 |     adr = flowapp.validators.DateNotExpired()
 65 |     field.data = expired
 66 |     with pytest.raises(flowapp.validators.ValidationError):
 67 |         adr(None, field)
 68 | 
 69 | 
 70 | @pytest.mark.parametrize(
 71 |     "address",
 72 |     [
 73 |         "147.230.1000.25",
 74 |         "2001:718::::",
 75 |     ],
 76 | )
 77 | def test_ipaddress_raises(field, address):
 78 |     adr = flowapp.validators.IPv6Address()
 79 |     field.data = address
 80 |     with pytest.raises(flowapp.validators.ValidationError):
 81 |         adr(None, field)
 82 | 
 83 | 
 84 | @pytest.mark.parametrize(
 85 |     "address, mask, ranges, expected",
 86 |     [
 87 |         ("147.230.23.0", "24", ["147.230.0.0/16", "147.251.0.0/16"], True),
 88 |         ("147.230.23.0", "24", ["147.230.0.0/16", "147.251.0.0/16"], True),
 89 |     ],
 90 | )
 91 | def test_editable_rule(rule, address, mask, ranges, expected):
 92 |     rule.source = address
 93 |     rule.source_mask = mask
 94 |     assert flowapp.validators.editable_range(rule, ranges) == expected
 95 | 
 96 | 
 97 | @pytest.mark.parametrize(
 98 |     "address, mask, ranges, expected",
 99 |     [
100 |         ("147.230.23.0", "24", ["147.230.0.0/16", "147.251.0.0/16"], True),
101 |         ("147.233.23.0", "24", ["147.230.0.0/16", "147.251.0.0/16"], False),
102 |         ("147.230.23.0", "24", ["147.230.0.0/16", "2001:718:1c01::/48"], True),
103 |         ("195.113.0.0", "16", ["0.0.0.0/0", "::/0"], True),
104 |     ],
105 | )
106 | def test_address_in_range(address, mask, ranges, expected):
107 |     assert flowapp.validators.address_in_range(address, ranges) == expected
108 | 
109 | 
110 | @pytest.mark.parametrize(
111 |     "address, mask, ranges, expected",
112 |     [
113 |         ("147.230.23.0", "24", ["147.230.0.0/16", "147.251.0.0/16"], True),
114 |         ("147.233.23.0", "24", ["147.230.0.0/16", "147.251.0.0/16"], False),
115 |         ("195.113.0.0", "16", ["195.113.0.0/18", "195.113.64.0/21"], False),
116 |         ("195.113.0.0", "16", ["0.0.0.0/0", "::/0"], True),
117 |         (
118 |             "195.113.0.0",
119 |             "16",
120 |             ["147.230.0.0/16", "2001:718:1c01::/48", "0.0.0.0/0", "::/0"],
121 |             True,
122 |         ),
123 |     ],
124 | )
125 | def test_network_in_range(address, mask, ranges, expected):
126 |     assert flowapp.validators.network_in_range(address, mask, ranges) == expected
127 | 
128 | 
129 | @pytest.mark.parametrize(
130 |     "address, mask, ranges, expected",
131 |     [
132 |         ("195.113.0.0", "16", ["147.230.0.0/16", "195.113.250.0/24"], True),
133 |     ],
134 | )
135 | def test_range_in_network(address, mask, ranges, expected):
136 |     assert flowapp.validators.range_in_network(address, mask, ranges) == expected
137 | 


--------------------------------------------------------------------------------
/flowapp/utils.py:
--------------------------------------------------------------------------------
  1 | from operator import ge, lt
  2 | from datetime import datetime, timedelta
  3 | from flask import flash
  4 | from flowapp.constants import (
  5 |     COMP_FUNCS,
  6 |     TIME_YEAR,
  7 |     TIME_US,
  8 |     TIME_STMP,
  9 |     TIME_FORMAT_ARG,
 10 |     RULE_TYPES_DICT,
 11 |     FORM_TIME_PATTERN,
 12 | )
 13 | 
 14 | 
 15 | def other_rtypes(rtype):
 16 |     """
 17 |     get rtype and return list of remaining rtypes
 18 |     for example get ipv4 and return [ipv6, rtbh]
 19 |     """
 20 |     result = list(RULE_TYPES_DICT.keys())
 21 |     try:
 22 |         result.remove(rtype)
 23 |     except ValueError:
 24 |         pass
 25 | 
 26 |     return result
 27 | 
 28 | 
 29 | def output_date_format(json_request_data, pref_format=TIME_YEAR):
 30 |     """
 31 |     prefer user setting from parameter, if the parameter is not set
 32 |     then use the prefered format computed from input date
 33 |     """
 34 |     if not json_request_data:
 35 |         return pref_format
 36 | 
 37 |     if TIME_FORMAT_ARG in json_request_data and json_request_data[TIME_FORMAT_ARG]:
 38 |         return json_request_data[TIME_FORMAT_ARG]
 39 |     else:
 40 |         return pref_format
 41 | 
 42 | 
 43 | def parse_api_time(apitime):
 44 |     """
 45 |     check if the api time is in US, EU or timestamp format
 46 |     :param apitime: string with date and time
 47 |     :returns: datetime, prefered format
 48 |     """
 49 | 
 50 |     apitime = str(apitime)
 51 |     try:
 52 |         return (
 53 |             round_to_ten_minutes(datetime.strptime(apitime, FORM_TIME_PATTERN)),
