flowaccount · NamSupawan · Jan 31, 2025 · Jan 31, 2025 · Jan 31, 2025 · Jan 31, 2025
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
@@ -20,10 +20,20 @@ def users
     end
   end
 
+  def update_users_admin
+    if current_user.admin?
+      @user = User.find(params[:id])
+      @user.admin = !@user.admin
+      @user.save!
+    else
+      redirect_to root_path, alert: 'You are not authorized to access this page.'
+    end
+  end
+
   def vpn_configurations
     if current_user.admin?
       @vpn_configuration = VpnConfiguration.get_vpn_configuration
-
+      @all_vpn_configuration = VpnConfiguration.all
     else
       redirect_to root_path, alert: 'You are not authorized to access this page.'
     end

diff --git a/app/controllers/firewalls_controller.rb b/app/controllers/firewalls_controller.rb
@@ -0,0 +1,89 @@
+
+
+class FirewallsController < ApplicationController
+  before_action :require_login
+  # before_action :get_iptables_rules, only: %i[show edit update destroy]
+  # before_action :set_vpn_configuration, only: %i[ show update edit ]
+  layout 'admin'
+
+  def index
+    @firewall = Firewall.new
+  end
+
+  def rules
+    @iptables_output = get_iptables_rules
+  end
+
+  def new
+    @firewall = Firewall.new
+  end
+
+  # Handle form submission
+  def create
+    @firewall = Firewall.new(firewall_params)
+    #@firewall.name = @rule_name
+    if @firewall.name.blank? || @firewall.name.nil? || @firewall.ipAddress.nil?
+      render json: @firewall, status: :ok
+    else
+      name = @firewall.name
+      ip = @firewall.ipAddress
+      command = "sudo ipset add #{name} #{ip}"
+      output, status = Open3.capture2e(command)
+
+      if status.success?
+        Open3.capture2e("sudo iptables-save > /etc/iptables/rules.v4")
+        Open3.capture2e("sudo systemctl restart iptables")
+        flash[:notice] = "Add Allowed IP Address: #{@firewall.name}"
+        render plain: "Success Add Allowed IP", status: :ok
+      else
+        render :index, alert: "Failed to create WireGuard interface:\n#{output}"
+      end
+    end
+  end
+
+  def update_display_rules
+    rules_name = params[:rules_name]
+
+    if rules_name
+      @allowed_ips_output = get_allowed_ip_addresses(rules_name)
+      @firewall = Firewall.new
+      @firewall.name = rules_name
+      @rule_name = rules_name
+      # Handle active status logic here
+      render :index
+    else
+      # Handle inactive status logic here
+      render plain: "Failed to update firewall", status: :unprocessable_entity
+    end
+  end
+
+  private
+
+  def firewall_params
+    params.require(:firewall).permit(:name, :ipAddress)
+  end
+
+  def get_allowed_ip_addresses(name)
+    command = "sudo ipset list #{name} | awk 'NR > 7 { print $1 }'"
+
+    output, status = Open3.capture2e(command)
@@ -45,4 +45,5 @@
    rules_name = params[:rules_name]
+    allowed_rules_names = ["allowed_rule1", "allowed_rule2"] # Example whitelist
-    if rules_name
+    if rules_name && allowed_rules_names.include?(rules_name)
      @allowed_ips_output = get_allowed_ip_addresses(rules_name)
@@ -45,4 +45,5 @@
    rules_name = params[:rules_name]
+    allowed_rules_names = ["allowed_rule1", "allowed_rule2"] # Example whitelist

