Alias Management: modify - network_address_aliases_update

Signed-off-by: lilinzhe <[email protected]>

Author: slayercat

README.md

@@ -26,6 +26,7 @@ tasks feasible.
  - [system_info](#user-content-system_info) - Returns various useful system info.
  - [network_address_aliases_get](#user-content-network_address_aliases_get) - Returns address aliaes used by rules.
  - [network_address_aliases_create](#user-content-network_address_aliases_create) - Creates An network aliaes for rules
+ - [network_address_aliases_update](#user-content-network_address_aliases_update) - Update a address aliaes. Returns newest result
  - [filter_rules_get](#user-content-filter_rules_get) - Returns firewall filters.
 
 
@@ -994,6 +995,59 @@ curl \
     "https://<host-address>/fauxapi/v1/?action=network_address_aliases_create"
 ```
 
+*Example Response*
+```javascript
+{
+    "callid": "5e22393a9aa5a",
+    "action": "network_address_aliases_create",
+    "message": "ok",
+    "data": {
+        "aliases": {
+            "alias": [
+                {
+                    "name": "EasyRuleBlockHostsWAN",
+                    "type": "network",
+                    "address": "1.2.3.4/32 5.6.7.8/32",
+                    "descr": "Hosts blocked from Firewall Log view",
+                    "detail": "Entry added Fri, 27 Dec 2019 00:53:01 -0800||\u5df2\u6dfb\u52a0\u6761\u76ee Thu, 16 Jan 2020 03:42:37 -0800"
+                },
+                {
+                    "name": "wsdfan",
+                    "descr": "Test",
+                    "type": "network",
+                    "address": "12.23.45.3/32",
+                    "detail": "a"
+                }
+            ]
+        }
+    }
+}
+```
+---
+### network_address_aliases_update
+ - Update a address aliaes. Returns newest result
+ - HTTP: **POST**
+ - Params: none
+ - Request body: json
+     - **name** :<string> name of aliases. identiy which aliases frr modify
+     - **type** :<string> type of aliases. **MUST** be `network` for now.
+     - **cidr_addresses** : < list of <object> > name alias what
+        - **address** an ip address or a network prefix.
+        - **details** a description of this address. for human readable documentation.
+     - **descr** : <string> the description of current aliases.
+  - Response: json <object>: the items after created
+
+*Example Request*
+```bash
+curl \
+    -X GET \
+    --silent \
+    --insecure \
+    --header "fauxapi-auth: <auth-value>" \
+    --data '{"name": "wsdfan", "type": "network", "cidr_addresses": [{"address":"12.23.45.3/32", "details":"a"}], "descr":"Test"}'
+    "https://<host-address>/fauxapi/v1/?action=network_address_aliases_create"
+```
+
 *Example Response*
 ```javascript
 {

pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_actions.inc

@@ -473,7 +473,7 @@ class fauxApiActions {
         return TRUE;
     }
     /**
-     * address_aliases_get()
+     * network_address_aliases_create()
      * 
      * @return boolean
      */
@@ -483,7 +483,7 @@ class fauxApiActions {
         $name = $this->action_input_data["name"];
         $type = $this->action_input_data["type"];
         $cidr_addresses =$this->action_input_data['cidr_addresses'];
-        $descr=$this->action_input_data['descr'] or "Added by fauxapi";
+        $descr=$this->action_input_data['descr']; 
 
         $alias = $this->PfsenseInterface->network_address_aliases_create($name, $type, $cidr_addresses, $descr);
 
@@ -499,6 +499,34 @@ class fauxApiActions {
         );
         return TRUE;
     }
+
+     /**
+     * network_address_aliases_update()
+     * 
+     * @return boolean
+     */
+    public function network_address_aliases_update() {
+        fauxApiLogger::debug(__METHOD__);
+
+        $name = $this->action_input_data["name"];
+        $type = $this->action_input_data["type"];
+        $cidr_addresses =$this->action_input_data['cidr_addresses'];
+        $descr=$this->action_input_data['descr'] ;
+
+        $alias = $this->PfsenseInterface->network_address_aliases_update($name, $type, $cidr_addresses, $descr);
+        
+        if (empty($alias)) {
+            $this->response->http_code = 500;
+            $this->response->message = 'unable to get address aliases';
+            return FALSE;
+        }
+        $this->response->http_code = 200;
+        $this->response->message = 'ok';
+        $this->response->data = array(
+            'aliases' => $alias,      
+        );
+        return TRUE;
+    }
 
     /**
      * alias_update_urltables()

pfSense-pkg-FauxAPI/files/etc/inc/fauxapi/fauxapi_pfsense_interface_alias.inc

@@ -2,108 +2,9 @@
 
 namespace fauxapi\v1;
 
