116 lines
2.8 KiB
Go
116 lines
2.8 KiB
Go
package handlers
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
"crowdsec-dashy/internal/crowdsec"
|
|
)
|
|
|
|
// AllowlistHandler manages the allowlist page.
|
|
type AllowlistHandler struct {
|
|
deps Deps
|
|
}
|
|
|
|
func NewAllowlistHandler(deps Deps) *AllowlistHandler {
|
|
return &AllowlistHandler{deps: deps}
|
|
}
|
|
|
|
type AllowlistData struct {
|
|
PageData
|
|
Lists []crowdsec.Allowlist
|
|
FetchErr string
|
|
}
|
|
|
|
func (h *AllowlistHandler) List(w http.ResponseWriter, r *http.Request) {
|
|
pd := NewPageData(r, "Allowlist", h.deps.CLIAvailable, h.deps.PollInterval)
|
|
if f := readFlash(r); f.Message != "" {
|
|
pd.Flash = f
|
|
}
|
|
|
|
if !h.deps.CLIAvailable {
|
|
h.deps.Renderer.Render(w, "allowlist", AllowlistData{
|
|
PageData: pd,
|
|
FetchErr: "cscli is not available — allowlist management requires the cscli binary.",
|
|
})
|
|
return
|
|
}
|
|
|
|
ctx, cancel := context.WithTimeout(r.Context(), 20*time.Second)
|
|
defer cancel()
|
|
|
|
lists, err := h.deps.CLI.ListAllowlists(ctx)
|
|
fetchErr := ""
|
|
if err != nil {
|
|
fetchErr = err.Error()
|
|
}
|
|
|
|
h.deps.Renderer.Render(w, "allowlist", AllowlistData{
|
|
PageData: pd,
|
|
Lists: lists,
|
|
FetchErr: fetchErr,
|
|
})
|
|
}
|
|
|
|
func (h *AllowlistHandler) AddEntry(w http.ResponseWriter, r *http.Request) {
|
|
r.Body = http.MaxBytesReader(w, r.Body, 4096)
|
|
if err := r.ParseForm(); err != nil {
|
|
http.Error(w, "bad request", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if !checkCSRF(r) {
|
|
http.Error(w, "forbidden", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
listName := strings.TrimSpace(r.FormValue("list"))
|
|
value := strings.TrimSpace(r.FormValue("value"))
|
|
|
|
if listName == "" || value == "" {
|
|
flashRedirect(w, r, "/allowlist", "error", "list name and value are required")
|
|
return
|
|
}
|
|
|
|
ctx, cancel := context.WithTimeout(r.Context(), 15*time.Second)
|
|
defer cancel()
|
|
|
|
if err := h.deps.CLI.AddAllowlistEntry(ctx, listName, value); err != nil {
|
|
flashRedirect(w, r, "/allowlist", "error", "add failed: "+err.Error())
|
|
return
|
|
}
|
|
|
|
flashRedirect(w, r, "/allowlist", "success", value+" added to "+listName)
|
|
}
|
|
|
|
func (h *AllowlistHandler) RemoveEntry(w http.ResponseWriter, r *http.Request) {
|
|
r.Body = http.MaxBytesReader(w, r.Body, 4096)
|
|
if err := r.ParseForm(); err != nil {
|
|
http.Error(w, "bad request", http.StatusBadRequest)
|
|
return
|
|
}
|
|
if !checkCSRF(r) {
|
|
http.Error(w, "forbidden", http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
listName := strings.TrimSpace(r.FormValue("list"))
|
|
value := strings.TrimSpace(r.FormValue("value"))
|
|
|
|
if listName == "" || value == "" {
|
|
flashRedirect(w, r, "/allowlist", "error", "list name and value are required")
|
|
return
|
|
}
|
|
|
|
ctx, cancel := context.WithTimeout(r.Context(), 15*time.Second)
|
|
defer cancel()
|
|
|
|
if err := h.deps.CLI.RemoveAllowlistEntry(ctx, listName, value); err != nil {
|
|
flashRedirect(w, r, "/allowlist", "error", "remove failed: "+err.Error())
|
|
return
|
|
}
|
|
|
|
flashRedirect(w, r, "/allowlist", "success", value+" removed from "+listName)
|
|
}
|