 54 |             TIME_US,
 55 |         )
 56 |     except ValueError:
 57 |         mytime = False
 58 | 
 59 |     try:
 60 |         return round_to_ten_minutes(webpicker_to_datetime(apitime)), TIME_YEAR
 61 |     except ValueError:
 62 |         mytime = False
 63 | 
 64 |     try:
 65 |         return round_to_ten_minutes(webpicker_to_datetime(apitime, TIME_US)), TIME_US
 66 |     except ValueError:
 67 |         mytime = False
 68 | 
 69 |     try:
 70 |         return round_to_ten_minutes(datetime.fromtimestamp(int(apitime))), TIME_STMP
 71 |     except OverflowError:
 72 |         mytime = False
 73 |     except ValueError:
 74 |         mytime = False
 75 | 
 76 |     return False
 77 | 
 78 | 
 79 | def quote_to_ent(comment):
 80 |     """
 81 |     Convert all " to &quot;
 82 |     Used for comment sanitize / because of tooltip in dashboard break when quotes are unescaped
 83 |     :param comment: string to be sanitized
 84 |     :return: string
 85 |     """
 86 |     if comment:
 87 |         return comment.replace('"', "&quot;")
 88 | 
 89 | 
 90 | def webpicker_to_datetime(webtime, format=TIME_YEAR):
 91 |     """
 92 |     convert 'YYYY/MM/DD HH:mm' to datetime
 93 |     """
 94 |     if format == TIME_YEAR:
 95 |         formating_string = "%Y/%m/%d %H:%M"
 96 |     else:
 97 |         formating_string = "%m/%d/%Y %H:%M"
 98 | 
 99 |     return datetime.strptime(webtime, formating_string)
100 | 
101 | 
102 | def datetime_to_webpicker(python_time, format=TIME_YEAR):
103 |     """
104 |     convert datetime to 'YYYY/MM/DD HH:mm' string
105 |     """
106 |     if format == TIME_YEAR:
107 |         formating_string = "%Y/%m/%d %H:%M"
108 |     else:
109 |         formating_string = "%m/%d/%Y %H:%M"
110 | 
111 |     return datetime.strftime(python_time, formating_string)
112 | 
113 | 
114 | def get_state_by_time(python_time):
115 |     """
116 |     returns state for rule based on given time
117 |     if given time is in the past returns 2 (withdrawed rule)
118 |     else returns 1
119 |     :param python_time:
120 |     :return: integer rstate
121 |     """
122 |     present = datetime.now()
123 | 
124 |     if python_time <= present:
125 |         return 2
126 |     else:
127 |         return 1
128 | 
129 | 
130 | def round_to_ten_minutes(python_time):
131 |     """
132 |     Round given time to nearest ten minutes
133 |     :param python_time: datetime
134 |     :return: datetime
135 |     """
136 |     python_time += timedelta(minutes=5)
137 |     python_time -= timedelta(
138 |         minutes=python_time.minute % 10,
139 |         seconds=python_time.second,
140 |         microseconds=python_time.microsecond,
141 |     )
142 | 
143 |     return python_time
144 | 
145 | 
146 | def flash_errors(form):
147 |     """
148 |     Flash all error messages
149 |     :param form: WTForm object
150 |     :return: none
151 |     """
152 |     for field, errors in form.errors.items():
153 |         for error in errors:
154 |             flash("Error in the %s field - %s" % (getattr(form, field).label.text, error))
155 | 
156 | 
157 | def active_css_rstate(rtype, rstate):
158 |     """
159 |     returns dict with rstates as keys and css class value
160 |     :param rstate: string
161 |     :return: dict
162 |     """
163 | 
164 |     return {
165 |         "active": "",
166 |         "expired": "",
167 |         "all": "",
168 |         "ipv4": "",
169 |         "ipv6": "",
170 |         "rtbh": "",
171 |         rtype: "active",
172 |         rstate: "active",
173 |     }
174 | 
175 | 
176 | def get_comp_func(rstate="active"):
177 |     try:
178 |         comp_func = COMP_FUNCS[rstate]
179 |     except IndexError:
180 |         comp_func = None
181 |     except KeyError:
182 |         comp_func = None
183 | 
184 |     return comp_func
185 | 


--------------------------------------------------------------------------------
/flowapp/validators.py:
--------------------------------------------------------------------------------
  1 | import ipaddress
  2 | from datetime import datetime
  3 | from wtforms.validators import ValidationError
  4 | 
  5 | from flowapp import constants, flowspec, utils
  6 | 
  7 | 
  8 | def filter_rules_in_network(net_ranges, rules):
  9 |     """
 10 |     Return only rules matching user net ranges
 11 |     :param net_ranges: list of network ranges
 12 |     :param rules: list of rules (ipv4 or ipv6
 13 |     :return: filtered list of rules
 14 |     """
 15 |     return [
 16 |         rule
 17 |         for rule in rules
