Bugfix/autoescape (#35)

jirivrany · web-flow · commit e86ac0f94cb8 · 2024-01-18T13:01:38.000+01:00
* rename all j2 files back to html

* add Markup to dashboard to render tables from macros
diff --git a/config.example.py b/config.example.py
@@ -8,10 +8,10 @@ class Config():
     # Flask testing
     TESTING = False
     # SSO auth enabled
-    SSO_AUTH = False
+    SSO_AUTH = True
     # Authentication is done outside the app, use HTTP header to get the user uuid.
     # If SSO_AUTH is set to True, this option is ignored and SSO auth is used.
-    HEADER_AUTH = True
+    HEADER_AUTH = False
     # Name of HTTP header containing the UUID of authenticated user.
     # Only used when HEADER_AUTH is set to True
     AUTH_HEADER_NAME = 'X-Authenticated-User'
diff --git a/flowapp/__init__.py b/flowapp/__init__.py
@@ -87,13 +87,13 @@ def logout():
     def ext_login():
         header_name = app.config.get("AUTH_HEADER_NAME", 'X-Authenticated-User')
         if header_name not in request.headers:
-            return render_template("errors/401.j2")
+            return render_template("errors/401.html")
         uuid = request.headers.get(header_name)
         if uuid:
             try:
                 _register_user_to_session(uuid)
             except AttributeError:
-                return render_template("errors/401.j2")
+                return render_template("errors/401.html")
         return redirect("/")
 
     @app.route("/")
@@ -136,12 +136,12 @@ def shutdown_session(exception=None):
     # HTTP error handling
     @app.errorhandler(404)
     def not_found(error):
-        return render_template("errors/404.j2"), 404
+        return render_template("errors/404.html"), 404
 
     @app.errorhandler(500)
     def internal_error(exception):
         app.logger.error(exception)
-        return render_template("errors/500.j2"), 500
+        return render_template("errors/500.html"), 500
 
     @app.context_processor
     def utility_processor():
diff --git a/flowapp/instance_config.py b/flowapp/instance_config.py
@@ -99,23 +99,23 @@ class InstanceConfig:
     DASHBOARD = {
         "ipv4": {
             "name": "IPv4",
-            "macro_file": "macros.j2",
+            "macro_file": "macros.html",
             "macro_tbody": "build_ip_tbody",
             "macro_thead": "build_rules_thead",
             "table_colspan": 10,
             "table_columns": RULES_COLUMNS_V6,
         },
         "ipv6": {
             "name": "IPv6",
-            "macro_file": "macros.j2",
+            "macro_file": "macros.html",
             "macro_tbody": "build_ip_tbody",
             "macro_thead": "build_rules_thead",
             "table_colspan": 10,
             "table_columns": RULES_COLUMNS_V6,
         },
         "rtbh": {
             "name": "RTBH",
-            "macro_file": "macros.j2",
+            "macro_file": "macros.html",
             "macro_tbody": "build_rtbh_tbody",
             "macro_thead": "build_rules_thead",
             "table_colspan": 5,
diff --git a/flowapp/templates/errors/401.html b/flowapp/templates/errors/401.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block content %}
   <h1>Could not log you in.</h1>
   <p class="form-text">401: Unauthorized</p>
diff --git a/flowapp/templates/errors/404.html b/flowapp/templates/errors/404.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block content %}
   <h1>Sorry ...</h1>
   <p>There's nothing here!</p>
diff --git a/flowapp/templates/errors/500.html b/flowapp/templates/errors/500.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block content %}
   <h1>Error ...</h1>
   <p>Sorry ;-)</p>
diff --git a/flowapp/templates/forms/api_key.html b/flowapp/templates/forms/api_key.html
@@ -1,5 +1,5 @@
-{% extends 'layouts/default.j2' %}
-{% from 'forms/macros.j2' import render_field %}
+{% extends 'layouts/default.html' %}
+{% from 'forms/macros.html' import render_field %}
 {% block title %}Add New Machine with ApiKey{% endblock %}
 {% block content %}
   <h2>Add new ApiKey for your machine</h2>
diff --git a/flowapp/templates/forms/ipv4_rule.html b/flowapp/templates/forms/ipv4_rule.html
@@ -1,5 +1,5 @@
-{% extends 'layouts/default.j2' %}
-{% from 'forms/macros.j2' import render_field %}
+{% extends 'layouts/default.html' %}
+{% from 'forms/macros.html' import render_field %}
 {% block title %}Add IPv4 rule{% endblock %}
 {% block content %}
   <h2>{{ title or 'New'}} IPv4 rule</h2>
diff --git a/flowapp/templates/forms/ipv6_rule.html b/flowapp/templates/forms/ipv6_rule.html
@@ -1,5 +1,5 @@
-{% extends 'layouts/default.j2' %}
-{% from 'forms/macros.j2' import render_field %}
+{% extends 'layouts/default.html' %}
+{% from 'forms/macros.html' import render_field %}
 {% block title %}Add IPv6 rule{% endblock %}
 {% block content %}
   <h2>{{ title or 'New'}} IPv6 rule</h2>
diff --git a/flowapp/templates/forms/macros.html b/flowapp/templates/forms/macros.html
diff --git a/flowapp/templates/forms/rtbh_rule.html b/flowapp/templates/forms/rtbh_rule.html
@@ -1,5 +1,5 @@
-{% extends 'layouts/default.j2' %}
-{% from 'forms/macros.j2' import render_field %}
+{% extends 'layouts/default.html' %}
+{% from 'forms/macros.html' import render_field %}
 {% block title %}Add RTBH rule{% endblock %}
 {% block content %}
   <h2>{{ title or 'New'}} RTBH rule</h2>
diff --git a/flowapp/templates/forms/rule.html b/flowapp/templates/forms/rule.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block title %}Add IPv4 rule{% endblock %}
 {% block content %}
   <form action="/addrule" method="post">
diff --git a/flowapp/templates/forms/simple_form.html b/flowapp/templates/forms/simple_form.html
@@ -1,5 +1,5 @@
-{% extends 'layouts/default.j2' %}
-{% from 'forms/macros.j2' import render_form %}
+{% extends 'layouts/default.html' %}
+{% from 'forms/macros.html' import render_form %}
 
