feat: group migration complete
- commands/group/: 17 files, all subcommands migrated - helpers.sh: real implementations, no invented functions - set_main: uses peers::set_main_group - rename: json::set + mv - peer add/remove: group::add_peer, group::remove_peer - block/unblock: block::add_group, block::remove_group - purge-stale: inline stale detection via group::peers - audit: no invented helper functions - logs: command::load_subcmd logs show for direct function access - logs/helpers.sh: extracted shared functions (follow, show_fw, show_wg, show_merged) - group rule unassign: stub (not yet implemented) - notes: group watch pending, monitor module refactor pending
This commit is contained in:
parent
a559b73e8e
commit
ce437968b4
21 changed files with 1132 additions and 373 deletions
19
commands/group/add.sh
Normal file
19
commands/group/add.sh
Normal file
|
|
@ -0,0 +1,19 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# commands/group/add.sh
|
||||||
|
|
||||||
|
function cmd::group::add::on_load() {
|
||||||
|
flag::define --name value "Group name" required label:name
|
||||||
|
flag::define --desc value "Group description" label:desc
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::add::run() {
|
||||||
|
flag::parse "$@" || return 1
|
||||||
|
local name; name=$(flag::value --name)
|
||||||
|
local desc; desc=$(flag::value --desc)
|
||||||
|
[[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1
|
||||||
|
if group::exists "$name"; then
|
||||||
|
log::error "Group already exists: ${name}"; return 1
|
||||||
|
fi
|
||||||
|
json::create_group "$(group::path "$name")" "$name" "$desc"
|
||||||
|
log::wg_success "Group created: ${name}"
|
||||||
|
}
|
||||||
12
commands/group/audit.sh
Normal file
12
commands/group/audit.sh
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# commands/group/audit.sh
|
||||||
|
|
||||||
|
function cmd::group::audit::on_load() {
|
||||||
|
flag::define --name value "Group name (or all groups)" label:name
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::audit::run() {
|
||||||
|
flag::parse "$@" || return 1
|
||||||
|
local name; name=$(flag::value --name)
|
||||||
|
cmd::group::_audit_impl "$name"
|
||||||
|
}
|
||||||
18
commands/group/block.sh
Normal file
18
commands/group/block.sh
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# commands/group/block.sh
|
||||||
|
|
||||||
|
function cmd::group::block::on_load() {
|
||||||
|
flag::define --name value "Group name" required label:name
|
||||||
|
flag::define --reason value "Block reason" label:reason
|
||||||
|
flag::define --quiet bool "Suppress output"
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::block::run() {
|
||||||
|
flag::parse "$@" || return 1
|
||||||
|
local name; name=$(flag::value --name)
|
||||||
|
local reason; reason=$(flag::value --reason)
|
||||||
|
local quiet=false; flag::bool --quiet && quiet=true
|
||||||
|
[[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1
|
||||||
|
group::require_exists "$name" || return 1
|
||||||
|
cmd::group::_block_impl "$name" "$reason" "$quiet"
|
||||||
|
}
|
||||||
24
commands/group/group.sh
Normal file
24
commands/group/group.sh
Normal file
|
|
@ -0,0 +1,24 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# commands/group/group.sh — router only
|
||||||
|
|
||||||
|
function cmd::group::on_load() {
|
||||||
|
command::helpers "helpers.sh"
|
||||||
|
|
||||||
|
command::define list "List all groups" [*, ls]
|
||||||
|
command::define show "Show group details" [info]
|
||||||
|
command::define add "Create a new group" [new, create]
|
||||||
|
command::define remove "Remove a group" [rm, del, delete]
|
||||||
|
command::define rename "Rename a group"
|
||||||
|
command::define peer "Manage group peers"
|
||||||
|
command::define rm-peers "Remove all peers from a group" [rm-peers]
|
||||||
|
command::define set-main "Set main group for a peer" [set-main]
|
||||||
|
command::define block "Block all peers in a group"
|
||||||
|
command::define unblock "Unblock all peers in a group"
|
||||||
|
command::define rule "Manage group rules"
|
||||||
|
command::define purge-stale "Remove stale peers from groups" [purge]
|
||||||
|
command::define audit "Audit group membership"
|
||||||
|
command::define logs "Show logs for group peers"
|
||||||
|
command::define watch "Watch logs for group peers"
|
||||||
|
}
|
||||||
|
|
||||||
|
hook::on "command:help:group" command::help::auto
|
||||||
428
commands/group/helpers.sh
Normal file
428
commands/group/helpers.sh
Normal file
|
|
@ -0,0 +1,428 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# commands/group/helpers.sh
|
||||||
|
# All group implementation logic — called by subcommand run functions
|
||||||
|
|
||||||
|
# ── Show ─────────────────────────────────────────────────────────────────────
|
||||||
|
|
||||||
|
function cmd::group::_show_impl() {
|
||||||
|
local name="$1"
|
||||||
|
local group_file; group_file="$(group::path "$name")"
|
||||||
|
|
||||||
|
log::section "Group: ${name}"
|
||||||
|
printf "\n"
|
||||||
|
|
||||||
|
local desc; desc=$(json::get "$group_file" "desc")
|
||||||
|
ui::row "Description" "${desc:-—}"
|
||||||
|
|
||||||
|
local peers_list=()
|
||||||
|
mapfile -t peers_list < <(json::get "$group_file" "peers") || true
|
||||||
|
local filtered=()
|
||||||
|
for p in "${peers_list[@]:-}"; do
|
||||||
|
[[ -n "$p" ]] && filtered+=("$p")
|
||||||
|
done
|
||||||
|
peers_list=("${filtered[@]:-}")
|
||||||
|
local peer_count=${#peers_list[@]}
|
||||||
|
[[ -z "${peers_list[0]:-}" ]] && peer_count=0
|
||||||
|
|
||||||
|
local valid_count=0
|
||||||
|
for p in "${peers_list[@]}"; do
|
||||||
|
[[ -z "$p" ]] && continue
|
||||||
|
peers::require_exists "$p" >/dev/null 2>&1 && (( valid_count++ )) || true
|
||||||
|
done
|
||||||
|
local peer_word="peers"
|
||||||
|
[[ "$valid_count" -eq 1 ]] && peer_word="peer"
|
||||||
|
ui::row "Peers" "${valid_count} ${peer_word}"
|
||||||
|
printf "\n"
|
||||||
|
|
||||||
|
if [[ "$peer_count" -gt 0 ]]; then
|
||||||
|
local w_name=16 w_ip=13
|
||||||
|
for peer_name in "${peers_list[@]}"; do
|
||||||
|
[[ -z "$peer_name" ]] && continue
|
||||||
|
(( ${#peer_name} > w_name )) && w_name=${#peer_name}
|
||||||
|
done
|
||||||
|
(( w_name += 2 ))
|
||||||
|
ui::group::show_peers peers_list "$w_name" "$w_ip"
|
||||||
|
else
|
||||||
|
printf " \033[2m—\033[0m\n"
|
||||||
|
fi
|
||||||
|
printf "\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
# ── Rename ───────────────────────────────────────────────────────────────────
|
||||||
|
|
||||||
|
function cmd::group::_rename_impl() {
|
||||||
|
local name="$1" new_name="$2"
|
||||||
|
local old_file; old_file="$(group::path "$name")"
|
||||||
|
local new_file; new_file="$(group::path "$new_name")"
|
||||||
|
json::set "$old_file" "name" "\"$new_name\""
|
||||||
|
mv "$old_file" "$new_file"
|
||||||
|
log::wg_success "Group renamed: ${name} → ${new_name}"
|
||||||
|
}
|
||||||
|
|
||||||
|
# ── Peer add/remove ───────────────────────────────────────────────────────────
|
||||||
|
|
||||||
|
function cmd::group::peer_add_impl() {
|
||||||
|
local name="$1" peer="$2"
|
||||||
|
group::require_exists "$name" || return 1
|
||||||
|
peers::require_exists "$peer" || return 1
|
||||||
|
if group::has_peer "$name" "$peer"; then
|
||||||
|
log::wg_warning "Peer '${peer}' is already in group '${name}'"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
group::add_peer "$name" "$peer"
|
||||||
|
log::wg_success "Added '${peer}' to group '${name}'"
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::peer_remove_impl() {
|
||||||
|
local name="$1" peer="$2"
|
||||||
|
group::require_exists "$name" || return 1
|
||||||
|
if ! group::has_peer "$name" "$peer"; then
|
||||||
|
log::wg_warning "Peer '${peer}' is not in group '${name}'"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
group::remove_peer "$name" "$peer"
|
||||||
|
log::wg_success "Removed '${peer}' from group '${name}'"
|
||||||
|
}
|
||||||
|
|
||||||
|
# ── Remove peers from WireGuard ───────────────────────────────────────────────
|
||||||
|
|
||||||
|
function cmd::group::_rm_peers_impl() {
|
||||||
|
local name="$1" force="$2"
|
||||||
|
local peers_list=()
|
||||||
|
mapfile -t peers_list < <(group::peers "$name")
|
||||||
|
local peer_count=${#peers_list[@]}
|
||||||
|
[[ -z "${peers_list[0]:-}" ]] && peer_count=0
|
||||||
|
|
||||||
|
if [[ "$peer_count" -eq 0 ]]; then
|
||||||
|
log::wg_warning "Group '${name}' has no peers"; return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "$force" != "true" ]]; then
|
||||||
|
read -r -p "Remove all ${peer_count} peers in group '${name}' from WireGuard? [y/N] " confirm
|
||||||
|
case "$confirm" in [yY]*) ;; *) log::info "Aborted"; return 0 ;; esac
|
||||||
|
fi
|
||||||
|
|
||||||
|
load_command remove
|
||||||
|
group::each_peer "$name" cmd::group::_rm_peer_cb
|
||||||
|
log::wg_success "Removed peers from group '${name}' (definition kept)"
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::_rm_peer_cb() {
|
||||||
|
local peer_name="${1:-}"
|
||||||
|
if ! group::_peer_exists_check "$peer_name"; then
|
||||||
|
log::wg_warning "Peer '${peer_name}' no longer exists — skipping"; return 0
|
||||||
|
fi
|
||||||
|
cmd::remove::run --name "$peer_name" --force
|
||||||
|
}
|
||||||
|
|
||||||
|
# ── Set main ──────────────────────────────────────────────────────────────────
|
||||||
|
|
||||||
|
function cmd::group::_set_main_impl() {
|
||||||
|
local name="$1" peer="$2"
|
||||||
|
group::require_exists "$name" || return 1
|
||||||
|
peer=$(peers::resolve_and_require "$peer" "") || return 1
|
||||||
|
if ! group::has_peer "$name" "$peer"; then
|
||||||
|
log::error "Peer '${peer}' is not in group '${name}'"
|
||||||
|
log::info "Add them first: wgctl group peer --name ${name} --peer ${peer} --action add"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
peers::set_main_group "$peer" "$name"
|
||||||
|
log::wg_success "Main group for '${peer}' set to '${name}'"
|
||||||
|
}
|
||||||
|
|
||||||
|
# ── Block ─────────────────────────────────────────────────────────────────────
|
||||||
|
|
||||||
|
function cmd::group::_block_impl() {
|
||||||
|
local name="$1"
|
||||||
|
local peers_list=()
|
||||||
|
mapfile -t peers_list < <(group::peers "$name")
|
||||||
|
local filtered=()
|
||||||
|
for p in "${peers_list[@]:-}"; do [[ -n "$p" ]] && filtered+=("$p"); done
|
||||||
|
[[ ${#filtered[@]} -eq 0 ]] && \
|
||||||
|
log::wg_warning "Group '${name}' has no peers" && return 0
|
||||||
|
|
||||||
|
local count=0 skipped=0
|
||||||
|
for peer_name in "${filtered[@]}"; do
|
||||||
|
if cmd::group::_block_peer "$peer_name" "$name"; then
|
||||||
|
(( count++ )) || true
|
||||||
|
else
|
||||||
|
(( skipped++ )) || true
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
[[ "$count" -gt 0 ]] && log::wg_block "All peers from ${name} have been blocked (${count} peers)."
