summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWojtek Kosior <koszko@koszko.org>2022-09-12 13:55:35 +0200
committerWojtek Kosior <koszko@koszko.org>2022-09-28 14:03:18 +0200
commit8e022103636121b13d2ad63d61b84ca927e4aeb1 (patch)
tree1a84f7071a5c9fa25df96fe258a31e36e51efb16
parent146c5467ac53eaa80e74979600a6587976740bd6 (diff)
downloadhaketilo-hydrilla-8e022103636121b13d2ad63d61b84ca927e4aeb1.tar.gz
haketilo-hydrilla-8e022103636121b13d2ad63d61b84ca927e4aeb1.zip
[proxy] Add support for script blocking/allowing rules
-rw-r--r--src/hydrilla/locales/en_US/LC_MESSAGES/messages.po129
-rw-r--r--src/hydrilla/pattern_tree.py4
-rw-r--r--src/hydrilla/proxy/policies/rule.py2
-rw-r--r--src/hydrilla/proxy/state.py47
-rw-r--r--src/hydrilla/proxy/state_impl/base.py3
-rw-r--r--src/hydrilla/proxy/state_impl/concrete_state.py45
-rw-r--r--src/hydrilla/proxy/state_impl/repos.py2
-rw-r--r--src/hydrilla/proxy/state_impl/rules.py180
-rw-r--r--src/hydrilla/proxy/web_ui/root.py3
-rw-r--r--src/hydrilla/proxy/web_ui/rules.py111
-rw-r--r--src/hydrilla/proxy/web_ui/templates/base.html.jinja1
-rw-r--r--src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja64
-rw-r--r--src/hydrilla/proxy/web_ui/templates/rules/index.html.jinja61
-rw-r--r--src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja106
-rw-r--r--src/hydrilla/url_patterns.py32
15 files changed, 746 insertions, 44 deletions
diff --git a/src/hydrilla/locales/en_US/LC_MESSAGES/messages.po b/src/hydrilla/locales/en_US/LC_MESSAGES/messages.po
index c8d8831..29fabc6 100644
--- a/src/hydrilla/locales/en_US/LC_MESSAGES/messages.po
+++ b/src/hydrilla/locales/en_US/LC_MESSAGES/messages.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: hydrilla 2.0\n"
"Report-Msgid-Bugs-To: koszko@koszko.org\n"
-"POT-Creation-Date: 2022-09-09 11:30+0200\n"
+"POT-Creation-Date: 2022-09-12 13:44+0200\n"
"PO-Revision-Date: 2022-02-12 00:00+0000\n"
"Last-Translator: Wojtek Kosior <koszko@koszko.org>\n"
"Language: en_US\n"
@@ -205,13 +205,13 @@ msgstr "Requested file could not be found."
msgid "api.resource_not_enabled_for_access"
msgstr "Requested resource is not enabled for access."
-#: src/hydrilla/proxy/state_impl/concrete_state.py:120
+#: src/hydrilla/proxy/state_impl/concrete_state.py:121
msgid "err.proxy.unknown_db_schema"
msgstr ""
"Haketilo's data files have been altered, possibly by a newer version of "
"Haketilo."
-#: src/hydrilla/proxy/state_impl/concrete_state.py:124
+#: src/hydrilla/proxy/state_impl/concrete_state.py:125
msgid "err.proxy.no_sqlite_foreign_keys"
msgstr ""
"This installation of Haketilo uses an SQLite version which does not "
@@ -221,27 +221,31 @@ msgstr ""
msgid "web_ui.base.title.haketilo_proxy"
msgstr "Haketilo"
-#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:238
+#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:239
msgid "web_ui.base.nav.home"
msgstr "Home"
-#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:239
+#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:240
msgid "web_ui.base.nav.options"
msgstr "Options"
-#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:240
+#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:241
+msgid "web_ui.base.nav.rules"
+msgstr "Script blocking"
+
+#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:242
msgid "web_ui.base.nav.packages"
msgstr "Packages"
-#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:241
+#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:243
msgid "web_ui.base.nav.libraries"
msgstr "Libraries"
-#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:242
+#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:244
msgid "web_ui.base.nav.repos"
msgstr "Repositories"
-#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:243
+#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:245
msgid "web_ui.base.nav.load"
msgstr "Import from file"
@@ -764,6 +768,95 @@ msgstr "packages: {mappings}; libraries: {resources}"
msgid "web_ui.repos.single.remove_button"
msgstr "Remove repository"
+#: src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja:23
+msgid "web_ui.rules.add.title"
+msgstr "New rule"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja:26
+msgid "web_ui.rules.add.heading"
+msgstr "Define a new rule"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja:29
+#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:60
+msgid "web_ui.err.rule_pattern_invalid"
+msgstr "Chosen URL pattern is not vald."
