From aa3c0644570391caca12684ee4b4401b5e6c15d5 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Thu, 10 Nov 2022 20:38:03 +0100
Subject: [PATCH 01/42] INITIAL

---
 README.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..c09534e
--- /dev/null
+++ b/README.md
@@ -0,0 +1 @@
+# lare's autopeering implementation

From ba9e5139a6b9caa7b233d008bb0e4c7c8e091dca Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Thu, 10 Nov 2022 20:38:03 +0100
Subject: [PATCH 02/42] INITIAL

---
 README.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..c09534e
--- /dev/null
+++ b/README.md
@@ -0,0 +1 @@
+# lare's autopeering implementation

From 3bddf1715f26ac40d8219dfd9c249b44f2a7186c Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Thu, 10 Nov 2022 20:53:59 +0100
Subject: [PATCH 03/42] create folder structure and add READMEs

---
 nodes/readme.md        | 3 +++
 web/backend/readme.md  | 6 ++++++
 web/frontend/readme.md | 3 +++
 web/readme.md          | 3 +++
 4 files changed, 15 insertions(+)
 create mode 100644 nodes/readme.md
 create mode 100644 web/backend/readme.md
 create mode 100644 web/frontend/readme.md
 create mode 100644 web/readme.md

diff --git a/nodes/readme.md b/nodes/readme.md
new file mode 100644
index 0000000..10a783f
--- /dev/null
+++ b/nodes/readme.md
@@ -0,0 +1,3 @@
+## nodes daemon:
+
+Daemon running on the nodes which are enrolled in auto peering to configure said peerings 
diff --git a/web/backend/readme.md b/web/backend/readme.md
new file mode 100644
index 0000000..c1a8c06
--- /dev/null
+++ b/web/backend/readme.md
@@ -0,0 +1,6 @@
+### backend for autopeering:
+
+features:
+- validate Users wanting to peer -> Kioubit Authentication services or self implemented
+- allow users to add/modify/delete peerings
+- communicate with nodes so they configure the peerings 
diff --git a/web/frontend/readme.md b/web/frontend/readme.md
new file mode 100644
index 0000000..733460f
--- /dev/null
+++ b/web/frontend/readme.md
@@ -0,0 +1,3 @@
+### frontend for auto-peering
+files for webfrontend of the autopeering
+
diff --git a/web/readme.md b/web/readme.md
new file mode 100644
index 0000000..e3ed4ff
--- /dev/null
+++ b/web/readme.md
@@ -0,0 +1,3 @@
+## webserver and frontend for the server hosting the autopeering webinterface
+
+

From f5bd6b5a5f304bf1d0c0190a0d62c59205607b3f Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Thu, 10 Nov 2022 20:53:59 +0100
Subject: [PATCH 04/42] create folder structure and add READMEs

---
 nodes/readme.md        | 3 +++
 web/backend/readme.md  | 6 ++++++
 web/frontend/readme.md | 3 +++
 web/readme.md          | 3 +++
 4 files changed, 15 insertions(+)
 create mode 100644 nodes/readme.md
 create mode 100644 web/backend/readme.md
 create mode 100644 web/frontend/readme.md
 create mode 100644 web/readme.md

diff --git a/nodes/readme.md b/nodes/readme.md
new file mode 100644
index 0000000..10a783f
--- /dev/null
+++ b/nodes/readme.md
@@ -0,0 +1,3 @@
+## nodes daemon:
+
+Daemon running on the nodes which are enrolled in auto peering to configure said peerings 
diff --git a/web/backend/readme.md b/web/backend/readme.md
new file mode 100644
index 0000000..c1a8c06
--- /dev/null
+++ b/web/backend/readme.md
@@ -0,0 +1,6 @@
+### backend for autopeering:
+
+features:
+- validate Users wanting to peer -> Kioubit Authentication services or self implemented
+- allow users to add/modify/delete peerings
+- communicate with nodes so they configure the peerings 
diff --git a/web/frontend/readme.md b/web/frontend/readme.md
new file mode 100644
index 0000000..733460f
--- /dev/null
+++ b/web/frontend/readme.md
@@ -0,0 +1,3 @@
+### frontend for auto-peering
+files for webfrontend of the autopeering
+
diff --git a/web/readme.md b/web/readme.md
new file mode 100644
index 0000000..e3ed4ff
--- /dev/null
+++ b/web/readme.md
@@ -0,0 +1,3 @@
+## webserver and frontend for the server hosting the autopeering webinterface
+
+

From 6344dbb07f9d31627f581173a1aebdcad8105835 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Fri, 11 Nov 2022 20:17:37 +0100
Subject: [PATCH 05/42] add sample config.json + working webserver

---
 .gitignore                     |  2 ++
 web/backend/config.sample.json | 19 ++++++++++++
 web/backend/main.py            | 56 ++++++++++++++++++++++++++++++++++
 web/backend/templates          |  1 +
 web/frontend/index.html        | 17 +++++++++++
 web/frontend/static/style.css  |  4 +++
 6 files changed, 99 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 web/backend/config.sample.json
 create mode 100644 web/backend/main.py
 create mode 120000 web/backend/templates
 create mode 100644 web/frontend/index.html
 create mode 100644 web/frontend/static/style.css

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1b0e799
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+venv
+config.json
\ No newline at end of file
diff --git a/web/backend/config.sample.json b/web/backend/config.sample.json
new file mode 100644
index 0000000..6bd54b6
--- /dev/null
+++ b/web/backend/config.sample.json
@@ -0,0 +1,19 @@
+{
+    "nodes": {
+        "<nodename>": {
+            "pub-endpoint": "<clearnet-fqdn/ip-address>",
+            "api-con": "http://<node-(internal)-ip/hostname>:<port>/",
+
+            "comment": "/* from here: data to be displayed on the webinterface */",
+            "internal-v4": "172.2x.xxx.xxx",
+            "internal-v6": "fdxx:...",
+            "internal-v4ll": "169.254.xxx.xxx",
+            "internal-v6ll": "fe80::..."
+        }
+    },
+    "MNT": "YOUR-MNT", // your MNT tag
+    "listen": "0.0.0.0",
+    "port": 8042, 
+    "flask-debug": false, // optional; default false
+    "flask-template-dir": "../frontend/" // optional; default "../frontend"
+}
\ No newline at end of file
diff --git a/web/backend/main.py b/web/backend/main.py
new file mode 100644
index 0000000..648cdf3
--- /dev/null
+++ b/web/backend/main.py
@@ -0,0 +1,56 @@
+#! /usr/bin/env python3
+
+from flask import Flask, Response, redirect, render_template, request, session, abort
+import json, os
+
+app = Flask(__name__)
+
+class Config (dict):
+    def __init__(self, configfile:str = None):
+        if configfile:
+            self.configfile = configfile
+        else:
+            if os.path.exists("./config.json"): self.configfile = "./config.json"
+            elif os.path.exists("/etc/dn42-autopeer/config.json"): self.configfile = "/etc/dn42-autopeer/config,json"
+            else: raise FileNotFoundError("no config file found in ./config.json or /etc/dn42-autopeer/config.json")
+        self.load_config()
+        self.keys = self._config.keys
+        #self.__getitem__ = self._config.__getitem__
+        super().__init__(self)
+
+    def __delitem__(self, v):
+        raise NotImplementedError()
+        super().__delitem__(self,v)
+    def __getitem__(self, k):
+        return self._config[k]
+    def load_config(self):
+        with open(self.configfile) as cf:
+            try:
+                self._config = json.load(cf)
+            except json.decoder.JSONDecodeError:
+                raise SyntaxError(f"no valid JSON found in '{cf.name}'")
+        
+        if not "flask-template-dir" in self._config:
+            self._config["flask-template-dir"] = "../frontend" 
+        
+        if not "flask-debug" in self._config:
+            self._config["flask-debug"] = False 
+
+        print(self._config)
+
+
+config = Config()
+    
+@app.route("/")
+def index():
+    print(config)
+    return render_template("index.html", config=config)
+
+def main():
+    app.static_folder= config["flask-template-dir"]+"/static/"
+    app.template_folder=config["flask-template-dir"]
+    app.run(host=config["listen"], port=config["port"], debug=config["flask-debug"], threaded=True)
+
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file
diff --git a/web/backend/templates b/web/backend/templates
new file mode 120000
index 0000000..af28878
--- /dev/null
+++ b/web/backend/templates
@@ -0,0 +1 @@
+../frontend
\ No newline at end of file
diff --git a/web/frontend/index.html b/web/frontend/index.html
new file mode 100644
index 0000000..b3370b9
--- /dev/null
+++ b/web/frontend/index.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>{{config["MNT"]}} Autopeering</title>
+    <link rel="stylesheet" href="static/style.css">
+</head>
+<body>
+    <div class="content">
+        <div>{{config["MNT"]}}</div>
+        <div></div>
+        <div></div>
+    </div>
+</body>
+</html>
\ No newline at end of file
diff --git a/web/frontend/static/style.css b/web/frontend/static/style.css
new file mode 100644
index 0000000..cc56f0a
--- /dev/null
+++ b/web/frontend/static/style.css
@@ -0,0 +1,4 @@
+body {
+    color: wheat;
+    background-color: black;
+}
\ No newline at end of file

From 9cf41845a8580179d7abdcf549ff7eb2d6c753cf Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Fri, 11 Nov 2022 20:17:37 +0100
Subject: [PATCH 06/42] add sample config.json + working webserver

---
 .gitignore                     |  2 ++
 web/backend/config.sample.json | 19 ++++++++++++
 web/backend/main.py            | 56 ++++++++++++++++++++++++++++++++++
 web/backend/templates          |  1 +
 web/frontend/index.html        | 17 +++++++++++
 web/frontend/static/style.css  |  4 +++
 6 files changed, 99 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 web/backend/config.sample.json
 create mode 100644 web/backend/main.py
 create mode 120000 web/backend/templates
 create mode 100644 web/frontend/index.html
 create mode 100644 web/frontend/static/style.css

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1b0e799
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+venv
+config.json
\ No newline at end of file
diff --git a/web/backend/config.sample.json b/web/backend/config.sample.json
new file mode 100644
index 0000000..6bd54b6
--- /dev/null
+++ b/web/backend/config.sample.json
@@ -0,0 +1,19 @@
+{
+    "nodes": {
+        "<nodename>": {
+            "pub-endpoint": "<clearnet-fqdn/ip-address>",
+            "api-con": "http://<node-(internal)-ip/hostname>:<port>/",
+
+            "comment": "/* from here: data to be displayed on the webinterface */",
+            "internal-v4": "172.2x.xxx.xxx",
+            "internal-v6": "fdxx:...",
+            "internal-v4ll": "169.254.xxx.xxx",
+            "internal-v6ll": "fe80::..."
+        }
+    },
+    "MNT": "YOUR-MNT", // your MNT tag
+    "listen": "0.0.0.0",
+    "port": 8042, 
+    "flask-debug": false, // optional; default false
+    "flask-template-dir": "../frontend/" // optional; default "../frontend"
+}
\ No newline at end of file
diff --git a/web/backend/main.py b/web/backend/main.py
new file mode 100644
index 0000000..648cdf3
--- /dev/null
+++ b/web/backend/main.py
@@ -0,0 +1,56 @@
+#! /usr/bin/env python3
+
+from flask import Flask, Response, redirect, render_template, request, session, abort
+import json, os
+
+app = Flask(__name__)
+
+class Config (dict):
+    def __init__(self, configfile:str = None):
+        if configfile:
+            self.configfile = configfile
+        else:
+            if os.path.exists("./config.json"): self.configfile = "./config.json"
+            elif os.path.exists("/etc/dn42-autopeer/config.json"): self.configfile = "/etc/dn42-autopeer/config,json"
+            else: raise FileNotFoundError("no config file found in ./config.json or /etc/dn42-autopeer/config.json")
+        self.load_config()
+        self.keys = self._config.keys
+        #self.__getitem__ = self._config.__getitem__
+        super().__init__(self)
+
+    def __delitem__(self, v):
+        raise NotImplementedError()
+        super().__delitem__(self,v)
+    def __getitem__(self, k):
+        return self._config[k]
+    def load_config(self):
+        with open(self.configfile) as cf:
+            try:
+                self._config = json.load(cf)
+            except json.decoder.JSONDecodeError:
+                raise SyntaxError(f"no valid JSON found in '{cf.name}'")
+        
+        if not "flask-template-dir" in self._config:
+            self._config["flask-template-dir"] = "../frontend" 
+        
+        if not "flask-debug" in self._config:
+            self._config["flask-debug"] = False 
+
+        print(self._config)
+
+
+config = Config()
+    
+@app.route("/")
+def index():
+    print(config)
+    return render_template("index.html", config=config)
+
+def main():
+    app.static_folder= config["flask-template-dir"]+"/static/"
+    app.template_folder=config["flask-template-dir"]
+    app.run(host=config["listen"], port=config["port"], debug=config["flask-debug"], threaded=True)
+
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file
diff --git a/web/backend/templates b/web/backend/templates
new file mode 120000
index 0000000..af28878
--- /dev/null
+++ b/web/backend/templates
@@ -0,0 +1 @@
+../frontend
\ No newline at end of file
diff --git a/web/frontend/index.html b/web/frontend/index.html
new file mode 100644
index 0000000..b3370b9
--- /dev/null
+++ b/web/frontend/index.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>{{config["MNT"]}} Autopeering</title>
+    <link rel="stylesheet" href="static/style.css">
+</head>
+<body>
+    <div class="content">
+        <div>{{config["MNT"]}}</div>
+        <div></div>
+        <div></div>
+    </div>
+</body>
+</html>
\ No newline at end of file
diff --git a/web/frontend/static/style.css b/web/frontend/static/style.css
new file mode 100644
index 0000000..cc56f0a
--- /dev/null
+++ b/web/frontend/static/style.css
@@ -0,0 +1,4 @@
+body {
+    color: wheat;
+    background-color: black;
+}
\ No newline at end of file

From 9fa16e1ac93b63d4f2a4f95c33c43ddb4cd45181 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Sat, 12 Nov 2022 14:50:18 +0100
Subject: [PATCH 07/42] add signature verification module

- (the (test) signature allegedly has the wrong length?)
- add login route for main.py
---
 .gitignore                          |  3 +-
 .vscode/launch.json                 | 12 +++++++
 web/backend/config.sample.json      |  5 ++-
 web/backend/kioubit-auth-pubkey.pem |  6 ++++
 web/backend/kioubit_verify.py       | 49 +++++++++++++++++++++++++++++
 web/backend/main.py                 | 33 +++++++++++++++++--
 web/frontend/base.html              | 19 +++++++++++
 web/frontend/index.html             | 47 +++++++++++++++++----------
 web/frontend/login.html             | 17 ++++++++++
 web/frontend/static/style.css       | 46 +++++++++++++++++++++++++--
 web/requirements.txt                |  2 ++
 11 files changed, 215 insertions(+), 24 deletions(-)
 create mode 100644 .vscode/launch.json
 create mode 100644 web/backend/kioubit-auth-pubkey.pem
 create mode 100644 web/backend/kioubit_verify.py
 create mode 100644 web/frontend/base.html
 create mode 100644 web/frontend/login.html
 create mode 100644 web/requirements.txt

diff --git a/.gitignore b/.gitignore
index 1b0e799..c9c5d96 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 venv
-config.json
\ No newline at end of file
+config.json
+*.pyc
\ No newline at end of file
diff --git a/.vscode/launch.json b/.vscode/launch.json
new file mode 100644
index 0000000..6b05b4b
--- /dev/null
+++ b/.vscode/launch.json
@@ -0,0 +1,12 @@
+{
+  "configurations": [
+    {
+      "name": "Python: Current File",
+      "type": "python",
+      "request": "launch",
+      "program": "${file}",
+      "console": "integratedTerminal",
+      "justMyCode": false
+    }
+  ]
+}
diff --git a/web/backend/config.sample.json b/web/backend/config.sample.json
index 6bd54b6..f94bf6a 100644
--- a/web/backend/config.sample.json
+++ b/web/backend/config.sample.json
@@ -3,8 +3,10 @@
         "<nodename>": {
             "pub-endpoint": "<clearnet-fqdn/ip-address>",
             "api-con": "http://<node-(internal)-ip/hostname>:<port>/",
-
             "comment": "/* from here: data to be displayed on the webinterface */",
+            "country": "...", // Countrycode: 2 capital letters
+            "city": "...",
+            "wg-key": "...=", // pubkey of node
             "internal-v4": "172.2x.xxx.xxx",
             "internal-v6": "fdxx:...",
             "internal-v4ll": "169.254.xxx.xxx",
@@ -14,6 +16,7 @@
     "MNT": "YOUR-MNT", // your MNT tag
     "listen": "0.0.0.0",
     "port": 8042, 
+    "flask-secret-key": "<secret-please-replace>", // secret key for session cookies
     "flask-debug": false, // optional; default false
     "flask-template-dir": "../frontend/" // optional; default "../frontend"
 }
\ No newline at end of file
diff --git a/web/backend/kioubit-auth-pubkey.pem b/web/backend/kioubit-auth-pubkey.pem
new file mode 100644
index 0000000..759b589
--- /dev/null
+++ b/web/backend/kioubit-auth-pubkey.pem
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA4DCOlR4g94udKvu9+zKbwqxV/rjg
+7g/Ij91TnEqUhIBi3LBjBoykcSFnWBtXgnmrj0WxBt4vAj7YO5jCQZJMVeIALCcS
+Fkn447bsp6NdQzxTMQ8UYTPX/g7AzxEDOVtXfSBo/BiZF9LYPmm0zwk+y7ZmR8Kf
+02hEtJbbjN/GoD6Mq1c=
+-----END PUBLIC KEY-----
\ No newline at end of file
diff --git a/web/backend/kioubit_verify.py b/web/backend/kioubit_verify.py
new file mode 100644
index 0000000..371cf9d
--- /dev/null
+++ b/web/backend/kioubit_verify.py
@@ -0,0 +1,49 @@
+#! /usr/bin/env python3
+
+#import OpenSSL
+#from OpenSSL.crypto import load_publickey, FILETYPE_PEM, X509
+#from OpenSSL.crypto import verify as OpenSSL_verify
+import base64, os
+#from hashlib import sha512
+from Crypto.PublicKey import ECC
+from Crypto.Signature import DSS 
+import Crypto.Hash.SHA512 as SHA512
+#from hashlib import sha512 as SHA512
+
+PUBKEY_FILE = os.path.dirname(__file__)+"/kioubit-auth-pubkey.pem"
+
+class AuthVerifyer ():
+
+    def __init__(self,domain, pubkey=PUBKEY_FILE):
+        self.domain = domain
+        with open(pubkey) as pk:
+            pk_content = ""
+            for line in pk.readlines():
+                pk_content += line
+            print(pk_content)
+            self.pubkey = ECC.import_key(pk_content)
+            #self.pubkey.set_pubkey(
+            #    load_publickey(OpenSSL.crypto.FILETYPE_PEM, pk_content)
+            #)
+        
+        print(self.pubkey)
+        
+    def verify(self, params, signature):
+        # sig = base64.b64decode(signature)
+        # print(type(sig))
+        #OpenSSL_verify(self.pubkey, sig
+        #, base64.b64decode(params), "sha512")
+        h = SHA512.new()
+        h.update(base64.b64decode(params))
+        print(h.hexdigest())
+        verifier = DSS.new(self.pubkey, 'fips-186-3')
+        print(verifier.verify(h, signature))
+
+if __name__ == "__main__":
+    example_com_verifier = AuthVerifyer("example.com")
+    example_com_verifier.verify(
+        params="eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
+        signature="MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA=="
+        )
+#params = "eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI1NjI5NSwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=", 
+#signature = 'MIGHAkFy1m+9ahjIc5cJk/p+RiXJbhbWT5rPSJNg9Q3c8UTAM4F7lz2OqdWHw6GZN5NQgvqm6OB3Y751djYwCd54y2Kn4wJCAcBaOrtSclxkGIleVx183PhTnSr97r2F089PsDzNXIBvH5pYUwvJX7hG0op0f5tPm7fl12HOOrr8Q6kWW+XTrgGX'
diff --git a/web/backend/main.py b/web/backend/main.py
index 648cdf3..1e552e9 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -2,6 +2,7 @@
 
 from flask import Flask, Response, redirect, render_template, request, session, abort
 import json, os
+from functools import wraps
 
 app = Flask(__name__)
 
@@ -38,17 +39,43 @@ class Config (dict):
 
         print(self._config)
 
-
 config = Config()
+def auth_required():
+    def wrapper(f):
+        @wraps(f)
+        def decorated(*args, **kwargs):
+            if not "logged_in" in session:
+                return redirect(f"login?return={request.url}")
+            else:
+                return f(*args, **kwargs)
+        return decorated
+    return wrapper
+
+
+@app.route("/login",methods=["GET","POST"])
+def login():
+    if request.method == "GET":
+        session["return_url"] = request.args["return"]
+        return render_template("login.html", config=config, return_addr=request.args["return"])
+
+    #elif request.method == "POST":
+        
+@app.route("/peer", methods=["GET","POST"])
+@auth_required()
+def peer():
+    return request.args
     
 @app.route("/")
 def index():
-    print(config)
-    return render_template("index.html", config=config)
+    # print(config._config["nodes"])
+    # for node in config["nodes"].values():
+    #     print (node)
+    return render_template("index.html", config=config._config)
 
 def main():
     app.static_folder= config["flask-template-dir"]+"/static/"
     app.template_folder=config["flask-template-dir"]
+    app.secret_key = config["flask-secret-key"]
     app.run(host=config["listen"], port=config["port"], debug=config["flask-debug"], threaded=True)
 
 
diff --git a/web/frontend/base.html b/web/frontend/base.html
new file mode 100644
index 0000000..956236b
--- /dev/null
+++ b/web/frontend/base.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>{{config["MNT"]}} Autopeering</title>
+    <link rel="stylesheet" href="static/style.css">
+</head>
+<body>
+    <header class="flex">{{config["MNT"]}}</header>
+    <div class="content flex">{% block content %}{% endblock %}</div>
+    <footer class="flex">
+        <div></div>
+        <div></div>
+        <div> &#127279; LARE-MNT</div>
+    </footer>
+</body>
+</html>
\ No newline at end of file
diff --git a/web/frontend/index.html b/web/frontend/index.html
index b3370b9..cf8fbf5 100644
--- a/web/frontend/index.html
+++ b/web/frontend/index.html
@@ -1,17 +1,30 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>{{config["MNT"]}} Autopeering</title>
-    <link rel="stylesheet" href="static/style.css">
-</head>
-<body>
-    <div class="content">
-        <div>{{config["MNT"]}}</div>
-        <div></div>
-        <div></div>
-    </div>
-</body>
-</html>
\ No newline at end of file
+{% extends 'base.html' %}
+
+{% block content %}
+<div>
+    
+</div>
+<div>
+    
+</div>
+<div>
+    <table>
+        <thead>
+            <tr>
+                <th>Country</th>
+                <th>City</th>
+                <th>peerings</th>
+                <th>Peer!</th>
+            </tr>
+        </thead>
+        {% for node in config["nodes"] %} 
+        <tr>
+            <td>{{config["nodes"][node]["country"]}}</td>
+            <td>{{config["nodes"][node]["city"]}}</td>
+            <td></td>
+            <td><a href="peer?node={{node}}">peer</a></td>
+        </tr>
+        {% endfor %}
+    </table>
+</div>
+{% endblock %}
\ No newline at end of file
diff --git a/web/frontend/login.html b/web/frontend/login.html
new file mode 100644
index 0000000..631cb3b
--- /dev/null
+++ b/web/frontend/login.html
@@ -0,0 +1,17 @@
+{% extends 'base.html' %}
+
+{% block content %}
+
+<form action="https://dn42.g-load.eu/auth/">
+    <link rel="stylesheet" href="https://dn42.g-load.eu/auth/assets/button-font/auth.css"> 
+    <input type="hidden" id="return" name="return" value="{{return_addr}}">
+    <button type="submit" class="kioubit-btn kioubit-btn-primary kioubit-btn-dark kioubit-btn-main">
+    <span class="icon-kioubit-auth"></span>Authenticate with Kioubit.dn42
+    </button>
+</form>
+
+<form action="" method="post">
+    <input type="">
+</form>
+
+{% endblock %}
\ No newline at end of file
diff --git a/web/frontend/static/style.css b/web/frontend/static/style.css
index cc56f0a..f1af515 100644
--- a/web/frontend/static/style.css
+++ b/web/frontend/static/style.css
@@ -1,4 +1,46 @@
+:root {
+    --bg-color: #aaa;
+    --text-color: black;
+    --other-background: #444;
+}
+
 body {
-    color: wheat;
-    background-color: black;
+    margin: 0;
+    width: auto;
+    height: auto;
+    background-color: var(--bg-color);
+}
+
+header {
+    background-color: var(--other-background);
+    height: 50px;
+}
+.content {
+    width: 100%;
+    height: calc(100% - 55px);
+    margin: initial;
+}
+
+.flex {
+    display: flex;
+    flex-direction: column;
+}
+
+.flex>* {
+    flex-flow: column;
+    /* width: 1fr;
+    height: 1fr; */
+    /* background-color: aquamarine; */
+    margin: auto;
+}
+
+footer {
+    position: fixed;
+    bottom: 0;
+    width: 100%;
+    height: 40px;
+    background: var(--other-background);
+}
+footer.flex {
+    flex-direction: row;
 }
\ No newline at end of file
diff --git a/web/requirements.txt b/web/requirements.txt
new file mode 100644
index 0000000..7cf74ff
--- /dev/null
+++ b/web/requirements.txt
@@ -0,0 +1,2 @@
+Flask
+pyopenssl
\ No newline at end of file

From a1e25a9bdc6ad5390f49ffe18b0114ce3875c699 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Sat, 12 Nov 2022 14:50:18 +0100
Subject: [PATCH 08/42] add signature verification module

- (the (test) signature allegedly has the wrong length?)
- add login route for main.py
---
 .gitignore                          |  3 +-
 .vscode/launch.json                 | 12 +++++++
 web/backend/config.sample.json      |  5 ++-
 web/backend/kioubit-auth-pubkey.pem |  6 ++++
 web/backend/kioubit_verify.py       | 49 +++++++++++++++++++++++++++++
 web/backend/main.py                 | 33 +++++++++++++++++--
 web/frontend/base.html              | 19 +++++++++++
 web/frontend/index.html             | 47 +++++++++++++++++----------
 web/frontend/login.html             | 17 ++++++++++
 web/frontend/static/style.css       | 46 +++++++++++++++++++++++++--
 web/requirements.txt                |  2 ++
 11 files changed, 215 insertions(+), 24 deletions(-)
 create mode 100644 .vscode/launch.json
 create mode 100644 web/backend/kioubit-auth-pubkey.pem
 create mode 100644 web/backend/kioubit_verify.py
 create mode 100644 web/frontend/base.html
 create mode 100644 web/frontend/login.html
 create mode 100644 web/requirements.txt

diff --git a/.gitignore b/.gitignore
index 1b0e799..c9c5d96 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 venv
-config.json
\ No newline at end of file
+config.json
+*.pyc
\ No newline at end of file
diff --git a/.vscode/launch.json b/.vscode/launch.json
new file mode 100644
index 0000000..6b05b4b
--- /dev/null
+++ b/.vscode/launch.json
@@ -0,0 +1,12 @@
+{
+  "configurations": [
+    {
+      "name": "Python: Current File",
+      "type": "python",
+      "request": "launch",
+      "program": "${file}",
+      "console": "integratedTerminal",
+      "justMyCode": false
+    }
+  ]
+}
diff --git a/web/backend/config.sample.json b/web/backend/config.sample.json
index 6bd54b6..f94bf6a 100644
--- a/web/backend/config.sample.json
+++ b/web/backend/config.sample.json
@@ -3,8 +3,10 @@
         "<nodename>": {
             "pub-endpoint": "<clearnet-fqdn/ip-address>",
             "api-con": "http://<node-(internal)-ip/hostname>:<port>/",
-
             "comment": "/* from here: data to be displayed on the webinterface */",
+            "country": "...", // Countrycode: 2 capital letters
+            "city": "...",
+            "wg-key": "...=", // pubkey of node
             "internal-v4": "172.2x.xxx.xxx",
             "internal-v6": "fdxx:...",
             "internal-v4ll": "169.254.xxx.xxx",
@@ -14,6 +16,7 @@
     "MNT": "YOUR-MNT", // your MNT tag
     "listen": "0.0.0.0",
     "port": 8042, 
+    "flask-secret-key": "<secret-please-replace>", // secret key for session cookies
     "flask-debug": false, // optional; default false
     "flask-template-dir": "../frontend/" // optional; default "../frontend"
 }
\ No newline at end of file
diff --git a/web/backend/kioubit-auth-pubkey.pem b/web/backend/kioubit-auth-pubkey.pem
new file mode 100644
index 0000000..759b589
--- /dev/null
+++ b/web/backend/kioubit-auth-pubkey.pem
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA4DCOlR4g94udKvu9+zKbwqxV/rjg
+7g/Ij91TnEqUhIBi3LBjBoykcSFnWBtXgnmrj0WxBt4vAj7YO5jCQZJMVeIALCcS
+Fkn447bsp6NdQzxTMQ8UYTPX/g7AzxEDOVtXfSBo/BiZF9LYPmm0zwk+y7ZmR8Kf
+02hEtJbbjN/GoD6Mq1c=
+-----END PUBLIC KEY-----
\ No newline at end of file
diff --git a/web/backend/kioubit_verify.py b/web/backend/kioubit_verify.py
new file mode 100644
index 0000000..371cf9d
--- /dev/null
+++ b/web/backend/kioubit_verify.py
@@ -0,0 +1,49 @@
+#! /usr/bin/env python3
+
+#import OpenSSL
+#from OpenSSL.crypto import load_publickey, FILETYPE_PEM, X509
+#from OpenSSL.crypto import verify as OpenSSL_verify
+import base64, os
+#from hashlib import sha512
+from Crypto.PublicKey import ECC
+from Crypto.Signature import DSS 
+import Crypto.Hash.SHA512 as SHA512
+#from hashlib import sha512 as SHA512
+
+PUBKEY_FILE = os.path.dirname(__file__)+"/kioubit-auth-pubkey.pem"
+
+class AuthVerifyer ():
+
+    def __init__(self,domain, pubkey=PUBKEY_FILE):
+        self.domain = domain
+        with open(pubkey) as pk:
+            pk_content = ""
+            for line in pk.readlines():
+                pk_content += line
+            print(pk_content)
+            self.pubkey = ECC.import_key(pk_content)
+            #self.pubkey.set_pubkey(
+            #    load_publickey(OpenSSL.crypto.FILETYPE_PEM, pk_content)
+            #)
+        
+        print(self.pubkey)
+        
+    def verify(self, params, signature):
+        # sig = base64.b64decode(signature)
+        # print(type(sig))
+        #OpenSSL_verify(self.pubkey, sig
+        #, base64.b64decode(params), "sha512")
+        h = SHA512.new()
+        h.update(base64.b64decode(params))
+        print(h.hexdigest())
+        verifier = DSS.new(self.pubkey, 'fips-186-3')
+        print(verifier.verify(h, signature))
+
+if __name__ == "__main__":
+    example_com_verifier = AuthVerifyer("example.com")
+    example_com_verifier.verify(
+        params="eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
+        signature="MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA=="
+        )
+#params = "eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI1NjI5NSwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=", 
+#signature = 'MIGHAkFy1m+9ahjIc5cJk/p+RiXJbhbWT5rPSJNg9Q3c8UTAM4F7lz2OqdWHw6GZN5NQgvqm6OB3Y751djYwCd54y2Kn4wJCAcBaOrtSclxkGIleVx183PhTnSr97r2F089PsDzNXIBvH5pYUwvJX7hG0op0f5tPm7fl12HOOrr8Q6kWW+XTrgGX'
diff --git a/web/backend/main.py b/web/backend/main.py
index 648cdf3..1e552e9 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -2,6 +2,7 @@
 
 from flask import Flask, Response, redirect, render_template, request, session, abort
 import json, os
+from functools import wraps
 
 app = Flask(__name__)
 
@@ -38,17 +39,43 @@ class Config (dict):
 
         print(self._config)
 
-
 config = Config()
+def auth_required():
+    def wrapper(f):
+        @wraps(f)
+        def decorated(*args, **kwargs):
+            if not "logged_in" in session:
+                return redirect(f"login?return={request.url}")
+            else:
+                return f(*args, **kwargs)
+        return decorated
+    return wrapper
+
+
+@app.route("/login",methods=["GET","POST"])
+def login():
+    if request.method == "GET":
+        session["return_url"] = request.args["return"]
+        return render_template("login.html", config=config, return_addr=request.args["return"])
+
+    #elif request.method == "POST":
+        
+@app.route("/peer", methods=["GET","POST"])
+@auth_required()
+def peer():
+    return request.args
     
 @app.route("/")
 def index():
-    print(config)
-    return render_template("index.html", config=config)
+    # print(config._config["nodes"])
+    # for node in config["nodes"].values():
+    #     print (node)
+    return render_template("index.html", config=config._config)
 
 def main():
     app.static_folder= config["flask-template-dir"]+"/static/"
     app.template_folder=config["flask-template-dir"]
+    app.secret_key = config["flask-secret-key"]
     app.run(host=config["listen"], port=config["port"], debug=config["flask-debug"], threaded=True)
 
 
diff --git a/web/frontend/base.html b/web/frontend/base.html
new file mode 100644
index 0000000..956236b
--- /dev/null
+++ b/web/frontend/base.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>{{config["MNT"]}} Autopeering</title>
+    <link rel="stylesheet" href="static/style.css">
+</head>
+<body>
+    <header class="flex">{{config["MNT"]}}</header>
+    <div class="content flex">{% block content %}{% endblock %}</div>
+    <footer class="flex">
+        <div></div>
+        <div></div>
+        <div> &#127279; LARE-MNT</div>
+    </footer>
+</body>
+</html>
\ No newline at end of file
diff --git a/web/frontend/index.html b/web/frontend/index.html
index b3370b9..cf8fbf5 100644
--- a/web/frontend/index.html
+++ b/web/frontend/index.html
@@ -1,17 +1,30 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>{{config["MNT"]}} Autopeering</title>
-    <link rel="stylesheet" href="static/style.css">
-</head>
-<body>
-    <div class="content">
-        <div>{{config["MNT"]}}</div>
-        <div></div>
-        <div></div>
-    </div>
-</body>
-</html>
\ No newline at end of file
+{% extends 'base.html' %}
+
+{% block content %}
+<div>
+    
+</div>
+<div>
+    
+</div>
+<div>
+    <table>
+        <thead>
+            <tr>
+                <th>Country</th>
+                <th>City</th>
+                <th>peerings</th>
+                <th>Peer!</th>
+            </tr>
+        </thead>
+        {% for node in config["nodes"] %} 
+        <tr>
+            <td>{{config["nodes"][node]["country"]}}</td>
+            <td>{{config["nodes"][node]["city"]}}</td>
+            <td></td>
+            <td><a href="peer?node={{node}}">peer</a></td>
+        </tr>
+        {% endfor %}
+    </table>
+</div>
+{% endblock %}
\ No newline at end of file
diff --git a/web/frontend/login.html b/web/frontend/login.html
new file mode 100644
index 0000000..631cb3b
--- /dev/null
+++ b/web/frontend/login.html
@@ -0,0 +1,17 @@
+{% extends 'base.html' %}
+
+{% block content %}
+
+<form action="https://dn42.g-load.eu/auth/">
+    <link rel="stylesheet" href="https://dn42.g-load.eu/auth/assets/button-font/auth.css"> 
+    <input type="hidden" id="return" name="return" value="{{return_addr}}">
+    <button type="submit" class="kioubit-btn kioubit-btn-primary kioubit-btn-dark kioubit-btn-main">
+    <span class="icon-kioubit-auth"></span>Authenticate with Kioubit.dn42
+    </button>
+</form>
+
+<form action="" method="post">
+    <input type="">
+</form>
+
+{% endblock %}
\ No newline at end of file
diff --git a/web/frontend/static/style.css b/web/frontend/static/style.css
index cc56f0a..f1af515 100644
--- a/web/frontend/static/style.css
+++ b/web/frontend/static/style.css
@@ -1,4 +1,46 @@
+:root {
+    --bg-color: #aaa;
+    --text-color: black;
+    --other-background: #444;
+}
+
 body {
-    color: wheat;
-    background-color: black;
+    margin: 0;
+    width: auto;
+    height: auto;
+    background-color: var(--bg-color);
+}
+
+header {
+    background-color: var(--other-background);
+    height: 50px;
+}
+.content {
+    width: 100%;
+    height: calc(100% - 55px);
+    margin: initial;
+}
+
+.flex {
+    display: flex;
+    flex-direction: column;
+}
+
+.flex>* {
+    flex-flow: column;
+    /* width: 1fr;
+    height: 1fr; */
+    /* background-color: aquamarine; */
+    margin: auto;
+}
+
+footer {
+    position: fixed;
+    bottom: 0;
+    width: 100%;
+    height: 40px;
+    background: var(--other-background);
+}
+footer.flex {
+    flex-direction: row;
 }
\ No newline at end of file
diff --git a/web/requirements.txt b/web/requirements.txt
new file mode 100644
index 0000000..7cf74ff
--- /dev/null
+++ b/web/requirements.txt
@@ -0,0 +1,2 @@
+Flask
+pyopenssl
\ No newline at end of file

From e8c9c25a010ce62bfa1cb44823e09cfb27209f4e Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Sat, 12 Nov 2022 17:36:11 +0100
Subject: [PATCH 09/42] add "domain" option to config.json

add usages of the "domain" option
---
 web/backend/config.sample.json |  1 +
 web/backend/kioubit_verify.py  |  5 +++--
 web/backend/main.py            | 14 +++++++++++++-
 web/frontend/login.html        |  2 +-
 4 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/web/backend/config.sample.json b/web/backend/config.sample.json
index f94bf6a..be34908 100644
--- a/web/backend/config.sample.json
+++ b/web/backend/config.sample.json
@@ -16,6 +16,7 @@
     "MNT": "YOUR-MNT", // your MNT tag
     "listen": "0.0.0.0",
     "port": 8042, 
+    "domain": "example.org", // domain to use for kioubit verification service
     "flask-secret-key": "<secret-please-replace>", // secret key for session cookies
     "flask-debug": false, // optional; default false
     "flask-template-dir": "../frontend/" // optional; default "../frontend"
diff --git a/web/backend/kioubit_verify.py b/web/backend/kioubit_verify.py
index 371cf9d..fc8a031 100644
--- a/web/backend/kioubit_verify.py
+++ b/web/backend/kioubit_verify.py
@@ -35,9 +35,10 @@ class AuthVerifyer ():
         #, base64.b64decode(params), "sha512")
         h = SHA512.new()
         h.update(base64.b64decode(params))
-        print(h.hexdigest())
+        #print(h.hexdigest())
         verifier = DSS.new(self.pubkey, 'fips-186-3')
-        print(verifier.verify(h, signature))
+        valid = verifier.verify(h, signature)
+        return valid
 
 if __name__ == "__main__":
     example_com_verifier = AuthVerifyer("example.com")
diff --git a/web/backend/main.py b/web/backend/main.py
index 1e552e9..296d167 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -1,9 +1,11 @@
 #! /usr/bin/env python3
 
 from flask import Flask, Response, redirect, render_template, request, session, abort
-import json, os
+import json, os, base64
 from functools import wraps
 
