diff --git a/commands/group/add.sh b/commands/group/add.sh new file mode 100644 index 0000000..4d62e9f --- /dev/null +++ b/commands/group/add.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +# commands/group/add.sh + +function cmd::group::add::on_load() { + flag::define --name value "Group name" required label:name + flag::define --desc value "Group description" label:desc +} + +function cmd::group::add::run() { + flag::parse "$@" || return 1 + local name; name=$(flag::value --name) + local desc; desc=$(flag::value --desc) + [[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1 + if group::exists "$name"; then + log::error "Group already exists: ${name}"; return 1 + fi + json::create_group "$(group::path "$name")" "$name" "$desc" + log::wg_success "Group created: ${name}" +} diff --git a/commands/group/audit.sh b/commands/group/audit.sh new file mode 100644 index 0000000..c1b01d7 --- /dev/null +++ b/commands/group/audit.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash +# commands/group/audit.sh + +function cmd::group::audit::on_load() { + flag::define --name value "Group name (or all groups)" label:name +} + +function cmd::group::audit::run() { + flag::parse "$@" || return 1 + local name; name=$(flag::value --name) + cmd::group::_audit_impl "$name" +} diff --git a/commands/group/block.sh b/commands/group/block.sh new file mode 100644 index 0000000..f53a6ae --- /dev/null +++ b/commands/group/block.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash +# commands/group/block.sh + +function cmd::group::block::on_load() { + flag::define --name value "Group name" required label:name + flag::define --reason value "Block reason" label:reason + flag::define --quiet bool "Suppress output" +} + +function cmd::group::block::run() { + flag::parse "$@" || return 1 + local name; name=$(flag::value --name) + local reason; reason=$(flag::value --reason) + local quiet=false; flag::bool --quiet && quiet=true + [[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1 + group::require_exists "$name" || return 1 + cmd::group::_block_impl "$name" "$reason" "$quiet" +} diff --git a/commands/group/group.sh b/commands/group/group.sh new file mode 100644 index 0000000..6cc37fe --- /dev/null +++ b/commands/group/group.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +# commands/group/group.sh — router only + +function cmd::group::on_load() { + command::helpers "helpers.sh" + + command::define list "List all groups" [*, ls] + command::define show "Show group details" [info] + command::define add "Create a new group" [new, create] + command::define remove "Remove a group" [rm, del, delete] + command::define rename "Rename a group" + command::define peer "Manage group peers" + command::define rm-peers "Remove all peers from a group" [rm-peers] + command::define set-main "Set main group for a peer" [set-main] + command::define block "Block all peers in a group" + command::define unblock "Unblock all peers in a group" + command::define rule "Manage group rules" + command::define purge-stale "Remove stale peers from groups" [purge] + command::define audit "Audit group membership" + command::define logs "Show logs for group peers" + command::define watch "Watch logs for group peers" +} + +hook::on "command:help:group" command::help::auto diff --git a/commands/group/helpers.sh b/commands/group/helpers.sh new file mode 100644 index 0000000..1d26720 --- /dev/null +++ b/commands/group/helpers.sh @@ -0,0 +1,428 @@ +#!/usr/bin/env bash +# commands/group/helpers.sh +# All group implementation logic — called by subcommand run functions + +# ── Show ───────────────────────────────────────────────────────────────────── + +function cmd::group::_show_impl() { + local name="$1" + local group_file; group_file="$(group::path "$name")" + + log::section "Group: ${name}" + printf "\n" + + local desc; desc=$(json::get "$group_file" "desc") + ui::row "Description" "${desc:-—}" + + local peers_list=() + mapfile -t peers_list < <(json::get "$group_file" "peers") || true + local filtered=() + for p in "${peers_list[@]:-}"; do + [[ -n "$p" ]] && filtered+=("$p") + done + peers_list=("${filtered[@]:-}") + local peer_count=${#peers_list[@]} + [[ -z "${peers_list[0]:-}" ]] && peer_count=0 + + local valid_count=0 + for p in "${peers_list[@]}"; do + [[ -z "$p" ]] && continue + peers::require_exists "$p" >/dev/null 2>&1 && (( valid_count++ )) || true + done + local peer_word="peers" + [[ "$valid_count" -eq 1 ]] && peer_word="peer" + ui::row "Peers" "${valid_count} ${peer_word}" + printf "\n" + + if [[ "$peer_count" -gt 0 ]]; then + local w_name=16 w_ip=13 + for peer_name in "${peers_list[@]}"; do + [[ -z "$peer_name" ]] && continue + (( ${#peer_name} > w_name )) && w_name=${#peer_name} + done + (( w_name += 2 )) + ui::group::show_peers peers_list "$w_name" "$w_ip" + else + printf " \033[2m—\033[0m\n" + fi + printf "\n" +} + +# ── Rename ─────────────────────────────────────────────────────────────────── + +function cmd::group::_rename_impl() { + local name="$1" new_name="$2" + local old_file; old_file="$(group::path "$name")" + local new_file; new_file="$(group::path "$new_name")" + json::set "$old_file" "name" "\"$new_name\"" + mv "$old_file" "$new_file" + log::wg_success "Group renamed: ${name} → ${new_name}" +} + +# ── Peer add/remove ─────────────────────────────────────────────────────────── + +function cmd::group::peer_add_impl() { + local name="$1" peer="$2" + group::require_exists "$name" || return 1 + peers::require_exists "$peer" || return 1 + if group::has_peer "$name" "$peer"; then + log::wg_warning "Peer '${peer}' is already in group '${name}'" + return 0 + fi + group::add_peer "$name" "$peer" + log::wg_success "Added '${peer}' to group '${name}'" +} + +function cmd::group::peer_remove_impl() { + local name="$1" peer="$2" + group::require_exists "$name" || return 1 + if ! group::has_peer "$name" "$peer"; then + log::wg_warning "Peer '${peer}' is not in group '${name}'" + return 0 + fi + group::remove_peer "$name" "$peer" + log::wg_success "Removed '${peer}' from group '${name}'" +} + +# ── Remove peers from WireGuard ─────────────────────────────────────────────── + +function cmd::group::_rm_peers_impl() { + local name="$1" force="$2" + local peers_list=() + mapfile -t peers_list < <(group::peers "$name") + local peer_count=${#peers_list[@]} + [[ -z "${peers_list[0]:-}" ]] && peer_count=0 + + if [[ "$peer_count" -eq 0 ]]; then + log::wg_warning "Group '${name}' has no peers"; return 0 + fi + + if [[ "$force" != "true" ]]; then + read -r -p "Remove all ${peer_count} peers in group '${name}' from WireGuard? [y/N] " confirm + case "$confirm" in [yY]*) ;; *) log::info "Aborted"; return 0 ;; esac + fi + + load_command remove + group::each_peer "$name" cmd::group::_rm_peer_cb + log::wg_success "Removed peers from group '${name}' (definition kept)" +} + +function cmd::group::_rm_peer_cb() { + local peer_name="${1:-}" + if ! group::_peer_exists_check "$peer_name"; then + log::wg_warning "Peer '${peer_name}' no longer exists — skipping"; return 0 + fi + cmd::remove::run --name "$peer_name" --force +} + +# ── Set main ────────────────────────────────────────────────────────────────── + +function cmd::group::_set_main_impl() { + local name="$1" peer="$2" + group::require_exists "$name" || return 1 + peer=$(peers::resolve_and_require "$peer" "") || return 1 + if ! group::has_peer "$name" "$peer"; then + log::error "Peer '${peer}' is not in group '${name}'" + log::info "Add them first: wgctl group peer --name ${name} --peer ${peer} --action add" + return 1 + fi + peers::set_main_group "$peer" "$name" + log::wg_success "Main group for '${peer}' set to '${name}'" +} + +# ── Block ───────────────────────────────────────────────────────────────────── + +function cmd::group::_block_impl() { + local name="$1" + local peers_list=() + mapfile -t peers_list < <(group::peers "$name") + local filtered=() + for p in "${peers_list[@]:-}"; do [[ -n "$p" ]] && filtered+=("$p"); done + [[ ${#filtered[@]} -eq 0 ]] && \ + log::wg_warning "Group '${name}' has no peers" && return 0 + + local count=0 skipped=0 + for peer_name in "${filtered[@]}"; do + if cmd::group::_block_peer "$peer_name" "$name"; then + (( count++ )) || true + else + (( skipped++ )) || true + fi + done + + [[ "$count" -gt 0 ]] && log::wg_block "All peers from ${name} have been blocked (${count} peers)." + [[ "$skipped" -gt 0 ]] && log::wg_warning "${skipped} peers already blocked" +} + +function cmd::group::_block_peer() { + local peer_name="${1:-}" group_name="${2:-}" + if ! group::_peer_exists_check "$peer_name"; then + log::wg_warning "Peer '${peer_name}' no longer exists — skipping"; return 0 + fi + + local client_ip; client_ip=$(peers::get_ip "$peer_name") + local current_blocked_groups; current_blocked_groups=$(block::get_groups "$peer_name") + + local IFS=',' + for g in $current_blocked_groups; do + if [[ "$g" == "$group_name" ]]; then + log::wg_warning "${peer_name} — already blocked by group '${group_name}'" + return 1 + fi + done + unset IFS + + block::add_group "$peer_name" "$client_ip" "$group_name" + peers::exists_in_server "$peer_name" && block::apply_full "$peer_name" "$client_ip" +} + +# ── Unblock ─────────────────────────────────────────────────────────────────── + +function cmd::group::_unblock_impl() { + local name="$1" + local peers_list=() + mapfile -t peers_list < <(group::peers "$name") + local filtered=() + for p in "${peers_list[@]:-}"; do [[ -n "$p" ]] && filtered+=("$p"); done + [[ ${#filtered[@]} -eq 0 ]] && \ + log::wg_warning "Group '${name}' has no peers" && return 0 + + local count=0 skipped=0 + for peer_name in "${filtered[@]}"; do + if cmd::group::_unblock_peer "$peer_name" "$name"; then + (( count++ )) || true + else + (( skipped++ )) || true + fi + done + + [[ "$count" -gt 0 ]] && log::wg_unblock "All peers from ${name} have been unblocked." + [[ "$skipped" -gt 0 ]] && \ + log::wg_warning "${skipped} peer(s) remain blocked (blocked directly or by other groups)" +} + +function cmd::group::_unblock_peer() { + local peer_name="${1:-}" group_name="${2:-}" + if ! group::_peer_exists_check "$peer_name"; then + log::wg_warning "Peer '${peer_name}' no longer exists — skipping"; return 1 + fi + + if ! block::has_file "$peer_name"; then + log::wg_warning "${peer_name} — not blocked"; return 1 + fi + + local current_groups; current_groups=$(block::get_groups "$peer_name") + if [[ "$current_groups" != *"$group_name"* ]]; then + log::wg_warning "${peer_name} — not blocked by group '${group_name}'"; return 1 + fi + + local client_ip; client_ip=$(peers::get_ip "$peer_name") + block::remove_group "$peer_name" "$client_ip" "$group_name" + + if block::is_blocked "$peer_name"; then + local groups; groups=$(block::get_groups "$peer_name") + local direct; direct=$(block::is_blocked_direct "$peer_name") + if [[ "$direct" == "true" ]]; then + log::wg_warning "${peer_name} — still blocked directly, skipping" + else + log::wg_warning "${peer_name} — still blocked by group(s): ${groups}, skipping" + fi + return 1 + fi + + block::restore_peer "$peer_name" "$client_ip" + block::remove_file "$peer_name" + local rule; rule=$(peers::get_meta "$peer_name" "rule") + [[ -n "$rule" ]] && rule::exists "$rule" && rule::apply "$rule" "$client_ip" "$peer_name" +} + +# ── Rule assign ─────────────────────────────────────────────────────────────── + +function cmd::group::_rule_assign_impl() { + local name="$1" rule="$2" + group::require_exists "$name" || return 1 + rule::require_exists "$rule" || return 1 + + local peers_list=() + mapfile -t peers_list < <(group::peers "$name") + [[ -z "${peers_list[0]:-}" ]] && \ + log::wg_warning "Group '${name}' has no peers" && return 0 + + group::each_peer "$name" cmd::group::_rule_assign_cb "$rule" + log::wg_success "Assigned rule '${rule}' to group '${name}'" +} + +function cmd::group::_rule_assign_cb() { + local peer_name="${1:-}" rule="${2:-}" + if ! group::_peer_exists_check "$peer_name"; then + log::wg_warning "Peer '${peer_name}' no longer exists — skipping"; return 0 + fi + load_command rule + cmd::rule::assign --name "$rule" --peer "$peer_name" +} + +function cmd::group::_rule_unassign_impl() { + local name="$1" rule="$2" + log::error "rule unassign not yet implemented" + return 1 +} + +# ── Purge stale ─────────────────────────────────────────────────────────────── + +function cmd::group::_purge_stale_impl() { + local name="$1" all="$2" force="$3" dry_run="$4" + local -a groups=() + if [[ "$all" == "true" ]]; then + while IFS= read -r group_file; do + groups+=("$(basename "$group_file" .group)") + done < <(find "$(ctx::groups)" -name "*.group" 2>/dev/null | sort) + else + group::require_exists "$name" || return 1 + groups=("$name") + fi + + local total_removed=0 + for group_name in "${groups[@]}"; do + [[ -z "$group_name" ]] && continue + local -a stale=() + while IFS= read -r peer_name; do + [[ -z "$peer_name" ]] && continue + [[ ! -f "$(ctx::clients)/${peer_name}.conf" ]] && stale+=("$peer_name") + done < <(group::peers "$group_name" 