+
+#: src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja:33
+msgid "web_ui.rules.add.pattern_field_label"
+msgstr "URL pattern"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja:43
+msgid "web_ui.rules.add.block_or_allow_label"
+msgstr "Page's JavaScript treatment"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja:48
+msgid "web_ui.rules.add.block_label"
+msgstr "block"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja:53
+msgid "web_ui.rules.add.allow_label"
+msgstr "allow"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja:60
+msgid "web_ui.rules.add.submit_button"
+msgstr "Add rule"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/index.html.jinja:23
+msgid "web_ui.rules.title"
+msgstr "Script blocking"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/index.html.jinja:32
+msgid "web_ui.rules.heading"
+msgstr "Manage script blocking"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/index.html.jinja:36
+msgid "web_ui.rules.add_rule_button"
+msgstr "Define new rule"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/index.html.jinja:41
+msgid "web_ui.rules.rule_list_heading"
+msgstr "Defined rules"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:23
+msgid "web_ui.rules.single.title"
+msgstr "Rule view"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:34
+msgid "web_ui.rules.single.heading.allow"
+msgstr "Script allowing rule"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:36
+msgid "web_ui.rules.single.heading.block"
+msgstr "Script blocking rule"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:41
+msgid "web_ui.rules.single.pattern_is_{}"
+msgstr "Rule applies to all pages that match pattern '{}'."
+
+#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:53
+msgid "web_ui.rules.single.update_pattern_button"
+msgstr "Change URL pattern"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:69
+msgid "web_ui.rules.single.commit_update_pattern_button"
+msgstr "Set new pattern"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:74
+msgid "web_ui.rules.single.abort_update_pattern_button"
+msgstr "Cancel"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:84
+msgid "web_ui.rules.single.allow_button"
+msgstr "Allow JavaScript"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:85
+msgid "web_ui.rules.single.block_button"
+msgstr "Block JavaScript"
+
+#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:103
+msgid "web_ui.rules.single.remove_button"
+msgstr "Remove rule"
+
#: src/hydrilla/server/malcontent.py:79
msgid "err.server.malcontent_path_not_dir_{}"
msgstr "Provided 'malcontent_dir' path does not name a directory: {}"
@@ -857,39 +950,39 @@ msgstr ""
"HTTP server like Apache2 or Nginx. You can configure Hydrilla through the"
" /etc/hydrilla/config.json file."
-#: src/hydrilla/url_patterns.py:132
+#: src/hydrilla/url_patterns.py:135
msgid "err.url_pattern_{}.bad"
msgstr "Not a valid Haketilo URL pattern: {}"
-#: src/hydrilla/url_patterns.py:135
+#: src/hydrilla/url_patterns.py:138
msgid "err.url_{}.bad"
msgstr "Not a valid URL: {}"
-#: src/hydrilla/url_patterns.py:142
+#: src/hydrilla/url_patterns.py:145
msgid "err.url_pattern_{}.bad_scheme"
msgstr "URL pattern has an unknown scheme: {}"
-#: src/hydrilla/url_patterns.py:145
+#: src/hydrilla/url_patterns.py:148
msgid "err.url_{}.bad_scheme"
msgstr "URL has an unknown scheme: {}"
-#: src/hydrilla/url_patterns.py:150
+#: src/hydrilla/url_patterns.py:153
msgid "err.url_pattern_{}.special_scheme_port"
msgstr "URL pattern has an explicit port while it shouldn't: {}"
-#: src/hydrilla/url_patterns.py:162
+#: src/hydrilla/url_patterns.py:165
msgid "err.url_pattern_{}.bad_port"
msgstr "URL pattern has a port outside of allowed range (1-65535): {}"
-#: src/hydrilla/url_patterns.py:165
+#: src/hydrilla/url_patterns.py:168
msgid "err.url_{}.bad_port"
msgstr "URL has a port outside of allowed range (1-65535): {}"
-#: src/hydrilla/url_patterns.py:186
+#: src/hydrilla/url_patterns.py:189
msgid "err.url_pattern_{}.has_query"
msgstr "URL pattern has a query string while it shouldn't: {}"
-#: src/hydrilla/url_patterns.py:190
+#: src/hydrilla/url_patterns.py:193
msgid "err.url_pattern_{}.has_frag"
msgstr "URL pattern has a fragment string while it shouldn't: {}"
diff --git a/src/hydrilla/pattern_tree.py b/src/hydrilla/pattern_tree.py
index e71f8d0..f606bc6 100644
--- a/src/hydrilla/pattern_tree.py
+++ b/src/hydrilla/pattern_tree.py
@@ -198,7 +198,7 @@ TreeStoredType = t.TypeVar('TreeStoredType', bound=t.Hashable)
StoredSet = frozenset[StoredTreeItem[TreeStoredType]]
PathBranch = PatternTreeBranch[StoredSet]
DomainBranch = PatternTreeBranch[PathBranch]
-TreeRoot = Map[tuple[str, int], DomainBranch]
+TreeRoot = Map[tuple[str, t.Optional[int]], DomainBranch]
@dc.dataclass(frozen=True)
class PatternTree(t.Generic[TreeStoredType]):
@@ -210,7 +210,7 @@ class PatternTree(t.Generic[TreeStoredType]):
"""
SelfType = t.TypeVar('SelfType', bound='PatternTree[TreeStoredType]')
- _by_scheme_and_port: TreeRoot = Map()
+ _by_scheme_and_port: TreeRoot = Map()
def _register(
self: 'SelfType',
diff --git a/src/hydrilla/proxy/policies/rule.py b/src/hydrilla/proxy/policies/rule.py
index bcb110e..84b750b 100644
--- a/src/hydrilla/proxy/policies/rule.py
+++ b/src/hydrilla/proxy/policies/rule.py
@@ -109,7 +109,7 @@ class RulePolicyFactory(base.PolicyFactory):
def __lt__(self, other: base.PolicyFactory) -> bool:
"""...."""
- if type(other) is type(self):
+ if type(other) is not type(self):
return super().__lt__(other)
assert isinstance(other, RulePolicyFactory)
diff --git a/src/hydrilla/proxy/state.py b/src/hydrilla/proxy/state.py
index abea7a7..1ba87b4 100644
--- a/src/hydrilla/proxy/state.py
+++ b/src/hydrilla/proxy/state.py
@@ -133,6 +133,47 @@ class Store(ABC, t.Generic[RefType]):
...
+class RulePatternInvalid(HaketiloException):
+ pass
+
+@dc.dataclass(frozen=True)
+class RuleDisplayInfo:
+ ref: 'RuleRef'
+ pattern: str
+ allow_scripts: bool
+
+# mypy needs to be corrected:
+# https://stackoverflow.com/questions/70999513/conflict-between-mix-ins-for-abstract-dataclasses/70999704#70999704
+@dc.dataclass(frozen=True, unsafe_hash=True) # type: ignore[misc]
+class RuleRef(Ref):
+ @abstractmethod
+ def remove(self) -> None:
+ ...
+
+ @abstractmethod
+ def update(
+ self,
+ *,
+ pattern: t.Optional[str] = None,
+ allow: t.Optional[bool] = None
+ ) -> None:
+ ...
+
+ @abstractmethod
+ def get_display_info(self) -> RuleDisplayInfo:
+ ...
+
+class RuleStore(Store[RuleRef]):
+ @abstractmethod
+ def get_display_infos(self, allow: t.Optional[bool] = None) \
+ -> t.Sequence[RuleDisplayInfo]:
+ ...
+
+ @abstractmethod
+ def add(self, pattern: str, allow: bool) -> RuleRef:
+ ...
+
+
class RepoNameInvalid(HaketiloException):
pass
@@ -161,8 +202,6 @@ class FileMissingError(FileInstallationError):
class RepoApiVersionUnsupported(HaketiloException):
pass
-# mypy needs to be corrected:
-# https://stackoverflow.com/questions/70999513/conflict-between-mix-ins-for-abstract-dataclasses/70999704#70999704
@dc.dataclass(frozen=True, unsafe_hash=True) # type: ignore[misc]
class RepoRef(Ref):
"""...."""
@@ -443,6 +482,10 @@ class HaketiloState(ABC):
...
@abstractmethod
+ def rule_store(self) -> RuleStore:
+ ...
+
+ @abstractmethod
def repo_store(self) -> RepoStore:
"""...."""
...
diff --git a/src/hydrilla/proxy/state_impl/base.py b/src/hydrilla/proxy/state_impl/base.py
index f969b19..a8800cb 100644
--- a/src/hydrilla/proxy/state_impl/base.py
+++ b/src/hydrilla/proxy/state_impl/base.py
@@ -246,7 +246,8 @@ class HaketiloStateWithFields(st.HaketiloState):
...
@abstractmethod
- def rebuild_structures(self) -> None:
+ def rebuild_structures(self, *, payloads: bool = True, rules: bool = True) \
+ -> None:
"""
Recreation of data structures as done after every recomputation of
dependencies as well as at startup.
diff --git a/src/hydrilla/proxy/state_impl/concrete_state.py b/src/hydrilla/proxy/state_impl/concrete_state.py
index cd32e83..a6d32f1 100644
--- a/src/hydrilla/proxy/state_impl/concrete_state.py
+++ b/src/hydrilla/proxy/state_impl/concrete_state.py
@@ -47,6 +47,7 @@ from .. import state as st
from .. import policies
from .. import simple_dependency_satisfying as sds
from . import base
+from . import rules
from . import items
from . import repos
from . import payloads
@@ -143,7 +144,7 @@ class ConcreteHaketiloState(base.HaketiloStateWithFields):
repo_id = repo_id
)
- self.rebuild_structures()
+ self.rebuild_structures(rules=False)
def prune_orphans(self) -> None:
with self.cursor() as cursor:
@@ -163,7 +164,7 @@ class ConcreteHaketiloState(base.HaketiloStateWithFields):
unlocked_required_mappings = unlocked_required_mappings
)
- self.rebuild_structures()
+ self.rebuild_structures(rules=False)
def pull_missing_files(self) -> None:
with self.cursor() as cursor:
@@ -182,6 +183,29 @@ class ConcreteHaketiloState(base.HaketiloStateWithFields):
ui_factory
)
+ # Put script blocking/allowing rules in policy tree.
+ cursor.execute('SELECT pattern, allow_scripts FROM rules;')
+
+ for pattern, allow_scripts in cursor.fetchall():
+ for parsed_pattern in url_patterns.parse_pattern(pattern):
+ factory: policies.PolicyFactory
+ if allow_scripts:
+ factory = policies.RuleAllowPolicyFactory(
+ builtin = False,
+ pattern = parsed_pattern
+ )
+ else:
+ factory = policies.RuleBlockPolicyFactory(
+ builtin = False,
+ pattern = parsed_pattern
+ )
+
+ new_policy_tree = new_policy_tree.register(
+ parsed_pattern = parsed_pattern,
+ item = factory
+ )
+
+ # Put script payload rules in policy tree.
cursor.execute(
'''
SELECT
@@ -202,15 +226,10 @@ class ConcreteHaketiloState(base.HaketiloStateWithFields):
'''
)
- rows = cursor.fetchall()
-
new_payloads_data: dict[st.PayloadRef, st.PayloadData] = {}
- for row in rows:
- (payload_id_int, pattern, eval_allowed, cors_bypass_allowed,
- enabled_status,
- identifier) = row
-
+ for (payload_id_int, pattern, eval_allowed, cors_bypass_allowed,
+ enabled_status, identifier) in cursor.fetchall():
payload_ref = payloads.ConcretePayloadRef(str(payload_id_int), self)
previous_data = self.payloads_data.get(payload_ref)
@@ -245,10 +264,16 @@ class ConcreteHaketiloState(base.HaketiloStateWithFields):
self.policy_tree = new_policy_tree
self.payloads_data = new_payloads_data
- def rebuild_structures(self) -> None:
+ def rebuild_structures(self, *, payloads: bool = True, rules: bool = True) \
+ -> None:
+ # The `payloads` and `rules` args will be useful for optimization but
+ # for now we're not yet using them.
with self.cursor() as cursor:
self._rebuild_structures(cursor)
+ def rule_store(self) -> st.RuleStore:
+ return rules.ConcreteRuleStore(self)
+
def repo_store(self) -> st.RepoStore:
return repos.ConcreteRepoStore(self)
diff --git a/src/hydrilla/proxy/state_impl/repos.py b/src/hydrilla/proxy/state_impl/repos.py
index 383d147..4afd86f 100644
--- a/src/hydrilla/proxy/state_impl/repos.py
+++ b/src/hydrilla/proxy/state_impl/repos.py
@@ -235,7 +235,7 @@ class ConcreteRepoRef(st.RepoRef):
except sqlite3.IntegrityError:
raise st.RepoNameTaken()
- self.state.rebuild_structures()
+ self.state.rebuild_structures(rules=False)
def refresh(self) -> None:
with self.state.cursor(transaction=True) as cursor:
diff --git a/src/hydrilla/proxy/state_impl/rules.py b/src/hydrilla/proxy/state_impl/rules.py
new file mode 100644
index 0000000..bd9480d
--- /dev/null
+++ b/src/hydrilla/proxy/state_impl/rules.py
@@ -0,0 +1,180 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# Haketilo proxy data and configuration (RuleRef and RuleStore subtypes).
+#
+# This file is part of Hydrilla&Haketilo.
+#
+# Copyright (C) 2022 Wojtek Kosior
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+#
+# I, Wojtek Kosior, thereby promise not to sue for violation of this
+# file's license. Although I request that you do not make use this code
+# in a proprietary program, I am not going to enforce this in court.
+
+"""
+This module provides an interface to interact with script allowing/blocking
+rules configured inside Haketilo.
+"""
+
+# Enable using with Python 3.7.
+from __future__ import annotations
+
+import sqlite3
+import typing as t
+import dataclasses as dc
+
+from ... import url_patterns
+from .. import state as st
+from . import base
+
+
+def ensure_rule_not_deleted(cursor: sqlite3.Cursor, rule_id: str) -> None:
+ cursor.execute('SELECT COUNT(*) from rules where rule_id = ?;', (rule_id,))
+
+ (rule_present,), = cursor.fetchall()
+
+ if not rule_present:
+ raise st.MissingItemError()
+
+def sanitize_rule_pattern(pattern: str) -> str:
+ pattern = pattern.strip()
+
+ try:
+ assert pattern
+ return url_patterns.normalize_pattern(pattern)
+ except:
+ raise st.RulePatternInvalid()
+
+
+@dc.dataclass(frozen=True, unsafe_hash=True)
+class ConcreteRuleRef(st.RuleRef):
+ state: base.HaketiloStateWithFields = dc.field(hash=False, compare=False)
+
+ def remove(self) -> None:
+ with self.state.cursor(transaction=True) as cursor:
