Messages

I would like to add a CSP policy to one Volt page in the view, allowing js code on that page to reach out and grab a specific 3rd-party API on the internet. Without defining CSP in either http header or in the <meta> tag in the <head> of the page, XMLhttprequest() refuses to execute.


Any suggestions how to do that? I tried to modify the controller for that view - with no success...

It seems like a timeout when Python code in Configd_ctl waits for something...
What OPN version, what plugins, when was the last reboot of the FW... We need more info to help you triage.

You can check how I added a bright/dark theme switcher to a Solarized theme (published in community repo by Mimugmail)


My 5 cents here:
- every theme should detect the theming preference of the OS
- every theme should have bright/dark variants and have a simple switching mechanism


Solarized theme is using couple of tricks (jquery injections and css variables) but it is better than any OS-ignorant and static (single-mode) theme.


(why do I care? I work in a glass sunroom; the daylight is crazy-bright, the night is... very dark. I prefer all my apps and web sites to honor my OS theme switching at the evening and morning)

I hit a curious obstacle and before I implement a workaround, I wanted to check here if I am missing something.


1. I have a fully functioning configd action defined as:

[get]
command:/usr/local/bin/python3 <path>/script.py
parameters: %s %s
type:script_output

I can call that action with configctl <service> get parm1 parm2 - and it will grab both parameters as expected


2. I have an API controller defined that calls the configd action:

class OnlineController extends ApiControllerBase
{
    public function getAction($id='', $verb='')
    {
        return (new Backend())->configdpRun("<service> get", $id, $verb);
    }
}


Except I cannot pass the second parameter to configdpRun; passing only one parameter works, passing two parameters makes API controller to throw a GUID error instead executing the configd action.


Is this a known limitation? The line above works fine if I pass a single (compounded) parameter like this:
return (new Backend())->configdpRun("<service> get", $id.' '.$verb); - and then split it within my Python code.


But before I do that, I thought I ask here - am I doing something wrong?

oh wow, and we need to maintain consistency between both fbegin.inc and default.volt?
If I would add a theme toggle (dark/light) there, how should I implement it to persist upgrades?

Help me understand how does the rendering of navbar header work...


- I created a <span> entry as a last <li> item within <header> of mvc/app/views/layouts/default.volt:

<li><span class="navbar-text" id="theme_toggle">toggle</span></li>


This <span> appears very inconsistently - it is visible on some pages (License, Reporting, Firewall) but missing on others (Dashboard, System, Interfaces). You can see the screenshots of the top right corner on the License page and on the dashboard below - one has a "toggle" addition, the other one doesn't...


Perhaps default.volt is not the right place to add modifications to the Navbar?


Rendered with a toggle: https://i.imgur.com/gqS6zZ3.png
Rendered without it: https://i.imgur.com/EAKEUwk.png

Ummm... The speedtest plugin is mine... :-)
It installs either Ookla or Ports CLI version if you have none on the router already.


M

Ummm - this chaining of pkg statements is not working. When running the script above either as a +PRE_INSTALL or +POST_INSTALL, I get:


pkg: Cannot get an exclusive lock on a database, it is locked by another process


Any other ideas? :-)

like this?

if [ ! -f /usr/local/bin/speedtest ];
  then sudo pkg add "https://bintray.com/ookla/download/download_file?file_path=ookla-speedtest-1.0.0-freebsd>
fi
pkg info libidn2 > nul
if [ $? != 0 ]; then sudo pkg install -y libidn2; fi

[pkg add]

I am tidying-up the speedtest plugin that I cobbled together in the last few weeks (https://github.com/mihakralj/opnsense-speedtest)


During the development, I included the copy of binary for speedtest directly in the .txz - but now it is time to remove it from the package and declare an external dependency. The problem is that Ookla's speedtest is not part of any repo (that I know), so their installation guideline is asking for a direct pkg add installation command.


Having a PLUGIN_DEPENDS statement in the Makefile will stop the installation of the plugin if speedtest is not installed prior, but it would prefer a more streamlined method where some +PRE_INSTALL (if it exists) would run the required pkg add command for a 3rd-party package that is not found in any of linked repos.

I saw several methods used across front-end and backend packages how configuration is read and written to config.xml


Is there (documented?) reviewed and recommended approach for all devs how to read from and write to config.xml? On front-end I would appreciate guidance on php and js patterns for read/write, on the backend at least a read/write pattern for shell scripting and Python.


Or is the recommended approach to use API and CLI exclusively and not ever even think about config.xml directly?

You would like to write to config.xml from... Where? Are you building a new back-end logic (in usr/local/opnsense/scripts), or just changing the behavior of the front-end? Did you change the model in  mvc/app/models/OPNsense/Wireguard/Server.xml yet?


Tell us more so we can help you better... :-)

My ISP started to allow two public IP assignments per connection and I can run two separate devices connected (via ethernet switch) to ISP's CAT6 cable, getting two independent public IPs through DHCP. One of them is OPNsense box, but I'd like to eliminate the switch and get both public IPs assigned to OPNsense.


How could I get two interfaces with separate DHCP-assigned IP addresses that are both attached to the same physical network port? Virtual IP allows only static IP assignment, no DHCP.


I am already using a custom MAC address on the WAN port - is there an option (that I cannot see) to add a second (virtual?) MAC to the adapter that would allow a second DHCP lease and a second interface?

to close the thread (and for future reference for budding devs):
- create a new DownloadController.php in mvc/app/controllers/OPNsense/<plugin>/Api
- the downloadable file is then available at /api/<plugin>/download/csv




namespace OPNsense\Speedtest\Api;
use OPNsense\Base\ApiControllerBase;


class DownloadController extends ApiControllerBase
{
    const DATA_CSV = '/usr/local/opnsense/scripts/OPNsense/<plugin>/filename.csv';


    public function csvAction()
    {
        $this->response->setStatusCode(200, "OK");
        $this->response->setContentType('text/csv', 'UTF-8');
        $this->response->setHeader("Content-Disposition", "attachment; filename=\"filename.csv\"");
        $data = file_get_contents(self::DATA_CSV);
        $this->response->setContent($data);
    }


    public function afterExecuteRoute($dispatcher)
    {
        $this->response->send();
    }
}

I would like to create and append data to a .CSV from a Python backend script; I'd also like to allow users to download the CSV.


Where should I place the CSV file on OPNSenese so my Python code (under default access rights) can write to it?
Also, how do I modiy controller (and view?) of my plugin so I can generate a downloadable link to CSV?


I achieved what I wanted on my dev instance of OPNSenese by manually chmod-ing write permissions to a folder within /usr/local/opnsense - but that is not a viable secure option. 😊


For the context: an hourly task runs speedtest and writes (appends) timestamp, latency, ul and dl speeds into a csv file. The csv file is then used to calculate aveages on the dashboard and to be downloadable for further analysis.