Fixed bug that would revert VLAN XML to defaults, fixed issue that would rewrite interface assignments, fixed bug that incorrectly identified lagg

Author: Jared Hendrickson

pfSense-pkg-API/files/etc/inc/api/framework/APIResponse.inc

@@ -822,6 +822,12 @@ function get($id, $data=[], $all=false) {
             "return" => $id,
             "message" => "Interface VLAN parent required"
         ],
+        3056 => [
+            "status" => "bad request",
+            "code" => 400,
+            "return" => $id,
+            "message" => "Interface VLAN ID required"
+        ],
 
         // 4000-4999 reserved for /firewall API calls
         4000 => [

pfSense-pkg-API/files/etc/inc/api/models/APIInterfaceVLANCreate.inc

@@ -23,19 +23,20 @@ class APIInterfaceVLANCreate extends APIModel {
         parent::__construct();
         $this->privileges = ["page-all", "page-interfaces-vlan-edit"];
         $this->change_note = "Added VLAN interface via API";
-
     }
 
     public function action() {
-        $this->config["vlans"]["vlan"] = [];
-        $this->config["vlans"]["vlan"][] = $this->validated_data;    // Write our configuration change
-        interface_vlan_configure($this->validated_data);    // Configure our VLAN on the backend
+        $this->__init_config();
+        $this->config["vlans"]["vlan"][] = $this->validated_data;
+        interface_vlan_configure($this->validated_data);
         $this->write_config();
         return APIResponse\get(0, $this->validated_data);
     }
 
-    public function validate_payload() {
+    private function __validate_if() {
+        # Require clients to specify an if value to indicate which interface this VLAN will apply to
         if (isset($this->initial_data['if'])) {
+            # Return an error if the requested parent interface does not exist
             if (!does_interface_exist($this->initial_data['if'])) {
                 $this->errors[] = APIResponse\get(3051);
             } else {
@@ -44,19 +45,32 @@ class APIInterfaceVLANCreate extends APIModel {
         } else {
             $this->errors[] = APIResponse\get(3055);
         }
+    }
 
+    private function __validate_tag() {
+        # Require clients to specify a VLAN tag value
         if (isset($this->initial_data['tag'])) {
+            # Return an error if VLAN tag is not numeric, or is not between 1 and 4096
             if (!is_numeric($this->initial_data['tag']) or (1 > intval($this->initial_data['tag']) or intval($this->initial_data['tag']) > 4096)) {
                 $this->errors[] = APIResponse\get(3052);
-            } else {
-                $this->validated_data["tag"] = intval(trim($this->initial_data['tag']));
-                $str_tag = strval($this->validated_data["tag"]);
+            }
+            # Return an error if this VLAN already exists on this interface
+            elseif ($this->__is_vlan($this->validated_data["if"], $this->initial_data["tag"])) {
+                $this->errors[] = APIResponse\get(3054);
+            }
+            # Otherwise, store our tag value as validated
+            else {
+                $this->validated_data["tag"] = $this->initial_data['tag'];
             }
         } else {
             $this->errors[] = APIResponse\get(3048);
         }
+    }
 
+    private function __validate_pcp() {
+        # Optionally allow client to specify a VLAN PCP value. Default if not set.
         if (isset($this->initial_data['pcp'])) {
+            # Return error if PCP value is not between 0 and 7
             if (0 > $this->initial_data['pcp'] or $this->initial_data['pcp'] > 7) {
                 $this->errors[] = APIResponse\get(3053);
             } else {
@@ -65,25 +79,43 @@ class APIInterfaceVLANCreate extends APIModel {
         } else {
             $this->validated_data["pcp"] = "";
         }
+    }
 
+    private function __validate__descr() {
+        # Optionally allow client to specify a VLAN description. Default if not set.
         if (isset($this->initial_data['descr'])) {
             $this->validated_data["descr"] = $this->initial_data['descr'];
         } else {
             $this->validated_data["descr"] = "";
         }
+    }
+
+    public function validate_payload() {
+        $this->__validate_if();
+        $this->__validate_tag();
+        $this->__validate_pcp();
+        $this->__validate__descr();
+        $this->validated_data["vlanif"] = $this->validated_data["if"].".".$this->initial_data['tag'];
+    }
 
