-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.js
186 lines (163 loc) · 6.45 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
const express = require('express');
const { exec } = require('child_process');
const app = express();
const PORT = process.env.PORT || 3000;
// Array containing ports to add firewall rules for
const ports = [80,443];
app.use(express.json());
// Function to parse UFW status output and extract rule numbers
function parseUfwStatus(output) {
const lines = output.split('\n');
const ruleNumbers = [];
lines.forEach(line => {
if (line !== "") {
const number = line.split('[')[1].split(']')[0].trim();
ruleNumbers.push(number);
}
});
return ruleNumbers;
}
function addNewRule(ip, email, res) {
// Array to store promises for each ufw allow command
const promises = [];
// Iterate over each port and create a promise for ufw allow command
for (let i = 0; i < ports.length; i++) {
const port = ports[i];
const promise = new Promise((resolve, reject) => {
setTimeout(() => {
exec(`sudo ufw allow from ${ip} to any port ${port} comment 'NFM: ${email}'`, (error, stdout, stderr) => {
if (error) {
console.error(`Error adding firewall rule: ${error.message}`);
reject(error);
return;
}
if (stderr) {
console.error(`Error adding firewall rule: ${stderr}`);
reject(new Error(stderr));
return;
}
console.log("New rule added for port", port);
resolve();
});
}, i * 1000); // 1 second delay between each rule add
});
promises.push(promise);
}
// Wait for all promises to resolve
Promise.all(promises)
.then(() => {
console.log("All rules added successfully");
res.status(200).json({ message: 'Firewall rule updated successfully' });
})
.catch(error => {
console.error("Error adding firewall rules:", error.message);
res.status(500).json({ error: 'Internal Server Error' });
});
}
function clearAll(ruleNumbers,res) {
if (ruleNumbers.length === 0) {
res.status(200).json({ message: 'All rules deleted' });
return;
}
// Delete existing firewall rule with the given email
const ruleNumber = ruleNumbers.pop();
exec(`sudo ufw --force delete ${ruleNumber}`, (error, stdout, stderr) => {
if (error) {
console.error(`Error deleting firewall rule: ${error.message}`);
res.status(500).json({ error: 'Internal Server Error' });
return;
}
if (stderr) {
console.error(`Error deleting firewall rule: ${stderr}`);
res.status(500).json({ error: 'Internal Server Error' });
return;
}
// Check UFW status again after deleting a rule
exec(`sudo ufw status numbered | grep 'NFM: '`, (error, stdout, stderr) => {
if (stderr) {
console.error(`Error getting firewall status: ${stderr}`);
res.status(500).json({ error: 'Internal Server Error' });
return;
}
const updatedRuleNumbers = parseUfwStatus(stdout);
clearAll(updatedRuleNumbers,res);
});
});
}
function clearAllRules(res) {
exec(`sudo ufw status numbered | grep 'NFM: '`, (error, stdout, stderr) => {
if (stderr) {
console.error(`Error getting firewall status: ${stderr}`);
res.status(500).json({ error: 'Internal Server Error' });
return;
}
// Parse firewall status to get rule numbers
const ruleNumbers = parseUfwStatus(stdout);
if (ruleNumbers.length > 0) {
clearAll(ruleNumbers,res);
} else {
res.status(200).json({ message: 'Nothing to clear' });
}
});
}
// Function to delete firewall rules recursively until no rules with the specified email are found
function deleteRules(ip, email, res, ruleNumbers) {
if (ruleNumbers.length === 0) {
// All rules deleted, add new rule
addNewRule(ip, email, res);
return;
}
// Delete existing firewall rule with the given email
const ruleNumber = ruleNumbers.pop();
exec(`sudo ufw --force delete ${ruleNumber}`, (error, stdout, stderr) => {
if (error) {
console.error(`Error deleting firewall rule: ${error.message}`);
res.status(500).json({ error: 'Internal Server Error' });
return;
}
if (stderr) {
console.error(`Error deleting firewall rule: ${stderr}`);
res.status(500).json({ error: 'Internal Server Error' });
return;
}
// Check UFW status again after deleting a rule
exec(`sudo ufw status numbered | grep '${email}'`, (error, stdout, stderr) => {
if (stderr) {
console.error(`Error getting firewall status: ${stderr}`);
res.status(500).json({ error: 'Internal Server Error' });
return;
}
const updatedRuleNumbers = parseUfwStatus(stdout);
deleteRules(ip, email, res, updatedRuleNumbers);
});
});
}
// API endpoint to add or remove firewall rules
app.post('/firewall', (req, res) => {
const { ip, email } = req.body;
// Get current firewall status
exec(`sudo ufw status numbered | grep '${email}'`, (error, stdout, stderr) => {
if (stderr) {
console.error(`Error getting firewall status: ${stderr}`);
res.status(500).json({ error: 'Internal Server Error' });
return;
}
// Parse firewall status to get rule numbers
const ruleNumbers = parseUfwStatus(stdout);
if (ruleNumbers.length > 0) {
// Delete existing firewall rules with the given email
deleteRules(ip, email, res, ruleNumbers);
} else {
// No existing rules, add new rule directly
addNewRule(ip, email, res);
}
});
});
// API endpoint to add or remove firewall rules
app.delete('/firewall', (req, res) => {
clearAllRules(res);
});
// Start the server
app.listen(PORT, () => {
console.log(`Server is running on port ${PORT}`);
});