mirror of
https://github.com/swissmakers/fail2ban-ui.git
synced 2026-04-11 13:47:05 +02:00
Added basic OPNsense integration, and fixed PfSense API by changing from X-API-Key and X-API-Secret headers to only x-api-key header (lowercase as specified in v2 API docs)
This commit is contained in:
@@ -90,6 +90,7 @@ type AdvancedActionsConfig struct {
|
||||
Integration string `json:"integration"`
|
||||
Mikrotik MikrotikIntegrationSettings `json:"mikrotik"`
|
||||
PfSense PfSenseIntegrationSettings `json:"pfSense"`
|
||||
OPNsense OPNsenseIntegrationSettings `json:"opnsense"`
|
||||
}
|
||||
|
||||
type MikrotikIntegrationSettings struct {
|
||||
@@ -109,6 +110,14 @@ type PfSenseIntegrationSettings struct {
|
||||
SkipTLSVerify bool `json:"skipTLSVerify"`
|
||||
}
|
||||
|
||||
type OPNsenseIntegrationSettings struct {
|
||||
BaseURL string `json:"baseUrl"`
|
||||
APIKey string `json:"apiKey"`
|
||||
APISecret string `json:"apiSecret"`
|
||||
Alias string `json:"alias"`
|
||||
SkipTLSVerify bool `json:"skipTLSVerify"`
|
||||
}
|
||||
|
||||
func defaultAdvancedActionsConfig() AdvancedActionsConfig {
|
||||
return AdvancedActionsConfig{
|
||||
Enabled: false,
|
||||
|
||||
@@ -97,7 +97,18 @@ func (m *mikrotikIntegration) runCommand(req Request, command string) error {
|
||||
address := net.JoinHostPort(cfg.Host, fmt.Sprintf("%d", port))
|
||||
client, err := ssh.Dial("tcp", address, clientCfg)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to connect to mikrotik: %w", err)
|
||||
// Provide more specific error messages for common connection issues
|
||||
if netErr, ok := err.(net.Error); ok {
|
||||
if netErr.Timeout() {
|
||||
return fmt.Errorf("connection to mikrotik at %s timed out: %w", address, err)
|
||||
}
|
||||
}
|
||||
if opErr, ok := err.(*net.OpError); ok {
|
||||
if opErr.Err != nil {
|
||||
return fmt.Errorf("failed to connect to mikrotik at %s: %v (check host, port %d, and network connectivity)", address, opErr.Err, port)
|
||||
}
|
||||
}
|
||||
return fmt.Errorf("failed to connect to mikrotik at %s: %w (check host, port %d, username, and credentials)", address, err, port)
|
||||
}
|
||||
defer client.Close()
|
||||
|
||||
|
||||
128
internal/integrations/opnsense.go
Normal file
128
internal/integrations/opnsense.go
Normal file
@@ -0,0 +1,128 @@
|
||||
package integrations
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/tls"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/swissmakers/fail2ban-ui/internal/config"
|
||||
)
|
||||
|
||||
type opnsenseIntegration struct{}
|
||||
|
||||
func init() {
|
||||
Register(&opnsenseIntegration{})
|
||||
}
|
||||
|
||||
func (o *opnsenseIntegration) ID() string {
|
||||
return "opnsense"
|
||||
}
|
||||
|
||||
func (o *opnsenseIntegration) DisplayName() string {
|
||||
return "OPNsense"
|
||||
}
|
||||
|
||||
func (o *opnsenseIntegration) Validate(cfg config.AdvancedActionsConfig) error {
|
||||
if cfg.OPNsense.BaseURL == "" {
|
||||
return fmt.Errorf("OPNsense base URL is required")
|
||||
}
|
||||
if cfg.OPNsense.APIKey == "" || cfg.OPNsense.APISecret == "" {
|
||||
return fmt.Errorf("OPNsense API key and secret are required")
|
||||
}
|
||||
if cfg.OPNsense.Alias == "" {
|
||||
return fmt.Errorf("OPNsense alias is required")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (o *opnsenseIntegration) BlockIP(req Request) error {
|
||||
if err := o.Validate(req.Config); err != nil {
|
||||
return err
|
||||
}
|
||||
return o.callAPI(req, "add", req.IP)
|
||||
}
|
||||
|
||||
func (o *opnsenseIntegration) UnblockIP(req Request) error {
|
||||
if err := o.Validate(req.Config); err != nil {
|
||||
return err
|
||||
}
|
||||
return o.callAPI(req, "del", req.IP)
|
||||
}
|
||||
|
||||
func (o *opnsenseIntegration) callAPI(req Request, action, ip string) error {
|
||||
cfg := req.Config.OPNsense
|
||||
|
||||
// OPNsense uses /api/firewall/alias_util/{action}/{alias_name}
|
||||
apiURL := strings.TrimSuffix(cfg.BaseURL, "/") + fmt.Sprintf("/api/firewall/alias_util/%s/%s", action, cfg.Alias)
|
||||
|
||||
// Request body for OPNsense
|
||||
payload := map[string]string{
|
||||
"address": ip,
|
||||
}
|
||||
data, err := json.Marshal(payload)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to encode OPNsense payload: %w", err)
|
||||
}
|
||||
|
||||
httpClient := &http.Client{
|
||||
Timeout: 10 * time.Second,
|
||||
}
|
||||
if cfg.SkipTLSVerify {
|
||||
httpClient.Transport = &http.Transport{
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // #nosec G402 - user controlled
|
||||
}
|
||||
}
|
||||
|
||||
reqLogger := "OPNsense"
|
||||
if req.Logger != nil {
|
||||
req.Logger("Calling OPNsense API %s action=%s payload=%s", apiURL, action, string(data))
|
||||
}
|
||||
|
||||
httpReq, err := http.NewRequest(http.MethodPost, apiURL, bytes.NewReader(data))
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to create OPNsense request: %w", err)
|
||||
}
|
||||
httpReq.Header.Set("Content-Type", "application/json")
|
||||
|
||||
// OPNsense uses Basic Auth with API key as username and API secret as password
|
||||
auth := base64.StdEncoding.EncodeToString([]byte(cfg.APIKey + ":" + cfg.APISecret))
|
||||
httpReq.Header.Set("Authorization", "Basic "+auth)
|
||||
|
||||
resp, err := httpClient.Do(httpReq)
|
||||
if err != nil {
|
||||
// Provide more specific error messages for connection issues
|
||||
if netErr, ok := err.(interface {
|
||||
Timeout() bool
|
||||
Error() string
|
||||
}); ok && netErr.Timeout() {
|
||||
return fmt.Errorf("OPNsense API request to %s timed out: %w", apiURL, err)
|
||||
}
|
||||
return fmt.Errorf("OPNsense API request to %s failed: %w (check base URL, network connectivity, and API credentials)", apiURL, err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
// Read response body for better error messages
|
||||
bodyBytes, _ := io.ReadAll(resp.Body)
|
||||
bodyStr := strings.TrimSpace(string(bodyBytes))
|
||||
|
||||
if resp.StatusCode >= 300 {
|
||||
if bodyStr != "" {
|
||||
return fmt.Errorf("OPNsense API request failed: status %s, response: %s", resp.Status, bodyStr)
|
||||
}
|
||||
return fmt.Errorf("OPNsense API request failed: status %s (check API credentials and alias name)", resp.Status)
|
||||
}
|
||||
|
||||
if req.Logger != nil {
|
||||
req.Logger("%s API call succeeded", reqLogger)
|
||||
if bodyStr != "" {
|
||||
req.Logger("%s API response: %s", reqLogger, bodyStr)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
"crypto/tls"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
@@ -30,8 +31,8 @@ func (p *pfSenseIntegration) Validate(cfg config.AdvancedActionsConfig) error {
|
||||
if cfg.PfSense.BaseURL == "" {
|
||||
return fmt.Errorf("pfSense base URL is required")
|
||||
}
|
||||
if cfg.PfSense.APIToken == "" || cfg.PfSense.APISecret == "" {
|
||||
return fmt.Errorf("pfSense API token and secret are required")
|
||||
if cfg.PfSense.APIToken == "" {
|
||||
return fmt.Errorf("pfSense API key is required")
|
||||
}
|
||||
if cfg.PfSense.Alias == "" {
|
||||
return fmt.Errorf("pfSense alias is required")
|
||||
@@ -92,21 +93,38 @@ func (p *pfSenseIntegration) callAPI(req Request, action string, payload map[str
|
||||
return fmt.Errorf("failed to create pfSense request: %w", err)
|
||||
}
|
||||
httpReq.Header.Set("Content-Type", "application/json")
|
||||
httpReq.Header.Set("X-API-Key", cfg.APIToken)
|
||||
httpReq.Header.Set("X-API-Secret", cfg.APISecret)
|
||||
// pfSense REST API v2 uses KeyAuth with x-api-key header only
|
||||
httpReq.Header.Set("x-api-key", cfg.APIToken)
|
||||
|
||||
resp, err := httpClient.Do(httpReq)
|
||||
if err != nil {
|
||||
return fmt.Errorf("pfSense request failed: %w", err)
|
||||
// Provide more specific error messages for connection issues
|
||||
if netErr, ok := err.(interface {
|
||||
Timeout() bool
|
||||
Error() string
|
||||
}); ok && netErr.Timeout() {
|
||||
return fmt.Errorf("pfSense API request to %s timed out: %w", apiURL, err)
|
||||
}
|
||||
return fmt.Errorf("pfSense API request to %s failed: %w (check base URL, network connectivity, and API credentials)", apiURL, err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
// Read response body for better error messages
|
||||
bodyBytes, _ := io.ReadAll(resp.Body)
|
||||
bodyStr := strings.TrimSpace(string(bodyBytes))
|
||||
|
||||
if resp.StatusCode >= 300 {
|
||||
return fmt.Errorf("pfSense request failed: status %s", resp.Status)
|
||||
if bodyStr != "" {
|
||||
return fmt.Errorf("pfSense API request failed: status %s, response: %s", resp.Status, bodyStr)
|
||||
}
|
||||
return fmt.Errorf("pfSense API request failed: status %s (check API credentials and alias name)", resp.Status)
|
||||
}
|
||||
|
||||
if req.Logger != nil {
|
||||
req.Logger("%s API call succeeded", reqLogger)
|
||||
if bodyStr != "" {
|
||||
req.Logger("%s API response: %s", reqLogger, bodyStr)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -188,12 +188,24 @@
|
||||
"settings.advanced.mikrotik.password": "SSH-Passwort",
|
||||
"settings.advanced.mikrotik.key": "SSH-Key-Pfad (optional)",
|
||||
"settings.advanced.mikrotik.list": "Address-Listenname",
|
||||
"settings.advanced.pfsense.note": "Benötigt das pfSense API-Paket. Verwende ein Token mit Alias-Rechten.",
|
||||
"settings.advanced.pfsense.note": "Benötigt das pfSense REST API-Paket. Gib den API-Schlüssel und den Alias-Namen ein.",
|
||||
"settings.advanced.pfsense.install_link": "REST API-Paket installieren",
|
||||
"settings.advanced.pfsense.api_key_setup": "API-Schlüssel einrichten",
|
||||
"settings.advanced.pfsense.base_url": "Basis-URL",
|
||||
"settings.advanced.pfsense.token": "API-Token",
|
||||
"settings.advanced.pfsense.secret": "API-Secret",
|
||||
"settings.advanced.pfsense.token": "API-Schlüssel",
|
||||
"settings.advanced.pfsense.token_hint": "Erstellen in System > REST API > Keys im pfSense webConfigurator",
|
||||
"settings.advanced.pfsense.alias": "Alias-Name",
|
||||
"settings.advanced.pfsense.skip_tls": "TLS-Validierung überspringen (Self-Signed)",
|
||||
"settings.advanced.opnsense.note": "Gib die OPNsense API-Anmeldedaten und den Alias-Namen ein.",
|
||||
"settings.advanced.opnsense.api_docs": "API-Dokumentation",
|
||||
"settings.advanced.opnsense.api_key_setup": "API-Schlüssel einrichten",
|
||||
"settings.advanced.opnsense.base_url": "Basis-URL",
|
||||
"settings.advanced.opnsense.key": "API-Schlüssel",
|
||||
"settings.advanced.opnsense.key_hint": "Erstellen in System > Zugriff > Benutzer > API-Schlüssel",
|
||||
"settings.advanced.opnsense.secret": "API-Geheimnis",
|
||||
"settings.advanced.opnsense.secret_hint": "Zusammen mit dem API-Schlüssel erstellen",
|
||||
"settings.advanced.opnsense.alias": "Alias-Name",
|
||||
"settings.advanced.opnsense.skip_tls": "TLS-Validierung überspringen (Self-Signed)",
|
||||
"settings.advanced.log_title": "Log der permanenten Sperren",
|
||||
"settings.advanced.log_empty": "Noch keine permanenten Sperren vorhanden.",
|
||||
"settings.advanced.log_ip": "IP",
|
||||
|
||||
@@ -188,12 +188,24 @@
|
||||
"settings.advanced.mikrotik.password": "SSH-Passwort",
|
||||
"settings.advanced.mikrotik.key": "SSH-Key-Pfad (optional)",
|
||||
"settings.advanced.mikrotik.list": "Adress-Lischtename",
|
||||
"settings.advanced.pfsense.note": "Bruucht s pfSense API-Päckli. Erstell es Token wo Aliase cha bearbeite.",
|
||||
"settings.advanced.pfsense.note": "Bruucht s pfSense REST API-Päckli. Gib dr API-Schlüssu und dr Alias-Name i.",
|
||||
"settings.advanced.pfsense.install_link": "REST API-Päckli installiere",
|
||||
"settings.advanced.pfsense.api_key_setup": "API-Schlüssu iirichte",
|
||||
"settings.advanced.pfsense.base_url": "Basis-URL",
|
||||
"settings.advanced.pfsense.token": "API-Token",
|
||||
"settings.advanced.pfsense.secret": "API-Secret",
|
||||
"settings.advanced.pfsense.token": "API-Schlüssu",
|
||||
"settings.advanced.pfsense.token_hint": "Erstelle i System > REST API > Keys im pfSense webConfigurator",
|
||||
"settings.advanced.pfsense.alias": "Alias-Name",
|
||||
"settings.advanced.pfsense.skip_tls": "TLS-Prüfig überspringe (Self-Signed)",
|
||||
"settings.advanced.opnsense.note": "Gib d OPNsense API-Ameldedate und dr Alias-Name i.",
|
||||
"settings.advanced.opnsense.api_docs": "API-Dokumentation",
|
||||
"settings.advanced.opnsense.api_key_setup": "API-Schlüssu iirichte",
|
||||
"settings.advanced.opnsense.base_url": "Basis-URL",
|
||||
"settings.advanced.opnsense.key": "API-Schlüssu",
|
||||
"settings.advanced.opnsense.key_hint": "Erstelle i System > Zuegriff > Benutzer > API-Schlüssu",
|
||||
"settings.advanced.opnsense.secret": "API-Geheimnis",
|
||||
"settings.advanced.opnsense.secret_hint": "Zämme mit em API-Schlüssu erstelle",
|
||||
"settings.advanced.opnsense.alias": "Alias-Name",
|
||||
"settings.advanced.opnsense.skip_tls": "TLS-Prüfig überspringe (Self-Signed)",
|
||||
"settings.advanced.log_title": "Permanent gsperrti IPs",
|
||||
"settings.advanced.log_empty": "No ke permanenti Sperrig erfasst.",
|
||||
"settings.advanced.log_ip": "IP",
|
||||
|
||||
@@ -188,12 +188,24 @@
|
||||
"settings.advanced.mikrotik.password": "SSH Password",
|
||||
"settings.advanced.mikrotik.key": "SSH Key Path (optional)",
|
||||
"settings.advanced.mikrotik.list": "Address List Name",
|
||||
"settings.advanced.pfsense.note": "Requires the pfSense API package. Use an API token that may edit aliases.",
|
||||
"settings.advanced.pfsense.note": "Requires the pfSense REST API package. Enter the API key and alias to manage.",
|
||||
"settings.advanced.pfsense.install_link": "Install REST API Package",
|
||||
"settings.advanced.pfsense.api_key_setup": "Setup API Key",
|
||||
"settings.advanced.pfsense.base_url": "Base URL",
|
||||
"settings.advanced.pfsense.token": "API Token",
|
||||
"settings.advanced.pfsense.secret": "API Secret",
|
||||
"settings.advanced.pfsense.token": "API Key",
|
||||
"settings.advanced.pfsense.token_hint": "Generate in System > REST API > Keys in pfSense webConfigurator",
|
||||
"settings.advanced.pfsense.alias": "Alias Name",
|
||||
"settings.advanced.pfsense.skip_tls": "Skip TLS verification (self-signed)",
|
||||
"settings.advanced.opnsense.note": "Enter the OPNsense API credentials and alias to manage.",
|
||||
"settings.advanced.opnsense.api_docs": "API Documentation",
|
||||