 18 |         if network_in_range(rule.source, rule.source_mask, net_ranges)
 19 |         or network_in_range(rule.dest, rule.dest_mask, net_ranges)
 20 |     ]
 21 | 
 22 | 
 23 | def split_rules_for_user(net_ranges, rules):
 24 |     """
 25 |     Return rules matching user net ranges and the rest
 26 |     :param net_ranges: list of network ranges
 27 |     :param rules: list of rules (ipv4 or ipv6
 28 |     :return: filtered list of rules, rest of rules
 29 |     """
 30 |     user_rules = []
 31 |     rest_rules = []
 32 |     for rule in rules:
 33 |         if network_in_range(rule.source, rule.source_mask, net_ranges) or network_in_range(
 34 |             rule.dest, rule.dest_mask, net_ranges
 35 |         ):
 36 |             user_rules.append(rule)
 37 |         else:
 38 |             rest_rules.append(rule)
 39 | 
 40 |     return user_rules, rest_rules
 41 | 
 42 | 
 43 | def filter_rtbh_rules(net_ranges, rules):
 44 |     """
 45 |     Return only rules matching user net ranges
 46 |     :param net_ranges: list of network ranges
 47 |     :param rules: list of RTBH rules
 48 |     :return: filtered list of rules
 49 |     """
 50 |     return [
 51 |         rule
 52 |         for rule in rules
 53 |         if network_in_range(rule.ipv4, rule.ipv4_mask, net_ranges)
 54 |         or network_in_range(rule.ipv6, rule.ipv6_mask, net_ranges)
 55 |     ]
 56 | 
 57 | 
 58 | def split_rtbh_rules_for_user(net_ranges, rules):
 59 |     """
 60 |     Return rtbh rules matching user net ranges and the rest
 61 |     :param net_ranges: list of network ranges
 62 |     :param rules: list of RTBH rules
 63 |     :return: filtered list of rules, rest of original list
 64 |     """
 65 |     filtered = []
 66 |     read_only = []
 67 |     for rule in rules:
 68 |         if network_in_range(rule.ipv4, rule.ipv4_mask, net_ranges) or network_in_range(
 69 |             rule.ipv6, rule.ipv6_mask, net_ranges
 70 |         ):
 71 |             filtered.append(rule)
 72 |         else:
 73 |             read_only.append(rule)
 74 | 
 75 |     return filtered, read_only
 76 | 
 77 | 
 78 | def address_in_range(address, net_ranges):
 79 |     """
 80 |     check if given ip address is in user network ranges
 81 |     :param address: string ip_address
 82 |     :param net_ranges: list of network ranges
 83 |     :return: boolean
 84 |     """
 85 |     result = False
 86 |     for adr_range in net_ranges:
 87 |         try:
 88 |             result = result or ipaddress.ip_address(address) in ipaddress.ip_network(adr_range)
 89 |         except ValueError:
 90 |             return False
 91 | 
 92 |     return result
 93 | 
 94 | 
 95 | def network_in_range(address, mask, net_ranges):
 96 |     """
 97 |     check if given ip address is in user network ranges
 98 |     :param address: string ip_address
 99 |     :param net_ranges: list of network ranges
100 |     :return: boolean
101 |     """
102 |     result = False
103 |     network = "{}/{}".format(address, mask)
104 |     for adr_range in net_ranges:
105 |         try:
106 |             result = result or subnet_of(ipaddress.ip_network(network), ipaddress.ip_network(adr_range))
107 |         except TypeError:  # V4 can't be a subnet of V6 and vice versa
108 |             pass
109 |         except ValueError:
110 |             return False
111 | 
112 |     return result
113 | 
114 | 
115 | def range_in_network(address, mask, net_ranges):
116 |     """
117 |     check if given ip address is in user network ranges
118 |     :param address: string ip_address
119 |     :param net_ranges: list of network ranges
120 |     :return: boolean
121 |     """
122 |     result = False
123 |     network = "{}/{}".format(address, mask)
124 |     for adr_range in net_ranges:
125 |         try:
126 |             result = result or supernet_of(ipaddress.ip_network(network), ipaddress.ip_network(adr_range))
127 |         except ValueError:
128 |             return False
129 | 
130 |     return result
131 | 
132 | 
133 | def whole_world_range(net_ranges, address="0.0.0.0"):
134 |     """
135 |     check if  user can specify network address for whole world
136 |     :param address: 0.0.0.0/0 or ::/0
137 |     :param net_ranges: list of network ranges
138 |     :return: boolean
139 |     """
140 |     result = False
141 | 
142 |     try:
143 |         for adr_range in net_ranges:
144 |             result = result or ipaddress.ip_address(address) in ipaddress.ip_network(adr_range)
145 |     except ValueError:
146 |         return False
147 | 
148 |     return result
149 | 
150 | 
151 | def address_with_mask(address, mask):
