nsupdate.info/nsupdate/main/models.py

import re
from datetime import datetime

import dns.resolver

from django.db import models
from django.contrib.auth.models import User
from django.core.exceptions import ValidationError
from django.core.validators import RegexValidator
from django.conf import settings
from django.db.models.signals import post_delete
from django.contrib.auth.hashers import make_password

from . import dnstools


class BlacklistedDomain(models.Model):
    domain = models.CharField(
        max_length=256,
        unique=True,
        help_text='Blacklisted domain. Evaluated as regex (search).')

    last_update = models.DateTimeField(auto_now=True)
    created = models.DateTimeField(auto_now_add=True)
    created_by = models.ForeignKey(User, blank=True, null=True)

    def __unicode__(self):
        return u"%s" % (self.domain, )


def domain_blacklist_validator(value):
    for bd in BlacklistedDomain.objects.all():
        if re.search(bd.domain, value):
            raise ValidationError(u'This domain is not allowed')


UPDATE_ALGORITHMS = (
    ('HMAC_SHA512', 'HMAC_SHA512'),
    ('HMAC_SHA384', 'HMAC_SHA384'),
    ('HMAC_SHA256', 'HMAC_SHA256'),
    ('HMAC_SHA224', 'HMAC_SHA224'),
    ('HMAC_SHA1', 'HMAC_SHA1'),
    ('HMAC_MD5', 'HMAC_MD5'),
)


class Domain(models.Model):
    domain = models.CharField(max_length=256, unique=True)
    nameserver_ip = models.GenericIPAddressField(
        max_length=256,
        help_text="IP where the dynamic updates for this domain will be sent to")
    nameserver_update_key = models.CharField(max_length=256)
    nameserver_update_algorithm = models.CharField(
        max_length=256, default='HMAC_SHA512', choices=UPDATE_ALGORITHMS)
    # XXX rename available_for_everyone to public
    available_for_everyone = models.BooleanField(default=False)
    # available means "nameserver for domain operating and reachable" -
    # gets set to False if we have trouble reaching the nameserver
    available = models.BooleanField(default=True)

    last_update = models.DateTimeField(auto_now=True)
    created = models.DateTimeField(auto_now_add=True)
    created_by = models.ForeignKey(User, blank=True, null=True)

    def __unicode__(self):
        return u"%s" % (self.domain, )


class Host(models.Model):
    subdomain = models.CharField(max_length=256, validators=[
        RegexValidator(
            regex=r'^(([a-z0-9][a-z0-9\-]*[a-z0-9])|[a-z0-9])$',
            message='Invalid subdomain: only "a-z", "0-9" and "-" is allowed'
        ),
        domain_blacklist_validator])
    domain = models.ForeignKey(Domain)
    update_secret = models.CharField(max_length=256)  # gets hashed on save
    comment = models.CharField(
        max_length=256, default='', blank=True, null=True)

    last_update = models.DateTimeField(auto_now=True)
    last_api_update = models.DateTimeField(blank=True, null=True)
    created = models.DateTimeField(auto_now_add=True)
    created_by = models.ForeignKey(
        settings.AUTH_USER_MODEL, related_name='hosts')

    def __unicode__(self):
        return u"%s.%s - %s" % (
            self.subdomain, self.domain.domain, self.comment)

    class Meta(object):
        unique_together = (('subdomain', 'domain'),)

    def get_fqdn(self):
        return '%s.%s' % (self.subdomain, self.domain.domain)

