luci-app-alist: Add inbound access control

2022-09-10 11:12:30 +08:00 · 2022-09-10 11:12:30 +08:00 · 743a3a3bc1
commit 743a3a3bc1
parent 3eb834c9b0
3 changed files with 54 additions and 14 deletions
--- a/luci-app-alist/luasrc/model/cbi/alist.lua
+++ b/luci-app-alist/luasrc/model/cbi/alist.lua
@ -21,22 +21,23 @@ o = s:option(Value, "port", translate("Port"))
 o.datatype = "and(port,min(1))"
 o.rmempty = false

+o = s:option(Flag, "ssl", translate("Enable SSL"))
+o.rmempty=false
+
+o = s:option(Value,"ssl_cert", translate("SSL cert"), translate("SSL certificate file path"))
+o.datatype = "file"
+o:depends("ssl", "1")
+
+o = s:option(Value,"ssl_key", translate("SSL key"), translate("SSL key file path"))
+o.datatype = "file"
+o:depends("ssl", "1")
+
+o = s:option(Flag, "allow_wan", translate("Allow Access From Internet"))
+o.rmempty = false
+
 o = s:option(Value, "temp_dir", translate("Cache directory"))
 o.datatype = "string"
 o.default = "/tmp/alist"
 o.rmempty = false

-o = s:option(Flag, "ssl", translate("Enable SSL"))
-o.rmempty=false
-
-o = s:option(Value,"ssl_cert", translate("SSL cert"), translate("SSL certificate file path"))
-o:depends("ssl", "1")
-o.datatype = "string"
-o.rmempty = true
-
-o = s:option(Value,"ssl_key", translate("SSL key"), translate("SSL key file path"))
-o:depends("ssl", "1")
-o.datatype = "string"
-o.rmempty = true
-
 return m
--- a/luci-app-alist/po/zh-cn/alist.po
+++ b/luci-app-alist/po/zh-cn/alist.po
@ -51,3 +51,7 @@ msgstr "网络存储"

 msgid "User Manual"
 msgstr "用户手册"
+
+#: luci-app-alist/luasrc/model/cbi/alist.lua:35
+msgid "Allow Access From Internet"
+msgstr "允许从外网访问"
--- a/luci-app-alist/root/etc/init.d/alist
+++ b/luci-app-alist/root/etc/init.d/alist
@ -12,6 +12,28 @@ get_config() {
 	config_get ssl $1 ssl 0
 	config_get ssl_cert $1 ssl_cert ""
 	config_get ssl_key $1 ssl_key ""
+	config_get allow_wan $1 allow_wan 0
+	config_load network
+	config_get lan_addr lan ipaddr "0.0.0.0"
+}
+
+set_firewall() {
+	if [ "$external_access" = "allow" ]; then
+		uci -q delete firewall.alist
+		uci set firewall.alist=rule
+		uci set firewall.alist.name="alist"
+		uci set firewall.alist.target="ACCEPT"
+		uci set firewall.alist.src="wan"
+		uci set firewall.alist.proto="tcp"
+		uci set firewall.alist.dest_port="$port"
+		uci set firewall.alist.enabled="1"
+		uci commit firewall
+		/etc/init.d/firewall reload >/dev/null 2>&1
+	elif [ "$external_access" = "deny" ]; then
+		uci -q delete firewall.alist
+		uci commit firewall
+		/etc/init.d/firewall reload >/dev/null 2>&1
+	fi
 }

 start_service() {
@ -24,8 +46,16 @@ start_service() {
 	else
 		SSL=false
 	fi
+	if [ "$allow_wan" -eq "1" ]; then
+		listen_addr="0.0.0.0"
+		external_access="allow"
+	else
+		listen_addr=$lan_addr
+		external_access="deny"
+	fi
+	set_firewall
 	cat > $CONFIG <<EOF
-{"force":false,"address":"0.0.0.0","port":$port,"jwt_secret":"","cdn":"","database":{"type":"sqlite3","host":"","port":0,"user":"","password":"","name":"","db_file":"/etc/alist/data.db","table_prefix":"x_","ssl_mode":""},"scheme":{"https":$SSL,"cert_file":"$ssl_cert","key_file":"$ssl_key"},"temp_dir":"$temp_dir","log":{"enable":false,"name":"$temp_dir/alist.log","max_size":10,"max_backups":5,"max_age":28,"compress":false}}
+{"force":false,"address":"$listen_addr","port":$port,"jwt_secret":"","cdn":"","database":{"type":"sqlite3","host":"","port":0,"user":"","password":"","name":"","db_file":"/etc/alist/data.db","table_prefix":"x_","ssl_mode":""},"scheme":{"https":$SSL,"cert_file":"$ssl_cert","key_file":"$ssl_key"},"temp_dir":"$temp_dir","log":{"enable":false,"name":"$temp_dir/alist.log","max_size":10,"max_backups":5,"max_age":28,"compress":false}}
 EOF
 	procd_open_instance alist
 	procd_set_param command $PROG
@ -40,6 +70,11 @@ service_triggers() {
 	procd_add_reload_trigger "alist"
 }

+stop_service() {
+	external_access="deny"
+	set_firewall
+}
+
 reload_service() {
 	stop
 	start