-        // Check if our VLAN is already in use
-        if (is_array($this->config["vlans"]["vlan"])) {
-            foreach ($this->config["vlans"]["vlan"] as $vle) {
-                if ($this->validated_data["if"] === $vle["if"] and $str_tag === $vle["tag"]) {
-                    $this->errors[] = APIResponse\get(3054);
-                }
+    private function __is_vlan($if, $tag) {
+        # Check if our VLAN already exists
+        foreach ($this->config["vlans"]["vlan"] as $vle) {
+            if ($if === $vle["if"] and strval($tag) === $vle["tag"]) {
+                return true;
             }
-        } else {
-            $this->config["vlans"] = [];
-            $this->config["vlans"]["vlan"] = [];
         }
-        $this->validated_data["vlanif"] = $this->validated_data["if"].".".$this->initial_data['tag'];
+        return false;
+    }
 
+    private function __init_config() {
+        # Ensure our VLANs config section is an array
+        if (!is_array($this->config["vlans"])) {
+            $this->config["vlans"] = [];
+        }
+        # Ensure our VLAN config section is an array
+        if (!is_array($this->config["vlans"]["vlan"])) {
+            $this->config["vlan"] = [];
+        }
     }
-}
+}

pfSense-pkg-API/files/etc/inc/api/models/APIInterfaceVLANDelete.inc

@@ -27,40 +27,48 @@ class APIInterfaceVLANDelete extends APIModel {
     }
 
     public function action() {
-        $del_ent = $this->config["vlans"]["vlan"][$this->validated_data["id"]];    // Save our deleted VLAN
-        pfSense_interface_destroy($this->config["vlans"]["vlan"][$this->validated_data["id"]]["vlanif"]);    // delete our VLAN on the backend
-        unset($this->config["vlans"]["vlan"][$this->validated_data["id"]]);    // Remove our VLAN configuration
+        pfSense_interface_destroy($this->validated_data["vlanif"]);    // delete our VLAN on the backend
+        unset($this->config["vlans"]["vlan"][$this->id]);    // Remove our VLAN configuration
         $this->write_config();
-        return APIResponse\get(0, $del_ent);
+        return APIResponse\get(0, $this->validated_data);
     }
 
-    public function validate_payload() {
-        $curr_vlans = $this->config["vlans"]["vlan"];    // Save our current VLANs
-        if (isset($this->initial_data['vlanif'])) {
-            $this->validated_data["vlanif"] = $this->initial_data['vlanif'];
-        }
-        elseif (isset($this->initial_data['id'])) {
-            $this->validated_data["id"] = $this->initial_data['id'];
-        } else {
-            $this->errors[] = APIResponse\get(3048);
-        }
-        // Ensure we have a vlanif and id regardless of which input selector was provided
-        if (isset($this->validated_data["vlanif"])) {
-            foreach ($curr_vlans as $ind => $cve) {
-                if ($this->validated_data["vlanif"] === $cve["vlanif"]) {
-                    $this->validated_data["id"] = $ind;
-                    break;
-                }
+    private function __validate_id() {
+        # Check if the given ID exists. Also allow vlanif for backward compatibility
+        if (isset($this->initial_data["id"]) or isset($this->initial_data["vlanif"])) {
+            # Allow user to locate the VLAN by vlanif
+            if (!is_null($this->__get_vlan_id_from_vlanif($this->initial_data["vlanif"]))) {
+                $this->id = $this->__get_vlan_id_from_vlanif($this->initial_data["vlanif"]);
+                $this->validated_data = $this->config["vlans"]["vlan"][$this->id];
+            }
+            # Try to locate our ID by configuration index ID
+            elseif (array_key_exists($this->initial_data["id"], $this->config["vlans"]["vlan"])) {
+                $this->id = $this->initial_data["id"];
+                $this->validated_data = $this->config["vlans"]["vlan"][$this->id];
+            }
+            else {
+                $this->errors[] = APIResponse\get(3050);
+            }
+
+            # Lastly check that our interface is not in use currently
+            if (APITools\get_pfsense_if_id($this->validated_data["vlanif"])) {
+                $this->errors[] = APIResponse\get(3049);
             }
         } else {
-            $this->validated_data["vlanif"] = $curr_vlans[$this->validated_data["id"]]["vlanif"];
+            $this->errors[] = APIResponse\get(3056);
         }
-        // Check that our interface is not in use currently
-        if (convert_real_interface_to_friendly_interface_name($this->validated_data["vlanif"])) {
-            $this->errors[] = APIResponse\get(3049);
-        }
-        if (empty($this->config["vlans"]["vlan"][$this->validated_data["id"]])) {
-            $this->errors[] = APIResponse\get(3050);
+    }
+
+    public function validate_payload() {
+        $this->__validate_id();
+    }
+
+    private function __get_vlan_id_from_vlanif($vlanif) {
+        # Loop through each VLAN and return it's ID if it matches
+        foreach ($this->config["vlans"]["vlan"] as $id => $vlan) {
+            if ($vlanif === $vlan["vlanif"]) {
+                return $id;
+            }
         }
     }
 }