From 74a7b5a3b7afda59fb1e4e10e4748d880f43c23b Mon Sep 17 00:00:00 2001 From: Khanh Ngo Date: Tue, 21 Aug 2018 13:26:27 +0700 Subject: [PATCH] Migrate more config values to db --- app/decorators.py | 4 +- app/models.py | 24 ++++--- app/templates/dashboard.html | 2 +- app/views.py | 7 +- ...468045_add_view_column_to_setting_table.py | 65 ++++++++++--------- 5 files changed, 52 insertions(+), 50 deletions(-) diff --git a/app/decorators.py b/app/decorators.py index 2ba7ce4..673eea6 100644 --- a/app/decorators.py +++ b/app/decorators.py @@ -2,7 +2,7 @@ from functools import wraps from flask import g, request, redirect, url_for from app import app -from app.models import Role +from app.models import Role, Setting def admin_role_required(f): @@ -31,7 +31,7 @@ def can_access_domain(f): def can_configure_dnssec(f): @wraps(f) def decorated_function(*args, **kwargs): - if g.user.role.name != 'Administrator' and app.config['DNSSEC_ADMINS_ONLY']: + if g.user.role.name != 'Administrator' and Setting().get('dnssec_admins_only'): return redirect(url_for('error', code=401)) return f(*args, **kwargs) diff --git a/app/models.py b/app/models.py index e077208..9cc7e66 100644 --- a/app/models.py +++ b/app/models.py @@ -9,6 +9,8 @@ import traceback import pyotp import re import dns.reversename +import dns.inet +import dns.name import sys import logging as logger @@ -24,14 +26,6 @@ from app.lib import utils logging = logger.getLogger(__name__) -if 'PRETTY_IPV6_PTR' in app.config.keys(): - import dns.inet - import dns.name - PRETTY_IPV6_PTR = app.config['PRETTY_IPV6_PTR'] -else: - PRETTY_IPV6_PTR = False - - class Anonymous(AnonymousUserMixin): def __init__(self): self.username = 'Anonymous' @@ -1244,6 +1238,7 @@ class Record(object): self.PDNS_API_KEY = Setting().get('pdns_api_key') self.PDNS_VERSION = Setting().get('pdns_version') self.API_EXTENDED_URL = utils.pdns_api_extended_uri(self.PDNS_VERSION) + self.PRETTY_IPV6_PTR = Setting().get('pretty_ipv6_ptr') if StrictVersion(self.PDNS_VERSION) >= StrictVersion('4.0.0'): self.NEW_SCHEMA = True @@ -1266,7 +1261,7 @@ class Record(object): rrsets = jdata['rrsets'] for rrset in rrsets: r_name = rrset['name'].rstrip('.') - if PRETTY_IPV6_PTR: # only if activated + if self.PRETTY_IPV6_PTR: # only if activated if rrset['type'] == 'PTR': # only ptr if 'ip6.arpa' in r_name: # only if v6-ptr r_name = dns.reversename.to_address(dns.name.from_text(r_name)) @@ -1371,7 +1366,7 @@ class Record(object): for r in post_records: r_name = domain if r['record_name'] in ['@', ''] else r['record_name'] + '.' + domain r_type = r['record_type'] - if PRETTY_IPV6_PTR: # only if activated + if self.PRETTY_IPV6_PTR: # only if activated if self.NEW_SCHEMA: # only if new schema if r_type == 'PTR': # only ptr if ':' in r['record_name']: # dirty ipv6 check @@ -1392,7 +1387,7 @@ class Record(object): for r in deleted_records: r_name = r['name'].rstrip('.') + '.' if self.NEW_SCHEMA else r['name'] r_type = r['type'] - if PRETTY_IPV6_PTR: # only if activated + if self.PRETTY_IPV6_PTR: # only if activated if self.NEW_SCHEMA: # only if new schema if r_type == 'PTR': # only ptr if ':' in r['name']: # dirty ipv6 check @@ -1414,7 +1409,7 @@ class Record(object): if self.NEW_SCHEMA: r_name = r['name'].rstrip('.') + '.' r_type = r['type'] - if PRETTY_IPV6_PTR: # only if activated + if self.PRETTY_IPV6_PTR: # only if activated if r_type == 'PTR': # only ptr if ':' in r['name']: # dirty ipv6 check r_name = r['name'] @@ -1459,7 +1454,7 @@ class Record(object): r_type = key[1] r_changetype = key[2] - if PRETTY_IPV6_PTR: # only if activated + if self.PRETTY_IPV6_PTR: # only if activated if r_type == 'PTR': # only ptr if ':' in r_name: # dirty ipv6 check r_name = dns.reversename.from_address(r_name).to_text() @@ -1792,6 +1787,9 @@ class Setting(db.Model): 'default_domain_table_size': 10, 'auto_ptr': False, 'allow_quick_edit': True, + 'pretty_ipv6_ptr': False, + 'dnssec_admins_only': False, + 'bg_domain_updates': False, 'site_name': 'PowerDNS-Admin', 'pdns_api_url': '', 'pdns_api_key': '', diff --git a/app/templates/dashboard.html b/app/templates/dashboard.html index 102214a..b1d3400 100644 --- a/app/templates/dashboard.html +++ b/app/templates/dashboard.html @@ -236,7 +236,7 @@ modal.modal('show'); }); - {% if current_user.role.name == 'Administrator' or dnssec_adm_only == false %} + {% if current_user.role.name == 'Administrator' or not SETTING.get('dnssec_admins_only') %} $(document.body).on("click", ".button_dnssec", function() { var domain = $(this).prop('id'); getdnssec($SCRIPT_ROOT + '/domain/' + domain + '/dnssec', domain); diff --git a/app/views.py b/app/views.py index f7bcb43..db79f1d 100644 --- a/app/views.py +++ b/app/views.py @@ -442,7 +442,8 @@ def dashboard(): if not Setting().get('pdns_api_url') or not Setting().get('pdns_api_key') or not Setting().get('pdns_version'): return redirect(url_for('admin_setting_pdns')) - if not app.config.get('BG_DOMAIN_UPDATES'): + BG_DOMAIN_UPDATE = Setting().get('bg_domain_updates') + if not BG_DOMAIN_UPDATE: logging.debug('Update domains in foreground') d = Domain().update() else: @@ -460,7 +461,7 @@ def dashboard(): else: uptime = 0 - return render_template('dashboard.html', domain_count=domain_count, users=users, history_number=history_number, uptime=uptime, histories=history, dnssec_adm_only=app.config['DNSSEC_ADMINS_ONLY'], show_bg_domain_button=app.config['BG_DOMAIN_UPDATES']) + return render_template('dashboard.html', domain_count=domain_count, users=users, history_number=history_number, uptime=uptime, histories=history, show_bg_domain_button=BG_DOMAIN_UPDATE) @app.route('/dashboard-domains', methods=['GET']) @@ -573,7 +574,7 @@ def domain(domain_name): record = Record(name=jr['name'], type=jr['type'], status='Disabled' if subrecord['disabled'] else 'Active', ttl=jr['ttl'], data=subrecord['content']) records.append(record) if not re.search('ip6\.arpa|in-addr\.arpa$', domain_name): - editable_records = app.config['RECORDS_ALLOW_EDIT'] + editable_records = app.config['FORWARD_RECORDS_ALLOW_EDIT'] else: editable_records = app.config['REVERSE_RECORDS_ALLOW_EDIT'] return render_template('domain.html', domain=domain, records=records, editable_records=editable_records, quick_edit=quick_edit) diff --git a/migrations/versions/59729e468045_add_view_column_to_setting_table.py b/migrations/versions/59729e468045_add_view_column_to_setting_table.py index dbb6906..1d31319 100644 --- a/migrations/versions/59729e468045_add_view_column_to_setting_table.py +++ b/migrations/versions/59729e468045_add_view_column_to_setting_table.py @@ -32,37 +32,40 @@ def update_data(): # add more new settings op.bulk_insert(setting_table, [ - {'id': 8, 'name': 'site_name', 'value': 'PowerDNS-Admin', 'view': 'basic'}, - {'id': 9, 'name': 'pdns_api_url', 'value': '', 'view': 'pdns'}, - {'id': 10, 'name': 'pdns_api_key', 'value': '', 'view': 'pdns'}, - {'id': 11, 'name': 'pdns_version', 'value': '4.1.1', 'view': 'pdns'}, - {'id': 12, 'name': 'local_db_enabled', 'value': 'True', 'view': 'authentication'}, - {'id': 13, 'name': 'signup_enabled', 'value': 'True', 'view': 'authentication'}, - {'id': 14, 'name': 'ldap_enabled', 'value': 'False', 'view': 'authentication'}, - {'id': 15, 'name': 'ldap_type', 'value': 'ldap', 'view': 'authentication'}, - {'id': 16, 'name': 'ldap_uri', 'value': '', 'view': 'authentication'}, - {'id': 17, 'name': 'ldap_base_dn', 'value': '', 'view': 'authentication'}, - {'id': 18, 'name': 'ldap_admin_username', 'value': '', 'view': 'authentication'}, - {'id': 19, 'name': 'ldap_admin_password', 'value': '', 'view': 'authentication'}, - {'id': 20, 'name': 'ldap_filter_basic', 'value': '', 'view': 'authentication'}, - {'id': 21, 'name': 'ldap_filter_username', 'value': '', 'view': 'authentication'}, - {'id': 22, 'name': 'ldap_sg_enabled', 'value': 'False', 'view': 'authentication'}, - {'id': 23, 'name': 'ldap_admin_group', 'value': '', 'view': 'authentication'}, - {'id': 24, 'name': 'ldap_user_group', 'value': '', 'view': 'authentication'}, - {'id': 25, 'name': 'github_oauth_enabled', 'value': 'False', 'view': 'authentication'}, - {'id': 26, 'name': 'github_oauth_key', 'value': '', 'view': 'authentication'}, - {'id': 27, 'name': 'github_oauth_secret', 'value': '', 'view': 'authentication'}, - {'id': 28, 'name': 'github_oauth_scope', 'value': 'email', 'view': 