Converted more endpoints to object-oriented structure, minor adjustments to framework and contributor notes

Author: jaredhendrickson13

CONTRIBUTING.md

@@ -116,6 +116,10 @@ writing a model that tests user's local database credentials and do not want the
 auth mode you would specify `$this->set_auth_mode = "local";` to always force local authentication. Defaults to the 
 API's configured auth mode in the /api/ webConfigurator page.
 
+- `$this->change_note` : Sets the description of the action that occurred via API. This value will be shown in the 
+change logs found at Diagnostics > Backup & Restore > Config History. This defaults to "Made unknown change via API". 
+This is only necessary if your API model writes changes to the configuration.
+
 
 #### Other Base Model Properties ####
 There are other properties inherited from APIBaseModel that are not intended (and shouldn't be) overridden by your
@@ -125,6 +129,19 @@ custom API model:
 - `$this->initial_data` : The request data as it was when the object was created
 - `$this->validated_data` : An array for validators to use to populate data that has been validated
 - `$this->errors` : An array to populate any errors encountered. Should be an array of APIResponse values.
+- `$this->config` : Our pfSense configuration array. You may read current configuration values using this array or write
+changes to the configuration by updating it's values. If you do make changes to the configuration, you must use call
+`$this->write_config()` to apply them. 
+
+#### Reading and Writing to pfSense's XML Configuration ####
+Included in the API framework are properties and methods to read and write to pfSense's XML configuration. Please note
+that other functions are likely required to configure pfSense's backend to use the new configuration. These properties
+and methods are available anywhere within your API model:
+
+- `$this->config` : Our pfSense XML configuration in a PHP array format. You may read the current configuration from 
+this property or update/add new configuration by assigning the corresponding array key new values
+- `$this->write_config()` : This method writes any changes made to $this->config to pfSense's XML configuration file. 
+Any changes made to $this->config will not be applied until this method is executed. 
 
 #### Overriding API Model Validation ####
 By default, API models do not provide any sort of validation. You are responsible for overriding the class method to 
@@ -159,13 +176,13 @@ class NewAPIModel extends APIBaseModel {
 }
 ```
 
-
 #### Writing API Model Action ####
 By default, the API model will return a 'Your API request was valid but no actions were specified for this endpoint' 
 error after validating input. This is because we need to tell it what to do when our request is valid! We do this by 
 overriding the APIBaseModel's `action()` method. This method should simply be a set of tasks to perform upon a 
 successful API call. If you are writing an endpoint to perform a change that is usually performed via the pfSense 
-webConfigurator, it may be helpful to look at the PHP code for the webConfigurator page. 
+webConfigurator, it may be helpful to look at the PHP code for the webConfigurator page. This method must return an
+APIResponse item.
 
 As a basic example, if I wanted to add our validated input to our pfSense configuration:
 
@@ -194,16 +211,13 @@ class NewAPIModel extends APIBaseModel {
 
     # Tell our API model what to do after successfully validating the client's request
     public function action(){
-        $_SESSION["Username"] = $this->client->username;    // Save our user to session data for logging
-        $change_note = " Added TEST value via API";         // Add a change note
-        $config["test"][] = $this->validated_data;          // Write a new 'test' item to our master config
-        write_config(sprintf(gettext($change_note)));       // Apply our configuration change
+        $this->config["test"][] = $this->validated_data;          // Write a new 'test' item to our master config
+        $this->write_config();       // Apply our configuration change
         return APIResponse\get(0, $this->validated_data);   // Return a success response containing our added data
     }
 }
 ```
 
-
 #### Writing API endpoints ####
 API models are not useful if we do not have an API endpoint that calls upon the model. API endpoints are the PHP scripts
 that will be placed in pfSense's web path. To create a new API endpoint, add an index.php file in 

pfSense-pkg-API/files/etc/inc/api/api_models/APIFirewallAliases.inc

@@ -12,10 +12,10 @@ class APIFirewallAliases extends APIBaseModel {
     }
 
     public function action() {
-        global $config;
+
         // Check that we have a configuration
-        if (!empty($config["aliases"]["alias"])) {
-            $alias_array = $config["aliases"]["alias"];
+        if (!empty($this->config["aliases"]["alias"])) {
+            $alias_array = $this->config["aliases"]["alias"];
         } else {
             $alias_array = [];
         }

pfSense-pkg-API/files/etc/inc/api/api_models/APIFirewallAliasesAdd.inc

@@ -0,0 +1,165 @@
+<?php
+require_once("api/framework/APIBaseModel.inc");
+require_once("api/framework/APIResponse.inc");
+
+class APIFirewallAliasesAdd extends APIBaseModel {
+    # Create our method constructor
+    public function __construct() {
+        parent::__construct();
+        $this->methods = ["POST"];
+        $this->privileges = ["page-all", "page-firewall-aliases-edit"];
+        $this->change_note = "Added firewall alias via API";
+    }
+
+    public function action() {
+        // Add our alias
+        $this->config["aliases"] = !is_array($this->config["aliases"]) ? array("alias" => []) : $this->config["aliases"];
+        $this->config["aliases"]["alias"][] = $this->validated_data;    // Write our configuration change
+        $this->write_config();    // Apply our configuration change
+        send_event("filter reload");    // Ensure our firewall filter is reloaded
+        return APIResponse\get(0, $this->validated_data);
+    }
+    
+    public function validate_payload() {
+
+        $allowed_alias_types = array("host", "network", "port");    // Array of allowed alias types
+        if (isset($this->initial_data['name'])) {
+            $name = $this->initial_data['name'];
+            $name = APITools\sanitize_str($name);
+        } else {
+            $this->errors[] = APIResponse\get(4050);
+        }
+        if (isset($this->initial_data['type'])) {
+            $type = $this->initial_data['type'];
+            $type = trim($type);
+        } else {
+            $this->errors[] = APIResponse\get(4061);
+        }
+        if (isset($this->initial_data['address'])) {
+            $address = $this->initial_data['address'];
+            // Convert string to array
+            if (!is_array($address)) {
+                $address = array($address);
+            }
+        } else {
+            $this->errors[] = APIResponse\get(4052);
+
+        }
+        if (isset($this->initial_data['descr'])) {
+            $descr = $this->initial_data['descr'];
+        }
+        if (isset($this->initial_data['detail'])) {
+            $detail = $this->initial_data['detail'];
+            // Convert string to array
+            if (!is_array($detail)) {
+                $detail = array($detail);
+            }
+        }
+        // Check that our input is valid
+        if (!is_string($name)) {
+            $this->errors[] = APIResponse\get(4053);
+        } elseif (!is_string($type)) {
+            $this->errors[] = APIResponse\get(4062);
+        } elseif (!in_array($type, $allowed_alias_types)) {
+            $this->errors[] = APIResponse\get(4057);
+        } elseif (isset($descr) and !is_string($descr)) {
+            $this->errors[] = APIResponse\get(4063);
+        } elseif (!is_array($address)) {
+            $this->errors[] = APIResponse\get(4054);
+        } elseif (isset($detail) and !is_array($detail)) {
+            $this->errors[] = APIResponse\get(4063);
+        }
+        if (!isset($type_err)) {
+            // Loop through our arrays and ensure the values are valid
+            $a_count = 0;   // Define a loop counter
+            foreach ($address as $ae) {
+                // Conditions for alias type 'port'
+                if ($type === "port") {
+                    // Check that our value is numeric
+                    if (is_numeric($ae)) {
+                        if (1 <= intval($ae) and intval($ae) <= 65535) {
+                            $address[$a_count] = strval($ae);
+                        } else {
+                            $this->errors[] = APIResponse\get(4065);
+
+                        }
+                    } else {
+                        $this->errors[] = APIResponse\get(4066);
+
+                    }
+                }
+                // Conditionals for alias type 'network'
+                if ($type === "network") {
+                    // Check that values are strings
+                    if (is_string($ae)) {
+                        // Check that string is a network CIDR
+                        if (strpos($ae, "/")) {
+                            $net_ip = explode("/", $ae)[0];    // Save our network IP
+                            $bit_mask = explode("/", $ae)[1];    // Save our subnet bit mask
+                            // Check if our IP is IPv4
+                            if (is_ipaddrv4($net_ip)) {
+                                $max_bits = 32;    // Assign our maximum IPv4 bitmask
+                            } elseif (is_ipaddrv6($net_ip)) {
+                                $max_bits = 128;    // Assign our maximum IPv4 bitmask
+                            } else {
+                                $this->errors[] = APIResponse\get(4067);
+
+                            }
+                            // Check if our bitmask is numeric and in range
+                            if (is_numeric($bit_mask)) {
+                                if (1 <= intval($bit_mask) and intval($bit_mask) <= $max_bits) {
+                                    continue;
+                                } else {
+                                    $this->errors[] = APIResponse\get(4068);
+                                }
+                            } else {
+                                $this->errors[] = APIResponse\get(4069);
+                            }
+                        } else {
+                            $this->errors[] = APIResponse\get(4069);
+
+                        }
+                    } else {
+                        $this->errors[] = APIResponse\get(4070);
+
+                    }
+                }
+                // Conditions for alias type 'host'
+                if ($type === "host") {
+                    // Check that values are strings
+                    if (is_string($ae)) {
+                        $address[$a_count] = sanitize_str($ae);
+                    } else {
+                        $this->errors[] = APIResponse\get(4070);
+
+                    }
+                }
+                // Increase our counter
+                $a_count++;
+            }
+            // Check each of our alias details
+            foreach ($detail as $de) {
+                if (!is_string($de)) {
+                    $this->errors[] = APIResponse\get(4071);
+
+                }
+            }
+        }
+        // Check our existing aliases
+        if (is_array($this->config["aliases"])) {
+            $c_count = 0;
+            // Loop through each alias and see if alias already exists
+            foreach ($this->config["aliases"]["alias"] as $ce) {
+                if ($ce["name"] === $name) {
+                    $this->errors[] = APIResponse\get(4056);
+
+                }
+            }
+        }
+        $this->validated_data["name"] = $name;    // Save our alias name
+        $this->validated_data["type"] = $type;    // Save our type
+        $this->validated_data["descr"] = $descr;    // Save our description
+        $this->validated_data["address"] = implode(" ", $address);    // Join array in to space seperated string
+        $this->validated_data["detail"] = implode("||", $detail);    // Join array in to || seperated string
+    }
+}

