Skip to content
GitLab
Commit 107d27ab authored by okhin's avatar okhin 🚴
Browse files

Merge branch '5-fix-unauthorized-calls' into 'master' 

Let's update the admin page to add blacklists

See merge request !11
parents aa09164e e39f3687
Pipeline #935 passed with stage
in 4 seconds
Hide whitespace changes
Inline Side-by-side
piphone.py
View file @ 107d27ab
......@@ -483,9 +483,11 @@ def login_admin(user, password):
@auth_basic(login_admin)
def little_admin():
db = sqlite3.connect(config['piphone']['db'])
# We need to check if we're admin
# Get the list of all users
users = db.execute('SELECT api, token, admin FROM users').fetchall()
return template('index', users=users)
# Get the list of all blacklist patterns
balcklisted = db.execute('SELECT pattern, reason FROM blacklist').fetchall()
return template('index', users=users, blacklists=blacklist)
@app.post('/admin')
@auth_basic(login_admin)
......@@ -495,6 +497,8 @@ def medium_admin():
token = request.forms.get('api_token')
admin = request.forms.get('admin')
action = request.forms.get('action')
pattern = request.forms.get('pattern')
reason = request.forms.get('reason')
if action == 'delete':
db.execute("DELETE FROM users WHERE api = ?", (api, ))
......@@ -505,9 +509,16 @@ def medium_admin():
elif action == 'update':
db.execute("UPDATE users set token = ?, admin = ? where api = ?", (token, admin, api ))
db.commit()
elif action == 'blacklist':
db.execute("INSERT INTO blacklist (pattern, reason) VALUES (?, ?)", (pattern, reason,))
db.commit()
elif action == 'whitelist':
db.execute("DELETE FROM blacklist WHERE pattern = ?", (pattern,))
db.commit()
users = db.execute('SELECT api, token, admin FROM users').fetchall()
return template('index', users=users)
balcklisted = db.execute('SELECT pattern, reason FROM blacklist').fetchall()
return template('index', users=users, blacklists=blacklist)
if __name__ == '__main__':
......
views/index.tpl
View file @ 107d27ab
......@@ -94,6 +94,71 @@
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<a href="#"><strong><i class="glyphicon glyphicon-list-alt"></i> Blacklisted patterns</strong></a>
<hr>
</div>
<div class="col-md-8">
<form class="form" name="action3" action="admin" method="post">
<table class="table table-striped">
<thead>
<tr>
<th>Pattern</th>
<th>reason</th>
<th>whitelist?</th>
</tr>
</thead>
<tbody>
% for blacklist in blacklists:
<tr>
<td>{{blacklist[0]}}</td>
<td>{{blacklist[1]}}</td>
<td><input type="checkbox" name="whitelist" value="{{ user[0] }}"></td>
</tr>
%end
</tbody>
</table>
<button name="action" value="delete" type="submit" class="btn btn-danger pull-right">
Whitelist
</button>
</form>
</div>
<div class="col-md-4">
<div class="panel panel-default">
<div class="panel-heading">
<div class="panel-title">
<h4>Blacklist a pattern</h4>
<h6>The pattern must match the beginning of a number</h6>
</div>
</div>
<div class="panel-body">
<form name="action4" class="form form-vertical" action="admin" method="post">
<div class="control-group">
<label>Pattern</label>
<div class="controls">
<input name="pattern" type="text" class="form-control" placeholder="Patter to blacklist">
</div>
</div>
<div class="control-group">
<label>Reason</label>
<div class="controls">
<input name="reason" type="text" class="form-control" placeholder="Reason for blacklisting">
</div>
</div>
<div class="control-group">
<label></label>
<div class="controls">
<div class="btn-group pull-right" role="group">
<button class="btn btn-success" name="action" value="blacklist" type="submit">Blacklist</button>
</div>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
<script src="static/js/jquery.min.js"></script>
<script src="static/js/bootstrap.min.js"></script>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment