128 lines
3.4 KiB
Python
128 lines
3.4 KiB
Python
|
from django.core.exceptions import ValidationError
|
||
|
from django.utils.translation import ugettext_lazy as _
|
||
|
|
||
|
from orchestra.utils.python import import_class
|
||
|
|
||
|
from . import settings
|
||
|
|
||
|
|
||
|
# TODO multiple and unique validation support in the formset
|
||
|
class SiteOption(object):
|
||
|
unique = True
|
||
|
|
||
|
def __init__(self, name, *args, **kwargs):
|
||
|
self.name = name
|
||
|
self.verbose_name = kwargs.pop('verbose_name', name)
|
||
|
self.help_text = kwargs.pop('help_text', '')
|
||
|
for k,v in kwargs.iteritems():
|
||
|
setattr(self, k, v)
|
||
|
|
||
|
def validate(self, website):
|
||
|
if self.regex and not re.match(self.regex, website.value):
|
||
|
raise ValidationError({
|
||
|
'value': ValidationError(_("'%(value)s' does not match %(regex)s."),
|
||
|
params={
|
||
|
'value': website.value,
|
||
|
'regex': self.regex
|
||
|
}),
|
||
|
})
|
||
|
|
||
|
|
||
|
directory_protection = SiteOption('directory_protection',
|
||
|
verbose_name=_("Directory protection"),
|
||
|
help_text=_("Space separated ..."),
|
||
|
regex=r'^([\w/_]+)\s+(\".*\")\s+([\w/_\.]+)$',
|
||
|
)
|
||
|
|
||
|
redirect = SiteOption('redirect',
|
||
|
verbose_name=_("Redirection"),
|
||
|
help_text=_("<tt><website path> <destination URL></tt>"),
|
||
|
regex=r'^[^ ]+\s[^ ]+$',
|
||
|
)
|
||
|
|
||
|
proxy = SiteOption('proxy',
|
||
|
verbose_name=_("Proxy"),
|
||
|
help_text=_("<tt><website path> <target URL></tt>"),
|
||
|
regex=r'^[^ ]+\shttp[^ ]+(timeout=[0-9]{1,3}|retry=[0-9]|\s)*$',
|
||
|
)
|
||
|
|
||
|
ssl_ca = SiteOption('ssl_ca',
|
||
|
verbose_name=_("SSL CA"),
|
||
|
help_text=_("Filesystem path of the CA certificate file."),
|
||
|
regex=r'^[^ ]+$'
|
||
|
)
|
||
|
|
||
|
ssl_cert = SiteOption('ssl_cert',
|
||
|
verbose_name=_("SSL cert"),
|
||
|
help_text=_("Filesystem path of the certificate file."),
|
||
|
regex=r'^[^ ]+$',
|
||
|
)
|
||
|
|
||
|
ssl_key = SiteOption('ssl_key',
|
||
|
verbose_name=_("SSL key"),
|
||
|
help_text=_("Filesystem path of the key file."),
|
||
|
regex=r'^[^ ]+$',
|
||
|
)
|
||
|
|
||
|
sec_rule_remove = SiteOption('sec_rule_remove',
|
||
|
verbose_name=_("SecRuleRemoveById"),
|
||
|
help_text=_("Space separated ModSecurity rule IDs."),
|
||
|
regex=r'^[0-9\s]+$',
|
||
|
)
|
||
|
|
||
|
sec_engine = SiteOption('sec_engine',
|
||
|
verbose_name=_("Modsecurity engine"),
|
||
|
help_text=_("<tt>On</tt> or <tt>Off</tt>, defaults to On"),
|
||
|
regex=r'^(On|Off)$',
|
||
|
)
|
||
|
|
||
|
user_group = SiteOption('user_group',
|
||
|
verbose_name=_("SuexecUserGroup"),
|
||
|
help_text=_("<tt>user [group]</tt>, username and optional groupname."),
|
||
|
# TODO validate existing user/group
|
||
|
regex=r'^[\w/_]+(\s[\w/_]+)*$',
|
||
|
)
|
||
|
|
||
|
error_document = SiteOption('error_document',
|
||
|
verbose_name=_("ErrorDocumentRoot"),
|
||
|
help_text=_("<error code> <URL/path/message><br>"
|
||
|
"<tt> 500 http://foo.example.com/cgi-bin/tester</tt><br>"
|
||
|
"<tt> 404 /cgi-bin/bad_urls.pl</tt><br>"
|
||
|
"<tt> 401 /subscription_info.html</tt><br>"
|
||
|
"<tt> 403 \"Sorry can't allow you access today\"</tt>"),
|
||
|
regex=r'[45]0[0-9]\s.*',
|
||
|
)
|
||
|
|
||
|
|
||
|
ssl = [
|
||
|
ssl_ca,
|
||
|
ssl_cert,
|
||
|
ssl_key,
|
||
|
]
|
||
|
|
||
|
sec = [
|
||
|
sec_rule_remove,
|
||
|
sec_engine,
|
||
|
]
|
||
|
|
||
|
httpd = [
|
||
|
directory_protection,
|
||
|
redirect,
|
||
|
proxy,
|
||
|
user_group,
|
||
|
error_document,
|
||
|
]
|
||
|
|
||
|
|
||
|
_enabled = None
|
||
|
|
||
|
def get_enabled():
|
||
|
global _enabled
|
||
|
if _enabled is None:
|
||
|
from . import settings
|
||
|
_enabled = {}
|
||
|
for op in settings.WEBSITES_ENABLED_OPTIONS:
|
||
|
op = import_class(op)
|
||
|
_enabled[op.name] = op
|
||
|
return _enabled
|