    @classmethod
    def filter_by_fqdn(cls, fqdn, **kwargs):
        # Assuming subdomain has no dots (.) the fqdn is split at the first dot
        splitted = fqdn.split('.', 1)
        if not len(splitted) == 2:
            raise NotImplemented("FQDN has to contain a dot")
        return Host.objects.filter(
            subdomain=splitted[0], domain__domain=splitted[1], **kwargs)

    def getIPv4(self):
        try:
            return dnstools.query_ns(self.get_fqdn(), 'A', origin=self.domain.domain)
        except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer, dns.resolver.NoNameservers, dns.resolver.Timeout,
                dnstools.NameServerNotAvailable):
            return 'error'

    def getIPv6(self):
        try:
            return dnstools.query_ns(self.get_fqdn(), 'AAAA', origin=self.domain.domain)
        except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer, dns.resolver.NoNameservers, dns.resolver.Timeout,
                dnstools.NameServerNotAvailable):
            return 'error'

    def poke(self):
        self.last_api_update = datetime.now()
        self.save()

    def generate_secret(self):
        # note: we use a quick hasher for the update_secret as expensive
        # more modern hashes might put too much load on the servers. also
        # many update clients might use http without ssl, so it is not too
        # secure anyway.
        secret = User.objects.make_random_password()
        self.update_secret = make_password(
            secret,
            hasher='sha1'
        )
        self.save()
        return secret


def post_delete_host(sender, **kwargs):
    obj = kwargs['instance']
    dnstools.delete(obj.get_fqdn(), origin=obj.domain.domain)

post_delete.connect(post_delete_host, sender=Host)
reorder imports: stdlib, other libs, django, nsupdate stuff (views, etc.) 2013-10-03 19:26:39 +02:00			`import re`
			`from datetime import datetime`

			`import dns.resolver`

requirements fix and basic django project 2013-09-28 10:44:29 +02:00			`from django.db import models`
merge conflict again in models.py 2013-09-29 14:36:29 +02:00			`from django.contrib.auth.models import User`
made home template and added admin link to nav 2013-09-29 14:08:22 +02:00			`from django.core.exceptions import ValidationError`
divided subdomain and domain (as FK) 2013-09-29 13:36:28 +02:00			`from django.core.validators import RegexValidator`
changed User to ProxyUser 2013-09-29 13:53:35 +02:00			`from django.conf import settings`
post_delete fix 2013-09-29 20:30:10 +02:00			`from django.db.models.signals import post_delete`
generate secret view and logic. host view ui update. 2013-09-29 19:58:08 +02:00			`from django.contrib.auth.hashers import make_password`
Host model 2013-09-28 18:02:13 +02:00
Move all stuff into own top-level package 2013-10-17 20:50:44 +00:00			`from . import dnstools`
made home template and added admin link to nav 2013-09-29 14:08:22 +02:00

			`class BlacklistedDomain(models.Model):`
pep8 2013-09-29 16:12:19 +02:00			`domain = models.CharField(`
			`max_length=256,`
			`unique=True,`
			`help_text='Blacklisted domain. Evaluated as regex (search).')`
made home template and added admin link to nav 2013-09-29 14:08:22 +02:00
			`last_update = models.DateTimeField(auto_now=True)`
			`created = models.DateTimeField(auto_now_add=True)`
actually added the validator and made created_by in blacklist optional 2013-09-29 14:21:23 +02:00			`created_by = models.ForeignKey(User, blank=True, null=True)`
made home template and added admin link to nav 2013-09-29 14:08:22 +02:00
			`def __unicode__(self):`
redundant parens, use tuple 2013-09-29 15:26:28 +02:00			`return u"%s" % (self.domain, )`
made home template and added admin link to nav 2013-09-29 14:08:22 +02:00

			`def domain_blacklist_validator(value):`
			`for bd in BlacklistedDomain.objects.all():`
			`if re.search(bd.domain, value):`
			`raise ValidationError(u'This domain is not allowed')`