|
||||||
|
[[ "$skipped" -gt 0 ]] && log::wg_warning "${skipped} peers already blocked"
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::_block_peer() {
|
||||||
|
local peer_name="${1:-}" group_name="${2:-}"
|
||||||
|
if ! group::_peer_exists_check "$peer_name"; then
|
||||||
|
log::wg_warning "Peer '${peer_name}' no longer exists — skipping"; return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
local client_ip; client_ip=$(peers::get_ip "$peer_name")
|
||||||
|
local current_blocked_groups; current_blocked_groups=$(block::get_groups "$peer_name")
|
||||||
|
|
||||||
|
local IFS=','
|
||||||
|
for g in $current_blocked_groups; do
|
||||||
|
if [[ "$g" == "$group_name" ]]; then
|
||||||
|
log::wg_warning "${peer_name} — already blocked by group '${group_name}'"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
unset IFS
|
||||||
|
|
||||||
|
block::add_group "$peer_name" "$client_ip" "$group_name"
|
||||||
|
peers::exists_in_server "$peer_name" && block::apply_full "$peer_name" "$client_ip"
|
||||||
|
}
|
||||||
|
|
||||||
|
# ── Unblock ───────────────────────────────────────────────────────────────────
|
||||||
|
|
||||||
|
function cmd::group::_unblock_impl() {
|
||||||
|
local name="$1"
|
||||||
|
local peers_list=()
|
||||||
|
mapfile -t peers_list < <(group::peers "$name")
|
||||||
|
local filtered=()
|
||||||
|
for p in "${peers_list[@]:-}"; do [[ -n "$p" ]] && filtered+=("$p"); done
|
||||||
|
[[ ${#filtered[@]} -eq 0 ]] && \
|
||||||
|
log::wg_warning "Group '${name}' has no peers" && return 0
|
||||||
|
|
||||||
|
local count=0 skipped=0
|
||||||
|
for peer_name in "${filtered[@]}"; do
|
||||||
|
if cmd::group::_unblock_peer "$peer_name" "$name"; then
|
||||||
|
(( count++ )) || true
|
||||||
|
else
|
||||||
|
(( skipped++ )) || true
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
[[ "$count" -gt 0 ]] && log::wg_unblock "All peers from ${name} have been unblocked."
|
||||||
|
[[ "$skipped" -gt 0 ]] && \
|
||||||
|
log::wg_warning "${skipped} peer(s) remain blocked (blocked directly or by other groups)"
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::_unblock_peer() {
|
||||||
|
local peer_name="${1:-}" group_name="${2:-}"
|
||||||
|
if ! group::_peer_exists_check "$peer_name"; then
|
||||||
|
log::wg_warning "Peer '${peer_name}' no longer exists — skipping"; return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! block::has_file "$peer_name"; then
|
||||||
|
log::wg_warning "${peer_name} — not blocked"; return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
local current_groups; current_groups=$(block::get_groups "$peer_name")
|
||||||
|
if [[ "$current_groups" != *"$group_name"* ]]; then
|
||||||
|
log::wg_warning "${peer_name} — not blocked by group '${group_name}'"; return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
local client_ip; client_ip=$(peers::get_ip "$peer_name")
|
||||||
|
block::remove_group "$peer_name" "$client_ip" "$group_name"
|
||||||
|
|
||||||
|
if block::is_blocked "$peer_name"; then
|
||||||
|
local groups; groups=$(block::get_groups "$peer_name")
|
||||||
|
local direct; direct=$(block::is_blocked_direct "$peer_name")
|
||||||
|
if [[ "$direct" == "true" ]]; then
|
||||||
|
log::wg_warning "${peer_name} — still blocked directly, skipping"
|
||||||
|
else
|
||||||
|
log::wg_warning "${peer_name} — still blocked by group(s): ${groups}, skipping"
|
||||||
|
fi
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
block::restore_peer "$peer_name" "$client_ip"
|
||||||
|
block::remove_file "$peer_name"
|
||||||
|
local rule; rule=$(peers::get_meta "$peer_name" "rule")
|
||||||
|
[[ -n "$rule" ]] && rule::exists "$rule" && rule::apply "$rule" "$client_ip" "$peer_name"
|
||||||
|
}
|
||||||
|
|
||||||
|
# ── Rule assign ───────────────────────────────────────────────────────────────
|
||||||
|
|
||||||
|
function cmd::group::_rule_assign_impl() {
|
||||||
|
local name="$1" rule="$2"
|
||||||
|
group::require_exists "$name" || return 1
|
||||||
|
rule::require_exists "$rule" || return 1
|
||||||
|
|
||||||
|
local peers_list=()
|
||||||
|
mapfile -t peers_list < <(group::peers "$name")
|
||||||
|
[[ -z "${peers_list[0]:-}" ]] && \
|
||||||
|
log::wg_warning "Group '${name}' has no peers" && return 0
|
||||||
|
|
||||||
|
group::each_peer "$name" cmd::group::_rule_assign_cb "$rule"
|
||||||
|
log::wg_success "Assigned rule '${rule}' to group '${name}'"
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::_rule_assign_cb() {
|
||||||
|
local peer_name="${1:-}" rule="${2:-}"
|
||||||
|
if ! group::_peer_exists_check "$peer_name"; then
|
||||||
|
log::wg_warning "Peer '${peer_name}' no longer exists — skipping"; return 0
|
||||||
|
fi
|
||||||
|
load_command rule
|
||||||
|
cmd::rule::assign --name "$rule" --peer "$peer_name"
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::_rule_unassign_impl() {
|
||||||
|
local name="$1" rule="$2"
|
||||||
|
log::error "rule unassign not yet implemented"
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
# ── Purge stale ───────────────────────────────────────────────────────────────
|
||||||
|
|
||||||
|
function cmd::group::_purge_stale_impl() {
|
||||||
|
local name="$1" all="$2" force="$3" dry_run="$4"
|
||||||
|
local -a groups=()
|
||||||
|
if [[ "$all" == "true" ]]; then
|
||||||
|
while IFS= read -r group_file; do
|
||||||
|
groups+=("$(basename "$group_file" .group)")
|
||||||
|
done < <(find "$(ctx::groups)" -name "*.group" 2>/dev/null | sort)
|
||||||
|
else
|
||||||
|
group::require_exists "$name" || return 1
|
||||||
|
groups=("$name")
|
||||||
|
fi
|
||||||
|
|
||||||
|
local total_removed=0
|
||||||
|
for group_name in "${groups[@]}"; do
|
||||||
|
[[ -z "$group_name" ]] && continue
|
||||||
|
local -a stale=()
|
||||||
|
while IFS= read -r peer_name; do
|
||||||
|
[[ -z "$peer_name" ]] && continue
|
||||||
|
[[ ! -f "$(ctx::clients)/${peer_name}.conf" ]] && stale+=("$peer_name")
|
||||||
|
done < <(group::peers "$group_name" 2>/dev/null)
|
||||||
|
[[ ${#stale[@]} -eq 0 ]] && continue
|
||||||
|
|
||||||
|
if [[ "$force" != "true" && "$dry_run" != "true" ]]; then
|
||||||
|
printf " Group '%s' has %d stale peer(s): %s\n" \
|
||||||
|
"$group_name" "${#stale[@]}" "${stale[*]}"
|
||||||
|
read -r -p " Remove them? [y/N] " confirm
|
||||||
|
case "$confirm" in [yY]*) ;; *) log::info "Skipped '${group_name}'"; continue ;; esac
|
||||||
|
fi
|
||||||
|
|
||||||
|
local group_file; group_file="$(group::path "$group_name")"
|
||||||
|
for peer_name in "${stale[@]}"; do
|
||||||
|
if [[ "$dry_run" == "true" ]]; then
|
||||||
|
printf " \033[2m[dry-run]\033[0m Would remove '%s' from '%s'\n" \
|
||||||
|
"$peer_name" "$group_name"
|
||||||
|
else
|
||||||
|
json::remove "$group_file" "peers" "$peer_name" 2>/dev/null || true
|
||||||
|
log::debug "Removed stale peer '${peer_name}' from group '${group_name}'"
|
||||||
|
fi
|
||||||
|
(( total_removed++ )) || true
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
||||||
|
local action="Removed"
|
||||||
|
[[ "$dry_run" == "true" ]] && action="Would remove"
|
||||||
|
[[ "$total_removed" -eq 0 ]] && log::wg_warning "No stale peers found" && return 0
|
||||||
|
log::wg_success "${action} ${total_removed} stale peer(s)"
|
||||||
|
}
|
||||||
|
|
||||||
|
# ── Audit ─────────────────────────────────────────────────────────────────────
|
||||||
|
|
||||||
|
function cmd::group::_audit_impl() {
|
||||||
|
local name="$1"
|
||||||
|
local -a groups=()
|
||||||
|
if [[ -n "$name" ]]; then
|
||||||
|
group::require_exists "$name" || return 1
|
||||||
|
groups=("$name")
|
||||||
|
else
|
||||||
|
while IFS= read -r group_file; do
|
||||||
|
groups+=("$(basename "$group_file" .group)")
|
||||||
|
done < <(find "$(ctx::groups)" -name "*.group" 2>/dev/null | sort)
|
||||||
|
fi
|
||||||
|
|
||||||
|
log::section "Group Audit"; echo ""
|