 {% block title %}
 {{ title }}
diff --git a/flowapp/templates/layouts/default.html b/flowapp/templates/layouts/default.html
diff --git a/flowapp/templates/macros.html b/flowapp/templates/macros.html
diff --git a/flowapp/templates/pages/actions.html b/flowapp/templates/pages/actions.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block title %}Flowspec Actions{% endblock %}
 {% block content %}
     <table class="table table-hover">
diff --git a/flowapp/templates/pages/api_key.html b/flowapp/templates/pages/api_key.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block title %}ExaFS - ApiKeys{% endblock %}
 {% block content %}
     <h1>Your machines and ApiKeys</h1>
diff --git a/flowapp/templates/pages/as_paths.html b/flowapp/templates/pages/as_paths.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block title %}AS Paths{% endblock %}
 {% block content %}
     <table class="table table-hover">
diff --git a/flowapp/templates/pages/communities.html b/flowapp/templates/pages/communities.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block title %}Flowspec RTBH communities{% endblock %}
 {% block content %}
     <table class="table table-hover">
diff --git a/flowapp/templates/pages/dashboard_admin.html b/flowapp/templates/pages/dashboard_admin.html
@@ -1,10 +1,10 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 
 
 {% block title %}Flowspec{% endblock %}
 {% block content %}
 
-    {% include 'pages/submenu_dashboard.j2' %}
+    {% include 'pages/submenu_dashboard.html' %}
     {% if display_rules %}
     <div class="row">
         <form action="{{ url_for('rules.group_operation') }}" method="post">
diff --git a/flowapp/templates/pages/dashboard_search.html b/flowapp/templates/pages/dashboard_search.html
@@ -1,10 +1,10 @@
-{% extends 'layouts/default.j2' %}
-{% from 'macros.j2' import build_ip_tbody, build_rtbh_tbody, build_rules_thead %}
+{% extends 'layouts/default.html' %}
+{% from 'macros.html' import build_ip_tbody, build_rtbh_tbody, build_rules_thead %}
 
 {% block title %}Flowspec{% endblock %}
 {% block content %}
 
-    {% include 'pages/submenu_dashboard.j2' %}
+    {% include 'pages/submenu_dashboard.html' %}
 
     <div class="row">
         <table class="table table-hover ip-table">
diff --git a/flowapp/templates/pages/dashboard_user.html b/flowapp/templates/pages/dashboard_user.html
@@ -1,11 +1,11 @@
-{% extends 'layouts/default.j2' %}
-{% from 'macros.j2' import build_ip_tbody, build_rtbh_tbody, build_rules_thead %}
+{% extends 'layouts/default.html' %}
+{% from 'macros.html' import build_ip_tbody, build_rtbh_tbody, build_rules_thead %}
 
 
 {% block title %}Flowspec{% endblock %}
 {% block content %}
 
-    {% include 'pages/submenu_dashboard.j2' %}
+    {% include 'pages/submenu_dashboard.html' %}
 
 
 
diff --git a/flowapp/templates/pages/dashboard_view.html b/flowapp/templates/pages/dashboard_view.html
@@ -1,11 +1,11 @@
-{% extends 'layouts/default.j2' %}
-{% from 'macros.j2' import build_ip_tbody, build_rtbh_tbody, build_rules_thead %}
+{% extends 'layouts/default.html' %}
+{% from 'macros.html' import build_ip_tbody, build_rtbh_tbody, build_rules_thead %}
 
 
 {% block title %}Flowspec{% endblock %}
 {% block content %}
 
-    {% include 'pages/submenu_dashboard_view.j2' %}
+    {% include 'pages/submenu_dashboard_view.html' %}
 
     {% if display_rules %}
     <h2>{{ rstate|capitalize }}  {{ table_title }}</h2>
diff --git a/flowapp/templates/pages/dashboard_whois.html b/flowapp/templates/pages/dashboard_whois.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 
 {% block title %}Flowspec{% endblock %}
 {% block content %}
diff --git a/flowapp/templates/pages/logout.html b/flowapp/templates/pages/logout.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block title %}Flowspec - logout{% endblock %}
 {% block content %}
     <h1>Good Bye</h1>
diff --git a/flowapp/templates/pages/logs.html b/flowapp/templates/pages/logs.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block title %}Flowspec Users{% endblock %}
 {% block content %}
     <h2>Commands log / latest on top</h2>
diff --git a/flowapp/templates/pages/orgs.html b/flowapp/templates/pages/orgs.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block title %}Flowspec Organziations{% endblock %}
 {% block content %}
     <table class="table table-hover">
diff --git a/flowapp/templates/pages/submenu_dashboard.html b/flowapp/templates/pages/submenu_dashboard.html
diff --git a/flowapp/templates/pages/submenu_dashboard_view.html b/flowapp/templates/pages/submenu_dashboard_view.html
diff --git a/flowapp/templates/pages/users.html b/flowapp/templates/pages/users.html
@@ -1,4 +1,4 @@
-{% extends 'layouts/default.j2' %}
+{% extends 'layouts/default.html' %}
 {% block title %}Flowspec Users{% endblock %}
 {% block content %}
     <table class="table table-hover">
diff --git a/flowapp/views/admin.py b/flowapp/views/admin.py
@@ -39,7 +39,7 @@ def log(page):
         .filter(Log.time > week_ago)
         .paginate(page=page, per_page=per_page, max_per_page=None, error_out=False)
     )
-    return render_template("pages/logs.j2", logs=logs)
+    return render_template("pages/logs.html", logs=logs)
 
 
 @admin.route("/user", methods=["GET", "POST"])
@@ -74,7 +74,7 @@ def user():
 
     action_url = url_for("admin.user")
     return render_template(
-        "forms/simple_form.j2",
+        "forms/simple_form.html",
         title="Add new user to Flowspec",
         form=form,
         action_url=action_url,
@@ -103,7 +103,7 @@ def edit_user(user_id):
     action_url = url_for("admin.edit_user", user_id=user_id)
 
     return render_template(
-        "forms/simple_form.j2",
+        "forms/simple_form.html",
         title="Editing {}".format(user.email),
         form=form,
         action_url=action_url,
@@ -136,15 +136,15 @@ def delete_user(user_id):
 @admin_required
 def users():
     users = User.query.all()
-    return render_template("pages/users.j2", users=users)
+    return render_template("pages/users.html", users=users)
 
 
 @admin.route("/organizations")
 @auth_required
 @admin_required
 def organizations():
     orgs = db.session.query(Organization).all()
-    return render_template("pages/orgs.j2", orgs=orgs)
+    return render_template("pages/orgs.html", orgs=orgs)
 
 
 @admin.route("/organization", methods=["GET", "POST"])
@@ -169,7 +169,7 @@ def organization():
 
     action_url = url_for("admin.organization")
     return render_template(
-        "forms/simple_form.j2",
+        "forms/simple_form.html",
         title="Add new organization to Flowspec",
         form=form,
         action_url=action_url,
@@ -191,7 +191,7 @@ def edit_organization(org_id):
 
     action_url = url_for("admin.edit_organization", org_id=org.id)
     return render_template(
-        "forms/simple_form.j2",
+        "forms/simple_form.html",
         title="Editing {}".format(org.name),
         form=form,
         action_url=action_url,
@@ -224,7 +224,7 @@ def delete_organization(org_id):
 @admin_required
 def as_paths():
     mpaths = db.session.query(ASPath).all()
-    return render_template("pages/as_paths.j2", paths=mpaths)
+    return render_template("pages/as_paths.html", paths=mpaths)
 
 
 @admin.route("/as-path", methods=["GET", "POST"])
@@ -247,7 +247,7 @@ def as_path():
 
     action_url = url_for("admin.as_path")
     return render_template(
-        "forms/simple_form.j2",
+        "forms/simple_form.html",
         title="Add new AS-path to Flowspec",
         form=form,
         action_url=action_url,
@@ -269,7 +269,7 @@ def edit_as_path(path_id):
 
     action_url = url_for("admin.edit_as_path", path_id=pth.id)
     return render_template(
-        "forms/simple_form.j2",
+        "forms/simple_form.html",
         title="Editing {}".format(pth.prefix),
         form=form,
         action_url=action_url,
@@ -296,7 +296,7 @@ def delete_as_path(path_id):
 @admin_required
 def actions():
     actions = db.session.query(Action).all()
-    return render_template("pages/actions.j2", actions=actions)
+    return render_template("pages/actions.html", actions=actions)
 
 
 @admin.route("/action", methods=["GET", "POST"])
@@ -329,7 +329,7 @@ def action():
 
     action_url = url_for("admin.action")
     return render_template(
-        "forms/simple_form.j2",
+        "forms/simple_form.html",
         title="Add new action to Flowspec",
         form=form,
         action_url=action_url,
@@ -351,7 +351,7 @@ def edit_action(action_id):
 
     action_url = url_for("admin.edit_action", action_id=action.id)
     return render_template(
-        "forms/simple_form.j2",
+        "forms/simple_form.html",
         title="Editing {}".format(action.name),
         form=form,
         action_url=action_url,
@@ -383,7 +383,7 @@ def delete_action(action_id):
 @admin_required
 def communities():
     communities = db.session.query(Community).all()
-    return render_template("pages/communities.j2", communities=communities)
+    return render_template("pages/communities.html", communities=communities)
 
 
 @admin.route("/community", methods=["GET", "POST"])
@@ -416,7 +416,7 @@ def community():
 
     community_url = url_for("admin.community")
     return render_template(
-        "forms/simple_form.j2",
+        "forms/simple_form.html",
         title="Add new community to Flowspec",
         form=form,
         community_url=community_url,
@@ -438,7 +438,7 @@ def edit_community(community_id):
 
     community_url = url_for("admin.edit_community", community_id=community.id)
     return render_template(
-        "forms/simple_form.j2",
+        "forms/simple_form.html",
         title="Editing {}".format(community.name),
         form=form,
         community_url=community_url,
diff --git a/flowapp/views/api_keys.py b/flowapp/views/api_keys.py
diff --git a/flowapp/views/dashboard.py b/flowapp/views/dashboard.py
diff --git a/flowapp/views/rules.py b/flowapp/views/rules.py

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-{% extends 'layouts/default.j2' %}`
	`1`	`+{% extends 'layouts/default.html' %}`
`2`	`2`	`{% block content %}`
`3`	`3`	`<h1>Could not log you in.</h1>`
`4`	`4`	`<p class="form-text">401: Unauthorized</p>`