From 8e022103636121b13d2ad63d61b84ca927e4aeb1 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Mon, 12 Sep 2022 13:55:35 +0200 Subject: [proxy] Add support for script blocking/allowing rules --- src/hydrilla/locales/en_US/LC_MESSAGES/messages.po | 129 ++++++++++++--- src/hydrilla/pattern_tree.py | 4 +- src/hydrilla/proxy/policies/rule.py | 2 +- src/hydrilla/proxy/state.py | 47 +++++- src/hydrilla/proxy/state_impl/base.py | 3 +- src/hydrilla/proxy/state_impl/concrete_state.py | 45 ++++-- src/hydrilla/proxy/state_impl/repos.py | 2 +- src/hydrilla/proxy/state_impl/rules.py | 180 +++++++++++++++++++++ src/hydrilla/proxy/web_ui/root.py | 3 +- src/hydrilla/proxy/web_ui/rules.py | 111 +++++++++++++ .../proxy/web_ui/templates/base.html.jinja | 1 + .../proxy/web_ui/templates/rules/add.html.jinja | 64 ++++++++ .../proxy/web_ui/templates/rules/index.html.jinja | 61 +++++++ .../web_ui/templates/rules/show_single.html.jinja | 106 ++++++++++++ src/hydrilla/url_patterns.py | 32 +++- 15 files changed, 746 insertions(+), 44 deletions(-) create mode 100644 src/hydrilla/proxy/state_impl/rules.py create mode 100644 src/hydrilla/proxy/web_ui/rules.py create mode 100644 src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja create mode 100644 src/hydrilla/proxy/web_ui/templates/rules/index.html.jinja create mode 100644 src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja diff --git a/src/hydrilla/locales/en_US/LC_MESSAGES/messages.po b/src/hydrilla/locales/en_US/LC_MESSAGES/messages.po index c8d8831..29fabc6 100644 --- a/src/hydrilla/locales/en_US/LC_MESSAGES/messages.po +++ b/src/hydrilla/locales/en_US/LC_MESSAGES/messages.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: hydrilla 2.0\n" "Report-Msgid-Bugs-To: koszko@koszko.org\n" -"POT-Creation-Date: 2022-09-09 11:30+0200\n" +"POT-Creation-Date: 2022-09-12 13:44+0200\n" "PO-Revision-Date: 2022-02-12 00:00+0000\n" "Last-Translator: Wojtek Kosior \n" "Language: en_US\n" @@ -205,13 +205,13 @@ msgstr "Requested file could not be found." msgid "api.resource_not_enabled_for_access" msgstr "Requested resource is not enabled for access." -#: src/hydrilla/proxy/state_impl/concrete_state.py:120 +#: src/hydrilla/proxy/state_impl/concrete_state.py:121 msgid "err.proxy.unknown_db_schema" msgstr "" "Haketilo's data files have been altered, possibly by a newer version of " "Haketilo." -#: src/hydrilla/proxy/state_impl/concrete_state.py:124 +#: src/hydrilla/proxy/state_impl/concrete_state.py:125 msgid "err.proxy.no_sqlite_foreign_keys" msgstr "" "This installation of Haketilo uses an SQLite version which does not " @@ -221,27 +221,31 @@ msgstr "" msgid "web_ui.base.title.haketilo_proxy" msgstr "Haketilo" -#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:238 +#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:239 msgid "web_ui.base.nav.home" msgstr "Home" -#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:239 +#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:240 msgid "web_ui.base.nav.options" msgstr "Options" -#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:240 +#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:241 +msgid "web_ui.base.nav.rules" +msgstr "Script blocking" + +#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:242 msgid "web_ui.base.nav.packages" msgstr "Packages" -#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:241 +#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:243 msgid "web_ui.base.nav.libraries" msgstr "Libraries" -#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:242 +#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:244 msgid "web_ui.base.nav.repos" msgstr "Repositories" -#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:243 +#: src/hydrilla/proxy/web_ui/templates/base.html.jinja:245 msgid "web_ui.base.nav.load" msgstr "Import from file" @@ -764,6 +768,95 @@ msgstr "packages: {mappings}; libraries: {resources}" msgid "web_ui.repos.single.remove_button" msgstr "Remove repository" +#: src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja:23 +msgid "web_ui.rules.add.title" +msgstr "New rule" + +#: src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja:26 +msgid "web_ui.rules.add.heading" +msgstr "Define a new rule" + +#: src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja:29 +#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:60 +msgid "web_ui.err.rule_pattern_invalid" +msgstr "Chosen URL pattern is not vald." + +#: src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja:33 +msgid "web_ui.rules.add.pattern_field_label" +msgstr "URL pattern" + +#: src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja:43 +msgid "web_ui.rules.add.block_or_allow_label" +msgstr "Page's JavaScript treatment" + +#: src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja:48 +msgid "web_ui.rules.add.block_label" +msgstr "block" + +#: src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja:53 +msgid "web_ui.rules.add.allow_label" +msgstr "allow" + +#: src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja:60 +msgid "web_ui.rules.add.submit_button" +msgstr "Add rule" + +#: src/hydrilla/proxy/web_ui/templates/rules/index.html.jinja:23 +msgid "web_ui.rules.title" +msgstr "Script blocking" + +#: src/hydrilla/proxy/web_ui/templates/rules/index.html.jinja:32 +msgid "web_ui.rules.heading" +msgstr "Manage script blocking" + +#: src/hydrilla/proxy/web_ui/templates/rules/index.html.jinja:36 +msgid "web_ui.rules.add_rule_button" +msgstr "Define new rule" + +#: src/hydrilla/proxy/web_ui/templates/rules/index.html.jinja:41 +msgid "web_ui.rules.rule_list_heading" +msgstr "Defined rules" + +#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:23 +msgid "web_ui.rules.single.title" +msgstr "Rule view" + +#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:34 +msgid "web_ui.rules.single.heading.allow" +msgstr "Script allowing rule" + +#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:36 +msgid "web_ui.rules.single.heading.block" +msgstr "Script blocking rule" + +#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:41 +msgid "web_ui.rules.single.pattern_is_{}" +msgstr "Rule applies to all pages that match pattern '{}'." + +#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:53 +msgid "web_ui.rules.single.update_pattern_button" +msgstr "Change URL pattern" + +#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:69 +msgid "web_ui.rules.single.commit_update_pattern_button" +msgstr "Set new pattern" + +#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:74 +msgid "web_ui.rules.single.abort_update_pattern_button" +msgstr "Cancel" + +#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:84 +msgid "web_ui.rules.single.allow_button" +msgstr "Allow JavaScript" + +#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:85 +msgid "web_ui.rules.single.block_button" +msgstr "Block JavaScript" + +#: src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja:103 +msgid "web_ui.rules.single.remove_button" +msgstr "Remove rule" + #: src/hydrilla/server/malcontent.py:79 msgid "err.server.malcontent_path_not_dir_{}" msgstr "Provided 'malcontent_dir' path does not name a directory: {}" @@ -857,39 +950,39 @@ msgstr "" "HTTP server like Apache2 or Nginx. You can configure Hydrilla through the" " /etc/hydrilla/config.json file." -#: src/hydrilla/url_patterns.py:132 +#: src/hydrilla/url_patterns.py:135 msgid "err.url_pattern_{}.bad" msgstr "Not a valid Haketilo URL pattern: {}" -#: src/hydrilla/url_patterns.py:135 +#: src/hydrilla/url_patterns.py:138 msgid "err.url_{}.bad" msgstr "Not a valid URL: {}" -#: src/hydrilla/url_patterns.py:142 +#: src/hydrilla/url_patterns.py:145 msgid "err.url_pattern_{}.bad_scheme" msgstr "URL pattern has an unknown scheme: {}" -#: src/hydrilla/url_patterns.py:145 +#: src/hydrilla/url_patterns.py:148 msgid "err.url_{}.bad_scheme" msgstr "URL has an unknown scheme: {}" -#: src/hydrilla/url_patterns.py:150 +#: src/hydrilla/url_patterns.py:153 msgid "err.url_pattern_{}.special_scheme_port" msgstr "URL pattern has an explicit port while it shouldn't: {}" -#: src/hydrilla/url_patterns.py:162 +#: src/hydrilla/url_patterns.py:165 msgid "err.url_pattern_{}.bad_port" msgstr "URL pattern has a port outside of allowed range (1-65535): {}" -#: src/hydrilla/url_patterns.py:165 +#: src/hydrilla/url_patterns.py:168 msgid "err.url_{}.bad_port" msgstr "URL has a port outside of allowed range (1-65535): {}" -#: src/hydrilla/url_patterns.py:186 +#: src/hydrilla/url_patterns.py:189 msgid "err.url_pattern_{}.has_query" msgstr "URL pattern has a query string while it shouldn't: {}" -#: src/hydrilla/url_patterns.py:190 +#: src/hydrilla/url_patterns.py:193 msgid "err.url_pattern_{}.has_frag" msgstr "URL pattern has a fragment string while it shouldn't: {}" diff --git a/src/hydrilla/pattern_tree.py b/src/hydrilla/pattern_tree.py index e71f8d0..f606bc6 100644 --- a/src/hydrilla/pattern_tree.py +++ b/src/hydrilla/pattern_tree.py @@ -198,7 +198,7 @@ TreeStoredType = t.TypeVar('TreeStoredType', bound=t.Hashable) StoredSet = frozenset[StoredTreeItem[TreeStoredType]] PathBranch = PatternTreeBranch[StoredSet] DomainBranch = PatternTreeBranch[PathBranch] -TreeRoot = Map[tuple[str, int], DomainBranch] +TreeRoot = Map[tuple[str, t.Optional[int]], DomainBranch] @dc.dataclass(frozen=True) class PatternTree(t.Generic[TreeStoredType]): @@ -210,7 +210,7 @@ class PatternTree(t.Generic[TreeStoredType]): """ SelfType = t.TypeVar('SelfType', bound='PatternTree[TreeStoredType]') - _by_scheme_and_port: TreeRoot = Map() + _by_scheme_and_port: TreeRoot = Map() def _register( self: 'SelfType', diff --git a/src/hydrilla/proxy/policies/rule.py b/src/hydrilla/proxy/policies/rule.py index bcb110e..84b750b 100644 --- a/src/hydrilla/proxy/policies/rule.py +++ b/src/hydrilla/proxy/policies/rule.py @@ -109,7 +109,7 @@ class RulePolicyFactory(base.PolicyFactory): def __lt__(self, other: base.PolicyFactory) -> bool: """....""" - if type(other) is type(self): + if type(other) is not type(self): return super().__lt__(other) assert isinstance(other, RulePolicyFactory) diff --git a/src/hydrilla/proxy/state.py b/src/hydrilla/proxy/state.py index abea7a7..1ba87b4 100644 --- a/src/hydrilla/proxy/state.py +++ b/src/hydrilla/proxy/state.py @@ -133,6 +133,47 @@ class Store(ABC, t.Generic[RefType]): ... +class RulePatternInvalid(HaketiloException): + pass + +@dc.dataclass(frozen=True) +class RuleDisplayInfo: + ref: 'RuleRef' + pattern: str + allow_scripts: bool + +# mypy needs to be corrected: +# https://stackoverflow.com/questions/70999513/conflict-between-mix-ins-for-abstract-dataclasses/70999704#70999704 +@dc.dataclass(frozen=True, unsafe_hash=True) # type: ignore[misc] +class RuleRef(Ref): + @abstractmethod + def remove(self) -> None: + ... + + @abstractmethod + def update( + self, + *, + pattern: t.Optional[str] = None, + allow: t.Optional[bool] = None + ) -> None: + ... + + @abstractmethod + def get_display_info(self) -> RuleDisplayInfo: + ... + +class RuleStore(Store[RuleRef]): + @abstractmethod + def get_display_infos(self, allow: t.Optional[bool] = None) \ + -> t.Sequence[RuleDisplayInfo]: + ... + + @abstractmethod + def add(self, pattern: str, allow: bool) -> RuleRef: + ... + + class RepoNameInvalid(HaketiloException): pass @@ -161,8 +202,6 @@ class FileMissingError(FileInstallationError): class RepoApiVersionUnsupported(HaketiloException): pass -# mypy needs to be corrected: -# https://stackoverflow.com/questions/70999513/conflict-between-mix-ins-for-abstract-dataclasses/70999704#70999704 @dc.dataclass(frozen=True, unsafe_hash=True) # type: ignore[misc] class RepoRef(Ref): """....""" @@ -442,6 +481,10 @@ class HaketiloState(ABC): def import_items(self, malcontent_path: Path) -> None: ... + @abstractmethod + def rule_store(self) -> RuleStore: + ... + @abstractmethod def repo_store(self) -> RepoStore: """....""" diff --git a/src/hydrilla/proxy/state_impl/base.py b/src/hydrilla/proxy/state_impl/base.py index f969b19..a8800cb 100644 --- a/src/hydrilla/proxy/state_impl/base.py +++ b/src/hydrilla/proxy/state_impl/base.py @@ -246,7 +246,8 @@ class HaketiloStateWithFields(st.HaketiloState): ... @abstractmethod - def rebuild_structures(self) -> None: + def rebuild_structures(self, *, payloads: bool = True, rules: bool = True) \ + -> None: """ Recreation of data structures as done after every recomputation of dependencies as well as at startup. diff --git a/src/hydrilla/proxy/state_impl/concrete_state.py b/src/hydrilla/proxy/state_impl/concrete_state.py index cd32e83..a6d32f1 100644 --- a/src/hydrilla/proxy/state_impl/concrete_state.py +++ b/src/hydrilla/proxy/state_impl/concrete_state.py @@ -47,6 +47,7 @@ from .. import state as st from .. import policies from .. import simple_dependency_satisfying as sds from . import base +from . import rules from . import items from . import repos from . import payloads @@ -143,7 +144,7 @@ class ConcreteHaketiloState(base.HaketiloStateWithFields): repo_id = repo_id ) - self.rebuild_structures() + self.rebuild_structures(rules=False) def prune_orphans(self) -> None: with self.cursor() as cursor: @@ -163,7 +164,7 @@ class ConcreteHaketiloState(base.HaketiloStateWithFields): unlocked_required_mappings = unlocked_required_mappings ) - self.rebuild_structures() + self.rebuild_structures(rules=False) def pull_missing_files(self) -> None: with self.cursor() as cursor: @@ -182,6 +183,29 @@ class ConcreteHaketiloState(base.HaketiloStateWithFields): ui_factory ) + # Put script blocking/allowing rules in policy tree. + cursor.execute('SELECT pattern, allow_scripts FROM rules;') + + for pattern, allow_scripts in cursor.fetchall(): + for parsed_pattern in url_patterns.parse_pattern(pattern): + factory: policies.PolicyFactory + if allow_scripts: + factory = policies.RuleAllowPolicyFactory( + builtin = False, + pattern = parsed_pattern + ) + else: + factory = policies.RuleBlockPolicyFactory( + builtin = False, + pattern = parsed_pattern + ) + + new_policy_tree = new_policy_tree.register( + parsed_pattern = parsed_pattern, + item = factory + ) + + # Put script payload rules in policy tree. cursor.execute( ''' SELECT @@ -202,15 +226,10 @@ class ConcreteHaketiloState(base.HaketiloStateWithFields): ''' ) - rows = cursor.fetchall() - new_payloads_data: dict[st.PayloadRef, st.PayloadData] = {} - for row in rows: - (payload_id_int, pattern, eval_allowed, cors_bypass_allowed, - enabled_status, - identifier) = row - + for (payload_id_int, pattern, eval_allowed, cors_bypass_allowed, + enabled_status, identifier) in cursor.fetchall(): payload_ref = payloads.ConcretePayloadRef(str(payload_id_int), self) previous_data = self.payloads_data.get(payload_ref) @@ -245,10 +264,16 @@ class ConcreteHaketiloState(base.HaketiloStateWithFields): self.policy_tree = new_policy_tree self.payloads_data = new_payloads_data - def rebuild_structures(self) -> None: + def rebuild_structures(self, *, payloads: bool = True, rules: bool = True) \ + -> None: + # The `payloads` and `rules` args will be useful for optimization but + # for now we're not yet using them. with self.cursor() as cursor: self._rebuild_structures(cursor) + def rule_store(self) -> st.RuleStore: + return rules.ConcreteRuleStore(self) + def repo_store(self) -> st.RepoStore: return repos.ConcreteRepoStore(self) diff --git a/src/hydrilla/proxy/state_impl/repos.py b/src/hydrilla/proxy/state_impl/repos.py index 383d147..4afd86f 100644 --- a/src/hydrilla/proxy/state_impl/repos.py +++ b/src/hydrilla/proxy/state_impl/repos.py @@ -235,7 +235,7 @@ class ConcreteRepoRef(st.RepoRef): except sqlite3.IntegrityError: raise st.RepoNameTaken() - self.state.rebuild_structures() + self.state.rebuild_structures(rules=False) def refresh(self) -> None: with self.state.cursor(transaction=True) as cursor: diff --git a/src/hydrilla/proxy/state_impl/rules.py b/src/hydrilla/proxy/state_impl/rules.py new file mode 100644 index 0000000..bd9480d --- /dev/null +++ b/src/hydrilla/proxy/state_impl/rules.py @@ -0,0 +1,180 @@ +# SPDX-License-Identifier: GPL-3.0-or-later + +# Haketilo proxy data and configuration (RuleRef and RuleStore subtypes). +# +# This file is part of Hydrilla&Haketilo. +# +# Copyright (C) 2022 Wojtek Kosior +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# +# I, Wojtek Kosior, thereby promise not to sue for violation of this +# file's license. Although I request that you do not make use this code +# in a proprietary program, I am not going to enforce this in court. + +""" +This module provides an interface to interact with script allowing/blocking +rules configured inside Haketilo. +""" + +# Enable using with Python 3.7. +from __future__ import annotations + +import sqlite3 +import typing as t +import dataclasses as dc + +from ... import url_patterns +from .. import state as st +from . import base + + +def ensure_rule_not_deleted(cursor: sqlite3.Cursor, rule_id: str) -> None: + cursor.execute('SELECT COUNT(*) from rules where rule_id = ?;', (rule_id,)) + + (rule_present,), = cursor.fetchall() + + if not rule_present: + raise st.MissingItemError() + +def sanitize_rule_pattern(pattern: str) -> str: + pattern = pattern.strip() + + try: + assert pattern + return url_patterns.normalize_pattern(pattern) + except: + raise st.RulePatternInvalid() + + +@dc.dataclass(frozen=True, unsafe_hash=True) +class ConcreteRuleRef(st.RuleRef): + state: base.HaketiloStateWithFields = dc.field(hash=False, compare=False) + + def remove(self) -> None: + with self.state.cursor(transaction=True) as cursor: + ensure_rule_not_deleted(cursor, self.id) + + cursor.execute('DELETE FROM rules WHERE rule_id = ?;', self.id) + + self.state.rebuild_structures(payloads=False) + + def update( + self, + *, + pattern: t.Optional[str] = None, + allow: t.Optional[bool] = None + ) -> None: + if pattern is not None: + pattern = sanitize_rule_pattern(pattern) + + if pattern is None and allow is None: + return + + with self.state.cursor(transaction=True) as cursor: + ensure_rule_not_deleted(cursor, self.id) + + if allow is not None: + cursor.execute( + 'UPDATE rules SET allow_scripts = ? WHERE rule_id = ?;', + (allow, self.id) + ) + + if pattern is not None: + cursor.execute( + 'DELETE FROM rules WHERE pattern = ? AND rule_id != ?;', + (pattern, self.id) + ) + + cursor.execute( + 'UPDATE rules SET pattern = ? WHERE rule_id = ?;', + (pattern, self.id) + ) + + self.state.rebuild_structures(payloads=False) + + def get_display_info(self) -> st.RuleDisplayInfo: + with self.state.cursor() as cursor: + cursor.execute( + 'SELECT pattern, allow_scripts FROM rules WHERE rule_id = ?;', + (self.id,) + ) + + rows = cursor.fetchall() + + if rows == []: + raise st.MissingItemError() + + (pattern, allow), = rows + + return st.RuleDisplayInfo(self, pattern, allow) + + +@dc.dataclass(frozen=True) +class ConcreteRuleStore(st.RuleStore): + state: base.HaketiloStateWithFields + + def get(self, id: str) -> st.RuleRef: + return ConcreteRuleRef(str(int(id)), self.state) + + def add(self, pattern: str, allow: bool) -> st.RuleRef: + pattern = sanitize_rule_pattern(pattern) + + with self.state.cursor(transaction=True) as cursor: + cursor.execute( + ''' + INSERT INTO rules(pattern, allow_scripts) + VALUES (?, ?) + ON CONFLICT (pattern) + DO UPDATE SET allow_scripts = excluded.allow_scripts; + ''', + (pattern, allow) + ) + + cursor.execute( + 'SELECT rule_id FROM rules WHERE pattern = ?;', + (pattern,) + ) + + (rule_id,), = cursor.fetchall() + + return ConcreteRuleRef(str(rule_id), self.state) + + def get_display_infos(self, allow: t.Optional[bool] = None) \ + -> t.Sequence[st.RuleDisplayInfo]: + with self.state.cursor() as cursor: + cursor.execute( + ''' + SELECT + rule_id, pattern, allow_scripts + FROM + rules + WHERE + COALESCE(allow_scripts = ?, TRUE) + ORDER BY + pattern; + ''', + (allow,) + ) + + rows = cursor.fetchall() + + result = [] + for rule_id, pattern, allow_scripts in rows: + ref = ConcreteRuleRef(str(rule_id), self.state) + + result.append(st.RuleDisplayInfo(ref, pattern, allow_scripts)) + + return result diff --git a/src/hydrilla/proxy/web_ui/root.py b/src/hydrilla/proxy/web_ui/root.py index 855345e..763abab 100644 --- a/src/hydrilla/proxy/web_ui/root.py +++ b/src/hydrilla/proxy/web_ui/root.py @@ -45,6 +45,7 @@ from ... import item_infos from .. import state as st from .. import http_messages from . import options +from . import rules from . import repos from . import items from . import prompts @@ -94,7 +95,7 @@ class WebUIAppImpl(_app.WebUIApp): self.before_request(authenticate_by_referrer) - for blueprint in [repos.bp, items.bp, prompts.bp, options.bp]: + for blueprint in [rules.bp, repos.bp, items.bp, prompts.bp, options.bp]: self.register_blueprint(blueprint) # Flask app is not thread-safe and has to be accompanied by an ugly lock. This diff --git a/src/hydrilla/proxy/web_ui/rules.py b/src/hydrilla/proxy/web_ui/rules.py new file mode 100644 index 0000000..79d0b99 --- /dev/null +++ b/src/hydrilla/proxy/web_ui/rules.py @@ -0,0 +1,111 @@ +# SPDX-License-Identifier: GPL-3.0-or-later + +# Proxy web UI script blocking rule management. +# +# This file is part of Hydrilla&Haketilo. +# +# Copyright (C) 2022 Wojtek Kosior +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# +# I, Wojtek Kosior, thereby promise not to sue for violation of this +# file's license. Although I request that you do not make use this code +# in a proprietary program, I am not going to enforce this in court. + +# Enable using with Python 3.7. +from __future__ import annotations + +import typing as t + +import flask +import werkzeug + +from .. import state as st +from . import _app + + +bp = flask.Blueprint('rules', __package__) + +@bp.route('/rules/add', methods=['GET']) +def add_rule(errors: t.Mapping[str, bool] = {}) -> werkzeug.Response: + html = flask.render_template('rules/add.html.jinja', **errors) + return flask.make_response(html, 200) + +@bp.route('/rules/add', methods=['POST']) +def add_rule_post() -> werkzeug.Response: + form_data = flask.request.form + + try: + new_rule_ref = _app.get_haketilo_state().rule_store().add( + pattern = form_data['pattern'], + allow = form_data['allow'] == 'true' + ) + except st.RulePatternInvalid: + return add_rule({'rule_pattern_invalid': True}) + + return flask.redirect(flask.url_for('.show_rule', rule_id=new_rule_ref.id)) + +@bp.route('/rules', methods=['GET']) +def rules(errors: t.Mapping[str, bool] = {}) -> werkzeug.Response: + store = _app.get_haketilo_state().rule_store() + + html = flask.render_template( + 'rules/index.html.jinja', + display_infos = store.get_display_infos(), + **errors + ) + return flask.make_response(html, 200) + +@bp.route('/rules/view/') +def show_rule(rule_id: str, errors: t.Mapping[str, bool] = {}) \ + -> werkzeug.Response: + try: + store = _app.get_haketilo_state().rule_store() + display_info = store.get(rule_id).get_display_info() + + html = flask.render_template( + 'rules/show_single.html.jinja', + display_info = display_info, + **errors + ) + return flask.make_response(html, 200) + except st.MissingItemError: + flask.abort(404) + +@bp.route('/rules/view/', methods=['POST']) +def alter_rule(rule_id: str) -> werkzeug.Response: + form_data = flask.request.form + action = form_data['action'] + + try: + rule_ref = _app.get_haketilo_state().rule_store().get(rule_id) + + if action == 'remove_rule': + rule_ref.remove() + return flask.redirect(flask.url_for('.rules')) + elif action == 'update_rule_data': + allow_param = form_data.get('allow') + rule_ref.update( + pattern = form_data.get('pattern'), + allow = None if allow_param is None else allow_param == 'true' + ) + else: + raise ValueError() + except st.RulePatternInvalid: + return show_rule(rule_id, {'rule_pattern_invalid': True}) + except st.MissingItemError: + flask.abort(404) + + return flask.redirect(flask.url_for('.show_rule', rule_id=rule_id)) diff --git a/src/hydrilla/proxy/web_ui/templates/base.html.jinja b/src/hydrilla/proxy/web_ui/templates/base.html.jinja index 9808c16..5bdb837 100644 --- a/src/hydrilla/proxy/web_ui/templates/base.html.jinja +++ b/src/hydrilla/proxy/web_ui/templates/base.html.jinja @@ -238,6 +238,7 @@ in a proprietary work, I am not going to enforce this in court. set navigation_bar = [ ('home', _('web_ui.base.nav.home')), ('options.options', _('web_ui.base.nav.options')), + ('rules.rules', _('web_ui.base.nav.rules')), ('items.packages', _('web_ui.base.nav.packages')), ('items.libraries', _('web_ui.base.nav.libraries')), ('repos.repos', _('web_ui.base.nav.repos')), diff --git a/src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja b/src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja new file mode 100644 index 0000000..ab21834 --- /dev/null +++ b/src/hydrilla/proxy/web_ui/templates/rules/add.html.jinja @@ -0,0 +1,64 @@ +{# +SPDX-License-Identifier: GPL-3.0-or-later OR CC-BY-SA-4.0 + +Proxy web UI script blocking/allowing rule creation page. + +This file is part of Hydrilla&Haketilo. + +Copyright (C) 2022 Wojtek Kosior + +Dual licensed under +* GNU General Public License v3.0 or later and +* Creative Commons Attribution Share Alike 4.0 International. + +You can choose to use either of these licenses or both. + + +I, Wojtek Kosior, thereby promise not to sue for violation of this +file's licenses. Although I request that you do not make use this code +in a proprietary work, I am not going to enforce this in court. +#} +{% extends "base.html.jinja" %} + +{% block title %} {{ _('web_ui.rules.add.title') }} {% endblock %} + +{% block main %} +

{{ _('web_ui.rules.add.heading') }}

+
+ {% if rule_pattern_invalid is defined %} + {{ error_note(_('web_ui.err.rule_pattern_invalid')) }} + {% endif %} + + + +
+ +
+ +
+ + + +
+ + +
+ +
+ + +
+ +
+ +
+ +
+
+{% endblock %} diff --git a/src/hydrilla/proxy/web_ui/templates/rules/index.html.jinja b/src/hydrilla/proxy/web_ui/templates/rules/index.html.jinja new file mode 100644 index 0000000..5f290e0 --- /dev/null +++ b/src/hydrilla/proxy/web_ui/templates/rules/index.html.jinja @@ -0,0 +1,61 @@ +{# +SPDX-License-Identifier: GPL-3.0-or-later OR CC-BY-SA-4.0 + +Proxy web UI script allowing/blocking rule list page. + +This file is part of Hydrilla&Haketilo. + +Copyright (C) 2022 Wojtek Kosior + +Dual licensed under +* GNU General Public License v3.0 or later and +* Creative Commons Attribution Share Alike 4.0 International. + +You can choose to use either of these licenses or both. + + +I, Wojtek Kosior, thereby promise not to sue for violation of this +file's licenses. Although I request that you do not make use this code +in a proprietary work, I am not going to enforce this in court. +#} +{% extends "base.html.jinja" %} + +{% block title %}{{ _('web_ui.rules.title') }}{% endblock %} + +{% block style %} + {{ super() }} + + {% include 'include/item_list_style.css.jinja' %} +{% endblock %} + +{% block main %} +

{{ _('web_ui.rules.heading') }}

+ + + {{ _('web_ui.rules.add_rule_button') }} + + +
+ +

{{ _('web_ui.rules.rule_list_heading') }}

+ +
    + {% for info in display_infos %} + + {% if info.allow_scripts %} + {% set entry_classes = ['entry-line-red'] %} + {% else %} + {% set entry_classes = ['entry-line-blue'] %} + {% endif %} + +
  • + +
    + {{ info.pattern }} +
    +
    +
  • + {% endfor %} +
+{% endblock %} diff --git a/src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja b/src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja new file mode 100644 index 0000000..ad0c19c --- /dev/null +++ b/src/hydrilla/proxy/web_ui/templates/rules/show_single.html.jinja @@ -0,0 +1,106 @@ +{# +SPDX-License-Identifier: GPL-3.0-or-later OR CC-BY-SA-4.0 + +Proxy web UI script allowing/blocking rule modification page. + +This file is part of Hydrilla&Haketilo. + +Copyright (C) 2022 Wojtek Kosior + +Dual licensed under +* GNU General Public License v3.0 or later and +* Creative Commons Attribution Share Alike 4.0 International. + +You can choose to use either of these licenses or both. + + +I, Wojtek Kosior, thereby promise not to sue for violation of this +file's licenses. Although I request that you do not make use this code +in a proprietary work, I am not going to enforce this in court. +#} +{% extends "base.html.jinja" %} + +{% block title %} {{ _('web_ui.rules.single.title') }} {% endblock %} + +{% block style %} + {{ super() }} + + {% include 'include/checkbox_tricks_style.css.jinja' %} +{% endblock %} + +{% block main %} +

+ {% if display_info.allow_scripts %} + {{ _('web_ui.rules.single.heading.allow') }} + {% else %} + {{ _('web_ui.rules.single.heading.block') }} + {% endif %} +

+ +

+ {{ _('web_ui.rules.single.pattern_is_{}').format(display_info.pattern) }} +

+ + {% if rule_pattern_invalid is defined %} + {% set checked_attr = '' %} + {% else %} + {% set checked_attr = 'checked=""' %} + {% endif %} + + + +
+ + + {% if rule_pattern_invalid is defined %} + {{ error_note(_('web_ui.err.rule_pattern_invalid')) }} + {% endif %} + +
+ +
+ +
+ +
+ +
+
+ +
+ + {% set allow_but_classes = ['red-button'] %} + {% set block_but_classes = ['blue-button'] %} + + {% set allow_text = _('web_ui.rules.single.allow_button') %} + {% set block_text = _('web_ui.rules.single.block_button') %} + + {% if display_info.allow_scripts %} + {% do allow_but_classes.append('disabled-button') %} + {% else %} + {% do block_but_classes.append('disabled-button') %} + {% endif %} + + {{ + button_row([ + (allow_but_classes, allow_text, {'allow': 'true'}), + (block_but_classes, block_text, {'allow': 'false'}) + ], {'action': 'update_rule_data'} + ) + }} + +
+ + {% set button_text = _('web_ui.rules.single.remove_button') %} + {% set extra_fields = {'action': 'remove_rule'} %} + {{ button_row([(['green-button'], button_text, extra_fields)]) }} +{% endblock %} diff --git a/src/hydrilla/url_patterns.py b/src/hydrilla/url_patterns.py index 278827a..1b5fa10 100644 --- a/src/hydrilla/url_patterns.py +++ b/src/hydrilla/url_patterns.py @@ -57,7 +57,7 @@ class ParsedUrl: path_segments: tuple[str, ...] = dc.field(hash=False, compare=False) query: str = dc.field(hash=False, compare=False) has_trailing_slash: bool = dc.field(hash=False, compare=False) - port: int = dc.field(hash=False, compare=False) + port: t.Optional[int] = dc.field(hash=False, compare=False) @property def url_without_path(self) -> str: @@ -67,12 +67,12 @@ class ParsedUrl: netloc = '.'.join(reversed(self.domain_labels)) if self.port is not None and \ - default_ports[scheme] != self.port: + default_ports.get(scheme) != self.port: netloc += f':{self.port}' return f'{scheme}://{netloc}' - def _reconstruct_url(self) -> str: + def reconstruct_url(self) -> str: """....""" path = '/'.join(('', *self.path_segments)) if self.has_trailing_slash: @@ -82,7 +82,7 @@ class ParsedUrl: def path_append(self: ParsedUrlType, *new_segments: str) -> ParsedUrlType: """....""" - new_url = self._reconstruct_url() + new_url = self.reconstruct_url() if not self.has_trailing_slash: new_url += '/' @@ -114,8 +114,11 @@ ParsedPattern = t.NewType('ParsedPattern', ParsedUrl) # actually supported by Hydrilla server and Haketilo proxy. supported_schemes = 'http', 'https', 'ftp', 'file' -def _parse_pattern_or_url(url: str, orig_url: str, is_pattern: bool = False) \ - -> ParsedUrl: +def _parse_pattern_or_url( + url: str, + orig_url: str, + is_pattern: bool = False +) -> ParsedUrl: """....""" if not is_pattern: assert orig_url == url @@ -164,7 +167,7 @@ def _parse_pattern_or_url(url: str, orig_url: str, is_pattern: bool = False) \ else: raise HaketiloException(_('err.url_{}.bad_port').format(url)) - port = t.cast(int, explicit_port or default_ports.get(parse_result.scheme)) + port = explicit_port or default_ports.get(parse_result.scheme) # Make URL's hostname into a list of labels in reverse order. E.g. # 'https://a.bc..de.fg.com/h/i/' -> ['com', 'fg', 'de', 'bc', 'a'] @@ -215,8 +218,21 @@ def parse_pattern(url_pattern: str) -> t.Iterator[ParsedPattern]: patterns = [url_pattern] for pat in patterns: - yield ParsedPattern(_parse_pattern_or_url(pat, url_pattern, True)) + yield ParsedPattern( + _parse_pattern_or_url(pat, url_pattern, True) + ) def parse_url(url: str) -> ParsedUrl: """....""" return _parse_pattern_or_url(url, url) + + +def normalize_pattern(url_pattern: str) -> str: + parsed = next(parse_pattern(url_pattern)) + + reconstructed = parsed.reconstruct_url() + + if url_pattern.startswith('http*'): + reconstructed = replace_scheme_regex.sub('http*', reconstructed) + + return reconstructed -- cgit v1.2.3