||||||
|
for grp in "${groups[@]}"; do
|
||||||
|
local -a all_peers=() stale=()
|
||||||
|
while IFS= read -r p; do
|
||||||
|
[[ -z "$p" ]] && continue
|
||||||
|
all_peers+=("$p")
|
||||||
|
[[ ! -f "$(ctx::clients)/${p}.conf" ]] && stale+=("$p")
|
||||||
|
done < <(group::peers "$grp" 2>/dev/null)
|
||||||
|
printf " %-20s %d peers" "$grp" "${#all_peers[@]}"
|
||||||
|
[[ ${#stale[@]} -gt 0 ]] && printf " \033[1;31m%d stale\033[0m" "${#stale[@]}"
|
||||||
|
printf "\n"
|
||||||
|
done
|
||||||
|
echo ""
|
||||||
|
}
|
||||||
|
|
||||||
|
# ── Logs ──────────────────────────────────────────────────────────────────────
|
||||||
|
|
||||||
|
function cmd::group::_logs_impl() {
|
||||||
|
local name="$1" limit="$2" since="$3" fw="$4" wg="$5"
|
||||||
|
local peers_list=()
|
||||||
|
mapfile -t peers_list < <(group::peers "$name")
|
||||||
|
[[ -z "${peers_list[0]:-}" ]] && \
|
||||||
|
log::wg_warning "Group '${name}' has no peers" && return 0
|
||||||
|
|
||||||
|
load_command logs
|
||||||
|
command::load_subcmd logs show # ensure show_fw_events etc are loaded
|
||||||
|
|
||||||
|
log::section "Logs: Group '${name}'"
|
||||||
|
|
||||||
|
for peer_name in "${peers_list[@]}"; do
|
||||||
|
[[ -z "$peer_name" ]] && continue
|
||||||
|
if ! peers::require_exists "$peer_name" >/dev/null 2>&1; then
|
||||||
|
log::wg_warning "Peer '${peer_name}' no longer exists — skipping"
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
local filter_ip; filter_ip=$(peers::get_ip "$peer_name")
|
||||||
|
local fw_out="" wg_out=""
|
||||||
|
[[ "$wg" != "true" ]] && fw_out=$(cmd::logs::show_fw_events \
|
||||||
|
"$filter_ip" "$peer_name" "" "$limit" "$(ctx::net)" \
|
||||||
|
"1" "$since" "" "" "desc" "false" 2>/dev/null)
|
||||||
|
[[ "$fw" != "true" ]] && wg_out=$(cmd::logs::show_wg_events \
|
||||||
|
"$filter_ip" "$peer_name" "" "$limit" \
|
||||||
|
"1" "$since" "" "desc" "false" 2>/dev/null)
|
||||||
|
[[ -z "$fw_out" && -z "$wg_out" ]] && continue
|
||||||
|
printf "\n \033[1;37m── %s ──\033[0m\n" "$peer_name"
|
||||||
|
[[ -n "$fw_out" ]] && printf "%s\n" "$fw_out"
|
||||||
|
[[ -n "$wg_out" ]] && printf "%s\n" "$wg_out"
|
||||||
|
done
|
||||||
|
echo ""
|
||||||
|
}
|
||||||
|
|
||||||
|
# ── Watch ─────────────────────────────────────────────────────────────────────
|
||||||
|
|
||||||
|
function cmd::group::_watch_impl() {
|
||||||
|
local name="$1" fw="$2" wg="$3"
|
||||||
|
local peers_list=()
|
||||||
|
mapfile -t peers_list < <(group::peers "$name")
|
||||||
|
[[ -z "${peers_list[0]:-}" ]] && \
|
||||||
|
log::wg_warning "Group '${name}' has no peers" && return 0
|
||||||
|
local filter_ips=""
|
||||||
|
for peer in "${peers_list[@]}"; do
|
||||||
|
[[ -z "$peer" ]] && continue
|
||||||
|
local ip; ip=$(peers::get_ip "$peer")
|
||||||
|
filter_ips+="${ip},"
|
||||||
|
done
|
||||||
|
filter_ips="${filter_ips%,}"
|
||||||
|
|
||||||
|
load_command logs
|
||||||
|
load_command watch
|
||||||
|
cmd::logs::follow "$filter_ips" "$name" "" "$fw" "$wg"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# ── Render/JSON ───────────────────────────────────────────────────────────────
|
||||||
|
|
||||||
|
function cmd::group::_render_table() {
|
||||||
|
local data="$1" w_name="$2" w_desc="$3"
|
||||||
|
ui::group::list_header_table
|
||||||
|
while IFS="|" read -r name desc total blocked; do
|
||||||
|
[[ -z "$name" ]] && continue
|
||||||
|
ui::group::list_row_table "$name" "$desc" "$total" "$blocked"
|
||||||
|
done <<< "$data"
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::_output_json() {
|
||||||
|
local data
|
||||||
|
data=$(json::group_list_data "$(ctx::groups)" "$(ctx::blocks)" "$(ctx::clients)")
|
||||||
|
local -a groups=()
|
||||||
|
while IFS="|" read -r name desc total blocked; do
|
||||||
|
[[ -z "$name" ]] && continue
|
||||||
|
groups+=("{\"name\":\"${name}\",\"description\":\"${desc}\",\"peers\":${total},\"blocked\":${blocked}}")
|
||||||
|
done <<< "$data"
|
||||||
|
local array; array=$(IFS=','; echo "${groups[*]:-}")
|
||||||
|
printf '[%s]' "$array" | json::envelope "groups" "${#groups[@]}"
|
||||||
|
}
|
||||||
46
commands/group/list.sh
Normal file
46
commands/group/list.sh
Normal file
|
|
@ -0,0 +1,46 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# commands/group/list.sh
|
||||||
|
|
||||||
|
function cmd::group::list::on_load() {
|
||||||
|
command::mixin json_output section:Output
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::list::run() {
|
||||||
|
flag::parse "$@" || return 1
|
||||||
|
|
||||||
|
local groups_dir; groups_dir="$(ctx::groups)"
|
||||||
|
local groups=("${groups_dir}"/*.group)
|
||||||
|
if [[ ! -f "${groups[0]}" ]]; then
|
||||||
|
log::wg "No groups configured"; return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if command::json; then
|
||||||
|
cmd::group::_output_json; return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
local data
|
||||||
|
data=$(json::group_list_data "$groups_dir" "$(ctx::blocks)" "$(ctx::clients)")
|
||||||
|
[[ -z "$data" ]] && log::wg "No groups configured" && return 0
|
||||||
|
|
||||||
|
local w_name=12 w_desc=16
|
||||||
|
while IFS="|" read -r name desc total blocked; do
|
||||||
|
[[ -z "$name" ]] && continue
|
||||||
|
(( ${#name} > w_name )) && w_name=${#name}
|
||||||
|
local desc_len=${#desc}; [[ -z "$desc" ]] && desc_len=1
|
||||||
|
(( desc_len > w_desc )) && w_desc=$desc_len
|
||||||
|
done <<< "$data"
|
||||||
|
(( w_name += 2 )); (( w_desc += 2 ))
|
||||||
|
|
||||||
|
log::section "Groups"; echo ""
|
||||||
|
|
||||||
|
if display::is_table "group_list"; then
|
||||||
|
cmd::group::_render_table "$data" "$w_name" "$w_desc"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
while IFS="|" read -r name desc total blocked; do
|
||||||
|
[[ -z "$name" ]] && continue
|
||||||
|
ui::group::list_row "$name" "$desc" "$total" "$blocked" "$w_name" "$w_desc"
|
||||||
|
done <<< "$data"
|
||||||
|
echo ""
|
||||||
|
}
|
||||||
24
commands/group/logs.sh
Normal file
24
commands/group/logs.sh
Normal file
|
|
@ -0,0 +1,24 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# commands/group/logs.sh
|
||||||
|
|
||||||
|
function cmd::group::logs::on_load() {
|
||||||
|
flag::define --name value "Group name" required label:name
|
||||||
|
flag::define --limit value "Max results" default:50 type:int min:1
|
||||||
|
flag::define --since value "Since duration" label:time
|
||||||
|
flag::define --fw bool "Firewall only"
|
||||||
|
flag::define --wg bool "WireGuard only"
|
||||||
|
flag::exclusive --fw --wg
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::logs::run() {
|
||||||
|
flag::parse "$@" || return 1
|
||||||
|
local name; name=$(flag::value --name)
|
||||||
|
local limit; limit=$(flag::value --limit)
|
||||||
|
local since; since=$(flag::value --since)
|
||||||
|
local fw=false wg=false
|
||||||
|
flag::bool --fw && fw=true
|
||||||
|
flag::bool --wg && wg=true
|
||||||
|
[[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1
|
||||||
|
group::require_exists "$name" || return 1
|
||||||
|
cmd::group::_logs_impl "$name" "$limit" "$since" "$fw" "$wg"
|
||||||
|
}
|
||||||
19
commands/group/peer.sh
Normal file
19
commands/group/peer.sh
Normal file
|
|
@ -0,0 +1,19 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# commands/group/peer.sh
|
||||||
|
|
||||||
|
function cmd::group::peer::on_load() {
|
||||||
|
flag::define --name value "Group name" required label:name
|
||||||
|
flag::define --peer value "Peer name" required label:peer
|
||||||
|
flag::define --action value "Action" required choices:add,remove label:action
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::peer::run() {
|
||||||
|
flag::parse "$@" || return 1
|
||||||
|
local name; name=$(flag::value --name)
|
||||||
|
local peer; peer=$(flag::value --peer)
|
||||||
|
local action; action=$(flag::value --action)
|
