Ostatnio aktywny 1 month ago

Rewizja 372afa1a59e23129e6d91883fb1389db3c9a2ed4

gistfile1.txt Surowy
1function cmd::unblock::run() {
2 local name="" identity="" type=""
3 local ips=() subnets=() ports=() services=()
4 local all=false quiet=false force=false
5 local reason=""
6
7 while [[ $# -gt 0 ]]; do
8 case "$1" in
9 --name) name="$2"; shift 2 ;;
10 --identity) identity="$2"; shift 2 ;;
11 --type) type="$2"; shift 2 ;;
12 --ip) ips+=("$2"); shift 2 ;;
13 --force) force=true; shift ;;
14 --quiet) quiet=true; shift ;;
15 --subnet) subnets+=("$2"); shift 2 ;;
16 --port) ports+=("$2"); shift 2 ;;
17 --service) services+=("$2"); shift 2 ;;
18 --reason) reason="$2"; shift 2 ;;
19 --all) all=true; shift ;;
20 --help) cmd::unblock::help; return ;;
21 *)
22 log::error "Unknown flag: $1"
23 cmd::unblock::help
24 return 1
25 ;;
26 esac
27 done
28
29 # --identity: unblock all peers for this identity
30 if [[ -n "$identity" ]]; then
31 cmd::unblock::_unblock_identity "$identity" "$quiet" || return 1
32 return 0
33 fi
34
35 if [[ -z "$name" ]]; then
36 log::error "Missing required flag: --name or --identity"
37 cmd::unblock::help
38 return 1
39 fi
40
41 name=$(peers::resolve_and_require "$name" "$type") || return 1
42
43 if ! peers::is_blocked "$name" && ! block::has_file "$name"; then
44 log::wg_warning "Client is not blocked: ${name}"
45 return 0
46 fi
47
48 if [[ ${#ips[@]} -eq 0 && ${#subnets[@]} -eq 0 && \
49 ${#ports[@]} -eq 0 && ${#services[@]} -eq 0 ]]; then
50 all=true
51 fi
52
53 local client_ip
54 client_ip=$(peers::get_ip "$name") || return 1
55
56 if $all; then
57 cmd::unblock::_unblock_all "$name" "$client_ip" "$quiet"
58 return 0
59 fi
60
61 # Unblock specific IPs
62 for ip in "${ips[@]}"; do
63 fw::unblock_ip "$client_ip" "$ip"
64 block::remove_rule "$name" "ip" "$ip"
65 $quiet || log::wg_success "${ip} has been unblocked for ${name}"
66 done
67
68 # Unblock specific subnets
69 for subnet in "${subnets[@]}"; do
70 fw::unblock_subnet "$client_ip" "$subnet"
71 block::remove_rule "$name" "subnet" "$subnet"
72 $quiet || log::wg_success "${subnet} has been unblocked for ${name}"
73 done
74
75 # Unblock specific ports
76 for entry in "${ports[@]}"; do
77 local target port proto
78 IFS=":" read -r target port proto <<< "$entry"
79 proto="${proto:-tcp}"
80 fw::unblock_port "$client_ip" "$target" "$port" "$proto"
81 block::remove_rule "$name" "port" "$target" "$port" "$proto"
82 $quiet || log::wg_success "${target}:${port}:${proto} has been unblocked for ${name}"
83 done
84
85 # Unblock services
86 for svc in "${services[@]}"; do
87 local resolved_lines=()
88 mapfile -t resolved_lines < <(net::resolve "$svc" 2>/dev/null)
89 if [[ ${#resolved_lines[@]} -eq 0 ]]; then
90 log::error "Service not found: ${svc}"
91 return 1
92 fi
93
94 local is_blocked=false
95 for resolved in "${resolved_lines[@]}"; do
96 if [[ "$resolved" == *:*:* ]]; then
97 local b_ip b_port b_proto
98 IFS=":" read -r b_ip b_port b_proto <<< "$resolved"
99 fw::has_block_rule "$client_ip" "$b_ip" "$b_port" "$b_proto" 2>/dev/null && \
100 { is_blocked=true; break; }
101 else
102 fw::has_block_rule "$client_ip" "$resolved" 2>/dev/null && \
103 { is_blocked=true; break; }
104 fi
105 done
106
107 if ! $is_blocked; then
108 $quiet || log::wg_warning "${svc} is not blocked for ${name}"
109 continue
110 fi
111
112 for resolved in "${resolved_lines[@]}"; do
113 if [[ "$resolved" == *:*:* ]]; then
114 local b_ip b_port b_proto
115 IFS=":" read -r b_ip b_port b_proto <<< "$resolved"
116 fw::unblock_port "$client_ip" "$b_ip" "$b_port" "$b_proto"
117 block::remove_rule "$name" "port" "$b_ip" "$b_port" "$b_proto"
118 else
119 fw::unblock_ip "$client_ip" "$resolved"
120 block::remove_rule "$name" "ip" "$resolved"
121 fi
122 done
123
124 $quiet || log::wg_success "${svc} has been unblocked for ${name}"
125 done
126
127 block::cleanup "$name"
128 return 0
129}