OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: The_Sage on December 28, 2018, 12:36:49 am

Title: <SOLVED> Help needed for firewall API and creating Aliases<
Post by: The_Sage on December 28, 2018, 12:36:49 am: Thanks for taking time to read this.

I am trying to add an alias using the Firewall API. I can get a list of aliases, and a list of values for an alias so I have the curl set properly.

$key ="key";
$secret = "secret";
$url = "https://OPNsense.gateway/api/firewall/alias/addItem/xyzzy";

$handle = curl_init($url);

curl_setopt_array($handle,
array(
CURLOPT_USERPWD => "$key:$secret",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false,
CURLOPT_POSTFIELDS => "", // Tried with this line out as well
CURLOPT_POST => true,
)
);

My issue occurs when trying to add an Alias using the above code. (I am stepping out of comfort zone here ), but I have traced the calls back to the

/usr/local/opnsense/mvc/app/controllers/OPNsense/Base/ApiMutableModelControllerBase.php

And added some extra results to see where (??) the process is failing.

from the lines here in the addBase function,

$result = array("result" => "failed");
if ($this->request->isPost() && $this->request->hasPost($post_field)) {

hasPost($post_field) is NULL or empty from results

error =: (No curl error)
result => {
"result":"failed 1st step addbase //renamed result to see output
$isPost :alias // $post_fields var
Is req. : 1 // $this->request->isPost()
has post : // $this->request->hasPost()
"}

I am probably barking up the wrong tree, but can someone point me in the right direction please. I am sure the API is OK, and I am sure there is something in my code.

Thanks
the Sage !!
Title: Re: Help needed for firewall API and creating Aliases
Post by: The_Sage on December 28, 2018, 11:21:20 pm: Maybe in other words, the comment in the code

/**
* Add new alias and set with attributes from post
* @return array save result + validation output
* @throws \OPNsense\Base\ModelException when not bound to model
* @throws \Phalcon\Validation\Exception when field validations fail
* @throws \ReflectionException when not bound to model
*/

What are the "set with attributes from post" meant to be. Are they the same as the attributes from getItem ?

Can anyone provide the correct syntax for the addItem method.
Title: <Solved> Help needed for firewall API and creating Aliases
Post by: The_Sage on December 29, 2018, 04:51:00 am: Thanks for taking time to read this and I hope this can help out someone else.

After 2 days of trial and lots of error I have worked out the correct code and the correct POST variables.
I added echo checks during the code flow and realised that the MODEL for the API is in the directory

/usr/local/opnsense/mvc/app/models/OPNsense/"API"/Alias.xml

This shows the required fields for AddAction

So for the firewall, Add alias API call i used the following code.

<?php

$key ="key";
$secret = "secret";

// This is the 4 REQUIRED fields for successful Alias addition
$post_data = '{"alias": { "name": "xyzzy", "content": "192.168.5.5", "enabled" : "1", "type" : "host"}}';

//
// Can also add "description": "My NEW Alias descritpion"
//
$url = 'https://my.secure.gateway/api/firewall/alias/addItem/xyzzy';

$headers = array();
$headers[] = "Content-Type: application/json";

$handle = curl_init();

curl_setopt_array($handle,
array(
CURLOPT_URL => $url,
CURLOPT_USERPWD => "$key:$secret",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POSTFIELDS => $data,
CURLOPT_POST => true,
CURLOPT_HTTPHEADER => $headers,
)
);

$result = curl_exec($handle);

echo "Result => " . $result ;
curl_close($handle);

/>
Title: Re: <SOLVED> Help needed for firewall API and creating Aliases<
Post by: guest19757 on January 01, 2019, 03:40:20 am: Hello there,

Out of curiousity, isn't the API documented? Does opnsense developers officially support accessing the API remotely? In fact, IIRC, one of reasons why I chosen opnsense, though, if the API isn't documented, this seems tedious no?

Regards
Title: Re: <SOLVED> Help needed for firewall API and creating Aliases<
Post by: The_Sage on January 01, 2019, 03:51:09 am: As far as I can tell, most of OPNSense API is documented. BUT the firewall modules still use legacy code (can't find the link to info) So to make a great product even better, the guys have started with the Aliases first, then I think they move on to the actual firewall itself. So, therefore, this API is NOT documented yet. The article mentions following the code to find how it works. I posted what I could work out hoping it may help someone until the conversion is finished.

I still have a problem with the FLUSH table API call it comes back DONE but nothing is deleted and with creating an empty Alias and trying to add an IP address to it.

I will wait in anticipation for future developments from the team.

Keep up the good work team.
Title: Re: <SOLVED> Help needed for firewall API and creating Aliases<
Post by: guest19757 on January 01, 2019, 03:57:36 am: Oh okay, I haven't begun any work on testing API, this is just for Hobby testing, I'll keep that in mind when I get around to it. Though, I wonder how easy it is setup a development environment with opensense code base.

Thanks for info.

Regards
Title: Re: <SOLVED> Help needed for firewall API and creating Aliases<
Post by: The_Sage on January 01, 2019, 03:59:51 am: I use JetBrains PHPStorm, but it is best to quiz the devs.
Title: Re: <SOLVED> Help needed for firewall API and creating Aliases<
Post by: GaardenZwerch on February 20, 2019, 01:28:00 pm: Hi,

trying to recreate this in python, all I receive is {"result":"failed"}

Code: [Select]
url = 'http://192.168.122.230/api/firewall/alias/addItem/xyzzy' headers = {'Content-Type': 'application/json'} r = requests.post(url, headers=headers, data='{"name":"xyzzy","content":"192.168.5.5","enabled":"1","type":"host"}', verify=False, #'/home/fweis/Documents/2019/OPNSense', auth=(api_key, api_secret))
Do you see whats wrong here?

Where can I find a list of actions in the alias api?

Thanks,

Frank