#1904 v-add-sys-api-ip (#1905)

* Add support for the command 

v-add-sys-api-ip 1.2.3.4 and v-delete-sys-api-ip 1.1.1.1

* Fix correction with chmod

* Update change log

CHANGELOG.md

@@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file.
 ### Features
 
 - Include DMARC record in DNS record list #1836
+- Add command to add / delete from API_ALLOWED_IP list (#1904)
 
 ### Bugfixes
 

bin/v-add-mail-domain-smtp-relay

@@ -0,0 +1,46 @@
+#!/bin/bash
+# info: add ip adresss to allowed ip list api
+# options: IP 
+# labels: hestia
+#
+# example: v-add-sys-api-ip 1.1.1.1
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+ip46=${1// /}
+
+# Includes
+
+# shellcheck source=/usr/local/hestia/func/main.sh
+source $HESTIA/func/main.sh
+# shellcheck source=/usr/local/hestia/func/ip.sh
+source $HESTIA/func/ip.sh
+# shellcheck source=/usr/local/hestia/conf/hestia.conf
+source $HESTIA/conf/hestia.conf
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'IP'
+is_format_valid 'ip46'
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+if [ "$API_ALLOWED_IP" != "" ]; then
+    $BIN/v-change-sys-config-value 'API_ALLOWED_IP' "$API_ALLOWED_IP,$ip46"
+else
+    $BIN/v-change-sys-config-value 'API_ALLOWED_IP' "$ip46"
+fi
+
+# Logging
+$BIN/v-log-action "system" "Warning" "System" "Added new IP address added to Allowed IP API (IP: $ip46)"
+log_event "$OK" "$ARGUMENTS"

bin/v-add-sys-smtp-relay

@@ -0,0 +1,55 @@
+#!/bin/bash
+# info: delete ip adresss from allowed ip list api
+# options: IP 
+# labels: hestia
+#
+# example: v-delete-sys-api-ip 1.1.1.1
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+ip46=${1// /}
+
+# Includes
+# shellcheck source=/usr/local/hestia/func/main.sh
+source $HESTIA/func/main.sh
+# shellcheck source=/usr/local/hestia/func/ip.sh
+source $HESTIA/func/ip.sh
+# shellcheck source=/usr/local/hestia/conf/hestia.conf
+source $HESTIA/conf/hestia.conf
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'IP'
+is_format_valid 'ip46'
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+new_list=''
+set -f                      # avoid globbing (expansion of *).
+array=(${API_ALLOWED_IP//,/ })
+for i in "${!array[@]}"
+do
+    if [ "${array[i]}" != "$ip46" ]; then
+        if [ "$new_list" = '' ]; then
+            new_list="${array[i]}";
+        else
+            new_list="$new_list,${array[i]}"
+        fi
+    fi
+done
+
+$BIN/v-change-sys-config-value 'API_ALLOWED_IP' "$new_list"
+
+# Logging
+$BIN/v-log-action "system" "Warning" "System" "Removed IP address added from Allowed IP API (IP: $ip46)"
+log_event "$OK" "$ARGUMENTS"

