Added /api/v1/routing/gateway/default endpoint to set the default gateways.

jaredhendrickson13 · jaredhendrickson13 · commit 338b0f91054b · 2022-05-22T00:34:50.000-06:00
diff --git a/pfSense-pkg-API/files/etc/inc/api/endpoints/APIRoutingGatewayDefault.inc b/pfSense-pkg-API/files/etc/inc/api/endpoints/APIRoutingGatewayDefault.inc
@@ -0,0 +1,26 @@
+<?php
+//   Copyright 2022 Jared Hendrickson
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+
+require_once("api/framework/APIEndpoint.inc");
+
+class APIRoutingGatewayDefault extends APIEndpoint {
+    public function __construct() {
+        $this->url = "/api/v1/routing/gateway/default";
+    }
+
+    protected function put() {
+        return (new APIRoutingGatewayDefaultUpdate())->call();
+    }
+}
diff --git a/pfSense-pkg-API/files/etc/inc/api/models/APIRoutingGatewayDefaultUpdate.inc b/pfSense-pkg-API/files/etc/inc/api/models/APIRoutingGatewayDefaultUpdate.inc
@@ -0,0 +1,108 @@
+<?php
+//   Copyright 2022 Jared Hendrickson
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+
+require_once("api/framework/APIModel.inc");
+require_once("api/framework/APIResponse.inc");
+
+
+class APIRoutingGatewayDefaultUpdate extends APIModel {
+    # Create our method constructor
+    public function __construct() {
+        parent::__construct();
+        $this->privileges = ["page-all", "page-system-gateways"];
+        $this->change_note = "Set default gateway via API";
+    }
+
+    public function action() {
+        # Set the default gateways based on the validated input
+        $this->config["gateways"]["defaultgw4"] = $this->validated_data["defaultgw4"];
+        $this->config["gateways"]["defaultgw6"] = $this->validated_data["defaultgw6"];
+
+        # Write these changes to config and apply if the client requested
+        $this->write_config();
+        $this->apply();
+        return APIResponse\get(0, $this->validated_data);
+    }
+
+    private function __validate_defaultgw4() {
+        # Optionally allow clients to update the 'defaultgw4' value
+        if (isset($this->initial_data["defaultgw4"])) {
+            # Ensure this is a valid IPv4 gateway
+            if (APITools\is_gateway($this->initial_data["defaultgw4"], true) === "inet") {
+                $this->validated_data["defaultgw4"] = $this->initial_data["defaultgw4"];
+            }
+            # Allow client to set automatic gateway selection
+            elseif (in_array($this->initial_data["defaultgw4"], ["", "automatic"])) {
+                $this->validated_data["defaultgw4"] = "";
+            }
+            # Allow client to set no gateway
+            elseif (in_array($this->initial_data["defaultgw4"], ["-", "none"])) {
+                $this->validated_data["defaultgw4"] = "-";
+            }
+            else {
+                $this->errors[] = APIResponse\get(6028);
+            }
+        }
+    }
+
+    private function __validate_defaultgw6() {
+        # Optionally allow clients to update the 'defaultgw6' value
+        if (isset($this->initial_data["defaultgw6"])) {
+            # Ensure this is a valid IPv6 gateway
+            if (APITools\is_gateway($this->initial_data["defaultgw6"], true) === "inet6") {
+                $this->validated_data["defaultgw6"] = $this->initial_data["defaultgw6"];
+            }
+            # Allow client to set automatic gateway selection
+            elseif (in_array($this->initial_data["defaultgw6"], ["", "automatic"])) {
+                $this->validated_data["defaultgw6"] = "";
+            }
+            # Allow client to set no gateway
+            elseif (in_array($this->initial_data["defaultgw6"], ["-", "none"])) {
+                $this->validated_data["defaultgw6"] = "-";
+            }
+            else {
+                $this->errors[] = APIResponse\get(6028);
+            }
+        }
+    }
+
+    public function validate_payload() {
+        # Fetch existing default gateway values
+        $this->validated_data = [
+            "defaultgw4"=>$this->config["gateways"]["defaultgw4"],
+            "defaultgw6"=>$this->config["gateways"]["defaultgw6"],
+        ];
+
+        # Validate client input
+        $this->__validate_defaultgw4();
+        $this->__validate_defaultgw6();
+    }
+
+    public function apply() {
+        # Mark the routing subsystem as changed, clear if applied
+        mark_subsystem_dirty("staticroutes");
+
+        # Optionally allow clients to apply this route immediately if they passed in a true apply value
+        # Note: this is a one-off case where this was better to default to true instead of false.