2>/dev/null) + [[ ${#stale[@]} -eq 0 ]] && continue + + if [[ "$force" != "true" && "$dry_run" != "true" ]]; then + printf " Group '%s' has %d stale peer(s): %s\n" \ + "$group_name" "${#stale[@]}" "${stale[*]}" + read -r -p " Remove them? [y/N] " confirm + case "$confirm" in [yY]*) ;; *) log::info "Skipped '${group_name}'"; continue ;; esac + fi + + local group_file; group_file="$(group::path "$group_name")" + for peer_name in "${stale[@]}"; do + if [[ "$dry_run" == "true" ]]; then + printf " \033[2m[dry-run]\033[0m Would remove '%s' from '%s'\n" \ + "$peer_name" "$group_name" + else + json::remove "$group_file" "peers" "$peer_name" 2>/dev/null || true + log::debug "Removed stale peer '${peer_name}' from group '${group_name}'" + fi + (( total_removed++ )) || true + done + done + + local action="Removed" + [[ "$dry_run" == "true" ]] && action="Would remove" + [[ "$total_removed" -eq 0 ]] && log::wg_warning "No stale peers found" && return 0 + log::wg_success "${action} ${total_removed} stale peer(s)" +} + +# ── Audit ───────────────────────────────────────────────────────────────────── + +function cmd::group::_audit_impl() { + local name="$1" + local -a groups=() + if [[ -n "$name" ]]; then + group::require_exists "$name" || return 1 + groups=("$name") + else + while IFS= read -r group_file; do + groups+=("$(basename "$group_file" .group)") + done < <(find "$(ctx::groups)" -name "*.group" 2>/dev/null | sort) + fi + + log::section "Group Audit"; echo "" + for grp in "${groups[@]}"; do + local -a all_peers=() stale=() + while IFS= read -r p; do + [[ -z "$p" ]] && continue + all_peers+=("$p") + [[ ! -f "$(ctx::clients)/${p}.conf" ]] && stale+=("$p") + done < <(group::peers "$grp" 2>/dev/null) + printf " %-20s %d peers" "$grp" "${#all_peers[@]}" + [[ ${#stale[@]} -gt 0 ]] && printf " \033[1;31m%d stale\033[0m" "${#stale[@]}" + printf "\n" + done + echo "" +} + +# ── Logs ────────────────────────────────────────────────────────────────────── + +function cmd::group::_logs_impl() { + local name="$1" limit="$2" since="$3" fw="$4" wg="$5" + local peers_list=() + mapfile -t peers_list < <(group::peers "$name") + [[ -z "${peers_list[0]:-}" ]] && \ + log::wg_warning "Group '${name}' has no peers" && return 0 + + load_command logs + command::load_subcmd logs show # ensure show_fw_events etc are loaded + + log::section "Logs: Group '${name}'" + + for peer_name in "${peers_list[@]}"; do + [[ -z "$peer_name" ]] && continue + if ! peers::require_exists "$peer_name" >/dev/null 2>&1; then + log::wg_warning "Peer '${peer_name}' no longer exists — skipping" + continue + fi + local filter_ip; filter_ip=$(peers::get_ip "$peer_name") + local fw_out="" wg_out="" + [[ "$wg" != "true" ]] && fw_out=$(cmd::logs::show_fw_events \ + "$filter_ip" "$peer_name" "" "$limit" "$(ctx::net)" \ + "1" "$since" "" "" "desc" "false" 2>/dev/null) + [[ "$fw" != "true" ]] && wg_out=$(cmd::logs::show_wg_events \ + "$filter_ip" "$peer_name" "" "$limit" \ + "1" "$since" "" "desc" "false" 2>/dev/null) + [[ -z "$fw_out" && -z "$wg_out" ]] && continue + printf "\n \033[1;37m── %s ──\033[0m\n" "$peer_name" + [[ -n "$fw_out" ]] && printf "%s\n" "$fw_out" + [[ -n "$wg_out" ]] && printf "%s\n" "$wg_out" + done + echo "" +} + +# ── Watch ───────────────────────────────────────────────────────────────────── + +function cmd::group::_watch_impl() { + local name="$1" fw="$2" wg="$3" + local peers_list=() + mapfile -t peers_list < <(group::peers "$name") + [[ -z "${peers_list[0]:-}" ]] && \ + log::wg_warning "Group '${name}' has no peers" && return 0 + local filter_ips="" + for peer in "${peers_list[@]}"; do + [[ -z "$peer" ]] && continue + local ip; ip=$(peers::get_ip "$peer") + filter_ips+="${ip}," + done + filter_ips="${filter_ips%,}" + + load_command logs + load_command watch + cmd::logs::follow "$filter_ips" "$name" "" "$fw" "$wg" +} + + +# ── Render/JSON ─────────────────────────────────────────────────────────────── + +function cmd::group::_render_table() { + local data="$1" w_name="$2" w_desc="$3" + ui::group::list_header_table + while IFS="|" read -r name desc total blocked; do + [[ -z "$name" ]] && continue + ui::group::list_row_table "$name" "$desc" "$total" "$blocked" + done <<< "$data" +} + +function cmd::group::_output_json() { + local data + data=$(json::group_list_data "$(ctx::groups)" "$(ctx::blocks)" "$(ctx::clients)") + local -a groups=() + while IFS="|" read -r name desc total blocked; do + [[ -z "$name" ]] && continue + groups+=("{\"name\":\"${name}\",\"description\":\"${desc}\",\"peers\":${total},\"blocked\":${blocked}}") + done <<< "$data" + local array; array=$(IFS=','; echo "${groups[*]:-}") + printf '[%s]' "$array" | json::envelope "groups" "${#groups[@]}" +} diff --git a/commands/group/list.sh b/commands/group/list.sh new file mode 100644 index 0000000..81c0646 --- /dev/null +++ b/commands/group/list.sh @@ -0,0 +1,46 @@ +#!/usr/bin/env bash +# commands/group/list.sh + +function cmd::group::list::on_load() { + command::mixin json_output section:Output +} + +function cmd::group::list::run() { + flag::parse "$@" || return 1 + + local groups_dir; groups_dir="$(ctx::groups)" + local groups=("${groups_dir}"/*.group) + if [[ ! -f "${groups[0]}" ]]; then + log::wg "No groups configured"; return 0 + fi + + if command::json; then + cmd::group::_output_json; return 0 + fi + + local data + data=$(json::group_list_data "$groups_dir" "$(ctx::blocks)" "$(ctx::clients)") + [[ -z "$data" ]] && log::wg "No groups configured" && return 0 + + local w_name=12 w_desc=16 + while IFS="|" read -r name desc total blocked; do + [[ -z "$name" ]] && continue + (( ${#name} > w_name )) && w_name=${#name} + local desc_len=${#desc}; [[ -z "$desc" ]] && desc_len=1 + (( desc_len > w_desc )) && w_desc=$desc_len + done <<< "$data" + (( w_name += 2 )); (( w_desc += 2 )) + + log::section "Groups"; echo "" + + if display::is_table "group_list"; then + cmd::group::_render_table "$data" "$w_name" "$w_desc" + return 0 + fi + + while IFS="|" read -r name desc total blocked; do + [[ -z "$name" ]] && continue + ui::group::list_row "$name" "$desc" "$total" "$blocked" "$w_name" "$w_desc" + done <<< "$data" + echo "" +} diff --git a/commands/group/logs.sh b/commands/group/logs.sh new file mode 100644 index 0000000..8b01b92 --- /dev/null +++ b/commands/group/logs.