+ ensure_rule_not_deleted(cursor, self.id)
+
+ cursor.execute('DELETE FROM rules WHERE rule_id = ?;', self.id)
+
+ self.state.rebuild_structures(payloads=False)
+
+ def update(
+ self,
+ *,
+ pattern: t.Optional[str] = None,
+ allow: t.Optional[bool] = None
+ ) -> None:
+ if pattern is not None:
+ pattern = sanitize_rule_pattern(pattern)
+
+ if pattern is None and allow is None:
+ return
+
+ with self.state.cursor(transaction=True) as cursor:
+ ensure_rule_not_deleted(cursor, self.id)
+
+ if allow is not None:
+ cursor.execute(
+ 'UPDATE rules SET allow_scripts = ? WHERE rule_id = ?;',
+ (allow, self.id)
+ )
+
+ if pattern is not None:
+ cursor.execute(
+ 'DELETE FROM rules WHERE pattern = ? AND rule_id != ?;',
+ (pattern, self.id)
+ )
+
+ cursor.execute(
+ 'UPDATE rules SET pattern = ? WHERE rule_id = ?;',
+ (pattern, self.id)
+ )
+
+ self.state.rebuild_structures(payloads=False)
+
+ def get_display_info(self) -> st.RuleDisplayInfo:
+ with self.state.cursor() as cursor:
+ cursor.execute(
+ 'SELECT pattern, allow_scripts FROM rules WHERE rule_id = ?;',
+ (self.id,)
+ )
+
+ rows = cursor.fetchall()
+
+ if rows == []:
+ raise st.MissingItemError()
+
+ (pattern, allow), = rows
+
+ return st.RuleDisplayInfo(self, pattern, allow)
+
+
+@dc.dataclass(frozen=True)
+class ConcreteRuleStore(st.RuleStore):
+ state: base.HaketiloStateWithFields
+
+ def get(self, id: str) -> st.RuleRef:
+ return ConcreteRuleRef(str(int(id)), self.state)
+
+ def add(self, pattern: str, allow: bool) -> st.RuleRef:
+ pattern = sanitize_rule_pattern(pattern)
+
+ with self.state.cursor(transaction=True) as cursor:
+ cursor.execute(
+ '''
+ INSERT INTO rules(pattern, allow_scripts)
+ VALUES (?, ?)
+ ON CONFLICT (pattern)
+ DO UPDATE SET allow_scripts = excluded.allow_scripts;
+ ''',
+ (pattern, allow)
+ )
+
+ cursor.execute(
+ 'SELECT rule_id FROM rules WHERE pattern = ?;',
+ (pattern,)
+ )
+
+ (rule_id,), = cursor.fetchall()
+
+ return ConcreteRuleRef(str(rule_id), self.state)
+
+ def get_display_infos(self, allow: t.Optional[bool] = None) \
+ -> t.Sequence[st.RuleDisplayInfo]:
+ with self.state.cursor() as cursor:
+ cursor.execute(
+ '''
+ SELECT
+ rule_id, pattern, allow_scripts
+ FROM
+ rules
+ WHERE
+ COALESCE(allow_scripts = ?, TRUE)
+ ORDER BY
+ pattern;
+ ''',
+ (allow,)
+ )
+
+ rows = cursor.fetchall()
+
+ result = []
+ for rule_id, pattern, allow_scripts in rows:
+ ref = ConcreteRuleRef(str(rule_id), self.state)
+
+ result.append(st.RuleDisplayInfo(ref, pattern, allow_scripts))
+
+ return result
diff --git a/src/hydrilla/proxy/web_ui/root.py b/src/hydrilla/proxy/web_ui/root.py
index 855345e..763abab 100644
--- a/src/hydrilla/proxy/web_ui/root.py
+++ b/src/hydrilla/proxy/web_ui/root.py
@@ -45,6 +45,7 @@ from ... import item_infos
from .. import state as st
from .. import http_messages
from . import options
+from . import rules
from . import repos
from . import items
from . import prompts
@@ -94,7 +95,7 @@ class WebUIAppImpl(_app.WebUIApp):
self.before_request(authenticate_by_referrer)
- for blueprint in [repos.bp, items.bp, prompts.bp, options.bp]:
+ for blueprint in [rules.bp, repos.bp, items.bp, prompts.bp, options.bp]:
self.register_blueprint(blueprint)
# Flask app is not thread-safe and has to be accompanied by an ugly lock. This
diff --git a/src/hydrilla/proxy/web_ui/rules.py b/src/hydrilla/proxy/web_ui/rules.py
new file mode 100644
index 0000000..79d0b99
--- /dev/null
+++ b/src/hydrilla/proxy/web_ui/rules.py
@@ -0,0 +1,111 @@
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# Proxy web UI script blocking rule management.
+#
+# This file is part of Hydrilla&Haketilo.
+#
+# Copyright (C) 2022 Wojtek Kosior
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+#
+# I, Wojtek Kosior, thereby promise not to sue for violation of this
+# file's license. Although I request that you do not make use this code
+# in a proprietary program, I am not going to enforce this in court.
+
+# Enable using with Python 3.7.
+from __future__ import annotations
+
+import typing as t
+
+import flask
+import werkzeug
+
+from .. import state as st
+from . import _app
+
+
+bp = flask.Blueprint('rules', __package__)
+
+@bp.route('/rules/add', methods=['GET'])
+def add_rule(errors: t.Mapping[str, bool] = {}) -> werkzeug.Response:
+ html = flask.render_template('rules/add.html.jinja', **errors)
+ return flask.make_response(html, 200)
+
+@bp.route('/rules/add', methods=['POST'])
+def add_rule_post() -> werkzeug.Response:
+ form_data = flask.request.form
+
+ try:
+ new_rule_ref = _app.get_haketilo_state().rule_store().add(
+ pattern = form_data['pattern'],
+ allow = form_data['allow'] == 'true'
+ )
+ except st.RulePatternInvalid:
+ return add_rule({'rule_pattern_invalid': True})
+
+ return flask.redirect(flask.url_for('.show_rule', rule_id=new_rule_ref.id))
+
+@bp.route('/rules', methods=['GET'])
+def rules(errors: t.Mapping[str, bool] = {}) -> werkzeug.Response:
+ store = _app.get_haketilo_state().rule_store()
+
+ html = flask.render_template(
+ 'rules/index.html.jinja',
+ display_infos = store.get_display_infos(),
+ **errors
+ )
+ return flask.make_response(html, 200)
+
+@bp.route('/rules/view/<string:rule_id>')
+def show_rule(rule_id: str, errors: t.Mapping[str, bool] = {}) \
+ -> werkzeug.Response:
+ try:
+ store = _app.get_haketilo_state().rule_store()
+ display_info = store.get(rule_id).get_display_info()
+
+ html = flask.render_template(
+ 'rules/show_single.html.jinja',
+ display_info = display_info,
+ **errors
+ )
+ return flask.make_response(html, 200)
+ except st.MissingItemError:
+ flask.abort(404)
+
+@bp.route('/rules/view/<string:rule_id>', methods=['POST'])
+def alter_rule(rule_id: str) -> werkzeug.Response:
+ form_data = flask.request.form
+ action = form_data['action']
+
+ try:
+ rule_ref = _app.get_haketilo_state().rule_store().get(rule_id)
+
+ if action == 'remove_rule':
+ rule_ref.remove()
+ return flask.redirect(flask.url_for('.rules'))
+ elif action == 'update_rule_data':
+ allow_param = form_data.get('allow')
+ rule_ref.update(
+ pattern = form_data.get('pattern'),
+ allow = None if allow_param is None else allow_param == 'true'
+ )
+ else:
+ raise ValueError()
+ except st.RulePatternInvalid:
+ return show_rule(rule_id, {'rule_pattern_invalid': True})
+ except st.MissingItemError:
+ flask.abort(404)
+
+ return flask.redirect(flask.url_for('.show_rule', rule_id=rule_id))
diff --git a/src/hydrilla/proxy/web_ui/templates/base.html.jinja b/src/hydrilla/proxy/web_ui/templates/base.html.jinja
index 9808c16..5bdb837 100644
--- a/src/hydrilla/proxy/web_ui/templates/base.html.jinja
+++ b/src/hydrilla/proxy/web_ui/templates/base.html.jinja
@@ -238,6 +238,7 @@ in a proprietary work, I am not going to enforce this in court.
set navigation_bar = [
('home', _('web_ui.base.nav.home')),
('options.options', _('web_ui.base.nav.options')),
+ ('rules.rules', _('web_ui.base.nav.rules')),
('items.packages', _('web_ui.base.nav.packages')),
('items.libraries', _('web_ui.base.nav.libraries')),
('repos.repos', _('web_ui.base.nav.repos')),
diff --git a/src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja b/src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja
new file mode 100644
index 0000000..ab21834
--- /dev/null
+++ b/src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja
@@ -0,0 +1,64 @@
+{#
+SPDX-License-Identifier: GPL-3.0-or-later OR CC-BY-SA-4.0
+
+Proxy web UI script blocking/allowing rule creation page.
+
+This file is part of Hydrilla&Haketilo.
+
+Copyright (C) 2022 Wojtek Kosior
+
+Dual licensed under
+* GNU General Public License v3.0 or later and
+* Creative Commons Attribution Share Alike 4.0 International.
+
+You can choose to use either of these licenses or both.
+
+
+I, Wojtek Kosior, thereby promise not to sue for violation of this
+file's licenses. Although I request that you do not make use this code
+in a proprietary work, I am not going to enforce this in court.