||||||
|
case "$action" in
|
||||||
|
add) cmd::group::peer_add_impl "$name" "$peer" ;;
|
||||||
|
remove) cmd::group::peer_remove_impl "$name" "$peer" ;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
22
commands/group/purge-stale.sh
Normal file
22
commands/group/purge-stale.sh
Normal file
|
|
@ -0,0 +1,22 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# commands/group/purge-stale.sh
|
||||||
|
|
||||||
|
function cmd::group::purge_stale::on_load() {
|
||||||
|
flag::define --name value "Group name (or --all)" label:name
|
||||||
|
flag::define --all bool "Purge all groups"
|
||||||
|
flag::define --force bool "Skip confirmation"
|
||||||
|
flag::define --dry-run bool "Show what would be removed"
|
||||||
|
flag::exclusive --name --all
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::purge_stale::run() {
|
||||||
|
flag::parse "$@" || return 1
|
||||||
|
local name; name=$(flag::value --name)
|
||||||
|
local all=false force=false dry_run=false
|
||||||
|
flag::bool --all && all=true
|
||||||
|
flag::bool --force && force=true
|
||||||
|
flag::bool --dry-run && dry_run=true
|
||||||
|
[[ -z "$name" && "$all" == "false" ]] && \
|
||||||
|
log::error "Specify --name or --all" && return 1
|
||||||
|
cmd::group::_purge_stale_impl "$name" "$all" "$force" "$dry_run"
|
||||||
|
}
|
||||||
23
commands/group/remove.sh
Normal file
23
commands/group/remove.sh
Normal file
|
|
@ -0,0 +1,23 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# commands/group/remove.sh
|
||||||
|
|
||||||
|
function cmd::group::remove::on_load() {
|
||||||
|
flag::define --name value "Group name" required label:name
|
||||||
|
flag::define --force bool "Skip confirmation"
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::remove::run() {
|
||||||
|
flag::parse "$@" || return 1
|
||||||
|
local name; name=$(flag::value --name)
|
||||||
|
local force=false; flag::bool --force && force=true
|
||||||
|
[[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1
|
||||||
|
group::require_exists "$name" || return 1
|
||||||
|
|
||||||
|
if ! $force; then
|
||||||
|
read -r -p "Remove group '${name}'? [y/N] " confirm
|
||||||
|
case "$confirm" in [yY]*) ;; *) log::info "Aborted"; return 0 ;; esac
|
||||||
|
fi
|
||||||
|
|
||||||
|
rm -f "$(group::path "$name")"
|
||||||
|
log::wg_success "Group removed: ${name}"
|
||||||
|
}
|
||||||
20
commands/group/rename.sh
Normal file
20
commands/group/rename.sh
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# commands/group/rename.sh
|
||||||
|
|
||||||
|
function cmd::group::rename::on_load() {
|
||||||
|
flag::define --name value "Current group name" required label:name
|
||||||
|
flag::define --new-name value "New group name" required label:name
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::rename::run() {
|
||||||
|
flag::parse "$@" || return 1
|
||||||
|
local name; name=$(flag::value --name)
|
||||||
|
local new_name; new_name=$(flag::value --new-name)
|
||||||
|
[[ -z "$name" || -z "$new_name" ]] && \
|
||||||
|
log::error "Missing required flags: --name and --new-name" && return 1
|
||||||
|
group::require_exists "$name" || return 1
|
||||||
|
if group::exists "$new_name"; then
|
||||||
|
log::error "Group already exists: ${new_name}"; return 1
|
||||||
|
fi
|
||||||
|
cmd::group::_rename_impl "$name" "$new_name"
|
||||||
|
}
|
||||||
16
commands/group/rm-peers.sh
Normal file
16
commands/group/rm-peers.sh
Normal file
|
|
@ -0,0 +1,16 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# commands/group/rm-peers.sh
|
||||||
|
|
||||||
|
function cmd::group::rm_peers::on_load() {
|
||||||
|
flag::define --name value "Group name" required label:name
|
||||||
|
flag::define --force bool "Skip confirmation"
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::rm_peers::run() {
|
||||||
|
flag::parse "$@" || return 1
|
||||||
|
local name; name=$(flag::value --name)
|
||||||
|
local force=false; flag::bool --force && force=true
|
||||||
|
[[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1
|
||||||
|
group::require_exists "$name" || return 1
|
||||||
|
cmd::group::_rm_peers_impl "$name" "$force"
|
||||||
|
}
|
||||||
19
commands/group/rule.sh
Normal file
19
commands/group/rule.sh
Normal file
|
|
@ -0,0 +1,19 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# commands/group/rule.sh
|
||||||
|
|
||||||
|
function cmd::group::rule::on_load() {
|
||||||
|
flag::define --name value "Group name" required label:name
|
||||||
|
flag::define --rule value "Rule name" required label:rule
|
||||||
|
flag::define --action value "Action" required choices:assign,unassign label:action
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::rule::run() {
|
||||||
|
flag::parse "$@" || return 1
|
||||||
|
local name; name=$(flag::value --name)
|
||||||
|
local rule; rule=$(flag::value --rule)
|
||||||
|
local action; action=$(flag::value --action)
|
||||||
|
case "$action" in
|
||||||
|
assign) cmd::group::_rule_assign_impl "$name" "$rule" ;;
|
||||||
|
unassign) cmd::group::_rule_unassign_impl "$name" "$rule" ;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
16
commands/group/set-main.sh
Normal file
16
commands/group/set-main.sh
Normal file
|
|
@ -0,0 +1,16 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# commands/group/set-main.sh
|
||||||
|
|
||||||
|
function cmd::group::set_main::on_load() {
|
||||||
|
flag::define --name value "Group name" required label:name
|
||||||
|
flag::define --peer value "Peer name" required label:peer
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::set_main::run() {
|
||||||
|
flag::parse "$@" || return 1
|
||||||
|
local name; name=$(flag::value --name)
|
||||||
|
local peer; peer=$(flag::value --peer)
|
||||||
|
[[ -z "$name" || -z "$peer" ]] && \
|
||||||
|
log::error "Missing required flags: --name and --peer" && return 1
|
||||||
|
cmd::group::_set_main_impl "$name" "$peer"
|
||||||
|
}
|
||||||
14
commands/group/show.sh
Normal file
14
commands/group/show.sh
Normal file
|
|
@ -0,0 +1,14 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# commands/group/show.sh
|
||||||
|
|
||||||
|
function cmd::group::show::on_load() {
|
||||||
|
flag::define --name value "Group name" required label:name
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::show::run() {
|
||||||
|
flag::parse "$@" || return 1
|
||||||
|
local name; name=$(flag::value --name)
|
||||||
|
[[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1
|
||||||
|
group::require_exists "$name" || return 1
|
||||||
|
cmd::group::_show_impl "$name"
|
||||||
|
}
|
||||||
18
commands/group/unblock.sh
Normal file
18
commands/group/unblock.sh
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# commands/group/unblock.sh
|
||||||
|
|
||||||
|
function cmd::group::unblock::on_load() {
|
||||||
|
flag::define --name value "Group name" required label:name
|
||||||
|
flag::define --reason value "Unblock reason" label:reason
|
||||||
|
flag::define --quiet bool "Suppress output"
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::unblock::run() {
|
||||||
|
flag::parse "$@" || return 1
|
||||||
|
local name; name=$(flag::value --name)
|
||||||
|
local reason; reason=$(flag::value --reason)
|
||||||
|
local quiet=false; flag::bool --quiet && quiet=true
|
||||||
|
[[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1
|
||||||
|
group::require_exists "$name" || return 1
|
||||||
|
cmd::group::_unblock_impl "$name" "$reason" "$quiet"
|
||||||
|
}
|
||||||
20
commands/group/watch.sh
Normal file
20
commands/group/watch.sh
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# commands/group/watch.sh
|
||||||
|
|
||||||
|
function cmd::group::watch::on_load() {
|
||||||
|
flag::define --name value "Group name" required label:name
|
||||||
|
flag::define --fw bool "Firewall only"
|
||||||
|
flag::define --wg bool "WireGuard only"
|
||||||
|
flag::exclusive --fw --wg