+import kioubit_verify
+
 app = Flask(__name__)
 
 class Config (dict):
@@ -40,6 +42,7 @@ class Config (dict):
         print(self._config)
 
 config = Config()
+
 def auth_required():
     def wrapper(f):
         @wraps(f)
@@ -52,6 +55,15 @@ def auth_required():
     return wrapper
 
 
+kverifyer = kioubit_verify.AuthVerifyer(config["domain"])
+@app.route("/api/auth/kverify", methods=["GET", "POST"])
+def kioubit_auth():
+    params = request.args["params"]
+    signature = request.args["signature"]
+    print(base64.b64decode(params))
+    return str(kverifyer.verify(params, signature))
+
+
 @app.route("/login",methods=["GET","POST"])
 def login():
     if request.method == "GET":
diff --git a/web/frontend/login.html b/web/frontend/login.html
index 631cb3b..e5df8aa 100644
--- a/web/frontend/login.html
+++ b/web/frontend/login.html
@@ -4,7 +4,7 @@
 
 <form action="https://dn42.g-load.eu/auth/">
     <link rel="stylesheet" href="https://dn42.g-load.eu/auth/assets/button-font/auth.css"> 
-    <input type="hidden" id="return" name="return" value="{{return_addr}}">
+    <input type="hidden" id="return" name="return" value='{{"http://"+config["domain"]+"/api/auth/kverify"}}'>
     <button type="submit" class="kioubit-btn kioubit-btn-primary kioubit-btn-dark kioubit-btn-main">
     <span class="icon-kioubit-auth"></span>Authenticate with Kioubit.dn42
     </button>

From c600c59af84dae55ecbf754ea6c78e4bedf3d2b3 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Sat, 12 Nov 2022 17:36:11 +0100
Subject: [PATCH 10/42] add "domain" option to config.json

add usages of the "domain" option
---
 web/backend/config.sample.json |  1 +
 web/backend/kioubit_verify.py  |  5 +++--
 web/backend/main.py            | 14 +++++++++++++-
 web/frontend/login.html        |  2 +-
 4 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/web/backend/config.sample.json b/web/backend/config.sample.json
index f94bf6a..be34908 100644
--- a/web/backend/config.sample.json
+++ b/web/backend/config.sample.json
@@ -16,6 +16,7 @@
     "MNT": "YOUR-MNT", // your MNT tag
     "listen": "0.0.0.0",
     "port": 8042, 
+    "domain": "example.org", // domain to use for kioubit verification service
     "flask-secret-key": "<secret-please-replace>", // secret key for session cookies
     "flask-debug": false, // optional; default false
     "flask-template-dir": "../frontend/" // optional; default "../frontend"
diff --git a/web/backend/kioubit_verify.py b/web/backend/kioubit_verify.py
index 371cf9d..fc8a031 100644
--- a/web/backend/kioubit_verify.py
+++ b/web/backend/kioubit_verify.py
@@ -35,9 +35,10 @@ class AuthVerifyer ():
         #, base64.b64decode(params), "sha512")
         h = SHA512.new()
         h.update(base64.b64decode(params))
-        print(h.hexdigest())
+        #print(h.hexdigest())
         verifier = DSS.new(self.pubkey, 'fips-186-3')
-        print(verifier.verify(h, signature))
+        valid = verifier.verify(h, signature)
+        return valid
 
 if __name__ == "__main__":
     example_com_verifier = AuthVerifyer("example.com")
diff --git a/web/backend/main.py b/web/backend/main.py
index 1e552e9..296d167 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -1,9 +1,11 @@
 #! /usr/bin/env python3
 
 from flask import Flask, Response, redirect, render_template, request, session, abort
-import json, os
+import json, os, base64
 from functools import wraps
 
+import kioubit_verify
+
 app = Flask(__name__)
 
 class Config (dict):
@@ -40,6 +42,7 @@ class Config (dict):
         print(self._config)
 
 config = Config()
+
 def auth_required():
     def wrapper(f):
         @wraps(f)
@@ -52,6 +55,15 @@ def auth_required():
     return wrapper
 
 
+kverifyer = kioubit_verify.AuthVerifyer(config["domain"])
+@app.route("/api/auth/kverify", methods=["GET", "POST"])
+def kioubit_auth():
+    params = request.args["params"]
+    signature = request.args["signature"]
+    print(base64.b64decode(params))
+    return str(kverifyer.verify(params, signature))
+
+
 @app.route("/login",methods=["GET","POST"])
 def login():
     if request.method == "GET":
diff --git a/web/frontend/login.html b/web/frontend/login.html
index 631cb3b..e5df8aa 100644
--- a/web/frontend/login.html
+++ b/web/frontend/login.html
@@ -4,7 +4,7 @@
 
 <form action="https://dn42.g-load.eu/auth/">
     <link rel="stylesheet" href="https://dn42.g-load.eu/auth/assets/button-font/auth.css"> 
-    <input type="hidden" id="return" name="return" value="{{return_addr}}">
+    <input type="hidden" id="return" name="return" value='{{"http://"+config["domain"]+"/api/auth/kverify"}}'>
     <button type="submit" class="kioubit-btn kioubit-btn-primary kioubit-btn-dark kioubit-btn-main">
     <span class="icon-kioubit-auth"></span>Authenticate with Kioubit.dn42
     </button>

From b3051390331236da0806653bbbdf009e106559c4 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Sat, 12 Nov 2022 19:57:16 +0100
Subject: [PATCH 11/42] first (working) implementation of kioubit-auth

- verify(<x509-key>, signature=base64decode(<sig>), <params(base64)>)
---
 web/backend/kioubit_verify.py | 46 +++++++++++++++++------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/web/backend/kioubit_verify.py b/web/backend/kioubit_verify.py
index fc8a031..24cb8ec 100644
--- a/web/backend/kioubit_verify.py
+++ b/web/backend/kioubit_verify.py
@@ -1,14 +1,9 @@
 #! /usr/bin/env python3
 
-#import OpenSSL
-#from OpenSSL.crypto import load_publickey, FILETYPE_PEM, X509
-#from OpenSSL.crypto import verify as OpenSSL_verify
 import base64, os
-#from hashlib import sha512
-from Crypto.PublicKey import ECC
-from Crypto.Signature import DSS 
-import Crypto.Hash.SHA512 as SHA512
-#from hashlib import sha512 as SHA512
+from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509
+import OpenSSL
+
 
 PUBKEY_FILE = os.path.dirname(__file__)+"/kioubit-auth-pubkey.pem"
 
@@ -21,30 +16,35 @@ class AuthVerifyer ():
             for line in pk.readlines():
                 pk_content += line
             print(pk_content)
-            self.pubkey = ECC.import_key(pk_content)
-            #self.pubkey.set_pubkey(
-            #    load_publickey(OpenSSL.crypto.FILETYPE_PEM, pk_content)
-            #)
+        pkey = load_publickey(FILETYPE_PEM, pk_content)
+        self.x509 = X509()
+        self.x509.set_pubkey(pkey)
         
-        print(self.pubkey)
+        print(self.x509)
         
     def verify(self, params, signature):
-        # sig = base64.b64decode(signature)
         # print(type(sig))
         #OpenSSL_verify(self.pubkey, sig
         #, base64.b64decode(params), "sha512")
-        h = SHA512.new()
-        h.update(base64.b64decode(params))
+        sig = base64.b64decode(signature)
+        print(f"sig: {sig}")
+        print(f"params: {params}")
+        try:
+            verify(self.x509, sig, params, 'sha512')
+        except OpenSSL.crypto.Error:
+            return False, "Signature Failed"
+        #h = SHA512.new()
+        #h.update(base64.b64decode(params))
         #print(h.hexdigest())
-        verifier = DSS.new(self.pubkey, 'fips-186-3')
-        valid = verifier.verify(h, signature)
-        return valid
+        #verifier = DSS.new(self.pubkey, 'deterministic-rfc6979')
+        #valid = verifier.verify(h, base64.b64decode(signature))
+        return True, ""
 
 if __name__ == "__main__":
     example_com_verifier = AuthVerifyer("example.com")
-    example_com_verifier.verify(
-        params="eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
-        signature="MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA=="
-        )
+    print (example_com_verifier.verify(
+        params=b"eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
+        signature=b"MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA=="
+        ) )
 #params = "eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI1NjI5NSwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=", 
 #signature = 'MIGHAkFy1m+9ahjIc5cJk/p+RiXJbhbWT5rPSJNg9Q3c8UTAM4F7lz2OqdWHw6GZN5NQgvqm6OB3Y751djYwCd54y2Kn4wJCAcBaOrtSclxkGIleVx183PhTnSr97r2F089PsDzNXIBvH5pYUwvJX7hG0op0f5tPm7fl12HOOrr8Q6kWW+XTrgGX'

From 83e411bcc3a5fd53181ab533e8d20b1459f30990 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Sat, 12 Nov 2022 19:57:16 +0100
Subject: [PATCH 12/42] first (working) implementation of kioubit-auth

- verify(<x509-key>, signature=base64decode(<sig>), <params(base64)>)
---
 web/backend/kioubit_verify.py | 46 +++++++++++++++++------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/web/backend/kioubit_verify.py b/web/backend/kioubit_verify.py
index fc8a031..24cb8ec 100644
--- a/web/backend/kioubit_verify.py
+++ b/web/backend/kioubit_verify.py
@@ -1,14 +1,9 @@
 #! /usr/bin/env python3
 
-#import OpenSSL
-#from OpenSSL.crypto import load_publickey, FILETYPE_PEM, X509
-#from OpenSSL.crypto import verify as OpenSSL_verify
 import base64, os
-#from hashlib import sha512
-from Crypto.PublicKey import ECC
-from Crypto.Signature import DSS 
-import Crypto.Hash.SHA512 as SHA512
-#from hashlib import sha512 as SHA512
+from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509
+import OpenSSL
+
 
 PUBKEY_FILE = os.path.dirname(__file__)+"/kioubit-auth-pubkey.pem"
 
@@ -21,30 +16,35 @@ class AuthVerifyer ():
             for line in pk.readlines():
                 pk_content += line
             print(pk_content)
-            self.pubkey = ECC.import_key(pk_content)
-            #self.pubkey.set_pubkey(
-            #    load_publickey(OpenSSL.crypto.FILETYPE_PEM, pk_content)
-            #)
+        pkey = load_publickey(FILETYPE_PEM, pk_content)
+        self.x509 = X509()
+        self.x509.set_pubkey(pkey)
         
-        print(self.pubkey)
+        print(self.x509)
         
     def verify(self, params, signature):
-        # sig = base64.b64decode(signature)
         # print(type(sig))
         #OpenSSL_verify(self.pubkey, sig
         #, base64.b64decode(params), "sha512")
-        h = SHA512.new()
-        h.update(base64.b64decode(params))
+        sig = base64.b64decode(signature)
+        print(f"sig: {sig}")
+        print(f"params: {params}")
+        try:
+            verify(self.x509, sig, params, 'sha512')
+        except OpenSSL.crypto.Error:
+            return False, "Signature Failed"
+        #h = SHA512.new()
+        #h.update(base64.b64decode(params))
         #print(h.hexdigest())
-        verifier = DSS.new(self.pubkey, 'fips-186-3')
-        valid = verifier.verify(h, signature)
-        return valid
+        #verifier = DSS.new(self.pubkey, 'deterministic-rfc6979')
+        #valid = verifier.verify(h, base64.b64decode(signature))
+        return True, ""
 
 if __name__ == "__main__":
     example_com_verifier = AuthVerifyer("example.com")
-    example_com_verifier.verify(
-        params="eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
-        signature="MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA=="
-        )
+    print (example_com_verifier.verify(
+        params=b"eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
+        signature=b"MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA=="
+        ) )
 #params = "eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI1NjI5NSwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=", 
 #signature = 'MIGHAkFy1m+9ahjIc5cJk/p+RiXJbhbWT5rPSJNg9Q3c8UTAM4F7lz2OqdWHw6GZN5NQgvqm6OB3Y751djYwCd54y2Kn4wJCAcBaOrtSclxkGIleVx183PhTnSr97r2F089PsDzNXIBvH5pYUwvJX7hG0op0f5tPm7fl12HOOrr8Q6kWW+XTrgGX'

From 1770eeb201540cfc6816bc44f6403c5d121f6232 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Thu, 17 Nov 2022 06:43:43 +0100
Subject: [PATCH 13/42] add loading of MNT-data from kverify

---
 web/backend/kioubit_verify.py | 22 +++++++++-----
 web/backend/main.py           | 56 ++++++++++++++++++++++++++++-------
 web/frontend/base.html        |  9 ++++--
 web/frontend/index.html       |  2 ++
 web/frontend/login.html       |  9 +++++-
 web/frontend/peer.html        | 13 ++++++++
 web/frontend/static/style.css | 13 +++++++-
 7 files changed, 100 insertions(+), 24 deletions(-)
 create mode 100644 web/frontend/peer.html

diff --git a/web/backend/kioubit_verify.py b/web/backend/kioubit_verify.py
index 24cb8ec..1f9d3d2 100644
--- a/web/backend/kioubit_verify.py
+++ b/web/backend/kioubit_verify.py
@@ -1,8 +1,8 @@
 #! /usr/bin/env python3
 
-import base64, os
-from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509
+import base64, os, json, time
 import OpenSSL
+from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509
 
 
 PUBKEY_FILE = os.path.dirname(__file__)+"/kioubit-auth-pubkey.pem"
@@ -33,12 +33,18 @@ class AuthVerifyer ():
             verify(self.x509, sig, params, 'sha512')
         except OpenSSL.crypto.Error:
             return False, "Signature Failed"
-        #h = SHA512.new()
-        #h.update(base64.b64decode(params))
-        #print(h.hexdigest())
-        #verifier = DSS.new(self.pubkey, 'deterministic-rfc6979')
-        #valid = verifier.verify(h, base64.b64decode(signature))
-        return True, ""
+        
+        try:
+            user_data = json.loads(base64.b64decode(params))
+            if (time.time() - user_data["time"] )> 60:
+                return False, "Signature to old"
+        except json.decoder.JSONDecodeError:
+            # we shouldn't get here unless kioubit's service is misbehaving
+            return False, "invalid JSON"
+        except KeyError:
+            return False, "value not found in JSON"
+        print(user_data)
+        return True, user_data
 
 if __name__ == "__main__":
     example_com_verifier = AuthVerifyer("example.com")
diff --git a/web/backend/main.py b/web/backend/main.py
index 296d167..ff80c5f 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -47,7 +47,7 @@ def auth_required():
     def wrapper(f):
         @wraps(f)
         def decorated(*args, **kwargs):
-            if not "logged_in" in session:
+            if not "login" in session:
                 return redirect(f"login?return={request.url}")
             else:
                 return f(*args, **kwargs)
@@ -58,31 +58,65 @@ def auth_required():
 kverifyer = kioubit_verify.AuthVerifyer(config["domain"])
 @app.route("/api/auth/kverify", methods=["GET", "POST"])
 def kioubit_auth():
-    params = request.args["params"]
-    signature = request.args["signature"]
-    print(base64.b64decode(params))
-    return str(kverifyer.verify(params, signature))
+    try: 
+        params = request.args["params"]
+        signature = request.args["signature"]
+    except KeyError:
+        return render_template("login.html", session=session,config=config,return_addr=session["return_url"], msg='"params" or "signature" missing')
 
+    
+    success, msg = kverifyer.verify(params, signature)
+    try: print(base64.b64decode(params))
+    except: print("invalid Base64 data provided")
+    
+
+    if success:
+        session["user-data"] = msg
+        session["login"] = msg['mnt']
+        return redirect(session["return_url"])
+    else:
+        return render_template("login.html", session=session,config=config,return_addr=session["return_url"], msg=msg)
+
+@app.route("/logout")
+def logout():
+    session.clear()
+    return redirect("/")
 
 @app.route("/login",methods=["GET","POST"])
 def login():
     if request.method == "GET":
-        session["return_url"] = request.args["return"]
-        return render_template("login.html", config=config, return_addr=request.args["return"])
+        session["return_url"] = request.args["return"] if "return" in request.args else ""
+        
+        return render_template("login.html", session=session, config=config, return_addr=session["return_url"])
+    elif request.method == "POST":
+        if config["domain"] == "svc.burble.dn42:8042" and request.form["logincode"] and request.form["logincode"] == "eyJhc24iOjQyNDI0MjMwMzUsImFsbG93ZWQ0IjoiMTcyLjIyLjEyNS4xMjhcLzI2LDE3Mi4yMC4wLjgxXC8zMiIsImFsbG93ZWQ2IjoiZmQ2Mzo1ZDQwOjQ3ZTU6OlwvNDgsZmQ0MjpkNDI6ZDQyOjgxOjpcLzY0IiwibW50IjoiTEFSRS1NTlQifQo=":
+            print("abc")
+            user_data = json.loads(base64.b64decode(request.form["logincode"]))
+            session["login"] = user_data['mnt']
+            session["user-data"] = user_data
+        return redirect(request.args["return"])
 
-    #elif request.method == "POST":
         
 @app.route("/peer", methods=["GET","POST"])
 @auth_required()
 def peer():
-    return request.args
-    
+    if request.method == "GET":
+        if "node" in request.args and request.args["node"] in config["nodes"]:
+            return render_template("peer.html", config=config, selected_node=request.args["node"])
+            return str(config["nodes"][request.args["node"]])
+        else: return render_template("peer.html",  session=session,config=config)
+    elif request.method == "POST":
+        return "POST /peer"
+
+    else:
+        return 405
+
 @app.route("/")
 def index():
     # print(config._config["nodes"])
     # for node in config["nodes"].values():
     #     print (node)
-    return render_template("index.html", config=config._config)
+    return render_template("index.html",  session=session, config=config._config)
 
 def main():
     app.static_folder= config["flask-template-dir"]+"/static/"
diff --git a/web/frontend/base.html b/web/frontend/base.html
index 956236b..ffd4327 100644
--- a/web/frontend/base.html
+++ b/web/frontend/base.html
@@ -5,11 +5,14 @@
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>{{config["MNT"]}} Autopeering</title>
-    <link rel="stylesheet" href="static/style.css">
+    <link rel="stylesheet" href="/static/style.css">
 </head>
 <body>
-    <header class="flex">{{config["MNT"]}}</header>
-    <div class="content flex">{% block content %}{% endblock %}</div>
+    <header class="flex flex-row"><div></div><a href="/">{{config["MNT"]}} Autopeering</a>{% if "login" in session %}<a href="/logout">logout</a>{% else %} <a href="/login?return=/peer">login</a>{%endif%}</header>
+    <div class="content flex">
+        {% block content %}
+        {% endblock %}
+    </div>
     <footer class="flex">
         <div></div>
         <div></div>
diff --git a/web/frontend/index.html b/web/frontend/index.html
index cf8fbf5..02c0b1f 100644
--- a/web/frontend/index.html
+++ b/web/frontend/index.html
@@ -11,6 +11,7 @@
     <table>
         <thead>
             <tr>
+                <th>NodeName</th>
                 <th>Country</th>
                 <th>City</th>
                 <th>peerings</th>
@@ -19,6 +20,7 @@
         </thead>
         {% for node in config["nodes"] %} 
         <tr>
+            <td>{{node}}</td>
             <td>{{config["nodes"][node]["country"]}}</td>
             <td>{{config["nodes"][node]["city"]}}</td>
             <td></td>
diff --git a/web/frontend/login.html b/web/frontend/login.html
index e5df8aa..cb176bf 100644
--- a/web/frontend/login.html
+++ b/web/frontend/login.html
@@ -2,6 +2,12 @@
 
 {% block content %}
 
+{% if msg %}
+<div style="background-color: red;">
+    {{msg}}
+</div>
+{% endif %}
+
 <form action="https://dn42.g-load.eu/auth/">
     <link rel="stylesheet" href="https://dn42.g-load.eu/auth/assets/button-font/auth.css"> 
     <input type="hidden" id="return" name="return" value='{{"http://"+config["domain"]+"/api/auth/kverify"}}'>
@@ -11,7 +17,8 @@
 </form>
 
 <form action="" method="post">
-    <input type="">
+    <input type="text" name="logincode" id="logincode">
+    <input type="submit" value="submit">
 </form>
 
 {% endblock %}
\ No newline at end of file
diff --git a/web/frontend/peer.html b/web/frontend/peer.html
new file mode 100644
index 0000000..26a236a
--- /dev/null
+++ b/web/frontend/peer.html
@@ -0,0 +1,13 @@
+{% extends 'base.html' %}
+
+{% block content %}
+
+<form action="peer" method="post">
+    <select name="node" id="node">
+        {% for node in config["nodes"] %}
+            <option value="{{node}}" {% if selected_node %}{% if selected_node == node %}selected{% endif %}{% endif %} >{{node}}</option>
+        {% endfor %}
+    </select>
+</form>
+
+{% endblock %}
\ No newline at end of file
diff --git a/web/frontend/static/style.css b/web/frontend/static/style.css
index f1af515..0cf0b2c 100644
--- a/web/frontend/static/style.css
+++ b/web/frontend/static/style.css
@@ -2,6 +2,7 @@
     --bg-color: #aaa;
     --text-color: black;
     --other-background: #444;
+    /* --accent-color: ; */
 }
 
 body {
@@ -15,16 +16,26 @@ header {
     background-color: var(--other-background);
     height: 50px;
 }
+a {
+    color: var(--text-color);
+}
+
 .content {
     width: 100%;
     height: calc(100% - 55px);
-    margin: initial;
+    margin: auto;
+}
+.content>* {
+    padding: 5%;
 }
 
 .flex {
     display: flex;
     flex-direction: column;
 }
+.flex-row {
+    flex-direction: row;
+}
 
 .flex>* {
     flex-flow: column;

From 9476ec4f63c9803008944946140ec5401678414b Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Thu, 17 Nov 2022 06:43:43 +0100
Subject: [PATCH 14/42] add loading of MNT-data from kverify

---
 web/backend/kioubit_verify.py | 22 +++++++++-----
 web/backend/main.py           | 56 ++++++++++++++++++++++++++++-------
 web/frontend/base.html        |  9 ++++--
 web/frontend/index.html       |  2 ++
 web/frontend/login.html       |  9 +++++-
 web/frontend/peer.html        | 13 ++++++++
 web/frontend/static/style.css | 13 +++++++-
 7 files changed, 100 insertions(+), 24 deletions(-)
 create mode 100644 web/frontend/peer.html

diff --git a/web/backend/kioubit_verify.py b/web/backend/kioubit_verify.py
index 24cb8ec..1f9d3d2 100644
--- a/web/backend/kioubit_verify.py
+++ b/web/backend/kioubit_verify.py
@@ -1,8 +1,8 @@
 #! /usr/bin/env python3
 
-import base64, os
-from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509
+import base64, os, json, time
 import OpenSSL
+from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509
 
 
 PUBKEY_FILE = os.path.dirname(__file__)+"/kioubit-auth-pubkey.pem"
@@ -33,12 +33,18 @@ class AuthVerifyer ():
             verify(self.x509, sig, params, 'sha512')
         except OpenSSL.crypto.Error:
             return False, "Signature Failed"
-        #h = SHA512.new()
-        #h.update(base64.b64decode(params))
-        #print(h.hexdigest())
-        #verifier = DSS.new(self.pubkey, 'deterministic-rfc6979')
-        #valid = verifier.verify(h, base64.b64decode(signature))
-        return True, ""
+        
+        try:
+            user_data = json.loads(base64.b64decode(params))
+            if (time.time() - user_data["time"] )> 60:
+                return False, "Signature to old"
+        except json.decoder.JSONDecodeError:
+            # we shouldn't get here unless kioubit's service is misbehaving
+            return False, "invalid JSON"
+        except KeyError:
+            return False, "value not found in JSON"
+        print(user_data)
+        return True, user_data
 
 if __name__ == "__main__":
     example_com_verifier = AuthVerifyer("example.com")
diff --git a/web/backend/main.py b/web/backend/main.py
index 296d167..ff80c5f 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -47,7 +47,7 @@ def auth_required():
     def wrapper(f):
         @wraps(f)
         def decorated(*args, **kwargs):
-            if not "logged_in" in session:
+            if not "login" in session:
                 return redirect(f"login?return={request.url}")
             else:
                 return f(*args, **kwargs)
@@ -58,31 +58,65 @@ def auth_required():
 kverifyer = kioubit_verify.AuthVerifyer(config["domain"])
 @app.route("/api/auth/kverify", methods=["GET", "POST"])
 def kioubit_auth():
-    params = request.args["params"]
-    signature = request.args["signature"]
-    print(base64.b64decode(params))
-    return str(kverifyer.verify(params, signature))
+    try: 
+        params = request.args["params"]
+        signature = request.args["signature"]
+    except KeyError:
+        return render_template("login.html", session=session,config=config,return_addr=session["return_url"], msg='"params" or "signature" missing')
 
+    
+    success, msg = kverifyer.verify(params, signature)
+    try: print(base64.b64decode(params))
+    except: print("invalid Base64 data provided")
+    
+
+    if success:
+        session["user-data"] = msg
+        session["login"] = msg['mnt']
+        return redirect(session["return_url"])
+    else:
+        return render_template("login.html", session=session,config=config,return_addr=session["return_url"], msg=msg)
+
+@app.route("/logout")
+def logout():
+    session.clear()
+    return redirect("/")
 
 @app.route("/login",methods=["GET","POST"])
 def login():
     if request.method == "GET":
-        session["return_url"] = request.args["return"]
-        return render_template("login.html", config=config, return_addr=request.args["return"])
+        session["return_url"] = request.args["return"] if "return" in request.args else ""
+        
+        return render_template("login.html", session=session, config=config, return_addr=session["return_url"])
+    elif request.method == "POST":
+        if config["domain"] == "svc.burble.dn42:8042" and request.form["logincode"] and request.form["logincode"] == "eyJhc24iOjQyNDI0MjMwMzUsImFsbG93ZWQ0IjoiMTcyLjIyLjEyNS4xMjhcLzI2LDE3Mi4yMC4wLjgxXC8zMiIsImFsbG93ZWQ2IjoiZmQ2Mzo1ZDQwOjQ3ZTU6OlwvNDgsZmQ0MjpkNDI6ZDQyOjgxOjpcLzY0IiwibW50IjoiTEFSRS1NTlQifQo=":
+            print("abc")
+            user_data = json.loads(base64.b64decode(request.form["logincode"]))
+            session["login"] = user_data['mnt']
+            session["user-data"] = user_data
+        return redirect(request.args["return"])
 
-    #elif request.method == "POST":
         
 @app.route("/peer", methods=["GET","POST"])
 @auth_required()
 def peer():
-    return request.args
-    
+    if request.method == "GET":
+        if "node" in request.args and request.args["node"] in config["nodes"]:
+            return render_template("peer.html", config=config, selected_node=request.args["node"])
+            return str(config["nodes"][request.args["node"]])
+        else: return render_template("peer.html",  session=session,config=config)
+    elif request.method == "POST":
+        return "POST /peer"
+
+    else:
+        return 405
+
 @app.route("/")
 def index():
     # print(config._config["nodes"])
     # for node in config["nodes"].values():
     #     print (node)
-    return render_template("index.html", config=config._config)
+    return render_template("index.html",  session=session, config=config._config)
 
 def main():
     app.static_folder= config["flask-template-dir"]+"/static/"
diff --git a/web/frontend/base.html b/web/frontend/base.html
index 956236b..ffd4327 100644
--- a/web/frontend/base.html
+++ b/web/frontend/base.html
@@ -5,11 +5,14 @@
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>{{config["MNT"]}} Autopeering</title>
-    <link rel="stylesheet" href="static/style.css">
+    <link rel="stylesheet" href="/static/style.css">
 </head>
 <body>
-    <header class="flex">{{config["MNT"]}}</header>
-    <div class="content flex">{% block content %}{% endblock %}</div>
+    <header class="flex flex-row"><div></div><a href="/">{{config["MNT"]}} Autopeering</a>{% if "login" in session %}<a href="/logout">logout</a>{% else %} <a href="/login?return=/peer">login</a>{%endif%}</header>
+    <div class="content flex">
+        {% block content %}
+        {% endblock %}
+    </div>
     <footer class="flex">
         <div></div>
         <div></div>
diff --git a/web/frontend/index.html b/web/frontend/index.html
index cf8fbf5..02c0b1f 100644
--- a/web/frontend/index.html
+++ b/web/frontend/index.html
@@ -11,6 +11,7 @@
     <table>
         <thead>
             <tr>
+                <th>NodeName</th>
                 <th>Country</th>
                 <th>City</th>
                 <th>peerings</th>
@@ -19,6 +20,7 @@
         </thead>
         {% for node in config["nodes"] %} 
         <tr>
+            <td>{{node}}</td>
             <td>{{config["nodes"][node]["country"]}}</td>
             <td>{{config["nodes"][node]["city"]}}</td>
             <td></td>
diff --git a/web/frontend/login.html b/web/frontend/login.html
index e5df8aa..cb176bf 100644
--- a/web/frontend/login.html
+++ b/web/frontend/login.html
@@ -2,6 +2,12 @@
 
 {% block content %}
 
+{% if msg %}
+<div style="background-color: red;">
+    {{msg}}
+</div>
+{% endif %}
+
 <form action="https://dn42.g-load.eu/auth/">
     <link rel="stylesheet" href="https://dn42.g-load.eu/auth/assets/button-font/auth.css"> 
     <input type="hidden" id="return" name="return" value='{{"http://"+config["domain"]+"/api/auth/kverify"}}'>
@@ -11,7 +17,8 @@
 </form>
 
 <form action="" method="post">
-    <input type="">
+    <input type="text" name="logincode" id="logincode">
+    <input type="submit" value="submit">
 </form>
 
 {% endblock %}
\ No newline at end of file
diff --git a/web/frontend/peer.html b/web/frontend/peer.html
new file mode 100644
index 0000000..26a236a
--- /dev/null
+++ b/web/frontend/peer.html
@@ -0,0 +1,13 @@
+{% extends 'base.html' %}
+
+{% block content %}
+
+<form action="peer" method="post">
+    <select name="node" id="node">
+        {% for node in config["nodes"] %}
+            <option value="{{node}}" {% if selected_node %}{% if selected_node == node %}selected{% endif %}{% endif %} >{{node}}</option>
+        {% endfor %}
+    </select>
+</form>
+
+{% endblock %}
\ No newline at end of file
diff --git a/web/frontend/static/style.css b/web/frontend/static/style.css
index f1af515..0cf0b2c 100644
--- a/web/frontend/static/style.css
+++ b/web/frontend/static/style.css
@@ -2,6 +2,7 @@
     --bg-color: #aaa;
     --text-color: black;
     --other-background: #444;
+    /* --accent-color: ; */
 }
 
 body {
@@ -15,16 +16,26 @@ header {
     background-color: var(--other-background);
     height: 50px;
 }
+a {
+    color: var(--text-color);
+}
+
 .content {
     width: 100%;
     height: calc(100% - 55px);
-    margin: initial;
+    margin: auto;
+}
+.content>* {
+    padding: 5%;
 }
 
 .flex {
     display: flex;
     flex-direction: column;
 }
+.flex-row {
+    flex-direction: row;
+}
 
 .flex>* {
     flex-flow: column;

From c1663e42cc03236d1b3239e3f62f07f5e8f87e46 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Thu, 17 Nov 2022 07:20:03 +0100
Subject: [PATCH 15/42] add/change conf-file options; add debug login

---
 web/backend/config.sample.json | 11 ++++++-----
 web/backend/main.py            |  9 +++++----
 web/frontend/base.html         |  4 ++--
 web/frontend/login.html        | 13 ++++++++++---
 4 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/web/backend/config.sample.json b/web/backend/config.sample.json
index be34908..cb7625b 100644
--- a/web/backend/config.sample.json
+++ b/web/backend/config.sample.json
@@ -1,13 +1,13 @@
 {
     "nodes": {
         "<nodename>": {
-            "pub-endpoint": "<clearnet-fqdn/ip-address>",
-            "api-con": "http://<node-(internal)-ip/hostname>:<port>/",
+            "pub-endpoint": "<clearnet-fqdn/ip-address>", //optional, recommended
+            "api-con": "http://<node-(internal)-ip/hostname>:<port>/", // required
             "comment": "/* from here: data to be displayed on the webinterface */",
             "country": "...", // Countrycode: 2 capital letters
             "city": "...",
-            "wg-key": "...=", // pubkey of node
-            "internal-v4": "172.2x.xxx.xxx",
+            "wg-key": "...=", // pubkey of node; required
+            "internal-v4": "172.2x.xxx.xxx", //at least one ipv{4,6} addr required
             "internal-v6": "fdxx:...",
             "internal-v4ll": "169.254.xxx.xxx",
             "internal-v6ll": "fe80::..."
@@ -17,7 +17,8 @@
     "listen": "0.0.0.0",
     "port": 8042, 
     "domain": "example.org", // domain to use for kioubit verification service
+    "base-dir": "/", //optional:directury for which it is reachable (if behind some sort of reverse proxy) default "/"
+    "debug-mode": false, // optional; whethet to enable debugging; default false
     "flask-secret-key": "<secret-please-replace>", // secret key for session cookies
-    "flask-debug": false, // optional; default false
     "flask-template-dir": "../frontend/" // optional; default "../frontend"
 }
\ No newline at end of file
diff --git a/web/backend/main.py b/web/backend/main.py
index ff80c5f..76c91ba 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -36,9 +36,10 @@ class Config (dict):
         if not "flask-template-dir" in self._config:
             self._config["flask-template-dir"] = "../frontend" 
         
-        if not "flask-debug" in self._config:
-            self._config["flask-debug"] = False 
-
+        if not "debug-mode" in self._config:
+            self._config["debug-mode"] = False 
+        if not "base-dir" in self._config:
+            self._config["base-dir"] = "/"
         print(self._config)
 
 config = Config()
@@ -122,7 +123,7 @@ def main():
     app.static_folder= config["flask-template-dir"]+"/static/"
     app.template_folder=config["flask-template-dir"]
     app.secret_key = config["flask-secret-key"]
-    app.run(host=config["listen"], port=config["port"], debug=config["flask-debug"], threaded=True)
+    app.run(host=config["listen"], port=config["port"], debug=config["debug-mode"], threaded=True)
 
 
 if __name__ == "__main__":
diff --git a/web/frontend/base.html b/web/frontend/base.html
index ffd4327..b1b1d8a 100644
--- a/web/frontend/base.html
+++ b/web/frontend/base.html
@@ -5,10 +5,10 @@
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>{{config["MNT"]}} Autopeering</title>
-    <link rel="stylesheet" href="/static/style.css">
+    <link rel="stylesheet" href="{{config['base-dir']}}static/style.css">
 </head>
 <body>
-    <header class="flex flex-row"><div></div><a href="/">{{config["MNT"]}} Autopeering</a>{% if "login" in session %}<a href="/logout">logout</a>{% else %} <a href="/login?return=/peer">login</a>{%endif%}</header>
+    <header class="flex flex-row"><div></div><a href="{{config['base-dir']}}">{{config["MNT"]}} Autopeering</a>{% if "login" in session %}<a href="{{config['base-dir']}}logout">logout</a>{% else %} <a href="{{config['base-dir']}}login?return=/peer">login</a>{%endif%}</header>
     <div class="content flex">
         {% block content %}
         {% endblock %}
diff --git a/web/frontend/login.html b/web/frontend/login.html
index cb176bf..eaa4afb 100644
--- a/web/frontend/login.html
+++ b/web/frontend/login.html
@@ -16,9 +16,16 @@
     </button>
 </form>
 
-<form action="" method="post">
-    <input type="text" name="logincode" id="logincode">
-    <input type="submit" value="submit">
+{% if config["debug-mode"] %}
+<form action="" method="post" class="flex">
+    <label for="debug">Debug login, if you see this in Production contact {{config["MNT"]}}</label><br>
+    <input type="text" name="mnt" id="mnt" placeholder="YOUR-MNT"><br>
+    <input type="text" name="asn" id="asn" placeholder="AS4242420000"><br>
+    <input type="text" name="allowed-v4" id="allowed-v4" placeholder="ipv4 subnet"><br>
+    <input type="text" name="allowed-v6" id="allowed-v6" placeholder="ipv6 subnet"><br>
+    <input type="number" name="theanswer" id="theanswer" placeholder="The answer for everything"><br>
+    <input type="submit" value="login">
 </form>
+{% endif %}
 
 {% endblock %}
\ No newline at end of file

From 73de6addc1f5370fa2d98d240bf1faaa9d62c355 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Thu, 17 Nov 2022 07:20:03 +0100
Subject: [PATCH 16/42] add/change conf-file options; add debug login

---
 web/backend/config.sample.json | 11 ++++++-----
 web/backend/main.py            |  9 +++++----
 web/frontend/base.html         |  4 ++--
 web/frontend/login.html        | 13 ++++++++++---
 4 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/web/backend/config.sample.json b/web/backend/config.sample.json
index be34908..cb7625b 100644
--- a/web/backend/config.sample.json
+++ b/web/backend/config.sample.json
@@ -1,13 +1,13 @@
 {
     "nodes": {
         "<nodename>": {
-            "pub-endpoint": "<clearnet-fqdn/ip-address>",
-            "api-con": "http://<node-(internal)-ip/hostname>:<port>/",
+            "pub-endpoint": "<clearnet-fqdn/ip-address>", //optional, recommended
+            "api-con": "http://<node-(internal)-ip/hostname>:<port>/", // required
             "comment": "/* from here: data to be displayed on the webinterface */",
             "country": "...", // Countrycode: 2 capital letters
             "city": "...",
-            "wg-key": "...=", // pubkey of node
-            "internal-v4": "172.2x.xxx.xxx",
+            "wg-key": "...=", // pubkey of node; required
+            "internal-v4": "172.2x.xxx.xxx", //at least one ipv{4,6} addr required
             "internal-v6": "fdxx:...",
             "internal-v4ll": "169.254.xxx.xxx",
             "internal-v6ll": "fe80::..."
@@ -17,7 +17,8 @@
     "listen": "0.0.0.0",
     "port": 8042, 
     "domain": "example.org", // domain to use for kioubit verification service
+    "base-dir": "/", //optional:directury for which it is reachable (if behind some sort of reverse proxy) default "/"
+    "debug-mode": false, // optional; whethet to enable debugging; default false
     "flask-secret-key": "<secret-please-replace>", // secret key for session cookies
-    "flask-debug": false, // optional; default false
     "flask-template-dir": "../frontend/" // optional; default "../frontend"
 }
\ No newline at end of file
diff --git a/web/backend/main.py b/web/backend/main.py
index ff80c5f..76c91ba 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -36,9 +36,10 @@ class Config (dict):
         if not "flask-template-dir" in self._config:
             self._config["flask-template-dir"] = "../frontend" 
         
