Add port and IP validation across all service config forms

UI: validateServiceConfig() checks all port fields (1–65535) and WireGuard address (IP/CIDR) on every keystroke; Save button is disabled and saveService() guards against any field errors. API: update_config() rejects out-of-range port values and invalid WireGuard address before persisting, returning 400 with a clear field path (e.g. email.smtp_port). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-24 00:48:20 -04:00
parent 323729e1ab
commit 55bec04603
2 changed files with 109 additions and 18 deletions
@@ -454,6 +454,38 @@ def update_config():
            except ValueError as _e:
                return jsonify({'error': f'Invalid ip_range: {_e}'}), 400

+        # Validate service config port and IP fields
+        _port_fields = {
+            'network':   ['dns_port'],
+            'wireguard': ['port'],
+            'email':     ['smtp_port', 'submission_port', 'imap_port', 'webmail_port'],
+            'calendar':  ['port'],
+            'files':     ['port', 'manager_port'],
+        }
+        for _svc, _fields in _port_fields.items():
+            if _svc not in data:
+                continue
+            _svc_data = data[_svc]
+            if not isinstance(_svc_data, dict):
+                continue
+            for _f in _fields:
+                if _f in _svc_data and _svc_data[_f] is not None and _svc_data[_f] != '':
+                    try:
+                        _p = int(_svc_data[_f])
+                        if not (1 <= _p <= 65535):
+                            raise ValueError()
+                    except (ValueError, TypeError):
+                        return jsonify({'error': f'{_svc}.{_f} must be an integer between 1 and 65535'}), 400
+        # Validate WireGuard address (must be valid IP/CIDR)
+        if 'wireguard' in data and isinstance(data['wireguard'], dict):
+            _addr = data['wireguard'].get('address')
+            if _addr:
+                import ipaddress as _ipa2
+                try:
+                    _ipa2.ip_interface(_addr)
+                except ValueError as _e:
+                    return jsonify({'error': f'wireguard.address is not a valid IP/CIDR: {_e}'}), 400
+
        # Capture old identity and service configs BEFORE saving, for change detection
        old_identity = dict(config_manager.configs.get('_identity', {}))
        old_svc_configs = {