luci-app-alist: Add inbound access control

2022-09-10 11:12:30 +08:00 · 2022-09-10 11:12:30 +08:00 · 743a3a3bc1
commit 743a3a3bc1
parent 3eb834c9b0
3 changed files with 54 additions and 14 deletions
--- a/luci-app-alist/luasrc/model/cbi/alist.lua
+++ b/luci-app-alist/luasrc/model/cbi/alist.lua
@ -21,22 +21,23 @@ o = s:option(Value, "port", translate("Port"))
 o.datatype = "and(port,min(1))"
 o.rmempty = false
 o = s:option(Flag, "ssl", translate("Enable SSL"))
 o.rmempty=false
 o = s:option(Value,"ssl_cert", translate("SSL cert"), translate("SSL certificate file path"))
 o.datatype = "file"
 o:depends("ssl", "1")
 o = s:option(Value,"ssl_key", translate("SSL key"), translate("SSL key file path"))
 o.datatype = "file"
 o:depends("ssl", "1")
 o = s:option(Flag, "allow_wan", translate("Allow Access From Internet"))
 o.rmempty = false
 o = s:option(Value, "temp_dir", translate("Cache directory"))
 o.datatype = "string"
 o.default = "/tmp/alist"
 o.rmempty = false
 o = s:option(Flag, "ssl", translate("Enable SSL"))
 o.rmempty=false
 o = s:option(Value,"ssl_cert", translate("SSL cert"), translate("SSL certificate file path"))
 o:depends("ssl", "1")
 o.datatype = "string"
 o.rmempty = true
 o = s:option(Value,"ssl_key", translate("SSL key"), translate("SSL key file path"))
 o:depends("ssl", "1")
 o.datatype = "string"
 o.rmempty = true
 return m
--- a/luci-app-alist/po/zh-cn/alist.po
+++ b/luci-app-alist/po/zh-cn/alist.po
@ -51,3 +51,7 @@ msgstr "网络存储"
 msgid "User Manual"
 msgstr "用户手册"
 #: luci-app-alist/luasrc/model/cbi/alist.lua:35
 msgid "Allow Access From Internet"
 msgstr "允许从外网访问"
--- a/luci-app-alist/root/etc/init.d/alist
+++ b/luci-app-alist/root/etc/init.d/alist
@ -12,6 +12,28 @@ get_config() {
 	config_get ssl $1 ssl 0
 	config_get ssl_cert $1 ssl_cert ""
 	config_get ssl_key $1 ssl_key ""
 	config_get allow_wan $1 allow_wan 0
 	config_load network
 	config_get lan_addr lan ipaddr "0.0.0.0"
 }
 set_firewall() {
 	if [ "$external_access" = "allow" ]; then
 		uci -q delete firewall.alist
 		uci set firewall.alist=rule
 		uci set firewall.alist.name="alist"
 		uci set firewall.alist.target="ACCEPT"
 		uci set firewall.alist.src="wan"
 		uci set firewall.alist.proto="tcp"
 		uci set firewall.alist.dest_port="$port"
 		uci set firewall.alist.enabled="1"
 		uci commit firewall
 		/etc/init.d/firewall reload >/dev/null 2>&1
 	elif [ "$external_access" = "deny" ]; then
 		uci -q delete firewall.alist
 		uci commit firewall
 		/etc/init.d/firewall reload >/dev/null 2>&1
 	fi
 }
 start_service() {
@ -24,8 +46,16 @@ start_service() {
 	else
 		SSL=false
 	fi
 	if [ "$allow_wan" -eq "1" ]; then
 		listen_addr="0.0.0.0"
 		external_access="allow"
 	else
 		listen_addr=$lan_addr
 		external_access="deny"
 	fi
 	set_firewall
 	cat > $CONFIG <<EOF
-{"force":false,"address":"0.0.0.0","port":$port,"jwt_secret":"","cdn":"","database":{"type":"sqlite3","host":"","port":0,"user":"","password":"","name":"","db_file":"/etc/alist/data.db","table_prefix":"x_","ssl_mode":""},"scheme":{"https":$SSL,"cert_file":"$ssl_cert","key_file":"$ssl_key"},"temp_dir":"$temp_dir","log":{"enable":false,"name":"$temp_dir/alist.log","max_size":10,"max_backups":5,"max_age":28,"compress":false}}
+{"force":false,"address":"$listen_addr","port":$port,"jwt_secret":"","cdn":"","database":{"type":"sqlite3","host":"","port":0,"user":"","password":"","name":"","db_file":"/etc/alist/data.db","table_prefix":"x_","ssl_mode":""},"scheme":{"https":$SSL,"cert_file":"$ssl_cert","key_file":"$ssl_key"},"temp_dir":"$temp_dir","log":{"enable":false,"name":"$temp_dir/alist.log","max_size":10,"max_backups":5,"max_age":28,"compress":false}}
 EOF
 	procd_open_instance alist
 	procd_set_param command $PROG
@ -40,6 +70,11 @@ service_triggers() {
 	procd_add_reload_trigger "alist"
 }
 stop_service() {
 	external_access="deny"
 	set_firewall
 }
 reload_service() {
 	stop
 	start