-        if not "flask-debug" in self._config:
-            self._config["flask-debug"] = False 
-
+        if not "debug-mode" in self._config:
+            self._config["debug-mode"] = False 
+        if not "base-dir" in self._config:
+            self._config["base-dir"] = "/"
         print(self._config)
 
 config = Config()
@@ -122,7 +123,7 @@ def main():
     app.static_folder= config["flask-template-dir"]+"/static/"
     app.template_folder=config["flask-template-dir"]
     app.secret_key = config["flask-secret-key"]
-    app.run(host=config["listen"], port=config["port"], debug=config["flask-debug"], threaded=True)
+    app.run(host=config["listen"], port=config["port"], debug=config["debug-mode"], threaded=True)
 
 
 if __name__ == "__main__":
diff --git a/web/frontend/base.html b/web/frontend/base.html
index ffd4327..b1b1d8a 100644
--- a/web/frontend/base.html
+++ b/web/frontend/base.html
@@ -5,10 +5,10 @@
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>{{config["MNT"]}} Autopeering</title>
-    <link rel="stylesheet" href="/static/style.css">
+    <link rel="stylesheet" href="{{config['base-dir']}}static/style.css">
 </head>
 <body>
-    <header class="flex flex-row"><div></div><a href="/">{{config["MNT"]}} Autopeering</a>{% if "login" in session %}<a href="/logout">logout</a>{% else %} <a href="/login?return=/peer">login</a>{%endif%}</header>
+    <header class="flex flex-row"><div></div><a href="{{config['base-dir']}}">{{config["MNT"]}} Autopeering</a>{% if "login" in session %}<a href="{{config['base-dir']}}logout">logout</a>{% else %} <a href="{{config['base-dir']}}login?return=/peer">login</a>{%endif%}</header>
     <div class="content flex">
         {% block content %}
         {% endblock %}
diff --git a/web/frontend/login.html b/web/frontend/login.html
index cb176bf..eaa4afb 100644
--- a/web/frontend/login.html
+++ b/web/frontend/login.html
@@ -16,9 +16,16 @@
     </button>
 </form>
 
-<form action="" method="post">
-    <input type="text" name="logincode" id="logincode">
-    <input type="submit" value="submit">
+{% if config["debug-mode"] %}
+<form action="" method="post" class="flex">
+    <label for="debug">Debug login, if you see this in Production contact {{config["MNT"]}}</label><br>
+    <input type="text" name="mnt" id="mnt" placeholder="YOUR-MNT"><br>
+    <input type="text" name="asn" id="asn" placeholder="AS4242420000"><br>
+    <input type="text" name="allowed-v4" id="allowed-v4" placeholder="ipv4 subnet"><br>
+    <input type="text" name="allowed-v6" id="allowed-v6" placeholder="ipv6 subnet"><br>
+    <input type="number" name="theanswer" id="theanswer" placeholder="The answer for everything"><br>
+    <input type="submit" value="login">
 </form>
+{% endif %}
 
 {% endblock %}
\ No newline at end of file

From 740b050fc4eaf34424b58204604f869f917659de Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Fri, 18 Nov 2022 10:25:58 +0100
Subject: [PATCH 17/42] implement debug login;

add functions for add/remove/view peerings
---
 web/backend/main.py                           | 63 ++++++++++++++-----
 web/frontend/index.html                       |  2 +-
 web/frontend/login.html                       | 10 +--
 web/frontend/{peer.html => peerings-new.html} |  0
 web/frontend/peerings.html                    | 13 ++++
 5 files changed, 65 insertions(+), 23 deletions(-)
 rename web/frontend/{peer.html => peerings-new.html} (100%)
 create mode 100644 web/frontend/peerings.html

diff --git a/web/backend/main.py b/web/backend/main.py
index 76c91ba..4025915 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -3,7 +3,7 @@
 from flask import Flask, Response, redirect, render_template, request, session, abort
 import json, os, base64
 from functools import wraps
-
+from ipaddress import ip_address, ip_network
 import kioubit_verify
 
 app = Flask(__name__)
@@ -49,7 +49,7 @@ def auth_required():
         @wraps(f)
         def decorated(*args, **kwargs):
             if not "login" in session:
-                return redirect(f"login?return={request.url}")
+                return redirect(f"{config['base-dir']}login?return={request.url}")
             else:
                 return f(*args, **kwargs)
         return decorated
@@ -89,28 +89,57 @@ def login():
         session["return_url"] = request.args["return"] if "return" in request.args else ""
         
         return render_template("login.html", session=session, config=config, return_addr=session["return_url"])
-    elif request.method == "POST":
-        if config["domain"] == "svc.burble.dn42:8042" and request.form["logincode"] and request.form["logincode"] == "eyJhc24iOjQyNDI0MjMwMzUsImFsbG93ZWQ0IjoiMTcyLjIyLjEyNS4xMjhcLzI2LDE3Mi4yMC4wLjgxXC8zMiIsImFsbG93ZWQ2IjoiZmQ2Mzo1ZDQwOjQ3ZTU6OlwvNDgsZmQ0MjpkNDI6ZDQyOjgxOjpcLzY0IiwibW50IjoiTEFSRS1NTlQifQo=":
-            print("abc")
-            user_data = json.loads(base64.b64decode(request.form["logincode"]))
-            session["login"] = user_data['mnt']
-            session["user-data"] = user_data
-        return redirect(request.args["return"])
+    elif request.method == "POST" and config["debug-mode"]:
+        try:
+            mnt = request.form["mnt"]
+            asn = request.form["asn"]
+            asn = asn[2:] if asn[:1].lower() == "as" else asn
+            if "allowed4" in request.form:
+                allowed4 = request.form["allowed4"]
+                allowed4 = allowed_v4.split(",") if "," in allowed_v4 else allowed_v4
+            else:
+                allowed4 = None
+            if "allowed6" in request.form:
+                allowed6 = request.form["allowed6"]
+                allowed6 = allowed_v6.split(",") if "," in allowed_v6 else allowed_v6
+            else:
+                allowed6 = None
+            session["user-data"] = {'asn':asn,'allowed4': allowed4, 'allowed6': allowed6,'mnt':mnt, 'authtype': "debug"}
+            session["login"] = mnt
+            return redirect(session["return_url"])
+        except KeyError:
+            msg = "not all required field were specified"
+            return render_template("login.html", session=session,config=config,return_addr=session["return_url"], msg=msg)
+    elif request.method == "POST" and not config["debug-mode"]:
+        abort(405)
+    return redirect(request.args["return"])
 
         
-@app.route("/peer", methods=["GET","POST"])
+@app.route("/peerings/delete", methods=["GET","DELETE"])
 @auth_required()
-def peer():
+def peerings_delete():
+
+    return f"{request.method} /peerings/delete?{str(request.args)}{str(request.form)}"
+@app.route("/peerings/new", methods=["GET","POST"])
+@auth_required()
+def peerings_new():
+    return render_template("peerings-new.html",  session=session,config=config)
+
+    return f"{request.method} /peerings/new {str(request.args)}{str(request.form)}"
+@app.route("/peerings", methods=["GET","POST","DELETE"])
+@auth_required()
+def peerings():
     if request.method == "GET":
         if "node" in request.args and request.args["node"] in config["nodes"]:
-            return render_template("peer.html", config=config, selected_node=request.args["node"])
-            return str(config["nodes"][request.args["node"]])
-        else: return render_template("peer.html",  session=session,config=config)
+            return render_template("peerings.html", config=config, selected_node=request.args["node"])
+        else: 
+            return render_template("peerings.html",  session=session,config=config)
     elif request.method == "POST":
-        return "POST /peer"
-
+        return peerings_new()
+    elif request.method == "DELETE":
+        return peerings_delete()
     else:
-        return 405
+        abort(405)
 
 @app.route("/")
 def index():
diff --git a/web/frontend/index.html b/web/frontend/index.html
index 02c0b1f..f64208d 100644
--- a/web/frontend/index.html
+++ b/web/frontend/index.html
@@ -24,7 +24,7 @@
             <td>{{config["nodes"][node]["country"]}}</td>
             <td>{{config["nodes"][node]["city"]}}</td>
             <td></td>
-            <td><a href="peer?node={{node}}">peer</a></td>
+            <td><a href="peerings/new?node={{node}}">peer</a></td>
         </tr>
         {% endfor %}
     </table>
diff --git a/web/frontend/login.html b/web/frontend/login.html
index eaa4afb..76ea1b9 100644
--- a/web/frontend/login.html
+++ b/web/frontend/login.html
@@ -19,11 +19,11 @@
 {% if config["debug-mode"] %}
 <form action="" method="post" class="flex">
     <label for="debug">Debug login, if you see this in Production contact {{config["MNT"]}}</label><br>
-    <input type="text" name="mnt" id="mnt" placeholder="YOUR-MNT"><br>
-    <input type="text" name="asn" id="asn" placeholder="AS4242420000"><br>
-    <input type="text" name="allowed-v4" id="allowed-v4" placeholder="ipv4 subnet"><br>
-    <input type="text" name="allowed-v6" id="allowed-v6" placeholder="ipv6 subnet"><br>
-    <input type="number" name="theanswer" id="theanswer" placeholder="The answer for everything"><br>
+    <input type="text" name="mnt" id="mnt" placeholder="YOUR-MNT" required><br>
+    <input type="text" name="asn" id="asn" placeholder="AS4242420000" required><br>
+    <input type="text" name="allowed4" id="allowed4" placeholder="ipv4 subnet (optional)"><br>
+    <input type="text" name="allowed6" id="allowed6" placeholder="ipv6 subnet (optional)"><br>
+    <input type="number" name="theanswer" id="theanswer" placeholder="The answer for everything" required><br>
     <input type="submit" value="login">
 </form>
 {% endif %}
diff --git a/web/frontend/peer.html b/web/frontend/peerings-new.html
similarity index 100%
rename from web/frontend/peer.html
rename to web/frontend/peerings-new.html
diff --git a/web/frontend/peerings.html b/web/frontend/peerings.html
new file mode 100644
index 0000000..26a236a
--- /dev/null
+++ b/web/frontend/peerings.html
@@ -0,0 +1,13 @@
+{% extends 'base.html' %}
+
+{% block content %}
+
+<form action="peer" method="post">
+    <select name="node" id="node">
+        {% for node in config["nodes"] %}
+            <option value="{{node}}" {% if selected_node %}{% if selected_node == node %}selected{% endif %}{% endif %} >{{node}}</option>
+        {% endfor %}
+    </select>
+</form>
+
+{% endblock %}
\ No newline at end of file

From 85135dd4496df6510cdeab2b21d86269610b2624 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Fri, 18 Nov 2022 10:25:58 +0100
Subject: [PATCH 18/42] implement debug login;

add functions for add/remove/view peerings
---
 web/backend/main.py                           | 63 ++++++++++++++-----
 web/frontend/index.html                       |  2 +-
 web/frontend/login.html                       | 10 +--
 web/frontend/{peer.html => peerings-new.html} |  0
 web/frontend/peerings.html                    | 13 ++++
 5 files changed, 65 insertions(+), 23 deletions(-)
 rename web/frontend/{peer.html => peerings-new.html} (100%)
 create mode 100644 web/frontend/peerings.html

diff --git a/web/backend/main.py b/web/backend/main.py
index 76c91ba..4025915 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -3,7 +3,7 @@
 from flask import Flask, Response, redirect, render_template, request, session, abort
 import json, os, base64
 from functools import wraps
-
+from ipaddress import ip_address, ip_network
 import kioubit_verify
 
 app = Flask(__name__)
@@ -49,7 +49,7 @@ def auth_required():
         @wraps(f)
         def decorated(*args, **kwargs):
             if not "login" in session:
-                return redirect(f"login?return={request.url}")
+                return redirect(f"{config['base-dir']}login?return={request.url}")
             else:
                 return f(*args, **kwargs)
         return decorated
@@ -89,28 +89,57 @@ def login():
         session["return_url"] = request.args["return"] if "return" in request.args else ""
         
         return render_template("login.html", session=session, config=config, return_addr=session["return_url"])
-    elif request.method == "POST":
-        if config["domain"] == "svc.burble.dn42:8042" and request.form["logincode"] and request.form["logincode"] == "eyJhc24iOjQyNDI0MjMwMzUsImFsbG93ZWQ0IjoiMTcyLjIyLjEyNS4xMjhcLzI2LDE3Mi4yMC4wLjgxXC8zMiIsImFsbG93ZWQ2IjoiZmQ2Mzo1ZDQwOjQ3ZTU6OlwvNDgsZmQ0MjpkNDI6ZDQyOjgxOjpcLzY0IiwibW50IjoiTEFSRS1NTlQifQo=":
-            print("abc")
-            user_data = json.loads(base64.b64decode(request.form["logincode"]))
-            session["login"] = user_data['mnt']
-            session["user-data"] = user_data
-        return redirect(request.args["return"])
+    elif request.method == "POST" and config["debug-mode"]:
+        try:
+            mnt = request.form["mnt"]
+            asn = request.form["asn"]
+            asn = asn[2:] if asn[:1].lower() == "as" else asn
+            if "allowed4" in request.form:
+                allowed4 = request.form["allowed4"]
+                allowed4 = allowed_v4.split(",") if "," in allowed_v4 else allowed_v4
+            else:
+                allowed4 = None
+            if "allowed6" in request.form:
+                allowed6 = request.form["allowed6"]
+                allowed6 = allowed_v6.split(",") if "," in allowed_v6 else allowed_v6
+            else:
+                allowed6 = None
+            session["user-data"] = {'asn':asn,'allowed4': allowed4, 'allowed6': allowed6,'mnt':mnt, 'authtype': "debug"}
+            session["login"] = mnt
+            return redirect(session["return_url"])
+        except KeyError:
+            msg = "not all required field were specified"
+            return render_template("login.html", session=session,config=config,return_addr=session["return_url"], msg=msg)
+    elif request.method == "POST" and not config["debug-mode"]:
+        abort(405)
+    return redirect(request.args["return"])
 
         
-@app.route("/peer", methods=["GET","POST"])
+@app.route("/peerings/delete", methods=["GET","DELETE"])
 @auth_required()
-def peer():
+def peerings_delete():
+
+    return f"{request.method} /peerings/delete?{str(request.args)}{str(request.form)}"
+@app.route("/peerings/new", methods=["GET","POST"])
+@auth_required()
+def peerings_new():
+    return render_template("peerings-new.html",  session=session,config=config)
+
+    return f"{request.method} /peerings/new {str(request.args)}{str(request.form)}"
+@app.route("/peerings", methods=["GET","POST","DELETE"])
+@auth_required()
+def peerings():
     if request.method == "GET":
         if "node" in request.args and request.args["node"] in config["nodes"]:
-            return render_template("peer.html", config=config, selected_node=request.args["node"])
-            return str(config["nodes"][request.args["node"]])
-        else: return render_template("peer.html",  session=session,config=config)
+            return render_template("peerings.html", config=config, selected_node=request.args["node"])
+        else: 
+            return render_template("peerings.html",  session=session,config=config)
     elif request.method == "POST":
-        return "POST /peer"
-
+        return peerings_new()
+    elif request.method == "DELETE":
+        return peerings_delete()
     else:
-        return 405
+        abort(405)
 
 @app.route("/")
 def index():
diff --git a/web/frontend/index.html b/web/frontend/index.html
index 02c0b1f..f64208d 100644
--- a/web/frontend/index.html
+++ b/web/frontend/index.html
@@ -24,7 +24,7 @@
             <td>{{config["nodes"][node]["country"]}}</td>
             <td>{{config["nodes"][node]["city"]}}</td>
             <td></td>
-            <td><a href="peer?node={{node}}">peer</a></td>
+            <td><a href="peerings/new?node={{node}}">peer</a></td>
         </tr>
         {% endfor %}
     </table>
diff --git a/web/frontend/login.html b/web/frontend/login.html
index eaa4afb..76ea1b9 100644
--- a/web/frontend/login.html
+++ b/web/frontend/login.html
@@ -19,11 +19,11 @@
 {% if config["debug-mode"] %}
 <form action="" method="post" class="flex">
     <label for="debug">Debug login, if you see this in Production contact {{config["MNT"]}}</label><br>
-    <input type="text" name="mnt" id="mnt" placeholder="YOUR-MNT"><br>
-    <input type="text" name="asn" id="asn" placeholder="AS4242420000"><br>
-    <input type="text" name="allowed-v4" id="allowed-v4" placeholder="ipv4 subnet"><br>
-    <input type="text" name="allowed-v6" id="allowed-v6" placeholder="ipv6 subnet"><br>
-    <input type="number" name="theanswer" id="theanswer" placeholder="The answer for everything"><br>
+    <input type="text" name="mnt" id="mnt" placeholder="YOUR-MNT" required><br>
+    <input type="text" name="asn" id="asn" placeholder="AS4242420000" required><br>
+    <input type="text" name="allowed4" id="allowed4" placeholder="ipv4 subnet (optional)"><br>
+    <input type="text" name="allowed6" id="allowed6" placeholder="ipv6 subnet (optional)"><br>
+    <input type="number" name="theanswer" id="theanswer" placeholder="The answer for everything" required><br>
     <input type="submit" value="login">
 </form>
 {% endif %}
diff --git a/web/frontend/peer.html b/web/frontend/peerings-new.html
similarity index 100%
rename from web/frontend/peer.html
rename to web/frontend/peerings-new.html
diff --git a/web/frontend/peerings.html b/web/frontend/peerings.html
new file mode 100644
index 0000000..26a236a
--- /dev/null
+++ b/web/frontend/peerings.html
@@ -0,0 +1,13 @@
+{% extends 'base.html' %}
+
+{% block content %}
+
+<form action="peer" method="post">
+    <select name="node" id="node">
+        {% for node in config["nodes"] %}
+            <option value="{{node}}" {% if selected_node %}{% if selected_node == node %}selected{% endif %}{% endif %} >{{node}}</option>
+        {% endfor %}
+    </select>
+</form>
+
+{% endblock %}
\ No newline at end of file

From cc8f181f24b551e1a1d283462bf91f602d62fb62 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Sat, 19 Nov 2022 18:12:01 +0100
Subject: [PATCH 19/42] add  waitress as production WSGI server

---
 web/backend/config.sample.json |  9 ++++++---
 web/backend/main.py            | 14 +++++++++++---
 web/frontend/base.html         |  2 +-
 web/requirements.txt           |  1 +
 4 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/web/backend/config.sample.json b/web/backend/config.sample.json
index cb7625b..8805f79 100644
--- a/web/backend/config.sample.json
+++ b/web/backend/config.sample.json
@@ -1,16 +1,18 @@
 {
     "nodes": {
         "<nodename>": {
-            "pub-endpoint": "<clearnet-fqdn/ip-address>", //optional, recommended
+            "pub-endpoint": "<clearnet-fqdn/ip-address>", //optional, recommended, default: None/null
             "api-con": "http://<node-(internal)-ip/hostname>:<port>/", // required
-            "comment": "/* from here: data to be displayed on the webinterface */",
+            "#comment": "/* from here: data to be displayed on the webinterface */",
             "country": "...", // Countrycode: 2 capital letters
             "city": "...",
             "wg-key": "...=", // pubkey of node; required
             "internal-v4": "172.2x.xxx.xxx", //at least one ipv{4,6} addr required
             "internal-v6": "fdxx:...",
             "internal-v4ll": "169.254.xxx.xxx",
-            "internal-v6ll": "fe80::..."
+            "internal-v6ll": "fe80::...",
+            "note": "...", //optional, special precausions, like only supporting a specific amount of peers/ipv{4,6} in clearnet, etc
+            "capacity": 100 //optional, default: -1 (infinite); estimated capacity of that node (i.e. OPENVZ(7) only has userspace WG (which consumes memory for every interface created))
         }
     },
     "MNT": "YOUR-MNT", // your MNT tag
@@ -18,6 +20,7 @@
     "port": 8042, 
     "domain": "example.org", // domain to use for kioubit verification service
     "base-dir": "/", //optional:directury for which it is reachable (if behind some sort of reverse proxy) default "/"
+    "production": true, //optional, default true; 
     "debug-mode": false, // optional; whethet to enable debugging; default false
     "flask-secret-key": "<secret-please-replace>", // secret key for session cookies
     "flask-template-dir": "../frontend/" // optional; default "../frontend"
diff --git a/web/backend/main.py b/web/backend/main.py
index 4025915..bdd987a 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -21,6 +21,9 @@ class Config (dict):
         #self.__getitem__ = self._config.__getitem__
         super().__init__(self)
 
+    def __contains__(self, o):
+        return self._config.__contains__(o)
+
     def __delitem__(self, v):
         raise NotImplementedError()
         super().__delitem__(self,v)
@@ -96,12 +99,12 @@ def login():
             asn = asn[2:] if asn[:1].lower() == "as" else asn
             if "allowed4" in request.form:
                 allowed4 = request.form["allowed4"]
-                allowed4 = allowed_v4.split(",") if "," in allowed_v4 else allowed_v4
+                allowed4 = allowed4.split(",") if "," in allowed4 else allowed4
             else:
                 allowed4 = None
             if "allowed6" in request.form:
                 allowed6 = request.form["allowed6"]
-                allowed6 = allowed_v6.split(",") if "," in allowed_v6 else allowed_v6
+                allowed6 = allowed6.split(",") if "," in allowed6 else allowed6
             else:
                 allowed6 = None
             session["user-data"] = {'asn':asn,'allowed4': allowed4, 'allowed6': allowed6,'mnt':mnt, 'authtype': "debug"}
@@ -152,7 +155,12 @@ def main():
     app.static_folder= config["flask-template-dir"]+"/static/"
     app.template_folder=config["flask-template-dir"]
     app.secret_key = config["flask-secret-key"]
-    app.run(host=config["listen"], port=config["port"], debug=config["debug-mode"], threaded=True)
+    if "production" in config and config["production"] == False:
+        app.run(host=config["listen"], port=config["port"], debug=config["debug-mode"], threaded=True)
+    else:
+        from waitress import serve
+        serve(app, host=config["listen"], port=config["port"])
+
 
 
 if __name__ == "__main__":
diff --git a/web/frontend/base.html b/web/frontend/base.html
index b1b1d8a..e8b1e98 100644
--- a/web/frontend/base.html
+++ b/web/frontend/base.html
@@ -8,7 +8,7 @@
     <link rel="stylesheet" href="{{config['base-dir']}}static/style.css">
 </head>
 <body>
-    <header class="flex flex-row"><div></div><a href="{{config['base-dir']}}">{{config["MNT"]}} Autopeering</a>{% if "login" in session %}<a href="{{config['base-dir']}}logout">logout</a>{% else %} <a href="{{config['base-dir']}}login?return=/peer">login</a>{%endif%}</header>
+    <header class="flex flex-row"><div></div><a href="{{config['base-dir']}}">{{config["MNT"]}} Autopeering</a>{% if "login" in session %}<a href="{{config['base-dir']}}logout">logout</a>{% else %} <a href="{{config['base-dir']}}login?return=/peerings">login</a>{%endif%}</header>
     <div class="content flex">
         {% block content %}
         {% endblock %}
diff --git a/web/requirements.txt b/web/requirements.txt
index 7cf74ff..1309823 100644
--- a/web/requirements.txt
+++ b/web/requirements.txt
@@ -1,2 +1,3 @@
 Flask
+waitress
 pyopenssl
\ No newline at end of file

From 7d5937f3fb87de1de86ce38a65dab8183825e8ca Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Sat, 19 Nov 2022 18:12:01 +0100
Subject: [PATCH 20/42] add  waitress as production WSGI server

---
 web/backend/config.sample.json |  9 ++++++---
 web/backend/main.py            | 14 +++++++++++---
 web/frontend/base.html         |  2 +-
 web/requirements.txt           |  1 +
 4 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/web/backend/config.sample.json b/web/backend/config.sample.json
index cb7625b..8805f79 100644
--- a/web/backend/config.sample.json
+++ b/web/backend/config.sample.json
@@ -1,16 +1,18 @@
 {
     "nodes": {
         "<nodename>": {
-            "pub-endpoint": "<clearnet-fqdn/ip-address>", //optional, recommended
+            "pub-endpoint": "<clearnet-fqdn/ip-address>", //optional, recommended, default: None/null
             "api-con": "http://<node-(internal)-ip/hostname>:<port>/", // required
-            "comment": "/* from here: data to be displayed on the webinterface */",
+            "#comment": "/* from here: data to be displayed on the webinterface */",
             "country": "...", // Countrycode: 2 capital letters
             "city": "...",
             "wg-key": "...=", // pubkey of node; required
             "internal-v4": "172.2x.xxx.xxx", //at least one ipv{4,6} addr required
             "internal-v6": "fdxx:...",
             "internal-v4ll": "169.254.xxx.xxx",
-            "internal-v6ll": "fe80::..."
+            "internal-v6ll": "fe80::...",
+            "note": "...", //optional, special precausions, like only supporting a specific amount of peers/ipv{4,6} in clearnet, etc
+            "capacity": 100 //optional, default: -1 (infinite); estimated capacity of that node (i.e. OPENVZ(7) only has userspace WG (which consumes memory for every interface created))
         }
     },
     "MNT": "YOUR-MNT", // your MNT tag
@@ -18,6 +20,7 @@
     "port": 8042, 
     "domain": "example.org", // domain to use for kioubit verification service
     "base-dir": "/", //optional:directury for which it is reachable (if behind some sort of reverse proxy) default "/"
+    "production": true, //optional, default true; 
     "debug-mode": false, // optional; whethet to enable debugging; default false
     "flask-secret-key": "<secret-please-replace>", // secret key for session cookies
     "flask-template-dir": "../frontend/" // optional; default "../frontend"
diff --git a/web/backend/main.py b/web/backend/main.py
index 4025915..bdd987a 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -21,6 +21,9 @@ class Config (dict):
         #self.__getitem__ = self._config.__getitem__
         super().__init__(self)
 
+    def __contains__(self, o):
+        return self._config.__contains__(o)
+
     def __delitem__(self, v):
         raise NotImplementedError()
         super().__delitem__(self,v)
@@ -96,12 +99,12 @@ def login():
             asn = asn[2:] if asn[:1].lower() == "as" else asn
             if "allowed4" in request.form:
                 allowed4 = request.form["allowed4"]
-                allowed4 = allowed_v4.split(",") if "," in allowed_v4 else allowed_v4
+                allowed4 = allowed4.split(",") if "," in allowed4 else allowed4
             else:
                 allowed4 = None
             if "allowed6" in request.form:
                 allowed6 = request.form["allowed6"]
-                allowed6 = allowed_v6.split(",") if "," in allowed_v6 else allowed_v6
+                allowed6 = allowed6.split(",") if "," in allowed6 else allowed6
             else:
                 allowed6 = None
             session["user-data"] = {'asn':asn,'allowed4': allowed4, 'allowed6': allowed6,'mnt':mnt, 'authtype': "debug"}
@@ -152,7 +155,12 @@ def main():
     app.static_folder= config["flask-template-dir"]+"/static/"
     app.template_folder=config["flask-template-dir"]
     app.secret_key = config["flask-secret-key"]
-    app.run(host=config["listen"], port=config["port"], debug=config["debug-mode"], threaded=True)
+    if "production" in config and config["production"] == False:
+        app.run(host=config["listen"], port=config["port"], debug=config["debug-mode"], threaded=True)
+    else:
+        from waitress import serve
+        serve(app, host=config["listen"], port=config["port"])
+
 
 
 if __name__ == "__main__":
diff --git a/web/frontend/base.html b/web/frontend/base.html
index b1b1d8a..e8b1e98 100644
--- a/web/frontend/base.html
+++ b/web/frontend/base.html
@@ -8,7 +8,7 @@
     <link rel="stylesheet" href="{{config['base-dir']}}static/style.css">
 </head>
 <body>
-    <header class="flex flex-row"><div></div><a href="{{config['base-dir']}}">{{config["MNT"]}} Autopeering</a>{% if "login" in session %}<a href="{{config['base-dir']}}logout">logout</a>{% else %} <a href="{{config['base-dir']}}login?return=/peer">login</a>{%endif%}</header>
+    <header class="flex flex-row"><div></div><a href="{{config['base-dir']}}">{{config["MNT"]}} Autopeering</a>{% if "login" in session %}<a href="{{config['base-dir']}}logout">logout</a>{% else %} <a href="{{config['base-dir']}}login?return=/peerings">login</a>{%endif%}</header>
     <div class="content flex">
         {% block content %}
         {% endblock %}
diff --git a/web/requirements.txt b/web/requirements.txt
index 7cf74ff..1309823 100644
--- a/web/requirements.txt
+++ b/web/requirements.txt
@@ -1,2 +1,3 @@
 Flask
+waitress
 pyopenssl
\ No newline at end of file

From bc55c5df005b834f8ce2be633f75fdbbe87afae9 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Sun, 20 Nov 2022 10:57:33 +0100
Subject: [PATCH 21/42] add "peering-dir",  logging,

---
 web/.gitignore                 |  2 ++
 web/backend/config.sample.json |  1 +
 web/backend/kioubit_verify.py  | 16 ++++-----
 web/backend/main.py            | 65 ++++++++++++++++++++++++++++++----
 web/frontend/peerings-new.html |  2 +-
 web/frontend/peerings.html     | 15 ++++----
 6 files changed, 78 insertions(+), 23 deletions(-)
 create mode 100644 web/.gitignore

diff --git a/web/.gitignore b/web/.gitignore
new file mode 100644
index 0000000..ddf7c63
--- /dev/null
+++ b/web/.gitignore
@@ -0,0 +1,2 @@
+venv
+backend/peerings/
\ No newline at end of file
diff --git a/web/backend/config.sample.json b/web/backend/config.sample.json
index 8805f79..b2a9a3d 100644
--- a/web/backend/config.sample.json
+++ b/web/backend/config.sample.json
@@ -20,6 +20,7 @@
     "port": 8042, 
     "domain": "example.org", // domain to use for kioubit verification service
     "base-dir": "/", //optional:directury for which it is reachable (if behind some sort of reverse proxy) default "/"
+    "peerings-dir": "/path/to/peering-configs/", // optional; default "$PWD/peerings", directory to save existing peerings to
     "production": true, //optional, default true; 
     "debug-mode": false, // optional; whethet to enable debugging; default false
     "flask-secret-key": "<secret-please-replace>", // secret key for session cookies
diff --git a/web/backend/kioubit_verify.py b/web/backend/kioubit_verify.py
index 1f9d3d2..11fe87c 100644
--- a/web/backend/kioubit_verify.py
+++ b/web/backend/kioubit_verify.py
@@ -1,6 +1,6 @@
 #! /usr/bin/env python3
 
-import base64, os, json, time
+import base64, os, json, time, logging
 import OpenSSL
 from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509
 
@@ -15,20 +15,20 @@ class AuthVerifyer ():
             pk_content = ""
             for line in pk.readlines():
                 pk_content += line
-            print(pk_content)
+            logging.debug(pk_content)
         pkey = load_publickey(FILETYPE_PEM, pk_content)
         self.x509 = X509()
         self.x509.set_pubkey(pkey)
         
-        print(self.x509)
+        logging.debug(self.x509)
         
     def verify(self, params, signature):
-        # print(type(sig))
+        # logging.debug(type(sig))
         #OpenSSL_verify(self.pubkey, sig
         #, base64.b64decode(params), "sha512")
         sig = base64.b64decode(signature)
-        print(f"sig: {sig}")
-        print(f"params: {params}")
+        logging.info(f"sig: {sig}")
+        logging.info(f"params: {params}")
         try:
             verify(self.x509, sig, params, 'sha512')
         except OpenSSL.crypto.Error:
@@ -43,12 +43,12 @@ class AuthVerifyer ():
             return False, "invalid JSON"
         except KeyError:
             return False, "value not found in JSON"
-        print(user_data)
+        logging.debug(user_data)
         return True, user_data
 
 if __name__ == "__main__":
     example_com_verifier = AuthVerifyer("example.com")
-    print (example_com_verifier.verify(
+    logging.info (example_com_verifier.verify(
         params=b"eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
         signature=b"MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA=="
         ) )
diff --git a/web/backend/main.py b/web/backend/main.py
index bdd987a..08ac158 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -1,7 +1,7 @@
 #! /usr/bin/env python3
 
 from flask import Flask, Response, redirect, render_template, request, session, abort
-import json, os, base64
+import json, os, base64, logging
 from functools import wraps
 from ipaddress import ip_address, ip_network
 import kioubit_verify
@@ -16,7 +16,7 @@ class Config (dict):
             if os.path.exists("./config.json"): self.configfile = "./config.json"
             elif os.path.exists("/etc/dn42-autopeer/config.json"): self.configfile = "/etc/dn42-autopeer/config,json"
             else: raise FileNotFoundError("no config file found in ./config.json or /etc/dn42-autopeer/config.json")
-        self.load_config()
+        self._load_config()
         self.keys = self._config.keys
         #self.__getitem__ = self._config.__getitem__
         super().__init__(self)
@@ -29,7 +29,8 @@ class Config (dict):
         super().__delitem__(self,v)
     def __getitem__(self, k):
         return self._config[k]
-    def load_config(self):
+     
+    def _load_config(self):
         with open(self.configfile) as cf:
             try:
                 self._config = json.load(cf)
@@ -43,10 +44,58 @@ class Config (dict):
             self._config["debug-mode"] = False 
         if not "base-dir" in self._config:
             self._config["base-dir"] = "/"
-        print(self._config)
+        
+        if not "peerings-data" in self._config:
+            self._config["peering-data"] = "./peerings"
+        logging.info(self._config)
+
+class PeeringManager(dict):
+
+    def __init__(self, peering_dir):
+        self._peering_dir = peering_dir
+
+        self._load_peerings()
+        self.keys = self._peerings
+
+    def __contains__(self, o):
+        return self._peerings.__contains__(o)
+
+    def __getitem__(self, k):
+        return self._peerings[k]
+    
+    def __setitem__(self, k, v):
+        pass
+    def __delitem__(self, v):
+        pass
+    
+    def _load_peerings(self):
+        if not os.path.exists(self._peering_dir):
+            os.mkdir(self._peering_dir)
+        if not os.path.exists(f"{self._peering_dir}/peerings.json"):
+            with open(f"{self._peering_dir}/peerings.json", "x") as p: 
+                json.dump([], p)
+        with open(f"{self._peering_dir}/peerings.json","r") as p:
+            self._peerings = json.load(p)
+        self.peerings = {}
+        missing_peerings = False
+        for peering in self._peerings:
+            if os.path.exists(f"{self._peering_dir}/{peering}.json"):
+                with open(f"{self._peering_dir}/{peering}.json") as peer_cfg:
+                    self.peerings[peering] = json.load(peer_cfg)
+            else:
+                logging.warning(f"peering with id {peering} doesn't exist. removing reference in `{self._peering_dir}/peerings.json`")
+                self._peerings.remove(peering)
+                missing_peerings = True
+        if missing_peerings:
+            with open(f"{self._peering_dir}/peerings.json","w") as p:
+                json.dump(self._peerings, p, indent=4)
+
+    def get_peerings_by_mnt(self, mnt):
+        raise NotImplementedError()
+       
 
 config = Config()
-
+peerings = PeeringManager(config["peering-dir"])
 def auth_required():
     def wrapper(f):
         @wraps(f)
@@ -70,8 +119,8 @@ def kioubit_auth():
 
     
     success, msg = kverifyer.verify(params, signature)
-    try: print(base64.b64decode(params))
-    except: print("invalid Base64 data provided")
+    try: logging.debug(base64.b64decode(params))
+    except: logging.debug("invalid Base64 data provided")
     
 
     if success:
@@ -156,9 +205,11 @@ def main():
     app.template_folder=config["flask-template-dir"]
     app.secret_key = config["flask-secret-key"]
     if "production" in config and config["production"] == False:
+        logging.getLogger(__name__).setLevel(logging.INFO)
         app.run(host=config["listen"], port=config["port"], debug=config["debug-mode"], threaded=True)
     else:
         from waitress import serve
+        logging.getLogger(__name__).setLevel(logging.NOTSET)
         serve(app, host=config["listen"], port=config["port"])
 
 
diff --git a/web/frontend/peerings-new.html b/web/frontend/peerings-new.html
index 26a236a..ffdba39 100644
--- a/web/frontend/peerings-new.html
+++ b/web/frontend/peerings-new.html
@@ -2,7 +2,7 @@
 
 {% block content %}
 
-<form action="peer" method="post">
+<form action="" method="post">
     <select name="node" id="node">
         {% for node in config["nodes"] %}
             <option value="{{node}}" {% if selected_node %}{% if selected_node == node %}selected{% endif %}{% endif %} >{{node}}</option>
diff --git a/web/frontend/peerings.html b/web/frontend/peerings.html
index 26a236a..578194b 100644
--- a/web/frontend/peerings.html
+++ b/web/frontend/peerings.html
@@ -1,13 +1,14 @@
 {% extends 'base.html' %}
 
 {% block content %}
+<script>
 
-<form action="peer" method="post">
-    <select name="node" id="node">
-        {% for node in config["nodes"] %}
-            <option value="{{node}}" {% if selected_node %}{% if selected_node == node %}selected{% endif %}{% endif %} >{{node}}</option>
-        {% endfor %}
-    </select>
-</form>
+</script>
+<div>
+    <a href="peerings/new"><button>add new</button></a>
+</div>
+<div>
+
+</div>
 
 {% endblock %}
\ No newline at end of file

From 33e49bc0b647fb7d6beff4f0bc6252d6e01e5280 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Sun, 20 Nov 2022 10:57:33 +0100
Subject: [PATCH 22/42] add "peering-dir",  logging,

---
 web/.gitignore                 |  2 ++
 web/backend/config.sample.json |  1 +
 web/backend/kioubit_verify.py  | 16 ++++-----
 web/backend/main.py            | 65 ++++++++++++++++++++++++++++++----
 web/frontend/peerings-new.html |  2 +-
 web/frontend/peerings.html     | 15 ++++----
 6 files changed, 78 insertions(+), 23 deletions(-)
 create mode 100644 web/.gitignore

diff --git a/web/.gitignore b/web/.gitignore
new file mode 100644
index 0000000..ddf7c63
--- /dev/null
+++ b/web/.gitignore
@@ -0,0 +1,2 @@
+venv
+backend/peerings/
\ No newline at end of file
diff --git a/web/backend/config.sample.json b/web/backend/config.sample.json
index 8805f79..b2a9a3d 100644
--- a/web/backend/config.sample.json
+++ b/web/backend/config.sample.json
@@ -20,6 +20,7 @@
     "port": 8042, 
     "domain": "example.org", // domain to use for kioubit verification service
     "base-dir": "/", //optional:directury for which it is reachable (if behind some sort of reverse proxy) default "/"
+    "peerings-dir": "/path/to/peering-configs/", // optional; default "$PWD/peerings", directory to save existing peerings to
     "production": true, //optional, default true; 
     "debug-mode": false, // optional; whethet to enable debugging; default false
     "flask-secret-key": "<secret-please-replace>", // secret key for session cookies
diff --git a/web/backend/kioubit_verify.py b/web/backend/kioubit_verify.py
index 1f9d3d2..11fe87c 100644
--- a/web/backend/kioubit_verify.py
+++ b/web/backend/kioubit_verify.py
@@ -1,6 +1,6 @@
 #! /usr/bin/env python3
 
-import base64, os, json, time
+import base64, os, json, time, logging
 import OpenSSL
 from OpenSSL.crypto import load_publickey, FILETYPE_PEM, verify, X509
 
@@ -15,20 +15,20 @@ class AuthVerifyer ():
             pk_content = ""
             for line in pk.readlines():
                 pk_content += line
-            print(pk_content)
+            logging.debug(pk_content)
         pkey = load_publickey(FILETYPE_PEM, pk_content)
         self.x509 = X509()
         self.x509.set_pubkey(pkey)
         
