Merge pull request #75 from danielperna84/dev

0.2.5 -Added warning-logs for access failure -Added transparency to whitespace characters -Using external repository for Docker -Modify BANNED_IPS and ALLOWED_NETWORKS at runtime -Use relative paths in webserver, fixes Issue #60 -Added "Sesame" feature
danielperna84 · Jan 27, 2018 · df41878 · df41878
2 parents d875b31 + 2d45910
commit df41878
Show file tree

Hide file tree

Showing 5 changed files with 763 additions and 109 deletions.
diff --git a/README.md b/README.md
@@ -64,7 +64,9 @@ Set this variable to `True` to enable Git integration. This feature requires [Gi
 To push local commits to a remote repository, you have to add the remote manually: `git remote add origin ssh://somehost:/user/repo.git`  
 Verify, that the user that is running the configurator is allowed to push without any interaction (by using SSH PubKey authentication for example).
 #### DIRSFIRST (bool)
-if set to `true`, directories will be displayed at the top
+If set to `true`, directories will be displayed at the top.
+#### SESAME (string)
+If set to _somesecretkeynobodycanguess_, you can browse to `https://your.configurator:3218/somesecretkeynobodycanguess` from any IP, and it will be removed from the `BANNED_IPS` list (in case it has been banned before) and added to the `ALLOWED_NETWORKS` list. Once the request has been processed you will automatically be redirected to the configurator. Think of this as dynamically allowing access from untrusted IPs by providing a secret key (_open sesame!_). Keep in mind, that once the IP has been added, you will either have to restart the configurator or manually remove the IP through the _Newwork status_ to revoke access.
 
 __Note regarding `ALLOWED_NETWORKS`, `BANNED_IPS` and `BANLIMIT`__:  
 The way this is implemented works in the following order:
@@ -79,6 +81,25 @@ The way this is implemented works in the following order:
   - No: Return error 420
   - Yes: Continue and display UI of configurator
 
+### API
+
+Starting at version 0.2.5 you can add / remove IP addresses and networks from and to the `ALLOWED_NETWORKS` and `BANNED_IPS` lists at runtime. Keep in mind though, that these changes are not persistent and will be lost when the service is restarted. The API can be used through the UI in the _Network status_ menu or by sending POST requests. A possible use case could be programmatically allowing access from your dynamic public IP, which can be required for some setups involving SSL.
+
+#### API targets:
+
+- `api/allowed_networks`
+   #### Methods:
+   - `add`
+   - `remove`
+   #### Example:
+   - `curl -d "method=add&network=1.2.3.4" -X POST http://127.0.0.1:3218/api/allowed_networks`
+- `api/banned_ips`
+   #### Methods:
+   - `ban`
+   - `unban`
+   #### Example:
+   - Example: `curl -d "method=ban&ip=9.9.9.9" -X POST http://127.0.0.1:3218/api/banned_ips`
+
 ### Embedding into HASS
 HASS has the [panel_iframe](https://home-assistant.io/components/panel_iframe/) component. With this it is possible to embed the configurator directly into HASS, allowing you to modify your configuration through the HASS frontend.  
 An example configuration would look like this:

diff --git a/changelog.txt b/changelog.txt
@@ -1,7 +1,10 @@
-Version 0.2.5 (2018-)
+Version 0.2.5 (2018-01-25)
 - Added warning-logs for access failure @danielperna84
 - Added transparency to whitespace characters @danielperna84
 - Using external repository for Docker @Munsio
+- Modify BANNED_IPS and ALLOWED_NETWORKS at runtime @danielperna84
+- Use relative paths in webserver @danielperna84
+- Added "Sesame" feature @danielperna84
 
 Version 0.2.4 (2018-01-02)
 - Added YAML linting @AtoxIO