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::group::watch::run() {
|
||||||
|
flag::parse "$@" || return 1
|
||||||
|
local name; name=$(flag::value --name)
|
||||||
|
local fw=false wg=false
|
||||||
|
flag::bool --fw && fw=true
|
||||||
|
flag::bool --wg && wg=true
|
||||||
|
[[ -z "$name" ]] && log::error "Missing required flag: --name" && return 1
|
||||||
|
group::require_exists "$name" || return 1
|
||||||
|
cmd::group::_watch_impl "$name" "$fw" "$wg"
|
||||||
|
}
|
||||||
371
commands/logs/helpers.sh
Normal file
371
commands/logs/helpers.sh
Normal file
|
|
@ -0,0 +1,371 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# commands/group/helpers.sh
|
||||||
|
# All logs implementation logic — called by subcommand run functions
|
||||||
|
|
||||||
|
function cmd::logs::show_fw_events() {
|
||||||
|
local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}" \
|
||||||
|
limit="${4:-50}" net_file="${5:-}" collapse="${6:-1}" \
|
||||||
|
since="${7:-}" filter_dest_ip="${8:-}" filter_dest_port="${9:-}" \
|
||||||
|
sort_order="${10:-desc}" resolved_only="${11:-false}"
|
||||||
|
|
||||||
|
[[ ! -f "$FW_EVENTS_LOG" ]] && return 0
|
||||||
|
|
||||||
|
local data
|
||||||
|
data=$(json::fw_events \
|
||||||
|
"$FW_EVENTS_LOG" "$filter_ip" "$filter_type" \
|
||||||
|
"$(ctx::clients)" "${net_file:-}" \
|
||||||
|
"$limit" "$collapse" "$since" \
|
||||||
|
"$filter_dest_ip" "$filter_dest_port" \
|
||||||
|
"$sort_order" \
|
||||||
|
2>/dev/null)
|
||||||
|
|
||||||
|
[[ -z "$data" ]] && return 0
|
||||||
|
|
||||||
|
# ── Collect unique endpoints for batch resolution ──
|
||||||
|
local -a ep_list=()
|
||||||
|
while IFS='|' read -r ts client dest_ip dest_port proto svc count src_endpoint; do
|
||||||
|
[[ -z "$ts" || -z "$src_endpoint" ]] && continue
|
||||||
|
ep_list+=("$src_endpoint")
|
||||||
|
done <<< "$data"
|
||||||
|
|
||||||
|
declare -A resolve_cache=()
|
||||||
|
if [[ ${#ep_list[@]} -gt 0 ]]; then
|
||||||
|
while IFS='|' read -r ip name; do
|
||||||
|
[[ -n "$ip" ]] && resolve_cache["$ip"]="$name"
|
||||||
|
done < <(json::batch_resolve "${ep_list[@]}" 2>/dev/null)
|
||||||
|
fi
|
||||||
|
|
||||||
|
# ── Pass 1: measure widths ──
|
||||||
|
local w_client=16 w_dest=20 w_endpoint=0
|
||||||
|
local resolved_data=""
|
||||||
|
|
||||||
|
while IFS='|' read -r ts client dest_ip dest_port proto svc count src_endpoint; do
|
||||||
|
[[ -z "$ts" ]] && continue
|
||||||
|
|
||||||
|
(( ${#client} > w_client )) && w_client=${#client}
|
||||||
|
|
||||||
|
local svc_display=""
|
||||||
|
if [[ -n "$svc" ]]; then
|
||||||
|
[[ -n "$dest_port" ]] && svc_display="${svc}/${proto}" \
|
||||||
|
|| svc_display="${svc} (${proto})"
|
||||||
|
else
|
||||||
|
[[ -n "$dest_port" ]] && svc_display="${dest_ip}:${dest_port}/${proto}" \
|
||||||
|
|| svc_display="${dest_ip} (${proto})"
|
||||||
|
fi
|
||||||
|
|
||||||
|
local measure_len
|
||||||
|
if $resolved_only; then
|
||||||
|
measure_len=${#svc_display}
|
||||||
|
else
|
||||||
|
local raw_plain=""
|
||||||
|
[[ -n "$svc" && -n "$dest_port" ]] && raw_plain=" (${dest_ip}:${dest_port})"
|
||||||
|
[[ -n "$svc" && -z "$dest_port" ]] && raw_plain=" (${dest_ip})"
|
||||||
|
measure_len=$(( ${#svc_display} + ${#raw_plain} ))
|
||||||
|
fi
|
||||||
|
(( measure_len > w_dest )) && w_dest=$measure_len
|
||||||
|
|
||||||
|
local src_resolved=""
|
||||||
|
if [[ -n "$src_endpoint" ]]; then
|
||||||
|
src_resolved="${resolve_cache[$src_endpoint]:-}"
|
||||||
|
[[ "$src_resolved" == "$src_endpoint" ]] && src_resolved=""
|
||||||
|
|
||||||
|
local ep_measure_len
|
||||||
|
if $resolved_only; then
|
||||||
|
ep_measure_len=${#src_resolved}
|
||||||
|
[[ -z "$src_resolved" ]] && ep_measure_len=${#src_endpoint}
|
||||||
|
else
|
||||||
|
ep_measure_len=${#src_endpoint}
|
||||||
|
[[ -n "$src_resolved" ]] && \
|
||||||
|
ep_measure_len=$(( ${#src_endpoint} + 4 + ${#src_resolved} ))
|
||||||
|
fi
|
||||||
|
(( ep_measure_len > w_endpoint )) && w_endpoint=$ep_measure_len
|
||||||
|
fi
|
||||||
|
|
||||||
|
resolved_data+="${ts}|${client}|${dest_ip}|${dest_port}|${proto}|${svc}|${count}|${src_endpoint}|${src_resolved}"$'\n'
|
||||||
|
done <<< "$data"
|
||||||
|
|
||||||
|
(( w_client += 2 ))
|
||||||
|
(( w_dest += 2 ))
|
||||||
|
[[ "$w_endpoint" -gt 0 ]] && (( w_endpoint += 2 ))
|
||||||
|
|
||||||
|
# ── Pass 2: render ──
|
||||||
|
ui::logs::fw_section_header
|
||||||
|
while IFS='|' read -r ts client dest_ip dest_port proto svc count src_endpoint src_resolved; do
|
||||||
|
[[ -z "$ts" ]] && continue
|
||||||
|
ui::logs::fw_row "$ts" "$client" "$dest_ip" "$dest_port" \
|
||||||
|
"$proto" "$svc" "$count" "$w_client" "$w_dest" \
|
||||||
|
"$src_endpoint" "$src_resolved" "$w_endpoint" "$resolved_only"
|
||||||
|
done <<< "$resolved_data"
|
||||||
|
printf "\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::logs::show_wg_events() {
|
||||||
|
local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}" \
|
||||||
|
limit="${4:-50}" collapse="${5:-1}" \
|
||||||
|
since="${6:-}" filter_event="${7:-}" sort_order="${8:-desc}" \
|
||||||
|
resolved_only="${9:-false}"
|
||||||
|
|
||||||
|
[[ ! -f "$WG_EVENTS_LOG" ]] && return 0
|
||||||
|
|
||||||
|
local data
|
||||||
|
data=$(json::wg_events \
|
||||||
|
"$WG_EVENTS_LOG" "$filter_name" "$filter_type" \
|
||||||
|
"$limit" "$collapse" "$since" "$filter_event" \
|
||||||
|
"$(ctx::endpoint_cache)" "$sort_order" \
|
||||||
|
2>/dev/null)
|
||||||
|
|
||||||
|
[[ -z "$data" ]] && return 0
|
||||||
|
|
||||||
|
# ── Collect unique endpoints for batch resolution ──
|
||||||
|
local -a ep_list=()
|
||||||
|
while IFS='|' read -r ts client endpoint event count gap_seconds; do
|
||||||
|
[[ -z "$ts" || -z "$endpoint" ]] && continue
|
||||||
|
ep_list+=("$endpoint")
|
||||||
|
done <<< "$data"
|
||||||
|
|
||||||
|
declare -A resolve_cache=()
|
||||||
|
if [[ ${#ep_list[@]} -gt 0 ]]; then
|
||||||
|
while IFS='|' read -r ip name; do
|
||||||
|
[[ -n "$ip" ]] && resolve_cache["$ip"]="$name"
|
||||||
|
done < <(json::batch_resolve "${ep_list[@]}" 2>/dev/null)
|
||||||
|
fi
|
||||||
|
|
||||||
|
# ── Measure widths ──
|
||||||
|
local w_client=16 w_endpoint=16
|
||||||
|
local resolved_data=""
|
||||||
|
|
||||||
|
while IFS='|' read -r ts client endpoint event count gap_seconds; do
|
||||||
|
[[ -z "$ts" ]] && continue
|
||||||
|
(( ${#client} > w_client )) && w_client=${#client}
|
||||||
|
|
||||||
|
local resolved=""
|
||||||
|
if [[ -n "$endpoint" ]]; then
|
||||||
|
resolved="${resolve_cache[$endpoint]:-}"
|
||||||
|
[[ "$resolved" == "$endpoint" ]] && resolved=""
|
||||||
|
fi
|
||||||
|
|
||||||
|
local ep_raw="${endpoint:--}"
|
||||||
|
local ep_measure_len
|
||||||
|
if $resolved_only; then
|
||||||
|
local ep_display="${resolved:-$endpoint}"
|
||||||
|
[[ -z "$ep_display" ]] && ep_display="-"
|
||||||
|
ep_measure_len=${#ep_display}
|
||||||
|
else
|
||||||
|
ep_measure_len=${#ep_raw}
|
||||||
|
[[ -n "$resolved" && -n "$endpoint" ]] && \
|
||||||
|
ep_measure_len=$(( ${#endpoint} + 4 + ${#resolved} ))
|
||||||
|
fi
|
||||||
|
(( ep_measure_len > w_endpoint )) && w_endpoint=$ep_measure_len
|
||||||
|
|
||||||
|
resolved_data+="${ts}|${client}|${endpoint}|${event}|${count}|${gap_seconds}|${resolved}"$'\n'
|
||||||
|
done <<< "$data"
|
||||||
|
|
||||||
|
(( w_client += 2 ))
|
||||||
|
(( w_endpoint += 2 ))
|
||||||
|
|
||||||
|
# ── Render ──
|
||||||
|
ui::logs::wg_section_header
|
||||||
|
while IFS='|' read -r ts client endpoint event count gap_seconds resolved; do
|
||||||
|
[[ -z "$ts" ]] && continue
|
||||||
|
if $resolved_only; then
|
||||||
|
local ep_display="${resolved:-$endpoint}"
|
||||||
|
[[ -z "$ep_display" ]] && ep_display="-"
|
||||||
|
ui::logs::wg_row "$ts" "$client" "$ep_display" "$event" \
|
||||||
|
"$count" "$w_client" "$w_endpoint" "$gap_seconds" ""
|
||||||
|
else
|
||||||
|