-        print(self.x509)
+        logging.debug(self.x509)
         
     def verify(self, params, signature):
-        # print(type(sig))
+        # logging.debug(type(sig))
         #OpenSSL_verify(self.pubkey, sig
         #, base64.b64decode(params), "sha512")
         sig = base64.b64decode(signature)
-        print(f"sig: {sig}")
-        print(f"params: {params}")
+        logging.info(f"sig: {sig}")
+        logging.info(f"params: {params}")
         try:
             verify(self.x509, sig, params, 'sha512')
         except OpenSSL.crypto.Error:
@@ -43,12 +43,12 @@ class AuthVerifyer ():
             return False, "invalid JSON"
         except KeyError:
             return False, "value not found in JSON"
-        print(user_data)
+        logging.debug(user_data)
         return True, user_data
 
 if __name__ == "__main__":
     example_com_verifier = AuthVerifyer("example.com")
-    print (example_com_verifier.verify(
+    logging.info (example_com_verifier.verify(
         params=b"eyJhc24iOiI0MjQyNDIzMDM1IiwidGltZSI6MTY2ODI2NjkyNiwiYWxsb3dlZDQiOiIxNzIuMjIuMTI1LjEyOFwvMjYsMTcyLjIwLjAuODFcLzMyIiwiYWxsb3dlZDYiOiJmZDYzOjVkNDA6NDdlNTo6XC80OCxmZDQyOmQ0MjpkNDI6ODE6OlwvNjQiLCJtbnQiOiJMQVJFLU1OVCIsImF1dGh0eXBlIjoibG9naW5jb2RlIiwiZG9tYWluIjoic3ZjLmJ1cmJsZS5kbjQyIn0=",
         signature=b"MIGIAkIBAmwz3sQ1vOkH8+8e0NJ8GsUqKSaazIWmYDp60sshlTo7gCAopZOZ6/+tD6s+oEGM1i5mKGbHgK9ROATQLHxUZecCQgCa2N828uNn76z1Yg63/c7veMVIiK4l1X9TCUepJnJ3mCto+7ogCP+2vQm6GHipSNRF4wnt6tZbir0HZvrqEnRAmA=="
         ) )
diff --git a/web/backend/main.py b/web/backend/main.py
index bdd987a..08ac158 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -1,7 +1,7 @@
 #! /usr/bin/env python3
 
 from flask import Flask, Response, redirect, render_template, request, session, abort
-import json, os, base64
+import json, os, base64, logging
 from functools import wraps
 from ipaddress import ip_address, ip_network
 import kioubit_verify
@@ -16,7 +16,7 @@ class Config (dict):
             if os.path.exists("./config.json"): self.configfile = "./config.json"
             elif os.path.exists("/etc/dn42-autopeer/config.json"): self.configfile = "/etc/dn42-autopeer/config,json"
             else: raise FileNotFoundError("no config file found in ./config.json or /etc/dn42-autopeer/config.json")
-        self.load_config()
+        self._load_config()
         self.keys = self._config.keys
         #self.__getitem__ = self._config.__getitem__
         super().__init__(self)
@@ -29,7 +29,8 @@ class Config (dict):
         super().__delitem__(self,v)
     def __getitem__(self, k):
         return self._config[k]
-    def load_config(self):
+     
+    def _load_config(self):
         with open(self.configfile) as cf:
             try:
                 self._config = json.load(cf)
@@ -43,10 +44,58 @@ class Config (dict):
             self._config["debug-mode"] = False 
         if not "base-dir" in self._config:
             self._config["base-dir"] = "/"
-        print(self._config)
+        
+        if not "peerings-data" in self._config:
+            self._config["peering-data"] = "./peerings"
+        logging.info(self._config)
+
+class PeeringManager(dict):
+
+    def __init__(self, peering_dir):
+        self._peering_dir = peering_dir
+
+        self._load_peerings()
+        self.keys = self._peerings
+
+    def __contains__(self, o):
+        return self._peerings.__contains__(o)
+
+    def __getitem__(self, k):
+        return self._peerings[k]
+    
+    def __setitem__(self, k, v):
+        pass
+    def __delitem__(self, v):
+        pass
+    
+    def _load_peerings(self):
+        if not os.path.exists(self._peering_dir):
+            os.mkdir(self._peering_dir)
+        if not os.path.exists(f"{self._peering_dir}/peerings.json"):
+            with open(f"{self._peering_dir}/peerings.json", "x") as p: 
+                json.dump([], p)
+        with open(f"{self._peering_dir}/peerings.json","r") as p:
+            self._peerings = json.load(p)
+        self.peerings = {}
+        missing_peerings = False
+        for peering in self._peerings:
+            if os.path.exists(f"{self._peering_dir}/{peering}.json"):
+                with open(f"{self._peering_dir}/{peering}.json") as peer_cfg:
+                    self.peerings[peering] = json.load(peer_cfg)
+            else:
+                logging.warning(f"peering with id {peering} doesn't exist. removing reference in `{self._peering_dir}/peerings.json`")
+                self._peerings.remove(peering)
+                missing_peerings = True
+        if missing_peerings:
+            with open(f"{self._peering_dir}/peerings.json","w") as p:
+                json.dump(self._peerings, p, indent=4)
+
+    def get_peerings_by_mnt(self, mnt):
+        raise NotImplementedError()
+       
 
 config = Config()
-
+peerings = PeeringManager(config["peering-dir"])
 def auth_required():
     def wrapper(f):
         @wraps(f)
@@ -70,8 +119,8 @@ def kioubit_auth():
 
     
     success, msg = kverifyer.verify(params, signature)
-    try: print(base64.b64decode(params))
-    except: print("invalid Base64 data provided")
+    try: logging.debug(base64.b64decode(params))
+    except: logging.debug("invalid Base64 data provided")
     
 
     if success:
@@ -156,9 +205,11 @@ def main():
     app.template_folder=config["flask-template-dir"]
     app.secret_key = config["flask-secret-key"]
     if "production" in config and config["production"] == False:
+        logging.getLogger(__name__).setLevel(logging.INFO)
         app.run(host=config["listen"], port=config["port"], debug=config["debug-mode"], threaded=True)
     else:
         from waitress import serve
+        logging.getLogger(__name__).setLevel(logging.NOTSET)
         serve(app, host=config["listen"], port=config["port"])
 
 
diff --git a/web/frontend/peerings-new.html b/web/frontend/peerings-new.html
index 26a236a..ffdba39 100644
--- a/web/frontend/peerings-new.html
+++ b/web/frontend/peerings-new.html
@@ -2,7 +2,7 @@
 
 {% block content %}
 
-<form action="peer" method="post">
+<form action="" method="post">
     <select name="node" id="node">
         {% for node in config["nodes"] %}
             <option value="{{node}}" {% if selected_node %}{% if selected_node == node %}selected{% endif %}{% endif %} >{{node}}</option>
diff --git a/web/frontend/peerings.html b/web/frontend/peerings.html
index 26a236a..578194b 100644
--- a/web/frontend/peerings.html
+++ b/web/frontend/peerings.html
@@ -1,13 +1,14 @@
 {% extends 'base.html' %}
 
 {% block content %}
+<script>
 
-<form action="peer" method="post">
-    <select name="node" id="node">
-        {% for node in config["nodes"] %}
-            <option value="{{node}}" {% if selected_node %}{% if selected_node == node %}selected{% endif %}{% endif %} >{{node}}</option>
-        {% endfor %}
-    </select>
-</form>
+</script>
+<div>
+    <a href="peerings/new"><button>add new</button></a>
+</div>
+<div>
+
+</div>
 
 {% endblock %}
\ No newline at end of file

From 107644cbd7fc4bd5eb4522dc6b840d4f94040af8 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Mon, 21 Nov 2022 19:41:28 +0100
Subject: [PATCH 23/42] add example-configs and form on peering/new

---
 web/backend/config.sample.json |  3 +-
 web/backend/main.py            | 27 +++++++----
 web/frontend/peerings-new.html | 83 +++++++++++++++++++++++++++++++---
 web/frontend/peerings.html     |  7 ++-
 web/frontend/static/style.css  | 17 +++++++
 5 files changed, 118 insertions(+), 19 deletions(-)

diff --git a/web/backend/config.sample.json b/web/backend/config.sample.json
index b2a9a3d..aa7a872 100644
--- a/web/backend/config.sample.json
+++ b/web/backend/config.sample.json
@@ -1,7 +1,7 @@
 {
     "nodes": {
         "<nodename>": {
-            "pub-endpoint": "<clearnet-fqdn/ip-address>", //optional, recommended, default: None/null
+            "endpoint": "<clearnet-fqdn/ip-address>", //optional, recommended, default: None/null
             "api-con": "http://<node-(internal)-ip/hostname>:<port>/", // required
             "#comment": "/* from here: data to be displayed on the webinterface */",
             "country": "...", // Countrycode: 2 capital letters
@@ -16,6 +16,7 @@
         }
     },
     "MNT": "YOUR-MNT", // your MNT tag
+    "ASN": "424242000", //Your ASN (used to generate default peer ListenPorts)
     "listen": "0.0.0.0",
     "port": 8042, 
     "domain": "example.org", // domain to use for kioubit verification service
diff --git a/web/backend/main.py b/web/backend/main.py
index 08ac158..5eaf57f 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -91,6 +91,7 @@ class PeeringManager(dict):
                 json.dump(self._peerings, p, indent=4)
 
     def get_peerings_by_mnt(self, mnt):
+        return [{}]
         raise NotImplementedError()
        
 
@@ -143,6 +144,10 @@ def login():
         return render_template("login.html", session=session, config=config, return_addr=session["return_url"])
     elif request.method == "POST" and config["debug-mode"]:
         try:
+            print(request.form)
+            if request.form["theanswer"] != "42":
+                msg = "what is the answer for everything?"
+                return render_template("login.html", session=session,config=config,return_addr=session["return_url"], msg=msg)
             mnt = request.form["mnt"]
             asn = request.form["asn"]
             asn = asn[2:] if asn[:1].lower() == "as" else asn
@@ -175,17 +180,23 @@ def peerings_delete():
 @app.route("/peerings/new", methods=["GET","POST"])
 @auth_required()
 def peerings_new():
-    return render_template("peerings-new.html",  session=session,config=config)
-
-    return f"{request.method} /peerings/new {str(request.args)}{str(request.form)}"
+    if request.method == "GET":
+        print(session)
+        if "node" in request.args and request.args["node"] in config["nodes"]:
+            return render_template("peerings-new.html", config=config, selected_node=request.args["node"], peerings=peerings)
+        else: 
+            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings)
+    elif request.method == "POST":
+        return """<div>creating peerings is not (yet) implemented</div><div><a href="../">return</a>"""
+        return f"{request.method} /peerings/new {str(request.args)}{str(request.form)}"
 @app.route("/peerings", methods=["GET","POST","DELETE"])
 @auth_required()
-def peerings():
+def peerings_view():
     if request.method == "GET":
         if "node" in request.args and request.args["node"] in config["nodes"]:
-            return render_template("peerings.html", config=config, selected_node=request.args["node"])
+            return render_template("peerings.html", config=config, selected_node=request.args["node"], peerings=peerings)
         else: 
-            return render_template("peerings.html",  session=session,config=config)
+            return render_template("peerings.html",  session=session,config=config, peerings=peerings)
     elif request.method == "POST":
         return peerings_new()
     elif request.method == "DELETE":
@@ -205,11 +216,11 @@ def main():
     app.template_folder=config["flask-template-dir"]
     app.secret_key = config["flask-secret-key"]
     if "production" in config and config["production"] == False:
-        logging.getLogger(__name__).setLevel(logging.INFO)
+        logging.getLogger(__name__).setLevel(0)
         app.run(host=config["listen"], port=config["port"], debug=config["debug-mode"], threaded=True)
     else:
         from waitress import serve
-        logging.getLogger(__name__).setLevel(logging.NOTSET)
+        logging.getLogger(__name__).setLevel(logging.INFO)
         serve(app, host=config["listen"], port=config["port"])
 
 
diff --git a/web/frontend/peerings-new.html b/web/frontend/peerings-new.html
index ffdba39..99b1cd9 100644
--- a/web/frontend/peerings-new.html
+++ b/web/frontend/peerings-new.html
@@ -1,13 +1,84 @@
 {% extends 'base.html' %}
 
 {% block content %}
+<script>
+    function form_validate(form) {
+        
+    }
+</script>
 
-<form action="" method="post">
-    <select name="node" id="node">
-        {% for node in config["nodes"] %}
-            <option value="{{node}}" {% if selected_node %}{% if selected_node == node %}selected{% endif %}{% endif %} >{{node}}</option>
-        {% endfor %}
-    </select>
+<div>
+    {% for node in config["nodes"] %}
+    <a href="?node={{node}}">
+        <button {% if selected_node %}{% if selected_node == node %}class="button-selected"{% endif %}{% endif %} >
+            {{node}}
+        </button>
+    </a>
+    {% endfor %}
+</div>
+<form action="" method="post" class="flex" onsubmit="form_validate(this)">
+    <table>
+        <tr>
+            <td><label for="peer-asn">Your ASN</label></td>
+            <td></td>
+            <td><input type="text" name="peer-asn" id="peer-asn" disabled="disabled" value="{{session['user-data']['asn']}}"></td>
+        </tr>
+        <tr>
+            <td><label for="peer-wgkey">your Wireguard Publickey</label></td>
+            <td></td>
+            <td><input type="text" name="peer-wgkey" id="peer-wgkey"></td>
+        </tr>
+        <tr>
+            <td><label for="peer-endpoint">your Endpoint</label></td>
+            <td><input type="checkbox" name="peer-endpoint-enabled" id="peer-endpoint-enabled" checked></td>
+            <td><input type="text" name="peer-endpoint" id="peer-endpoint"></td>
+        </tr>
+        <tr>
+            <td><label for="peer-v6ll">your ipv6 LinkLocal</label></td>
+            <td><input type="checkbox" name="peer-v6ll-enabled" id="peer-v6ll-enabled" checked></td>
+            <td><input type="text" name="peer-v6ll" id="peer-v6ll"></td>
+        </tr>
+        <tr>
+            <td><label for="peer-v4">your ipv4</label></td>
+            <td><input type="checkbox" name="peer-v4-enabled" id="peer-v4-enabled"></td>
+            <td><input type="text" name="peer-v4" id="peer-v4"></td>
+        </tr>
+        <tr>
+            <td><label for="peer-v6">your ipv6</label></td>
+            <td><input type="checkbox" name="peer-v6-enabled" id="peer-v6-enabled"></td>
+            <td><input type="text" name="peer-v6" id="peer-v6"></td>
+        </tr>
+    </table>
 </form>
+<div class="example-config">
+    
+    <p>wg-quick:</p>
+    <div id="node-wireguard">
+        <code>
+            [Interface] <br>
+            PrivateKey = &ltyour private key&gt <br>
+            ListenPort = <span id="example-config-peer-port">2{{config["ASN"][-4:]}}</span><br>
+            <span class="example-config-ipv4">PostUp = ip address add <span class="example-config-peer-ipv4">...</span>/32 peer <span class="example-config-node-ipv4">{% if selected_node %}{{config["nodes"][selected_node]["internal-v4"]}} {% else %} ... {% endif %}</span><br></span>
+            <span class="example-config-ipv6">PostUp = ip address add <span class="example-config-peer-ipv6">...</span>/128 peer <span class="example-config-node-ipv6">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6"]}} {% else %} ... {% endif %}</span><br></span>
+            <span class="example-config-ipv6ll">PostUp = ip address add <span class="example-config-peer-ipv6ll">...</span>/128 peer <span class="example-config-node-ipv6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span><br></span>
+            Table = off <br>
+            <br>
+            [Peer] <br>
+            PublicKey = <span class="exmple-config-node-pubkey">{% if selected_node %}{{config["nodes"][selected_node]["wg-key"]}}{% else %} ... {% endif %}</span><br>
+            Endpoint = <span class="exmple-config-node-endpoint">{% if selected_node %}{{config["nodes"][selected_node]["endpoint"]}}{% else %} ... {% endif %}</span>:<span class="example-config-node-port">{% if selected_node %}{% if session["user-data"]["asn"].startswith("AS424242") %}5{{session["user-data"]["asn"][-4:]}}{% else %} ... {% endif %}{% else %} ... {% endif %}</span><br>
+            AllowedIPs = <span class="example-config-node-v6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span>,172.20.0.0/14,172.31.0.0/16,10.0.0.0/8,fd00::/8 <br>  
+        </code>
+    </div>
+    
+    <p>bird(2) config:</p>
+    <div id="peer-bird">
+        <code id="example-config-bird">
+            protocol bgp dn42_{{config["MNT"][:-4].lower()}} from dnpeers { <br>
+            &#9;neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %} as {{config["ASN"]}};<br>
+            &#9;interface "dn42_{{config["MNT"][:-4].lower()}}";<br>
+            } <br>
+        </code>
+    </div>
+</div>
 
 {% endblock %}
\ No newline at end of file
diff --git a/web/frontend/peerings.html b/web/frontend/peerings.html
index 578194b..d2ffe75 100644
--- a/web/frontend/peerings.html
+++ b/web/frontend/peerings.html
@@ -1,14 +1,13 @@
 {% extends 'base.html' %}
 
 {% block content %}
-<script>
-
-</script>
 <div>
     <a href="peerings/new"><button>add new</button></a>
 </div>
 <div>
-
+{% for peering in peerings.get_peerings_by_mnt(session["login"]) %}
+    {{peering}} <br>
+{% endfor %}
 </div>
 
 {% endblock %}
\ No newline at end of file
diff --git a/web/frontend/static/style.css b/web/frontend/static/style.css
index 0cf0b2c..30e3211 100644
--- a/web/frontend/static/style.css
+++ b/web/frontend/static/style.css
@@ -24,6 +24,7 @@ a {
     width: 100%;
     height: calc(100% - 55px);
     margin: auto;
+    padding-bottom: 50px;
 }
 .content>* {
     padding: 5%;
@@ -54,4 +55,20 @@ footer {
 }
 footer.flex {
     flex-direction: row;
+}
+
+.example-config {
+    background-color: white;
+    padding: 1%;
+}
+
+.example-config > div{
+    border-color: var(--other-background);
+    border-radius: 10px;
+    padding: 10px;
+    border-style: groove;
+}
+
+form > div > * {
+    margin: 10px;
 }
\ No newline at end of file

From a04d17e766a026efcb60d77b199bef1794dea2b1 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Mon, 21 Nov 2022 19:41:28 +0100
Subject: [PATCH 24/42] add example-configs and form on peering/new

---
 web/backend/config.sample.json |  3 +-
 web/backend/main.py            | 27 +++++++----
 web/frontend/peerings-new.html | 83 +++++++++++++++++++++++++++++++---
 web/frontend/peerings.html     |  7 ++-
 web/frontend/static/style.css  | 17 +++++++
 5 files changed, 118 insertions(+), 19 deletions(-)

diff --git a/web/backend/config.sample.json b/web/backend/config.sample.json
index b2a9a3d..aa7a872 100644
--- a/web/backend/config.sample.json
+++ b/web/backend/config.sample.json
@@ -1,7 +1,7 @@
 {
     "nodes": {
         "<nodename>": {
-            "pub-endpoint": "<clearnet-fqdn/ip-address>", //optional, recommended, default: None/null
+            "endpoint": "<clearnet-fqdn/ip-address>", //optional, recommended, default: None/null
             "api-con": "http://<node-(internal)-ip/hostname>:<port>/", // required
             "#comment": "/* from here: data to be displayed on the webinterface */",
             "country": "...", // Countrycode: 2 capital letters
@@ -16,6 +16,7 @@
         }
     },
     "MNT": "YOUR-MNT", // your MNT tag
+    "ASN": "424242000", //Your ASN (used to generate default peer ListenPorts)
     "listen": "0.0.0.0",
     "port": 8042, 
     "domain": "example.org", // domain to use for kioubit verification service
diff --git a/web/backend/main.py b/web/backend/main.py
index 08ac158..5eaf57f 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -91,6 +91,7 @@ class PeeringManager(dict):
                 json.dump(self._peerings, p, indent=4)
 
     def get_peerings_by_mnt(self, mnt):
+        return [{}]
         raise NotImplementedError()
        
 
@@ -143,6 +144,10 @@ def login():
         return render_template("login.html", session=session, config=config, return_addr=session["return_url"])
     elif request.method == "POST" and config["debug-mode"]:
         try:
+            print(request.form)
+            if request.form["theanswer"] != "42":
+                msg = "what is the answer for everything?"
+                return render_template("login.html", session=session,config=config,return_addr=session["return_url"], msg=msg)
             mnt = request.form["mnt"]
             asn = request.form["asn"]
             asn = asn[2:] if asn[:1].lower() == "as" else asn
@@ -175,17 +180,23 @@ def peerings_delete():
 @app.route("/peerings/new", methods=["GET","POST"])
 @auth_required()
 def peerings_new():
-    return render_template("peerings-new.html",  session=session,config=config)
-
-    return f"{request.method} /peerings/new {str(request.args)}{str(request.form)}"
+    if request.method == "GET":
+        print(session)
+        if "node" in request.args and request.args["node"] in config["nodes"]:
+            return render_template("peerings-new.html", config=config, selected_node=request.args["node"], peerings=peerings)
+        else: 
+            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings)
+    elif request.method == "POST":
+        return """<div>creating peerings is not (yet) implemented</div><div><a href="../">return</a>"""
+        return f"{request.method} /peerings/new {str(request.args)}{str(request.form)}"
 @app.route("/peerings", methods=["GET","POST","DELETE"])
 @auth_required()
-def peerings():
+def peerings_view():
     if request.method == "GET":
         if "node" in request.args and request.args["node"] in config["nodes"]:
-            return render_template("peerings.html", config=config, selected_node=request.args["node"])
+            return render_template("peerings.html", config=config, selected_node=request.args["node"], peerings=peerings)
         else: 
-            return render_template("peerings.html",  session=session,config=config)
+            return render_template("peerings.html",  session=session,config=config, peerings=peerings)
     elif request.method == "POST":
         return peerings_new()
     elif request.method == "DELETE":
@@ -205,11 +216,11 @@ def main():
     app.template_folder=config["flask-template-dir"]
     app.secret_key = config["flask-secret-key"]
     if "production" in config and config["production"] == False:
-        logging.getLogger(__name__).setLevel(logging.INFO)
+        logging.getLogger(__name__).setLevel(0)
         app.run(host=config["listen"], port=config["port"], debug=config["debug-mode"], threaded=True)
     else:
         from waitress import serve
-        logging.getLogger(__name__).setLevel(logging.NOTSET)
+        logging.getLogger(__name__).setLevel(logging.INFO)
         serve(app, host=config["listen"], port=config["port"])
 
 
diff --git a/web/frontend/peerings-new.html b/web/frontend/peerings-new.html
index ffdba39..99b1cd9 100644
--- a/web/frontend/peerings-new.html
+++ b/web/frontend/peerings-new.html
@@ -1,13 +1,84 @@
 {% extends 'base.html' %}
 
 {% block content %}
+<script>
+    function form_validate(form) {
+        
+    }
+</script>
 
-<form action="" method="post">
-    <select name="node" id="node">
-        {% for node in config["nodes"] %}
-            <option value="{{node}}" {% if selected_node %}{% if selected_node == node %}selected{% endif %}{% endif %} >{{node}}</option>
-        {% endfor %}
-    </select>
+<div>
+    {% for node in config["nodes"] %}
+    <a href="?node={{node}}">
+        <button {% if selected_node %}{% if selected_node == node %}class="button-selected"{% endif %}{% endif %} >
+            {{node}}
+        </button>
+    </a>
+    {% endfor %}
+</div>
+<form action="" method="post" class="flex" onsubmit="form_validate(this)">
+    <table>
+        <tr>
+            <td><label for="peer-asn">Your ASN</label></td>
+            <td></td>
+            <td><input type="text" name="peer-asn" id="peer-asn" disabled="disabled" value="{{session['user-data']['asn']}}"></td>
+        </tr>
+        <tr>
+            <td><label for="peer-wgkey">your Wireguard Publickey</label></td>
+            <td></td>
+            <td><input type="text" name="peer-wgkey" id="peer-wgkey"></td>
+        </tr>
+        <tr>
+            <td><label for="peer-endpoint">your Endpoint</label></td>
+            <td><input type="checkbox" name="peer-endpoint-enabled" id="peer-endpoint-enabled" checked></td>
+            <td><input type="text" name="peer-endpoint" id="peer-endpoint"></td>
+        </tr>
+        <tr>
+            <td><label for="peer-v6ll">your ipv6 LinkLocal</label></td>
+            <td><input type="checkbox" name="peer-v6ll-enabled" id="peer-v6ll-enabled" checked></td>
+            <td><input type="text" name="peer-v6ll" id="peer-v6ll"></td>
+        </tr>
+        <tr>
+            <td><label for="peer-v4">your ipv4</label></td>
+            <td><input type="checkbox" name="peer-v4-enabled" id="peer-v4-enabled"></td>
+            <td><input type="text" name="peer-v4" id="peer-v4"></td>
+        </tr>
+        <tr>
+            <td><label for="peer-v6">your ipv6</label></td>
+            <td><input type="checkbox" name="peer-v6-enabled" id="peer-v6-enabled"></td>
+            <td><input type="text" name="peer-v6" id="peer-v6"></td>
+        </tr>
+    </table>
 </form>
+<div class="example-config">
+    
+    <p>wg-quick:</p>
+    <div id="node-wireguard">
+        <code>
+            [Interface] <br>
+            PrivateKey = &ltyour private key&gt <br>
+            ListenPort = <span id="example-config-peer-port">2{{config["ASN"][-4:]}}</span><br>
+            <span class="example-config-ipv4">PostUp = ip address add <span class="example-config-peer-ipv4">...</span>/32 peer <span class="example-config-node-ipv4">{% if selected_node %}{{config["nodes"][selected_node]["internal-v4"]}} {% else %} ... {% endif %}</span><br></span>
+            <span class="example-config-ipv6">PostUp = ip address add <span class="example-config-peer-ipv6">...</span>/128 peer <span class="example-config-node-ipv6">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6"]}} {% else %} ... {% endif %}</span><br></span>
+            <span class="example-config-ipv6ll">PostUp = ip address add <span class="example-config-peer-ipv6ll">...</span>/128 peer <span class="example-config-node-ipv6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span><br></span>
+            Table = off <br>
+            <br>
+            [Peer] <br>
+            PublicKey = <span class="exmple-config-node-pubkey">{% if selected_node %}{{config["nodes"][selected_node]["wg-key"]}}{% else %} ... {% endif %}</span><br>
+            Endpoint = <span class="exmple-config-node-endpoint">{% if selected_node %}{{config["nodes"][selected_node]["endpoint"]}}{% else %} ... {% endif %}</span>:<span class="example-config-node-port">{% if selected_node %}{% if session["user-data"]["asn"].startswith("AS424242") %}5{{session["user-data"]["asn"][-4:]}}{% else %} ... {% endif %}{% else %} ... {% endif %}</span><br>
+            AllowedIPs = <span class="example-config-node-v6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span>,172.20.0.0/14,172.31.0.0/16,10.0.0.0/8,fd00::/8 <br>  
+        </code>
+    </div>
+    
+    <p>bird(2) config:</p>
+    <div id="peer-bird">
+        <code id="example-config-bird">
+            protocol bgp dn42_{{config["MNT"][:-4].lower()}} from dnpeers { <br>
+            &#9;neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %} as {{config["ASN"]}};<br>
+            &#9;interface "dn42_{{config["MNT"][:-4].lower()}}";<br>
+            } <br>
+        </code>
+    </div>
+</div>
 
 {% endblock %}
\ No newline at end of file
diff --git a/web/frontend/peerings.html b/web/frontend/peerings.html
index 578194b..d2ffe75 100644
--- a/web/frontend/peerings.html
+++ b/web/frontend/peerings.html
@@ -1,14 +1,13 @@
 {% extends 'base.html' %}
 
 {% block content %}
-<script>
-
-</script>
 <div>
     <a href="peerings/new"><button>add new</button></a>
 </div>
 <div>
-
+{% for peering in peerings.get_peerings_by_mnt(session["login"]) %}
+    {{peering}} <br>
+{% endfor %}
 </div>
 
 {% endblock %}
\ No newline at end of file
diff --git a/web/frontend/static/style.css b/web/frontend/static/style.css
index 0cf0b2c..30e3211 100644
--- a/web/frontend/static/style.css
+++ b/web/frontend/static/style.css
@@ -24,6 +24,7 @@ a {
     width: 100%;
     height: calc(100% - 55px);
     margin: auto;
+    padding-bottom: 50px;
 }
 .content>* {
     padding: 5%;
@@ -54,4 +55,20 @@ footer {
 }
 footer.flex {
     flex-direction: row;
+}
+
+.example-config {
+    background-color: white;
+    padding: 1%;
+}
+
+.example-config > div{
+    border-color: var(--other-background);
+    border-radius: 10px;
+    padding: 10px;
+    border-style: groove;
+}
+
+form > div > * {
+    margin: 10px;
 }
\ No newline at end of file

From 320176460e40453af1850fdd888414b8061df299 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Tue, 22 Nov 2022 17:16:20 +0100
Subject: [PATCH 25/42] add clientside form vailidation

---
 web/backend/main.py            |  5 ++-
 web/frontend/index.html        |  4 --
 web/frontend/peerings-new.html | 73 +++++++++++++++++++++++++++++++++-
 3 files changed, 75 insertions(+), 7 deletions(-)

diff --git a/web/backend/main.py b/web/backend/main.py
index 5eaf57f..4fa8403 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -138,6 +138,7 @@ def logout():
 
 @app.route("/login",methods=["GET","POST"])
 def login():
+    print(session)
     if request.method == "GET":
         session["return_url"] = request.args["return"] if "return" in request.args else ""
         
@@ -180,8 +181,8 @@ def peerings_delete():
 @app.route("/peerings/new", methods=["GET","POST"])
 @auth_required()
 def peerings_new():
+    print(session)
     if request.method == "GET":
-        print(session)
         if "node" in request.args and request.args["node"] in config["nodes"]:
             return render_template("peerings-new.html", config=config, selected_node=request.args["node"], peerings=peerings)
         else: 
@@ -192,6 +193,7 @@ def peerings_new():
 @app.route("/peerings", methods=["GET","POST","DELETE"])
 @auth_required()
 def peerings_view():
+    print(session)
     if request.method == "GET":
         if "node" in request.args and request.args["node"] in config["nodes"]:
             return render_template("peerings.html", config=config, selected_node=request.args["node"], peerings=peerings)
@@ -206,6 +208,7 @@ def peerings_view():
 
 @app.route("/")
 def index():
+    print(session)
     # print(config._config["nodes"])
     # for node in config["nodes"].values():
     #     print (node)
diff --git a/web/frontend/index.html b/web/frontend/index.html
index f64208d..24383ef 100644
--- a/web/frontend/index.html
+++ b/web/frontend/index.html
@@ -2,10 +2,6 @@
 
 {% block content %}
 <div>
-    
-</div>
-<div>
-    
 </div>
 <div>
     <table>
diff --git a/web/frontend/peerings-new.html b/web/frontend/peerings-new.html
index 99b1cd9..c7edfa0 100644
--- a/web/frontend/peerings-new.html
+++ b/web/frontend/peerings-new.html
@@ -3,7 +3,74 @@
 {% block content %}
 <script>
     function form_validate(form) {
+        console.log(form);
+        let msg = "<ul>";
+            
+        // check wireguard pubkey
+        let wg_key = document.getElementById("peer-wgkey").value;
+        if (wg_key.length != 44 || wg_key.slice(-1) != "="){
+            msg += "<li>invalid Wireguard key</li>";            
+        }
+        try {
+            window.atob(wg_key)
+        } catch (error) {
+            msg += "<li>invalid Wireguard key</li>";            
+        }
+            
+        // check endpoint
+        let endpoint_enabled = document.getElementById("peer-endpoint-enabled").checked;
+        let endpoint = document.getElementById("peer-endpoint").value;
+        if (endpoint_enabled) {
+            if (! endpoint) {
+                msg += "<li>endpoint enabled but non specified</li>";
+            } else if (isNaN(endpoint.split(":").at(-1))) {
+                msg += "<li>endpoint doesn't end with a (port)number</li>";
+            } else if (endpoint.split(":").length > 2 || endpoint.indexOf(".") == -1) {
+                msg += "<li>endpoint doesn't look like a ip address or fqdn</li>";
+            }
+        }
         
+        // check ip addresses
+        let ipv6ll_enabled = document.getElementById("peer-v6ll-enabled").checked;
+        let ipv4_enabled = document.getElementById("peer-v4-enabled").checked;
+        let ipv6_enabled = document.getElementById("peer-v6-enabled").checked;
+
+        let ipv6ll = document.getElementById("peer-v6ll").value;
+        let ipv4 = document.getElementById("peer-v4").value;
+        let ipv6 = document.getElementById("peer-v6").value;
+
+        if (!(ipv6ll_enabled || ipv4_enabled || ipv6_enabled)) {
+            msg += "<li>at least one ip type has to be enabled and specified</li>";
+        }
+
+        if (ipv6ll_enabled) {
+            if (! ipv6ll) {
+                msg += "<li>ipv6 LinkLocal enabled but non specified</li>";
+            } else if (!ipv6ll.startsWith("fe80::")) {
+                msg += "<li>ipv6 LinkLocal is no valid LinkLocal address</li>";
+            }
+        }
+        if (ipv4_enabled) {
+            if (! ipv4) {
+                msg += "<li>ipv4 enabled but non specified</li>";
+            } else if (!(ipv4.startsWith("172.2") || ipv4.startsWith("10.") || ipv4.startsWith("169.254")) ) {
+                msg += "<li>ipv4 is no valid dn42/neo/icvpn/LinkLocal address</li>";
+            }
+        }
+        if (ipv6_enabled) {
+            if (! ipv6) {
+                msg += "<li>ipv6 enabled but non specified</li>";
+            } else if (!ipv6.startsWith("fd")) {
+                msg += "<li>ipv6 is no valid fd00::/8 address</li>";
+            }
+        }
+        
+        // if an error occured (= there is a msg) show that msg
+        if (msg != "<ul>") {
+            document.getElementById("peer-invalid-note").innerHTML = msg+"</ul>";
+            return false;
+        }
+        return true
     }
 </script>
 
@@ -16,7 +83,8 @@
     </a>
     {% endfor %}
 </div>
-<form action="" method="post" class="flex" onsubmit="form_validate(this)">
+<form action="" method="post" class="flex" onsubmit="return form_validate(this)">
+    <div id="peer-invalid-note" style="background-color:red;"></div>
     <table>
         <tr>
             <td><label for="peer-asn">Your ASN</label></td>
@@ -26,7 +94,7 @@
         <tr>
             <td><label for="peer-wgkey">your Wireguard Publickey</label></td>
             <td></td>
-            <td><input type="text" name="peer-wgkey" id="peer-wgkey"></td>
+            <td><input type="text" name="peer-wgkey" id="peer-wgkey" maxlength="44" minlength="44" required></td>
         </tr>
         <tr>
             <td><label for="peer-endpoint">your Endpoint</label></td>
@@ -49,6 +117,7 @@
             <td><input type="text" name="peer-v6" id="peer-v6"></td>
         </tr>
     </table>
+    <input type="submit" value="submit">
 </form>
 <div class="example-config">
     

From 2eda5c95cef4918966e90b0901eb0835cf5fb81a Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Tue, 22 Nov 2022 17:16:20 +0100
Subject: [PATCH 26/42] add clientside form vailidation

---
 web/backend/main.py            |  5 ++-
 web/frontend/index.html        |  4 --
 web/frontend/peerings-new.html | 73 +++++++++++++++++++++++++++++++++-
 3 files changed, 75 insertions(+), 7 deletions(-)

diff --git a/web/backend/main.py b/web/backend/main.py
index 5eaf57f..4fa8403 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -138,6 +138,7 @@ def logout():
 
 @app.route("/login",methods=["GET","POST"])
 def login():
+    print(session)
     if request.method == "GET":
         session["return_url"] = request.args["return"] if "return" in request.args else ""
         
@@ -180,8 +181,8 @@ def peerings_delete():
 @app.route("/peerings/new", methods=["GET","POST"])
 @auth_required()
 def peerings_new():
+    print(session)
     if request.method == "GET":
-        print(session)
         if "node" in request.args and request.args["node"] in config["nodes"]:
             return render_template("peerings-new.html", config=config, selected_node=request.args["node"], peerings=peerings)
         else: 
@@ -192,6 +193,7 @@ def peerings_new():
 @app.route("/peerings", methods=["GET","POST","DELETE"])
 @auth_required()
 def peerings_view():
+    print(session)
     if request.method == "GET":
         if "node" in request.args and request.args["node"] in config["nodes"]:
             return render_template("peerings.html", config=config, selected_node=request.args["node"], peerings=peerings)
@@ -206,6 +208,7 @@ def peerings_view():
 
 @app.route("/")
 def index():
+    print(session)
     # print(config._config["nodes"])
     # for node in config["nodes"].values():
     #     print (node)
diff --git a/web/frontend/index.html b/web/frontend/index.html
index f64208d..24383ef 100644
--- a/web/frontend/index.html
+++ b/web/frontend/index.html
@@ -2,10 +2,6 @@
 
 {% block content %}
 <div>
-    
-</div>
-<div>
-    
 </div>
 <div>
     <table>
diff --git a/web/frontend/peerings-new.html b/web/frontend/peerings-new.html
index 99b1cd9..c7edfa0 100644
--- a/web/frontend/peerings-new.html
+++ b/web/frontend/peerings-new.html
@@ -3,7 +3,74 @@
 {% block content %}
 <script>
     function form_validate(form) {
+        console.log(form);
+        let msg = "<ul>";
+            
+        // check wireguard pubkey
+        let wg_key = document.getElementById("peer-wgkey").value;
+        if (wg_key.length != 44 || wg_key.slice(-1) != "="){
+            msg += "<li>invalid Wireguard key</li>";            
+        }
+        try {
+            window.atob(wg_key)
+        } catch (error) {
+            msg += "<li>invalid Wireguard key</li>";            
+        }
+            
+        // check endpoint
+        let endpoint_enabled = document.getElementById("peer-endpoint-enabled").checked;
+        let endpoint = document.getElementById("peer-endpoint").value;
+        if (endpoint_enabled) {
+            if (! endpoint) {
+                msg += "<li>endpoint enabled but non specified</li>";
+            } else if (isNaN(endpoint.split(":").at(-1))) {
+                msg += "<li>endpoint doesn't end with a (port)number</li>";
+            } else if (endpoint.split(":").length > 2 || endpoint.indexOf(".") == -1) {
+                msg += "<li>endpoint doesn't look like a ip address or fqdn</li>";
+            }
+        }
         
+        // check ip addresses
+        let ipv6ll_enabled = document.getElementById("peer-v6ll-enabled").checked;
+        let ipv4_enabled = document.getElementById("peer-v4-enabled").checked;
+        let ipv6_enabled = document.getElementById("peer-v6-enabled").checked;
+
+        let ipv6ll = document.getElementById("peer-v6ll").value;
+        let ipv4 = document.getElementById("peer-v4").value;
+        let ipv6 = document.getElementById("peer-v6").value;
+
+        if (!(ipv6ll_enabled || ipv4_enabled || ipv6_enabled)) {
+            msg += "<li>at least one ip type has to be enabled and specified</li>";
+        }
+
+        if (ipv6ll_enabled) {
+            if (! ipv6ll) {
+                msg += "<li>ipv6 LinkLocal enabled but non specified</li>";
+            } else if (!ipv6ll.startsWith("fe80::")) {
+                msg += "<li>ipv6 LinkLocal is no valid LinkLocal address</li>";
+            }
+        }
+        if (ipv4_enabled) {
+            if (! ipv4) {
+                msg += "<li>ipv4 enabled but non specified</li>";
+            } else if (!(ipv4.startsWith("172.2") || ipv4.startsWith("10.") || ipv4.startsWith("169.254")) ) {
+                msg += "<li>ipv4 is no valid dn42/neo/icvpn/LinkLocal address</li>";
+            }
+        }
+        if (ipv6_enabled) {
+            if (! ipv6) {
+                msg += "<li>ipv6 enabled but non specified</li>";
+            } else if (!ipv6.startsWith("fd")) {
+                msg += "<li>ipv6 is no valid fd00::/8 address</li>";
+            }
+        }
+        
+        // if an error occured (= there is a msg) show that msg
+        if (msg != "<ul>") {
+            document.getElementById("peer-invalid-note").innerHTML = msg+"</ul>";
+            return false;
+        }
+        return true
     }
 </script>
 