"settings.advanced.opnsense.api_key_setup": "Setup API Key",
|
||||
"settings.advanced.opnsense.base_url": "Base URL",
|
||||
"settings.advanced.opnsense.key": "API Key",
|
||||
"settings.advanced.opnsense.key_hint": "Generate in System > Access > Users > API Keys",
|
||||
"settings.advanced.opnsense.secret": "API Secret",
|
||||
"settings.advanced.opnsense.secret_hint": "Generate together with API key",
|
||||
"settings.advanced.opnsense.alias": "Alias Name",
|
||||
"settings.advanced.opnsense.skip_tls": "Skip TLS verification (self-signed)",
|
||||
"settings.advanced.log_title": "Permanent Block Log",
|
||||
"settings.advanced.log_empty": "No permanent blocks recorded yet.",
|
||||
"settings.advanced.log_ip": "IP",
|
||||
|
||||
@@ -188,12 +188,24 @@
|
||||
"settings.advanced.mikrotik.password": "Contraseña SSH",
|
||||
"settings.advanced.mikrotik.key": "Ruta de la clave SSH (opcional)",
|
||||
"settings.advanced.mikrotik.list": "Nombre de la lista",
|
||||
"settings.advanced.pfsense.note": "Requiere el paquete de API de pfSense. Usa un token con acceso a alias.",
|
||||
"settings.advanced.pfsense.note": "Requiere el paquete REST API de pfSense. Introduce la clave API y el alias a gestionar.",
|
||||
"settings.advanced.pfsense.install_link": "Instalar paquete REST API",
|
||||
"settings.advanced.pfsense.api_key_setup": "Configurar clave API",
|
||||
"settings.advanced.pfsense.base_url": "URL base",
|
||||
"settings.advanced.pfsense.token": "Token API",
|
||||
"settings.advanced.pfsense.secret": "Secreto API",
|
||||
"settings.advanced.pfsense.token": "Clave API",
|
||||
"settings.advanced.pfsense.token_hint": "Generar en Sistema > REST API > Keys en el webConfigurator de pfSense",
|
||||
"settings.advanced.pfsense.alias": "Nombre del alias",
|
||||
"settings.advanced.pfsense.skip_tls": "Omitir verificación TLS (autofirmado)",
|
||||
"settings.advanced.opnsense.note": "Introduce las credenciales API de OPNsense y el alias a gestionar.",
|
||||
"settings.advanced.opnsense.api_docs": "Documentación API",
|
||||
"settings.advanced.opnsense.api_key_setup": "Configurar clave API",
|
||||
"settings.advanced.opnsense.base_url": "URL base",
|
||||
"settings.advanced.opnsense.key": "Clave API",
|
||||
"settings.advanced.opnsense.key_hint": "Generar en Sistema > Acceso > Usuarios > Claves API",
|
||||
"settings.advanced.opnsense.secret": "Secreto API",
|
||||
"settings.advanced.opnsense.secret_hint": "Generar junto con la clave API",
|
||||
"settings.advanced.opnsense.alias": "Nombre del alias",
|
||||
"settings.advanced.opnsense.skip_tls": "Omitir verificación TLS (autofirmado)",
|
||||
"settings.advanced.log_title": "Registro de bloqueos permanentes",
|
||||
"settings.advanced.log_empty": "Aún no hay bloqueos permanentes.",
|
||||
"settings.advanced.log_ip": "IP",
|
||||
|
||||
@@ -188,12 +188,24 @@
|
||||
"settings.advanced.mikrotik.password": "Mot de passe SSH",
|
||||
"settings.advanced.mikrotik.key": "Chemin de clé SSH (optionnel)",
|
||||
"settings.advanced.mikrotik.list": "Nom de la liste",
|
||||
"settings.advanced.pfsense.note": "Nécessite le paquet API pfSense. Utiliser un jeton ayant accès aux alias.",
|
||||
"settings.advanced.pfsense.note": "Nécessite le paquet REST API pfSense. Entrez la clé API et l'alias à gérer.",
|
||||
"settings.advanced.pfsense.install_link": "Installer le paquet REST API",
|
||||
"settings.advanced.pfsense.api_key_setup": "Configurer la clé API",
|
||||
"settings.advanced.pfsense.base_url": "URL de base",
|
||||
"settings.advanced.pfsense.token": "Jeton API",
|
||||
"settings.advanced.pfsense.secret": "Secret API",
|
||||
"settings.advanced.pfsense.alias": "Nom d’alias",
|
||||
"settings.advanced.pfsense.token": "Clé API",
|
||||
"settings.advanced.pfsense.token_hint": "Générer dans Système > REST API > Keys dans le webConfigurator pfSense",
|
||||
"settings.advanced.pfsense.alias": "Nom d'alias",
|
||||
"settings.advanced.pfsense.skip_tls": "Ignorer la vérification TLS (auto-signé)",
|
||||
"settings.advanced.opnsense.note": "Entrez les identifiants API OPNsense et l'alias à gérer.",
|
||||
"settings.advanced.opnsense.api_docs": "Documentation API",
|
||||
"settings.advanced.opnsense.api_key_setup": "Configurer la clé API",
|
||||
"settings.advanced.opnsense.base_url": "URL de base",
|
||||
"settings.advanced.opnsense.key": "Clé API",
|
||||
"settings.advanced.opnsense.key_hint": "Générer dans Système > Accès > Utilisateurs > Clés API",
|
||||
"settings.advanced.opnsense.secret": "Secret API",
|
||||
"settings.advanced.opnsense.secret_hint": "Générer avec la clé API",
|
||||
"settings.advanced.opnsense.alias": "Nom d'alias",
|
||||
"settings.advanced.opnsense.skip_tls": "Ignorer la vérification TLS (auto-signé)",
|
||||
"settings.advanced.log_title": "Journal des blocages permanents",
|
||||
"settings.advanced.log_empty": "Aucun blocage permanent pour le moment.",
|
||||
"settings.advanced.log_ip": "IP",
|
||||
|
||||
@@ -188,12 +188,24 @@
|
||||
"settings.advanced.mikrotik.password": "Password SSH",
|
||||
"settings.advanced.mikrotik.key": "Percorso chiave SSH (opzionale)",
|
||||
"settings.advanced.mikrotik.list": "Nome della lista",
|
||||
"settings.advanced.pfsense.note": "Richiede il pacchetto API di pfSense. Usa un token con accesso agli alias.",
|
||||
"settings.advanced.pfsense.note": "Richiede il pacchetto REST API di pfSense. Inserisci la chiave API e l'alias da gestire.",
|
||||
"settings.advanced.pfsense.install_link": "Installa pacchetto REST API",
|
||||
"settings.advanced.pfsense.api_key_setup": "Configura chiave API",
|
||||
"settings.advanced.pfsense.base_url": "URL base",
|
||||
"settings.advanced.pfsense.token": "Token API",
|
||||
"settings.advanced.pfsense.secret": "Segreto API",
|
||||
"settings.advanced.pfsense.token": "Chiave API",
|
||||
"settings.advanced.pfsense.token_hint": "Genera in Sistema > REST API > Keys nel webConfigurator di pfSense",
|
||||
"settings.advanced.pfsense.alias": "Nome alias",
|
||||
"settings.advanced.pfsense.skip_tls": "Ignora verifica TLS (auto-firmato)",
|
||||
"settings.advanced.opnsense.note": "Inserisci le credenziali API di OPNsense e l'alias da gestire.",
|
||||
"settings.advanced.opnsense.api_docs": "Documentazione API",
|
||||
"settings.advanced.opnsense.api_key_setup": "Configura chiave API",
|
||||
"settings.advanced.opnsense.base_url": "URL base",
|
||||
"settings.advanced.opnsense.key": "Chiave API",
|
||||
"settings.advanced.opnsense.key_hint": "Genera in Sistema > Accesso > Utenti > Chiavi API",
|
||||
"settings.advanced.opnsense.secret": "Segreto API",
|
||||
"settings.advanced.opnsense.secret_hint": "Genera insieme alla chiave API",
|
||||
"settings.advanced.opnsense.alias": "Nome alias",
|
||||
"settings.advanced.opnsense.skip_tls": "Ignora verifica TLS (auto-firmato)",
|
||||
"settings.advanced.log_title": "Registro dei blocchi permanenti",
|
||||
"settings.advanced.log_empty": "Nessun blocco permanente ancora registrato.",
|
||||
"settings.advanced.log_ip": "IP",
|
||||
|
||||
@@ -1424,9 +1424,8 @@ func ListPermanentBlocksHandler(c *gin.Context) {
|
||||
// AdvancedActionsTestHandler allows manual block/unblock tests.
|
||||
func AdvancedActionsTestHandler(c *gin.Context) {
|
||||
var req struct {
|
||||
Action string `json:"action"`
|
||||
IP string `json:"ip"`
|
||||
ServerID string `json:"serverId"`
|
||||
Action string `json:"action"`
|
||||
IP string `json:"ip"`
|
||||
}
|
||||
if err := c.ShouldBindJSON(&req); err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "invalid payload"})
|
||||
@@ -1449,7 +1448,7 @@ func AdvancedActionsTestHandler(c *gin.Context) {
|
||||
|
||||
// Check if integration is configured
|
||||
if settings.AdvancedActions.Integration == "" {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "no integration configured. Please configure an integration (MikroTik or pfSense) in Advanced Actions settings first"})
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "no integration configured. Please configure an integration (MikroTik, pfSense, or OPNsense) in Advanced Actions settings first"})
|
||||
return
|
||||
}
|
||||
|
||||
@@ -1466,15 +1465,8 @@ func AdvancedActionsTestHandler(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
// Advanced actions work globally, not per server
|
||||
server := config.Fail2banServer{}
|
||||
if req.ServerID != "" {
|
||||
if srv, ok := config.GetServerByID(req.ServerID); ok {
|
||||
server = srv
|
||||
} else {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "server not found"})
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// Check if IP is already blocked before attempting action (for block action only)
|
||||
skipLoggingIfAlreadyBlocked := false
|
||||
|
||||
@@ -314,7 +314,7 @@ mark {
|
||||
}
|
||||
}
|
||||
|
||||
#advancedMikrotikFields, #advancedPfSenseFields {
|
||||
#advancedMikrotikFields, #advancedPfSenseFields, #advancedOPNsenseFields {
|
||||
padding: 10px;
|
||||
}
|
||||
|
||||
|
||||
@@ -274,6 +274,7 @@
|
||||
<option value="" data-i18n="settings.advanced.integration_none">Select integration</option>
|
||||
<option value="mikrotik">Mikrotik</option>
|
||||
<option value="pfsense">pfSense</option>
|
||||
<option value="opnsense">OPNsense</option>
|
||||
</select>
|
||||
<p class="text-xs text-gray-500 mt-1" data-i18n="settings.advanced.integration_hint">Choose where permanent bans should be synchronized.</p>
|
||||
</div>
|
||||
@@ -309,19 +310,21 @@
|
||||
</div>
|
||||
|
||||
<div id="advancedPfSenseFields" class="hidden border border-gray-200 rounded-lg p-4 overflow-x-auto bg-gray-50">
|
||||
<p class="text-sm text-gray-500" data-i18n="settings.advanced.pfsense.note">Requires the pfSense API package. Enter the API credentials and alias to manage.</p>
|
||||
<p class="text-sm text-gray-500 mb-3" data-i18n="settings.advanced.pfsense.note">Requires the pfSense REST API package. Enter the API key and alias to manage.</p>
|
||||
<div class="mb-3 text-sm">
|
||||
<a href="https://github.com/jaredhendrickson13/pfsense-api/releases" target="_blank" rel="noopener noreferrer" class="text-blue-600 hover:text-blue-800 underline" data-i18n="settings.advanced.pfsense.install_link">Install REST API Package</a>
|
||||
<span class="text-gray-500 mx-2">•</span>
|
||||
<a href="https://pfrest.org/AUTHENTICATION_AND_AUTHORIZATION/" target="_blank" rel="noopener noreferrer" class="text-blue-600 hover:text-blue-800 underline" data-i18n="settings.advanced.pfsense.api_key_setup">Setup API Key</a>
|
||||
</div>
|
||||
<div class="grid grid-cols-1 md:grid-cols-2 gap-4">
|
||||
<div class="md:col-span-2">
|
||||
<label class="block text-sm font-medium text-gray-700" for="pfSenseBaseURL" data-i18n="settings.advanced.pfsense.base_url">Base URL</label>
|
||||
<input id="pfSenseBaseURL" type="url" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500" placeholder="https://firewall.local">
|
||||
</div>
|
||||
<div>
|
||||
<label class="block text-sm font-medium text-gray-700" for="pfSenseToken" data-i18n="settings.advanced.pfsense.token">API Token</label>
|
||||
<input id="pfSenseToken" type="text" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500">
|
||||
</div>
|
||||
<div>
|
||||
<label class="block text-sm font-medium text-gray-700" for="pfSenseSecret" data-i18n="settings.advanced.pfsense.secret">API Secret</label>
|
||||
<input id="pfSenseSecret" type="text" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500">
|
||||
<div class="md:col-span-2">
|
||||
<label class="block text-sm font-medium text-gray-700" for="pfSenseToken" data-i18n="settings.advanced.pfsense.token">API Key</label>
|
||||
<input id="pfSenseToken" type="text" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500" placeholder="Your API key from System > REST API > Keys">
|
||||
<p class="text-xs text-gray-500 mt-1" data-i18n="settings.advanced.pfsense.token_hint">Generate in System > REST API > Keys in pfSense webConfigurator</p>
|
||||
</div>
|
||||
<div>
|
||||
<label class="block text-sm font-medium text-gray-700" for="pfSenseAlias" data-i18n="settings.advanced.pfsense.alias">Alias Name</label>
|
||||
@@ -333,6 +336,37 @@
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="advancedOPNsenseFields" class="hidden border border-gray-200 rounded-lg p-4 overflow-x-auto bg-gray-50">
|
||||
<p class="text-sm text-gray-500 mb-3" data-i18n="settings.advanced.opnsense.note">Enter the OPNsense API credentials and alias to manage.</p>
|
||||
<div class="mb-3 text-sm">
|
||||
<a href="https://docs.opnsense.org/development/api.html" target="_blank" rel="noopener noreferrer" class="text-blue-600 hover:text-blue-800 underline" data-i18n="settings.advanced.opnsense.api_docs">API Documentation</a>
|
||||
</div>
|
||||
<div class="grid grid-cols-1 md:grid-cols-2 gap-4">
|
||||
<div class="md:col-span-2">
|
||||
<label class="block text-sm font-medium text-gray-700" for="opnsenseBaseURL" data-i18n="settings.advanced.opnsense.base_url">Base URL</label>
|
||||
<input id="opnsenseBaseURL" type="url" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500" placeholder="https://firewall.local">
|
||||
</div>
|
||||
<div>
|
||||
<label class="block text-sm font-medium text-gray-700" for="opnsenseKey" data-i18n="settings.advanced.opnsense.key">API Key</label>
|
||||
<input id="opnsenseKey" type="text" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500" placeholder="Your API key">
|
||||
<p class="text-xs text-gray-500 mt-1" data-i18n="settings.advanced.opnsense.key_hint">Generate in System > Access > Users > API Keys</p>
|
||||
</div>
|
||||
<div>
|
||||
<label class="block text-sm font-medium text-gray-700" for="opnsenseSecret" data-i18n="settings.advanced.opnsense.secret">API Secret</label>
|
||||
<input id="opnsenseSecret" type="text" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500" placeholder="Your API secret">
|
||||
<p class="text-xs text-gray-500 mt-1" data-i18n="settings.advanced.opnsense.secret_hint">Generate together with API key</p>
|
||||
</div>
|
||||
<div>
|
||||
<label class="block text-sm font-medium text-gray-700" for="opnsenseAlias" data-i18n="settings.advanced.opnsense.alias">Alias Name</label>
|
||||
<input id="opnsenseAlias" type="text" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:ring-2 focus:ring-blue-500">
|
||||
</div>
|
||||
<div class="flex items-center">
|
||||
<input type="checkbox" id="opnsenseSkipTLS" class="h-4 w-4 text-blue-600 border-gray-300 rounded">
|
||||
<label for="opnsenseSkipTLS" class="ml-2 text-sm text-gray-700" data-i18n="settings.advanced.opnsense.skip_tls">Skip TLS verification (self-signed)</label>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="mt-6">
|
||||
@@ -1203,12 +1237,6 @@
|
||||
<label for="advancedTestIP" class="block text-sm font-medium text-gray-700" data-i18n="settings.advanced.test_ip">IP address</label>
|
||||
<input type="text" id="advancedTestIP" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500" placeholder="203.0.113.10">
|
||||
</div>
|
||||
<div>
|
||||
<label for="advancedTestServer" class="block text-sm font-medium text-gray-700" data-i18n="settings.advanced.test_server">Optional server</label>
|
||||
<select id="advancedTestServer" class="mt-1 w-full border border-gray-300 rounded-md px-3 py-2 focus:outline-none focus:ring-2 focus:ring-blue-500">
|
||||
<option value="" data-i18n="settings.advanced.test_server_none">Use global integration settings</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
Reference in New Issue
Block a user