152 |     """
153 |     check if given ip address and mask combination is valid
154 |     :param address: string ip_address
155 |     :param mask: int net prefix/mask
156 |     :return: boolean
157 |     """
158 |     merged = "{}/{}".format(address, mask)
159 |     try:
160 |         ipaddress.ip_network(merged)
161 |     except ValueError:
162 |         return False
163 | 
164 |     return True
165 | 
166 | 
167 | class DateNotExpired(object):
168 |     """
169 |     Validator for date - must be in the future
170 |     """
171 | 
172 |     def __init__(self, message=None):
173 |         if not message:
174 |             message = "You can not insert expired rule. Date expired:"
175 |         self.message = message
176 | 
177 |     def __call__(self, form, field):
178 |         expires = utils.webpicker_to_datetime(field.data)
179 |         if expires < datetime.now():
180 |             raise ValidationError(self.message + str(field.data))
181 | 
182 | 
183 | class PortString(object):
184 |     """
185 |     Validator for port string - must be translatable to ExaBgp syntax
186 |     Max number of comma separated values must be <= 6 (default)
187 |     """
188 | 
189 |     def __init__(self, message=None, max_values=constants.MAX_COMMA_VALUES):
190 |         if not message:
191 |             message = "Invalid syntax: "
192 |         self.message = message
193 |         self.max_values = max_values
194 | 
195 |     def __call__(self, form, field):
196 |         field_data = field.data.split(";")
197 |         if len(field_data) > self.max_values:
198 |             raise ValidationError("{} maximum {} comma separated values".format(self.message, self.max_values))
199 |         try:
200 |             for port_string in field_data:
201 |                 flowspec.to_exabgp_string(port_string, constants.MAX_PORT)
202 |         except ValueError as e:
203 |             raise ValidationError(self.message + str(e.args[0]))
204 | 
205 | 
206 | class PacketString(object):
207 |     """
208 |     Validator for packet length string - must be translatable to ExaBgp syntax
209 |     """
210 | 
211 |     def __init__(self, message=None):
212 |         if not message:
213 |             message = "Invalid packet size value: "
214 |         self.message = message
215 | 
216 |     def __call__(self, form, field):
217 |         try:
218 |             for port_string in field.data.split(";"):
219 |                 flowspec.to_exabgp_string(port_string, constants.MAX_PACKET)
220 |         except ValueError as e:
221 |             raise ValidationError(self.message + str(e.args[0]))
222 | 
223 | 
224 | class NetRangeString(object):
225 |     """
226 |     Validator for  IP adress network range
227 |     each part of string must be valid ip address separated by spaces, newlines
228 |     """
229 | 
230 |     def __init__(self, message=None):
231 |         if not message:
232 |             message = "Invalid network range: "
233 |         self.message = message
234 | 
235 |     def __call__(self, form, field):
236 |         try:
237 |             for net_string in field.data.split():
238 |                 _a = ipaddress.ip_network(net_string)
239 |         except ValueError as e:
240 |             raise ValidationError(self.message + str(e.args[0]))
241 | 
242 | 
243 | class NetInRange(object):
244 |     """
245 |     Validator for IP address - must be in organization net range
246 |     """
247 | 
248 |     def __init__(self, net_ranges):
249 |         self.message = "Address not in organization range : {}.".format(net_ranges)
250 |         self.net_ranges = net_ranges
251 | 
252 |     def __call__(self, form, field):
253 |         result = False
254 |         for address in field.data.split("/"):
255 |             for adr_range in self.net_ranges:
256 |                 result = result or ipaddress.ip_address(address) in ipaddress.ip_network(adr_range)
257 | 
258 |         if not result:
259 |             raise ValidationError(self.message)
260 | 
261 | 
262 | class IPAddress(object):
263 |     """
264 |     Validator for IP Address
265 |     """
266 | 
267 |     def __init__(self, message=None):
268 |         if not message:
269 |             message = "This does not look like valid IP Address: "
270 |         self.message = message
271 | 
272 |     def __call__(self, form, field):
273 |         try:
274 |             ipaddress.ip_address(field.data)
275 |         except ValueError:
276 |             raise ValidationError(self.message + str(field.data))
277 | 
278 | 
279 | class IPv6Address(object):
280 |     """