@@ -16,7 +83,8 @@
     </a>
     {% endfor %}
 </div>
-<form action="" method="post" class="flex" onsubmit="form_validate(this)">
+<form action="" method="post" class="flex" onsubmit="return form_validate(this)">
+    <div id="peer-invalid-note" style="background-color:red;"></div>
     <table>
         <tr>
             <td><label for="peer-asn">Your ASN</label></td>
@@ -26,7 +94,7 @@
         <tr>
             <td><label for="peer-wgkey">your Wireguard Publickey</label></td>
             <td></td>
-            <td><input type="text" name="peer-wgkey" id="peer-wgkey"></td>
+            <td><input type="text" name="peer-wgkey" id="peer-wgkey" maxlength="44" minlength="44" required></td>
         </tr>
         <tr>
             <td><label for="peer-endpoint">your Endpoint</label></td>
@@ -49,6 +117,7 @@
             <td><input type="text" name="peer-v6" id="peer-v6"></td>
         </tr>
     </table>
+    <input type="submit" value="submit">
 </form>
 <div class="example-config">
     

From e9addf2a8deba369fbce4ce0ef9a8895ef907ef5 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Tue, 22 Nov 2022 19:45:29 +0100
Subject: [PATCH 27/42] auto update example config when changing values

---
 web/frontend/peerings-new.html | 78 +++++++++++++++++++++++++++++-----
 1 file changed, 68 insertions(+), 10 deletions(-)

diff --git a/web/frontend/peerings-new.html b/web/frontend/peerings-new.html
index c7edfa0..650b64a 100644
--- a/web/frontend/peerings-new.html
+++ b/web/frontend/peerings-new.html
@@ -72,6 +72,61 @@
         }
         return true
     }
+    
+    // update exaple config when changing values
+    function update_from_endpoint() {
+        let example_config_peer_port = document.getElementById("example-config-peer-port");
+        let endpoint_enabled = document.getElementById("peer-endpoint-enabled").checked;
+        let endpoint = document.getElementById("peer-endpoint").value;
+        if (endpoint_enabled && endpoint && endpoint.split(":").length >= 2) {
+            example_config_peer_port.innerHTML = endpoint.split(":").at(-1);
+            return
+        }
+        example_config_peer_port.innerHTML = '2{{config["ASN"][-4:]}}'
+    }
+    function update_from_v6ll() {
+        let example_config_ip = document.getElementById("example-config-ipv6ll");
+        let example_config_peer_ip = document.getElementById("example-config-peer-ipv6ll");
+        let ip_enabled = document.getElementById("peer-v6ll-enabled").checked;
+        let ip = document.getElementById("peer-v6ll").value;
+        if (ip_enabled) {
+            example_config_ip.style.display = "";
+            example_config_peer_ip.innerHTML = ip;
+        } else {
+            example_config_ip.style.display = "none";
+        }
+    }
+    function update_from_v4() {
+        let example_config_ip = document.getElementById("example-config-ipv4");
+        let example_config_peer_ip = document.getElementById("example-config-peer-ipv4");
+        let ip_enabled = document.getElementById("peer-v4-enabled").checked;
+        let ip = document.getElementById("peer-v4").value;
+        if (ip_enabled) {
+            example_config_ip.style.display = "";
+            example_config_peer_ip.innerHTML = ip;
+        } else {
+            example_config_ip.style.display = "none";
+        }
+    }
+    function update_from_v6() {
+        let example_config_ip = document.getElementById("example-config-ipv6");
+        let example_config_peer_ip = document.getElementById("example-config-peer-ipv6");
+        let ip_enabled = document.getElementById("peer-v6-enabled").checked;
+        let ip = document.getElementById("peer-v6").value;
+        if (ip_enabled) {
+            example_config_ip.style.display = "";
+            example_config_peer_ip.innerHTML = ip;
+        } else {
+            example_config_ip.style.display = "none";
+        }
+    }
+
+    function on_load() {
+        update_from_v6ll();
+        update_from_v4();
+        update_from_v6();
+    }
+    document.onload = on_load;
 </script>
 
 <div>
@@ -99,22 +154,22 @@
         <tr>
             <td><label for="peer-endpoint">your Endpoint</label></td>
             <td><input type="checkbox" name="peer-endpoint-enabled" id="peer-endpoint-enabled" checked></td>
-            <td><input type="text" name="peer-endpoint" id="peer-endpoint"></td>
+            <td><input type="text" name="peer-endpoint" id="peer-endpoint" onchange="return update_from_endpoint()"></td>
         </tr>
         <tr>
             <td><label for="peer-v6ll">your ipv6 LinkLocal</label></td>
-            <td><input type="checkbox" name="peer-v6ll-enabled" id="peer-v6ll-enabled" checked></td>
-            <td><input type="text" name="peer-v6ll" id="peer-v6ll"></td>
+            <td><input type="checkbox" name="peer-v6ll-enabled" id="peer-v6ll-enabled" onchange="return update_from_v6ll()" checked></td>
+            <td><input type="text" name="peer-v6ll" id="peer-v6ll" onchange="return update_from_v6ll()"></td>
         </tr>
         <tr>
             <td><label for="peer-v4">your ipv4</label></td>
-            <td><input type="checkbox" name="peer-v4-enabled" id="peer-v4-enabled"></td>
-            <td><input type="text" name="peer-v4" id="peer-v4"></td>
+            <td><input type="checkbox" name="peer-v4-enabled" id="peer-v4-enabled"onchange="return update_from_v4()"></td>
+            <td><input type="text" name="peer-v4" id="peer-v4"onchange="return update_from_v4()"></td>
         </tr>
         <tr>
             <td><label for="peer-v6">your ipv6</label></td>
-            <td><input type="checkbox" name="peer-v6-enabled" id="peer-v6-enabled"></td>
-            <td><input type="text" name="peer-v6" id="peer-v6"></td>
+            <td><input type="checkbox" name="peer-v6-enabled" id="peer-v6-enabled"onchange="return update_from_v6()"></td>
+            <td><input type="text" name="peer-v6" id="peer-v6"onchange="return update_from_v6()"></td>
         </tr>
     </table>
     <input type="submit" value="submit">
@@ -127,9 +182,9 @@
             [Interface] <br>
             PrivateKey = &ltyour private key&gt <br>
             ListenPort = <span id="example-config-peer-port">2{{config["ASN"][-4:]}}</span><br>
-            <span class="example-config-ipv4">PostUp = ip address add <span class="example-config-peer-ipv4">...</span>/32 peer <span class="example-config-node-ipv4">{% if selected_node %}{{config["nodes"][selected_node]["internal-v4"]}} {% else %} ... {% endif %}</span><br></span>
-            <span class="example-config-ipv6">PostUp = ip address add <span class="example-config-peer-ipv6">...</span>/128 peer <span class="example-config-node-ipv6">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6"]}} {% else %} ... {% endif %}</span><br></span>
-            <span class="example-config-ipv6ll">PostUp = ip address add <span class="example-config-peer-ipv6ll">...</span>/128 peer <span class="example-config-node-ipv6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span><br></span>
+            <span id="example-config-ipv4">PostUp = ip address add <span id="example-config-peer-ipv4">...</span>/32 peer <span id="example-config-node-ipv4">{% if selected_node %}{{config["nodes"][selected_node]["internal-v4"]}} {% else %} ... {% endif %}</span><br></span>
+            <span id="example-config-ipv6">PostUp = ip address add <span id="example-config-peer-ipv6">...</span>/128 peer <span id="example-config-node-ipv6">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6"]}} {% else %} ... {% endif %}</span><br></span>
+            <span id="example-config-ipv6ll">PostUp = ip address add <span id="example-config-peer-ipv6ll">...</span>/128 peer <span id="example-config-node-ipv6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span><br></span>
             Table = off <br>
             <br>
             [Peer] <br>
@@ -149,5 +204,8 @@
         </code>
     </div>
 </div>
+<script>
+    document.onload()
+</script>
 
 {% endblock %}
\ No newline at end of file

From 54396209f4db3f998951966b78c08e8dd647db1a Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Tue, 22 Nov 2022 19:45:29 +0100
Subject: [PATCH 28/42] auto update example config when changing values

---
 web/frontend/peerings-new.html | 78 +++++++++++++++++++++++++++++-----
 1 file changed, 68 insertions(+), 10 deletions(-)

diff --git a/web/frontend/peerings-new.html b/web/frontend/peerings-new.html
index c7edfa0..650b64a 100644
--- a/web/frontend/peerings-new.html
+++ b/web/frontend/peerings-new.html
@@ -72,6 +72,61 @@
         }
         return true
     }
+    
+    // update exaple config when changing values
+    function update_from_endpoint() {
+        let example_config_peer_port = document.getElementById("example-config-peer-port");
+        let endpoint_enabled = document.getElementById("peer-endpoint-enabled").checked;
+        let endpoint = document.getElementById("peer-endpoint").value;
+        if (endpoint_enabled && endpoint && endpoint.split(":").length >= 2) {
+            example_config_peer_port.innerHTML = endpoint.split(":").at(-1);
+            return
+        }
+        example_config_peer_port.innerHTML = '2{{config["ASN"][-4:]}}'
+    }
+    function update_from_v6ll() {
+        let example_config_ip = document.getElementById("example-config-ipv6ll");
+        let example_config_peer_ip = document.getElementById("example-config-peer-ipv6ll");
+        let ip_enabled = document.getElementById("peer-v6ll-enabled").checked;
+        let ip = document.getElementById("peer-v6ll").value;
+        if (ip_enabled) {
+            example_config_ip.style.display = "";
+            example_config_peer_ip.innerHTML = ip;
+        } else {
+            example_config_ip.style.display = "none";
+        }
+    }
+    function update_from_v4() {
+        let example_config_ip = document.getElementById("example-config-ipv4");
+        let example_config_peer_ip = document.getElementById("example-config-peer-ipv4");
+        let ip_enabled = document.getElementById("peer-v4-enabled").checked;
+        let ip = document.getElementById("peer-v4").value;
+        if (ip_enabled) {
+            example_config_ip.style.display = "";
+            example_config_peer_ip.innerHTML = ip;
+        } else {
+            example_config_ip.style.display = "none";
+        }
+    }
+    function update_from_v6() {
+        let example_config_ip = document.getElementById("example-config-ipv6");
+        let example_config_peer_ip = document.getElementById("example-config-peer-ipv6");
+        let ip_enabled = document.getElementById("peer-v6-enabled").checked;
+        let ip = document.getElementById("peer-v6").value;
+        if (ip_enabled) {
+            example_config_ip.style.display = "";
+            example_config_peer_ip.innerHTML = ip;
+        } else {
+            example_config_ip.style.display = "none";
+        }
+    }
+
+    function on_load() {
+        update_from_v6ll();
+        update_from_v4();
+        update_from_v6();
+    }
+    document.onload = on_load;
 </script>
 
 <div>
@@ -99,22 +154,22 @@
         <tr>
             <td><label for="peer-endpoint">your Endpoint</label></td>
             <td><input type="checkbox" name="peer-endpoint-enabled" id="peer-endpoint-enabled" checked></td>
-            <td><input type="text" name="peer-endpoint" id="peer-endpoint"></td>
+            <td><input type="text" name="peer-endpoint" id="peer-endpoint" onchange="return update_from_endpoint()"></td>
         </tr>
         <tr>
             <td><label for="peer-v6ll">your ipv6 LinkLocal</label></td>
-            <td><input type="checkbox" name="peer-v6ll-enabled" id="peer-v6ll-enabled" checked></td>
-            <td><input type="text" name="peer-v6ll" id="peer-v6ll"></td>
+            <td><input type="checkbox" name="peer-v6ll-enabled" id="peer-v6ll-enabled" onchange="return update_from_v6ll()" checked></td>
+            <td><input type="text" name="peer-v6ll" id="peer-v6ll" onchange="return update_from_v6ll()"></td>
         </tr>
         <tr>
             <td><label for="peer-v4">your ipv4</label></td>
-            <td><input type="checkbox" name="peer-v4-enabled" id="peer-v4-enabled"></td>
-            <td><input type="text" name="peer-v4" id="peer-v4"></td>
+            <td><input type="checkbox" name="peer-v4-enabled" id="peer-v4-enabled"onchange="return update_from_v4()"></td>
+            <td><input type="text" name="peer-v4" id="peer-v4"onchange="return update_from_v4()"></td>
         </tr>
         <tr>
             <td><label for="peer-v6">your ipv6</label></td>
-            <td><input type="checkbox" name="peer-v6-enabled" id="peer-v6-enabled"></td>
-            <td><input type="text" name="peer-v6" id="peer-v6"></td>
+            <td><input type="checkbox" name="peer-v6-enabled" id="peer-v6-enabled"onchange="return update_from_v6()"></td>
+            <td><input type="text" name="peer-v6" id="peer-v6"onchange="return update_from_v6()"></td>
         </tr>
     </table>
     <input type="submit" value="submit">
@@ -127,9 +182,9 @@
             [Interface] <br>
             PrivateKey = &ltyour private key&gt <br>
             ListenPort = <span id="example-config-peer-port">2{{config["ASN"][-4:]}}</span><br>
-            <span class="example-config-ipv4">PostUp = ip address add <span class="example-config-peer-ipv4">...</span>/32 peer <span class="example-config-node-ipv4">{% if selected_node %}{{config["nodes"][selected_node]["internal-v4"]}} {% else %} ... {% endif %}</span><br></span>
-            <span class="example-config-ipv6">PostUp = ip address add <span class="example-config-peer-ipv6">...</span>/128 peer <span class="example-config-node-ipv6">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6"]}} {% else %} ... {% endif %}</span><br></span>
-            <span class="example-config-ipv6ll">PostUp = ip address add <span class="example-config-peer-ipv6ll">...</span>/128 peer <span class="example-config-node-ipv6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span><br></span>
+            <span id="example-config-ipv4">PostUp = ip address add <span id="example-config-peer-ipv4">...</span>/32 peer <span id="example-config-node-ipv4">{% if selected_node %}{{config["nodes"][selected_node]["internal-v4"]}} {% else %} ... {% endif %}</span><br></span>
+            <span id="example-config-ipv6">PostUp = ip address add <span id="example-config-peer-ipv6">...</span>/128 peer <span id="example-config-node-ipv6">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6"]}} {% else %} ... {% endif %}</span><br></span>
+            <span id="example-config-ipv6ll">PostUp = ip address add <span id="example-config-peer-ipv6ll">...</span>/128 peer <span id="example-config-node-ipv6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span><br></span>
             Table = off <br>
             <br>
             [Peer] <br>
@@ -149,5 +204,8 @@
         </code>
     </div>
 </div>
+<script>
+    document.onload()
+</script>
 
 {% endblock %}
\ No newline at end of file

From 36cb273103f31a95d381166ebda904401ed6ac19 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Wed, 23 Nov 2022 16:47:55 +0100
Subject: [PATCH 29/42] implement server side form validation

---
 web/backend/main.py            | 94 ++++++++++++++++++++++++++++++++++
 web/frontend/peerings-new.html |  4 +-
 2 files changed, 96 insertions(+), 2 deletions(-)

diff --git a/web/backend/main.py b/web/backend/main.py
index 4fa8403..9abca5a 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -1,6 +1,7 @@
 #! /usr/bin/env python3
 
 from flask import Flask, Response, redirect, render_template, request, session, abort
+import werkzeug.exceptions as werkzeug_exceptions
 import json, os, base64, logging
 from functools import wraps
 from ipaddress import ip_address, ip_network
@@ -188,6 +189,99 @@ def peerings_new():
         else: 
             return render_template("peerings-new.html",  session=session,config=config, peerings=peerings)
     elif request.method == "POST":
+        print(request.args)
+        print(request.form)
+        if not "node" in request.args or not request.args["node"]:
+            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="no node specified, please click one of the buttons above")
+
+        new_peering = {}
+        # errors = 0
+        
+        ## check if all required (and enabled) options are specified
+        try:
+            new_peering["peer-wgkey"] = request.form["peer-wgkey"]
+            if  request.form["peer-endpoint-enabled"] == "on":
+                new_peering["peer-endpoint"] = request.form["peer-endpoint"]
+                if new_peering["peer-endpoint"] == "":
+                    raise ValueError("peer-endpoint")
+            else:
+                new_peering["peer-endpoint"] = None
+            
+            if "peer-v6ll-enabled" in request.form and request.form["peer-v6ll-enabled"] == "on":
+                new_peering["peer-v6ll"] = request.form["peer-v6ll"]
+                if new_peering["peer-v6ll"] == "":
+                    raise ValueError("peer-v6ll")
+            else:
+                new_peering["peer-v6ll"] = None
+            if "peer-v4-enabled" in request.form and request.form["peer-v4-enabled"] == "on":
+                new_peering["peer-v4"] = request.form["peer-v4"]
+                if new_peering["peer-v4"] == "":
+                    raise ValueError("peer-v4")
+            else:
+                new_peering["peer-v4"] = None
+            if "peer-v6-enabled" in request.form and request.form["peer-v6-enabled"] == "on":
+                new_peering["peer-v6"] = request.form["peer-v6"]
+                if new_peering["peer-v6"] == "":
+                    raise ValueError("peer-v6")
+            else:
+                new_peering["peer-v6"] = None
+            #new_peering[""] = request.form["peer-wgkey"]
+        except ValueError as e:
+            print(f"error: {e.args}")
+            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="at least one of the required/enabled fields was not filled out"), 400
+
+        print(new_peering)
+
+        ## check wireguard key
+        wg_key_invalid = False
+        if len(new_peering["peer-wgkey"]) != 44:
+            wg_key_invalid = True
+        try:
+            base64.b64decode(new_peering["peer-wgkey"])
+        except:
+            wg_key_invalid = True
+        if wg_key_invalid: 
+            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="invalid wireguard Key"), 400
+
+        ## check endpoint 
+        if new_peering["peer-endpoint"]:
+            if not new_peering["peer-endpoint"].split(":")[-1].isnumeric():
+                return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="no port number in endpoint"), 400
+            elif len(new_peering["peer-endpoint"].split(":")) < 2 and not "." in new_peering["peer-endpoint"]:
+                return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="endpoint doesn't look like a ip address or fqdn"), 400
+
+        ## check if at least one ip is specified/enabled
+        try:
+            if not (new_peering["peer-v6ll"] or new_peering["peer-v4"] or new_peering["peer-v6"]):
+                return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="at least one of the ip addresses must be enabled and specified"), 400
+        except KeyError:
+            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="one of the values isn't valid"), 400
+
+        ## check if supplied ip addresses are valid
+        try:
+            if new_peering["peer-v6ll"]:
+                ipv6ll = ip_address(new_peering["peer-v6ll"])
+                if not ipv6ll.version == 6: raise ValueError()
+                if not ipv6ll.is_link_local: raise ValueError()
+            if new_peering["peer-v4"]:
+                ipv4 = ip_address(new_peering["peer-v4"])
+                if not ipv4.version == 4: raise ValueError()
+                if ipv4.is_private: 
+                    if not (ipv4.compressed.startswith("172.2") or ipv4.compressed.startswith("10.")):
+                        raise ValueError()
+                elif ipv4.is_link_local:
+                    pass
+                else: raise ValueError()
+            if new_peering["peer-v6"]:
+                ipv6 = ip_address(new_peering["peer-v6"])
+                if not ipv6.version == 6: raise ValueError()
+                if not ipv6.is_private: raise ValueError()
+            
+        except ValueError:
+            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="invalid ip address(es) supplied"), 400
+
+
+
         return """<div>creating peerings is not (yet) implemented</div><div><a href="../">return</a>"""
         return f"{request.method} /peerings/new {str(request.args)}{str(request.form)}"
 @app.route("/peerings", methods=["GET","POST","DELETE"])
diff --git a/web/frontend/peerings-new.html b/web/frontend/peerings-new.html
index 650b64a..83fc9a8 100644
--- a/web/frontend/peerings-new.html
+++ b/web/frontend/peerings-new.html
@@ -25,7 +25,7 @@
                 msg += "<li>endpoint enabled but non specified</li>";
             } else if (isNaN(endpoint.split(":").at(-1))) {
                 msg += "<li>endpoint doesn't end with a (port)number</li>";
-            } else if (endpoint.split(":").length > 2 || endpoint.indexOf(".") == -1) {
+            } else if (endpoint.split(":").length < 2 && endpoint.indexOf(".") == -1) {
                 msg += "<li>endpoint doesn't look like a ip address or fqdn</li>";
             }
         }
@@ -139,7 +139,7 @@
     {% endfor %}
 </div>
 <form action="" method="post" class="flex" onsubmit="return form_validate(this)">
-    <div id="peer-invalid-note" style="background-color:red;"></div>
+    <div id="peer-invalid-note" style="background-color:red;">{% if msg %}{{msg}}{%endif%}</div>
     <table>
         <tr>
             <td><label for="peer-asn">Your ASN</label></td>

From d3e47abb91f02ae78c124fa1ccf21d68ea2d1052 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Wed, 23 Nov 2022 16:47:55 +0100
Subject: [PATCH 30/42] implement server side form validation

---
 web/backend/main.py            | 94 ++++++++++++++++++++++++++++++++++
 web/frontend/peerings-new.html |  4 +-
 2 files changed, 96 insertions(+), 2 deletions(-)

diff --git a/web/backend/main.py b/web/backend/main.py
index 4fa8403..9abca5a 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -1,6 +1,7 @@
 #! /usr/bin/env python3
 
 from flask import Flask, Response, redirect, render_template, request, session, abort
+import werkzeug.exceptions as werkzeug_exceptions
 import json, os, base64, logging
 from functools import wraps
 from ipaddress import ip_address, ip_network
@@ -188,6 +189,99 @@ def peerings_new():
         else: 
             return render_template("peerings-new.html",  session=session,config=config, peerings=peerings)
     elif request.method == "POST":
+        print(request.args)
+        print(request.form)
+        if not "node" in request.args or not request.args["node"]:
+            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="no node specified, please click one of the buttons above")
+
+        new_peering = {}
+        # errors = 0
+        
+        ## check if all required (and enabled) options are specified
+        try:
+            new_peering["peer-wgkey"] = request.form["peer-wgkey"]
+            if  request.form["peer-endpoint-enabled"] == "on":
+                new_peering["peer-endpoint"] = request.form["peer-endpoint"]
+                if new_peering["peer-endpoint"] == "":
+                    raise ValueError("peer-endpoint")
+            else:
+                new_peering["peer-endpoint"] = None
+            
+            if "peer-v6ll-enabled" in request.form and request.form["peer-v6ll-enabled"] == "on":
+                new_peering["peer-v6ll"] = request.form["peer-v6ll"]
+                if new_peering["peer-v6ll"] == "":
+                    raise ValueError("peer-v6ll")
+            else:
+                new_peering["peer-v6ll"] = None
+            if "peer-v4-enabled" in request.form and request.form["peer-v4-enabled"] == "on":
+                new_peering["peer-v4"] = request.form["peer-v4"]
+                if new_peering["peer-v4"] == "":
+                    raise ValueError("peer-v4")
+            else:
+                new_peering["peer-v4"] = None
+            if "peer-v6-enabled" in request.form and request.form["peer-v6-enabled"] == "on":
+                new_peering["peer-v6"] = request.form["peer-v6"]
+                if new_peering["peer-v6"] == "":
+                    raise ValueError("peer-v6")
+            else:
+                new_peering["peer-v6"] = None
+            #new_peering[""] = request.form["peer-wgkey"]
+        except ValueError as e:
+            print(f"error: {e.args}")
+            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="at least one of the required/enabled fields was not filled out"), 400
+
+        print(new_peering)
+
+        ## check wireguard key
+        wg_key_invalid = False
+        if len(new_peering["peer-wgkey"]) != 44:
+            wg_key_invalid = True
+        try:
+            base64.b64decode(new_peering["peer-wgkey"])
+        except:
+            wg_key_invalid = True
+        if wg_key_invalid: 
+            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="invalid wireguard Key"), 400
+
+        ## check endpoint 
+        if new_peering["peer-endpoint"]:
+            if not new_peering["peer-endpoint"].split(":")[-1].isnumeric():
+                return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="no port number in endpoint"), 400
+            elif len(new_peering["peer-endpoint"].split(":")) < 2 and not "." in new_peering["peer-endpoint"]:
+                return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="endpoint doesn't look like a ip address or fqdn"), 400
+
+        ## check if at least one ip is specified/enabled
+        try:
+            if not (new_peering["peer-v6ll"] or new_peering["peer-v4"] or new_peering["peer-v6"]):
+                return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="at least one of the ip addresses must be enabled and specified"), 400
+        except KeyError:
+            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="one of the values isn't valid"), 400
+
+        ## check if supplied ip addresses are valid
+        try:
+            if new_peering["peer-v6ll"]:
+                ipv6ll = ip_address(new_peering["peer-v6ll"])
+                if not ipv6ll.version == 6: raise ValueError()
+                if not ipv6ll.is_link_local: raise ValueError()
+            if new_peering["peer-v4"]:
+                ipv4 = ip_address(new_peering["peer-v4"])
+                if not ipv4.version == 4: raise ValueError()
+                if ipv4.is_private: 
+                    if not (ipv4.compressed.startswith("172.2") or ipv4.compressed.startswith("10.")):
+                        raise ValueError()
+                elif ipv4.is_link_local:
+                    pass
+                else: raise ValueError()
+            if new_peering["peer-v6"]:
+                ipv6 = ip_address(new_peering["peer-v6"])
+                if not ipv6.version == 6: raise ValueError()
+                if not ipv6.is_private: raise ValueError()
+            
+        except ValueError:
+            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="invalid ip address(es) supplied"), 400
+
+
+
         return """<div>creating peerings is not (yet) implemented</div><div><a href="../">return</a>"""
         return f"{request.method} /peerings/new {str(request.args)}{str(request.form)}"
 @app.route("/peerings", methods=["GET","POST","DELETE"])
diff --git a/web/frontend/peerings-new.html b/web/frontend/peerings-new.html
index 650b64a..83fc9a8 100644
--- a/web/frontend/peerings-new.html
+++ b/web/frontend/peerings-new.html
@@ -25,7 +25,7 @@
                 msg += "<li>endpoint enabled but non specified</li>";
             } else if (isNaN(endpoint.split(":").at(-1))) {
                 msg += "<li>endpoint doesn't end with a (port)number</li>";
-            } else if (endpoint.split(":").length > 2 || endpoint.indexOf(".") == -1) {
+            } else if (endpoint.split(":").length < 2 && endpoint.indexOf(".") == -1) {
                 msg += "<li>endpoint doesn't look like a ip address or fqdn</li>";
             }
         }
@@ -139,7 +139,7 @@
     {% endfor %}
 </div>
 <form action="" method="post" class="flex" onsubmit="return form_validate(this)">
-    <div id="peer-invalid-note" style="background-color:red;"></div>
+    <div id="peer-invalid-note" style="background-color:red;">{% if msg %}{{msg}}{%endif%}</div>
     <table>
         <tr>
             <td><label for="peer-asn">Your ASN</label></td>

From c4fb52a2173862a2d4efee9d7163a8cab8e5d3a9 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Thu, 24 Nov 2022 16:02:07 +0100
Subject: [PATCH 31/42] fix KexError if no ?return= is specified on /login

---
 web/backend/main.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/web/backend/main.py b/web/backend/main.py
index 9abca5a..8320fa0 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -128,9 +128,15 @@ def kioubit_auth():
     if success:
         session["user-data"] = msg
         session["login"] = msg['mnt']
-        return redirect(session["return_url"])
+        try:
+            return redirect(session["return_url"])
+        except KeyError:
+            return redirect(f"{config['base-dir']}peerings")
     else:
-        return render_template("login.html", session=session,config=config,return_addr=session["return_url"], msg=msg)
+        try:
+            return render_template("login.html", session=session,config=config,return_addr=session["return_url"], msg=msg)
+        except KeyError:
+            return render_template("login.html", session=session,config=config,return_addr=f"{config['base-dir']}peerings", msg=msg)
 
 @app.route("/logout")
 def logout():

From 2c9cac02e0bc726b33204bbb930fa5c31ac9adac Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Thu, 24 Nov 2022 16:02:07 +0100
Subject: [PATCH 32/42] fix KexError if no ?return= is specified on /login

---
 web/backend/main.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/web/backend/main.py b/web/backend/main.py
index 9abca5a..8320fa0 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -128,9 +128,15 @@ def kioubit_auth():
     if success:
         session["user-data"] = msg
         session["login"] = msg['mnt']
-        return redirect(session["return_url"])
+        try:
+            return redirect(session["return_url"])
+        except KeyError:
+            return redirect(f"{config['base-dir']}peerings")
     else:
-        return render_template("login.html", session=session,config=config,return_addr=session["return_url"], msg=msg)
+        try:
+            return render_template("login.html", session=session,config=config,return_addr=session["return_url"], msg=msg)
+        except KeyError:
+            return render_template("login.html", session=session,config=config,return_addr=f"{config['base-dir']}peerings", msg=msg)
 
 @app.route("/logout")
 def logout():

From 31c9a1d39d2e8f29a86e51da3a0e542f31809df0 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Fri, 25 Nov 2022 21:43:28 +0100
Subject: [PATCH 33/42] add creating peerings (inside serverside config)

this doesn't actually add the peerings just saves the parameters to disk
---
 web/backend/main.py    | 99 +++++++++++++++++++++++++++---------------
 web/frontend/base.html |  2 +-
 2 files changed, 66 insertions(+), 35 deletions(-)

diff --git a/web/backend/main.py b/web/backend/main.py
index 8320fa0..9489c42 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -2,7 +2,7 @@
 
 from flask import Flask, Response, redirect, render_template, request, session, abort
 import werkzeug.exceptions as werkzeug_exceptions
-import json, os, base64, logging
+import json, os, base64, logging, random
 from functools import wraps
 from ipaddress import ip_address, ip_network
 import kioubit_verify
@@ -50,51 +50,79 @@ class Config (dict):
             self._config["peering-data"] = "./peerings"
         logging.info(self._config)
 
-class PeeringManager(dict):
+class PeeringManager:
 
     def __init__(self, peering_dir):
         self._peering_dir = peering_dir
 
         self._load_peerings()
-        self.keys = self._peerings
 
-    def __contains__(self, o):
-        return self._peerings.__contains__(o)
-
-    def __getitem__(self, k):
-        return self._peerings[k]
-    
-    def __setitem__(self, k, v):
-        pass
-    def __delitem__(self, v):
-        pass
-    
     def _load_peerings(self):
         if not os.path.exists(self._peering_dir):
             os.mkdir(self._peering_dir)
         if not os.path.exists(f"{self._peering_dir}/peerings.json"):
             with open(f"{self._peering_dir}/peerings.json", "x") as p: 
-                json.dump([], p)
-        with open(f"{self._peering_dir}/peerings.json","r") as p:
-            self._peerings = json.load(p)
-        self.peerings = {}
-        missing_peerings = False
-        for peering in self._peerings:
-            if os.path.exists(f"{self._peering_dir}/{peering}.json"):
-                with open(f"{self._peering_dir}/{peering}.json") as peer_cfg:
-                    self.peerings[peering] = json.load(peer_cfg)
-            else:
-                logging.warning(f"peering with id {peering} doesn't exist. removing reference in `{self._peering_dir}/peerings.json`")
-                self._peerings.remove(peering)
-                missing_peerings = True
-        if missing_peerings:
-            with open(f"{self._peering_dir}/peerings.json","w") as p:
-                json.dump(self._peerings, p, indent=4)
+                json.dump({"mnter":{},"asn":{}}, p)
+        try:       
+            with open(f"{self._peering_dir}/peerings.json","r") as p:
+                self.peerings = json.load(p)
+        except json.decoder.JSONDecodeError:
+            with open(f"{self._peering_dir}/peerings.json", "w") as p: 
+                json.dump({"mnter":{},"asn":{}}, p)
+            with open(f"{self._peering_dir}/peerings.json","r") as p:
+                self.peerings = json.load(p)
+
+        # self.peerings = {}
+        # missing_peerings = False
+        # for peering in self._peerings:
+        #     if os.path.exists(f"{self._peering_dir}/{peering}.json"):
+        #         with open(f"{self._peering_dir}/{peering}.json") as peer_cfg:
+        #             self.peerings[peering] = json.load(peer_cfg)
+        #     else:
+        #         logging.warning(f"peering with id {peering} doesn't exist. removing reference in `{self._peering_dir}/peerings.json`")
+        #         self._peerings.remove(peering)
+        #         missing_peerings = True
+        # if missing_peerings:
+        #     with open(f"{self._peering_dir}/peerings.json","w") as p:
+        #         json.dump(self._peerings, p, indent=4)
+    def _save_peerings(self):
+        with open(f"{self._peering_dir}/peerings.json", "w") as p:
+            json.dump(self.peerings, p, indent=4)
 
     def get_peerings_by_mnt(self, mnt):
-        return [{}]
-        raise NotImplementedError()
-       
+        # print(self.peerings)
+        try:
+            out = []
+            for asn in self.peerings["mnter"][mnt]:
+                try:
+                    for peering in self.peerings["asn"][asn]:
+                        out.append(peering)
+                except KeyError as e:
+                    pass
+            return out
+        except KeyError:
+            return {}
+
+    def add_peering(self, mnt, asn, node, wg_key, endpoint=None, ipv6ll=None, ipv4=None, ipv6=None):
+        try:
+            if not asn in self.peerings["mnter"][mnt]:
+                self.peerings[mnt].append(asn)
+        except KeyError:
+            self.peerings["mnter"][mnt] = [asn]
+        try:
+            if not asn in self.peerings["asn"]:
+                self.peerings["asn"][asn] = []
+        except KeyError:
+            self.peerings["asn"][asn] = []
+        
+        # deny more than one peering per ASN to one node 
+        for peering in self.peerings["asn"][asn]:
+            if peering["node"] == node: return False
+        self.peerings["asn"][asn].append({"MNT":mnt,"ASN":asn, "node": node, "wg_key":wg_key, "endpoint": endpoint,"ipv6ll":ipv6ll,"ipv4":ipv4,"ipv6":ipv6})
+
+        self._save_peerings()
+        return True
+        
 
 config = Config()
 peerings = PeeringManager(config["peering-dir"])
@@ -205,6 +233,7 @@ def peerings_new():
         
         ## check if all required (and enabled) options are specified
         try:
+            new_peering["peer-asn"] = session["user-data"]["asn"]
             new_peering["peer-wgkey"] = request.form["peer-wgkey"]
             if  request.form["peer-endpoint-enabled"] == "on":
                 new_peering["peer-endpoint"] = request.form["peer-endpoint"]
@@ -286,8 +315,10 @@ def peerings_new():
         except ValueError:
             return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="invalid ip address(es) supplied"), 400
 
+        if not peerings.add_peering(session["user-data"]["mnt"], session["user-data"]["asn"], request.args["node"], new_peering["peer-wgkey"], new_peering["peer-endpoint"], new_peering["peer-v6ll"], new_peering["peer-v4"], new_peering["peer-v6"]):
+            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="this ASN already has a peering with the requested node"), 400
 
-
+        return redirect(f"{config['base-dir']}peerings")
         return """<div>creating peerings is not (yet) implemented</div><div><a href="../">return</a>"""
         return f"{request.method} /peerings/new {str(request.args)}{str(request.form)}"
 @app.route("/peerings", methods=["GET","POST","DELETE"])
diff --git a/web/frontend/base.html b/web/frontend/base.html
index e8b1e98..7c90ae6 100644
--- a/web/frontend/base.html
+++ b/web/frontend/base.html
@@ -8,7 +8,7 @@
     <link rel="stylesheet" href="{{config['base-dir']}}static/style.css">
 </head>
 <body>
-    <header class="flex flex-row"><div></div><a href="{{config['base-dir']}}">{{config["MNT"]}} Autopeering</a>{% if "login" in session %}<a href="{{config['base-dir']}}logout">logout</a>{% else %} <a href="{{config['base-dir']}}login?return=/peerings">login</a>{%endif%}</header>
+    <header class="flex flex-row"><div></div><a href="{{config['base-dir']}}">{{config["MNT"]}} Autopeering</a>{% if "login" in session %} <div><a href="{{config['base-dir']}}peerings">manage</a> <a href="{{config['base-dir']}}logout">logout</a></div>{% else %} <a href="{{config['base-dir']}}login?return=/peerings">login</a>{%endif%}</header>
     <div class="content flex">
         {% block content %}
         {% endblock %}

From e4dbef83685b8f802e2526066feb548bdf7873da Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Fri, 25 Nov 2022 21:43:28 +0100
Subject: [PATCH 34/42] add creating peerings (inside serverside config)

this doesn't actually add the peerings just saves the parameters to disk
---
 nodes/main.py          | 10 +++++
 web/backend/main.py    | 99 +++++++++++++++++++++++++++---------------
 web/frontend/base.html |  2 +-
 3 files changed, 76 insertions(+), 35 deletions(-)
 create mode 100644 nodes/main.py

diff --git a/nodes/main.py b/nodes/main.py
new file mode 100644
index 0000000..e232242
--- /dev/null
+++ b/nodes/main.py
@@ -0,0 +1,10 @@
+import falcon, json
+
+class CompaniesResource(object):
+  companies = [{"id": 1, "name": "Company One"}, {"id": 2, "name": "Company Two"}]
+  def on_get(self, req, resp):
+    resp.body = json.dumps(self.companies)
+
+api = falcon.API()
+companies_endpoint = CompaniesResource()
+api.add_route('/companies', companies_endpoint)
\ No newline at end of file
diff --git a/web/backend/main.py b/web/backend/main.py
index 8320fa0..9489c42 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -2,7 +2,7 @@
 
 from flask import Flask, Response, redirect, render_template, request, session, abort
 import werkzeug.exceptions as werkzeug_exceptions
-import json, os, base64, logging
+import json, os, base64, logging, random
 from functools import wraps
 from ipaddress import ip_address, ip_network
 import kioubit_verify
@@ -50,51 +50,79 @@ class Config (dict):
             self._config["peering-data"] = "./peerings"
         logging.info(self._config)
 