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +# commands/group/logs.sh + +function cmd::group::logs::on_load() { + flag::define --name value "Group name" required label:name + flag::define --limit value "Max results" default:50 type:int min:1 + flag::define --since value "Since duration" label:time + flag::define --fw bool "Firewall only" + flag::define --wg bool "WireGuard only" + flag::exclusive --fw --wg +} + +function cmd::group::logs::run() { + flag::parse "$@" || return 1 + local name; name=$(flag::value --name) + local limit; limit=$(flag::value --limit) + local since; since=$(flag::value --since) + local fw=false wg=false + flag::bool --fw && fw=true + flag::bool --wg && wg=true + [[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1 + group::require_exists "$name" || return 1 + cmd::group::_logs_impl "$name" "$limit" "$since" "$fw" "$wg" +} diff --git a/commands/group/peer.sh b/commands/group/peer.sh new file mode 100644 index 0000000..d05b39d --- /dev/null +++ b/commands/group/peer.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +# commands/group/peer.sh + +function cmd::group::peer::on_load() { + flag::define --name value "Group name" required label:name + flag::define --peer value "Peer name" required label:peer + flag::define --action value "Action" required choices:add,remove label:action +} + +function cmd::group::peer::run() { + flag::parse "$@" || return 1 + local name; name=$(flag::value --name) + local peer; peer=$(flag::value --peer) + local action; action=$(flag::value --action) + case "$action" in + add) cmd::group::peer_add_impl "$name" "$peer" ;; + remove) cmd::group::peer_remove_impl "$name" "$peer" ;; + esac +} diff --git a/commands/group/purge-stale.sh b/commands/group/purge-stale.sh new file mode 100644 index 0000000..22acb59 --- /dev/null +++ b/commands/group/purge-stale.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash +# commands/group/purge-stale.sh + +function cmd::group::purge_stale::on_load() { + flag::define --name value "Group name (or --all)" label:name + flag::define --all bool "Purge all groups" + flag::define --force bool "Skip confirmation" + flag::define --dry-run bool "Show what would be removed" + flag::exclusive --name --all +} + +function cmd::group::purge_stale::run() { + flag::parse "$@" || return 1 + local name; name=$(flag::value --name) + local all=false force=false dry_run=false + flag::bool --all && all=true + flag::bool --force && force=true + flag::bool --dry-run && dry_run=true + [[ -z "$name" && "$all" == "false" ]] && \ + log::error "Specify --name or --all" && return 1 + cmd::group::_purge_stale_impl "$name" "$all" "$force" "$dry_run" +} diff --git a/commands/group/remove.sh b/commands/group/remove.sh new file mode 100644 index 0000000..c7f2731 --- /dev/null +++ b/commands/group/remove.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash +# commands/group/remove.sh + +function cmd::group::remove::on_load() { + flag::define --name value "Group name" required label:name + flag::define --force bool "Skip confirmation" +} + +function cmd::group::remove::run() { + flag::parse "$@" || return 1 + local name; name=$(flag::value --name) + local force=false; flag::bool --force && force=true + [[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1 + group::require_exists "$name" || return 1 + + if ! $force; then + read -r -p "Remove group '${name}'? [y/N] " confirm + case "$confirm" in [yY]*) ;; *) log::info "Aborted"; return 0 ;; esac + fi + + rm -f "$(group::path "$name")" + log::wg_success "Group removed: ${name}" +} diff --git a/commands/group/rename.sh b/commands/group/rename.sh new file mode 100644 index 0000000..44ac640 --- /dev/null +++ b/commands/group/rename.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +# commands/group/rename.sh + +function cmd::group::rename::on_load() { + flag::define --name value "Current group name" required label:name + flag::define --new-name value "New group name" required label:name +} + +function cmd::group::rename::run() { + flag::parse "$@" || return 1 + local name; name=$(flag::value --name) + local new_name; new_name=$(flag::value --new-name) + [[ -z "$name" || -z "$new_name" ]] && \ + log::error "Missing required flags: --name and --new-name" && return 1 + group::require_exists "$name" || return 1 + if group::exists "$new_name"; then + log::error "Group already exists: ${new_name}"; return 1 + fi + cmd::group::_rename_impl "$name" "$new_name" +} diff --git a/commands/group/rm-peers.sh b/commands/group/rm-peers.sh new file mode 100644 index 0000000..091ab07 --- /dev/null +++ b/commands/group/rm-peers.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +# commands/group/rm-peers.sh + +function cmd::group::rm_peers::on_load() { + flag::define --name value "Group name" required label:name + flag::define --force bool "Skip confirmation" +} + +function cmd::group::rm_peers::run() { + flag::parse "$@" || return 1 + local name; name=$(flag::value --name) + local force=false; flag::bool --force && force=true + [[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1 + group::require_exists "$name" || return 1 + cmd::group::_rm_peers_impl "$name" "$force" +} diff --git a/commands/group/rule.sh b/commands/group/rule.sh new file mode 100644 index 0000000..bf662e5 --- /dev/null +++ b/commands/group/rule.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +# commands/group/rule.sh + +function cmd::group::rule::on_load() { + flag::define --name value "Group name" required label:name + flag::define --rule value "Rule name" required label:rule + flag::define --action value "Action" required choices:assign,unassign label:action +} + +function cmd::group::rule::run() { + flag::parse "$@" || return 1 + local name; name=$(flag::value --name) + local rule; rule=$(flag::value --rule) + local action; action=$(flag::value --action) + case "$action" in + assign) cmd::group::_rule_assign_impl "$name" "$rule" ;; + unassign) cmd::group::_rule_unassign_impl "$name" "$rule" ;; + esac +} diff --git a/commands/group/set-main.sh b/commands/group/set-main.sh new file mode 100644 index 0000000..182e623 --- /dev/null +++ b/commands/group/set-main.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash +# commands/group/set-main.sh + +function cmd::group::set_main::on_load() { + flag::define --name value "Group name" required label:name + flag::define --peer value "Peer name" required label:peer +} + +function cmd::group::set_main::run() { + flag::parse "$@" || return 1 + local name; name=$(flag::value --name) + local peer; peer=$(flag::value --peer) + [[ -z "$name" || -z "$peer" ]] && \ + log::error "Missing required flags: --name and --peer" && return 1 + cmd::group::_set_main_impl "$name" "$peer" +} diff --git a/commands/group/show.sh b/commands/group/show.sh new file mode 100644 index 0000000..f98fc04 --- /dev/null +++ b/commands/group/show.