Merge branch '5-fix-unauthorized-calls' into 'master'

Let's update the admin page to add blacklists See merge request !11

Merge branch '5-fix-unauthorized-calls' into 'master'
Let's update the admin page to add blacklists See merge request !11
107d27ab · okhin · aa09164e · e39f3687 · 107d27ab · 107d27ab
Commit 107d27ab authored Apr 19, 2017 by okhin 🚴
Hide whitespace changes
Inline Side-by-side

Showing with 79 additions and 3 deletions

piphone.py piphone.py +14 -3

views/index.tpl views/index.tpl +65 -0

No files found.
--- a/piphone.py
+++ b/piphone.py
@@ -483,9 +483,11 @@ def login_admin(user, password):
 @auth_basic(login_admin)
 def little_admin():
    db = sqlite3.connect(config['piphone']['db'])
-    # We need to check if we're admin
+    # Get the list of all users
    users = db.execute('SELECT api, token, admin FROM users').fetchall()
-    return template('index', users=users)
+    # Get the list of all blacklist patterns
+    balcklisted = db.execute('SELECT pattern, reason FROM blacklist').fetchall()
+    return template('index', users=users, blacklists=blacklist)

 @app.post('/admin')
 @auth_basic(login_admin)
@@ -495,6 +497,8 @@ def medium_admin():
    token = request.forms.get('api_token')
    admin = request.forms.get('admin')
    action = request.forms.get('action')
+    pattern = request.forms.get('pattern')
+    reason = request.forms.get('reason')

    if action == 'delete':
        db.execute("DELETE FROM users WHERE api = ?", (api, ))
@@ -505,9 +509,16 @@ def medium_admin():
    elif action == 'update':
        db.execute("UPDATE users set token = ?, admin = ? where api = ?", (token, admin, api ))
        db.commit()
+    elif action == 'blacklist':
+        db.execute("INSERT INTO blacklist (pattern, reason) VALUES (?, ?)", (pattern, reason,))
+        db.commit()
+    elif action == 'whitelist':
+        db.execute("DELETE FROM blacklist WHERE pattern = ?", (pattern,))
+        db.commit()

    users = db.execute('SELECT api, token, admin FROM users').fetchall()
-    return template('index', users=users)
+    balcklisted = db.execute('SELECT pattern, reason FROM blacklist').fetchall()
+    return template('index', users=users, blacklists=blacklist)


 if __name__ == '__main__':

--- a/views/index.tpl
+++ b/views/index.tpl
@@ -94,6 +94,71 @@
                    </div>
                </div>
            </div>
+            <div class="row">
+                <div class="col-md-12">
+                    <a href="#"><strong><i class="glyphicon glyphicon-list-alt"></i> Blacklisted patterns</strong></a>
+                    <hr>
+                </div>
+                <div class="col-md-8">
+                    <form class="form" name="action3" action="admin" method="post">
+                        <table class="table table-striped">
+                            <thead>
+                                <tr>
+                                    <th>Pattern</th>
+                                    <th>reason</th>
+                                    <th>whitelist?</th>
+                                </tr>
+                            </thead>
+                            <tbody>
+                                % for blacklist in blacklists:
+                                <tr>
+                                    <td>{{blacklist[0]}}</td>
+                                    <td>{{blacklist[1]}}</td>
+                                    <td><input type="checkbox" name="whitelist" value="{{ user[0] }}"></td>
+                                </tr>
+                                %end
+                            </tbody>
+                        </table>
+                        <button name="action" value="delete" type="submit" class="btn btn-danger pull-right">
+                            Whitelist
+                        </button>
+                    </form>
+                </div>
+                <div class="col-md-4">
+                    <div class="panel panel-default">
+                        <div class="panel-heading">
+                            <div class="panel-title">
+                                <h4>Blacklist a pattern</h4>
+                                <h6>The pattern must match the beginning of a number</h6>
+                            </div>
+                        </div>
+                        <div class="panel-body">
+                            <form name="action4" class="form form-vertical" action="admin" method="post">
+                                <div class="control-group">
+                                    <label>Pattern</label>
+                                    <div class="controls">
+                                        <input name="pattern" type="text" class="form-control" placeholder="Patter to blacklist">
+                                    </div>
+                                </div>
+                                <div class="control-group">
+                                    <label>Reason</label>
+                                    <div class="controls">
+                                        <input name="reason" type="text" class="form-control" placeholder="Reason for blacklisting">
+                                    </div>
+                                </div>
+                                <div class="control-group">
+                                    <label></label>
+                                    <div class="controls">
+                                        <div class="btn-group pull-right" role="group">
+                                            <button class="btn btn-success" name="action" value="blacklist" type="submit">Blacklist</button>
+                                        </div>
+                                    </div>
+                                </div>
+                            </form>
+                        </div>
+                    </div>
+                </div>
+            </div>
        </div>
        <script src="static/js/jquery.min.js"></script>
        <script src="static/js/bootstrap.min.js"></script>