diff --git a/README.md b/README.md
index a816d5b..2a7abc9 100644
--- a/README.md
+++ b/README.md
@@ -64,7 +64,9 @@ Set this variable to `True` to enable Git integration. This feature requires [Gi
To push local commits to a remote repository, you have to add the remote manually: `git remote add origin ssh://somehost:/user/repo.git`
Verify, that the user that is running the configurator is allowed to push without any interaction (by using SSH PubKey authentication for example).
#### DIRSFIRST (bool)
-if set to `true`, directories will be displayed at the top
+If set to `true`, directories will be displayed at the top.
+#### SESAME (string)
+If set to _somesecretkeynobodycanguess_, you can browse to `https://your.configurator:3218/somesecretkeynobodycanguess` from any IP, and it will be removed from the `BANNED_IPS` list (in case it has been banned before) and added to the `ALLOWED_NETWORKS` list. Once the request has been processed you will automatically be redirected to the configurator. Think of this as dynamically allowing access from untrusted IPs by providing a secret key (_open sesame!_). Keep in mind, that once the IP has been added, you will either have to restart the configurator or manually remove the IP through the _Newwork status_ to revoke access.
__Note regarding `ALLOWED_NETWORKS`, `BANNED_IPS` and `BANLIMIT`__:
The way this is implemented works in the following order:
@@ -79,6 +81,25 @@ The way this is implemented works in the following order:
- No: Return error 420
- Yes: Continue and display UI of configurator
+### API
+
+Starting at version 0.2.5 you can add / remove IP addresses and networks from and to the `ALLOWED_NETWORKS` and `BANNED_IPS` lists at runtime. Keep in mind though, that these changes are not persistent and will be lost when the service is restarted. The API can be used through the UI in the _Network status_ menu or by sending POST requests. A possible use case could be programmatically allowing access from your dynamic public IP, which can be required for some setups involving SSL.
+
+#### API targets:
+
+- `api/allowed_networks`
+ #### Methods:
+ - `add`
+ - `remove`
+ #### Example:
+ - `curl -d "method=add&network=1.2.3.4" -X POST http://127.0.0.1:3218/api/allowed_networks`
+- `api/banned_ips`
+ #### Methods:
+ - `ban`
+ - `unban`
+ #### Example:
+ - Example: `curl -d "method=ban&ip=9.9.9.9" -X POST http://127.0.0.1:3218/api/banned_ips`
+
### Embedding into HASS
HASS has the [panel_iframe](https://home-assistant.io/components/panel_iframe/) component. With this it is possible to embed the configurator directly into HASS, allowing you to modify your configuration through the HASS frontend.
An example configuration would look like this:
diff --git a/changelog.txt b/changelog.txt
index 0ba823a..502094c 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -1,7 +1,10 @@
-Version 0.2.5 (2018-)
+Version 0.2.5 (2018-01-25)
- Added warning-logs for access failure @danielperna84
- Added transparency to whitespace characters @danielperna84
- Using external repository for Docker @Munsio
+- Modify BANNED_IPS and ALLOWED_NETWORKS at runtime @danielperna84
+- Use relative paths in webserver @danielperna84
+- Added "Sesame" feature @danielperna84
Version 0.2.4 (2018-01-02)
- Added YAML linting @AtoxIO
diff --git a/configurator.py b/configurator.py
index fd60fca..7b56290 100755
--- a/configurator.py
+++ b/configurator.py
@@ -27,10 +27,11 @@
### Some options for you to change
LISTENIP = "0.0.0.0"
LISTENPORT = 3218
-# Set BASEPATH to something like "/home/hass/.homeassistant/" if you're not running the
-# configurator from that path
+# Set BASEPATH to something like "/home/hass/.homeassistant/" if you're not
+# running the configurator from that path
BASEPATH = None
-# Set the paths to a certificate and the key if you're using SSL, e.g "/etc/ssl/certs/mycert.pem"
+# Set the paths to a certificate and the key if you're using SSL,
+# e.g "/etc/ssl/certs/mycert.pem"
SSL_CERTIFICATE = None
SSL_KEY = None
# Set the destination where the HASS API is reachable
@@ -38,24 +39,27 @@
# If a password is required to access the API, set it in the form of "password"
# if you have HA ignoring SSL locally this is not needed if on same machine.
HASS_API_PASSWORD = None
-# To enable authentication, set the credentials in the form of "username:password"
+# Enable authentication, set the credentials in the form of "username:password"
CREDENTIALS = None
-# Limit access to the configurator by adding allowed IP addresses / networks to the list,
-# e.g ALLOWED_NETWORKS = ["192.168.0.0/24", "172.16.47.23"]
+# Limit access to the configurator by adding allowed IP addresses / networks to
+# the list, e.g ALLOWED_NETWORKS = ["192.168.0.0/24", "172.16.47.23"]
ALLOWED_NETWORKS = []
# List of statically banned IP addresses, e.g. ["1.1.1.1", "2.2.2.2"]
BANNED_IPS = []
-# Ban IPs after n failed login attempts. Restart service to reset banning. The default
-# of `0` disables this feature.
+# Ban IPs after n failed login attempts. Restart service to reset banning.
+# The default of `0` disables this feature.
BANLIMIT = 0
-# Enable git integration. GitPython (https://gitpython.readthedocs.io/en/stable/) has
-# to be installed.
+# Enable git integration.
+# GitPython (https://gitpython.readthedocs.io/en/stable/) has to be installed.
GIT = False
# Files to ignore in the UI. A good example list that cleans up the UI is
# [".*", "*.log", "deps", "icloud", "*.conf", "*.json", "certs", "__pycache__"]
IGNORE_PATTERN = []
# if DIRSFIRST is set to `true`, directories will be displayed at the top
DIRSFIRST = False
+# Sesame token. Browse to the configurator URL + /secrettoken to unban your
+# client IP and add it to the list of allowed IPs.
+SESAME = None
### End of options
LOGLEVEL = logging.INFO
@@ -63,10 +67,11 @@
LOG.setLevel(LOGLEVEL)
SO = logging.StreamHandler(sys.stdout)
SO.setLevel(LOGLEVEL)
-SO.setFormatter(logging.Formatter('%(levelname)s:%(asctime)s:%(name)s:%(message)s'))
+SO.setFormatter(
+ logging.Formatter('%(levelname)s:%(asctime)s:%(name)s:%(message)s'))
LOG.addHandler(SO)
RELEASEURL = "https://api.github.com/repos/danielperna84/hass-configurator/releases/latest"
-VERSION = "0.2.4"
+VERSION = "0.2.5"
BASEDIR = "."
DEV = False
HTTPD = None
@@ -299,8 +304,13 @@
}
.input-field input[type=text].valid {
- border-bottom: 1px solid #03a9f4;;
- box-shadow: 0 1px 0 0 #03a9f4;;
+ border-bottom: 1px solid #03a9f4 !important;
+ box-shadow: 0 1px 0 0 #03a9f4 !important;
+ }
+
+ .input-field input[type=text]:focus {
+ border-bottom: 1px solid #03a9f4 !important;
+ box-shadow: 0 1px 0 0 #03a9f4 !important;
}
.row .input-field input:focus {
@@ -325,16 +335,16 @@
}
.preloader-background {
- display: flex;
- align-items: center;
- justify-content: center;
- background-color: #eee;
+ display: flex;
+ align-items: center;
+ justify-content: center;
+ background-color: #eee;
position: fixed;
- z-index: 10000;
- top: 0;
- left: 0;
- right: 0;
- bottom: 0;
+ z-index: 10000;
+ top: 0;
+ left: 0;
+ right: 0;
+ bottom: 0;
}
.modal-content_nopad {
@@ -624,6 +634,7 @@