pfSense-pkg-API/files/etc/inc/api/api_models/APIFirewallAliasesAddAddress.inc

@@ -0,0 +1,146 @@
+<?php
+require_once("api/framework/APIBaseModel.inc");
+require_once("api/framework/APIResponse.inc");
+
+class APIFirewallAliasesAddAddress extends APIBaseModel {
+    # Create our method constructor
+    public function __construct() {
+        parent::__construct();
+        $this->methods = ["POST"];
+        $this->privileges = ["page-all", "page-firewall-aliases-edit"];
+        $this->change_note = "Added firewall alias address via API";
+    }
+
+    public function action() {
+        // Add our alias
+        $this->config["aliases"]["alias"][$this->initial_data["id"]]["address"] = implode(" ", $this->validated_data["address"]);
+        $this->config["aliases"]["alias"][$this->initial_data["id"]]["detail"] = implode("||", $this->validated_data["detail"]);
+        $this->write_config();    // Apply our configuration change
+        send_event("filter reload");    // Ensure our firewall filter is reloaded
+        return APIResponse\get(0, $this->config["aliases"]["alias"][$this->initial_data["id"]]);
+    }
+    
+    public function validate_payload() {
+
+        if (isset($this->initial_data['name'])) {
+            $name = $this->initial_data['name'];
+            $name = APITools\sanitize_str($name);
+        } else {
+            $this->errors[] = APIResponse\get(4050);
+        }
+        if (isset($this->initial_data['address'])) {
+            $address = $this->initial_data['address'];
+            // Convert string to array
+            if (!is_array($address)) {
+                $address = array($address);
+            }
+        } else {
+            $this->errors[] = APIResponse\get(4052);
+
+        }
+        if (isset($this->initial_data['detail'])) {
+            $detail = $this->initial_data['detail'];
+            // Convert string to array
+            if (!is_array($detail)) {
+                $detail = array($detail);
+            }
+        }
+        // Check that our input is valid
+        if (!is_string($name)) {
+            $this->errors[] = APIResponse\get(4053);
+        } elseif (!is_array($address)) {
+            $this->errors[] = APIResponse\get(4054);
+        } elseif (isset($detail) and !is_array($detail)) {
+            $this->errors[] = APIResponse\get(4064);
+        }
+        // Loop through our existing firewall entries and check for our requested alias
+        $c_count = 0;
+        foreach ($this->config["aliases"]["alias"] as $ce) {
+            if ($name === $ce["name"]) {
+                $this->initial_data["id"] = $c_count;
+                $type = $ce["type"];
+                $curr_addr = explode(" ", $ce["address"]);
+                $curr_detail = explode("||", $ce["detail"]);
+                break;
+            }
+            $c_count++;    // Increase our counter
+        }
+        // If we could not find an alias, return error
+        if (!isset($type)) {
+            $this->errors[] = APIResponse\get(4055);
+        }
+        if (!isset($type_err)) {
+            // Loop through our arrays and ensure the values are valid
+            $a_count = 0;   // Define a loop counter
+            foreach ($address as $ae) {
+                // Conditions for alias type 'port'
+                if ($type === "port") {
+                    // Check that our value is numeric
+                    if (is_numeric($ae)) {
+                        if (1 <= intval($ae) and intval($ae) <= 65535) {
+                            $address[$a_count] = strval($ae);
+                        } else {
+                            $this->errors[] = APIResponse\get(4065);
+
+                        }
+                    } else {
+                        $this->errors[] = APIResponse\get(4066);
+
+                    }
+                }
+                // Conditionals for alias type 'network'
+                if ($type === "network") {
+                    // Check that values are strings
+                    if (is_string($ae)) {
+                        // Check that string is a network CIDR
+                        if (strpos($ae, "/")) {
+                            $net_ip = explode("/", $ae)[0];    // Save our network IP
+                            $bit_mask = explode("/", $ae)[1];    // Save our subnet bit mask
+                            // Check if our IP is IPv4
+                            if (is_ipaddrv4($net_ip)) {
+                                $max_bits = 32;    // Assign our maximum IPv4 bitmask
+                            } elseif (is_ipaddrv6($net_ip)) {
+                                $max_bits = 128;    // Assign our maximum IPv4 bitmask
+                            } else {
+                                $this->errors[] = APIResponse\get(4067);
+                            }
+                            // Check if our bitmask is numeric and in range
+                            if (is_numeric($bit_mask)) {
+                                if (1 <= intval($bit_mask) and intval($bit_mask) <= $max_bits) {
+                                    continue;
+                                } else {
+                                    $this->errors[] = APIResponse\get(4068);
+                                }
+                            } else {
+                                $this->errors[] = APIResponse\get(4069);
+                            }
+                        } else {
+                            $this->errors[] = APIResponse\get(4069);
+                        }
+                    } else {
+                        $this->errors[] = APIResponse\get(4070);
+                    }
+                }
+                // Conditions for alias type 'host'
+                if ($type === "host") {
+                    // Check that values are strings
+                    if (is_string($ae)) {
+                        $address[$a_count] = APITools\sanitize_str($ae);
+                    } else {
+                        $this->errors[] = APIResponse\get(4070);
+                    }
+                }
+                // Increase our counter
+                $a_count++;
+            }
+            // Check each of our alias details
+            foreach ($detail as $de) {
+                if (!is_string($de)) {
+                    $this->errors[] = APIResponse\get(4071);
+                }
+            }
+            $this->validated_data["address"] = array_merge($curr_addr, $address);
+            $this->validated_data["detail"] = array_merge($curr_detail, $detail);
+        }
+    }
+}