Host model 2013-09-28 18:02:13 +02:00
use zones/nameserver IPs/update keys from DB, logging (thanks to asmaps) remove unneeded stuff from settings (we still need some in conftest.py for the tests, though) init DB for tests via conftest.py more update algorithm choices give origin zone (if we already know it) to dnstools functions new views: DomainOverview, DeleteDomain unify deletion templates using delete_object.html add django-extensions 2013-10-18 15:30:17 -07:00			`UPDATE_ALGORITHMS = (`
			`('HMAC_SHA512', 'HMAC_SHA512'),`
			`('HMAC_SHA384', 'HMAC_SHA384'),`
			`('HMAC_SHA256', 'HMAC_SHA256'),`
			`('HMAC_SHA224', 'HMAC_SHA224'),`
			`('HMAC_SHA1', 'HMAC_SHA1'),`
			`('HMAC_MD5', 'HMAC_MD5'),`
			`)`


divided subdomain and domain (as FK) 2013-09-29 13:36:28 +02:00			`class Domain(models.Model):`
			`domain = models.CharField(max_length=256, unique=True)`
Use GenericIPAddressField to allow IPv6 2013-10-17 21:02:54 +00:00			`nameserver_ip = models.GenericIPAddressField(`
fix pep8, fix indentation 2013-10-03 03:22:09 +02:00			`max_length=256,`
use zones/nameserver IPs/update keys from DB, logging (thanks to asmaps) remove unneeded stuff from settings (we still need some in conftest.py for the tests, though) init DB for tests via conftest.py more update algorithm choices give origin zone (if we already know it) to dnstools functions new views: DomainOverview, DeleteDomain unify deletion templates using delete_object.html add django-extensions 2013-10-18 15:30:17 -07:00			`help_text="IP where the dynamic updates for this domain will be sent to")`
more fields 2013-09-29 22:48:09 +02:00			`nameserver_update_key = models.CharField(max_length=256)`
use zones/nameserver IPs/update keys from DB, logging (thanks to asmaps) remove unneeded stuff from settings (we still need some in conftest.py for the tests, though) init DB for tests via conftest.py more update algorithm choices give origin zone (if we already know it) to dnstools functions new views: DomainOverview, DeleteDomain unify deletion templates using delete_object.html add django-extensions 2013-10-18 15:30:17 -07:00			`nameserver_update_algorithm = models.CharField(`
			`max_length=256, default='HMAC_SHA512', choices=UPDATE_ALGORITHMS)`
deal with not responding nameservers (offline or unreachable) if a nameserver does not respond, we flag it in the database (available = False) and stop talking to it for 5 minutes. after 5 minutes, we flag it available = True again and retry talking to it (and if not successful, flag it as unavailable again). this avoids a unresponsive UI as we do a lot of ns queries from the templates to get v4 and v6 addresses of our hosts from master nameservers. we log a warning when setting unavailable and a info when setting available. 2013-10-27 05:14:47 +01:00			`# XXX rename available_for_everyone to public`
use zones/nameserver IPs/update keys from DB, logging (thanks to asmaps) remove unneeded stuff from settings (we still need some in conftest.py for the tests, though) init DB for tests via conftest.py more update algorithm choices give origin zone (if we already know it) to dnstools functions new views: DomainOverview, DeleteDomain unify deletion templates using delete_object.html add django-extensions 2013-10-18 15:30:17 -07:00			`available_for_everyone = models.BooleanField(default=False)`
deal with not responding nameservers (offline or unreachable) if a nameserver does not respond, we flag it in the database (available = False) and stop talking to it for 5 minutes. after 5 minutes, we flag it available = True again and retry talking to it (and if not successful, flag it as unavailable again). this avoids a unresponsive UI as we do a lot of ns queries from the templates to get v4 and v6 addresses of our hosts from master nameservers. we log a warning when setting unavailable and a info when setting available. 2013-10-27 05:14:47 +01:00			`# available means "nameserver for domain operating and reachable" -`
			`# gets set to False if we have trouble reaching the nameserver`
			`available = models.BooleanField(default=True)`
divided subdomain and domain (as FK) 2013-09-29 13:36:28 +02:00
			`last_update = models.DateTimeField(auto_now=True)`
			`created = models.DateTimeField(auto_now_add=True)`
added optional attribut to user field in domain model 2013-09-29 16:38:30 +02:00			`created_by = models.ForeignKey(User, blank=True, null=True)`
divided subdomain and domain (as FK) 2013-09-29 13:36:28 +02:00
			`def __unicode__(self):`
redundant parens, use tuple 2013-09-29 15:26:28 +02:00			`return u"%s" % (self.domain, )`
divided subdomain and domain (as FK) 2013-09-29 13:36:28 +02:00

