add/delete firewall rule via api

2025-11-08 06:16:08 +01:00 · 2020-07-29 13:42:47 +05:00
parent f8efe735c0
commit 2abb1f84ed
2 changed files with 68 additions and 1 deletions
--- a/api/urls.py
+++ b/api/urls.py
@@ -5,6 +5,8 @@ urlpatterns = [
    url(r'^createWebsite', views.createWebsite, name='createWebsiteAPI'),
    url(r'^deleteWebsite', views.deleteWebsite, name='deleteWebsiteAPI'),
    url(r'^submitWebsiteStatus', views.submitWebsiteStatus, name='submitWebsiteStatusAPI'),
+    url(r'^deleteFirewallRule$', views.deleteFirewallRule, name='deleteFirewallRule'),
+    url(r'^addFirewallRule$', views.addFirewallRule, name='addFirewallRule'),

    url(r'^verifyConn', views.verifyConn, name='verifyConnAPI'),

--- a/api/views.py
+++ b/api/views.py
@@ -86,7 +86,6 @@ def getPackagesListAPI(request):
        json_data = json.dumps(data_ret)
        return HttpResponse(json_data)

-
@csrf_exempt
 def getUserInfo(request):
    try:
@@ -672,3 +671,69 @@ def submitUserCreation(request):
        data_ret = {'changeStatus': 0, 'error_message': str(msg)}
        json_data = json.dumps(data_ret)
        return HttpResponse(json_data)
+
+@csrf_exempt
+def addFirewallRule(request):
+    try:
+        if request.method == 'POST':
+
+            data = json.loads(request.body)
+
+            adminUser = data['adminUser']
+            adminPass = data['adminPass']
+
+            admin = Administrator.objects.get(userName=adminUser)
+
+            if admin.api == 0:
+                data_ret = {"status": 0, 'error_message': "API Access Disabled."}
+                json_data = json.dumps(data_ret)
+                return HttpResponse(json_data)
+
+            if hashPassword.check_password(admin.password, adminPass):
+                from firewall.firewallManager import FirewallManager
+
+                fm = FirewallManager()
+                return fm.addRule(admin.pk, json.loads(request.body))
+            else:
+                data_ret = {"status": 0,
+                            'error_message': "Could not authorize access to API"}
+                json_data = json.dumps(data_ret)
+                return HttpResponse(json_data)
+
+    except BaseException as msg:
+        data_ret = {'submitUserDeletion': 0, 'error_message': str(msg)}
+        json_data = json.dumps(data_ret)
+        return HttpResponse(json_data)
+
+@csrf_exempt
+def deleteFirewallRule(request):
+    try:
+        if request.method == 'POST':
+
+            data = json.loads(request.body)
+
+            adminUser = data['adminUser']
+            adminPass = data['adminPass']
+
+            admin = Administrator.objects.get(userName=adminUser)
+
+            if admin.api == 0:
+                data_ret = {"status": 0, 'error_message': "API Access Disabled."}
+                json_data = json.dumps(data_ret)
+                return HttpResponse(json_data)
+
+            if hashPassword.check_password(admin.password, adminPass):
+                from firewall.firewallManager import FirewallManager
+
+                fm = FirewallManager()
+                return fm.deleteRule(admin.pk, json.loads(request.body))
+            else:
+                data_ret = {"status": 0,
+                            'error_message': "Could not authorize access to API"}
+                json_data = json.dumps(data_ret)
+                return HttpResponse(json_data)
+
+    except BaseException as msg:
+        data_ret = {'submitUserDeletion': 0, 'error_message': str(msg)}
+        json_data = json.dumps(data_ret)
+        return HttpResponse(json_data)