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash +# commands/group/show.sh + +function cmd::group::show::on_load() { + flag::define --name value "Group name" required label:name +} + +function cmd::group::show::run() { + flag::parse "$@" || return 1 + local name; name=$(flag::value --name) + [[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1 + group::require_exists "$name" || return 1 + cmd::group::_show_impl "$name" +} diff --git a/commands/group/unblock.sh b/commands/group/unblock.sh new file mode 100644 index 0000000..951c276 --- /dev/null +++ b/commands/group/unblock.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash +# commands/group/unblock.sh + +function cmd::group::unblock::on_load() { + flag::define --name value "Group name" required label:name + flag::define --reason value "Unblock reason" label:reason + flag::define --quiet bool "Suppress output" +} + +function cmd::group::unblock::run() { + flag::parse "$@" || return 1 + local name; name=$(flag::value --name) + local reason; reason=$(flag::value --reason) + local quiet=false; flag::bool --quiet && quiet=true + [[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1 + group::require_exists "$name" || return 1 + cmd::group::_unblock_impl "$name" "$reason" "$quiet" +} diff --git a/commands/group/watch.sh b/commands/group/watch.sh new file mode 100644 index 0000000..6c7929b --- /dev/null +++ b/commands/group/watch.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +# commands/group/watch.sh + +function cmd::group::watch::on_load() { + flag::define --name value "Group name" required label:name + flag::define --fw bool "Firewall only" + flag::define --wg bool "WireGuard only" + flag::exclusive --fw --wg +} + +function cmd::group::watch::run() { + flag::parse "$@" || return 1 + local name; name=$(flag::value --name) + local fw=false wg=false + flag::bool --fw && fw=true + flag::bool --wg && wg=true + [[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1 + group::require_exists "$name" || return 1 + cmd::group::_watch_impl "$name" "$fw" "$wg" +} diff --git a/commands/logs/helpers.sh b/commands/logs/helpers.sh new file mode 100644 index 0000000..81e53fc --- /dev/null +++ b/commands/logs/helpers.sh @@ -0,0 +1,371 @@ +#!/usr/bin/env bash +# commands/group/helpers.sh +# All logs implementation logic — called by subcommand run functions + +function cmd::logs::show_fw_events() { + local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}" \ + limit="${4:-50}" net_file="${5:-}" collapse="${6:-1}" \ + since="${7:-}" filter_dest_ip="${8:-}" filter_dest_port="${9:-}" \ + sort_order="${10:-desc}" resolved_only="${11:-false}" + + [[ ! -f "$FW_EVENTS_LOG" ]] && return 0 + + local data + data=$(json::fw_events \ + "$FW_EVENTS_LOG" "$filter_ip" "$filter_type" \ + "$(ctx::clients)" "${net_file:-}" \ + "$limit" "$collapse" "$since" \ + "$filter_dest_ip" "$filter_dest_port" \ + "$sort_order" \ + 2>/dev/null) + + [[ -z "$data" ]] && return 0 + + # ── Collect unique endpoints for batch resolution ── + local -a ep_list=() + while IFS='|' read -r ts client dest_ip dest_port proto svc count src_endpoint; do + [[ -z "$ts" || -z "$src_endpoint" ]] && continue + ep_list+=("$src_endpoint") + done <<< "$data" + + declare -A resolve_cache=() + if [[ ${#ep_list[@]} -gt 0 ]]; then + while IFS='|' read -r ip name; do + [[ -n "$ip" ]] && resolve_cache["$ip"]="$name" + done < <(json::batch_resolve "${ep_list[@]}" 2>/dev/null) + fi + + # ── Pass 1: measure widths ── + local w_client=16 w_dest=20 w_endpoint=0 + local resolved_data="" + + while IFS='|' read -r ts client dest_ip dest_port proto svc count src_endpoint; do + [[ -z "$ts" ]] && continue + + (( ${#client} > w_client )) && w_client=${#client} + + local svc_display="" + if [[ -n "$svc" ]]; then + [[ -n "$dest_port" ]] && svc_display="${svc}/${proto}" \ + || svc_display="${svc} (${proto})" + else + [[ -n "$dest_port" ]] && svc_display="${dest_ip}:${dest_port}/${proto}" \ + || svc_display="${dest_ip} (${proto})" + fi + + local measure_len + if $resolved_only; then + measure_len=${#svc_display} + else + local raw_plain="" + [[ -n "$svc" && -n "$dest_port" ]] && raw_plain=" (${dest_ip}:${dest_port})" + [[ -n "$svc" && -z "$dest_port" ]] && raw_plain=" (${dest_ip})" + measure_len=$(( ${#svc_display} + ${#raw_plain} )) + fi + (( measure_len > w_dest )) && w_dest=$measure_len + + local src_resolved="" + if [[ -n "$src_endpoint" ]]; then + src_resolved="${resolve_cache[$src_endpoint]:-}" + [[ "$src_resolved" == "$src_endpoint" ]] && src_resolved="" + + local ep_measure_len + if $resolved_only; then + ep_measure_len=${#src_resolved} + [[ -z "$src_resolved" ]] && ep_measure_len=${#src_endpoint} + else + ep_measure_len=${#src_endpoint} + [[ -n "$src_resolved" ]] && \ + ep_measure_len=$(( ${#src_endpoint} + 4 + ${#src_resolved} )) + fi + (( ep_measure_len > w_endpoint )) && w_endpoint=$ep_measure_len + fi + + resolved_data+="${ts}|${client}|${dest_ip}|${dest_port}|${proto}|${svc}|${count}|${src_endpoint}|${src_resolved}"$'\n' + done <<< "$data" + + (( w_client += 2 )) + (( w_dest += 2 )) + [[ "$w_endpoint" -gt 0 ]] && (( w_endpoint += 2 )) + + # ── Pass 2: render ── + ui::logs::fw_section_header + while IFS='|' read -r ts client dest_ip dest_port proto svc count src_endpoint src_resolved; do + [[ -z "$ts" ]] && continue + ui::logs::fw_row "$ts" "$client" "$dest_ip" "$dest_port" \ + "$proto" "$svc" "$count" "$w_client" "$w_dest" \ + "$src_endpoint" "$src_resolved" "$w_endpoint" "$resolved_only" + done <<< "$resolved_data" + printf "\n" +} + +function cmd::logs::show_wg_events() { + local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}" \ + limit="${4:-50}" collapse="${5:-1}" \ + since="${6:-}" filter_event="${7:-}" sort_order="${8:-desc}" \ + resolved_only="${9:-false}" + + [[ ! -f "$WG_EVENTS_LOG" ]] && return 0 + + local data + data=$(json::wg_events \ + "$WG_EVENTS_LOG" "$filter_name" "$filter_type" \ + "$limit" "$collapse" "$since" "$filter_event" \ + "$(ctx::endpoint_cache)" "$sort_order" \ + 2>/dev/null) + + [[ -z "$data" ]] && return 0 + + # ── Collect unique endpoints for batch resolution ── + local -a ep_list=() + while IFS='|' read -r ts client endpoint event count gap_seconds; do + [[ -z "$ts" || -z "$endpoint" ]] && continue + ep_list+=("$endpoint") + done <<< "$data" + + declare -A resolve_cache=() + if [[ ${#ep_list[@]} -gt 0 ]]; then + while IFS='|' read -r ip name; do + [[ -n "$ip" ]] && resolve_cache["$ip"]="$name" + done < <(json::batch_resolve "${ep_list[@]}" 2>/dev/null) + fi + + # ── Measure widths ── + local w_client=16 w_endpoint=16 + local resolved_data="" + + while IFS='|' read -r ts client endpoint event count gap_seconds; do + [[ -z "$ts" ]] && continue + (( ${#client} > w_client )) && w_client=${#client} + + local resolved="" + if [[ -n "$endpoint" ]]; then + resolved="${resolve_cache[$endpoint]:-}" + [[ "$resolved" == "$endpoint" ]] && resolved="" + fi + + local ep_raw="${endpoint:--}" + local ep_measure_len + if $resolved_only; then + local ep_display="${resolved:-$endpoint}" + [[ -z "$ep_display" ]] && ep_display="-" + ep_measure_len=${#ep_display} + else + ep_measure_len=${#ep_raw} + [[ -n "$resolved" && -n "$endpoint" ]] && \ + ep_measure_len=$(( ${#endpoint} + 4 + ${#resolved} )) + fi + (( ep_measure_len > w_endpoint )) && w_endpoint=$ep_measure_len + + resolved_data+="${ts}|${client}|${endpoint}|${event}|${count}|${gap_seconds}|${resolved}"$'\n' + done <<< "$data" + + (( w_client += 2 )) + (( w_endpoint += 2 )) + + # ── Render ── + ui::logs::wg_section_header + while IFS='|' read -r ts client endpoint event count gap_seconds resolved; do + [[ -z "$ts" ]] && continue + if $resolved_only; then + local ep_display="${resolved:-$endpoint}" + [[ -z "$ep_display" ]] && ep_display="-" + ui::logs::wg_row "$ts" "$client" "$ep_display" "$event" \ + "$count" "$w_client" "$w_endpoint" "$gap_seconds" "" + else + ui::logs::wg_row "$ts" "$client" "$endpoint" "$event" \ + "$count" "$w_client" "$w_endpoint" "$gap_seconds" "$resolved" + fi + done <<< "$resolved_data" + printf "\n" +} + +function cmd::logs::show_merged() { + local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}" \ + limit="${4:-50}" net_file="${5:-}" since="${6:-}" + + local fw_data wg_data + fw_data=$(json::fw_events \ + "$FW_EVENTS_LOG" "$filter_ip" "$filter_type" \ + "$(ctx::clients)" "${net_file:-}" \ + "$limit" "1" "$since" "" "" \ + 2>/dev/null) + wg_data=$(json::wg_events \ + "$WG_EVENTS_LOG" "$filter_name" "$filter_type" \ + "$limit" "1" "$since" "" \ + 2>/dev/null) + + local w_client=16 w_dest=20 + while IFS='|' read -r ts client rest; do + [[ -z "$ts" ]] && continue + (( ${#client} > w_client )) && w_client=${#client} + done < <(echo "$fw_data"; echo "$wg_data") + (( w_client += 2 )) + + local merged_data + merged_data=$( + while IFS='|' read -r ts client dest_ip dest_port proto svc count; do + [[ -z "$ts" ]] && continue + echo "fw|${ts}|${client}|${dest_ip}|${dest_port}|${proto}|${svc}|${count}" + done <<< "$fw_data" + while IFS='|' read -r ts client endpoint event count; do + [[ -z "$ts" ]] && continue + echo "wg|${ts}|${client}|${endpoint}|${event}|${count}" + done <<< "$wg_data" + ) + + while IFS='|' read -r source ts rest; do + [[ -z "$source" ]] && continue + case "$source" in + fw) + IFS='|' read -r client dest_ip dest_port proto svc count <<< "$rest" + local dest_display + if [[ -n "$svc" ]]; then + [[ -n "$dest_port" ]] && dest_display="${svc}/${proto}" || dest_display="${svc} (${proto})" + else + [[ -n "$dest_port" ]] && dest_display="${dest_ip}:${dest_port}/${proto}" || dest_display="${dest_ip} (${proto})" + fi + (( ${#dest_display} > w_dest )) && w_dest=${#dest_display} + ;; + esac + done <<< "$merged_data" + (( w_dest += 2 )) + + while IFS='|' read -r source ts rest; do + [[ -z "$source" ]] && continue + case "$source" in + fw) + IFS='|' read -r client dest_ip dest_port proto svc count <<< "$rest" + ui::watch::fw_row "$ts" "$client" \ + "$(ui::logs::build_dest "$dest_ip" "$dest_port" "$proto" "$svc")" \ + "$w_client" "$w_dest" + ;; + wg) + IFS='|' read -r client endpoint event count <<< "$rest" + ui::watch::wg_row "$ts" "$client" "$endpoint" "$event" \ + "$w_client" "$w_dest" + ;; + esac + done < <(echo "$merged_data" | sort -t'|' -k2,2) + + printf "\n" +} + +function cmd::logs::follow() { + local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}" + local fw_only="${4:-false}" wg_only="${5:-false}" + + log::section "WireGuard Live Log (Ctrl+C to stop)" + printf "\n" + + local restricted_only=false blocked_only=false + $fw_only && restricted_only=true + $wg_only && blocked_only=true + + monitor::live "$filter_name" "$filter_type" "" \ + "$blocked_only" "$restricted_only" "false" "false" +} + +function cmd::logs::remove() { + local name="" type="" before="" force=false + local fw_only=false wg_only=false all=false + + while [[ $# -gt 0 ]]; do + case "$1" in + --name) name="$2"; shift 2 ;; + --type) type="$2"; shift 2 ;; + --before) before="$2"; shift 2 ;; + --fw) fw_only=true; shift ;; + --wg) wg_only=true; shift ;; + --all) all=true; shift ;; + --force) force=true; shift ;; + --help) cmd::logs::help; return ;; + *) + log::error "Unknown flag: $1" + return 1 + ;; + esac + done + + if ! $all && [[ -z "$name" && -z "$before" ]]; then + log::error "Specify --name, --before, or --all" + cmd::logs::help + return 1 + fi + + local filter_ip="" + if [[ -n "$name" ]]; then + name=$(peers::resolve_and_require "$name" "$type") || return 1 + filter_ip=$(peers::get_ip "$name") + fi + + local desc="" + $all && desc="all entries" + [[ -n "$name" ]] && desc="entries for '${name}'" + [[ -n "$before" ]] && desc="${desc:+$desc, }entries older than ${before} days" + $fw_only && desc="${desc} (fw only)" + $wg_only && desc="${desc} (wg only)" + + if ! $force; then + read -r -p "Remove ${desc}? [y/N] " confirm + case "$confirm" in + [yY]*) ;; + *) log::info "Aborted"; return 0 ;; + esac + fi + + local result + result=$(json::remove_events_filtered \ + "$WG_EVENTS_LOG" "$FW_EVENTS_LOG" \ + "${name:-}" "${filter_ip:-}" \ + "$fw_only" "$wg_only" \ + "${before:-}") + + local removed_wg removed_fw + IFS="|" read -r removed_wg removed_fw <<< "$result" + local total=$(( removed_wg + removed_fw )) + + if [[ "$total" -eq 0 ]]; then + log::wg_warning "No log entries found matching the criteria" + return 0 + fi + + log::wg_success "Removed ${total} log entries (wg: ${removed_wg}, fw: ${removed_fw})" +} + +function cmd::logs::rotate() { + local days=7 force=false + + while [[ $# -gt 0 ]]; do + case "$1" in + --days) days="$2"; shift 2 ;; + --force) force=true; shift ;; + --help) cmd::logs::help; return ;; + *) log::error "Unknown flag: $1"; return 1 ;; + esac + done + + $force || { + read -r -p "Remove log entries older than ${days} days? [y/N] " confirm + case "$confirm" in + [yY]*) ;; + *) log::info "Aborted"; return 0 ;; + esac + } + + local result + result=$(json::remove_events_filtered \ + "$WG_EVENTS_LOG" "$FW_EVENTS_LOG" \ + "" "" "false" "false" "$days") + + local removed_wg removed_fw + IFS="|" read -r removed_wg removed_fw <<< "$result" + local total=$(( removed_wg + removed_fw )) + + if [[ "$total" -eq 0 ]]; then + log::wg_warning "No log entries older than ${days} days" + return 0 + fi + + log::wg_success "Rotated ${total} entries older than ${days} days (wg: ${removed_wg}, fw: ${removed_fw})" +} \ No newline at end of file diff --git a/commands/logs/logs.sh b/commands/logs/logs.sh index e8471e4..3bfca15 100644 --- a/commands/logs/logs.sh +++ b/commands/logs/logs.sh @@ -2,6 +2,7 @@ # commands/logs/logs.sh — router only function cmd::logs::on_load() { + command::helpers "helpers.sh" command::define show "Show WireGuard and firewall logs" [*] command::define clean "Remove keepalive handshakes" [c] command::define remove "Remove log entries" [rm, del] diff --git a/commands/logs/show.sh b/commands/logs/show.sh index 1b924b8..f48bdd0 100644 --- a/commands/logs/show.sh +++ b/commands/logs/show.sh @@ -132,373 +132,3 @@ function cmd::logs::show::run() { printf "%s\n" "$wg_output" fi } - -# ── Helpers ─────────────────────────────────────────────────────────────────── - -function cmd::logs::show_fw_events() { - local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}" \ - limit="${4:-50}" net_file="${5:-}" collapse="${6:-1}" \ - since="${7:-}" filter_dest_ip="${8:-}" filter_dest_port="${9:-}" \ - sort_order="${10:-desc}" resolved_only="${11:-false}" - - [[ ! -f "$FW_EVENTS_LOG" ]] && return 0 - - local data - data=$(json::fw_events \ - "$FW_EVENTS_LOG" "$filter_ip" "$filter_type" \ - "$(ctx::clients)" "${net_file:-}" \ - "$limit" "$collapse" "$since" \ - "$filter_dest_ip" "$filter_dest_port" \ - "$sort_order" \ - 2>/dev/null) - - [[ -z "$data" ]] && return 0 - - # ── Collect unique endpoints for batch resolution ── - local -a ep_list=() - while IFS='|' read -r ts client dest_ip dest_port proto svc count src_endpoint; do - [[ -z "$ts" || -z "$src_endpoint" ]] && continue - ep_list+=("$src_endpoint") - done <<< "$data" - - declare -A resolve_cache=() - if [[ ${#ep_list[@]} -gt 0 ]]; then - while IFS='|' read -r ip name; do - [[ -n "$ip" ]] && resolve_cache["$ip"]="$name" - done < <(json::batch_resolve "${ep_list[@]}" 2>/dev/null) - fi - - # ── Pass 1: measure widths ── - local w_client=16 w_dest=20 w_endpoint=0 - local resolved_data="" - - while IFS='|' read -r ts client dest_ip dest_port proto svc count src_endpoint; do - [[ -z "$ts" ]] && continue - - (( ${#client} > w_client )) && w_client=${#client} - - local svc_display="" - if [[ -n "$svc" ]]; then - [[ -n "$dest_port" ]] && svc_display="${svc}/${proto}" \ - || svc_display="${svc} (${proto})" - else - [[ -n "$dest_port" ]] && svc_display="${dest_ip}:${dest_port}/${proto}" \ - || svc_display="${dest_ip} (${proto})" - fi - - local measure_len - if $resolved_only; then - measure_len=${#svc_display} - else - local raw_plain="" - [[ -n "$svc" && -n "$dest_port" ]] && raw_plain=" (${dest_ip}:${dest_port})" - [[ -n "$svc" && -z "$dest_port" ]] && raw_plain=" (${dest_ip})" - measure_len=$(( ${#svc_display} + ${#raw_plain} )) - fi - (( measure_len > w_dest )) && w_dest=$measure_len - - local src_resolved="" - if [[ -n "$src_endpoint" ]]; then - src_resolved="${resolve_cache[$src_endpoint]:-}" - [[ "$src_resolved" == "$src_endpoint" ]] && src_resolved="" - - local ep_measure_len - if $resolved_only; then - ep_measure_len=${#src_resolved} - [[ -z "$src_resolved" ]] && ep_measure_len=${#src_endpoint} - else - ep_measure_len=${#src_endpoint} - [[ -n "$src_resolved" ]] && \ - ep_measure_len=$(( ${#src_endpoint} + 4 + ${#src_resolved} )) - fi - (( ep_measure_len > w_endpoint )) && w_endpoint=$ep_measure_len - fi - - resolved_data+="${ts}|${client}|${dest_ip}|${dest_port}|${proto}|${svc}|${count}|${src_endpoint}|${src_resolved}"$'\n' - done <<< "$data" - - (( w_client += 2 )) - (( w_dest += 2 )) - [[ "$w_endpoint" -gt 0 ]] && (( w_endpoint += 2 )) - - # ── Pass 2: render ── - ui::logs::fw_section_header - while IFS='|' read -r ts client dest_ip dest_port proto svc count src_endpoint src_resolved; do - [[ -z "$ts" ]] && continue - ui::logs::fw_row "$ts" "$client" "$dest_ip" "$dest_port" \ - "$proto" "$svc" "$count" "$w_client" "$w_dest" \ - "$src_endpoint" "$src_resolved" "$w_endpoint" "$resolved_only" - done <<< "$resolved_data" - printf "\n" -} - -function cmd::logs::show_wg_events() { - local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}" \ - limit="${4:-50}" collapse="${5:-1}" \ - since="${6:-}" filter_event="${7:-}" sort_order="${8:-desc}" \ - resolved_only="${9:-false}" - - [[ ! -f "$WG_EVENTS_LOG" ]] && return 0 - - local data - data=$(json::wg_events \ - "$WG_EVENTS_LOG" "$filter_name" "$filter_type" \ - "$limit" "$collapse" "$since" "$filter_event" \ - "$(ctx::endpoint_cache)" "$sort_order" \ - 2>/dev/null) - - [[ -z "$data" ]] && return 0 - - # ── Collect unique endpoints for batch resolution ── - local -a ep_list=() - while IFS='|' read -r ts client endpoint event count gap_seconds; do - [[ -z "$ts" || -z "$endpoint" ]] && continue - ep_list+=("$endpoint") - done <<< "$data" - - declare -A resolve_cache=() - if [[ ${#ep_list[@]} -gt 0 ]]; then - while IFS='|' read -r ip name; do - [[ -n "$ip" ]] && resolve_cache["$ip"]="$name" - done < <(json::batch_resolve "${ep_list[@]}" 2>/dev/null) - fi - - # ── Measure widths ── - local w_client=16 w_endpoint=16 - local resolved_data="" - - while IFS='|' read -r ts client endpoint event count gap_seconds; do - [[ -z "$ts" ]] && continue - (( ${#client} > w_client )) && w_client=${#client} - - local resolved="" - if [[ -n "$endpoint" ]]; then - resolved="${resolve_cache[$endpoint]:-}" - [[ "$resolved" == "$endpoint" ]] && resolved="" - fi - - local ep_raw="${endpoint:--}" - local ep_measure_len - if $resolved_only; then - local ep_display="${resolved:-$endpoint}" - [[ -z "$ep_display" ]] && ep_display="-" - ep_measure_len=${#ep_display} - else - ep_measure_len=${#ep_raw} - [[ -n "$resolved" && -n "$endpoint" ]] && \ - ep_measure_len=$(( ${#endpoint} + 4 + ${#resolved} )) - fi - (( ep_measure_len > w_endpoint )) && w_endpoint=$ep_measure_len - - resolved_data+="${ts}|${client}|${endpoint}|${event}|${count}|${gap_seconds}|${resolved}"$'\n' - done <<< "$data" - - (( w_client += 2 )) - (( w_endpoint += 2 )) - - # ── Render ── - ui::logs::wg_section_header - while IFS='|' read -r ts client endpoint event count gap_seconds resolved; do - [[ -z "$ts" ]] && continue - if $resolved_only; then - local