+        if ($this->initial_data["apply"] !== false) {
+            system_routing_configure();
+            system_resolvconf_generate();
+            filter_configure();
+            setup_gateways_monitor();
+            send_event("service reload dyndnsall");
+            clear_subsystem_dirty("staticroutes");
+        }
+    }
+}
diff --git a/pfSense-pkg-API/files/usr/local/www/api/documentation/openapi.yml b/pfSense-pkg-API/files/usr/local/www/api/documentation/openapi.yml
@@ -5652,6 +5652,43 @@ paths:
       summary: Update gateway
       tags:
         - Routing > Gateway
+  /api/v1/routing/gateway/default:
+    put:
+      description: 'Update the default gateways for IPv4 and/or IPv6. _Note: changing the default gateway can
+      prevent you from connecting to the system afterward. Proceed with caution._<br><br>
+
+        _Requires at least one of the following privileges:_ [`page-all`, `page-system-gateways`]'
+      requestBody:
+        content:
+          application/json:
+            schema:
+              properties:
+                defaultgw4:
+                  description: >-
+                    Set the IPv4 default gateway. This must be an existing IPv4 gateway name, `automatic` for automatic
+                    gateway selection, or `none` for no default gateway selection for IPv4.
+                  type: string
+                defaultgw6:
+                  description: >-
+                    Set the IPv6 default gateway. This must be an existing IPv6 gateway name, `automatic` for automatic
+                    gateway selection, or `none` for no default gateway selection for IPv6.
+                  type: string
+                apply:
+                  default: true
+                  description: Specify whether or not you would like this change
+                    to be applied immediately, or simply written to the configuration
+                    to be applied later. If set to `false` you must apply the changes
+                    afterwards using the `/api/v1/routing/apply` endpoint.
+                  type: boolean
+              type: object
+      responses:
+        200:
+          $ref: '#/components/responses/Success'
+        401:
+          $ref: '#/components/responses/AuthenticationFailed'
+      summary: Update default gateways
+      tags:
+        - Routing > Gateway > Default
   /api/v1/routing/gateway/detail:
     get:
       description: 'Read verbose routing gateway details about both dynamic/system
@@ -9512,6 +9549,7 @@ tags:
   - name: System > Reboot
   - name: System > Halt
   - name: Routing > Gateway
+  - name: Routing > Gateway > Default
   - name: Routing > Gateway > Detail
   - name: Routing > Static Route
   - name: Routing > Apply
diff --git a/tests/test_api_v1_routing_gateway_default.py b/tests/test_api_v1_routing_gateway_default.py
@@ -0,0 +1,39 @@
+# Copyright 2022 Jared Hendrickson
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import e2e_test_framework
+
+class APIE2ETestRoutingGatewayDefault(e2e_test_framework.APIE2ETest):
+    uri = "/api/v1/routing/gateway/default"
+    put_tests = [
+        {
+            "name": "Check IPv4 gateway exists constraint",
+            "status": 400,
+            "return": 6028,
+            "payload": {"defaultgw4": "INVALID"}
+        },
+        {
+            "name": "Check IPv6 gateway exists constraint",
+            "status": 400,
+            "return": 6028,
+            "payload": {"defaultgw6": "INVALID"}
+        },
+        {
+            "name": "Check updating default gateways",
+            "timeout": 10,
+            "payload": {"defaultgw4": "automatic", "defaultgw6": "automatic"}
+        }
+    ]
+
+APIE2ETestRoutingGatewayDefault()