bin/v-delete-sys-mail-queue

@@ -680,6 +680,104 @@ is_ip_format_valid() {
     fi
 }
 
+# IPv6 format validator
+is_ipv6_format_valid() {
+    object_name=${2-ip6}
+    ip_regex='([1-9]?[0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])'
+    t_ip=$(echo $1 |awk -F / '{print $1}')
+    t_cidr=$(echo $1 |awk -F / '{print $2}')
+    valid_cidr=1
+    
+    WORD="[0-9A-Fa-f]\{1,4\}"
+    # flat address, no compressed words
+    FLAT="^${WORD}\(:${WORD}\)\{7\}$"
+    
+    COMP2="^\(${WORD}:\)\{1,1\}\(:${WORD}\)\{1,6\}$"
+    COMP3="^\(${WORD}:\)\{1,2\}\(:${WORD}\)\{1,5\}$"
+    COMP4="^\(${WORD}:\)\{1,3\}\(:${WORD}\)\{1,4\}$"
+    COMP5="^\(${WORD}:\)\{1,4\}\(:${WORD}\)\{1,3\}$"
+    COMP6="^\(${WORD}:\)\{1,5\}\(:${WORD}\)\{1,2\}$"
+    COMP7="^\(${WORD}:\)\{1,6\}\(:${WORD}\)\{1,1\}$"
+    # trailing :: edge case, includes case of only :: (all 0's)
+    EDGE_TAIL="^\(\(${WORD}:\)\{1,7\}\|:\):$"
+    # leading :: edge case
+    EDGE_LEAD="^:\(:${WORD}\)\{1,7\}$"
+   
+    echo $t_ip | grep --silent "\(${FLAT}\)\|\(${COMP2}\)\|\(${COMP3}\)\|\(${COMP4}\)\|\(${COMP5}\)\|\(${COMP6}\)\|\(${COMP7}\)\|\(${EDGE_TAIL}\)\|\(${EDGE_LEAD}\)"
+    if [ $? -ne 0 ]; then
+        check_result $E_INVALID "invalid $object_name format :: $1"
+    fi
+    
+    if [ ! -z "$(echo $1|grep '/')" ]; then
+        if [[ "$t_cidr" -lt 0 ]] || [[ "$t_cidr" -gt 128 ]]; then
+            valid_cidr=0
+        fi
+        if ! [[ "$t_cidr" =~ ^[0-9]+$ ]]; then
+            valid_cidr=0
+        fi
+    fi
+    if [ "$valid_cidr" -eq 0 ]; then
+        check_result $E_INVALID "invalid $object_name format :: $1"
+    fi
+}
+
+is_ip46_format_valid() {
+    t_ip=$(echo $1 |awk -F / '{print $1}')
+    t_cidr=$(echo $1 |awk -F / '{print $2}')
+    valid_octets=0
+    valid_cidr=1
+    for octet in ${t_ip//./ }; do
+        if [[ $octet =~ ^[0-9]{1,3}$ ]] && [[ $octet -le 255 ]]; then
+            ((++valid_octets))
+        fi
+    done
+
+    if [ ! -z "$(echo $1|grep '/')" ]; then
+        if [[ "$t_cidr" -lt 0 ]] || [[ "$t_cidr" -gt 32 ]]; then
+            valid_cidr=0
+        fi
+        if ! [[ "$t_cidr" =~ ^[0-9]+$ ]]; then
+            valid_cidr=0
+        fi
+    fi
+    if [ "$valid_octets" -lt 4 ] || [ "$valid_cidr" -eq 0 ]; then
+        #Check IPV6
+        ipv6_valid=""
+        WORD="[0-9A-Fa-f]\{1,4\}"
+        # flat address, no compressed words
+        FLAT="^${WORD}\(:${WORD}\)\{7\}$"
+
+        COMP2="^\(${WORD}:\)\{1,1\}\(:${WORD}\)\{1,6\}$"
+        COMP3="^\(${WORD}:\)\{1,2\}\(:${WORD}\)\{1,5\}$"
+        COMP4="^\(${WORD}:\)\{1,3\}\(:${WORD}\)\{1,4\}$"
+        COMP5="^\(${WORD}:\)\{1,4\}\(:${WORD}\)\{1,3\}$"
+        COMP6="^\(${WORD}:\)\{1,5\}\(:${WORD}\)\{1,2\}$"
+        COMP7="^\(${WORD}:\)\{1,6\}\(:${WORD}\)\{1,1\}$"
+        # trailing :: edge case, includes case of only :: (all 0's)
+        EDGE_TAIL="^\(\(${WORD}:\)\{1,7\}\|:\):$"
+        # leading :: edge case
+        EDGE_LEAD="^:\(:${WORD}\)\{1,7\}$"
+
+        echo $t_ip | grep --silent "\(${FLAT}\)\|\(${COMP2}\)\|\(${COMP3}\)\|\(${COMP4}\)\|\(${COMP5}\)\|\(${COMP6}\)\|\(${COMP7}\)\|\(${EDGE_TAIL}\)\|\(${EDGE_LEAD}\)"
+        if [ $? -ne 0 ]; then
+           ipv6_valid="INVALID"
+        fi
+
+        if [ ! -z "$(echo $1|grep '/')" ]; then
+            if [[ "$t_cidr" -lt 0 ]] || [[ "$t_cidr" -gt 128 ]]; then
+                valid_cidr=0
+            fi
+            if ! [[ "$t_cidr" =~ ^[0-9]+$ ]]; then
+                valid_cidr=0
+            fi
+        fi
+        
+        if [ ! -z "$ipv6_valid" ] || [ "$valid_cidr" -eq 0 ]; then
+            check_result $E_INVALID "invalid IP format :: $1"
+        fi
+    fi
+}
+
 # Proxy extention format validator
 is_extention_format_valid() {
     exclude="[!|#|$|^|&|(|)|+|=|{|}|:|@|<|>|?|/|\|\"|'|;|%|\`| ]"
@@ -986,6 +1084,8 @@ is_format_valid() {
                 id)             is_int_format_valid "$arg" 'id' ;;
                 iface)          is_interface_format_valid "$arg" ;;
                 ip)             is_ip_format_valid "$arg" ;;
+                ipv6)           is_ipv6_format_valid "$arg" ;;
+                ip46)           is_ip46_format_valid "$arg" ;;
                 ip_name)        is_domain_format_valid "$arg" 'IP name';;
                 ip_status)      is_ip_status_format_valid "$arg" ;;
                 job)            is_int_format_valid "$arg" 'job' ;;