OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: The_Sage on December 28, 2018, 12:36:49 am
-
Thanks for taking time to read this.
I am trying to add an alias using the Firewall API. I can get a list of aliases, and a list of values for an alias so I have the curl set properly.
$key ="key";
$secret = "secret";
$url = "https://OPNsense.gateway/api/firewall/alias/addItem/xyzzy";
$handle = curl_init($url);
curl_setopt_array($handle,
array(
CURLOPT_USERPWD => "$key:$secret",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_POSTFIELDS => "", // Tried with this line out as well
CURLOPT_POST => true,
)
);
My issue occurs when trying to add an Alias using the above code. (I am stepping out of comfort zone here ), but I have traced the calls back to the
/usr/local/opnsense/mvc/app/controllers/OPNsense/Base/ApiMutableModelControllerBase.php
And added some extra results to see where (??) the process is failing.
from the lines here in the addBase function,
$result = array("result" => "failed");
if ($this->request->isPost() && $this->request->hasPost($post_field)) {
hasPost($post_field) is NULL or empty from results
error =: (No curl error)
result => {
"result":"failed 1st step addbase //renamed result to see output
$isPost :alias // $post_fields var
Is req. : 1 // $this->request->isPost()
has post : // $this->request->hasPost()
"}
I am probably barking up the wrong tree, but can someone point me in the right direction please. I am sure the API is OK, and I am sure there is something in my code.
Thanks
the Sage !!
-
Maybe in other words, the comment in the code
/**
* Add new alias and set with attributes from post
* @return array save result + validation output
* @throws \OPNsense\Base\ModelException when not bound to model
* @throws \Phalcon\Validation\Exception when field validations fail
* @throws \ReflectionException when not bound to model
*/
What are the "set with attributes from post" meant to be. Are they the same as the attributes from getItem ?
Can anyone provide the correct syntax for the addItem method.
-
Thanks for taking time to read this and I hope this can help out someone else.
After 2 days of trial and lots of error I have worked out the correct code and the correct POST variables.
I added echo checks during the code flow and realised that the MODEL for the API is in the directory
/usr/local/opnsense/mvc/app/models/OPNsense/"API"/Alias.xml
This shows the required fields for AddAction
So for the firewall, Add alias API call i used the following code.
<?php
$key ="key";
$secret = "secret";
// This is the 4 REQUIRED fields for successful Alias addition
$post_data = '{"alias": { "name": "xyzzy", "content": "192.168.5.5", "enabled" : "1", "type" : "host"}}';
//
// Can also add "description": "My NEW Alias descritpion"
//
$url = 'https://my.secure.gateway/api/firewall/alias/addItem/xyzzy';
$headers = array();
$headers[] = "Content-Type: application/json";
$handle = curl_init();
curl_setopt_array($handle,
array(
CURLOPT_URL => $url,
CURLOPT_USERPWD => "$key:$secret",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POSTFIELDS => $data,
CURLOPT_POST => true,
CURLOPT_HTTPHEADER => $headers,
)
);
$result = curl_exec($handle);
echo "Result => " . $result ;
curl_close($handle);
/>
-
Hello there,
Out of curiousity, isn't the API documented? Does opnsense developers officially support accessing the API remotely? In fact, IIRC, one of reasons why I chosen opnsense, though, if the API isn't documented, this seems tedious no?
Regards
-
As far as I can tell, most of OPNSense API is documented. BUT the firewall modules still use legacy code (can't find the link to info) So to make a great product even better, the guys have started with the Aliases first, then I think they move on to the actual firewall itself. So, therefore, this API is NOT documented yet. The article mentions following the code to find how it works. I posted what I could work out hoping it may help someone until the conversion is finished.
I still have a problem with the FLUSH table API call it comes back DONE but nothing is deleted and with creating an empty Alias and trying to add an IP address to it.
I will wait in anticipation for future developments from the team.
Keep up the good work team.
-
Oh okay, I haven't begun any work on testing API, this is just for Hobby testing, I'll keep that in mind when I get around to it. Though, I wonder how easy it is setup a development environment with opensense code base.
Thanks for info.
Regards
-
I use JetBrains PHPStorm, but it is best to quiz the devs.
-
Hi,
trying to recreate this in python, all I receive is {"result":"failed"}
url = 'http://192.168.122.230/api/firewall/alias/addItem/xyzzy'
headers = {'Content-Type': 'application/json'}
r = requests.post(url,
headers=headers,
data='{"name":"xyzzy","content":"192.168.5.5","enabled":"1","type":"host"}',
verify=False, #'/home/fweis/Documents/2019/OPNSense',
auth=(api_key, api_secret))
Do you see whats wrong here?
Where can I find a list of actions in the alias api?
Thanks,
Frank