admin area for allow and block lists

2025-01-23 11:26:56 -08:00 · 2023-11-03 21:59:48 +13:00 · 2023-11-03 21:59:48 +13:00 · 62854c95f5
commit 62854c95f5
parent f118374f05
6 changed files with 85 additions and 2 deletions
--- a/app/admin/forms.py
+++ b/app/admin/forms.py
@ -0,0 +1,12 @@
+from flask_wtf import FlaskForm
+from wtforms import StringField, PasswordField, SubmitField, HiddenField, BooleanField, TextAreaField
+from wtforms.validators import ValidationError, DataRequired, Email, EqualTo, Length
+from flask_babel import _, lazy_gettext as _l
+
+
+class AdminForm(FlaskForm):
+    use_allowlist = BooleanField(_l('Allowlist instead of blocklist'))
+    allowlist = TextAreaField(_l('Allow federation with these instances'))
+    use_blocklist = BooleanField(_l('Blocklist instead of allowlist'))
+    blocklist = TextAreaField(_l('Deny federation with these instances'))
+    submit = SubmitField(_l('Save'))
--- a/app/admin/routes.py
+++ b/app/admin/routes.py
@ -1 +1,43 @@
-from app.utils import render_template
+from flask import request, flash
+from flask_login import login_required, current_user
+from flask_babel import _
+from sqlalchemy import text
+
+from app import db
+from app.admin.forms import AdminForm
+from app.models import AllowedInstances, BannedInstances
+from app.utils import render_template, permission_required, set_setting, get_setting
+from app.admin import bp
+
+
+@bp.route('/', methods=['GET', 'POST'])
+@login_required
+@permission_required('change instance settings')
+def admin_home():
+    form = AdminForm()
+    if form.validate_on_submit():
+        if form.use_allowlist.data:
+            set_setting('use_allowlist', True)
+            db.session.execute(text('DELETE FROM allowed_instances'))
+            for allow in form.allowlist.data.split('\n'):
+                if allow.strip():
+                    db.session.add(AllowedInstances(domain=allow.strip()))
+        if form.use_blocklist.data:
+            set_setting('use_allowlist', False)
+            db.session.execute(text('DELETE FROM banned_instances'))
+            for banned in form.blocklist.data.split('\n'):
+                if banned.strip():
+                    db.session.add(BannedInstances(domain=banned.strip()))
+        db.session.commit()
+        flash(_('Admin settings saved'))
+
+    elif request.method == 'GET':
+        form.use_allowlist.data = get_setting('use_allowlist', False)
+        form.use_blocklist.data = not form.use_allowlist.data
+        instances = BannedInstances.query.all()
+        form.blocklist.data = '\n'.join([instance.domain for instance in instances])
+        instances = AllowedInstances.query.all()
+        form.allowlist.data = '\n'.join([instance.domain for instance in instances])
+
+    return render_template('admin/home.html', title=_('Admin settings'), form=form)
+
--- a/app/cli.py
+++ b/app/cli.py
@ -100,6 +100,7 @@ def register(app):
            admin_role.permissions.append(RolePermission(permission='change user roles'))
            admin_role.permissions.append(RolePermission(permission='ban users'))
            admin_role.permissions.append(RolePermission(permission='manage users'))
+            admin_role.permissions.append(RolePermission(permission='change instance settings'))
            db.session.add(admin_role)

            # Admin user
--- a/app/templates/admin/home.html
+++ b/app/templates/admin/home.html
@ -0,0 +1,10 @@
+{% extends "base.html" %}
+{% from 'bootstrap/form.html' import render_form %}
+
+{% block app_content %}
+<div class="row">
+    <div class="col">
+        {{ render_form(form) }}
+    </div>
+</div>
+{% endblock %}
--- a/app/templates/base.html
+++ b/app/templates/base.html
@ -67,6 +67,9 @@
                            <li class="nav-item"><a class="nav-link" href="/">{{ _('Home') }}</a></li>
                            <li class="nav-item"><a class="nav-link" href="/communities">{{ _('Communities') }}</a></li>
                            <li class="nav-item"><a class="nav-link" href="/u/{{ current_user.user_name }}">{{ current_user.user_name }}</a></li>
+                            {% if user_access('change instance settings', current_user.id) %}
+                                <li class="nav-item"><a class="nav-link" href="/admin/">{{ _('Admin') }}</a></li>
+                            {% endif %}
                            <li class="nav-item"><a class="nav-link" href="/auth/logout">{{ _('Log out') }}</a></li>
                        {% endif %}
                    </ul>
--- a/app/utils.py
+++ b/app/utils.py
@ -210,4 +210,19 @@ def validation_required(func):
            return func(*args, **kwargs)
        else:
            return redirect(url_for('auth.validation_required'))
-    return decorated_view
+    return decorated_view
+
+
+def permission_required(permission):
+    def decorator(func):
+        @wraps(func)
+        def decorated_view(*args, **kwargs):
+            if user_access(permission, current_user.id):
+                return func(*args, **kwargs)
+            else:
+                # Handle the case where the user doesn't have the required permission
+                return redirect(url_for('auth.permission_denied'))
+
+        return decorated_view
+
+    return decorator