-class PeeringManager(dict):
+class PeeringManager:
 
     def __init__(self, peering_dir):
         self._peering_dir = peering_dir
 
         self._load_peerings()
-        self.keys = self._peerings
 
-    def __contains__(self, o):
-        return self._peerings.__contains__(o)
-
-    def __getitem__(self, k):
-        return self._peerings[k]
-    
-    def __setitem__(self, k, v):
-        pass
-    def __delitem__(self, v):
-        pass
-    
     def _load_peerings(self):
         if not os.path.exists(self._peering_dir):
             os.mkdir(self._peering_dir)
         if not os.path.exists(f"{self._peering_dir}/peerings.json"):
             with open(f"{self._peering_dir}/peerings.json", "x") as p: 
-                json.dump([], p)
-        with open(f"{self._peering_dir}/peerings.json","r") as p:
-            self._peerings = json.load(p)
-        self.peerings = {}
-        missing_peerings = False
-        for peering in self._peerings:
-            if os.path.exists(f"{self._peering_dir}/{peering}.json"):
-                with open(f"{self._peering_dir}/{peering}.json") as peer_cfg:
-                    self.peerings[peering] = json.load(peer_cfg)
-            else:
-                logging.warning(f"peering with id {peering} doesn't exist. removing reference in `{self._peering_dir}/peerings.json`")
-                self._peerings.remove(peering)
-                missing_peerings = True
-        if missing_peerings:
-            with open(f"{self._peering_dir}/peerings.json","w") as p:
-                json.dump(self._peerings, p, indent=4)
+                json.dump({"mnter":{},"asn":{}}, p)
+        try:       
+            with open(f"{self._peering_dir}/peerings.json","r") as p:
+                self.peerings = json.load(p)
+        except json.decoder.JSONDecodeError:
+            with open(f"{self._peering_dir}/peerings.json", "w") as p: 
+                json.dump({"mnter":{},"asn":{}}, p)
+            with open(f"{self._peering_dir}/peerings.json","r") as p:
+                self.peerings = json.load(p)
+
+        # self.peerings = {}
+        # missing_peerings = False
+        # for peering in self._peerings:
+        #     if os.path.exists(f"{self._peering_dir}/{peering}.json"):
+        #         with open(f"{self._peering_dir}/{peering}.json") as peer_cfg:
+        #             self.peerings[peering] = json.load(peer_cfg)
+        #     else:
+        #         logging.warning(f"peering with id {peering} doesn't exist. removing reference in `{self._peering_dir}/peerings.json`")
+        #         self._peerings.remove(peering)
+        #         missing_peerings = True
+        # if missing_peerings:
+        #     with open(f"{self._peering_dir}/peerings.json","w") as p:
+        #         json.dump(self._peerings, p, indent=4)
+    def _save_peerings(self):
+        with open(f"{self._peering_dir}/peerings.json", "w") as p:
+            json.dump(self.peerings, p, indent=4)
 
     def get_peerings_by_mnt(self, mnt):
-        return [{}]
-        raise NotImplementedError()
-       
+        # print(self.peerings)
+        try:
+            out = []
+            for asn in self.peerings["mnter"][mnt]:
+                try:
+                    for peering in self.peerings["asn"][asn]:
+                        out.append(peering)
+                except KeyError as e:
+                    pass
+            return out
+        except KeyError:
+            return {}
+
+    def add_peering(self, mnt, asn, node, wg_key, endpoint=None, ipv6ll=None, ipv4=None, ipv6=None):
+        try:
+            if not asn in self.peerings["mnter"][mnt]:
+                self.peerings[mnt].append(asn)
+        except KeyError:
+            self.peerings["mnter"][mnt] = [asn]
+        try:
+            if not asn in self.peerings["asn"]:
+                self.peerings["asn"][asn] = []
+        except KeyError:
+            self.peerings["asn"][asn] = []
+        
+        # deny more than one peering per ASN to one node 
+        for peering in self.peerings["asn"][asn]:
+            if peering["node"] == node: return False
+        self.peerings["asn"][asn].append({"MNT":mnt,"ASN":asn, "node": node, "wg_key":wg_key, "endpoint": endpoint,"ipv6ll":ipv6ll,"ipv4":ipv4,"ipv6":ipv6})
+
+        self._save_peerings()
+        return True
+        
 
 config = Config()
 peerings = PeeringManager(config["peering-dir"])
@@ -205,6 +233,7 @@ def peerings_new():
         
         ## check if all required (and enabled) options are specified
         try:
+            new_peering["peer-asn"] = session["user-data"]["asn"]
             new_peering["peer-wgkey"] = request.form["peer-wgkey"]
             if  request.form["peer-endpoint-enabled"] == "on":
                 new_peering["peer-endpoint"] = request.form["peer-endpoint"]
@@ -286,8 +315,10 @@ def peerings_new():
         except ValueError:
             return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="invalid ip address(es) supplied"), 400
 
+        if not peerings.add_peering(session["user-data"]["mnt"], session["user-data"]["asn"], request.args["node"], new_peering["peer-wgkey"], new_peering["peer-endpoint"], new_peering["peer-v6ll"], new_peering["peer-v4"], new_peering["peer-v6"]):
+            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="this ASN already has a peering with the requested node"), 400
 
-
+        return redirect(f"{config['base-dir']}peerings")
         return """<div>creating peerings is not (yet) implemented</div><div><a href="../">return</a>"""
         return f"{request.method} /peerings/new {str(request.args)}{str(request.form)}"
 @app.route("/peerings", methods=["GET","POST","DELETE"])
diff --git a/web/frontend/base.html b/web/frontend/base.html
index e8b1e98..7c90ae6 100644
--- a/web/frontend/base.html
+++ b/web/frontend/base.html
@@ -8,7 +8,7 @@
     <link rel="stylesheet" href="{{config['base-dir']}}static/style.css">
 </head>
 <body>
-    <header class="flex flex-row"><div></div><a href="{{config['base-dir']}}">{{config["MNT"]}} Autopeering</a>{% if "login" in session %}<a href="{{config['base-dir']}}logout">logout</a>{% else %} <a href="{{config['base-dir']}}login?return=/peerings">login</a>{%endif%}</header>
+    <header class="flex flex-row"><div></div><a href="{{config['base-dir']}}">{{config["MNT"]}} Autopeering</a>{% if "login" in session %} <div><a href="{{config['base-dir']}}peerings">manage</a> <a href="{{config['base-dir']}}logout">logout</a></div>{% else %} <a href="{{config['base-dir']}}login?return=/peerings">login</a>{%endif%}</header>
     <div class="content flex">
         {% block content %}
         {% endblock %}

From d48b754da62ef89ddd8bb8576b421d3b2f8d2a42 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Sat, 26 Nov 2022 18:00:46 +0100
Subject: [PATCH 35/42] add first try of installation instructions

---
 README.md                      | 15 +++++++++++++++
 installation.md                | 16 ++++++++++++++++
 web/backend/config.sample.json |  2 +-
 3 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 installation.md

diff --git a/README.md b/README.md
index c09534e..88f1ec9 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,16 @@
 # lare's autopeering implementation
+
+This is my (LARE-MNT) implementation of an auto peering system
+
+It consists of two parts:
+1. the "server" 
+   - handling user auth (via kioubit) 
+   - add/edit/delete peerings (#todo)
+   - communicate new/update peerings with nodes #todo
+2. the "nodes daemon" #todo
+   - reveives new/updated peering configs from the "server" #todo
+
+
+## Installation
+
+see [installation.md](installation.md)
\ No newline at end of file
diff --git a/installation.md b/installation.md
new file mode 100644
index 0000000..f93874b
--- /dev/null
+++ b/installation.md
@@ -0,0 +1,16 @@
+# Installation
+
+## Server
+
+1. clone repository to the main server
+2. change into `web`
+3. create VirtualEnv: run `python3 -m venv venv` then `source venv/bin/activate`
+4. install dependencies: `pip install -r requirement.txt`
+5. create config file: 
+   1. `cp backend/config.example.json config.json`
+   2. edit example config to represent your situation
+   3. remove comments in config file
+6. run the server: `python backend/main.py`
+
+## Nodes
+#todo
\ No newline at end of file
diff --git a/web/backend/config.sample.json b/web/backend/config.sample.json
index aa7a872..61446cb 100644
--- a/web/backend/config.sample.json
+++ b/web/backend/config.sample.json
@@ -21,7 +21,7 @@
     "port": 8042, 
     "domain": "example.org", // domain to use for kioubit verification service
     "base-dir": "/", //optional:directury for which it is reachable (if behind some sort of reverse proxy) default "/"
-    "peerings-dir": "/path/to/peering-configs/", // optional; default "$PWD/peerings", directory to save existing peerings to
+    "peerings": "/path/to/peering-config.json", // optional; default "$PWD/peerings", directory to save existing peerings to
     "production": true, //optional, default true; 
     "debug-mode": false, // optional; whethet to enable debugging; default false
     "flask-secret-key": "<secret-please-replace>", // secret key for session cookies

From a71132d8a5b2484c40dc34be79b7d4a9f6f80c8e Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Sat, 26 Nov 2022 18:00:46 +0100
Subject: [PATCH 36/42] add first try of installation instructions

---
 README.md                      | 15 +++++++++++++++
 installation.md                | 16 ++++++++++++++++
 web/backend/config.sample.json |  2 +-
 3 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 installation.md

diff --git a/README.md b/README.md
index c09534e..88f1ec9 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,16 @@
 # lare's autopeering implementation
+
+This is my (LARE-MNT) implementation of an auto peering system
+
+It consists of two parts:
+1. the "server" 
+   - handling user auth (via kioubit) 
+   - add/edit/delete peerings (#todo)
+   - communicate new/update peerings with nodes #todo
+2. the "nodes daemon" #todo
+   - reveives new/updated peering configs from the "server" #todo
+
+
+## Installation
+
+see [installation.md](installation.md)
\ No newline at end of file
diff --git a/installation.md b/installation.md
new file mode 100644
index 0000000..f93874b
--- /dev/null
+++ b/installation.md
@@ -0,0 +1,16 @@
+# Installation
+
+## Server
+
+1. clone repository to the main server
+2. change into `web`
+3. create VirtualEnv: run `python3 -m venv venv` then `source venv/bin/activate`
+4. install dependencies: `pip install -r requirement.txt`
+5. create config file: 
+   1. `cp backend/config.example.json config.json`
+   2. edit example config to represent your situation
+   3. remove comments in config file
+6. run the server: `python backend/main.py`
+
+## Nodes
+#todo
\ No newline at end of file
diff --git a/web/backend/config.sample.json b/web/backend/config.sample.json
index aa7a872..61446cb 100644
--- a/web/backend/config.sample.json
+++ b/web/backend/config.sample.json
@@ -21,7 +21,7 @@
     "port": 8042, 
     "domain": "example.org", // domain to use for kioubit verification service
     "base-dir": "/", //optional:directury for which it is reachable (if behind some sort of reverse proxy) default "/"
-    "peerings-dir": "/path/to/peering-configs/", // optional; default "$PWD/peerings", directory to save existing peerings to
+    "peerings": "/path/to/peering-config.json", // optional; default "$PWD/peerings", directory to save existing peerings to
     "production": true, //optional, default true; 
     "debug-mode": false, // optional; whethet to enable debugging; default false
     "flask-secret-key": "<secret-please-replace>", // secret key for session cookies

From 14bb23690e958317a2c60fef402a0f8f1be46e1b Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Sun, 27 Nov 2022 00:00:01 +0100
Subject: [PATCH 37/42] add display of existing peerings+check if supplied ips
 are in allowed ip ranges

---
 web/.gitignore                 |  2 +-
 web/backend/main.py            | 60 ++++++++++++++++++++++++----------
 web/frontend/peerings-new.html | 21 ++++++++++++
 web/frontend/peerings.html     | 30 +++++++++++++++--
 web/frontend/static/style.css  | 45 +++++++++++++++++++++++++
 5 files changed, 138 insertions(+), 20 deletions(-)

diff --git a/web/.gitignore b/web/.gitignore
index ddf7c63..e105841 100644
--- a/web/.gitignore
+++ b/web/.gitignore
@@ -1,2 +1,2 @@
 venv
-backend/peerings/
\ No newline at end of file
+backend/peerings.json
\ No newline at end of file
diff --git a/web/backend/main.py b/web/backend/main.py
index 9489c42..5dac035 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -52,24 +52,22 @@ class Config (dict):
 
 class PeeringManager:
 
-    def __init__(self, peering_dir):
-        self._peering_dir = peering_dir
+    def __init__(self, peerings_file):
+        self._peering_file = peerings_file
 
         self._load_peerings()
 
     def _load_peerings(self):
-        if not os.path.exists(self._peering_dir):
-            os.mkdir(self._peering_dir)
-        if not os.path.exists(f"{self._peering_dir}/peerings.json"):
-            with open(f"{self._peering_dir}/peerings.json", "x") as p: 
+        if not os.path.exists(self._peering_file):
+            with open(self._peering_file, "x") as p: 
                 json.dump({"mnter":{},"asn":{}}, p)
         try:       
-            with open(f"{self._peering_dir}/peerings.json","r") as p:
+            with open(self._peering_file,"r") as p:
                 self.peerings = json.load(p)
         except json.decoder.JSONDecodeError:
-            with open(f"{self._peering_dir}/peerings.json", "w") as p: 
+            with open(self._peering_file, "w") as p: 
                 json.dump({"mnter":{},"asn":{}}, p)
-            with open(f"{self._peering_dir}/peerings.json","r") as p:
+            with open(self._peering_file,"r") as p:
                 self.peerings = json.load(p)
 
         # self.peerings = {}
@@ -86,7 +84,7 @@ class PeeringManager:
         #     with open(f"{self._peering_dir}/peerings.json","w") as p:
         #         json.dump(self._peerings, p, indent=4)
     def _save_peerings(self):
-        with open(f"{self._peering_dir}/peerings.json", "w") as p:
+        with open(self._peering_file, "w") as p:
             json.dump(self.peerings, p, indent=4)
 
     def get_peerings_by_mnt(self, mnt):
@@ -125,7 +123,7 @@ class PeeringManager:
         
 
 config = Config()
-peerings = PeeringManager(config["peering-dir"])
+peerings = PeeringManager(config["peerings"])
 def auth_required():
     def wrapper(f):
         @wraps(f)
@@ -186,15 +184,15 @@ def login():
                 return render_template("login.html", session=session,config=config,return_addr=session["return_url"], msg=msg)
             mnt = request.form["mnt"]
             asn = request.form["asn"]
-            asn = asn[2:] if asn[:1].lower() == "as" else asn
+            asn = asn[2:] if asn[:2].lower() == "as" else asn
             if "allowed4" in request.form:
                 allowed4 = request.form["allowed4"]
-                allowed4 = allowed4.split(",") if "," in allowed4 else allowed4
+                # allowed4 = allowed4.split(",") if "," in allowed4 else allowed4
             else:
                 allowed4 = None
             if "allowed6" in request.form:
                 allowed6 = request.form["allowed6"]
-                allowed6 = allowed6.split(",") if "," in allowed6 else allowed6
+                # allowed6 = allowed6.split(",") if "," in allowed6 else allowed6
             else:
                 allowed6 = None
             session["user-data"] = {'asn':asn,'allowed4': allowed4, 'allowed6': allowed6,'mnt':mnt, 'authtype': "debug"}
@@ -213,6 +211,19 @@ def login():
 def peerings_delete():
 
     return f"{request.method} /peerings/delete?{str(request.args)}{str(request.form)}"
+        
+@app.route("/peerings/edit", methods=["GET","POST"])
+@auth_required()
+def peerings_edit():
+    print(session)
+    if request.method == "GET":
+        if "node" in request.args and request.args["node"] in config["nodes"]:
+            return render_template("peerings-new.html", config=config, selected_node=request.args["node"], peerings=peerings)
+        else: 
+            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings)
+    elif request.method == "POST":
+
+        return f"{request.method} /peerings/edit?{str(request.args)}{str(request.form)}"
 @app.route("/peerings/new", methods=["GET","POST"])
 @auth_required()
 def peerings_new():
@@ -301,16 +312,31 @@ def peerings_new():
             if new_peering["peer-v4"]:
                 ipv4 = ip_address(new_peering["peer-v4"])
                 if not ipv4.version == 4: raise ValueError()
-                if ipv4.is_private: 
+                if ipv4.is_link_local:
+                    pass
+                elif ipv4.is_private:
                     if not (ipv4.compressed.startswith("172.2") or ipv4.compressed.startswith("10.")):
                         raise ValueError()
-                elif ipv4.is_link_local:
-                    pass
+                    is_in_allowed = False
+                    if session["user-data"]["allowed4"]:
+                        for allowed4 in session["user-data"]["allowed4"].split(","):
+                            if ipv4 in ip_network(allowed4):
+                                is_in_allowed = True
+                    if not is_in_allowed:
+                        return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="supplied ipv4 addr not in allowed ip range"), 400
                 else: raise ValueError()
             if new_peering["peer-v6"]:
                 ipv6 = ip_address(new_peering["peer-v6"])
                 if not ipv6.version == 6: raise ValueError()
                 if not ipv6.is_private: raise ValueError()
+                if ipv6.is_link_local: raise ValueError()
+                is_in_allowed = False
+                if session["user-data"]["allowed6"]:
+                    for allowed6 in session["user-data"]["allowed6"].split(","):
+                        if ipv6 in ip_network(allowed6):
+                            is_in_allowed = True
+                if not is_in_allowed:
+                    return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="supplied ipv6 addr not in allowed ip range"), 400
             
         except ValueError:
             return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="invalid ip address(es) supplied"), 400
diff --git a/web/frontend/peerings-new.html b/web/frontend/peerings-new.html
index 83fc9a8..d3483a7 100644
--- a/web/frontend/peerings-new.html
+++ b/web/frontend/peerings-new.html
@@ -146,6 +146,11 @@
             <td></td>
             <td><input type="text" name="peer-asn" id="peer-asn" disabled="disabled" value="{{session['user-data']['asn']}}"></td>
         </tr>
+        <tr>
+            <td><h4>Wireguard</h4></td>
+            <td></td>
+            <td></td>
+        </tr>
         <tr>
             <td><label for="peer-wgkey">your Wireguard Publickey</label></td>
             <td></td>
@@ -171,7 +176,23 @@
             <td><input type="checkbox" name="peer-v6-enabled" id="peer-v6-enabled"onchange="return update_from_v6()"></td>
             <td><input type="text" name="peer-v6" id="peer-v6"onchange="return update_from_v6()"></td>
         </tr>
+        <tr>
+            <td><h4>BGP</h4></td>
+            <td></td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>MultiProtocol</td>
+            <td><input type="checkbox" name="bgp-multi-protocol" id="bgp-multi-protocol" onchange="return update_from_mpbgp()" checked></td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>extended next hop</td>
+            <td><input type="checkbox" name="bgp-extended-next-hop" id="bgp-extended-next-hop" onchange="return update_from_enh()" checked></td>
+            <td></td>
+        </tr>
     </table>
+
     <input type="submit" value="submit">
 </form>
 <div class="example-config">
diff --git a/web/frontend/peerings.html b/web/frontend/peerings.html
index d2ffe75..cc273b9 100644
--- a/web/frontend/peerings.html
+++ b/web/frontend/peerings.html
@@ -4,9 +4,35 @@
 <div>
     <a href="peerings/new"><button>add new</button></a>
 </div>
-<div>
+<div class="flex flex-row">
 {% for peering in peerings.get_peerings_by_mnt(session["login"]) %}
-    {{peering}} <br>
+    <div class="peering">
+        <div>
+            <div>Node: {{peering["node"]}}</div>
+        </div>
+        <div>
+            <table>
+                <tr><td>ASN:</td><td>{{peering["ASN"]}}</td></tr> 
+                <tr><td>WG-PublicKey:</td><td>{{peering["wg_key"][:8]}}...</td></tr> 
+            </table>
+        </div>
+        <div>
+            <table>
+                {% if peering["ipv6ll"] %}<tr><td>ipv6 linklocal:</td><td>{{peering["ipv6ll"]}}</td></tr>{% endif %}
+                {% if peering["ipv4"] %}<tr><td>ipv4:</td><td>{{peering["ipv4"]}}</td></tr>{% endif %}
+                {% if peering["ipv6"] %}<tr><td>ipv6:</td><td>{{peering["ipv6"]}}</td></tr>{% endif %}
+            </table>
+        </div>
+        <!-- <div>{{peering}}</div> -->
+        <div>
+            <a href="peerings/edit?node={{peering['node']}}&asn={{peering['ASN']}}">
+                <button class="peering-edit">edit</button>
+            </a>
+            <a href="peerings/delete?node={{peering['node']}}&asn={{peering['ASN']}}">
+                <button class="peering-delete">delete</button>
+            </a>
+        </div>
+    </div>
 {% endfor %}
 </div>
 
diff --git a/web/frontend/static/style.css b/web/frontend/static/style.css
index 30e3211..8d70597 100644
--- a/web/frontend/static/style.css
+++ b/web/frontend/static/style.css
@@ -71,4 +71,49 @@ footer.flex {
 
 form > div > * {
     margin: 10px;
+}
+
+.peering {
+    border-color: var(--other-background);
+    border-radius: 10px;
+    padding: 10px;
+    border-style: inset;
+    display: grid;
+    grid-auto-flow: column;
+    flex-direction: row;
+    width: 100%;
+}
+.peering > div {
+    display: flex;
+    flex-direction: column;
+}
+.peering > div > * {
+    padding: 10px;
+}
+
+button {
+    background-color: #00000020;
+    border-color: var(--text-color);
+    border-width: 5px;
+    padding: 10px;
+}
+
+.peering>* {
+    width:auto;
+    align-items: center;
+}
+
+.peering-edit {
+    border-color: lightblue;
+}
+
+.peering-edit:hover {
+    background-color: #87cefaaa;
+}
+
+.peering-delete {
+    border-color: darkred;
+}
+.peering-delete:hover {
+    background-color: #ff0000aa;
 }
\ No newline at end of file

From 4c38c0975fd86e261d5aea0d2336abda8dfa089d Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Sun, 27 Nov 2022 00:00:01 +0100
Subject: [PATCH 38/42] add display of existing peerings+check if supplied ips
 are in allowed ip ranges

---
 web/.gitignore                 |  2 +-
 web/backend/main.py            | 60 ++++++++++++++++++++++++----------
 web/frontend/peerings-new.html | 21 ++++++++++++
 web/frontend/peerings.html     | 30 +++++++++++++++--
 web/frontend/static/style.css  | 45 +++++++++++++++++++++++++
 5 files changed, 138 insertions(+), 20 deletions(-)

diff --git a/web/.gitignore b/web/.gitignore
index ddf7c63..e105841 100644
--- a/web/.gitignore
+++ b/web/.gitignore
@@ -1,2 +1,2 @@
 venv
-backend/peerings/
\ No newline at end of file
+backend/peerings.json
\ No newline at end of file
diff --git a/web/backend/main.py b/web/backend/main.py
index 9489c42..5dac035 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -52,24 +52,22 @@ class Config (dict):
 
 class PeeringManager:
 
-    def __init__(self, peering_dir):
-        self._peering_dir = peering_dir
+    def __init__(self, peerings_file):
+        self._peering_file = peerings_file
 
         self._load_peerings()
 
     def _load_peerings(self):
-        if not os.path.exists(self._peering_dir):
-            os.mkdir(self._peering_dir)
-        if not os.path.exists(f"{self._peering_dir}/peerings.json"):
-            with open(f"{self._peering_dir}/peerings.json", "x") as p: 
+        if not os.path.exists(self._peering_file):
+            with open(self._peering_file, "x") as p: 
                 json.dump({"mnter":{},"asn":{}}, p)
         try:       
-            with open(f"{self._peering_dir}/peerings.json","r") as p:
+            with open(self._peering_file,"r") as p:
                 self.peerings = json.load(p)
         except json.decoder.JSONDecodeError:
-            with open(f"{self._peering_dir}/peerings.json", "w") as p: 
+            with open(self._peering_file, "w") as p: 
                 json.dump({"mnter":{},"asn":{}}, p)
-            with open(f"{self._peering_dir}/peerings.json","r") as p:
+            with open(self._peering_file,"r") as p:
                 self.peerings = json.load(p)
 
         # self.peerings = {}
@@ -86,7 +84,7 @@ class PeeringManager:
         #     with open(f"{self._peering_dir}/peerings.json","w") as p:
         #         json.dump(self._peerings, p, indent=4)
     def _save_peerings(self):
-        with open(f"{self._peering_dir}/peerings.json", "w") as p:
+        with open(self._peering_file, "w") as p:
             json.dump(self.peerings, p, indent=4)
 
     def get_peerings_by_mnt(self, mnt):
@@ -125,7 +123,7 @@ class PeeringManager:
         
 
 config = Config()
-peerings = PeeringManager(config["peering-dir"])
+peerings = PeeringManager(config["peerings"])
 def auth_required():
     def wrapper(f):
         @wraps(f)
@@ -186,15 +184,15 @@ def login():
                 return render_template("login.html", session=session,config=config,return_addr=session["return_url"], msg=msg)
             mnt = request.form["mnt"]
             asn = request.form["asn"]
-            asn = asn[2:] if asn[:1].lower() == "as" else asn
+            asn = asn[2:] if asn[:2].lower() == "as" else asn
             if "allowed4" in request.form:
                 allowed4 = request.form["allowed4"]
-                allowed4 = allowed4.split(",") if "," in allowed4 else allowed4
+                # allowed4 = allowed4.split(",") if "," in allowed4 else allowed4
             else:
                 allowed4 = None
             if "allowed6" in request.form:
                 allowed6 = request.form["allowed6"]
-                allowed6 = allowed6.split(",") if "," in allowed6 else allowed6
+                # allowed6 = allowed6.split(",") if "," in allowed6 else allowed6
             else:
                 allowed6 = None
             session["user-data"] = {'asn':asn,'allowed4': allowed4, 'allowed6': allowed6,'mnt':mnt, 'authtype': "debug"}
@@ -213,6 +211,19 @@ def login():
 def peerings_delete():
 
     return f"{request.method} /peerings/delete?{str(request.args)}{str(request.form)}"
+        
+@app.route("/peerings/edit", methods=["GET","POST"])
+@auth_required()
+def peerings_edit():
+    print(session)
+    if request.method == "GET":
+        if "node" in request.args and request.args["node"] in config["nodes"]:
+            return render_template("peerings-new.html", config=config, selected_node=request.args["node"], peerings=peerings)
+        else: 
+            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings)
+    elif request.method == "POST":
+
+        return f"{request.method} /peerings/edit?{str(request.args)}{str(request.form)}"
 @app.route("/peerings/new", methods=["GET","POST"])
 @auth_required()
 def peerings_new():
@@ -301,16 +312,31 @@ def peerings_new():
             if new_peering["peer-v4"]:
                 ipv4 = ip_address(new_peering["peer-v4"])
                 if not ipv4.version == 4: raise ValueError()
-                if ipv4.is_private: 
+                if ipv4.is_link_local:
+                    pass
+                elif ipv4.is_private:
                     if not (ipv4.compressed.startswith("172.2") or ipv4.compressed.startswith("10.")):
                         raise ValueError()
-                elif ipv4.is_link_local:
-                    pass
+                    is_in_allowed = False
+                    if session["user-data"]["allowed4"]:
+                        for allowed4 in session["user-data"]["allowed4"].split(","):
+                            if ipv4 in ip_network(allowed4):
+                                is_in_allowed = True
+                    if not is_in_allowed:
+                        return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="supplied ipv4 addr not in allowed ip range"), 400
                 else: raise ValueError()
             if new_peering["peer-v6"]:
                 ipv6 = ip_address(new_peering["peer-v6"])
                 if not ipv6.version == 6: raise ValueError()
                 if not ipv6.is_private: raise ValueError()
+                if ipv6.is_link_local: raise ValueError()
+                is_in_allowed = False
+                if session["user-data"]["allowed6"]:
+                    for allowed6 in session["user-data"]["allowed6"].split(","):
+                        if ipv6 in ip_network(allowed6):
+                            is_in_allowed = True
+                if not is_in_allowed:
+                    return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="supplied ipv6 addr not in allowed ip range"), 400
             
         except ValueError:
             return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="invalid ip address(es) supplied"), 400
diff --git a/web/frontend/peerings-new.html b/web/frontend/peerings-new.html
index 83fc9a8..d3483a7 100644
--- a/web/frontend/peerings-new.html
+++ b/web/frontend/peerings-new.html
@@ -146,6 +146,11 @@
             <td></td>
             <td><input type="text" name="peer-asn" id="peer-asn" disabled="disabled" value="{{session['user-data']['asn']}}"></td>
         </tr>
+        <tr>
+            <td><h4>Wireguard</h4></td>
+            <td></td>
+            <td></td>
+        </tr>
         <tr>
             <td><label for="peer-wgkey">your Wireguard Publickey</label></td>
             <td></td>
@@ -171,7 +176,23 @@
             <td><input type="checkbox" name="peer-v6-enabled" id="peer-v6-enabled"onchange="return update_from_v6()"></td>
             <td><input type="text" name="peer-v6" id="peer-v6"onchange="return update_from_v6()"></td>
         </tr>
+        <tr>
+            <td><h4>BGP</h4></td>
+            <td></td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>MultiProtocol</td>
+            <td><input type="checkbox" name="bgp-multi-protocol" id="bgp-multi-protocol" onchange="return update_from_mpbgp()" checked></td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>extended next hop</td>
+            <td><input type="checkbox" name="bgp-extended-next-hop" id="bgp-extended-next-hop" onchange="return update_from_enh()" checked></td>
+            <td></td>
+        </tr>
     </table>
+
     <input type="submit" value="submit">
 </form>
 <div class="example-config">
diff --git a/web/frontend/peerings.html b/web/frontend/peerings.html
index d2ffe75..cc273b9 100644
--- a/web/frontend/peerings.html
+++ b/web/frontend/peerings.html
@@ -4,9 +4,35 @@
 <div>
     <a href="peerings/new"><button>add new</button></a>
 </div>
-<div>
+<div class="flex flex-row">
 {% for peering in peerings.get_peerings_by_mnt(session["login"]) %}
-    {{peering}} <br>
+    <div class="peering">
+        <div>
+            <div>Node: {{peering["node"]}}</div>
+        </div>
+        <div>
+            <table>
+                <tr><td>ASN:</td><td>{{peering["ASN"]}}</td></tr> 
+                <tr><td>WG-PublicKey:</td><td>{{peering["wg_key"][:8]}}...</td></tr> 
+            </table>
+        </div>
+        <div>
+            <table>
+                {% if peering["ipv6ll"] %}<tr><td>ipv6 linklocal:</td><td>{{peering["ipv6ll"]}}</td></tr>{% endif %}
+                {% if peering["ipv4"] %}<tr><td>ipv4:</td><td>{{peering["ipv4"]}}</td></tr>{% endif %}
+                {% if peering["ipv6"] %}<tr><td>ipv6:</td><td>{{peering["ipv6"]}}</td></tr>{% endif %}
+            </table>
+        </div>
+        <!-- <div>{{peering}}</div> -->
+        <div>
+            <a href="peerings/edit?node={{peering['node']}}&asn={{peering['ASN']}}">
+                <button class="peering-edit">edit</button>
+            </a>
+            <a href="peerings/delete?node={{peering['node']}}&asn={{peering['ASN']}}">
+                <button class="peering-delete">delete</button>
+            </a>
+        </div>
+    </div>
 {% endfor %}
 </div>
 
diff --git a/web/frontend/static/style.css b/web/frontend/static/style.css
index 30e3211..8d70597 100644
--- a/web/frontend/static/style.css
+++ b/web/frontend/static/style.css
@@ -71,4 +71,49 @@ footer.flex {
 
 form > div > * {
     margin: 10px;
+}
+
+.peering {
+    border-color: var(--other-background);
+    border-radius: 10px;
+    padding: 10px;
+    border-style: inset;
+    display: grid;
+    grid-auto-flow: column;
+    flex-direction: row;
+    width: 100%;
+}
+.peering > div {
+    display: flex;
+    flex-direction: column;
+}
+.peering > div > * {
+    padding: 10px;
+}
+
+button {
+    background-color: #00000020;
+    border-color: var(--text-color);
+    border-width: 5px;
+    padding: 10px;
+}
+
+.peering>* {
+    width:auto;
+    align-items: center;
+}
+
+.peering-edit {
+    border-color: lightblue;
+}
+
+.peering-edit:hover {
+    background-color: #87cefaaa;
+}
+
+.peering-delete {
+    border-color: darkred;
+}
+.peering-delete:hover {
+    background-color: #ff0000aa;
 }
\ No newline at end of file

From 85c2080dc104077519be2938283e19d95a0e0086 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Sat, 3 Dec 2022 13:31:47 +0100
Subject: [PATCH 39/42] add check for bgp cap

---
 web/backend/main.py            | 223 ++++++++++++++++++---------------
 web/frontend/peerings-new.html | 111 ++++++++++++----
 web/frontend/static/style.css  |   3 +-
 3 files changed, 208 insertions(+), 129 deletions(-)

diff --git a/web/backend/main.py b/web/backend/main.py
index 5dac035..bcca087 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -124,6 +124,122 @@ class PeeringManager:
 
 config = Config()
 peerings = PeeringManager(config["peerings"])
+kverifyer = kioubit_verify.AuthVerifyer(config["domain"])
+
+def check_peering_data(form):
+    new_peering = {}
+    # errors = 0
+    
+    ## check if all required (and enabled) options are specified
+    try:
+        new_peering["peer-asn"] = session["user-data"]["asn"]
+        new_peering["peer-wgkey"] = form["peer-wgkey"]
+        if "peer-endpoint-enabled" in form and form["peer-endpoint-enabled"] == "on":
+            new_peering["peer-endpoint"] = form["peer-endpoint"]
+            if new_peering["peer-endpoint"] == "":
+                raise ValueError("peer-endpoint")
+        else:
+            new_peering["peer-endpoint"] = None
+        
+        if "peer-v6ll-enabled" in form and form["peer-v6ll-enabled"] == "on":
+            new_peering["peer-v6ll"] = form["peer-v6ll"]
+            if new_peering["peer-v6ll"] == "":
+                raise ValueError("peer-v6ll")
+        else:
+            new_peering["peer-v6ll"] = None
+        if "peer-v4-enabled" in form and form["peer-v4-enabled"] == "on":
+            new_peering["peer-v4"] = form["peer-v4"]
+            if new_peering["peer-v4"] == "":
+                raise ValueError("peer-v4")
+        else:
+            new_peering["peer-v4"] = None
+        if "peer-v6-enabled" in form and form["peer-v6-enabled"] == "on":
+            new_peering["peer-v6"] = form["peer-v6"]
+            if new_peering["peer-v6"] == "":
+                raise ValueError("peer-v6")
+        else:
+            new_peering["peer-v6"] = None
+        new_peering["bgp-mp"] = form["bgp-multi-protocol"] if "bgp-multi-protocol" in form else "off"
+        new_peering["bgp-enh"] = form["bgp-extended-next-hop"] if "bgp-extended-next-hop" in form else "off"
+        #new_peering[""] = form["peer-wgkey"]
+    except ValueError as e:
+        print(f"error: {e.args}")
+        return False, "at least one of the required/enabled fields was not filled out"
+
+    print(new_peering)
+
+    ## check wireguard key
+    wg_key_invalid = False
+    if len(new_peering["peer-wgkey"]) != 44:
+        wg_key_invalid = True
+    try:
+        base64.b64decode(new_peering["peer-wgkey"])
+    except:
+        wg_key_invalid = True
+    if wg_key_invalid: 
+        return False, "invalid wireguard Key"
+
+    ## check endpoint 
+    if new_peering["peer-endpoint"]:
+        if not new_peering["peer-endpoint"].split(":")[-1].isnumeric():
+            return False, "no port number in endpoint"
+        elif len(new_peering["peer-endpoint"].split(":")) < 2 and not "." in new_peering["peer-endpoint"]:
+            return False, "endpoint doesn't look like a ip address or fqdn"
+
+    ## check if at least one ip is specified/enabled
+    try:
+        if not (new_peering["peer-v6ll"] or new_peering["peer-v4"] or new_peering["peer-v6"]):
+            return False, "at least one of the ip addresses must be enabled and specified"
+    except KeyError:
+        return False, "one of the values isn't valid"
+
+    ## check if supplied ip addresses are valid
+    try:
+        if new_peering["peer-v6ll"]:
+            ipv6ll = ip_address(new_peering["peer-v6ll"])
+            if not ipv6ll.version == 6: raise ValueError()
+            if not ipv6ll.is_link_local: raise ValueError()
+        if new_peering["peer-v4"]:
+            ipv4 = ip_address(new_peering["peer-v4"])
+            if not ipv4.version == 4: raise ValueError()
+            if ipv4.is_link_local:
+                pass
+            elif ipv4.is_private:
+                if not (ipv4.compressed.startswith("172.2") or ipv4.compressed.startswith("10.")):
+                    raise ValueError()
+                is_in_allowed = False
+                if session["user-data"]["allowed4"]:
+                    for allowed4 in session["user-data"]["allowed4"].split(","):
+                        if ipv4 in ip_network(allowed4):
+                            is_in_allowed = True
+                if not is_in_allowed:
+                    return False, "supplied ipv4 addr not in allowed ip range"
+            else: raise ValueError()
+        if new_peering["peer-v6"]:
+            ipv6 = ip_address(new_peering["peer-v6"])
+            if not ipv6.version == 6: raise ValueError()
+            if not ipv6.is_private: raise ValueError()
+            if ipv6.is_link_local: raise ValueError()
+            is_in_allowed = False
+            if session["user-data"]["allowed6"]:
+                for allowed6 in session["user-data"]["allowed6"].split(","):
+                    if ipv6 in ip_network(allowed6):
+                        is_in_allowed = True
+            if not is_in_allowed:
+                return False, "supplied ipv6 addr not in allowed ip range"
+    except ValueError:
+        return False, "invalid ip address(es) supplied"
+
+    # check bgp options
+    try:
+        if new_peering["bgp-mp"] == "off" and new_peering["bgp-enh"] == "on":
+            return False, "extended next hop requires multiprotocol bgp"
+        if new_peering["bgp-mp"] == "off":
+            if not (new_peering["peer-v4"] and (new_peering["peer-v6"] or new_peering["peer-v6ll"])):
+                return False, "ipv4 and ipv6 addresses required when not having MP-BGP"
+    except ValueError:
+        ...
+    return True, new_peering
 def auth_required():
     def wrapper(f):
         @wraps(f)
@@ -136,7 +252,6 @@ def auth_required():
     return wrapper
 
 
-kverifyer = kioubit_verify.AuthVerifyer(config["domain"])
 @app.route("/api/auth/kverify", methods=["GET", "POST"])
 def kioubit_auth():
     try: 
@@ -239,109 +354,11 @@ def peerings_new():
         if not "node" in request.args or not request.args["node"]:
             return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="no node specified, please click one of the buttons above")
 
-        new_peering = {}
-        # errors = 0
-        
-        ## check if all required (and enabled) options are specified
-        try:
-            new_peering["peer-asn"] = session["user-data"]["asn"]
-            new_peering["peer-wgkey"] = request.form["peer-wgkey"]
-            if  request.form["peer-endpoint-enabled"] == "on":
-                new_peering["peer-endpoint"] = request.form["peer-endpoint"]
-                if new_peering["peer-endpoint"] == "":
-                    raise ValueError("peer-endpoint")
-            else:
-                new_peering["peer-endpoint"] = None
-            
-            if "peer-v6ll-enabled" in request.form and request.form["peer-v6ll-enabled"] == "on":
-                new_peering["peer-v6ll"] = request.form["peer-v6ll"]
-                if new_peering["peer-v6ll"] == "":
-                    raise ValueError("peer-v6ll")
-            else:
-                new_peering["peer-v6ll"] = None
-            if "peer-v4-enabled" in request.form and request.form["peer-v4-enabled"] == "on":
-                new_peering["peer-v4"] = request.form["peer-v4"]
-                if new_peering["peer-v4"] == "":
-                    raise ValueError("peer-v4")
-            else:
-                new_peering["peer-v4"] = None
-            if "peer-v6-enabled" in request.form and request.form["peer-v6-enabled"] == "on":
-                new_peering["peer-v6"] = request.form["peer-v6"]
-                if new_peering["peer-v6"] == "":
-                    raise ValueError("peer-v6")
-            else:
-                new_peering["peer-v6"] = None
-            #new_peering[""] = request.form["peer-wgkey"]
-        except ValueError as e:
-            print(f"error: {e.args}")
-            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="at least one of the required/enabled fields was not filled out"), 400
+        peering_valid, peering_or_msg = check_peering_data(request.form)
 