Host model 2013-09-28 18:02:13 +02:00			`class Host(models.Model):`
validator for subdomain 2013-09-29 13:47:02 +02:00			`subdomain = models.CharField(max_length=256, validators=[`
actually added the validator and made created_by in blacklist optional 2013-09-29 14:21:23 +02:00			`RegexValidator(`
			`regex=r'^(([a-z0-9][a-z0-9\-]*[a-z0-9])\|[a-z0-9])$',`
pep8 2013-09-29 16:12:19 +02:00			`message='Invalid subdomain: only "a-z", "0-9" and "-" is allowed'`
actually added the validator and made created_by in blacklist optional 2013-09-29 14:21:23 +02:00			`),`
			`domain_blacklist_validator])`
divided subdomain and domain (as FK) 2013-09-29 13:36:28 +02:00			`domain = models.ForeignKey(Domain)`
remove resolved TODO, the update_secret is hashed using django's "sha1" hasher (salted sha1) 2013-09-29 15:12:24 +02:00			`update_secret = models.CharField(max_length=256) # gets hashed on save`
pep8 and so on 2013-09-29 16:03:56 +02:00			`comment = models.CharField(`
			`max_length=256, default='', blank=True, null=True)`
Host model 2013-09-28 18:02:13 +02:00
			`last_update = models.DateTimeField(auto_now=True)`
added last_api_update field and migrated db 2013-09-29 20:50:33 +02:00			`last_api_update = models.DateTimeField(blank=True, null=True)`
Host model 2013-09-28 18:02:13 +02:00			`created = models.DateTimeField(auto_now_add=True)`
Merge branch 'master' of github.com:asmaps/nsupdate.info Conflicts: nsupdate/main/models.py nsupdate/main/views.py 2013-09-29 16:07:33 +02:00			`created_by = models.ForeignKey(`
			`settings.AUTH_USER_MODEL, related_name='hosts')`
Host model 2013-09-28 18:02:13 +02:00
			`def __unicode__(self):`
pep8 and so on 2013-09-29 16:03:56 +02:00			`return u"%s.%s - %s" % (`
			`self.subdomain, self.domain.domain, self.comment)`
requirements fix and basic django project 2013-09-28 10:44:29 +02:00
use newstyle classes 2013-10-03 17:21:18 +02:00			`class Meta(object):`
divided subdomain and domain (as FK) 2013-09-29 13:36:28 +02:00			`unique_together = (('subdomain', 'domain'),)`
added get_fqdn() method to Host model. added post_save signal to delete dns entry when Host object is deleted 2013-09-29 17:43:17 +02:00
			`def get_fqdn(self):`
fqdn fix 2013-09-29 18:15:15 +02:00			`return '%s.%s' % (self.subdomain, self.domain.domain)`

			`@classmethod`
			`def filter_by_fqdn(cls, fqdn, **kwargs):`
			`# Assuming subdomain has no dots (.) the fqdn is split at the first dot`
			`splitted = fqdn.split('.', 1)`
			`if not len(splitted) == 2:`
			`raise NotImplemented("FQDN has to contain a dot")`
			`return Host.objects.filter(`
			`subdomain=splitted[0], domain__domain=splitted[1], **kwargs)`
added get_fqdn() method to Host model. added post_save signal to delete dns entry when Host object is deleted 2013-09-29 17:43:17 +02:00
added ns query call to get the IP from hosts 2013-09-29 20:39:07 +02:00			`def getIPv4(self):`
fixed uncaptured exceptions NXDOMAIN. increased table size in the overview 2013-09-29 20:43:48 +02:00			`try:`
use zones/nameserver IPs/update keys from DB, logging (thanks to asmaps) remove unneeded stuff from settings (we still need some in conftest.py for the tests, though) init DB for tests via conftest.py more update algorithm choices give origin zone (if we already know it) to dnstools functions new views: DomainOverview, DeleteDomain unify deletion templates using delete_object.html add django-extensions 2013-10-18 15:30:17 -07:00			`return dnstools.query_ns(self.get_fqdn(), 'A', origin=self.domain.domain)`
deal with not responding nameservers (offline or unreachable) if a nameserver does not respond, we flag it in the database (available = False) and stop talking to it for 5 minutes. after 5 minutes, we flag it available = True again and retry talking to it (and if not successful, flag it as unavailable again). this avoids a unresponsive UI as we do a lot of ns queries from the templates to get v4 and v6 addresses of our hosts from master nameservers. we log a warning when setting unavailable and a info when setting available. 2013-10-27 05:14:47 +01:00			`except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer, dns.resolver.NoNameservers, dns.resolver.Timeout,`
			`dnstools.NameServerNotAvailable):`
			`return 'error'`
added ns query call to get the IP from hosts 2013-09-29 20:39:07 +02:00
			`def getIPv6(self):`
fixed uncaptured exceptions NXDOMAIN. increased table size in the overview 2013-09-29 20:43:48 +02:00			`try:`
use zones/nameserver IPs/update keys from DB, logging (thanks to asmaps) remove unneeded stuff from settings (we still need some in conftest.py for the tests, though) init DB for tests via conftest.py more update algorithm choices give origin zone (if we already know it) to dnstools functions new views: DomainOverview, DeleteDomain unify deletion templates using delete_object.html add django-extensions 2013-10-18 15:30:17 -07:00			`return dnstools.query_ns(self.get_fqdn(), 'AAAA', origin=self.domain.domain)`
deal with not responding nameservers (offline or unreachable) if a nameserver does not respond, we flag it in the database (available = False) and stop talking to it for 5 minutes. after 5 minutes, we flag it available = True again and retry talking to it (and if not successful, flag it as unavailable again). this avoids a unresponsive UI as we do a lot of ns queries from the templates to get v4 and v6 addresses of our hosts from master nameservers. we log a warning when setting unavailable and a info when setting available. 2013-10-27 05:14:47 +01:00			`except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer, dns.resolver.NoNameservers, dns.resolver.Timeout,`
			`dnstools.NameServerNotAvailable):`
			`return 'error'`
added logic for last_api_update. field updated with Hosts.poke() method 2013-09-29 21:00:08 +02:00
			`def poke(self):`
			`self.last_api_update = datetime.now()`
			`self.save()`
added ns query call to get the IP from hosts 2013-09-29 20:39:07 +02:00
generate secret view and logic. host view ui update. 2013-09-29 19:58:08 +02:00			`def generate_secret(self):`
			`# note: we use a quick hasher for the update_secret as expensive`
			`# more modern hashes might put too much load on the servers. also`
			`# many update clients might use http without ssl, so it is not too`
			`# secure anyway.`
			`secret = User.objects.make_random_password()`
			`self.update_secret = make_password(`
			`secret,`
			`hasher='sha1'`
			`)`
			`self.save()`
			`return secret`

added get_fqdn() method to Host model. added post_save signal to delete dns entry when Host object is deleted 2013-09-29 17:43:17 +02:00
			`def post_delete_host(sender, **kwargs):`
			`obj = kwargs['instance']`
use zones/nameserver IPs/update keys from DB, logging (thanks to asmaps) remove unneeded stuff from settings (we still need some in conftest.py for the tests, though) init DB for tests via conftest.py more update algorithm choices give origin zone (if we already know it) to dnstools functions new views: DomainOverview, DeleteDomain unify deletion templates using delete_object.html add django-extensions 2013-10-18 15:30:17 -07:00			`dnstools.delete(obj.get_fqdn(), origin=obj.domain.domain)`
added get_fqdn() method to Host model. added post_save signal to delete dns entry when Host object is deleted 2013-09-29 17:43:17 +02:00
post_delete fix 2013-09-29 20:30:10 +02:00			`post_delete.connect(post_delete_host, sender=Host)`