ui::logs::wg_row "$ts" "$client" "$endpoint" "$event" \
|
||||||
|
"$count" "$w_client" "$w_endpoint" "$gap_seconds" "$resolved"
|
||||||
|
fi
|
||||||
|
done <<< "$resolved_data"
|
||||||
|
printf "\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::logs::show_merged() {
|
||||||
|
local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}" \
|
||||||
|
limit="${4:-50}" net_file="${5:-}" since="${6:-}"
|
||||||
|
|
||||||
|
local fw_data wg_data
|
||||||
|
fw_data=$(json::fw_events \
|
||||||
|
"$FW_EVENTS_LOG" "$filter_ip" "$filter_type" \
|
||||||
|
"$(ctx::clients)" "${net_file:-}" \
|
||||||
|
"$limit" "1" "$since" "" "" \
|
||||||
|
2>/dev/null)
|
||||||
|
wg_data=$(json::wg_events \
|
||||||
|
"$WG_EVENTS_LOG" "$filter_name" "$filter_type" \
|
||||||
|
"$limit" "1" "$since" "" \
|
||||||
|
2>/dev/null)
|
||||||
|
|
||||||
|
local w_client=16 w_dest=20
|
||||||
|
while IFS='|' read -r ts client rest; do
|
||||||
|
[[ -z "$ts" ]] && continue
|
||||||
|
(( ${#client} > w_client )) && w_client=${#client}
|
||||||
|
done < <(echo "$fw_data"; echo "$wg_data")
|
||||||
|
(( w_client += 2 ))
|
||||||
|
|
||||||
|
local merged_data
|
||||||
|
merged_data=$(
|
||||||
|
while IFS='|' read -r ts client dest_ip dest_port proto svc count; do
|
||||||
|
[[ -z "$ts" ]] && continue
|
||||||
|
echo "fw|${ts}|${client}|${dest_ip}|${dest_port}|${proto}|${svc}|${count}"
|
||||||
|
done <<< "$fw_data"
|
||||||
|
while IFS='|' read -r ts client endpoint event count; do
|
||||||
|
[[ -z "$ts" ]] && continue
|
||||||
|
echo "wg|${ts}|${client}|${endpoint}|${event}|${count}"
|
||||||
|
done <<< "$wg_data"
|
||||||
|
)
|
||||||
|
|
||||||
|
while IFS='|' read -r source ts rest; do
|
||||||
|
[[ -z "$source" ]] && continue
|
||||||
|
case "$source" in
|
||||||
|
fw)
|
||||||
|
IFS='|' read -r client dest_ip dest_port proto svc count <<< "$rest"
|
||||||
|
local dest_display
|
||||||
|
if [[ -n "$svc" ]]; then
|
||||||
|
[[ -n "$dest_port" ]] && dest_display="${svc}/${proto}" || dest_display="${svc} (${proto})"
|
||||||
|
else
|
||||||
|
[[ -n "$dest_port" ]] && dest_display="${dest_ip}:${dest_port}/${proto}" || dest_display="${dest_ip} (${proto})"
|
||||||
|
fi
|
||||||
|
(( ${#dest_display} > w_dest )) && w_dest=${#dest_display}
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done <<< "$merged_data"
|
||||||
|
(( w_dest += 2 ))
|
||||||
|
|
||||||
|
while IFS='|' read -r source ts rest; do
|
||||||
|
[[ -z "$source" ]] && continue
|
||||||
|
case "$source" in
|
||||||
|
fw)
|
||||||
|
IFS='|' read -r client dest_ip dest_port proto svc count <<< "$rest"
|
||||||
|
ui::watch::fw_row "$ts" "$client" \
|
||||||
|
"$(ui::logs::build_dest "$dest_ip" "$dest_port" "$proto" "$svc")" \
|
||||||
|
"$w_client" "$w_dest"
|
||||||
|
;;
|
||||||
|
wg)
|
||||||
|
IFS='|' read -r client endpoint event count <<< "$rest"
|
||||||
|
ui::watch::wg_row "$ts" "$client" "$endpoint" "$event" \
|
||||||
|
"$w_client" "$w_dest"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done < <(echo "$merged_data" | sort -t'|' -k2,2)
|
||||||
|
|
||||||
|
printf "\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::logs::follow() {
|
||||||
|
local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}"
|
||||||
|
local fw_only="${4:-false}" wg_only="${5:-false}"
|
||||||
|
|
||||||
|
log::section "WireGuard Live Log (Ctrl+C to stop)"
|
||||||
|
printf "\n"
|
||||||
|
|
||||||
|
local restricted_only=false blocked_only=false
|
||||||
|
$fw_only && restricted_only=true
|
||||||
|
$wg_only && blocked_only=true
|
||||||
|
|
||||||
|
monitor::live "$filter_name" "$filter_type" "" \
|
||||||
|
"$blocked_only" "$restricted_only" "false" "false"
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::logs::remove() {
|
||||||
|
local name="" type="" before="" force=false
|
||||||
|
local fw_only=false wg_only=false all=false
|
||||||
|
|
||||||
|
while [[ $# -gt 0 ]]; do
|
||||||
|
case "$1" in
|
||||||
|
--name) name="$2"; shift 2 ;;
|
||||||
|
--type) type="$2"; shift 2 ;;
|
||||||
|
--before) before="$2"; shift 2 ;;
|
||||||
|
--fw) fw_only=true; shift ;;
|
||||||
|
--wg) wg_only=true; shift ;;
|
||||||
|
--all) all=true; shift ;;
|
||||||
|
--force) force=true; shift ;;
|
||||||
|
--help) cmd::logs::help; return ;;
|
||||||
|
*)
|
||||||
|
log::error "Unknown flag: $1"
|
||||||
|
return 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
if ! $all && [[ -z "$name" && -z "$before" ]]; then
|
||||||
|
log::error "Specify --name, --before, or --all"
|
||||||
|
cmd::logs::help
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
local filter_ip=""
|
||||||
|
if [[ -n "$name" ]]; then
|
||||||
|
name=$(peers::resolve_and_require "$name" "$type") || return 1
|
||||||
|
filter_ip=$(peers::get_ip "$name")
|
||||||
|
fi
|
||||||
|
|
||||||
|
local desc=""
|
||||||
|
$all && desc="all entries"
|
||||||
|
[[ -n "$name" ]] && desc="entries for '${name}'"
|
||||||
|
[[ -n "$before" ]] && desc="${desc:+$desc, }entries older than ${before} days"
|
||||||
|
$fw_only && desc="${desc} (fw only)"
|
||||||
|
$wg_only && desc="${desc} (wg only)"
|
||||||
|
|
||||||
|
if ! $force; then
|
||||||
|
read -r -p "Remove ${desc}? [y/N] " confirm
|
||||||
|
case "$confirm" in
|
||||||
|
[yY]*) ;;
|
||||||
|
*) log::info "Aborted"; return 0 ;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
|
||||||
|
local result
|
||||||
|
result=$(json::remove_events_filtered \
|
||||||
|
"$WG_EVENTS_LOG" "$FW_EVENTS_LOG" \
|
||||||
|
"${name:-}" "${filter_ip:-}" \
|
||||||
|
"$fw_only" "$wg_only" \
|
||||||
|
"${before:-}")
|
||||||
|
|
||||||
|
local removed_wg removed_fw
|
||||||
|
IFS="|" read -r removed_wg removed_fw <<< "$result"
|
||||||
|
local total=$(( removed_wg + removed_fw ))
|
||||||
|
|
||||||
|
if [[ "$total" -eq 0 ]]; then
|
||||||
|
log::wg_warning "No log entries found matching the criteria"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
log::wg_success "Removed ${total} log entries (wg: ${removed_wg}, fw: ${removed_fw})"
|
||||||
|
}
|
||||||
|
|
||||||
|
function cmd::logs::rotate() {
|
||||||
|
local days=7 force=false
|
||||||
|
|
||||||
|
while [[ $# -gt 0 ]]; do
|
||||||
|
case "$1" in
|
||||||
|
--days) days="$2"; shift 2 ;;
|
||||||
|
--force) force=true; shift ;;
|
||||||
|
--help) cmd::logs::help; return ;;
|
||||||
|
*) log::error "Unknown flag: $1"; return 1 ;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
$force || {
|
||||||
|
read -r -p "Remove log entries older than ${days} days? [y/N] " confirm
|
||||||
|
case "$confirm" in
|
||||||
|
[yY]*) ;;
|
||||||
|
*) log::info "Aborted"; return 0 ;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
local result
|
||||||
|
result=$(json::remove_events_filtered \
|
||||||
|
"$WG_EVENTS_LOG" "$FW_EVENTS_LOG" \
|
||||||
|
"" "" "false" "false" "$days")
|
||||||
|
|
||||||
|
local removed_wg removed_fw
|
||||||
|
IFS="|" read -r removed_wg removed_fw <<< "$result"
|
||||||
|
local total=$(( removed_wg + removed_fw ))
|
||||||
|
|
||||||
|
if [[ "$total" -eq 0 ]]; then
|
||||||
|
log::wg_warning "No log entries older than ${days} days"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
log::wg_success "Rotated ${total} entries older than ${days} days (wg: ${removed_wg}, fw: ${removed_fw})"
|
||||||
|
}
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
# commands/logs/logs.sh — router only
|
# commands/logs/logs.sh — router only
|
||||||
|
|
||||||
function cmd::logs::on_load() {
|
function cmd::logs::on_load() {
|
||||||
|
command::helpers "helpers.sh"
|
||||||
command::define show "Show WireGuard and firewall logs" [*]
|
command::define show "Show WireGuard and firewall logs" [*]
|
||||||
command::define clean "Remove keepalive handshakes" [c]
|
command::define clean "Remove keepalive handshakes" [c]
|
||||||
command::define remove "Remove log entries" [rm, del]
|
command::define remove "Remove log entries" [rm, del]