281 |     Validator for IPv6 address - the original from WTForms is not working for ipv6 correctly
282 |     """
283 | 
284 |     def __init__(self, message=None):
285 |         if not message:
286 |             message = "This does not look like valid IPv6 Address: "
287 |         self.message = message
288 | 
289 |     def __call__(self, form, field):
290 |         try:
291 |             ipaddress.IPv6Address(field.data)
292 |         except ValueError:
293 |             raise ValidationError(self.message + str(field.data))
294 | 
295 | 
296 | class IPv4Address(object):
297 |     """
298 |     Validator for IPv4 address - the original from WTForms is not working for ipv6 correctly
299 |     """
300 | 
301 |     def __init__(self, message=None):
302 |         if not message:
303 |             message = "This does not look like valid IPv4 Address: "
304 |         self.message = message
305 | 
306 |     def __call__(self, form, field):
307 |         try:
308 |             ipaddress.IPv4Address(field.data)
309 |         except ValueError:
310 |             raise ValidationError(self.message + str(field.data))
311 | 
312 | 
313 | def editable_range(rule, net_ranges):
314 |     """
315 |     check if the rule is editable for user
316 |     choice is based on user network ranges
317 |     :param net_ranges: list of user networks
318 |     :param rule: object IPV4 or IPV6 rule
319 |     """
320 |     result = False
321 | 
322 |     for adr_range in net_ranges:
323 |         net = ipaddress.ip_network(adr_range)
324 |         if rule.source and ipaddress.ip_address(rule.source) in net:
325 |             adr, pref = adr_range.split("/")
326 |             if rule.source_mask and int(rule.source_mask) >= int(pref):
327 |                 result = True
328 | 
329 |         if rule.dest and ipaddress.ip_address(rule.dest) in net:
330 |             adr, pref = adr_range.split("/")
331 |             if rule.dest_mask and int(rule.dest_mask) >= int(pref):
332 |                 result = True
333 | 
334 |     return result
335 | 
336 | 
337 | def _is_subnet_of(a, b):
338 |     try:
339 |         # Always false if one is v4 and the other is v6.
340 |         if a._version != b._version:
341 |             raise TypeError("%s and %s are not of the same version" % (a, b))
342 |         return b.network_address <= a.network_address and b.broadcast_address >= a.broadcast_address
343 |     except AttributeError:
344 |         raise TypeError("Unable to test subnet containment " "between %s and %s" % (a, b))
345 | 
346 | 
347 | def subnet_of(net_a, net_b):
348 |     """Return True if this network is a subnet of other."""
349 |     return _is_subnet_of(net_a, net_b)
350 | 
351 | 
352 | def supernet_of(net_a, net_b):
353 |     """Return True if this network is a supernet of other."""
354 |     return _is_subnet_of(net_b, net_a)
355 | 


--------------------------------------------------------------------------------
/flowapp/views/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CESNET/exafs/866f3bab1b207fccc6118efeaa4281a243a36e1b/flowapp/views/__init__.py


--------------------------------------------------------------------------------
/flowapp/views/api_keys.py:
--------------------------------------------------------------------------------
  1 | import jwt
  2 | from flask import (
  3 |     Blueprint,
  4 |     render_template,
  5 |     redirect,
  6 |     flash,
  7 |     request,
  8 |     url_for,
  9 |     session,
 10 |     make_response,
 11 |     current_app,
 12 | )
 13 | import secrets
 14 | 
 15 | from ..forms import ApiKeyForm
 16 | from ..models import ApiKey
 17 | from ..auth import auth_required
 18 | 
 19 | from flowapp import db
 20 | 
 21 | COOKIE_KEY = "keylist"
 22 | 
 23 | api_keys = Blueprint("api_keys", __name__, template_folder="templates")
 24 | 
 25 | 
 26 | @api_keys.route("/", methods=["GET"])
 27 | @auth_required
 28 | def all():
 29 |     """
 30 |     Show user api keys
 31 |     :return: page with keys
 32 |     """
 33 |     jwt_key = current_app.config.get("JWT_SECRET")
 34 |     keys = db.session.query(ApiKey).filter_by(user_id=session["user_id"]).all()
 35 |     payload = {"keys": [key.id for key in keys]}
 36 |     encoded = jwt.encode(payload, jwt_key, algorithm="HS256")
 37 | 
 38 |     resp = make_response(render_template("pages/api_key.html", keys=keys))
 39 | 
 40 |     if current_app.config.get("DEVEL"):
 41 |         resp.set_cookie(COOKIE_KEY, encoded, httponly=True, samesite="Lax")
 42 |     else:
 43 |         resp.set_cookie(COOKIE_KEY, encoded, secure=True, httponly=True, samesite="Lax")
 44 | 
 45 |     return resp
 46 | 
 47 | 
 48 | @api_keys.route("/add", methods=["GET", "POST"])
 49 | @auth_required
 50 | def add():
 51 |     """
 52 |     Add new ApiKey
 53 |     :return: form or redirect to list of keys
 54 |     """
 55 |     generated = secrets.token_hex(24)
 56 |     form = ApiKeyForm(request.form, key=generated)
 57 | 
 58 |     if request.method == "POST" and form.validate():
 59 |         model = ApiKey(
 60 |             machine=form.machine.data,
 61 |             key=form.key.data,
 62 |             expires=form.expires.data,
 63 |             readonly=form.readonly.data,
 64 |             comment=form.comment.data,
 65 |             user_id=session["user_id"],
 66 |             org_id=session["user_org_id"],
 67 |         )
 68 | 
 69 |         db.session.add(model)
 70 |         db.session.commit()
 71 |         flash("NewKey saved", "alert-success")
 72 | 
 73 |         return redirect(url_for("api_keys.all"))
 74 |     else:
 75 |         for field, errors in form.errors.items():
 76 |             for error in errors:
 77 |                 current_app.logger.debug("Error in the %s field - %s" % (getattr(form, field).label.text, error))
 78 | 
 79 |     return render_template("forms/api_key.html", form=form, generated_key=generated)
 80 | 
 81 | 
 82 | @api_keys.route("/delete/<int:key_id>", methods=["GET"])
 83 | @auth_required
 84 | def delete(key_id):
 85 |     """
 86 |     Delete api_key and machine
 87 |     :param key_id: integer
 88 |     """
 89 |     key_list = request.cookies.get(COOKIE_KEY)
 90 |     key_list = jwt.decode(key_list, current_app.config.get("JWT_SECRET"), algorithms=["HS256"])
 91 | 
 92 |     model = db.session.get(ApiKey, key_id)
 93 |     if model.id not in key_list["keys"]:
 94 |         flash("You can't delete this key!", "alert-danger")
 95 |     elif model.user_id == session["user_id"] or 3 in session["user_role_ids"]:
 96 |         # delete from db
 97 |         db.session.delete(model)
 98 |         db.session.commit()
 99 |         flash("Key deleted", "alert-success")
100 |     else:
101 |         flash("You can't delete this key!", "alert-danger")
102 | 
103 |     return redirect(url_for("api_keys.all"))
104 | 


--------------------------------------------------------------------------------
/flowapp/views/api_v1.py:
--------------------------------------------------------------------------------
 1 | from flask import Blueprint, jsonify
 2 | 
 3 | 
 4 | api = Blueprint("api_v1", __name__, template_folder="templates")
 5 | METHODS = ["GET", "POST", "PUT", "DELETE"]
 6 | 
 7 | @api.route("/", defaults={"path": ""}, methods=METHODS)
 8 | @api.route("/<path:path>", methods=METHODS)
 9 | def deprecated_warning(path):
10 |     """Catch all routes and return a deprecated warning message."""
11 |     message = "Warning: This API version is deprecated. Please use /api/v3/ instead."
12 |     return jsonify({"message": message}), 400
13 | 


--------------------------------------------------------------------------------
/flowapp/views/api_v2.py:
--------------------------------------------------------------------------------
 1 | from flask import Blueprint, jsonify
 2 | 
 3 | 
 4 | api = Blueprint("api_v2", __name__, template_folder="templates")
 5 | METHODS = ["GET", "POST", "PUT", "DELETE"]
 6 | 
 7 | @api.route("/", defaults={"path": ""}, methods=METHODS)
 8 | @api.route("/<path:path>", methods=METHODS)
 9 | def deprecated_warning(path):
10 |     """Catch all routes and return a deprecated warning message."""
11 |     message = "Warning: This API version is deprecated. Please use /api/v3/ instead."
12 |     return jsonify({"message": message}), 400
13 | 


--------------------------------------------------------------------------------
/flowapp/views/api_v3.py:
--------------------------------------------------------------------------------
  1 | from flask import Blueprint, request
  2 | from flowapp import csrf
  3 | from flowapp.views import api_common
  4 | 
  5 | api = Blueprint("api_v3", __name__, template_folder="templates")
  6 | 
  7 | 
  8 | @api.route("/auth", methods=["GET"])
  9 | def authorize():
 10 |     mkey = request.headers.get("x-api-key", None)
 11 |     return api_common.authorize(mkey)
 12 | 
 13 | 
 14 | @api.route("/rules")
 15 | @api_common.token_required
 16 | def index(current_user):
 17 |     key_map = {
 18 |         "ipv4_rules": "flowspec_ipv4_rw",
 19 |         "ipv6_rules": "flowspec_ipv6_rw",
 20 |         "rtbh_rules": "rtbh_any_rw",
 21 |         "ipv4_rules_readonly": "flowspec_ipv4_ro",