+#}
+{% extends "base.html.jinja" %}
+
+{% block title %} {{ _('web_ui.rules.add.title') }} {% endblock %}
+
+{% block main %}
+ <h3>{{ _('web_ui.rules.add.heading') }}</h3>
+ <form method="POST">
+ {% if rule_pattern_invalid is defined %}
+ {{ error_note(_('web_ui.err.rule_pattern_invalid')) }}
+ {% endif %}
+
+ <label for="pattern_field" class="block-with-bottom-margin">
+ {{ _('web_ui.rules.add.pattern_field_label') }}
+ </label>
+
+ <div class="flex-row">
+ <input id="pattern_field" name="pattern" required="">
+ </div>
+
+ <div class="horizontal-separator"></div>
+
+ <label class="block-with-bottom-margin">
+ {{ _('web_ui.rules.add.block_or_allow_label') }}
+ </label>
+
+ <div class="block-with-bottom-margin">
+ <input id="block_box" name="allow" type="radio" value="false" checked="">
+ <label for="block_box"> {{ _('web_ui.rules.add.block_label') }} </label>
+ </div>
+
+ <div class="block-with-bottom-margin">
+ <input id="allow_box" name="allow" type="radio" value="true">
+ <label for="allow_box"> {{ _('web_ui.rules.add.allow_label') }} </label>
+ </div>
+
+ <div class="horizontal-separator"></div>
+
+ <div class="flex-row block-with-bottom-margin">
+ <button class="green-button">
+ {{ _('web_ui.rules.add.submit_button') }}
+ </button>
+ </div>
+ </form>
+{% endblock %}
diff --git a/src/hydrilla/proxy/web_ui/templates/rules/index.html.jinja b/src/hydrilla/proxy/web_ui/templates/rules/index.html.jinja
new file mode 100644
index 0000000..5f290e0
--- /dev/null
+++ b/src/hydrilla/proxy/web_ui/templates/rules/index.html.jinja
@@ -0,0 +1,61 @@
+{#
+SPDX-License-Identifier: GPL-3.0-or-later OR CC-BY-SA-4.0
+
+Proxy web UI script allowing/blocking rule list page.
+
+This file is part of Hydrilla&Haketilo.
+
+Copyright (C) 2022 Wojtek Kosior
+
+Dual licensed under
+* GNU General Public License v3.0 or later and
+* Creative Commons Attribution Share Alike 4.0 International.
+
+You can choose to use either of these licenses or both.
+
+
+I, Wojtek Kosior, thereby promise not to sue for violation of this
+file's licenses. Although I request that you do not make use this code
+in a proprietary work, I am not going to enforce this in court.
+#}
+{% extends "base.html.jinja" %}
+
+{% block title %}{{ _('web_ui.rules.title') }}{% endblock %}
+
+{% block style %}
+ {{ super() }}
+
+ {% include 'include/item_list_style.css.jinja' %}
+{% endblock %}
+
+{% block main %}
+ <h3>{{ _('web_ui.rules.heading') }}</h3>
+
+ <a href="{{ url_for('.add_rule') }}"
+ class="green-button block-with-bottom-margin">
+ {{ _('web_ui.rules.add_rule_button') }}
+ </a>
+
+ <div class="horizontal-separator"></div>
+
+ <h4>{{ _('web_ui.rules.rule_list_heading') }}</h4>
+
+ <ul id="item_list">
+ {% for info in display_infos %}
+
+ {% if info.allow_scripts %}
+ {% set entry_classes = ['entry-line-red'] %}
+ {% else %}
+ {% set entry_classes = ['entry-line-blue'] %}
+ {% endif %}
+
+ <li class="{{ entry_classes|join(' ') }}">
+ <a href="{{ url_for('.show_rule', rule_id=info.ref.id) }}">
+ <div>
+ {{ info.pattern }}
+ </div>
+ </a>
+ </li>
+ {% endfor %}
+ </ul>
+{% endblock %}
diff --git a/src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja b/src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja
new file mode 100644
index 0000000..ad0c19c
--- /dev/null
+++ b/src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja
@@ -0,0 +1,106 @@
+{#
+SPDX-License-Identifier: GPL-3.0-or-later OR CC-BY-SA-4.0
+
+Proxy web UI script allowing/blocking rule modification page.
+
+This file is part of Hydrilla&Haketilo.
+
+Copyright (C) 2022 Wojtek Kosior
+
+Dual licensed under
+* GNU General Public License v3.0 or later and
+* Creative Commons Attribution Share Alike 4.0 International.
+
+You can choose to use either of these licenses or both.
+
+
+I, Wojtek Kosior, thereby promise not to sue for violation of this
+file's licenses. Although I request that you do not make use this code
+in a proprietary work, I am not going to enforce this in court.