|
||||||
|
|
|
||||||
|
|
@ -132,373 +132,3 @@ function cmd::logs::show::run() {
|
||||||
printf "%s\n" "$wg_output"
|
printf "%s\n" "$wg_output"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# ── Helpers ───────────────────────────────────────────────────────────────────
|
|
||||||
|
|
||||||
function cmd::logs::show_fw_events() {
|
|
||||||
local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}" \
|
|
||||||
limit="${4:-50}" net_file="${5:-}" collapse="${6:-1}" \
|
|
||||||
since="${7:-}" filter_dest_ip="${8:-}" filter_dest_port="${9:-}" \
|
|
||||||
sort_order="${10:-desc}" resolved_only="${11:-false}"
|
|
||||||
|
|
||||||
[[ ! -f "$FW_EVENTS_LOG" ]] && return 0
|
|
||||||
|
|
||||||
local data
|
|
||||||
data=$(json::fw_events \
|
|
||||||
"$FW_EVENTS_LOG" "$filter_ip" "$filter_type" \
|
|
||||||
"$(ctx::clients)" "${net_file:-}" \
|
|
||||||
"$limit" "$collapse" "$since" \
|
|
||||||
"$filter_dest_ip" "$filter_dest_port" \
|
|
||||||
"$sort_order" \
|
|
||||||
2>/dev/null)
|
|
||||||
|
|
||||||
[[ -z "$data" ]] && return 0
|
|
||||||
|
|
||||||
# ── Collect unique endpoints for batch resolution ──
|
|
||||||
local -a ep_list=()
|
|
||||||
while IFS='|' read -r ts client dest_ip dest_port proto svc count src_endpoint; do
|
|
||||||
[[ -z "$ts" || -z "$src_endpoint" ]] && continue
|
|
||||||
ep_list+=("$src_endpoint")
|
|
||||||
done <<< "$data"
|
|
||||||
|
|
||||||
declare -A resolve_cache=()
|
|
||||||
if [[ ${#ep_list[@]} -gt 0 ]]; then
|
|
||||||
while IFS='|' read -r ip name; do
|
|
||||||
[[ -n "$ip" ]] && resolve_cache["$ip"]="$name"
|
|
||||||
done < <(json::batch_resolve "${ep_list[@]}" 2>/dev/null)
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ── Pass 1: measure widths ──
|
|
||||||
local w_client=16 w_dest=20 w_endpoint=0
|
|
||||||
local resolved_data=""
|
|
||||||
|
|
||||||
while IFS='|' read -r ts client dest_ip dest_port proto svc count src_endpoint; do
|
|
||||||
[[ -z "$ts" ]] && continue
|
|
||||||
|
|
||||||
(( ${#client} > w_client )) && w_client=${#client}
|
|
||||||
|
|
||||||
local svc_display=""
|
|
||||||
if [[ -n "$svc" ]]; then
|
|
||||||
[[ -n "$dest_port" ]] && svc_display="${svc}/${proto}" \
|
|
||||||
|| svc_display="${svc} (${proto})"
|
|
||||||
else
|
|
||||||
[[ -n "$dest_port" ]] && svc_display="${dest_ip}:${dest_port}/${proto}" \
|
|
||||||
|| svc_display="${dest_ip} (${proto})"
|
|
||||||
fi
|
|
||||||
|
|
||||||
local measure_len
|
|
||||||
if $resolved_only; then
|
|
||||||
measure_len=${#svc_display}
|
|
||||||
else
|
|
||||||
local raw_plain=""
|
|
||||||
[[ -n "$svc" && -n "$dest_port" ]] && raw_plain=" (${dest_ip}:${dest_port})"
|
|
||||||
[[ -n "$svc" && -z "$dest_port" ]] && raw_plain=" (${dest_ip})"
|
|
||||||
measure_len=$(( ${#svc_display} + ${#raw_plain} ))
|
|
||||||
fi
|
|
||||||
(( measure_len > w_dest )) && w_dest=$measure_len
|
|
||||||
|
|
||||||
local src_resolved=""
|
|
||||||
if [[ -n "$src_endpoint" ]]; then
|
|
||||||
src_resolved="${resolve_cache[$src_endpoint]:-}"
|
|
||||||
[[ "$src_resolved" == "$src_endpoint" ]] && src_resolved=""
|
|
||||||
|
|
||||||
local ep_measure_len
|
|
||||||
if $resolved_only; then
|
|
||||||
ep_measure_len=${#src_resolved}
|
|
||||||
[[ -z "$src_resolved" ]] && ep_measure_len=${#src_endpoint}
|
|
||||||
else
|
|
||||||
ep_measure_len=${#src_endpoint}
|
|
||||||
[[ -n "$src_resolved" ]] && \
|
|
||||||
ep_measure_len=$(( ${#src_endpoint} + 4 + ${#src_resolved} ))
|
|
||||||
fi
|
|
||||||
(( ep_measure_len > w_endpoint )) && w_endpoint=$ep_measure_len
|
|
||||||
fi
|
|
||||||
|
|
||||||
resolved_data+="${ts}|${client}|${dest_ip}|${dest_port}|${proto}|${svc}|${count}|${src_endpoint}|${src_resolved}"$'\n'
|
|
||||||
done <<< "$data"
|
|
||||||
|
|
||||||
(( w_client += 2 ))
|
|
||||||
(( w_dest += 2 ))
|
|
||||||
[[ "$w_endpoint" -gt 0 ]] && (( w_endpoint += 2 ))
|
|
||||||
|
|
||||||
# ── Pass 2: render ──
|
|
||||||
ui::logs::fw_section_header
|
|
||||||
while IFS='|' read -r ts client dest_ip dest_port proto svc count src_endpoint src_resolved; do
|
|
||||||
[[ -z "$ts" ]] && continue
|
|
||||||
ui::logs::fw_row "$ts" "$client" "$dest_ip" "$dest_port" \
|
|
||||||
"$proto" "$svc" "$count" "$w_client" "$w_dest" \
|
|
||||||
"$src_endpoint" "$src_resolved" "$w_endpoint" "$resolved_only"
|
|
||||||
done <<< "$resolved_data"
|
|
||||||
printf "\n"
|
|
||||||
}
|
|
||||||
|
|
||||||
function cmd::logs::show_wg_events() {
|
|
||||||
local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}" \
|
|
||||||
limit="${4:-50}" collapse="${5:-1}" \
|
|
||||||
since="${6:-}" filter_event="${7:-}" sort_order="${8:-desc}" \
|
|
||||||
resolved_only="${9:-false}"
|
|
||||||
|
|
||||||
[[ ! -f "$WG_EVENTS_LOG" ]] && return 0
|
|
||||||
|
|
||||||
local data
|
|
||||||
data=$(json::wg_events \
|
|
||||||
"$WG_EVENTS_LOG" "$filter_name" "$filter_type" \
|
|
||||||
"$limit" "$collapse" "$since" "$filter_event" \
|
|
||||||
"$(ctx::endpoint_cache)" "$sort_order" \
|
|
||||||
2>/dev/null)
|
|
||||||
|
|
||||||
[[ -z "$data" ]] && return 0
|
|
||||||
|
|
||||||
# ── Collect unique endpoints for batch resolution ──
|
|
||||||
local -a ep_list=()
|
|
||||||
while IFS='|' read -r ts client endpoint event count gap_seconds; do
|
|
||||||
[[ -z "$ts" || -z "$endpoint" ]] && continue
|
|
||||||
ep_list+=("$endpoint")
|
|
||||||
done <<< "$data"
|
|
||||||
|
|
||||||
declare -A resolve_cache=()
|
|
||||||
if [[ ${#ep_list[@]} -gt 0 ]]; then
|
|
||||||
while IFS='|' read -r ip name; do
|
|
||||||
[[ -n "$ip" ]] && resolve_cache["$ip"]="$name"
|
|
||||||
done < <(json::batch_resolve "${ep_list[@]}" 2>/dev/null)
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ── Measure widths ──
|
|
||||||
local w_client=16 w_endpoint=16
|
|
||||||
local resolved_data=""
|
|
||||||
|
|
||||||
while IFS='|' read -r ts client endpoint event count gap_seconds; do
|
|
||||||
[[ -z "$ts" ]] && continue
|
|
||||||
(( ${#client} > w_client )) && w_client=${#client}
|
|
||||||
|
|
||||||
local resolved=""
|
|
||||||
if [[ -n "$endpoint" ]]; then
|
|
||||||
resolved="${resolve_cache[$endpoint]:-}"
|
|
||||||
[[ "$resolved" == "$endpoint" ]] && resolved=""
|
|
||||||
fi
|
|
||||||
|
|
||||||
local ep_raw="${endpoint:--}"
|
|
||||||
local ep_measure_len
|
|
||||||
if $resolved_only; then
|
|
||||||
local ep_display="${resolved:-$endpoint}"
|
|
||||||
[[ -z "$ep_display" ]] && ep_display="-"
|
|
||||||
ep_measure_len=${#ep_display}
|
|
||||||
else
|
|
||||||
ep_measure_len=${#ep_raw}
|
|
||||||
[[ -n "$resolved" && -n "$endpoint" ]] && \
|
|
||||||
ep_measure_len=$(( ${#endpoint} + 4 + ${#resolved} ))
|
|
||||||
fi
|
|
||||||
(( ep_measure_len > w_endpoint )) && w_endpoint=$ep_measure_len
|
|
||||||
|
|
||||||
resolved_data+="${ts}|${client}|${endpoint}|${event}|${count}|${gap_seconds}|${resolved}"$'\n'
|
|
||||||
done <<< "$data"
|
|
||||||
|
|
||||||
(( w_client += 2 ))
|
|
||||||
(( w_endpoint += 2 ))
|
|
||||||
|
|
||||||
# ── Render ──
|
|
||||||
ui::logs::wg_section_header
|
|
||||||
while IFS='|' read -r ts client endpoint event count gap_seconds resolved; do
|
|
||||||
[[ -z "$ts" ]] && continue
|
|
||||||
if $resolved_only; then
|
|
||||||
local ep_display="${resolved:-$endpoint}"
|
|
||||||
[[ -z "$ep_display" ]] && ep_display="-"
|
|
||||||
ui::logs::wg_row "$ts" "$client" "$ep_display" "$event" \
|
|
||||||
"$count" "$w_client" "$w_endpoint" "$gap_seconds" ""
|
|
||||||
else
|
|
||||||
ui::logs::wg_row "$ts" "$client" "$endpoint" "$event" \
|
|
||||||
"$count" "$w_client" "$w_endpoint" "$gap_seconds" "$resolved"
|
|
||||||
fi
|
|
||||||
done <<< "$resolved_data"
|
|
||||||
printf "\n"
|
|
||||||
}
|
|
||||||
|
|
||||||
function cmd::logs::show_merged() {
|
|
||||||
local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}" \
|
|
||||||
limit="${4:-50}" net_file="${5:-}" since="${6:-}"
|
|
||||||
|
|
||||||