ep_display="${resolved:-$endpoint}" - [[ -z "$ep_display" ]] && ep_display="-" - ui::logs::wg_row "$ts" "$client" "$ep_display" "$event" \ - "$count" "$w_client" "$w_endpoint" "$gap_seconds" "" - else - ui::logs::wg_row "$ts" "$client" "$endpoint" "$event" \ - "$count" "$w_client" "$w_endpoint" "$gap_seconds" "$resolved" - fi - done <<< "$resolved_data" - printf "\n" -} - -function cmd::logs::show_merged() { - local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}" \ - limit="${4:-50}" net_file="${5:-}" since="${6:-}" - - local fw_data wg_data - fw_data=$(json::fw_events \ - "$FW_EVENTS_LOG" "$filter_ip" "$filter_type" \ - "$(ctx::clients)" "${net_file:-}" \ - "$limit" "1" "$since" "" "" \ - 2>/dev/null) - wg_data=$(json::wg_events \ - "$WG_EVENTS_LOG" "$filter_name" "$filter_type" \ - "$limit" "1" "$since" "" \ - 2>/dev/null) - - local w_client=16 w_dest=20 - while IFS='|' read -r ts client rest; do - [[ -z "$ts" ]] && continue - (( ${#client} > w_client )) && w_client=${#client} - done < <(echo "$fw_data"; echo "$wg_data") - (( w_client += 2 )) - - local merged_data - merged_data=$( - while IFS='|' read -r ts client dest_ip dest_port proto svc count; do - [[ -z "$ts" ]] && continue - echo "fw|${ts}|${client}|${dest_ip}|${dest_port}|${proto}|${svc}|${count}" - done <<< "$fw_data" - while IFS='|' read -r ts client endpoint event count; do - [[ -z "$ts" ]] && continue - echo "wg|${ts}|${client}|${endpoint}|${event}|${count}" - done <<< "$wg_data" - ) - - while IFS='|' read -r source ts rest; do - [[ -z "$source" ]] && continue - case "$source" in - fw) - IFS='|' read -r client dest_ip dest_port proto svc count <<< "$rest" - local dest_display - if [[ -n "$svc" ]]; then - [[ -n "$dest_port" ]] && dest_display="${svc}/${proto}" || dest_display="${svc} (${proto})" - else - [[ -n "$dest_port" ]] && dest_display="${dest_ip}:${dest_port}/${proto}" || dest_display="${dest_ip} (${proto})" - fi - (( ${#dest_display} > w_dest )) && w_dest=${#dest_display} - ;; - esac - done <<< "$merged_data" - (( w_dest += 2 )) - - while IFS='|' read -r source ts rest; do - [[ -z "$source" ]] && continue - case "$source" in - fw) - IFS='|' read -r client dest_ip dest_port proto svc count <<< "$rest" - ui::watch::fw_row "$ts" "$client" \ - "$(ui::logs::build_dest "$dest_ip" "$dest_port" "$proto" "$svc")" \ - "$w_client" "$w_dest" - ;; - wg) - IFS='|' read -r client endpoint event count <<< "$rest" - ui::watch::wg_row "$ts" "$client" "$endpoint" "$event" \ - "$w_client" "$w_dest" - ;; - esac - done < <(echo "$merged_data" | sort -t'|' -k2,2) - - printf "\n" -} - -function cmd::logs::follow() { - local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}" - local fw_only="${4:-false}" wg_only="${5:-false}" - - log::section "WireGuard Live Log (Ctrl+C to stop)" - printf "\n" - - local restricted_only=false blocked_only=false - $fw_only && restricted_only=true - $wg_only && blocked_only=true - - monitor::live "$filter_name" "$filter_type" "" \ - "$blocked_only" "$restricted_only" "false" "false" -} - -function cmd::logs::remove() { - local name="" type="" before="" force=false - local fw_only=false wg_only=false all=false - - while [[ $# -gt 0 ]]; do - case "$1" in - --name) name="$2"; shift 2 ;; - --type) type="$2"; shift 2 ;; - --before) before="$2"; shift 2 ;; - --fw) fw_only=true; shift ;; - --wg) wg_only=true; shift ;; - --all) all=true; shift ;; - --force) force=true; shift ;; - --help) cmd::logs::help; return ;; - *) - log::error "Unknown flag: $1" - return 1 - ;; - esac - done - - if ! $all && [[ -z "$name" && -z "$before" ]]; then - log::error "Specify --name, --before, or --all" - cmd::logs::help - return 1 - fi - - local filter_ip="" - if [[ -n "$name" ]]; then - name=$(peers::resolve_and_require "$name" "$type") || return 1 - filter_ip=$(peers::get_ip "$name") - fi - - local desc="" - $all && desc="all entries" - [[ -n "$name" ]] && desc="entries for '${name}'" - [[ -n "$before" ]] && desc="${desc:+$desc, }entries older than ${before} days" - $fw_only && desc="${desc} (fw only)" - $wg_only && desc="${desc} (wg only)" - - if ! $force; then - read -r -p "Remove ${desc}? [y/N] " confirm - case "$confirm" in - [yY]*) ;; - *) log::info "Aborted"; return 0 ;; - esac - fi - - local result - result=$(json::remove_events_filtered \ - "$WG_EVENTS_LOG" "$FW_EVENTS_LOG" \ - "${name:-}" "${filter_ip:-}" \ - "$fw_only" "$wg_only" \ - "${before:-}") - - local removed_wg removed_fw - IFS="|" read -r removed_wg removed_fw <<< "$result" - local total=$(( removed_wg + removed_fw )) - - if [[ "$total" -eq 0 ]]; then - log::wg_warning "No log entries found matching the criteria" - return 0 - fi - - log::wg_success "Removed ${total} log entries (wg: ${removed_wg}, fw: ${removed_fw})" -} - -function cmd::logs::rotate() { - local days=7 force=false - - while [[ $# -gt 0 ]]; do - case "$1" in - --days) days="$2"; shift 2 ;; - --force) force=true; shift ;; - --help) cmd::logs::help; return ;; - *) log::error "Unknown flag: $1"; return 1 ;; - esac - done - - $force || { - read -r -p "Remove log entries older than ${days} days? [y/N] " confirm - case "$confirm" in - [yY]*) ;; - *) log::info "Aborted"; return 0 ;; - esac - } - - local result - result=$(json::remove_events_filtered \ - "$WG_EVENTS_LOG" "$FW_EVENTS_LOG" \ - "" "" "false" "false" "$days") - - local removed_wg removed_fw - IFS="|" read -r removed_wg removed_fw <<< "$result" - local total=$(( removed_wg + removed_fw )) - - if [[ "$total" -eq 0 ]]; then - log::wg_warning "No log entries older than ${days} days" - return 0 - fi - - log::wg_success "Rotated ${total} entries older than ${days} days (wg: ${removed_wg}, fw: ${removed_fw})" -} \ No newline at end of file diff --git a/commands/test/integration.sh b/commands/test/integration.sh index 81db294..8a5253e 100644 --- a/commands/test/integration.sh +++ b/commands/test/integration.sh @@ -199,9 +199,8 @@ function cmd::test::section_groups() { test::section "Groups" cmd::test::run_cmd "group list" "Groups" group list cmd::test::run_cmd "group show --name family" "Peers:" group show --name family - cmd::test::run_cmd "group list --json" '"groups":' group list --json - cmd::test::run_cmd "group list --json" '"groups":' group list --json - cmd::test::run_cmd "group --json peer_count" '"peer_count":' group list --json + cmd::test::run_cmd "group list --json" '"name":' group list --json + cmd::test::run_cmd "group list --json" '"command":"groups"' group list --json cmd::test::run_cmd_fails "group show nonexistent" group show --name nonexistent }