+#}
+{% extends "base.html.jinja" %}
+
+{% block title %} {{ _('web_ui.rules.single.title') }} {% endblock %}
+
+{% block style %}
+ {{ super() }}
+
+ {% include 'include/checkbox_tricks_style.css.jinja' %}
+{% endblock %}
+
+{% block main %}
+ <h3>
+ {% if display_info.allow_scripts %}
+ {{ _('web_ui.rules.single.heading.allow') }}
+ {% else %}
+ {{ _('web_ui.rules.single.heading.block') }}
+ {% endif %}
+ </h3>
+
+ <p>
+ {{ _('web_ui.rules.single.pattern_is_{}').format(display_info.pattern) }}
+ </p>
+
+ {% if rule_pattern_invalid is defined %}
+ {% set checked_attr = '' %}
+ {% else %}
+ {% set checked_attr = 'checked=""' %}
+ {% endif %}
+ <input id="hide_pattern_edit_form" type="checkbox"
+ class="chbx-tricks-show-hide" {{ checked_attr }}>
+ <label for="hide_pattern_edit_form"
+ class="green-button block-with-bottom-margin">
+ {{ _('web_ui.rules.single.update_pattern_button') }}
+ </label>
+
+ <form method="POST">
+ <input type="hidden" name="action" value="update_rule_data">
+
+ {% if rule_pattern_invalid is defined %}
+ {{ error_note(_('web_ui.err.rule_pattern_invalid')) }}
+ {% endif %}
+
+ <div class="flex-row">
+ <input name="pattern" value="{{ display_info.pattern }}" required="">
+ </div>
+
+ <div class="flex-row">
+ <button class="green-button button-bordering-right">
+ {{ _('web_ui.rules.single.commit_update_pattern_button') }}
+ </button>
+ <div class="button-row-separator"></div>
+ <label for="hide_pattern_edit_form"
+ class="green-button button-bordering-left">
+ {{ _('web_ui.rules.single.abort_update_pattern_button') }}
+ </label>
+ </div>
+ </form>
+
+ <div class="horizontal-separator"></div>
+
+ {% set allow_but_classes = ['red-button'] %}
+ {% set block_but_classes = ['blue-button'] %}
+
+ {% set allow_text = _('web_ui.rules.single.allow_button') %}
+ {% set block_text = _('web_ui.rules.single.block_button') %}
+
+ {% if display_info.allow_scripts %}
+ {% do allow_but_classes.append('disabled-button') %}
+ {% else %}
+ {% do block_but_classes.append('disabled-button') %}
+ {% endif %}
+
+ {{
+ button_row([
+ (allow_but_classes, allow_text, {'allow': 'true'}),
+ (block_but_classes, block_text, {'allow': 'false'})
+ ], {'action': 'update_rule_data'}
+ )
+ }}
+
+ <div class="horizontal-separator"></div>
+
+ {% set button_text = _('web_ui.rules.single.remove_button') %}
+ {% set extra_fields = {'action': 'remove_rule'} %}
+ {{ button_row([(['green-button'], button_text, extra_fields)]) }}
+{% endblock %}
diff --git a/src/hydrilla/url_patterns.py b/src/hydrilla/url_patterns.py
index 278827a..1b5fa10 100644
--- a/src/hydrilla/url_patterns.py
+++ b/src/hydrilla/url_patterns.py
@@ -57,7 +57,7 @@ class ParsedUrl:
path_segments: tuple[str, ...] = dc.field(hash=False, compare=False)
query: str = dc.field(hash=False, compare=False)
has_trailing_slash: bool = dc.field(hash=False, compare=False)
- port: int = dc.field(hash=False, compare=False)
+ port: t.Optional[int] = dc.field(hash=False, compare=False)
@property
def url_without_path(self) -> str:
@@ -67,12 +67,12 @@ class ParsedUrl:
netloc = '.'.join(reversed(self.domain_labels))
if self.port is not None and \
- default_ports[scheme] != self.port:
+ default_ports.get(scheme) != self.port:
netloc += f':{self.port}'
return f'{scheme}://{netloc}'
- def _reconstruct_url(self) -> str:
+ def reconstruct_url(self) -> str:
"""...."""
path = '/'.join(('', *self.path_segments))
if self.has_trailing_slash:
@@ -82,7 +82,7 @@ class ParsedUrl:
def path_append(self: ParsedUrlType, *new_segments: str) -> ParsedUrlType:
"""...."""
- new_url = self._reconstruct_url()
+ new_url = self.reconstruct_url()
if not self.has_trailing_slash:
new_url += '/'
@@ -114,8 +114,11 @@ ParsedPattern = t.NewType('ParsedPattern', ParsedUrl)
# actually supported by Hydrilla server and Haketilo proxy.
supported_schemes = 'http', 'https', 'ftp', 'file'
-def _parse_pattern_or_url(url: str, orig_url: str, is_pattern: bool = False) \
- -> ParsedUrl:
+def _parse_pattern_or_url(
+ url: str,
+ orig_url: str,
+ is_pattern: bool = False
+) -> ParsedUrl:
"""...."""
if not is_pattern:
assert orig_url == url
@@ -164,7 +167,7 @@ def _parse_pattern_or_url(url: str, orig_url: str, is_pattern: bool = False) \
else:
raise HaketiloException(_('err.url_{}.bad_port').format(url))
- port = t.cast(int, explicit_port or default_ports.get(parse_result.scheme))
+ port = explicit_port or default_ports.get(parse_result.scheme)
# Make URL's hostname into a list of labels in reverse order. E.g.
# 'https://a.bc..de.fg.com/h/i/' -> ['com', 'fg', 'de', 'bc', 'a']
@@ -215,8 +218,21 @@ def parse_pattern(url_pattern: str) -> t.Iterator[ParsedPattern]:
patterns = [url_pattern]
for pat in patterns:
- yield ParsedPattern(_parse_pattern_or_url(pat, url_pattern, True))
+ yield ParsedPattern(
+ _parse_pattern_or_url(pat, url_pattern, True)
+ )
def parse_url(url: str) -> ParsedUrl:
"""...."""
return _parse_pattern_or_url(url, url)
+
+
+def normalize_pattern(url_pattern: str) -> str:
+ parsed = next(parse_pattern(url_pattern))
+
+ reconstructed = parsed.reconstruct_url()
+
+ if url_pattern.startswith('http*'):
+ reconstructed = replace_scheme_regex.sub('http*', reconstructed)
+
+ return reconstructed