Added basic OPNsense integration, and fixed PfSense API by changing from X-API-Key and X-API-Secret headers to only x-api-key header (lowercase as specified in v2 API docs)

2026-04-11 13:47:05 +02:00 · 2026-01-14 17:44:56 +01:00
parent 8ed18f2473
commit 325ddc2733
13 changed files with 311 additions and 53 deletions
--- a/pkg/web/handlers.go
+++ b/pkg/web/handlers.go
@@ -1424,9 +1424,8 @@ func ListPermanentBlocksHandler(c *gin.Context) {
 // AdvancedActionsTestHandler allows manual block/unblock tests.
 func AdvancedActionsTestHandler(c *gin.Context) {
 	var req struct {
-		Action   string `json:"action"`
-		IP       string `json:"ip"`
-		ServerID string `json:"serverId"`
+		Action string `json:"action"`
+		IP     string `json:"ip"`
 	}
 	if err := c.ShouldBindJSON(&req); err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid payload"})
@@ -1449,7 +1448,7 @@ func AdvancedActionsTestHandler(c *gin.Context) {

 	// Check if integration is configured
 	if settings.AdvancedActions.Integration == "" {
-		c.JSON(http.StatusBadRequest, gin.H{"error": "no integration configured. Please configure an integration (MikroTik or pfSense) in Advanced Actions settings first"})
+		c.JSON(http.StatusBadRequest, gin.H{"error": "no integration configured. Please configure an integration (MikroTik, pfSense, or OPNsense) in Advanced Actions settings first"})
 		return
 	}

@@ -1466,15 +1465,8 @@ func AdvancedActionsTestHandler(c *gin.Context) {
 		return
 	}

+	// Advanced actions work globally, not per server
 	server := config.Fail2banServer{}
-	if req.ServerID != "" {
-		if srv, ok := config.GetServerByID(req.ServerID); ok {
-			server = srv
-		} else {
-			c.JSON(http.StatusBadRequest, gin.H{"error": "server not found"})
-			return
-		}
-	}

 	// Check if IP is already blocked before attempting action (for block action only)
 	skipLoggingIfAlreadyBlocked := false
--- a/pkg/web/static/fail2ban-ui.css
+++ b/pkg/web/static/fail2ban-ui.css
@@ -314,7 +314,7 @@ mark {
    }
 }

-#advancedMikrotikFields, #advancedPfSenseFields {
+#advancedMikrotikFields, #advancedPfSenseFields, #advancedOPNsenseFields {
    padding: 10px;
 }

--- a/pkg/web/templates/index.html
+++ b/pkg/web/templates/index.html
@@ -274,6 +274,7 @@
                <option value="" data-i18n="settings.advanced.integration_none">Select integration</option>
                <option value="mikrotik">Mikrotik</option>
                <option value="pfsense">pfSense</option>
+                <option value="opnsense">OPNsense</option>
              </select>
              <p class="text-xs text-gray-500 mt-1" data-i18n="settings.advanced.integration_hint">Choose where permanent bans should be synchronized.</p>
            </div>
@@ -309,19 +310,21 @@
            </div>

            <div id="advancedPfSenseFields" class="hidden border border-gray-200 rounded-lg p-4 overflow-x-auto bg-gray-50">
-              <p class="text-sm text-gray-500" data-i18n="settings.advanced.pfsense.note">Requires the pfSense API package. Enter the API credentials and alias to manage.</p>
+              <p class="text-sm text-gray-500 mb-3" data-i18n="settings.advanced.pfsense.note">Requires the pfSense REST API package. Enter the API key and alias to manage.</p>
+              <div class="mb-3 text-sm">
+                <a href="https://github.com/jaredhendrickson13/pfsense-api/releases" target="_blank" rel="noopener noreferrer" class="text-blue-600 hover:text-blue-800 underline" data-i18n="settings.advanced.pfsense.install_link">Install REST API Package</a>
+                <span class="text-gray-500 mx-2">•</span>
+                <a href="https://pfrest.org/AUTHENTICATION_AND_AUTHORIZATION/" target="_blank" rel="noopener noreferrer" class="text-blue-600 hover:text-blue-800 underline" data-i18n="settings.advanced.pfsense.api_key_setup">Setup API Key</a>
+              </div>
              <div class="grid grid-cols-1 md:grid-cols-2 gap-4">
                <div class="md:col-span-2">
                  <label class="block text-sm font-medium text-gray-700" for="pfSenseBaseURL" data-i18n="settings.advanced.pfsense.base_url">Base URL</label>
                  <input id="pfSenseBaseURL" type="url" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500" placeholder="https://firewall.local">
                </div>
-                <div>
-                  <label class="block text-sm font-medium text-gray-700" for="pfSenseToken" data-i18n="settings.advanced.pfsense.token">API Token</label>
-                  <input id="pfSenseToken" type="text" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500">
-                </div>
-                <div>
-                  <label class="block text-sm font-medium text-gray-700" for="pfSenseSecret" data-i18n="settings.advanced.pfsense.secret">API Secret</label>
-                  <input id="pfSenseSecret" type="text" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500">
+                <div class="md:col-span-2">
+                  <label class="block text-sm font-medium text-gray-700" for="pfSenseToken" data-i18n="settings.advanced.pfsense.token">API Key</label>
+                  <input id="pfSenseToken" type="text" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500" placeholder="Your API key from System > REST API > Keys">
+                  <p class="text-xs text-gray-500 mt-1" data-i18n="settings.advanced.pfsense.token_hint">Generate in System > REST API > Keys in pfSense webConfigurator</p>
                </div>
                <div>
                  <label class="block text-sm font-medium text-gray-700" for="pfSenseAlias" data-i18n="settings.advanced.pfsense.alias">Alias Name</label>
@@ -333,6 +336,37 @@
                </div>
              </div>
            </div>
+
+            <div id="advancedOPNsenseFields" class="hidden border border-gray-200 rounded-lg p-4 overflow-x-auto bg-gray-50">
+              <p class="text-sm text-gray-500 mb-3" data-i18n="settings.advanced.opnsense.note">Enter the OPNsense API credentials and alias to manage.</p>
+              <div class="mb-3 text-sm">
+                <a href="https://docs.opnsense.org/development/api.html" target="_blank" rel="noopener noreferrer" class="text-blue-600 hover:text-blue-800 underline" data-i18n="settings.advanced.opnsense.api_docs">API Documentation</a>
+              </div>
+              <div class="grid grid-cols-1 md:grid-cols-2 gap-4">
+                <div class="md:col-span-2">
+                  <label class="block text-sm font-medium text-gray-700" for="opnsenseBaseURL" data-i18n="settings.advanced.opnsense.base_url">Base URL</label>
+                  <input id="opnsenseBaseURL" type="url" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500" placeholder="https://firewall.local">
+                </div>
+                <div>
+                  <label class="block text-sm font-medium text-gray-700" for="opnsenseKey" data-i18n="settings.advanced.opnsense.key">API Key</label>
+                  <input id="opnsenseKey" type="text" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500" placeholder="Your API key">
+                  <p class="text-xs text-gray-500 mt-1" data-i18n="settings.advanced.opnsense.key_hint">Generate in System > Access > Users > API Keys</p>
+                </div>
+                <div>
+                  <label class="block text-sm font-medium text-gray-700" for="opnsenseSecret" data-i18n="settings.advanced.opnsense.secret">API Secret</label>
+                  <input id="opnsenseSecret" type="text" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500" placeholder="Your API secret">
+                  <p class="text-xs text-gray-500 mt-1" data-i18n="settings.advanced.opnsense.secret_hint">Generate together with API key</p>
+                </div>
+                <div>
+                  <label class="block text-sm font-medium text-gray-700" for="opnsenseAlias" data-i18n="settings.advanced.opnsense.alias">Alias Name</label>
+                  <input id="opnsenseAlias" type="text" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500">
+                </div>
+                <div class="flex items-center">
+                  <input type="checkbox" id="opnsenseSkipTLS" class="h-4 w-4 text-blue-600 border-gray-300 rounded">
+                  <label for="opnsenseSkipTLS" class="ml-2 text-sm text-gray-700" data-i18n="settings.advanced.opnsense.skip_tls">Skip TLS verification (self-signed)</label>
+                </div>
+              </div>
+            </div>
          </div>

          <div class="mt-6">
@@ -1203,12 +1237,6 @@
                  <label for="advancedTestIP" class="block text-sm font-medium text-gray-700" data-i18n="settings.advanced.test_ip">IP address</label>
                  <input type="text" id="advancedTestIP" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500" placeholder="203.0.113.10">
                </div>
-                <div>
-                  <label for="advancedTestServer" class="block text-sm font-medium text-gray-700" data-i18n="settings.advanced.test_server">Optional server</label>
-                  <select id="advancedTestServer" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500">
-                    <option value="" data-i18n="settings.advanced.test_server_none">Use global integration settings</option>
-                  </select>
-                </div>
              </div>
            </div>
          </div>