'authentication'}, - {'id': 29, 'name': 'github_oauth_api_url', 'value': 'https://api.github.com/user', 'view': 'authentication'}, - {'id': 30, 'name': 'github_oauth_token_url', 'value': 'https://github.com/login/oauth/access_token', 'view': 'authentication'}, - {'id': 31, 'name': 'github_oauth_authorize_url', 'value': 'https://github.com/login/oauth/authorize', 'view': 'authentication'}, - {'id': 32, 'name': 'google_oauth_enabled', 'value': 'False', 'view': 'authentication'}, - {'id': 33, 'name': 'google_oauth_client_id', 'value': '', 'view': 'authentication'}, - {'id': 34, 'name': 'google_oauth_client_secret', 'value': '', 'view': 'authentication'}, - {'id': 35, 'name': 'google_token_url', 'value': 'https://accounts.google.com/o/oauth2/token', 'view': 'authentication'}, - {'id': 36, 'name': 'google_token_params', 'value': "{'scope': 'email profile'}", 'view': 'authentication'}, - {'id': 37, 'name': 'google_authorize_url', 'value': 'https://accounts.google.com/o/oauth2/auth', 'view': 'authentication'}, - {'id': 38, 'name': 'google_base_url', 'value': 'https://www.googleapis.com/oauth2/v1/', 'view': 'authentication'}, + {'id': 8, 'name': 'pretty_ipv6_ptr', 'value': 'False', 'view': 'basic'}, + {'id': 9, 'name': 'dnssec_admins_only', 'value': 'False', 'view': 'basic'}, + {'id': 10, 'name': 'bg_domain_updates', 'value': 'False', 'view': 'basic'}, + {'id': 11, 'name': 'site_name', 'value': 'PowerDNS-Admin', 'view': 'basic'}, + {'id': 12, 'name': 'pdns_api_url', 'value': '', 'view': 'pdns'}, + {'id': 13, 'name': 'pdns_api_key', 'value': '', 'view': 'pdns'}, + {'id': 14, 'name': 'pdns_version', 'value': '4.1.1', 'view': 'pdns'}, + {'id': 15, 'name': 'local_db_enabled', 'value': 'True', 'view': 'authentication'}, + {'id': 16, 'name': 'signup_enabled', 'value': 'True', 'view': 'authentication'}, + {'id': 17, 'name': 'ldap_enabled', 'value': 'False', 'view': 'authentication'}, + {'id': 18, 'name': 'ldap_type', 'value': 'ldap', 'view': 'authentication'}, + {'id': 19, 'name': 'ldap_uri', 'value': '', 'view': 'authentication'}, + {'id': 20, 'name': 'ldap_base_dn', 'value': '', 'view': 'authentication'}, + {'id': 21, 'name': 'ldap_admin_username', 'value': '', 'view': 'authentication'}, + {'id': 22, 'name': 'ldap_admin_password', 'value': '', 'view': 'authentication'}, + {'id': 23, 'name': 'ldap_filter_basic', 'value': '', 'view': 'authentication'}, + {'id': 24, 'name': 'ldap_filter_username', 'value': '', 'view': 'authentication'}, + {'id': 25, 'name': 'ldap_sg_enabled', 'value': 'False', 'view': 'authentication'}, + {'id': 26, 'name': 'ldap_admin_group', 'value': '', 'view': 'authentication'}, + {'id': 27, 'name': 'ldap_user_group', 'value': '', 'view': 'authentication'}, + {'id': 28, 'name': 'github_oauth_enabled', 'value': 'False', 'view': 'authentication'}, + {'id': 29, 'name': 'github_oauth_key', 'value': '', 'view': 'authentication'}, + {'id': 30, 'name': 'github_oauth_secret', 'value': '', 'view': 'authentication'}, + {'id': 31, 'name': 'github_oauth_scope', 'value': 'email', 'view': 'authentication'}, + {'id': 32, 'name': 'github_oauth_api_url', 'value': 'https://api.github.com/user', 'view': 'authentication'}, + {'id': 33, 'name': 'github_oauth_token_url', 'value': 'https://github.com/login/oauth/access_token', 'view': 'authentication'}, + {'id': 34, 'name': 'github_oauth_authorize_url', 'value': 'https://github.com/login/oauth/authorize', 'view': 'authentication'}, + {'id': 35, 'name': 'google_oauth_enabled', 'value': 'False', 'view': 'authentication'}, + {'id': 36, 'name': 'google_oauth_client_id', 'value': '', 'view': 'authentication'}, + {'id': 37, 'name': 'google_oauth_client_secret', 'value': '', 'view': 'authentication'}, + {'id': 38, 'name': 'google_token_url', 'value': 'https://accounts.google.com/o/oauth2/token', 'view': 'authentication'}, + {'id': 39, 'name': 'google_token_params', 'value': "{'scope': 'email profile'}", 'view': 'authentication'}, + {'id': 40, 'name': 'google_authorize_url', 'value': 'https://accounts.google.com/o/oauth2/auth', 'view': 'authentication'}, + {'id': 41, 'name': 'google_base_url', 'value': 'https://www.googleapis.com/oauth2/v1/', 'view': 'authentication'}, ] )