local fw_data wg_data
|
|
||||||
fw_data=$(json::fw_events \
|
|
||||||
"$FW_EVENTS_LOG" "$filter_ip" "$filter_type" \
|
|
||||||
"$(ctx::clients)" "${net_file:-}" \
|
|
||||||
"$limit" "1" "$since" "" "" \
|
|
||||||
2>/dev/null)
|
|
||||||
wg_data=$(json::wg_events \
|
|
||||||
"$WG_EVENTS_LOG" "$filter_name" "$filter_type" \
|
|
||||||
"$limit" "1" "$since" "" \
|
|
||||||
2>/dev/null)
|
|
||||||
|
|
||||||
local w_client=16 w_dest=20
|
|
||||||
while IFS='|' read -r ts client rest; do
|
|
||||||
[[ -z "$ts" ]] && continue
|
|
||||||
(( ${#client} > w_client )) && w_client=${#client}
|
|
||||||
done < <(echo "$fw_data"; echo "$wg_data")
|
|
||||||
(( w_client += 2 ))
|
|
||||||
|
|
||||||
local merged_data
|
|
||||||
merged_data=$(
|
|
||||||
while IFS='|' read -r ts client dest_ip dest_port proto svc count; do
|
|
||||||
[[ -z "$ts" ]] && continue
|
|
||||||
echo "fw|${ts}|${client}|${dest_ip}|${dest_port}|${proto}|${svc}|${count}"
|
|
||||||
done <<< "$fw_data"
|
|
||||||
while IFS='|' read -r ts client endpoint event count; do
|
|
||||||
[[ -z "$ts" ]] && continue
|
|
||||||
echo "wg|${ts}|${client}|${endpoint}|${event}|${count}"
|
|
||||||
done <<< "$wg_data"
|
|
||||||
)
|
|
||||||
|
|
||||||
while IFS='|' read -r source ts rest; do
|
|
||||||
[[ -z "$source" ]] && continue
|
|
||||||
case "$source" in
|
|
||||||
fw)
|
|
||||||
IFS='|' read -r client dest_ip dest_port proto svc count <<< "$rest"
|
|
||||||
local dest_display
|
|
||||||
if [[ -n "$svc" ]]; then
|
|
||||||
[[ -n "$dest_port" ]] && dest_display="${svc}/${proto}" || dest_display="${svc} (${proto})"
|
|
||||||
else
|
|
||||||
[[ -n "$dest_port" ]] && dest_display="${dest_ip}:${dest_port}/${proto}" || dest_display="${dest_ip} (${proto})"
|
|
||||||
fi
|
|
||||||
(( ${#dest_display} > w_dest )) && w_dest=${#dest_display}
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done <<< "$merged_data"
|
|
||||||
(( w_dest += 2 ))
|
|
||||||
|
|
||||||
while IFS='|' read -r source ts rest; do
|
|
||||||
[[ -z "$source" ]] && continue
|
|
||||||
case "$source" in
|
|
||||||
fw)
|
|
||||||
IFS='|' read -r client dest_ip dest_port proto svc count <<< "$rest"
|
|
||||||
ui::watch::fw_row "$ts" "$client" \
|
|
||||||
"$(ui::logs::build_dest "$dest_ip" "$dest_port" "$proto" "$svc")" \
|
|
||||||
"$w_client" "$w_dest"
|
|
||||||
;;
|
|
||||||
wg)
|
|
||||||
IFS='|' read -r client endpoint event count <<< "$rest"
|
|
||||||
ui::watch::wg_row "$ts" "$client" "$endpoint" "$event" \
|
|
||||||
"$w_client" "$w_dest"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done < <(echo "$merged_data" | sort -t'|' -k2,2)
|
|
||||||
|
|
||||||
printf "\n"
|
|
||||||
}
|
|
||||||
|
|
||||||
function cmd::logs::follow() {
|
|
||||||
local filter_ip="${1:-}" filter_name="${2:-}" filter_type="${3:-}"
|
|
||||||
local fw_only="${4:-false}" wg_only="${5:-false}"
|
|
||||||
|
|
||||||
log::section "WireGuard Live Log (Ctrl+C to stop)"
|
|
||||||
printf "\n"
|
|
||||||
|
|
||||||
local restricted_only=false blocked_only=false
|
|
||||||
$fw_only && restricted_only=true
|
|
||||||
$wg_only && blocked_only=true
|
|
||||||
|
|
||||||
monitor::live "$filter_name" "$filter_type" "" \
|
|
||||||
"$blocked_only" "$restricted_only" "false" "false"
|
|
||||||
}
|
|
||||||
|
|
||||||
function cmd::logs::remove() {
|
|
||||||
local name="" type="" before="" force=false
|
|
||||||
local fw_only=false wg_only=false all=false
|
|
||||||
|
|
||||||
while [[ $# -gt 0 ]]; do
|
|
||||||
case "$1" in
|
|
||||||
--name) name="$2"; shift 2 ;;
|
|
||||||
--type) type="$2"; shift 2 ;;
|
|
||||||
--before) before="$2"; shift 2 ;;
|
|
||||||
--fw) fw_only=true; shift ;;
|
|
||||||
--wg) wg_only=true; shift ;;
|
|
||||||
--all) all=true; shift ;;
|
|
||||||
--force) force=true; shift ;;
|
|
||||||
--help) cmd::logs::help; return ;;
|
|
||||||
*)
|
|
||||||
log::error "Unknown flag: $1"
|
|
||||||
return 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
if ! $all && [[ -z "$name" && -z "$before" ]]; then
|
|
||||||
log::error "Specify --name, --before, or --all"
|
|
||||||
cmd::logs::help
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
local filter_ip=""
|
|
||||||
if [[ -n "$name" ]]; then
|
|
||||||
name=$(peers::resolve_and_require "$name" "$type") || return 1
|
|
||||||
filter_ip=$(peers::get_ip "$name")
|
|
||||||
fi
|
|
||||||
|
|
||||||
local desc=""
|
|
||||||
$all && desc="all entries"
|
|
||||||
[[ -n "$name" ]] && desc="entries for '${name}'"
|
|
||||||
[[ -n "$before" ]] && desc="${desc:+$desc, }entries older than ${before} days"
|
|
||||||
$fw_only && desc="${desc} (fw only)"
|
|
||||||
$wg_only && desc="${desc} (wg only)"
|
|
||||||
|
|
||||||
if ! $force; then
|
|
||||||
read -r -p "Remove ${desc}? [y/N] " confirm
|
|
||||||
case "$confirm" in
|
|
||||||
[yY]*) ;;
|
|
||||||
*) log::info "Aborted"; return 0 ;;
|
|
||||||
esac
|
|
||||||
fi
|
|
||||||
|
|
||||||
local result
|
|
||||||
result=$(json::remove_events_filtered \
|
|
||||||
"$WG_EVENTS_LOG" "$FW_EVENTS_LOG" \
|
|
||||||
"${name:-}" "${filter_ip:-}" \
|
|
||||||
"$fw_only" "$wg_only" \
|
|
||||||
"${before:-}")
|
|
||||||
|
|
||||||
local removed_wg removed_fw
|
|
||||||
IFS="|" read -r removed_wg removed_fw <<< "$result"
|
|
||||||
local total=$(( removed_wg + removed_fw ))
|
|
||||||
|
|
||||||
if [[ "$total" -eq 0 ]]; then
|
|
||||||
log::wg_warning "No log entries found matching the criteria"
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
log::wg_success "Removed ${total} log entries (wg: ${removed_wg}, fw: ${removed_fw})"
|
|
||||||
}
|
|
||||||
|
|
||||||
function cmd::logs::rotate() {
|
|
||||||
local days=7 force=false
|
|
||||||
|
|
||||||
while [[ $# -gt 0 ]]; do
|
|
||||||
case "$1" in
|
|
||||||
--days) days="$2"; shift 2 ;;
|
|
||||||
--force) force=true; shift ;;
|
|
||||||
--help) cmd::logs::help; return ;;
|
|
||||||
*) log::error "Unknown flag: $1"; return 1 ;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
$force || {
|
|
||||||
read -r -p "Remove log entries older than ${days} days? [y/N] " confirm
|
|
||||||
case "$confirm" in
|
|
||||||
[yY]*) ;;
|
|
||||||
*) log::info "Aborted"; return 0 ;;
|
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
|
||||||
local result
|
|
||||||
result=$(json::remove_events_filtered \
|
|
||||||
"$WG_EVENTS_LOG" "$FW_EVENTS_LOG" \
|
|
||||||
"" "" "false" "false" "$days")
|
|
||||||
|
|
||||||
local removed_wg removed_fw
|
|
||||||
IFS="|" read -r removed_wg removed_fw <<< "$result"
|
|
||||||
local total=$(( removed_wg + removed_fw ))
|
|
||||||
|
|
||||||
if [[ "$total" -eq 0 ]]; then
|
|
||||||
log::wg_warning "No log entries older than ${days} days"
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
log::wg_success "Rotated ${total} entries older than ${days} days (wg: ${removed_wg}, fw: ${removed_fw})"
|
|
||||||
}
|
|
||||||
|
|
@ -199,9 +199,8 @@ function cmd::test::section_groups() {
|
||||||
test::section "Groups"
|
test::section "Groups"
|
||||||
cmd::test::run_cmd "group list" "Groups" group list
|
cmd::test::run_cmd "group list" "Groups" group list
|
||||||
cmd::test::run_cmd "group show --name family" "Peers:" group show --name family
|
cmd::test::run_cmd "group show --name family" "Peers:" group show --name family
|
||||||
cmd::test::run_cmd "group list --json" '"groups":' group list --json
|
cmd::test::run_cmd "group list --json" '"name":' group list --json
|
||||||
cmd::test::run_cmd "group list --json" '"groups":' group list --json
|
cmd::test::run_cmd "group list --json" '"command":"groups"' group list --json
|
||||||
cmd::test::run_cmd "group --json peer_count" '"peer_count":' group list --json
|
|
||||||
cmd::test::run_cmd_fails "group show nonexistent" group show --name nonexistent
|
cmd::test::run_cmd_fails "group show nonexistent" group show --name nonexistent
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue