From ab812a4d03d9f6bd5bfbca33c879537bb09fbc31 Mon Sep 17 00:00:00 2001
From: Alexander Sulfrian <alexander@sulfrian.net>
Date: Tue, 27 Sep 2011 17:36:32 +0200
Subject: added checks (valid ip, valid list name)

---
 index.py | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 56 insertions(+), 5 deletions(-)

diff --git a/index.py b/index.py
index 26351bb..9f2217f 100755
--- a/index.py
+++ b/index.py
@@ -1,7 +1,29 @@
 #!/usr/bin/env python
 
-from socket import gethostbyaddr
+import sys
+sys.path += ['/usr/lib/mailman']
+
 from web import template, form, application, ctx, wsgi
+from socket import gethostbyaddr, gethostbyname
+import re
+import Mailman.Utils
+
+valid_ips = [
+    r'^160\.0?45\.',
+    r'^130\.133\.',
+    r'^87\.77\.',
+    r'^127\.0{1,3}\.',
+    ]
+
+reserved_names = [
+    r'-admin$',
+    r'-join$',
+    r'-leave$',
+    r'-owner$',
+    r'-request$',
+    ]
+
+proxy = gethostbyname('squid.fu-berlin.de')
 
 urls = (
     r'/', 'index',
@@ -14,14 +36,26 @@ urls = (
 render = template.render('templates/', base='layout');
 app = application(urls, globals(), autoreload=False)
 
+def validate_name(name):
+    for regex in reserved_names:
+        if re.search(regex, name):
+            return False
+    return True
 
 create_form = form.Form(
     form.Textbox('name',
                  form.notnull,
+                 form.regexp(r'^[a-zA-Z0-9+.-]{2,}$', 'This name should least be two characters long ' +
+                             'and may only consist of letters, digits, plus (+), minus (-), and underlines (_).'),
+                 form.Validator('This name ends with a reserved suffix. Please choose another name.',
+                                validate_name),
+                 form.Validator('A list with this name allready exists. Please choose another name.',
+                                lambda name: Mailman.Utils.list_exists(name) == False),
                  description = 'Name of your list'),
     form.Textbox('email',
                  form.notnull,
-                 form.regexp('.*fu-berlin\.de', 'E-mail address should end with fu-berlin.de'),
+                 form.regexp(r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]+\b', 'This should be a valid email address.'),
+                 form.regexp(r'.*fu-berlin\.de', 'E-mail address should end with fu-berlin.de'),
                  description = 'Your E-mail address'),
     )
 
@@ -41,17 +75,34 @@ class unsubscribe:
             return render.unsubscribe_en()
 
 class new:
+    def validate(self, ip):
+        if ip == proxy:
+            return False
+
+        for regex in valid_ips:
+            if re.match(regex, ip):
+                return True
+
+        return False
+
+    def get_user_information(self):
+        return {'ip': ctx.ip,
+                'host': gethostbyaddr(ctx.ip)[0],
+                'valid': self.validate(ctx.ip)}
+
     def GET(self):
         form = create_form()
-        user = {'ip': ctx.ip, 'host': gethostbyaddr(ctx.ip)[0]}
+        user = self.get_user_information()
         return render.new(form, user)
 
     def POST(self):
-        form  = create_form()
-        user = {'ip': ctx.ip, 'host': gethostbyaddr(ctx.ip)[0]}
+        form = create_form()
+        user = self.get_user_information()
+
         if not form.validates():
             return render.new(form, user)
         else:
+            # create list
             return "Done."
 
 
-- 
cgit v1.2.3-1-g7c22