<SOLVED> Help needed for firewall API and creating Aliases<

Started by The_Sage, December 28, 2018, 12:36:49 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 28, 2018, 12:36:49 AM Last Edit: December 29, 2018, 04:51:41 AM by The_Sage
Thanks for taking time to read this.

I am trying to add an alias using the Firewall API. I can get a list of aliases, and a list of values for an alias so I have the curl set properly.

$key ="key";
$secret = "secret";
$url = "https://OPNsense.gateway/api/firewall/alias/addItem/xyzzy";

$handle = curl_init($url);

curl_setopt_array($handle,
    array(
        CURLOPT_USERPWD         =>  "$key:$secret",
        CURLOPT_RETURNTRANSFER  => true,
        CURLOPT_SSL_VERIFYPEER  => false,
        CURLOPT_SSL_VERIFYHOST  => false,
        CURLOPT_POSTFIELDS      => "",      // Tried with this line out as well
        CURLOPT_POST            => true,
    )
);

My issue occurs when trying to add an Alias using the above code. (I am stepping out of comfort zone here ), but I have traced the calls back to the 

/usr/local/opnsense/mvc/app/controllers/OPNsense/Base/ApiMutableModelControllerBase.php

And added some extra results to see where (??) the process is failing.

from the lines here in the addBase function,

$result = array("result" => "failed");
        if ($this->request->isPost() && $this->request->hasPost($post_field)) {

hasPost($post_field) is NULL or empty from results 

error =:           (No curl error)
result => {
    "result":"failed 1st step addbase              //renamed result to see output
               $isPost :alias                              // $post_fields var
               Is req. : 1                                  // $this->request->isPost()
               has post :                                 //  $this->request->hasPost()
      "}

I am probably barking up the wrong tree, but can someone point me in the right direction please.  I am sure the API is OK, and I am sure there is something in my code.

Thanks
the Sage !!
December 28, 2018, 11:21:20 PM #1
Maybe in other words, the comment in the code

/**
     * Add new alias and set with attributes from post
     * @return array save result + validation output
     * @throws \OPNsense\Base\ModelException when not bound to model
     * @throws \Phalcon\Validation\Exception when field validations fail
     * @throws \ReflectionException when not bound to model
     */

What are the "set with attributes from post" meant to be. Are they the same as the attributes from getItem ?

Can anyone provide the correct syntax for the addItem method.
December 29, 2018, 04:51:00 AM #2
Thanks for taking time to read this and I hope this can help out someone else.

After 2 days of trial and lots of error I have worked out the correct code and the correct POST variables.
I added echo checks during the code flow and realised that the MODEL for the API is in the directory

/usr/local/opnsense/mvc/app/models/OPNsense/"API"/Alias.xml


This shows the required fields for AddAction

So for the firewall, Add alias API call i used the following code.

<?php

$key ="key";
$secret = "secret";

// This is the 4 REQUIRED fields for successful Alias addition
$post_data = '{"alias":  { "name": "xyzzy", "content": "192.168.5.5", "enabled" : "1", "type" : "host"}}';

//
//  Can also add "description": "My NEW Alias descritpion"
//
$url = 'https://my.secure.gateway/api/firewall/alias/addItem/xyzzy';

$headers = array();
$headers[] = "Content-Type: application/json";

$handle = curl_init();

curl_setopt_array($handle,
    array(
        CURLOPT_URL                       =>  $url,
        CURLOPT_USERPWD              =>  "$key:$secret",
        CURLOPT_RETURNTRANSFER  => true,
        CURLOPT_POSTFIELDS           => $data,
        CURLOPT_POST                      => true,
        CURLOPT_HTTPHEADER           => $headers,
    )
);

$result = curl_exec($handle);

echo  "Result => " . $result ;
curl_close($handle);

/>
January 01, 2019, 03:40:20 AM #3
Hello there,

Out of curiousity, isn't the API documented? Does opnsense developers officially support accessing the API remotely? In fact, IIRC, one of reasons why I chosen opnsense, though, if the API isn't documented, this seems tedious no?

Regards
January 01, 2019, 03:51:09 AM #4
As far as I can tell, most of OPNSense API is documented. BUT the firewall modules still use legacy code (can't find the link to info) So to make a great product even better, the guys have started with the Aliases first, then I think they move on to the actual firewall itself. So, therefore, this API is NOT documented yet. The article mentions following the code to find how it works. I posted what I could work out hoping it may help someone until the conversion is finished.

I still have a problem with the FLUSH table API call it comes back DONE but nothing is deleted and with creating an empty Alias and trying to add an IP address  to it.

I will wait in anticipation for future developments from the team.

Keep up the good work team.
January 01, 2019, 03:57:36 AM #5
Oh okay, I haven't begun any work on testing API, this is just for Hobby testing, I'll keep that in mind when I get around to it. Though, I wonder how easy it is setup a development environment with opensense code base.

Thanks for info.

Regards
January 01, 2019, 03:59:51 AM #6
I use JetBrains PHPStorm, but it is best to quiz the devs.
February 20, 2019, 01:28:00 PM #7
Hi,

trying to recreate this in python, all I receive is {"result":"failed"}

Code Select


url = 'http://192.168.122.230/api/firewall/alias/addItem/xyzzy'
headers = {'Content-Type': 'application/json'}               
r = requests.post(url,
                 headers=headers,
                 data='{"name":"xyzzy","content":"192.168.5.5","enabled":"1","type":"host"}',
                 verify=False, #'/home/fweis/Documents/2019/OPNSense',
                 auth=(api_key, api_secret))



Do you see whats wrong here?

Where can I find a list of actions in the alias api?

Thanks,

Frank
Print
Go Up Pages1
User actions