Added working blacklist mechanism and UI

auth.go

@@ -93,6 +93,7 @@ func AuthSettingsInit() {
 		RequireAdmin: true,
 	})
 
+	adminRouter.HandleFunc("/system/auth/blacklist/enable", authAgent.BlacklistManager.HandleSetBlacklistEnable)
 	adminRouter.HandleFunc("/system/auth/blacklist/list", authAgent.BlacklistManager.HandleListBannedIPs)
 	adminRouter.HandleFunc("/system/auth/blacklist/ban", authAgent.BlacklistManager.HandleAddBannedIP)
 	adminRouter.HandleFunc("/system/auth/blacklist/unban", authAgent.BlacklistManager.HandleRemoveBannedIP)

mod/auth/blacklist/blacklist.go

@@ -3,6 +3,7 @@ package blacklist
 import (
 	"bytes"
 	"errors"
+	"log"
 	"net"
 	"strconv"
 	"strings"
@@ -28,8 +29,16 @@ type BlackList struct {
 func NewBlacklistManager(sysdb *db.Database) *BlackList {
 	sysdb.NewTable("ipblacklist")
 
+	blacklistEnabled := false
+	if sysdb.KeyExists("ipblacklist", "enable") {
+		err := sysdb.Read("ipblacklist", "enable", &blacklistEnabled)
+		if err != nil {
+			log.Println("[Auth/Blacklist] Unable to load previous enable state from database. Using default.")
+		}
+	}
+
 	return &BlackList{
-		Enabled:  true,
+		Enabled:  blacklistEnabled,
 		database: sysdb,
 	}
 }
@@ -61,6 +70,10 @@ func (bl *BlackList) ListBannedIpRanges() []string {
 	results := []string{}
 	for _, keypairs := range entries {
 		thisIpRange := keypairs[0]
+		if string(thisIpRange) == "enable" || validateIpRange(string(thisIpRange)) != nil {
+			//Reserved key field
+			continue
+		}
 		results = append(results, string(thisIpRange))
 	}
 	return results

mod/auth/blacklist/handler.go

@@ -47,7 +47,7 @@ func (bl *BlackList) HandleRemoveBannedIP(w http.ResponseWriter, r *http.Request
 }
 
 func (bl *BlackList) HandleSetBlacklistEnable(w http.ResponseWriter, r *http.Request) {
-	enableMode, _ := common.Mv(r, "enable", false)
+	enableMode, _ := common.Mv(r, "enable", true)
 	if enableMode == "" {
 		//Get the current blacklist status
 		js, _ := json.Marshal(bl.Enabled)
@@ -56,8 +56,12 @@ func (bl *BlackList) HandleSetBlacklistEnable(w http.ResponseWriter, r *http.Req
 	} else {
 		if strings.ToLower(enableMode) == "true" {
 			bl.Enabled = true
+			bl.database.Write("ipblacklist", "enable", true)
+			common.SendOK(w)
 		} else if strings.ToLower(enableMode) == "false" {
 			bl.Enabled = false
+			bl.database.Write("ipblacklist", "enable", false)
+			common.SendOK(w)
 		} else {
 			common.SendErrorResponse(w, "Invalid mode given")
 		}

web/SystemAO/security/accesscontrol.html

@@ -46,34 +46,41 @@
 
             <div class="ui divider"></div>
             <h3><i class="ui red remove icon"></i> Blacklist</h3>
-            <div class="ui black segment">
-                <h4>Usage</h4>
-                <p>Block certain IP or IP range from logging into the system. Syntax Examples:</p>
-                <div class="ui bulleted list">
-                    <div class="item">192.168.1.100</div>
-                    <div class="item">123.36.53.100</div>
-                    <div class="item">192.168.0.100 - 192.168.0.250</div>
-                </div>
-            </div>
             <div class="ui toggle checkbox">
-                <input type="checkbox" name="enableBlacklist">
+                <input type="checkbox" id="enableBlacklist" onchange="updateBlacklistEnableState(this.checked);">
                 <label>Enable Blacklist Filtering</label>
             </div>
+            <div class="ui inverted green segment" id="blacklistUpdateFeedback" style="display:none;">
+                <i class="ui checkmark icon"></i> Status Updated
+            </div>
+            <div class="ui basic segment">
+                <div class="ui grey message">
+                    <p>Block certain IP or IP range from logging into the system. Syntax Examples:</p>
+                    <div class="ui bulleted list">
+                        <div class="item">192.168.1.100</div>
+                        <div class="item">123.36.53.100</div>
+                        <div class="item">192.168.0.100 - 192.168.0.250</div>
+                    </div>
+                </div>
+
+                <p>Add or Edit new banned IP range</p>
+                <div class="ui action fluid input">
+                    <input type="text" id="blacklistIpRange" placeholder="192.168.1.100 - 192.168.1.250">
+                    <button class="ui red button" onclick="blacklistIpRange();"><i class="ui lock icon"></i> Ban</button>
+                </div>
 