-// write_config requires functions from this
-include '/etc/inc/phpsessionmanager.inc';
-include '/etc/inc/auth.inc';
+include 'fauxapi_pfsense_interface_alias.priv.inc';
 trait network_address_aliases
 {
-
-    /*
-        From PFSENSE. copyed for old version.
-        If $return_message is true then
-            returns a text message about the reason that the name is invalid.
-            the text includes the type of "thing" that is being checked, passed in $object. (e.g. "alias", "gateway group", "schedule")
-        else
-            returns true if $name is a valid name for an alias
-            returns false if $name is not a valid name for an alias
-
-        Aliases cannot be:
-            bad chars: anything except a-z 0-9 and underscore
-            bad names: empty string, pure numeric, pure underscore
-            reserved words: pre-defined service/protocol/port names which should not be ambiguous, and the words "port" and  "pass" */
-
-    private function is_valid_network_address_alias_name($name)
-    {
-        global $config;
-        global $pf_reserved_keywords;
-        $reserved_table_names = array(
-            "bogons",
-            "bogonsv6",
-            "negate_networks",
-            "snort2c",
-            "sshguard",
-            "tonatsubnets",
-            "virusprot",
-            "vpn_networks",
-        );
-        $reserved_ifs = get_configured_interface_list(true);
-        $pf_reserved_keywords = array_merge($pf_reserved_keywords, $reserved_ifs, $reserved_table_names);
-
-        $object = "alias";
-        /* Array of reserved words */
-        $reserved = array("port", "pass");
-
-        if (!is_string($name) || strlen($name) >= 32 || preg_match('/(^_*$|^\d*$|[^a-z0-9_])/i', $name)) {
-            return sprintf(gettext('The %1$s name must be less than 32 characters long, may not consist of only numbers, may not consist of only underscores, and may only contain the following characters: %2$s'), $object, 'a-z, A-Z, 0-9, _');
-        }
-        if (in_array($name, $reserved, true)) {
-            return sprintf(gettext('The %1$s name must not be either of the reserved words %2$s or %3$s.'), $object, "'port'", "'pass'");
-        }
-        if (getprotobyname($name)) {
-            return sprintf(gettext('The %1$s name must not be an IP protocol name such as TCP, UDP, ICMP etc.'), $object);
-        }
-        if (getservbyname($name, "tcp") || getservbyname($name, "udp")) {
-            return sprintf(gettext('The %1$s name must not be a well-known or registered TCP or UDP port name such as ssh, smtp, pop3, tftp, http, openvpn etc.'), $object);
-        }
-
-        /* Check for reserved keyword names */
-        foreach ($pf_reserved_keywords as $rk) {
-            if (strcasecmp($rk, $name) == 0) {
-                return sprintf(gettext("Cannot use a reserved keyword as an alias name: %s"), $rk);
-            }
-        }
-
-        /*
-        * Packages (e.g. tinc) create interface groups, reserve this
-        * namespace pkg_ for them.
-        * One namespace is shared by Interfaces, Interface Groups and Aliases.
-        */
-        if (substr($name, 0, 4) == 'pkg_') {
-            return gettext("The alias name cannot start with pkg_");
-        }
-
-        /* check for name interface description conflicts */
-        foreach ($config['interfaces'] as $interface) {
-            if (strcasecmp($interface['descr'], $name) == 0) {
-                return gettext("An interface description with this name already exists.");
-            }
-        }
-
-        /* Is the description already used as an interface group name? */
-        if (is_array($config['ifgroups']['ifgroupentry'])) {
-            foreach ($config['ifgroups']['ifgroupentry'] as $ifgroupentry) {
-                if ($ifgroupentry['ifname'] == $name) {
-                    return gettext("Sorry, an interface group with this name already exists.");
-                }
-            }
-        }
-
-        // SHELL NOT BE A IP address. for prevent infinite loops make sure the alias name does not equal the value
-        if (is_ipaddr($name)) {
-            return "name shell not be ip address";
-        }
-        // CHECK NAME
-        foreach ($config["aliases"]["alias"] as $cfgitem) {
-            if ($cfgitem["name"] == $name) {
-                return  gettext("An alias with this name already exists.");
-            }
-        }
-
-        return NULL;
-    }
-
-
-
     /**
      * network_address_aliases_get()
      * 
@@ -138,7 +39,7 @@ trait network_address_aliases
             fauxApiLogger::error($error_message, $error_data);
             throw new \Exception($error_message);
         }
-        $error_message = $this->is_valid_network_address_alias_name($name);
+        $error_message = fauxApiInterfaceAliasTools::is_valid_network_address_alias_name($name);
         if ($error_message !== NULL) {
             $error_data = array('name' => $name);
             fauxApiLogger::error($error_message, $error_data);
@@ -150,69 +51,85 @@ trait network_address_aliases
             fauxApiLogger::error($error_message, $error_data);
             throw new \Exception($error_message);
         }
-        $address_cfg = array();
-        $details_cfg = array();
-        foreach ($cidr_addresses as $addresscfg) {
-            $address = $addresscfg["address"];
-            if (!is_ipaddr($address) && !is_subnet($address)) {
-                $error_message = "must be a address or subnet";
-                $error_data = array('address' => $addresscfg);
-                fauxApiLogger::error($error_message, $error_data);
-                throw new \Exception($error_message);
-            }
-            $details = $addresscfg["details"];
-            $details = preg_replace('/\|\|+/', '|', trim($details, "|"));
-            array_push($address_cfg, $address);
-            array_push($details_cfg, $details);
-        }
-        $address_cfg = join(" ", $address_cfg);
-        $details_cfg = join("||", $details_cfg);
+        $result = fauxApiInterfaceAliasTools::parse_cidr_addresslist_to_config($cidr_addresses);
         # this shell saves to config.
         $pconfig['name'] = $name;
         $pconfig['descr'] = $descr;
         $pconfig['type'] = $type;
-        $pconfig['address'] = $address_cfg;
-        $pconfig['detail'] = $details_cfg;
+        $pconfig['address'] = $result["address"];
+        $pconfig['detail'] = $result["detail"];
         init_config_arr(array('aliases', 'alias'));
         $currsize = count($config['aliases']['alias']);
         $config["aliases"]['alias'][$currsize] = $pconfig;
-        $session_item = $_SESSION['Username'];
-        $_SESSION['Username'] = "admin";  // workaround to make writeconfig work
-        if (write_config(gettext("Edited a firewall alias."))) {
-            mark_subsystem_dirty('aliases');
-            $_SESSION['Username'] = $session_item;
-        } else {
-            $_SESSION['Username'] = $session_item;
-            $error_message = "must be a address or subnet";
-            $error_data = array('address' => $addresscfg);
-            fauxApiLogger::error($error_message, $error_data);
-            throw new \Exception($error_message);
+        if (!fauxApiInterfaceAliasTools::write_config_aliases()) {
+            return NULL;
         }
-
         return $config["aliases"];
     }
 
     /**
-     * network_address_aliases_get()
+     * network_address_aliases_update()
      * 
+     * @param string $name - which alias to modify
+     * @param string $type - alias type, supports "network" only
+     * @param array $cidr_addresses - alias CIDRAddress {"address": "1.2.3.4/32", "details":"message"}
+     * @param string $descr - alias descr, use for UI item.
      * @return array
      */
-    public function network_address_aliases_update()
+    public function network_address_aliases_update($name, $type, $cidr_addresses, $descr = "Added by fauxapi")
     {
         global $config;
-        fauxApiLogger::debug(__METHOD__);
+        fauxApiLogger::debug(__METHOD__, array(
+            'name' => $name, 'type' => $type, 'cidr_addresses' => $cidr_addresses, 'descr' => $descr
+        ));
+        $pconfig=NULL;
+        for ($id = 0; $id < count($config["aliases"]["alias"]); $id+=1) {
+            $cfgitem = $config["aliases"]["alias"][$id];
+            if ($cfgitem["name"] == $name){
+                $pconfig=&$config["aliases"]["alias"][$id];
+            }
+        }
+        if ($pconfig== NULL){
+            //not find
+            $error_message = "not find name";
+            $error_data = array('name' => $name);
+            fauxApiLogger::error($error_message, $error_data);
+            throw new \Exception($error_message);
+        }
+        if ($type != "network") {
+            $error_message = "can support type network only for now";
+            $error_data = array('type' => $type);
+            fauxApiLogger::error($error_message, $error_data);
+            throw new \Exception($error_message);
+        }
+        $result = fauxApiInterfaceAliasTools::parse_cidr_addresslist_to_config($cidr_addresses);
+        # this shell saves to config.
+        $pconfig['name'] = $name;
+        $pconfig['descr'] = $descr;
+        $pconfig['type'] = $type;
+        $pconfig['address'] = $result["address"];
+        $pconfig['detail'] = $result["detail"];
+        if (!fauxApiInterfaceAliasTools::write_config_aliases()) {
+            return NULL;
+        }
+
         return $config["aliases"];
     }
-
     /**
-     * network_address_aliases_get()
+     * network_address_aliases_delete()
      * 
+     * @param string $name - which alias to modify
      * @return array
      */
-    public function network_address_aliases_delete()
+    public function network_address_aliases_delete($name)
     {
         global $config;
-        fauxApiLogger::debug(__METHOD__);
-        return $config["aliases"];
+        fauxApiLogger::debug(__METHOD__, array(
+            'name' => $name
+        ));
+        $pconfig=NULL;
+        for ($id = 0; $id < count($config["aliases"]["alias"]); $id+=1) {
+        }
+
     }
 }