-        print(new_peering)
-
-        ## check wireguard key
-        wg_key_invalid = False
-        if len(new_peering["peer-wgkey"]) != 44:
-            wg_key_invalid = True
-        try:
-            base64.b64decode(new_peering["peer-wgkey"])
-        except:
-            wg_key_invalid = True
-        if wg_key_invalid: 
-            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="invalid wireguard Key"), 400
-
-        ## check endpoint 
-        if new_peering["peer-endpoint"]:
-            if not new_peering["peer-endpoint"].split(":")[-1].isnumeric():
-                return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="no port number in endpoint"), 400
-            elif len(new_peering["peer-endpoint"].split(":")) < 2 and not "." in new_peering["peer-endpoint"]:
-                return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="endpoint doesn't look like a ip address or fqdn"), 400
-
-        ## check if at least one ip is specified/enabled
-        try:
-            if not (new_peering["peer-v6ll"] or new_peering["peer-v4"] or new_peering["peer-v6"]):
-                return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="at least one of the ip addresses must be enabled and specified"), 400
-        except KeyError:
-            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="one of the values isn't valid"), 400
-
-        ## check if supplied ip addresses are valid
-        try:
-            if new_peering["peer-v6ll"]:
-                ipv6ll = ip_address(new_peering["peer-v6ll"])
-                if not ipv6ll.version == 6: raise ValueError()
-                if not ipv6ll.is_link_local: raise ValueError()
-            if new_peering["peer-v4"]:
-                ipv4 = ip_address(new_peering["peer-v4"])
-                if not ipv4.version == 4: raise ValueError()
-                if ipv4.is_link_local:
-                    pass
-                elif ipv4.is_private:
-                    if not (ipv4.compressed.startswith("172.2") or ipv4.compressed.startswith("10.")):
-                        raise ValueError()
-                    is_in_allowed = False
-                    if session["user-data"]["allowed4"]:
-                        for allowed4 in session["user-data"]["allowed4"].split(","):
-                            if ipv4 in ip_network(allowed4):
-                                is_in_allowed = True
-                    if not is_in_allowed:
-                        return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="supplied ipv4 addr not in allowed ip range"), 400
-                else: raise ValueError()
-            if new_peering["peer-v6"]:
-                ipv6 = ip_address(new_peering["peer-v6"])
-                if not ipv6.version == 6: raise ValueError()
-                if not ipv6.is_private: raise ValueError()
-                if ipv6.is_link_local: raise ValueError()
-                is_in_allowed = False
-                if session["user-data"]["allowed6"]:
-                    for allowed6 in session["user-data"]["allowed6"].split(","):
-                        if ipv6 in ip_network(allowed6):
-                            is_in_allowed = True
-                if not is_in_allowed:
-                    return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="supplied ipv6 addr not in allowed ip range"), 400
-            
-        except ValueError:
-            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="invalid ip address(es) supplied"), 400
-
-        if not peerings.add_peering(session["user-data"]["mnt"], session["user-data"]["asn"], request.args["node"], new_peering["peer-wgkey"], new_peering["peer-endpoint"], new_peering["peer-v6ll"], new_peering["peer-v4"], new_peering["peer-v6"]):
+        if not peering_valid:
+            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg=peering_or_msg), 400
+        if not peerings.add_peering(session["user-data"]["mnt"], session["user-data"]["asn"], request.args["node"], peering_or_msg["peer-wgkey"], peering_or_msg["peer-endpoint"], peering_or_msg["peer-v6ll"], peering_or_msg["peer-v4"], peering_or_msg["peer-v6"]):
             return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="this ASN already has a peering with the requested node"), 400
 
         return redirect(f"{config['base-dir']}peerings")
diff --git a/web/frontend/peerings-new.html b/web/frontend/peerings-new.html
index d3483a7..9a045ae 100644
--- a/web/frontend/peerings-new.html
+++ b/web/frontend/peerings-new.html
@@ -65,6 +65,18 @@
             }
         }
         
+        // check BGP cap
+        bgp_mp = document.getElementById("bgp-multi-protocol").checked;
+        bgp_enh = document.getElementById("bgp-extended-next-hop").checked;
+        if (! bgp_mp) {
+            if ( ! (ipv4_enabled && (ipv6_enabled||ipv6ll_enabled))) {
+                msg += "<li>both a ipv4 and ipv6 address must be spedified when not having MulitiProtocol</li>"
+            }
+            if (bgp_enh) {
+                msg += "<li>extended next hop is not supported without MultiProtocol</li>"
+            }
+        }
+
         // if an error occured (= there is a msg) show that msg
         if (msg != "<ul>") {
             document.getElementById("peer-invalid-note").innerHTML = msg+"</ul>";
@@ -120,11 +132,42 @@
             example_config_ip.style.display = "none";
         }
     }
+    function update_from_mpbgp() {
+        let example_config_bird1 = document.getElementById("example-config-bird1");
+        let example_config_bird2 = document.getElementById("example-config-bird2");
+        let mpbgp_enabled = document.getElementById("bgp-multi-protocol").checked;
+        let extended_next_hop = document.getElementById("bgp-extended-next-hop");
+        if (mpbgp_enabled) {
+            example_config_bird1.style.display = "none";
+            example_config_bird2.style.display = "";
+            extended_next_hop.disabled = false;
+        } else {
+            example_config_bird1.style.display = "";
+            example_config_bird2.style.display = "none";
+            extended_next_hop.checked = false;
+            extended_next_hop.disabled = true;
+            
+        }
+    }
+    function update_from_enh() {
+        let example_config_bird2_enh4 = document.getElementById("example-config-bird2-enh4");
+        let example_config_bird2_enh6 = document.getElementById("example-config-bird2-enh6");
+        let enh_anabled = document.getElementById("bgp-extended-next-hop").checked;
+        if (enh_anabled) {
+            example_config_bird2_enh4.innerHTML = "on";
+            example_config_bird2_enh6.innerHTML = "on";
+        } else {
+            example_config_bird2_enh4.innerHTML = "off";
+            example_config_bird2_enh6.innerHTML = "off";
+        }
+    }
 
     function on_load() {
         update_from_v6ll();
         update_from_v4();
         update_from_v6();
+        update_from_mpbgp();
+        update_from_enh();
     }
     document.onload = on_load;
 </script>
@@ -198,35 +241,53 @@
 <div class="example-config">
     
     <p>wg-quick:</p>
-    <div id="node-wireguard">
-        <code>
-            [Interface] <br>
-            PrivateKey = &ltyour private key&gt <br>
-            ListenPort = <span id="example-config-peer-port">2{{config["ASN"][-4:]}}</span><br>
-            <span id="example-config-ipv4">PostUp = ip address add <span id="example-config-peer-ipv4">...</span>/32 peer <span id="example-config-node-ipv4">{% if selected_node %}{{config["nodes"][selected_node]["internal-v4"]}} {% else %} ... {% endif %}</span><br></span>
-            <span id="example-config-ipv6">PostUp = ip address add <span id="example-config-peer-ipv6">...</span>/128 peer <span id="example-config-node-ipv6">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6"]}} {% else %} ... {% endif %}</span><br></span>
-            <span id="example-config-ipv6ll">PostUp = ip address add <span id="example-config-peer-ipv6ll">...</span>/128 peer <span id="example-config-node-ipv6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span><br></span>
-            Table = off <br>
-            <br>
-            [Peer] <br>
-            PublicKey = <span class="exmple-config-node-pubkey">{% if selected_node %}{{config["nodes"][selected_node]["wg-key"]}}{% else %} ... {% endif %}</span><br>
-            Endpoint = <span class="exmple-config-node-endpoint">{% if selected_node %}{{config["nodes"][selected_node]["endpoint"]}}{% else %} ... {% endif %}</span>:<span class="example-config-node-port">{% if selected_node %}{% if session["user-data"]["asn"].startswith("AS424242") %}5{{session["user-data"]["asn"][-4:]}}{% else %} ... {% endif %}{% else %} ... {% endif %}</span><br>
-            AllowedIPs = <span class="example-config-node-v6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span>,172.20.0.0/14,172.31.0.0/16,10.0.0.0/8,fd00::/8 <br>  
-        </code>
-    </div>
+    <pre id="node-wireguard">
+[Interface] <br>
+PrivateKey = &ltyour private key&gt
+ListenPort = <span id="example-config-peer-port">2{{config["ASN"][-4:]}}</span>
+<span id="example-config-ipv4">PostUp = ip address add <span id="example-config-peer-ipv4">...</span>/32 peer <span id="example-config-node-ipv4">{% if selected_node %}{{config["nodes"][selected_node]["internal-v4"]}} {% else %} ... {% endif %}</span><br></span><span id="example-config-ipv6">PostUp = ip address add <span id="example-config-peer-ipv6">...</span>/128 peer <span id="example-config-node-ipv6">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6"]}} {% else %} ... {% endif %}</span><br></span><span id="example-config-ipv6ll">PostUp = ip address add <span id="example-config-peer-ipv6ll">...</span>/128 peer <span id="example-config-node-ipv6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span></span>
+Table = off
+
+[Peer]
+PublicKey = <span id="exmple-config-node-pubkey">{% if selected_node %}{{config["nodes"][selected_node]["wg-key"]}}{% else %} ... {% endif %}</span>
+Endpoint = <span id="exmple-config-node-endpoint">{% if selected_node %}{{config["nodes"][selected_node]["endpoint"]}}{% else %} ... {% endif %}</span>:<span id="example-config-node-port">{% if selected_node %}{% if session["user-data"]["asn"].startswith("AS424242") %}5{{session["user-data"]["asn"][-4:]}}{% else %} ... {% endif %}{% else %} ... {% endif %}</span>
+AllowedIPs = <span id="example-config-node-v6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span>,172.20.0.0/14,172.31.0.0/16,10.0.0.0/8,fd00::/8
+    </pre>
     
-    <p>bird(2) config:</p>
-    <div id="peer-bird">
-        <code id="example-config-bird">
-            protocol bgp dn42_{{config["MNT"][:-4].lower()}} from dnpeers { <br>
-            &#9;neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %} as {{config["ASN"]}};<br>
-            &#9;interface "dn42_{{config["MNT"][:-4].lower()}}";<br>
-            } <br>
-        </code>
+    <p>bird config:</p>
+    <pre id="example-config-bird2">
+protocol bgp dn42_{{config["MNT"][:-4].lower()}} from dnpeers {
+    neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %} as {{config["ASN"]}};
+    interface "dn42_{{config["MNT"][:-4].lower()}}";
+    ipv4 {
+        extended next hop <span id="example-config-bird2-enh4">on</span>;
+    };
+    ipv6 {
+        extended next hop <span id="example-config-bird2-enh6">on</span>;
+    };
+}
+    </pre>
+
+    <pre id="example-config-bird1">
+protocol bgp dn42_{{config["MNT"][:-4].lower()}}_v4 from dnpeers {
+    neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v4"]}} {% else %} ... {% endif %} as {{config["ASN"]}};
+    interface "dn42_{{config["MNT"][:-4].lower()}}";
+    ipv4 {
+        
+    };
+protocol bgp dn42_{{config["MNT"][:-4].lower()}}_v6 from dnpeers {
+    <span id="example-bird1-v6ll">neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %} as {{config["ASN"]}};</span> 
+    <span id="example-bird1-v6">neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v6"]}} {% else %} ... {% endif %} as {{config["ASN"]}};</span>
+    interface "dn42_{{config["MNT"][:-4].lower()}}";
+    ipv6 {
+        
+    };
+}
+        </pre>
     </div>
 </div>
 <script>
-    document.onload()
+    document.onload();
 </script>
 
 {% endblock %}
\ No newline at end of file
diff --git a/web/frontend/static/style.css b/web/frontend/static/style.css
index 8d70597..5404df0 100644
--- a/web/frontend/static/style.css
+++ b/web/frontend/static/style.css
@@ -62,7 +62,7 @@ footer.flex {
     padding: 1%;
 }
 
-.example-config > div{
+.example-config > pre{
     border-color: var(--other-background);
     border-radius: 10px;
     padding: 10px;
@@ -82,6 +82,7 @@ form > div > * {
     grid-auto-flow: column;
     flex-direction: row;
     width: 100%;
+    margin: 10px;
 }
 .peering > div {
     display: flex;

From 29e981baafaef83dfc3d70e08f979971ad657aba Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Sat, 3 Dec 2022 13:31:47 +0100
Subject: [PATCH 40/42] add check for bgp cap

---
 web/backend/main.py            | 223 ++++++++++++++++++---------------
 web/frontend/peerings-new.html | 111 ++++++++++++----
 web/frontend/static/style.css  |   3 +-
 3 files changed, 208 insertions(+), 129 deletions(-)

diff --git a/web/backend/main.py b/web/backend/main.py
index 5dac035..bcca087 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -124,6 +124,122 @@ class PeeringManager:
 
 config = Config()
 peerings = PeeringManager(config["peerings"])
+kverifyer = kioubit_verify.AuthVerifyer(config["domain"])
+
+def check_peering_data(form):
+    new_peering = {}
+    # errors = 0
+    
+    ## check if all required (and enabled) options are specified
+    try:
+        new_peering["peer-asn"] = session["user-data"]["asn"]
+        new_peering["peer-wgkey"] = form["peer-wgkey"]
+        if "peer-endpoint-enabled" in form and form["peer-endpoint-enabled"] == "on":
+            new_peering["peer-endpoint"] = form["peer-endpoint"]
+            if new_peering["peer-endpoint"] == "":
+                raise ValueError("peer-endpoint")
+        else:
+            new_peering["peer-endpoint"] = None
+        
+        if "peer-v6ll-enabled" in form and form["peer-v6ll-enabled"] == "on":
+            new_peering["peer-v6ll"] = form["peer-v6ll"]
+            if new_peering["peer-v6ll"] == "":
+                raise ValueError("peer-v6ll")
+        else:
+            new_peering["peer-v6ll"] = None
+        if "peer-v4-enabled" in form and form["peer-v4-enabled"] == "on":
+            new_peering["peer-v4"] = form["peer-v4"]
+            if new_peering["peer-v4"] == "":
+                raise ValueError("peer-v4")
+        else:
+            new_peering["peer-v4"] = None
+        if "peer-v6-enabled" in form and form["peer-v6-enabled"] == "on":
+            new_peering["peer-v6"] = form["peer-v6"]
+            if new_peering["peer-v6"] == "":
+                raise ValueError("peer-v6")
+        else:
+            new_peering["peer-v6"] = None
+        new_peering["bgp-mp"] = form["bgp-multi-protocol"] if "bgp-multi-protocol" in form else "off"
+        new_peering["bgp-enh"] = form["bgp-extended-next-hop"] if "bgp-extended-next-hop" in form else "off"
+        #new_peering[""] = form["peer-wgkey"]
+    except ValueError as e:
+        print(f"error: {e.args}")
+        return False, "at least one of the required/enabled fields was not filled out"
+
+    print(new_peering)
+
+    ## check wireguard key
+    wg_key_invalid = False
+    if len(new_peering["peer-wgkey"]) != 44:
+        wg_key_invalid = True
+    try:
+        base64.b64decode(new_peering["peer-wgkey"])
+    except:
+        wg_key_invalid = True
+    if wg_key_invalid: 
+        return False, "invalid wireguard Key"
+
+    ## check endpoint 
+    if new_peering["peer-endpoint"]:
+        if not new_peering["peer-endpoint"].split(":")[-1].isnumeric():
+            return False, "no port number in endpoint"
+        elif len(new_peering["peer-endpoint"].split(":")) < 2 and not "." in new_peering["peer-endpoint"]:
+            return False, "endpoint doesn't look like a ip address or fqdn"
+
+    ## check if at least one ip is specified/enabled
+    try:
+        if not (new_peering["peer-v6ll"] or new_peering["peer-v4"] or new_peering["peer-v6"]):
+            return False, "at least one of the ip addresses must be enabled and specified"
+    except KeyError:
+        return False, "one of the values isn't valid"
+
+    ## check if supplied ip addresses are valid
+    try:
+        if new_peering["peer-v6ll"]:
+            ipv6ll = ip_address(new_peering["peer-v6ll"])
+            if not ipv6ll.version == 6: raise ValueError()
+            if not ipv6ll.is_link_local: raise ValueError()
+        if new_peering["peer-v4"]:
+            ipv4 = ip_address(new_peering["peer-v4"])
+            if not ipv4.version == 4: raise ValueError()
+            if ipv4.is_link_local:
+                pass
+            elif ipv4.is_private:
+                if not (ipv4.compressed.startswith("172.2") or ipv4.compressed.startswith("10.")):
+                    raise ValueError()
+                is_in_allowed = False
+                if session["user-data"]["allowed4"]:
+                    for allowed4 in session["user-data"]["allowed4"].split(","):
+                        if ipv4 in ip_network(allowed4):
+                            is_in_allowed = True
+                if not is_in_allowed:
+                    return False, "supplied ipv4 addr not in allowed ip range"
+            else: raise ValueError()
+        if new_peering["peer-v6"]:
+            ipv6 = ip_address(new_peering["peer-v6"])
+            if not ipv6.version == 6: raise ValueError()
+            if not ipv6.is_private: raise ValueError()
+            if ipv6.is_link_local: raise ValueError()
+            is_in_allowed = False
+            if session["user-data"]["allowed6"]:
+                for allowed6 in session["user-data"]["allowed6"].split(","):
+                    if ipv6 in ip_network(allowed6):
+                        is_in_allowed = True
+            if not is_in_allowed:
+                return False, "supplied ipv6 addr not in allowed ip range"
+    except ValueError:
+        return False, "invalid ip address(es) supplied"
+
+    # check bgp options
+    try:
+        if new_peering["bgp-mp"] == "off" and new_peering["bgp-enh"] == "on":
+            return False, "extended next hop requires multiprotocol bgp"
+        if new_peering["bgp-mp"] == "off":
+            if not (new_peering["peer-v4"] and (new_peering["peer-v6"] or new_peering["peer-v6ll"])):
+                return False, "ipv4 and ipv6 addresses required when not having MP-BGP"
+    except ValueError:
+        ...
+    return True, new_peering
 def auth_required():
     def wrapper(f):
         @wraps(f)
@@ -136,7 +252,6 @@ def auth_required():
     return wrapper
 
 
-kverifyer = kioubit_verify.AuthVerifyer(config["domain"])
 @app.route("/api/auth/kverify", methods=["GET", "POST"])
 def kioubit_auth():
     try: 
@@ -239,109 +354,11 @@ def peerings_new():
         if not "node" in request.args or not request.args["node"]:
             return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="no node specified, please click one of the buttons above")
 
-        new_peering = {}
-        # errors = 0
-        
-        ## check if all required (and enabled) options are specified
-        try:
-            new_peering["peer-asn"] = session["user-data"]["asn"]
-            new_peering["peer-wgkey"] = request.form["peer-wgkey"]
-            if  request.form["peer-endpoint-enabled"] == "on":
-                new_peering["peer-endpoint"] = request.form["peer-endpoint"]
-                if new_peering["peer-endpoint"] == "":
-                    raise ValueError("peer-endpoint")
-            else:
-                new_peering["peer-endpoint"] = None
-            
-            if "peer-v6ll-enabled" in request.form and request.form["peer-v6ll-enabled"] == "on":
-                new_peering["peer-v6ll"] = request.form["peer-v6ll"]
-                if new_peering["peer-v6ll"] == "":
-                    raise ValueError("peer-v6ll")
-            else:
-                new_peering["peer-v6ll"] = None
-            if "peer-v4-enabled" in request.form and request.form["peer-v4-enabled"] == "on":
-                new_peering["peer-v4"] = request.form["peer-v4"]
-                if new_peering["peer-v4"] == "":
-                    raise ValueError("peer-v4")
-            else:
-                new_peering["peer-v4"] = None
-            if "peer-v6-enabled" in request.form and request.form["peer-v6-enabled"] == "on":
-                new_peering["peer-v6"] = request.form["peer-v6"]
-                if new_peering["peer-v6"] == "":
-                    raise ValueError("peer-v6")
-            else:
-                new_peering["peer-v6"] = None
-            #new_peering[""] = request.form["peer-wgkey"]
-        except ValueError as e:
-            print(f"error: {e.args}")
-            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="at least one of the required/enabled fields was not filled out"), 400
+        peering_valid, peering_or_msg = check_peering_data(request.form)
 
-        print(new_peering)
-
-        ## check wireguard key
-        wg_key_invalid = False
-        if len(new_peering["peer-wgkey"]) != 44:
-            wg_key_invalid = True
-        try:
-            base64.b64decode(new_peering["peer-wgkey"])
-        except:
-            wg_key_invalid = True
-        if wg_key_invalid: 
-            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="invalid wireguard Key"), 400
-
-        ## check endpoint 
-        if new_peering["peer-endpoint"]:
-            if not new_peering["peer-endpoint"].split(":")[-1].isnumeric():
-                return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="no port number in endpoint"), 400
-            elif len(new_peering["peer-endpoint"].split(":")) < 2 and not "." in new_peering["peer-endpoint"]:
-                return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="endpoint doesn't look like a ip address or fqdn"), 400
-
-        ## check if at least one ip is specified/enabled
-        try:
-            if not (new_peering["peer-v6ll"] or new_peering["peer-v4"] or new_peering["peer-v6"]):
-                return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="at least one of the ip addresses must be enabled and specified"), 400
-        except KeyError:
-            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="one of the values isn't valid"), 400
-
-        ## check if supplied ip addresses are valid
-        try:
-            if new_peering["peer-v6ll"]:
-                ipv6ll = ip_address(new_peering["peer-v6ll"])
-                if not ipv6ll.version == 6: raise ValueError()
-                if not ipv6ll.is_link_local: raise ValueError()
-            if new_peering["peer-v4"]:
-                ipv4 = ip_address(new_peering["peer-v4"])
-                if not ipv4.version == 4: raise ValueError()
-                if ipv4.is_link_local:
-                    pass
-                elif ipv4.is_private:
-                    if not (ipv4.compressed.startswith("172.2") or ipv4.compressed.startswith("10.")):
-                        raise ValueError()
-                    is_in_allowed = False
-                    if session["user-data"]["allowed4"]:
-                        for allowed4 in session["user-data"]["allowed4"].split(","):
-                            if ipv4 in ip_network(allowed4):
-                                is_in_allowed = True
-                    if not is_in_allowed:
-                        return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="supplied ipv4 addr not in allowed ip range"), 400
-                else: raise ValueError()
-            if new_peering["peer-v6"]:
-                ipv6 = ip_address(new_peering["peer-v6"])
-                if not ipv6.version == 6: raise ValueError()
-                if not ipv6.is_private: raise ValueError()
-                if ipv6.is_link_local: raise ValueError()
-                is_in_allowed = False
-                if session["user-data"]["allowed6"]:
-                    for allowed6 in session["user-data"]["allowed6"].split(","):
-                        if ipv6 in ip_network(allowed6):
-                            is_in_allowed = True
-                if not is_in_allowed:
-                    return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="supplied ipv6 addr not in allowed ip range"), 400
-            
-        except ValueError:
-            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="invalid ip address(es) supplied"), 400
-
-        if not peerings.add_peering(session["user-data"]["mnt"], session["user-data"]["asn"], request.args["node"], new_peering["peer-wgkey"], new_peering["peer-endpoint"], new_peering["peer-v6ll"], new_peering["peer-v4"], new_peering["peer-v6"]):
+        if not peering_valid:
+            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg=peering_or_msg), 400
+        if not peerings.add_peering(session["user-data"]["mnt"], session["user-data"]["asn"], request.args["node"], peering_or_msg["peer-wgkey"], peering_or_msg["peer-endpoint"], peering_or_msg["peer-v6ll"], peering_or_msg["peer-v4"], peering_or_msg["peer-v6"]):
             return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="this ASN already has a peering with the requested node"), 400
 
         return redirect(f"{config['base-dir']}peerings")
diff --git a/web/frontend/peerings-new.html b/web/frontend/peerings-new.html
index d3483a7..9a045ae 100644
--- a/web/frontend/peerings-new.html
+++ b/web/frontend/peerings-new.html
@@ -65,6 +65,18 @@
             }
         }
         
+        // check BGP cap
+        bgp_mp = document.getElementById("bgp-multi-protocol").checked;
+        bgp_enh = document.getElementById("bgp-extended-next-hop").checked;
+        if (! bgp_mp) {
+            if ( ! (ipv4_enabled && (ipv6_enabled||ipv6ll_enabled))) {
+                msg += "<li>both a ipv4 and ipv6 address must be spedified when not having MulitiProtocol</li>"
+            }
+            if (bgp_enh) {
+                msg += "<li>extended next hop is not supported without MultiProtocol</li>"
+            }
+        }
+
         // if an error occured (= there is a msg) show that msg
         if (msg != "<ul>") {
             document.getElementById("peer-invalid-note").innerHTML = msg+"</ul>";
@@ -120,11 +132,42 @@
             example_config_ip.style.display = "none";
         }
     }
+    function update_from_mpbgp() {
+        let example_config_bird1 = document.getElementById("example-config-bird1");
+        let example_config_bird2 = document.getElementById("example-config-bird2");
+        let mpbgp_enabled = document.getElementById("bgp-multi-protocol").checked;
+        let extended_next_hop = document.getElementById("bgp-extended-next-hop");
+        if (mpbgp_enabled) {
+            example_config_bird1.style.display = "none";
+            example_config_bird2.style.display = "";
+            extended_next_hop.disabled = false;
+        } else {
+            example_config_bird1.style.display = "";
+            example_config_bird2.style.display = "none";
+            extended_next_hop.checked = false;
+            extended_next_hop.disabled = true;
+            
+        }
+    }
+    function update_from_enh() {
+        let example_config_bird2_enh4 = document.getElementById("example-config-bird2-enh4");
+        let example_config_bird2_enh6 = document.getElementById("example-config-bird2-enh6");
+        let enh_anabled = document.getElementById("bgp-extended-next-hop").checked;
+        if (enh_anabled) {
+            example_config_bird2_enh4.innerHTML = "on";
+            example_config_bird2_enh6.innerHTML = "on";
+        } else {
+            example_config_bird2_enh4.innerHTML = "off";
+            example_config_bird2_enh6.innerHTML = "off";
+        }
+    }
 
     function on_load() {
         update_from_v6ll();
         update_from_v4();
         update_from_v6();
+        update_from_mpbgp();
+        update_from_enh();
     }
     document.onload = on_load;
 </script>
@@ -198,35 +241,53 @@
 <div class="example-config">
     
     <p>wg-quick:</p>
-    <div id="node-wireguard">
-        <code>
-            [Interface] <br>
-            PrivateKey = &ltyour private key&gt <br>
-            ListenPort = <span id="example-config-peer-port">2{{config["ASN"][-4:]}}</span><br>
-            <span id="example-config-ipv4">PostUp = ip address add <span id="example-config-peer-ipv4">...</span>/32 peer <span id="example-config-node-ipv4">{% if selected_node %}{{config["nodes"][selected_node]["internal-v4"]}} {% else %} ... {% endif %}</span><br></span>
-            <span id="example-config-ipv6">PostUp = ip address add <span id="example-config-peer-ipv6">...</span>/128 peer <span id="example-config-node-ipv6">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6"]}} {% else %} ... {% endif %}</span><br></span>
-            <span id="example-config-ipv6ll">PostUp = ip address add <span id="example-config-peer-ipv6ll">...</span>/128 peer <span id="example-config-node-ipv6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span><br></span>
-            Table = off <br>
-            <br>
-            [Peer] <br>
-            PublicKey = <span class="exmple-config-node-pubkey">{% if selected_node %}{{config["nodes"][selected_node]["wg-key"]}}{% else %} ... {% endif %}</span><br>
-            Endpoint = <span class="exmple-config-node-endpoint">{% if selected_node %}{{config["nodes"][selected_node]["endpoint"]}}{% else %} ... {% endif %}</span>:<span class="example-config-node-port">{% if selected_node %}{% if session["user-data"]["asn"].startswith("AS424242") %}5{{session["user-data"]["asn"][-4:]}}{% else %} ... {% endif %}{% else %} ... {% endif %}</span><br>
-            AllowedIPs = <span class="example-config-node-v6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span>,172.20.0.0/14,172.31.0.0/16,10.0.0.0/8,fd00::/8 <br>  
-        </code>
-    </div>
+    <pre id="node-wireguard">
+[Interface] <br>
+PrivateKey = &ltyour private key&gt
+ListenPort = <span id="example-config-peer-port">2{{config["ASN"][-4:]}}</span>
+<span id="example-config-ipv4">PostUp = ip address add <span id="example-config-peer-ipv4">...</span>/32 peer <span id="example-config-node-ipv4">{% if selected_node %}{{config["nodes"][selected_node]["internal-v4"]}} {% else %} ... {% endif %}</span><br></span><span id="example-config-ipv6">PostUp = ip address add <span id="example-config-peer-ipv6">...</span>/128 peer <span id="example-config-node-ipv6">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6"]}} {% else %} ... {% endif %}</span><br></span><span id="example-config-ipv6ll">PostUp = ip address add <span id="example-config-peer-ipv6ll">...</span>/128 peer <span id="example-config-node-ipv6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span></span>
+Table = off
+
+[Peer]
+PublicKey = <span id="exmple-config-node-pubkey">{% if selected_node %}{{config["nodes"][selected_node]["wg-key"]}}{% else %} ... {% endif %}</span>
+Endpoint = <span id="exmple-config-node-endpoint">{% if selected_node %}{{config["nodes"][selected_node]["endpoint"]}}{% else %} ... {% endif %}</span>:<span id="example-config-node-port">{% if selected_node %}{% if session["user-data"]["asn"].startswith("AS424242") %}5{{session["user-data"]["asn"][-4:]}}{% else %} ... {% endif %}{% else %} ... {% endif %}</span>
+AllowedIPs = <span id="example-config-node-v6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span>,172.20.0.0/14,172.31.0.0/16,10.0.0.0/8,fd00::/8
+    </pre>
     
-    <p>bird(2) config:</p>
-    <div id="peer-bird">
-        <code id="example-config-bird">
-            protocol bgp dn42_{{config["MNT"][:-4].lower()}} from dnpeers { <br>
-            &#9;neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %} as {{config["ASN"]}};<br>
-            &#9;interface "dn42_{{config["MNT"][:-4].lower()}}";<br>
-            } <br>
-        </code>
+    <p>bird config:</p>
+    <pre id="example-config-bird2">
+protocol bgp dn42_{{config["MNT"][:-4].lower()}} from dnpeers {
+    neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %} as {{config["ASN"]}};
+    interface "dn42_{{config["MNT"][:-4].lower()}}";
+    ipv4 {
+        extended next hop <span id="example-config-bird2-enh4">on</span>;
+    };
+    ipv6 {
+        extended next hop <span id="example-config-bird2-enh6">on</span>;
+    };
+}
+    </pre>
+
+    <pre id="example-config-bird1">
+protocol bgp dn42_{{config["MNT"][:-4].lower()}}_v4 from dnpeers {
+    neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v4"]}} {% else %} ... {% endif %} as {{config["ASN"]}};
+    interface "dn42_{{config["MNT"][:-4].lower()}}";
+    ipv4 {
+        
+    };
+protocol bgp dn42_{{config["MNT"][:-4].lower()}}_v6 from dnpeers {
+    <span id="example-bird1-v6ll">neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %} as {{config["ASN"]}};</span> 
+    <span id="example-bird1-v6">neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v6"]}} {% else %} ... {% endif %} as {{config["ASN"]}};</span>
+    interface "dn42_{{config["MNT"][:-4].lower()}}";
+    ipv6 {
+        
+    };
+}
+        </pre>
     </div>
 </div>
 <script>
-    document.onload()
+    document.onload();
 </script>
 
 {% endblock %}
\ No newline at end of file
diff --git a/web/frontend/static/style.css b/web/frontend/static/style.css
index 8d70597..5404df0 100644
--- a/web/frontend/static/style.css
+++ b/web/frontend/static/style.css
@@ -62,7 +62,7 @@ footer.flex {
     padding: 1%;
 }
 
-.example-config > div{
+.example-config > pre{
     border-color: var(--other-background);
     border-radius: 10px;
     padding: 10px;
@@ -82,6 +82,7 @@ form > div > * {
     grid-auto-flow: column;
     flex-direction: row;
     width: 100%;
+    margin: 10px;
 }
 .peering > div {
     display: flex;

From 8cb78cde2edb8c11d25bc268f971be24a9d5dee7 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Sat, 3 Dec 2022 23:26:04 +0100
Subject: [PATCH 41/42] add functionality to edit peerings

---
 .vscode/launch.json             |   3 +-
 web/backend/main.py             |  63 ++++++-
 web/frontend/peerings-edit.html | 296 ++++++++++++++++++++++++++++++++
 web/frontend/static/style.css   |   8 +-
 4 files changed, 360 insertions(+), 10 deletions(-)
 create mode 100644 web/frontend/peerings-edit.html

diff --git a/.vscode/launch.json b/.vscode/launch.json
index 6b05b4b..3c079fc 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -5,8 +5,9 @@
       "type": "python",
       "request": "launch",
       "program": "${file}",
+      "cwd": "${workspaceFolder}/web/",
       "console": "integratedTerminal",
-      "justMyCode": false
+      "justMyCode": true
     }
   ]
 }
diff --git a/web/backend/main.py b/web/backend/main.py
index bcca087..73aa493 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -101,11 +101,14 @@ class PeeringManager:
         except KeyError:
             return {}
 
-    def add_peering(self, mnt, asn, node, wg_key, endpoint=None, ipv6ll=None, ipv4=None, ipv6=None):
+    def add_peering(self, mnt, asn, node, wg_key, endpoint=None, ipv6ll=None, ipv4=None, ipv6=None, bgp_mp=True, bgp_enh=True):
+        # check if this MNT already has a/this asn
         try:
             if not asn in self.peerings["mnter"][mnt]:
+                # ... and add it if it hasn't
                 self.peerings[mnt].append(asn)
         except KeyError:
+            # ... and cerate it if it doesn't have any yet
             self.peerings["mnter"][mnt] = [asn]
         try:
             if not asn in self.peerings["asn"]:
@@ -116,10 +119,34 @@ class PeeringManager:
         # deny more than one peering per ASN to one node 
         for peering in self.peerings["asn"][asn]:
             if peering["node"] == node: return False
-        self.peerings["asn"][asn].append({"MNT":mnt,"ASN":asn, "node": node, "wg_key":wg_key, "endpoint": endpoint,"ipv6ll":ipv6ll,"ipv4":ipv4,"ipv6":ipv6})
+        
+        self.peerings["asn"][asn].append({"MNT":mnt,"ASN":asn, "node": node, "wg_key":wg_key, "endpoint": endpoint,"ipv6ll":ipv6ll,"ipv4":ipv4,"ipv6":ipv6, "bgp_mp":bgp_mp, "bgp_enh":bgp_enh})
 
         self._save_peerings()
         return True
+    def update_peering(self, mnt, asn, node, wg_key, endpoint=None, ipv6ll=None, ipv4=None, ipv6=None, bgp_mp=True, bgp_enh=True):
+        # check if this MNT already has a/this asn
+        try:
+            if not asn in self.peerings["mnter"][mnt]:
+                # ... and add it if it hasn't
+                self.peerings[mnt].append(asn)
+        except KeyError:
+            # ... and cerate it if it doesn't have any yet
+            self.peerings["mnter"][mnt] = [asn]
+        try:
+            if not asn in self.peerings["asn"]:
+                return False
+        except KeyError:
+            return False
+        
+        success = False
+        for pNr in range(len(self.peerings["asn"][asn])):
+            if self.peerings["asn"][asn][pNr]["node"] == node:
+                self.peerings["asn"][asn][pNr] = {"MNT":mnt,"ASN":asn, "node": node, "wg_key":wg_key, "endpoint": endpoint,"ipv6ll":ipv6ll,"ipv4":ipv4,"ipv6":ipv6, "bgp_mp":bgp_mp, "bgp_enh":bgp_enh}
+                success = True
+        if not success: return False
+        self._save_peerings()
+        return True
         
 
 config = Config()
@@ -160,7 +187,9 @@ def check_peering_data(form):
         else:
             new_peering["peer-v6"] = None
         new_peering["bgp-mp"] = form["bgp-multi-protocol"] if "bgp-multi-protocol" in form else "off"
+        new_peering["bgp-mp"] = True if new_peering["bgp-mp"] else False
         new_peering["bgp-enh"] = form["bgp-extended-next-hop"] if "bgp-extended-next-hop" in form else "off"
+        new_peering["bgp-enh"] = True if new_peering["bgp-enh"] else False
         #new_peering[""] = form["peer-wgkey"]
     except ValueError as e:
         print(f"error: {e.args}")
@@ -332,12 +361,33 @@ def peerings_delete():
 def peerings_edit():
     print(session)
     if request.method == "GET":
+        mnt_peerings = peerings.get_peerings_by_mnt(session["login"])
+        # print(mnt_peerings)
         if "node" in request.args and request.args["node"] in config["nodes"]:
-            return render_template("peerings-new.html", config=config, selected_node=request.args["node"], peerings=peerings)
+            selected_peering = None
+            for p in mnt_peerings:
+                if p["node"] == request.args["node"] and p["ASN"] == request.args["asn"]:
+                    selected_peering = p
+                    print(p)
+                    break
+            return render_template("peerings-edit.html", session=session, config=config, mnt_peerings=mnt_peerings, selected_peering=selected_peering)
         else: 
-            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings)
+            return render_template("peerings-edit.html", session=session, config=config, mnt_peerings=mnt_peerings, selected_peering=None)
     elif request.method == "POST":
+        print(request.args)
+        print(request.form)
+        if not "node" in request.args or not request.args["node"]:
+            return render_template("peerings-edit.html",  session=session,config=config, peerings=peerings, msg="no node specified, please click one of the buttons above")
 
+        peering_valid, peering_or_msg = check_peering_data(request.form)
+        print(peering_valid)
+        print(peering_or_msg)
+        if not peering_valid:
+            return render_template("peerings-edit.html",  session=session,config=config, peerings=peerings, msg=peering_or_msg), 400
+        if not peerings.update_peering(session["user-data"]["mnt"], session["user-data"]["asn"], request.args["node"], peering_or_msg["peer-wgkey"], peering_or_msg["peer-endpoint"], peering_or_msg["peer-v6ll"], peering_or_msg["peer-v4"], peering_or_msg["peer-v6"], peering_or_msg["bgp-mp"], peering_or_msg["bgp-enh"]):
+            return render_template("peerings-edit.html",  session=session,config=config, peerings=peerings, msg="such a peering doesn't exist(yet)"), 400
+
+        return redirect(f"{config['base-dir']}peerings")
         return f"{request.method} /peerings/edit?{str(request.args)}{str(request.form)}"
 @app.route("/peerings/new", methods=["GET","POST"])
 @auth_required()
@@ -358,12 +408,11 @@ def peerings_new():
 
         if not peering_valid:
             return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg=peering_or_msg), 400
-        if not peerings.add_peering(session["user-data"]["mnt"], session["user-data"]["asn"], request.args["node"], peering_or_msg["peer-wgkey"], peering_or_msg["peer-endpoint"], peering_or_msg["peer-v6ll"], peering_or_msg["peer-v4"], peering_or_msg["peer-v6"]):
+        if not peerings.add_peering(session["user-data"]["mnt"], session["user-data"]["asn"], request.args["node"], peering_or_msg["peer-wgkey"], peering_or_msg["peer-endpoint"], peering_or_msg["peer-v6ll"], peering_or_msg["peer-v4"], peering_or_msg["peer-v6"], peering_or_msg["bgp-mp"], peering_or_msg["bgp-enh"]):
             return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="this ASN already has a peering with the requested node"), 400
 
         return redirect(f"{config['base-dir']}peerings")
-        return """<div>creating peerings is not (yet) implemented</div><div><a href="../">return</a>"""
-        return f"{request.method} /peerings/new {str(request.args)}{str(request.form)}"
+
 @app.route("/peerings", methods=["GET","POST","DELETE"])
 @auth_required()
 def peerings_view():
diff --git a/web/frontend/peerings-edit.html b/web/frontend/peerings-edit.html
new file mode 100644
index 0000000..558be93
--- /dev/null
+++ b/web/frontend/peerings-edit.html
@@ -0,0 +1,296 @@
+{% extends 'base.html' %}
+
+{% block content %}
+<script>
+    function form_validate(form) {
+        console.log(form);
+        let msg = "<ul>";
+            
+        // check wireguard pubkey
+        let wg_key = document.getElementById("peer-wgkey").value;
+        if (wg_key.length != 44 || wg_key.slice(-1) != "="){
+            msg += "<li>invalid Wireguard key</li>";            
+        }
+        try {
+            window.atob(wg_key)
+        } catch (error) {
+            msg += "<li>invalid Wireguard key</li>";            
+        }
+            
+        // check endpoint
+        let endpoint_enabled = document.getElementById("peer-endpoint-enabled").checked;
+        let endpoint = document.getElementById("peer-endpoint").value;
+        if (endpoint_enabled) {
+            if (! endpoint) {
+                msg += "<li>endpoint enabled but non specified</li>";
+            } else if (isNaN(endpoint.split(":").at(-1))) {
+                msg += "<li>endpoint doesn't end with a (port)number</li>";
+            } else if (endpoint.split(":").length < 2 && endpoint.indexOf(".") == -1) {
+                msg += "<li>endpoint doesn't look like a ip address or fqdn</li>";
+            }
+        }
+        
+        // check ip addresses
+        let ipv6ll_enabled = document.getElementById("peer-v6ll-enabled").checked;
+        let ipv4_enabled = document.getElementById("peer-v4-enabled").checked;
+        let ipv6_enabled = document.getElementById("peer-v6-enabled").checked;
+
+        let ipv6ll = document.getElementById("peer-v6ll").value;
+        let ipv4 = document.getElementById("peer-v4").value;
+        let ipv6 = document.getElementById("peer-v6").value;
+
+        if (!(ipv6ll_enabled || ipv4_enabled || ipv6_enabled)) {
+            msg += "<li>at least one ip type has to be enabled and specified</li>";
+        }
+
+        if (ipv6ll_enabled) {
+            if (! ipv6ll) {
+                msg += "<li>ipv6 LinkLocal enabled but non specified</li>";
+            } else if (!ipv6ll.startsWith("fe80::")) {
+                msg += "<li>ipv6 LinkLocal is no valid LinkLocal address</li>";
+            }
+        }
+        if (ipv4_enabled) {
+            if (! ipv4) {
+                msg += "<li>ipv4 enabled but non specified</li>";
+            } else if (!(ipv4.startsWith("172.2") || ipv4.startsWith("10.") || ipv4.startsWith("169.254")) ) {
+                msg += "<li>ipv4 is no valid dn42/neo/icvpn/LinkLocal address</li>";
+            }
+        }
+        if (ipv6_enabled) {
+            if (! ipv6) {
+                msg += "<li>ipv6 enabled but non specified</li>";
+            } else if (!ipv6.startsWith("fd")) {
+                msg += "<li>ipv6 is no valid fd00::/8 address</li>";
+            }
+        }
+        
+        // check BGP cap
+        bgp_mp = document.getElementById("bgp-multi-protocol").checked;
+        bgp_enh = document.getElementById("bgp-extended-next-hop").checked;
+        if (! bgp_mp) {
+            if ( ! (ipv4_enabled && (ipv6_enabled||ipv6ll_enabled))) {
+                msg += "<li>both a ipv4 and ipv6 address must be spedified when not having MulitiProtocol</li>"
+            }
+            if (bgp_enh) {
+                msg += "<li>extended next hop is not supported without MultiProtocol</li>"
+            }
+        }
+
+        // if an error occured (= there is a msg) show that msg
+        if (msg != "<ul>") {
+            document.getElementById("peer-invalid-note").innerHTML = msg+"</ul>";
+            return false;
+        }
+        return true
+    }
+    
+    // update exaple config when changing values
+    function update_from_endpoint() {
+        let example_config_peer_port = document.getElementById("example-config-peer-port");
+        let endpoint_enabled = document.getElementById("peer-endpoint-enabled").checked;
+        let endpoint = document.getElementById("peer-endpoint").value;
+        if (endpoint_enabled && endpoint && endpoint.split(":").length >= 2) {
+            example_config_peer_port.innerHTML = endpoint.split(":").at(-1);
+            return
+        }
+        example_config_peer_port.innerHTML = '2{{config["ASN"][-4:]}}'
+    }
+    function update_from_v6ll() {
+        let example_config_ip = document.getElementById("example-config-ipv6ll");
+        let example_config_peer_ip = document.getElementById("example-config-peer-ipv6ll");
+        let ip_enabled = document.getElementById("peer-v6ll-enabled").checked;
+        let ip = document.getElementById("peer-v6ll").value;
+        if (ip_enabled) {
+            example_config_ip.style.display = "";
+            example_config_peer_ip.innerHTML = ip;
+        } else {
+            example_config_ip.style.display = "none";
+        }
+    }
+    function update_from_v4() {
+        let example_config_ip = document.getElementById("example-config-ipv4");
+        let example_config_peer_ip = document.getElementById("example-config-peer-ipv4");
+        let ip_enabled = document.getElementById("peer-v4-enabled").checked;
+        let ip = document.getElementById("peer-v4").value;
+        if (ip_enabled) {
+            example_config_ip.style.display = "";
+            example_config_peer_ip.innerHTML = ip;
+        } else {
+            example_config_ip.style.display = "none";
+        }
+    }
+    function update_from_v6() {
+        let example_config_ip = document.getElementById("example-config-ipv6");
+        let example_config_peer_ip = document.getElementById("example-config-peer-ipv6");
+        let ip_enabled = document.getElementById("peer-v6-enabled").checked;
+        let ip = document.getElementById("peer-v6").value;
+        if (ip_enabled) {
+            example_config_ip.style.display = "";
+            example_config_peer_ip.innerHTML = ip;
+        } else {
+            example_config_ip.style.display = "none";
+        }
+    }
+    function update_from_mpbgp() {
+        let example_config_bird1 = document.getElementById("example-config-bird1");
+        let example_config_bird2 = document.getElementById("example-config-bird2");
+        let mpbgp_enabled = document.getElementById("bgp-multi-protocol").checked;
+        let extended_next_hop = document.getElementById("bgp-extended-next-hop");
+        if (mpbgp_enabled) {
+            example_config_bird1.style.display = "none";
+            example_config_bird2.style.display = "";
+            extended_next_hop.disabled = false;
+        } else {
+            example_config_bird1.style.display = "";
+            example_config_bird2.style.display = "none";
+            extended_next_hop.checked = false;
+            extended_next_hop.disabled = true;
+            
+        }
+    }
+    function update_from_enh() {
+        let example_config_bird2_enh4 = document.getElementById("example-config-bird2-enh4");
+        let example_config_bird2_enh6 = document.getElementById("example-config-bird2-enh6");
+        let enh_anabled = document.getElementById("bgp-extended-next-hop").checked;
+        if (enh_anabled) {
+            example_config_bird2_enh4.innerHTML = "on";
+            example_config_bird2_enh6.innerHTML = "on";
+        } else {
+            example_config_bird2_enh4.innerHTML = "off";
+            example_config_bird2_enh6.innerHTML = "off";
+        }
+    }
+
+    function on_load() {
+        update_from_v6ll();
+        update_from_v4();
+        update_from_v6();
+        update_from_mpbgp();
+        update_from_enh();
+    }
+    document.onload = on_load;
+</script>
+
+<div>
+    {% for peering in mnt_peerings %}
+    <a href="?node={{peering['node']}}&asn={{session['user-data']['asn']}}">
+        <button {% if selected_peering %}{% if selected_peering == peering['node'] %}class="button-selected"{% endif %}{% endif %}>
+            with<br>{{peering["node"]}}
+        </button>
+        {% if selected_node == peering['node'] %}
+            {% set selected_peering = peering %}
+        {% endif %}
+    </a>
+    {% endfor %}
+</div>
+<form action="" method="post" class="flex" onsubmit="return form_validate(this)">
+    <div id="peer-invalid-note" style="background-color:red;">{% if msg %}{{msg}}{%endif%}</div>
+    <table>
+        <tr>
+            <td><label for="peer-asn">Your ASN</label></td>
+            <td></td>
+            <td><input type="text" name="peer-asn" id="peer-asn" disabled="disabled" value="{{session['user-data']['asn']}}"></td>
+        </tr>
+        <tr>
+            <td><h4>Wireguard</h4></td>
+            <td></td>
+            <td></td>
+        </tr>
+        <tr>
+            <td><label for="peer-wgkey">your Wireguard Publickey</label></td>
+            <td></td>
+            <td><input type="text" name="peer-wgkey" id="peer-wgkey" maxlength="44" minlength="44" required value="{{selected_peering['wg_key']}}"></td>
+        </tr>
+        <tr>
+            <td><label for="peer-endpoint">your Endpoint</label></td>
+            <td><input type="checkbox" name="peer-endpoint-enabled" id="peer-endpoint-enabled" {% if selected_peering["endpoint"] %} checked {% endif %}></td>
+            <td><input type="text" name="peer-endpoint" id="peer-endpoint" onchange="return update_from_endpoint()" {% if selected_peering["endpoint"] %}value="{{selected_peering['endpoint']}}" {% endif %}></td>
+        </tr>
+        <tr>
+            <td><label for="peer-v6ll">your ipv6 LinkLocal</label></td>
+            <td><input type="checkbox" name="peer-v6ll-enabled" id="peer-v6ll-enabled" onchange="return update_from_v6ll()"{% if selected_peering["ipv6ll"] %} checked {% endif %}></td>
+            <td><input type="text" name="peer-v6ll" id="peer-v6ll" onchange="return update_from_v6ll()"{% if selected_peering["ipv6ll"] %}value="{{selected_peering['ipv6ll']}}" {% endif %}></td>
+        </tr>
+        <tr>
+            <td><label for="peer-v4">your ipv4</label></td>
+            <td><input type="checkbox" name="peer-v4-enabled" id="peer-v4-enabled"onchange="return update_from_v4()" {% if selected_peering["ipv4"] %} checked {% endif %}></td>
+            <td><input type="text" name="peer-v4" id="peer-v4"onchange="return update_from_v4()" {% if selected_peering["ipv4"] %}value="{{selected_peering['ipv4']}}" {% endif %}></td>
+        </tr>
+        <tr>
+            <td><label for="peer-v6">your ipv6</label></td>
+            <td><input type="checkbox" name="peer-v6-enabled" id="peer-v6-enabled"onchange="return update_from_v6()"{% if selected_peering["ipv6"] %} checked {% endif %}></td>
+            <td><input type="text" name="peer-v6" id="peer-v6"onchange="return update_from_v6()" {% if selected_peering["ipv6"] %}value="{{selected_peering['ipv6']}}" {% endif %}></td>
+        </tr>
+        <tr>
+            <td><h4>BGP</h4></td>
+            <td></td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>MultiProtocol</td>
+            <td><input type="checkbox" name="bgp-multi-protocol" id="bgp-multi-protocol" onchange="return update_from_mpbgp()" {% if selected_peering["bgp-mp"] %} checked {% endif %}></td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>extended next hop</td>
+            <td><input type="checkbox" name="bgp-extended-next-hop" id="bgp-extended-next-hop" onchange="return update_from_enh()" {% if selected_peering["bgp-enh"] %} checked {% endif %}></td>
+            <td></td>
+        </tr>
+    </table>
+
+    <input type="submit" value="submit">
+</form>
+<div class="example-config">
+    <noscript>this example config requires Javascript to work</noscript>
+    <p>wg-quick:</p>
+    <pre id="node-wireguard">
+[Interface] <br>
+PrivateKey = &ltyour private key&gt
+ListenPort = <span id="example-config-peer-port">2{{config["ASN"][-4:]}}</span>
+<span id="example-config-ipv4">PostUp = ip address add <span id="example-config-peer-ipv4">...</span>/32 peer <span id="example-config-node-ipv4">{% if selected_node %}{{config["nodes"][selected_node]["internal-v4"]}} {% else %} ... {% endif %}</span><br></span><span id="example-config-ipv6">PostUp = ip address add <span id="example-config-peer-ipv6">...</span>/128 peer <span id="example-config-node-ipv6">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6"]}} {% else %} ... {% endif %}</span><br></span><span id="example-config-ipv6ll">PostUp = ip address add <span id="example-config-peer-ipv6ll">...</span>/128 peer <span id="example-config-node-ipv6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span></span>
+Table = off
+
+[Peer]
+PublicKey = <span id="exmple-config-node-pubkey">{% if selected_node %}{{config["nodes"][selected_node]["wg-key"]}}{% else %} ... {% endif %}</span>
+Endpoint = <span id="exmple-config-node-endpoint">{% if selected_node %}{{config["nodes"][selected_node]["endpoint"]}}{% else %} ... {% endif %}</span>:<span id="example-config-node-port">{% if selected_node %}{% if session["user-data"]["asn"].startswith("AS424242") %}5{{session["user-data"]["asn"][-4:]}}{% else %} ... {% endif %}{% else %} ... {% endif %}</span>
+AllowedIPs = <span id="example-config-node-v6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span>,172.20.0.0/14,172.31.0.0/16,10.0.0.0/8,fd00::/8
+    </pre>
+    
+    <p>bird config:</p>
+    <pre id="example-config-bird2">
+protocol bgp dn42_{{config["MNT"][:-4].lower()}} from dnpeers {
+    neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %} as {{config["ASN"]}};
+    interface "dn42_{{config["MNT"][:-4].lower()}}";
+    ipv4 {
+        extended next hop <span id="example-config-bird2-enh4">on</span>;
+    };
+    ipv6 {
+        extended next hop <span id="example-config-bird2-enh6">on</span>;
+    };
+}
+    </pre>
+
+    <pre id="example-config-bird1">
+protocol bgp dn42_{{config["MNT"][:-4].lower()}}_v4 from dnpeers {
+    neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v4"]}} {% else %} ... {% endif %} as {{config["ASN"]}};
+    interface "dn42_{{config["MNT"][:-4].lower()}}";
+    ipv4 {
+        
+    };
+protocol bgp dn42_{{config["MNT"][:-4].lower()}}_v6 from dnpeers {
+    <span id="example-bird1-v6ll">neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %} as {{config["ASN"]}};</span> 
+    <span id="example-bird1-v6">neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v6"]}} {% else %} ... {% endif %} as {{config["ASN"]}};</span>
+    interface "dn42_{{config["MNT"][:-4].lower()}}";
+    ipv6 {
+        
+    };
+}
+        </pre>
+    </div>
+</div>
+<script>
+    document.onload();
+</script>
+
+{% endblock %}
\ No newline at end of file
diff --git a/web/frontend/static/style.css b/web/frontend/static/style.css
index 5404df0..a95d8cd 100644
--- a/web/frontend/static/style.css
+++ b/web/frontend/static/style.css
@@ -1,7 +1,8 @@
 :root {
     --bg-color: #aaa;
-    --text-color: black;
     --other-background: #444;
+    --text-color: black;
+    --text-color-dark: white;
     /* --accent-color: ; */
 }
 
@@ -98,7 +99,10 @@ button {
     border-width: 5px;
     padding: 10px;
 }
-
+button.button-selected{
+    background-color: var(--other-background);
+    color: var(--text-color-dark);
+}
 .peering>* {
     width:auto;
     align-items: center;

From 7fd8ca7da77bf928ccba3cc52a55f042d05a0570 Mon Sep 17 00:00:00 2001
From: lare <lare@lare.cc>
Date: Sat, 3 Dec 2022 23:26:04 +0100
Subject: [PATCH 42/42] add functionality to edit peerings

---
 .vscode/launch.json             |   3 +-
 web/backend/main.py             |  63 ++++++-
 web/frontend/peerings-edit.html | 296 ++++++++++++++++++++++++++++++++
 web/frontend/static/style.css   |   8 +-
 4 files changed, 360 insertions(+), 10 deletions(-)
 create mode 100644 web/frontend/peerings-edit.html

diff --git a/.vscode/launch.json b/.vscode/launch.json
index 6b05b4b..3c079fc 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -5,8 +5,9 @@
       "type": "python",
       "request": "launch",
       "program": "${file}",
+      "cwd": "${workspaceFolder}/web/",
       "console": "integratedTerminal",
-      "justMyCode": false
+      "justMyCode": true
     }
   ]
 }
diff --git a/web/backend/main.py b/web/backend/main.py
index bcca087..73aa493 100644
--- a/web/backend/main.py
+++ b/web/backend/main.py
@@ -101,11 +101,14 @@ class PeeringManager:
         except KeyError:
             return {}
 
-    def add_peering(self, mnt, asn, node, wg_key, endpoint=None, ipv6ll=None, ipv4=None, ipv6=None):
+    def add_peering(self, mnt, asn, node, wg_key, endpoint=None, ipv6ll=None, ipv4=None, ipv6=None, bgp_mp=True, bgp_enh=True):
+        # check if this MNT already has a/this asn
         try:
             if not asn in self.peerings["mnter"][mnt]:
+                # ... and add it if it hasn't
                 self.peerings[mnt].append(asn)
         except KeyError:
+            # ... and cerate it if it doesn't have any yet
             self.peerings["mnter"][mnt] = [asn]
         try:
             if not asn in self.peerings["asn"]:
@@ -116,10 +119,34 @@ class PeeringManager:
         # deny more than one peering per ASN to one node 
         for peering in self.peerings["asn"][asn]:
             if peering["node"] == node: return False
-        self.peerings["asn"][asn].append({"MNT":mnt,"ASN":asn, "node": node, "wg_key":wg_key, "endpoint": endpoint,"ipv6ll":ipv6ll,"ipv4":ipv4,"ipv6":ipv6})
+        
+        self.peerings["asn"][asn].append({"MNT":mnt,"ASN":asn, "node": node, "wg_key":wg_key, "endpoint": endpoint,"ipv6ll":ipv6ll,"ipv4":ipv4,"ipv6":ipv6, "bgp_mp":bgp_mp, "bgp_enh":bgp_enh})
 
         self._save_peerings()
         return True
+    def update_peering(self, mnt, asn, node, wg_key, endpoint=None, ipv6ll=None, ipv4=None, ipv6=None, bgp_mp=True, bgp_enh=True):
+        # check if this MNT already has a/this asn
+        try:
+            if not asn in self.peerings["mnter"][mnt]:
+                # ... and add it if it hasn't
+                self.peerings[mnt].append(asn)
+        except KeyError:
+            # ... and cerate it if it doesn't have any yet
+            self.peerings["mnter"][mnt] = [asn]
+        try:
+            if not asn in self.peerings["asn"]:
+                return False
+        except KeyError:
+            return False
+        
+        success = False
+        for pNr in range(len(self.peerings["asn"][asn])):
+            if self.peerings["asn"][asn][pNr]["node"] == node:
+                self.peerings["asn"][asn][pNr] = {"MNT":mnt,"ASN":asn, "node": node, "wg_key":wg_key, "endpoint": endpoint,"ipv6ll":ipv6ll,"ipv4":ipv4,"ipv6":ipv6, "bgp_mp":bgp_mp, "bgp_enh":bgp_enh}
+                success = True
+        if not success: return False
+        self._save_peerings()
+        return True
         
 
 config = Config()
@@ -160,7 +187,9 @@ def check_peering_data(form):
         else:
             new_peering["peer-v6"] = None
         new_peering["bgp-mp"] = form["bgp-multi-protocol"] if "bgp-multi-protocol" in form else "off"
+        new_peering["bgp-mp"] = True if new_peering["bgp-mp"] else False
         new_peering["bgp-enh"] = form["bgp-extended-next-hop"] if "bgp-extended-next-hop" in form else "off"
+        new_peering["bgp-enh"] = True if new_peering["bgp-enh"] else False
         #new_peering[""] = form["peer-wgkey"]
     except ValueError as e:
         print(f"error: {e.args}")
@@ -332,12 +361,33 @@ def peerings_delete():
 def peerings_edit():
     print(session)
     if request.method == "GET":
+        mnt_peerings = peerings.get_peerings_by_mnt(session["login"])
+        # print(mnt_peerings)
         if "node" in request.args and request.args["node"] in config["nodes"]:
-            return render_template("peerings-new.html", config=config, selected_node=request.args["node"], peerings=peerings)
+            selected_peering = None
+            for p in mnt_peerings:
+                if p["node"] == request.args["node"] and p["ASN"] == request.args["asn"]:
+                    selected_peering = p
+                    print(p)
+                    break
+            return render_template("peerings-edit.html", session=session, config=config, mnt_peerings=mnt_peerings, selected_peering=selected_peering)
         else: 
-            return render_template("peerings-new.html",  session=session,config=config, peerings=peerings)
+            return render_template("peerings-edit.html", session=session, config=config, mnt_peerings=mnt_peerings, selected_peering=None)
     elif request.method == "POST":
+        print(request.args)
+        print(request.form)
+        if not "node" in request.args or not request.args["node"]:
+            return render_template("peerings-edit.html",  session=session,config=config, peerings=peerings, msg="no node specified, please click one of the buttons above")
 
+        peering_valid, peering_or_msg = check_peering_data(request.form)
+        print(peering_valid)
+        print(peering_or_msg)
+        if not peering_valid:
+            return render_template("peerings-edit.html",  session=session,config=config, peerings=peerings, msg=peering_or_msg), 400
+        if not peerings.update_peering(session["user-data"]["mnt"], session["user-data"]["asn"], request.args["node"], peering_or_msg["peer-wgkey"], peering_or_msg["peer-endpoint"], peering_or_msg["peer-v6ll"], peering_or_msg["peer-v4"], peering_or_msg["peer-v6"], peering_or_msg["bgp-mp"], peering_or_msg["bgp-enh"]):
+            return render_template("peerings-edit.html",  session=session,config=config, peerings=peerings, msg="such a peering doesn't exist(yet)"), 400
+
+        return redirect(f"{config['base-dir']}peerings")
         return f"{request.method} /peerings/edit?{str(request.args)}{str(request.form)}"
 @app.route("/peerings/new", methods=["GET","POST"])
 @auth_required()
@@ -358,12 +408,11 @@ def peerings_new():
 
         if not peering_valid:
             return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg=peering_or_msg), 400
-        if not peerings.add_peering(session["user-data"]["mnt"], session["user-data"]["asn"], request.args["node"], peering_or_msg["peer-wgkey"], peering_or_msg["peer-endpoint"], peering_or_msg["peer-v6ll"], peering_or_msg["peer-v4"], peering_or_msg["peer-v6"]):
+        if not peerings.add_peering(session["user-data"]["mnt"], session["user-data"]["asn"], request.args["node"], peering_or_msg["peer-wgkey"], peering_or_msg["peer-endpoint"], peering_or_msg["peer-v6ll"], peering_or_msg["peer-v4"], peering_or_msg["peer-v6"], peering_or_msg["bgp-mp"], peering_or_msg["bgp-enh"]):
             return render_template("peerings-new.html",  session=session,config=config, peerings=peerings, msg="this ASN already has a peering with the requested node"), 400
 
         return redirect(f"{config['base-dir']}peerings")
-        return """<div>creating peerings is not (yet) implemented</div><div><a href="../">return</a>"""
-        return f"{request.method} /peerings/new {str(request.args)}{str(request.form)}"
+
 @app.route("/peerings", methods=["GET","POST","DELETE"])
 @auth_required()
 def peerings_view():
diff --git a/web/frontend/peerings-edit.html b/web/frontend/peerings-edit.html
new file mode 100644
index 0000000..558be93
--- /dev/null
+++ b/web/frontend/peerings-edit.html
@@ -0,0 +1,296 @@
+{% extends 'base.html' %}
+
+{% block content %}
+<script>
+    function form_validate(form) {
+        console.log(form);
+        let msg = "<ul>";
+            
+        // check wireguard pubkey
+        let wg_key = document.getElementById("peer-wgkey").value;
+        if (wg_key.length != 44 || wg_key.slice(-1) != "="){
+            msg += "<li>invalid Wireguard key</li>";            
+        }
+        try {
+            window.atob(wg_key)
+        } catch (error) {
+            msg += "<li>invalid Wireguard key</li>";            
+        }
+            
+        // check endpoint
+        let endpoint_enabled = document.getElementById("peer-endpoint-enabled").checked;
+        let endpoint = document.getElementById("peer-endpoint").value;
+        if (endpoint_enabled) {
+            if (! endpoint) {
+                msg += "<li>endpoint enabled but non specified</li>";
+            } else if (isNaN(endpoint.split(":").at(-1))) {
+                msg += "<li>endpoint doesn't end with a (port)number</li>";
+            } else if (endpoint.split(":").length < 2 && endpoint.indexOf(".") == -1) {
+                msg += "<li>endpoint doesn't look like a ip address or fqdn</li>";
+            }
+        }
+        
+        // check ip addresses
+        let ipv6ll_enabled = document.getElementById("peer-v6ll-enabled").checked;
+        let ipv4_enabled = document.getElementById("peer-v4-enabled").checked;
+        let ipv6_enabled = document.getElementById("peer-v6-enabled").checked;
+
+        let ipv6ll = document.getElementById("peer-v6ll").value;
+        let ipv4 = document.getElementById("peer-v4").value;
+        let ipv6 = document.getElementById("peer-v6").value;
+
+        if (!(ipv6ll_enabled || ipv4_enabled || ipv6_enabled)) {
+            msg += "<li>at least one ip type has to be enabled and specified</li>";
+        }
+
+        if (ipv6ll_enabled) {
+            if (! ipv6ll) {
+                msg += "<li>ipv6 LinkLocal enabled but non specified</li>";
+            } else if (!ipv6ll.startsWith("fe80::")) {
+                msg += "<li>ipv6 LinkLocal is no valid LinkLocal address</li>";
+            }
+        }
+        if (ipv4_enabled) {
+            if (! ipv4) {
+                msg += "<li>ipv4 enabled but non specified</li>";
+            } else if (!(ipv4.startsWith("172.2") || ipv4.startsWith("10.") || ipv4.startsWith("169.254")) ) {
+                msg += "<li>ipv4 is no valid dn42/neo/icvpn/LinkLocal address</li>";
+            }
+        }
+        if (ipv6_enabled) {
+            if (! ipv6) {
+                msg += "<li>ipv6 enabled but non specified</li>";
+            } else if (!ipv6.startsWith("fd")) {
+                msg += "<li>ipv6 is no valid fd00::/8 address</li>";
+            }
+        }
+        
+        // check BGP cap
+        bgp_mp = document.getElementById("bgp-multi-protocol").checked;
+        bgp_enh = document.getElementById("bgp-extended-next-hop").checked;
+        if (! bgp_mp) {
+            if ( ! (ipv4_enabled && (ipv6_enabled||ipv6ll_enabled))) {
+                msg += "<li>both a ipv4 and ipv6 address must be spedified when not having MulitiProtocol</li>"
+            }
+            if (bgp_enh) {
+                msg += "<li>extended next hop is not supported without MultiProtocol</li>"
+            }
+        }
+
+        // if an error occured (= there is a msg) show that msg
+        if (msg != "<ul>") {
+            document.getElementById("peer-invalid-note").innerHTML = msg+"</ul>";
+            return false;
+        }
+        return true
+    }
+    
+    // update exaple config when changing values
+    function update_from_endpoint() {
+        let example_config_peer_port = document.getElementById("example-config-peer-port");
+        let endpoint_enabled = document.getElementById("peer-endpoint-enabled").checked;
+        let endpoint = document.getElementById("peer-endpoint").value;
+        if (endpoint_enabled && endpoint && endpoint.split(":").length >= 2) {
+            example_config_peer_port.innerHTML = endpoint.split(":").at(-1);
+            return
+        }
+        example_config_peer_port.innerHTML = '2{{config["ASN"][-4:]}}'
+    }
+    function update_from_v6ll() {
+        let example_config_ip = document.getElementById("example-config-ipv6ll");
+        let example_config_peer_ip = document.getElementById("example-config-peer-ipv6ll");
+        let ip_enabled = document.getElementById("peer-v6ll-enabled").checked;
+        let ip = document.getElementById("peer-v6ll").value;
+        if (ip_enabled) {
+            example_config_ip.style.display = "";
+            example_config_peer_ip.innerHTML = ip;
+        } else {
+            example_config_ip.style.display = "none";
+        }
+    }
+    function update_from_v4() {
+        let example_config_ip = document.getElementById("example-config-ipv4");
+        let example_config_peer_ip = document.getElementById("example-config-peer-ipv4");
+        let ip_enabled = document.getElementById("peer-v4-enabled").checked;
+        let ip = document.getElementById("peer-v4").value;
+        if (ip_enabled) {
+            example_config_ip.style.display = "";
+            example_config_peer_ip.innerHTML = ip;
+        } else {
+            example_config_ip.style.display = "none";
+        }
+    }
+    function update_from_v6() {
+        let example_config_ip = document.getElementById("example-config-ipv6");
+        let example_config_peer_ip = document.getElementById("example-config-peer-ipv6");
+        let ip_enabled = document.getElementById("peer-v6-enabled").checked;
+        let ip = document.getElementById("peer-v6").value;
+        if (ip_enabled) {
+            example_config_ip.style.display = "";
+            example_config_peer_ip.innerHTML = ip;
+        } else {
+            example_config_ip.style.display = "none";
+        }
+    }
+    function update_from_mpbgp() {
+        let example_config_bird1 = document.getElementById("example-config-bird1");
+        let example_config_bird2 = document.getElementById("example-config-bird2");
+        let mpbgp_enabled = document.getElementById("bgp-multi-protocol").checked;
+        let extended_next_hop = document.getElementById("bgp-extended-next-hop");
+        if (mpbgp_enabled) {
+            example_config_bird1.style.display = "none";
+            example_config_bird2.style.display = "";
+            extended_next_hop.disabled = false;
+        } else {
+            example_config_bird1.style.display = "";
+            example_config_bird2.style.display = "none";
+            extended_next_hop.checked = false;
+            extended_next_hop.disabled = true;
+            
+        }
+    }
+    function update_from_enh() {
+        let example_config_bird2_enh4 = document.getElementById("example-config-bird2-enh4");
+        let example_config_bird2_enh6 = document.getElementById("example-config-bird2-enh6");
+        let enh_anabled = document.getElementById("bgp-extended-next-hop").checked;
+        if (enh_anabled) {
+            example_config_bird2_enh4.innerHTML = "on";
+            example_config_bird2_enh6.innerHTML = "on";
+        } else {
+            example_config_bird2_enh4.innerHTML = "off";
+            example_config_bird2_enh6.innerHTML = "off";
+        }
+    }
+
+    function on_load() {
+        update_from_v6ll();
+        update_from_v4();
+        update_from_v6();
+        update_from_mpbgp();
+        update_from_enh();
+    }
+    document.onload = on_load;
+</script>
+
+<div>
+    {% for peering in mnt_peerings %}
+    <a href="?node={{peering['node']}}&asn={{session['user-data']['asn']}}">
+        <button {% if selected_peering %}{% if selected_peering == peering['node'] %}class="button-selected"{% endif %}{% endif %}>
+            with<br>{{peering["node"]}}
+        </button>
+        {% if selected_node == peering['node'] %}
+            {% set selected_peering = peering %}
+        {% endif %}
+    </a>
+    {% endfor %}
+</div>
+<form action="" method="post" class="flex" onsubmit="return form_validate(this)">
+    <div id="peer-invalid-note" style="background-color:red;">{% if msg %}{{msg}}{%endif%}</div>
+    <table>
+        <tr>
+            <td><label for="peer-asn">Your ASN</label></td>
+            <td></td>
+            <td><input type="text" name="peer-asn" id="peer-asn" disabled="disabled" value="{{session['user-data']['asn']}}"></td>
+        </tr>
+        <tr>
+            <td><h4>Wireguard</h4></td>
+            <td></td>
+            <td></td>
+        </tr>
+        <tr>
+            <td><label for="peer-wgkey">your Wireguard Publickey</label></td>
+            <td></td>
+            <td><input type="text" name="peer-wgkey" id="peer-wgkey" maxlength="44" minlength="44" required value="{{selected_peering['wg_key']}}"></td>
+        </tr>
+        <tr>
+            <td><label for="peer-endpoint">your Endpoint</label></td>
+            <td><input type="checkbox" name="peer-endpoint-enabled" id="peer-endpoint-enabled" {% if selected_peering["endpoint"] %} checked {% endif %}></td>
+            <td><input type="text" name="peer-endpoint" id="peer-endpoint" onchange="return update_from_endpoint()" {% if selected_peering["endpoint"] %}value="{{selected_peering['endpoint']}}" {% endif %}></td>
+        </tr>
+        <tr>
+            <td><label for="peer-v6ll">your ipv6 LinkLocal</label></td>
+            <td><input type="checkbox" name="peer-v6ll-enabled" id="peer-v6ll-enabled" onchange="return update_from_v6ll()"{% if selected_peering["ipv6ll"] %} checked {% endif %}></td>
+            <td><input type="text" name="peer-v6ll" id="peer-v6ll" onchange="return update_from_v6ll()"{% if selected_peering["ipv6ll"] %}value="{{selected_peering['ipv6ll']}}" {% endif %}></td>
+        </tr>
+        <tr>
+            <td><label for="peer-v4">your ipv4</label></td>
+            <td><input type="checkbox" name="peer-v4-enabled" id="peer-v4-enabled"onchange="return update_from_v4()" {% if selected_peering["ipv4"] %} checked {% endif %}></td>
+            <td><input type="text" name="peer-v4" id="peer-v4"onchange="return update_from_v4()" {% if selected_peering["ipv4"] %}value="{{selected_peering['ipv4']}}" {% endif %}></td>
+        </tr>
+        <tr>
+            <td><label for="peer-v6">your ipv6</label></td>
+            <td><input type="checkbox" name="peer-v6-enabled" id="peer-v6-enabled"onchange="return update_from_v6()"{% if selected_peering["ipv6"] %} checked {% endif %}></td>
+            <td><input type="text" name="peer-v6" id="peer-v6"onchange="return update_from_v6()" {% if selected_peering["ipv6"] %}value="{{selected_peering['ipv6']}}" {% endif %}></td>
+        </tr>
+        <tr>
+            <td><h4>BGP</h4></td>
+            <td></td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>MultiProtocol</td>
+            <td><input type="checkbox" name="bgp-multi-protocol" id="bgp-multi-protocol" onchange="return update_from_mpbgp()" {% if selected_peering["bgp-mp"] %} checked {% endif %}></td>
+            <td></td>
+        </tr>
+        <tr>
+            <td>extended next hop</td>
+            <td><input type="checkbox" name="bgp-extended-next-hop" id="bgp-extended-next-hop" onchange="return update_from_enh()" {% if selected_peering["bgp-enh"] %} checked {% endif %}></td>
+            <td></td>
+        </tr>
+    </table>
+
+    <input type="submit" value="submit">
+</form>
+<div class="example-config">
+    <noscript>this example config requires Javascript to work</noscript>
+    <p>wg-quick:</p>
+    <pre id="node-wireguard">
+[Interface] <br>
+PrivateKey = &ltyour private key&gt
+ListenPort = <span id="example-config-peer-port">2{{config["ASN"][-4:]}}</span>
+<span id="example-config-ipv4">PostUp = ip address add <span id="example-config-peer-ipv4">...</span>/32 peer <span id="example-config-node-ipv4">{% if selected_node %}{{config["nodes"][selected_node]["internal-v4"]}} {% else %} ... {% endif %}</span><br></span><span id="example-config-ipv6">PostUp = ip address add <span id="example-config-peer-ipv6">...</span>/128 peer <span id="example-config-node-ipv6">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6"]}} {% else %} ... {% endif %}</span><br></span><span id="example-config-ipv6ll">PostUp = ip address add <span id="example-config-peer-ipv6ll">...</span>/128 peer <span id="example-config-node-ipv6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span></span>
+Table = off
+
+[Peer]
+PublicKey = <span id="exmple-config-node-pubkey">{% if selected_node %}{{config["nodes"][selected_node]["wg-key"]}}{% else %} ... {% endif %}</span>
+Endpoint = <span id="exmple-config-node-endpoint">{% if selected_node %}{{config["nodes"][selected_node]["endpoint"]}}{% else %} ... {% endif %}</span>:<span id="example-config-node-port">{% if selected_node %}{% if session["user-data"]["asn"].startswith("AS424242") %}5{{session["user-data"]["asn"][-4:]}}{% else %} ... {% endif %}{% else %} ... {% endif %}</span>
+AllowedIPs = <span id="example-config-node-v6ll">{% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %}</span>,172.20.0.0/14,172.31.0.0/16,10.0.0.0/8,fd00::/8
+    </pre>
+    
+    <p>bird config:</p>
+    <pre id="example-config-bird2">
+protocol bgp dn42_{{config["MNT"][:-4].lower()}} from dnpeers {
+    neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %} as {{config["ASN"]}};
+    interface "dn42_{{config["MNT"][:-4].lower()}}";
+    ipv4 {
+        extended next hop <span id="example-config-bird2-enh4">on</span>;
+    };
+    ipv6 {
+        extended next hop <span id="example-config-bird2-enh6">on</span>;
+    };
+}
+    </pre>
+
+    <pre id="example-config-bird1">
+protocol bgp dn42_{{config["MNT"][:-4].lower()}}_v4 from dnpeers {
+    neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v4"]}} {% else %} ... {% endif %} as {{config["ASN"]}};
+    interface "dn42_{{config["MNT"][:-4].lower()}}";
+    ipv4 {
+        
+    };
+protocol bgp dn42_{{config["MNT"][:-4].lower()}}_v6 from dnpeers {
+    <span id="example-bird1-v6ll">neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v6ll"]}} {% else %} ... {% endif %} as {{config["ASN"]}};</span> 
+    <span id="example-bird1-v6">neighbor {% if selected_node %}{{config["nodes"][selected_node]["internal-v6"]}} {% else %} ... {% endif %} as {{config["ASN"]}};</span>
+    interface "dn42_{{config["MNT"][:-4].lower()}}";
+    ipv6 {
+        
+    };
+}
+        </pre>
+    </div>
+</div>
+<script>
+    document.onload();
+</script>
+
+{% endblock %}
\ No newline at end of file
diff --git a/web/frontend/static/style.css b/web/frontend/static/style.css
index 5404df0..a95d8cd 100644
--- a/web/frontend/static/style.css
+++ b/web/frontend/static/style.css
@@ -1,7 +1,8 @@
 :root {
     --bg-color: #aaa;
-    --text-color: black;
     --other-background: #444;
+    --text-color: black;
+    --text-color-dark: white;
     /* --accent-color: ; */
 }
 
@@ -98,7 +99,10 @@ button {
     border-width: 5px;
     padding: 10px;
 }
-
+button.button-selected{
+    background-color: var(--other-background);
+    color: var(--text-color-dark);
+}
 .peering>* {
     width:auto;
     align-items: center;