-            <table class="ui celled table">
-                <thead>
-                  <tr><th>IP Range</th>
-                  <th>Edit</th>
-                  <th>Remove</th>
-                </tr></thead>
-                <tbody id="blacklisttable">
-                  <tr>
-                    <td data-label="Name">James</td>
-                    <td data-label="Age">24</td>
-                    <td data-label="Job">Engineer</td>
-                  </tr>
-                </tbody>
-              </table>
+                <table class="ui celled table">
+                    <thead>
+                        <tr><th>IP Range</th>
+                        <th>Unban</th>
+                    </tr></thead>
+                    <tbody id="blacklisttable">
+
+                    </tbody>
+                </table>
+            </div>
+          
+           
 
             <div class="ui divider"></div>
             <h3>Regional Block</h3>
@@ -82,13 +89,41 @@
     
     <script>
         //Init
+        var preloading = true;
+        $(".checkbox").checkbox();
         initBlacklist();
 
-        //Blacklist load
+        /*
+
+            Blacklist Related
+
+        */
         function initBlacklist(){
+            //Get the Blacklist enable state
+            $.get("../../system/auth/blacklist/enable", function(data){
+                if (data == true){
+                    //Blacklist is enabled
+                    $("#enableBlacklist").parent().checkbox("set checked");
+                }else{
+                    $("#enableBlacklist").parent().checkbox("set unchecked");
+                }
+
+                preloading = false;
+            });
+
+            //Get the Blacklist table
+            $("#blacklisttable").html(`<tr>
+                    <td colspan="3"><i class="loading spinner icon"></i> Loading</td>
+                </tr>`);
             $.get("../../system/auth/blacklist/list", function(data){
+                $("#blacklisttable").html('');
                 data.forEach(entry => {
-
+                    //Strip out all space from record
+                    displayEntry = entry.split(" ").join("");
+                    $("#blacklisttable").append(`<tr>
+                    <td>${displayEntry}</td>
+                    <td><button class="ui green icon button" onclick="removeBlacklistforIpRange(this);" range="${entry}"><i class="ui white lock open icon"></i></button></td>
+                  </tr>`);
                 })
 
                 if (data.length == 0){
@@ -98,6 +133,57 @@
                 }
             })
         }
+
+        function updateBlacklistEnableState(enabled){
+            if (preloading){
+                //Do not update status during preload stage
+                return;
+            }
+            $.ajax({
+                url: "../../system/auth/blacklist/enable",
+                method: "POST",
+                data: {enable: enabled},
+                success: function(data){
+                    $("#blacklistUpdateFeedback").stop().finish().slideDown("fast").delay(3000).slideUp("fast");
+                }
+            })
+        }
+
+        function blacklistIpRange(){
+            var targetIP = $("#blacklistIpRange").val();
+            $.ajax({
+                url: "../../system/auth/blacklist/ban",
+                method: "POST",
+                data: {iprange: targetIP},
+                success: function(data){
+                    if (data.error != undefined){
+                        alert(data.error);
+                    }else{
+                        $("#blacklistIpRange").val('')
+                        initBlacklist();
+                    }
+                    
+                }
+            });
+        }
+
+        function removeBlacklistforIpRange(object){
+            var unbanIpRange = $(object).attr("range");
+            $.ajax({
+                url: "../../system/auth/blacklist/unban",
+                method: "POST",
+                data: {iprange: unbanIpRange},
+                success: function(data){
+                    if (data.error != undefined){
+                        alert(data.error);
+                    }else{
+                        $("#blacklistIpRange").val('')
+                        initBlacklist();
+                    }
+                    
+                }
+            });
+        }
     </script>
 </body>
 </html>