 22 |         "ipv6_rules_readonly": "flowspec_ipv6_ro",
 23 |         "rtbh_rules_readonly": "rtbh_any_ro",
 24 |     }
 25 |     return api_common.index(current_user, key_map)
 26 | 
 27 | 
 28 | @api.route("/actions")
 29 | @api_common.token_required
 30 | def all_actions(current_user):
 31 |     """
 32 |     Returns Actions allowed for current user
 33 |     :param current_user:
 34 |     :return: json response
 35 |     """
 36 |     return api_common.all_actions(current_user)
 37 | 
 38 | 
 39 | @api.route("/communities")
 40 | @api_common.token_required
 41 | def all_communities(current_user):
 42 |     """
 43 |     Returns RTHB communites allowed for current user
 44 |     :param current_user:
 45 |     :return: json response
 46 |     """
 47 |     return api_common.all_communities(current_user)
 48 | 
 49 | 
 50 | @api.route("/rules/ipv4", methods=["POST"])
 51 | @api_common.token_required
 52 | @api_common.check_readonly
 53 | def create_ipv4(current_user):
 54 |     """
 55 |     Api method for new IPv4 rule
 56 |     :param data: parsed json request
 57 |     :param current_user: data from jwt token
 58 |     :return: json response
 59 |     """
 60 |     return api_common.create_ipv4(current_user)
 61 | 
 62 | 
 63 | @api.route("/rules/ipv6", methods=["POST"])
 64 | @csrf.exempt
 65 | @api_common.token_required
 66 | @api_common.check_readonly
 67 | def create_ipv6(current_user):
 68 |     """
 69 |     Create new IPv6 rule
 70 |     :param data: parsed json request
 71 |     :param current_user: data from jwt token
 72 |     :return:
 73 |     """
 74 |     return api_common.create_ipv6(current_user)
 75 | 
 76 | 
 77 | @api.route("/rules/rtbh", methods=["POST"])
 78 | @csrf.exempt
 79 | @api_common.token_required
 80 | @api_common.check_readonly
 81 | def create_rtbh(current_user):
 82 |     return api_common.create_rtbh(current_user)
 83 | 
 84 | 
 85 | @api.route("/rules/ipv4/<int:rule_id>", methods=["GET"])
 86 | @api_common.token_required
 87 | def ipv4_rule_get(current_user, rule_id):
 88 |     """
 89 |     Return IPv4 rule
 90 |     :param current_user:
 91 |     :param rule_id:
 92 |     :return:
 93 |     """
 94 |     return api_common.ipv4_rule_get(current_user, rule_id)
 95 | 
 96 | 
 97 | @api.route("/rules/ipv6/<int:rule_id>", methods=["GET"])
 98 | @api_common.token_required
 99 | def ipv6_rule_get(current_user, rule_id):
100 |     """
101 |     Return IPv6 rule
102 |     :param current_user:
103 |     :param rule_id:
104 |     :return:
105 |     """
106 |     return api_common.ipv6_rule_get(current_user, rule_id)
107 | 
108 | 
109 | @api.route("/rules/rtbh/<int:rule_id>", methods=["GET"])
110 | @api_common.token_required
111 | def rtbh_rule_get(current_user, rule_id):
112 |     """
113 |     Return RTBH rule
114 |     :param current_user:
115 |     :param rule_id:
116 |     :return:
117 |     """
118 |     return api_common.rtbh_rule_get(current_user, rule_id)
119 | 
120 | 
121 | @api.route("/rules/ipv4/<int:rule_id>", methods=["DELETE"])
122 | @api_common.token_required
123 | @api_common.check_readonly
124 | def delete_v4_rule(current_user, rule_id):
125 |     """
126 |     Delete rule with given id and type
127 |     :param rule_id: integer - rule id
128 |     """
129 |     return api_common.delete_v4_rule(current_user, rule_id)
130 | 
131 | 
132 | @api.route("/rules/ipv6/<int:rule_id>", methods=["DELETE"])
133 | @api_common.token_required
134 | @api_common.check_readonly
135 | def delete_v6_rule(current_user, rule_id):
136 |     """
137 |     Delete rule with given id and type
138 |     :param rule_id: integer - rule id
139 |     """
140 |     return api_common.delete_v6_rule(current_user, rule_id)
141 | 
142 | 
143 | @api.route("/rules/rtbh/<int:rule_id>", methods=["DELETE"])
144 | @api_common.token_required
145 | @api_common.check_readonly
146 | def delete_rtbh_rule(current_user, rule_id):
147 |     """
148 |     Delete rule with given id and type
149 |     :param rule_id: integer - rule id
150 |     """
151 |     return api_common.delete_rtbh_rule(current_user, rule_id)
152 | 
153 | 
154 | @api.route("/test_token", methods=["GET"])
155 | @api_common.token_required
156 | def token_test_get(current_user):
157 |     """
158 |     Return IPv4 rule
159 |     :param current_user:
160 |     :param rule_id:
161 |     :return:
162 |     """
163 |     return api_common.token_test_get(current_user)
164 | 


--------------------------------------------------------------------------------
/requirements-backup.txt:
--------------------------------------------------------------------------------
