from flask import Blueprint, render_template, request, flash, redirect, url_for from flask_login import login_required, current_user import ulid import flask from datetime import datetime, timedelta from app import db from app.database import EnrollRequest, Network from .forms import NewNetworkForm bp = Blueprint('manage', __name__, url_prefix="/manage") @bp.route("/networks", methods=["GET", "POST"]) @login_required def list_networks(): nets = current_user.networks form = NewNetworkForm(request.form) if request.method == "POST" and form.validate_on_submit(): subnet = request.form.get('subnet') description = request.form.get('description') n = Network( id=str(ulid.ulid()), subnet=subnet, description=description, manager_id=str(current_user.id) ) db.session.add(n) db.session.commit() flash("Network added") return render_template("network_list.html", nets=nets, form=form) @bp.route("/networks//delete") @login_required def del_net(id): n = Network.query.filter_by(id=id).first() if n.manager_id != current_user.id: flash("You aren't a manager of this network.") return redirect(url_for("manage.list_networks")) db.session.delete(n) db.session.commit() flash("Network deleted") return redirect(url_for("manage.list_networks")) @bp.route("/peers", methods=["GET", "POST"]) @login_required def list_peers(): peers = current_user.peers return render_template("peer_list.html", peers=peers) """ Here starts the enrollment API Maybe this should be in a new blueprint but i don't care enough about where exactly it goes that it's fine. """ @bp.route("/enroll_start", methods=["GET"]) def enroll_start(): """ this function only creates a new enrollment request and gives the ID back to the user for use in the client, which should proceed immediately to the next step -- using the ID to complete the enrollment process by sending a public key back, and receiving an IP in return. This should probably return a form so users can choose which network (of the ones they manage) the device should be in. Alternately to that, there could just be a menu in the client that lets the user do that themselves without going to the web client except to authenticate. Theoretically, there should be an optional approval mechanism where someone with the is_admin flag can choose to get an email every time someone tries to enroll after the request is completed, where the peer will exist and be "enrolled" but no one will actually get the configuration until it's marked as "approved" in the database """ en_req = EnrollRequest( id=str(ulid.ulid()), user=str(current_user.id), expires=datetime.now() + timedelta(days=30) ) db.session.add(en_req) db.session.commit() return en_req.to_json()