190 lines
6.8 KiB
Python
190 lines
6.8 KiB
Python
import secrets
|
|
import sqlite3
|
|
from fastapi import APIRouter, HTTPException
|
|
from pydantic import BaseModel
|
|
from modules.porthijack.models import Service
|
|
from utils.sqlite import SQLite
|
|
from utils import addr_parse, ip_family, refactor_name, socketio_emit, PortType
|
|
from utils.models import ResetRequest, StatusMessageModel
|
|
from modules.porthijack.nftables import FiregexTables
|
|
from modules.porthijack.firewall import FirewallManager
|
|
|
|
class ServiceModel(BaseModel):
|
|
service_id: str
|
|
active: bool
|
|
public_port: PortType
|
|
proxy_port: PortType
|
|
name: str
|
|
proto: str
|
|
ip_src: str
|
|
ip_dst: str
|
|
|
|
class RenameForm(BaseModel):
|
|
name:str
|
|
|
|
class ServiceAddForm(BaseModel):
|
|
name: str
|
|
public_port: PortType
|
|
proxy_port: PortType
|
|
proto: str
|
|
ip_src: str
|
|
ip_dst: str
|
|
|
|
class ServiceAddResponse(BaseModel):
|
|
status:str
|
|
service_id: str|None = None
|
|
|
|
app = APIRouter()
|
|
|
|
db = SQLite('db/port-hijacking.db', {
|
|
'services': {
|
|
'service_id': 'VARCHAR(100) PRIMARY KEY',
|
|
'active' : 'BOOLEAN NOT NULL CHECK (active IN (0, 1))',
|
|
'public_port': 'INT NOT NULL CHECK(public_port > 0 and public_port < 65536)',
|
|
'proxy_port': 'INT NOT NULL CHECK(proxy_port > 0 and proxy_port < 65536 and proxy_port != public_port)',
|
|
'name': 'VARCHAR(100) NOT NULL UNIQUE',
|
|
'proto': 'VARCHAR(3) NOT NULL CHECK (proto IN ("tcp", "udp"))',
|
|
'ip_src': 'VARCHAR(100) NOT NULL',
|
|
'ip_dst': 'VARCHAR(100) NOT NULL',
|
|
},
|
|
'QUERY':[
|
|
"CREATE UNIQUE INDEX IF NOT EXISTS unique_services ON services (public_port, ip_src, proto);"
|
|
]
|
|
})
|
|
|
|
async def reset(params: ResetRequest):
|
|
if not params.delete:
|
|
db.backup()
|
|
await firewall.close()
|
|
FiregexTables().reset()
|
|
if params.delete:
|
|
db.delete()
|
|
db.init()
|
|
else:
|
|
db.restore()
|
|
await firewall.init()
|
|
|
|
|
|
async def startup():
|
|
db.init()
|
|
await firewall.init()
|
|
|
|
async def shutdown():
|
|
db.backup()
|
|
await firewall.close()
|
|
db.disconnect()
|
|
db.restore()
|
|
|
|
async def refresh_frontend(additional:list[str]=[]):
|
|
await socketio_emit(["porthijack"]+additional)
|
|
|
|
def gen_service_id():
|
|
while True:
|
|
res = secrets.token_hex(8)
|
|
if len(db.query('SELECT 1 FROM services WHERE service_id = ?;', res)) == 0:
|
|
break
|
|
return res
|
|
|
|
firewall = FirewallManager(db)
|
|
|
|
@app.get('/services', response_model=list[ServiceModel])
|
|
async def get_service_list():
|
|
"""Get the list of existent firegex services"""
|
|
return db.query("SELECT service_id, active, public_port, proxy_port, name, proto, ip_src, ip_dst FROM services;")
|
|
|
|
@app.get('/services/{service_id}', response_model=ServiceModel)
|
|
async def get_service_by_id(service_id: str):
|
|
"""Get info about a specific service using his id"""
|
|
res = db.query("SELECT service_id, active, public_port, proxy_port, name, proto, ip_src, ip_dst FROM services WHERE service_id = ?;", service_id)
|
|
if len(res) == 0:
|
|
raise HTTPException(status_code=400, detail="This service does not exists!")
|
|
return res[0]
|
|
|
|
@app.post('/services/{service_id}/stop', response_model=StatusMessageModel)
|
|
async def service_stop(service_id: str):
|
|
"""Request the stop of a specific service"""
|
|
await firewall.get(service_id).disable()
|
|
await refresh_frontend()
|
|
return {'status': 'ok'}
|
|
|
|
@app.post('/services/{service_id}/start', response_model=StatusMessageModel)
|
|
async def service_start(service_id: str):
|
|
"""Request the start of a specific service"""
|
|
await firewall.get(service_id).enable()
|
|
await refresh_frontend()
|
|
return {'status': 'ok'}
|
|
|
|
@app.delete('/services/{service_id}', response_model=StatusMessageModel)
|
|
async def service_delete(service_id: str):
|
|
"""Request the deletion of a specific service"""
|
|
db.query('DELETE FROM services WHERE service_id = ?;', service_id)
|
|
await firewall.remove(service_id)
|
|
await refresh_frontend()
|
|
return {'status': 'ok'}
|
|
|
|
@app.put('/services/{service_id}/rename', response_model=StatusMessageModel)
|
|
async def service_rename(service_id: str, form: RenameForm):
|
|
"""Request to change the name of a specific service"""
|
|
form.name = refactor_name(form.name)
|
|
if not form.name:
|
|
raise HTTPException(status_code=400, detail="The name cannot be empty!")
|
|
try:
|
|
db.query('UPDATE services SET name=? WHERE service_id = ?;', form.name, service_id)
|
|
except sqlite3.IntegrityError:
|
|
raise HTTPException(status_code=400, detail="This name is already used")
|
|
await refresh_frontend()
|
|
return {'status': 'ok'}
|
|
|
|
class ChangeDestination(BaseModel):
|
|
ip_dst: str
|
|
proxy_port: PortType
|
|
|
|
@app.put('/services/{service_id}/change-destination', response_model=StatusMessageModel)
|
|
async def service_change_destination(service_id: str, form: ChangeDestination):
|
|
"""Request to change the proxy destination of the service"""
|
|
|
|
try:
|
|
form.ip_dst = addr_parse(form.ip_dst)
|
|
except ValueError:
|
|
raise HTTPException(status_code=400, detail="Invalid address")
|
|
srv = Service.from_dict(db.query('SELECT * FROM services WHERE service_id = ?;', service_id)[0])
|
|
if ip_family(form.ip_dst) != ip_family(srv.ip_src):
|
|
raise HTTPException(status_code=400, detail="The destination ip is not of the same family as the source ip")
|
|
try:
|
|
db.query('UPDATE services SET proxy_port=?, ip_dst=? WHERE service_id = ?;', form.proxy_port, form.ip_dst, service_id)
|
|
except sqlite3.IntegrityError:
|
|
raise HTTPException(status_code=400, detail="Invalid proxy port or service")
|
|
|
|
srv.ip_dst = form.ip_dst
|
|
srv.proxy_port = form.proxy_port
|
|
await firewall.get(service_id).refresh(srv)
|
|
|
|
await refresh_frontend()
|
|
return {'status': 'ok'}
|
|
|
|
@app.post('/services', response_model=ServiceAddResponse)
|
|
async def add_new_service(form: ServiceAddForm):
|
|
"""Add a new service"""
|
|
try:
|
|
form.ip_src = addr_parse(form.ip_src)
|
|
form.ip_dst = addr_parse(form.ip_dst)
|
|
except ValueError:
|
|
raise HTTPException(status_code=400, detail="Invalid address")
|
|
|
|
if ip_family(form.ip_dst) != ip_family(form.ip_src):
|
|
raise HTTPException(status_code=400, detail="Destination and source addresses must be of the same family")
|
|
if form.proto not in ["tcp", "udp"]:
|
|
raise HTTPException(status_code=400, detail="Invalid protocol")
|
|
|
|
srv_id = None
|
|
try:
|
|
srv_id = gen_service_id()
|
|
db.query("INSERT INTO services (service_id, active, public_port, proxy_port, name, proto, ip_src, ip_dst) VALUES (?, ?, ?, ?, ?, ?, ?, ?)",
|
|
srv_id, False, form.public_port, form.proxy_port , form.name, form.proto, form.ip_src, form.ip_dst)
|
|
except sqlite3.IntegrityError:
|
|
raise HTTPException(status_code=400, detail="This type of service already exists")
|
|
|
|
await firewall.reload()
|
|
await refresh_frontend()
|
|
return {'status': 'ok', 'service_id': srv_id}
|