 1 | appdirs>=1.4.2
 2 | asn1crypto>=0.24.0
 3 | attrs>=17.4.0
 4 | blinker>=1.4
 5 | certifi>=2018.8.24
 6 | cffi>=1.11.5
 7 | chardet>=3.0.4
 8 | click>=6.7
 9 | cryptography>=2.3
10 | cryptography-vectors>=2.3.1
11 | enum34>=1.1.6
12 | Flask>=1.0.2
13 | Flask-SQLAlchemy>=2.2
14 | Flask-SSO>=0.4.0
15 | Flask-WTF>=0.14.2
16 | funcsigs>=1.0.2
17 | honcho>=0.7.1
18 | idna>=2.7
19 | ipaddress>=1.0.22
20 | itsdangerous>=0.24
21 | Jinja2>=2.10
22 | MarkupSafe>=0.23
23 | MySQL-python>=1.2.5
24 | packaging>=16.8
25 | pluggy>=0.6.0
26 | py>=1.5.2
27 | pycparser>=2.18
28 | PyJWT>=1.6.4
29 | PyMySQL>=0.7.10
30 | pyparsing>=2.1.10
31 | pytest>=3.4.0
32 | requests>=2.20.0
33 | six>=1.11.0
34 | SQLAlchemy>=1.1.6
35 | urllib3>=1.21.1
36 | uWSGI>=2.0.14
37 | Werkzeug>=0.14.1
38 | WTForms>=2.1
39 | 


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
 1 | Flask>=2.0.2
 2 | Flask-SQLAlchemy>=2.2
 3 | Flask-SSO>=0.4.0
 4 | Flask-WTF>=1.0.0
 5 | Flask-Migrate>=3.0.0
 6 | Flask-Script>=2.0.0
 7 | Flask-Session
 8 | PyJWT>=2.4.0
 9 | PyMySQL>=1.0.0
10 | pytest>=7.0.0
11 | requests>=2.20.0
12 | babel>=2.7.0
13 | email_validator>=1.1
14 | pika>=1.3.0
15 | loguru
16 | flasgger
17 | python-dotenv


--------------------------------------------------------------------------------
/run.example.py:
--------------------------------------------------------------------------------
 1 | """
 2 | This is an example of how to run the application.
 3 | First copy the file as run.py (or whatever you want)
 4 | Then edit the file to match your needs.
 5 | 
 6 | From version 0.8.1 the application is using Flask-Session
 7 | stored in DB using SQL Alchemy driver. This can be configured for other
 8 | drivers, however server side session is required for the application.
 9 | 
10 | In general you should not need to edit this example file.
11 | Only if you want to configure the application main menu and
12 | dashboard.
13 | 
14 | Or in case that you want to add extensions etc.
15 | """
16 | 
17 | from os import environ
18 | 
19 | from flowapp import create_app, db, sess
20 | import config
21 | 
22 | 
23 | # Configurations
24 | env = environ.get("EXAFS_ENV", "Production")
25 | 
26 | # Call app factory
27 | if env == "devel":
28 |     app = create_app(config.DevelopmentConfig)
29 | else:
30 |     app = create_app(config.ProductionConfig)
31 | 
32 | # init database object
33 | db.init_app(app)
34 | 
35 | # init session
36 | app.config.update(SESSION_TYPE="sqlalchemy")
37 | app.config.update(SESSION_SQLALCHEMY=db)
38 | sess.init_app(app)
39 | 
40 | 
41 | # run app
42 | if __name__ == "__main__":
43 |     app.run(host="::", port=8080, debug=True)
44 | 


--------------------------------------------------------------------------------
/setup.cfg:
--------------------------------------------------------------------------------
1 | [flake8]
2 | max-line-length = 109


--------------------------------------------------------------------------------
/setup.py:
--------------------------------------------------------------------------------
 1 | """
 2 | Author(s): 
 3 | Jiri Vrany <vrany@cesnet.cz>
 4 | Petr Adamec <adamec@cesnet.cz>
 5 | Jakub Man <Jakub.Man@cesnet.cz>
 6 | 
 7 | Setuptools configuration
 8 | """
 9 | 
10 | import setuptools
11 | 
12 | # Import the __version__ variable without having to import the flowapp package.
13 | # This prevents missing dependency error in new virtual environments.
14 | with open("flowapp/__about__.py") as f:
15 |     exec(f.read())
16 | 
17 | setuptools.setup(
18 |     name="exafs",
19 |     version=__version__,  # noqa: F821
20 |     author="CESNET / Jiri Vrany, Petr Adamec, Josef Verich, Jakub Man",
21 |     description="Tool for creation, validation, and execution of ExaBGP messages.",
22 |     url="https://github.com/CESNET/exafs",
23 |     license="MIT",
24 |     py_modules=[
25 |         "flowapp",
26 |     ],
27 |     packages=setuptools.find_packages(),
28 |     include_package_data=True,
29 |     python_requires=">=3.11",
30 |     install_requires=[
31 |         "Flask>=2.0.2",
32 |         "Flask-SQLAlchemy>=2.2",
33 |         "Flask-SSO>=0.4.0",
34 |         "Flask-WTF>=1.0.0",
35 |         "Flask-Migrate>=3.0.0",
36 |         "Flask-Script>=2.0.0",
37 |         "PyJWT>=2.4.0",
38 |         "PyMySQL>=1.0.0",
39 |         "pytest>=7.0.0",
40 |         "requests>=2.20.0",
41 |         "babel>=2.7.0",
42 |         "mysqlclient>=2.0.0",
43 |         "email_validator>=1.1",
44 |         "pika>=1.3.0",
45 |     ],
46 | )
47 | 


--------------------------------------------------------------------------------