From 743a3a3bc1a5d05854ddd8a6f18d2350272c3da8 Mon Sep 17 00:00:00 2001 From: sbwml <984419930@qq.com> Date: Sat, 10 Sep 2022 11:12:30 +0800 Subject: [PATCH] luci-app-alist: Add inbound access control --- luci-app-alist/luasrc/model/cbi/alist.lua | 27 +++++++++-------- luci-app-alist/po/zh-cn/alist.po | 4 +++ luci-app-alist/root/etc/init.d/alist | 37 ++++++++++++++++++++++- 3 files changed, 54 insertions(+), 14 deletions(-) diff --git a/luci-app-alist/luasrc/model/cbi/alist.lua b/luci-app-alist/luasrc/model/cbi/alist.lua index f94fda6..8bdb60c 100644 --- a/luci-app-alist/luasrc/model/cbi/alist.lua +++ b/luci-app-alist/luasrc/model/cbi/alist.lua @@ -21,22 +21,23 @@ o = s:option(Value, "port", translate("Port")) o.datatype = "and(port,min(1))" o.rmempty = false +o = s:option(Flag, "ssl", translate("Enable SSL")) +o.rmempty=false + +o = s:option(Value,"ssl_cert", translate("SSL cert"), translate("SSL certificate file path")) +o.datatype = "file" +o:depends("ssl", "1") + +o = s:option(Value,"ssl_key", translate("SSL key"), translate("SSL key file path")) +o.datatype = "file" +o:depends("ssl", "1") + +o = s:option(Flag, "allow_wan", translate("Allow Access From Internet")) +o.rmempty = false + o = s:option(Value, "temp_dir", translate("Cache directory")) o.datatype = "string" o.default = "/tmp/alist" o.rmempty = false -o = s:option(Flag, "ssl", translate("Enable SSL")) -o.rmempty=false - -o = s:option(Value,"ssl_cert", translate("SSL cert"), translate("SSL certificate file path")) -o:depends("ssl", "1") -o.datatype = "string" -o.rmempty = true - -o = s:option(Value,"ssl_key", translate("SSL key"), translate("SSL key file path")) -o:depends("ssl", "1") -o.datatype = "string" -o.rmempty = true - return m diff --git a/luci-app-alist/po/zh-cn/alist.po b/luci-app-alist/po/zh-cn/alist.po index f8d5e46..3f59f8c 100644 --- a/luci-app-alist/po/zh-cn/alist.po +++ b/luci-app-alist/po/zh-cn/alist.po @@ -51,3 +51,7 @@ msgstr "网络存储" msgid "User Manual" msgstr "用户手册" + +#: luci-app-alist/luasrc/model/cbi/alist.lua:35 +msgid "Allow Access From Internet" +msgstr "允许从外网访问" diff --git a/luci-app-alist/root/etc/init.d/alist b/luci-app-alist/root/etc/init.d/alist index fe448e1..3c40c03 100755 --- a/luci-app-alist/root/etc/init.d/alist +++ b/luci-app-alist/root/etc/init.d/alist @@ -12,6 +12,28 @@ get_config() { config_get ssl $1 ssl 0 config_get ssl_cert $1 ssl_cert "" config_get ssl_key $1 ssl_key "" + config_get allow_wan $1 allow_wan 0 + config_load network + config_get lan_addr lan ipaddr "0.0.0.0" +} + +set_firewall() { + if [ "$external_access" = "allow" ]; then + uci -q delete firewall.alist + uci set firewall.alist=rule + uci set firewall.alist.name="alist" + uci set firewall.alist.target="ACCEPT" + uci set firewall.alist.src="wan" + uci set firewall.alist.proto="tcp" + uci set firewall.alist.dest_port="$port" + uci set firewall.alist.enabled="1" + uci commit firewall + /etc/init.d/firewall reload >/dev/null 2>&1 + elif [ "$external_access" = "deny" ]; then + uci -q delete firewall.alist + uci commit firewall + /etc/init.d/firewall reload >/dev/null 2>&1 + fi } start_service() { @@ -24,8 +46,16 @@ start_service() { else SSL=false fi + if [ "$allow_wan" -eq "1" ]; then + listen_addr="0.0.0.0" + external_access="allow" + else + listen_addr=$lan_addr + external_access="deny" + fi + set_firewall cat > $CONFIG <