Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
La Quadrature du Net
piphone
piphone-sip
Commits
107d27ab
Commit
107d27ab
authored
Apr 19, 2017
by
okhin
🚴
Browse files
Merge branch '5-fix-unauthorized-calls' into 'master'
Let's update the admin page to add blacklists See merge request
!11
parents
aa09164e
e39f3687
Pipeline
#935
passed with stage
in 4 seconds
Changes
2
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
piphone.py
View file @
107d27ab
...
...
@@ -483,9 +483,11 @@ def login_admin(user, password):
@
auth_basic
(
login_admin
)
def
little_admin
():
db
=
sqlite3
.
connect
(
config
[
'piphone'
][
'db'
])
#
We need to check if we're admin
#
Get the list of all users
users
=
db
.
execute
(
'SELECT api, token, admin FROM users'
).
fetchall
()
return
template
(
'index'
,
users
=
users
)
# Get the list of all blacklist patterns
balcklisted
=
db
.
execute
(
'SELECT pattern, reason FROM blacklist'
).
fetchall
()
return
template
(
'index'
,
users
=
users
,
blacklists
=
blacklist
)
@
app
.
post
(
'/admin'
)
@
auth_basic
(
login_admin
)
...
...
@@ -495,6 +497,8 @@ def medium_admin():
token
=
request
.
forms
.
get
(
'api_token'
)
admin
=
request
.
forms
.
get
(
'admin'
)
action
=
request
.
forms
.
get
(
'action'
)
pattern
=
request
.
forms
.
get
(
'pattern'
)
reason
=
request
.
forms
.
get
(
'reason'
)
if
action
==
'delete'
:
db
.
execute
(
"DELETE FROM users WHERE api = ?"
,
(
api
,
))
...
...
@@ -505,9 +509,16 @@ def medium_admin():
elif
action
==
'update'
:
db
.
execute
(
"UPDATE users set token = ?, admin = ? where api = ?"
,
(
token
,
admin
,
api
))
db
.
commit
()
elif
action
==
'blacklist'
:
db
.
execute
(
"INSERT INTO blacklist (pattern, reason) VALUES (?, ?)"
,
(
pattern
,
reason
,))
db
.
commit
()
elif
action
==
'whitelist'
:
db
.
execute
(
"DELETE FROM blacklist WHERE pattern = ?"
,
(
pattern
,))
db
.
commit
()
users
=
db
.
execute
(
'SELECT api, token, admin FROM users'
).
fetchall
()
return
template
(
'index'
,
users
=
users
)
balcklisted
=
db
.
execute
(
'SELECT pattern, reason FROM blacklist'
).
fetchall
()
return
template
(
'index'
,
users
=
users
,
blacklists
=
blacklist
)
if
__name__
==
'__main__'
:
...
...
views/index.tpl
View file @
107d27ab
...
...
@@ -94,6 +94,71 @@
</div>
</div>
</div>
<div
class=
"row"
>
<div
class=
"col-md-12"
>
<a
href=
"#"
><strong><i
class=
"glyphicon glyphicon-list-alt"
></i>
Blacklisted patterns
</strong></a>
<hr>
</div>
<div
class=
"col-md-8"
>
<form
class=
"form"
name=
"action3"
action=
"admin"
method=
"post"
>
<table
class=
"table table-striped"
>
<thead>
<tr>
<th>
Pattern
</th>
<th>
reason
</th>
<th>
whitelist?
</th>
</tr>
</thead>
<tbody>
% for blacklist in blacklists:
<tr>
<td>
{
{
blacklist
[
0
]
}
}
</td>
<td>
{
{
blacklist
[
1
]
}
}
</td>
<td><input
type=
"checkbox"
name=
"whitelist"
value=
"{{ user[0] }}"
></td>
</tr>
%end
</tbody>
</table>
<button
name=
"action"
value=
"delete"
type=
"submit"
class=
"btn btn-danger pull-right"
>
Whitelist
</button>
</form>
</div>
<div
class=
"col-md-4"
>
<div
class=
"panel panel-default"
>
<div
class=
"panel-heading"
>
<div
class=
"panel-title"
>
<h4>
Blacklist a pattern
</h4>
<h6>
The pattern must match the beginning of a number
</h6>
</div>
</div>
<div
class=
"panel-body"
>
<form
name=
"action4"
class=
"form form-vertical"
action=
"admin"
method=
"post"
>
<div
class=
"control-group"
>
<label>
Pattern
</label>
<div
class=
"controls"
>
<input
name=
"pattern"
type=
"text"
class=
"form-control"
placeholder=
"Patter to blacklist"
>
</div>
</div>
<div
class=
"control-group"
>
<label>
Reason
</label>
<div
class=
"controls"
>
<input
name=
"reason"
type=
"text"
class=
"form-control"
placeholder=
"Reason for blacklisting"
>
</div>
</div>
<div
class=
"control-group"
>
<label></label>
<div
class=
"controls"
>
<div
class=
"btn-group pull-right"
role=
"group"
>
<button
class=
"btn btn-success"
name=
"action"
value=
"blacklist"
type=
"submit"
>
Blacklist
</button>
</div>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
<script
src=
"static/js/jquery.min.js"
></script>
<script
src=
"static/js/bootstrap.min.js"
></script>
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment