import { BasePolicyForm } from "@goauthentik/admin/policies/BasePolicyForm"; import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import "@goauthentik/elements/ak-dual-select"; import { DataProvision, DualSelectPair } from "@goauthentik/elements/ak-dual-select/types"; import "@goauthentik/elements/forms/FormGroup"; import "@goauthentik/elements/forms/HorizontalFormElement"; import "@goauthentik/elements/forms/SearchSelect"; import { msg } from "@lit/localize"; import { TemplateResult, html } from "lit"; import { customElement } from "lit/decorators.js"; import { DetailedCountry, GeoIPPolicy, PoliciesApi } from "@goauthentik/api"; import { countryCache } from "./CountryCache"; function countryToPair(country: DetailedCountry): DualSelectPair { return [country.code, country.name, country.name]; } @customElement("ak-policy-geoip-form") export class GeoIPPolicyForm extends BasePolicyForm { loadInstance(pk: string): Promise { return new PoliciesApi(DEFAULT_CONFIG).policiesGeoipRetrieve({ policyUuid: pk, }); } async send(data: GeoIPPolicy): Promise { if (data.asns?.toString() === "") { data.asns = []; } else { data.asns = (data.asns as unknown as string).split(",").map(Number); } if (this.instance) { return new PoliciesApi(DEFAULT_CONFIG).policiesGeoipUpdate({ policyUuid: this.instance.pk || "", geoIPPolicyRequest: data, }); } return new PoliciesApi(DEFAULT_CONFIG).policiesGeoipCreate({ geoIPPolicyRequest: data, }); } renderForm(): TemplateResult { return html` ${msg( "Ensure the user satisfies requirements of geography or network topology, based on IP address. If any of the configured values match, the policy passes.", )}

${msg("Execution logging")}

${msg( "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.", )}

${msg("Distance settings")}

${msg("Check historical distance of logins")}

${msg( "When this option enabled, the GeoIP data of the policy request is compared to the specified number of historical logins.", )}

${msg( "Maximum distance a login attempt is allowed from in kilometers.", )}

${msg("Tolerance in checking for distances in kilometers.")}

${msg("Amount of previous login events to check against.")}

${msg("Check impossible travel")}

${msg( "When this option enabled, the GeoIP data of the policy request is compared to the specified number of historical logins and if the travel would have been possible in the amount of time since the previous event.", )}

${msg("Tolerance in checking for distances in kilometers.")}

${msg("Static rule settings")}

${msg( "List of autonomous system numbers. Comma separated. E.g. 13335, 15169, 20940", )}

=> { return countryCache .getCountries() .then((results) => { if (!search) return results; return results.filter((result) => result.name .toLowerCase() .includes(search.toLowerCase()), ); }) .then((results) => ({ options: results.map(countryToPair), })); }} .selected=${(this.instance?.countriesObj ?? []).map(countryToPair)} available-label="${msg("Available Countries")}" selected-label="${msg("Selected Countries")}" >

`; } }