From 7297474469a4c2465726f961735e45ba667883bf Mon Sep 17 00:00:00 2001
From: Mateusz779 <mateusz.kedziora@mkedziora.pl>
Date: Fri, 21 Apr 2023 10:05:58 +0200
Subject: [PATCH] =?UTF-8?q?dodanie=20zabezpieczenia=20z=C5=82ego=20ip=20dl?=
 =?UTF-8?q?a=20vpn?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app.py               | 4 +++-
 templates/index.html | 7 ++++---
 utils.py             | 9 ++++++++-
 3 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/app.py b/app.py
index 649fe99..22cc29b 100644
--- a/app.py
+++ b/app.py
@@ -137,7 +137,7 @@ def delete(image_id):
         return jsonify(message="409")
     filename = db.get_conf_image_id(image_id)
     squashfs = os.path.join(app.config['UPLOAD_FOLDER'], filename)
-    pubkey = os.path.join(app.config['UPLOAD_FOLDER'], filename.split(".")[0])
+    pubkey = os.path.join(app.config['UPLOAD_FOLDER'], filename.split(".")[0]+".pub")
     if os.path.exists(squashfs):
         os.remove(squashfs)
     if os.path.exists(pubkey):
@@ -238,6 +238,8 @@ def add_ip():
     try:
         token = request.headers['token']
         ip = request.form['ip']
+        if utils.is_valid_ip_address(ip) is False:
+            return jsonify(message="400")
     except:
         return jsonify(message="400")
     if db.update_image_allocation_ip_vpn(token, ip) is not None:
diff --git a/templates/index.html b/templates/index.html
index e94d891..fe9d736 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -78,7 +78,7 @@
 						<td>{{ machine.start_time }}</td>
 						<td>{{ machine.ipvpn }}</td>
 						<td>{{ machine.iplocal }}</td>
-						<td><button class="btn btn-primary" onclick="ssh('{{ machine.ipvpn }}', '{{ machine.username }}', '{{ machine.password }}')">SSH</button></td>
+						<td><button class="btn btn-primary" onclick="ssh('{{ machine.ipvpn }}','{{machine.iplocal}}', '{{ machine.username }}', '{{ machine.password }}')">SSH</button></td>
 					</tr>
 				{% endfor %}
 			</tbody>
@@ -86,9 +86,10 @@
 	</div>
 
 	<script>
-		function ssh(ipvpn, username, password) {
+		function ssh(ipvpn, iplocal username, password) {
 			const currentLocation = window.location;
-			const newUrl = currentLocation.protocol + '//' + currentLocation.hostname + ':' + {{ ssh_port }} + "/?hostname="+ipvpn+"&username="+username+"&password="+btoa(password);
+			let ip = ipvpn != null ? ipvpn : iplocal;
+			const newUrl = currentLocation.protocol + '//' + currentLocation.hostname + ':' + {{ ssh_port }} + "/?hostname="+ip+"&username="+username+"&password="+btoa(password);
 			window.open(newUrl,"_blank");
 		}
 	</script>
diff --git a/utils.py b/utils.py
index b8c753d..5926e1a 100644
--- a/utils.py
+++ b/utils.py
@@ -9,7 +9,7 @@ import threading
 from time import sleep
 import db
 import config
-
+import ipaddress
 
 def generate_random_string(length):
     letters = string.ascii_letters
@@ -76,3 +76,10 @@ def init_threads():
     allocation_thread = threading.Thread(
         target=check_allocation_thread_function)
     allocation_thread.start()
+
+def is_valid_ip_address(ip: str) -> bool:
+    try:
+        ipaddress.IPv4Address(ip)
+        return True
+    except ipaddress.AddressValueError:
+        return False