-    if rules_name
+    if rules_name && allowed_rules_names.include?(rules_name)
      @allowed_ips_output = get_allowed_ip_addresses(rules_name)
+
+    if status.success?
+      output # Return iptables output
+    else
+      "Error fetching iptables rules: #{stderr}" # Handle errors
+    end
+  end
+
+  def get_iptables_rules
+    command = "sudo iptables -L -n -v --line-number"
+
+    output, status = Open3.capture2e(command)
+
+    if status.success?
+      output # Return iptables output
+    else
+      "Error fetching iptables rules: #{stderr}" # Handle errors
+    end
+  end
+end
diff --git a/app/controllers/vpn_devices_controller.rb b/app/controllers/vpn_devices_controller.rb
@@ -50,8 +50,7 @@ def new
   # POST /vpn_devices or /vpn_devices.json
   def create
     config_file = params[:config_file]
-    output, status = Open3.capture2e("sudo wg-quick up #{config_file}")
-
+    output, status = Open3.capture2e("sudo wg-quick up #{config_file}")   
@@ -105,8 +105,14 @@
  # POST /vpn_devices or /vpn_devices.json
  def create
-    config_file = params[:config_file]
-    output, status = Open3.capture2e("sudo wg-quick up #{config_file}")   
+    config_file = params[:config_file].to_s
+
+    unless config_file.match?(/\A[\w.\-\/]+\z/)
+      redirect_to new_vpn_device_path, alert: 'Invalid configuration file name.'
+      return
+    end
+
+    output, status = Open3.capture2e('sudo', 'wg-quick', 'up', config_file)
    if status.success?
      redirect_to vpn_devices_path, notice: 'WireGuard interface created successfully.'
    else
@@ -105,8 +105,14 @@

  # POST /vpn_devices or /vpn_devices.json
  def create
-    config_file = params[:config_file]
-    output, status = Open3.capture2e("sudo wg-quick up #{config_file}")   
+    config_file = params[:config_file].to_s
+
+    unless config_file.match?(/\A[\w.\-\/]+\z/)
+      redirect_to new_vpn_device_path, alert: 'Invalid configuration file name.'
+      return
+    end
+
+    output, status = Open3.capture2e('sudo', 'wg-quick', 'up', config_file)
    if status.success?
      redirect_to vpn_devices_path, notice: 'WireGuard interface created successfully.'
    else
     if status.success?
       redirect_to vpn_devices_path, notice: 'WireGuard interface created successfully.'
     else

diff --git a/app/models/firewall.rb b/app/models/firewall.rb
@@ -0,0 +1,9 @@
+# app/models/firewall.rb
+class Firewall 
+    include ActiveModel::Model
+    # model code
+    attr_accessor :name, :ipAddress
+
+
+end
+
diff --git a/app/views/admin/users.html.erb b/app/views/admin/users.html.erb
@@ -1,20 +1,28 @@
 <table class="table table-striped">
     <thead>
         <tr>
+            <th>Row</th>
             <th>Name</th>
             <th>Email</th>
             <th>Admin</th>
         </tr>
     </thead>
     <tbody>
-        <% @users.each do |user| %>
+        <% @users.each_with_index do |user , index| %>
             <tr>
+                <td><%= index+1 %></td>
                 <td><%= user.name %></td>
                 <td><%= user.email %></td>
                 <td>
                     <div class="form-check">
-                        <input class="form-check-input" type="checkbox" <%= 'checked' if user.admin? %>
-                        <%= 'disabled' if current_user == user %>>
+
+                        <%= form_with url: update_users_admin_path(user), method: :patch, remote: false do |form| %>
+  <%= form.check_box :active, { 
+        onchange: 'this.form.submit();', 
+        disabled: current_user == user, 
+        checked: user.admin
+      } %>
+<% end %>
                     </div>
                     </div>
                 </td>

diff --git a/app/views/admin/vpn_configurations.html.erb b/app/views/admin/vpn_configurations.html.erb
@@ -10,6 +10,14 @@
   <div style="color: red">You will be required to re-configure all client devices on update, please be careful,
     don't do it if you don't understand
   </div>
+
+  <% @all_vpn_configuration.each do |config| %>
+    <tr>
+      <td><%= config.wg_ip_address %></td>
+      <td><%= config.wg_interface_name %></td>
+    </tr>
+  <% end %>
+
   <hr>
 
   <%= form_with model: @vpn_configuration, url: update_vpn_configuration_path(@vpn_configuration), local: true, html: { class: "form-horizontal" } do |form| %>

diff --git a/app/views/firewalls/index.html.erb b/app/views/firewalls/index.html.erb
@@ -0,0 +1,32 @@
+<h2>Rules Access</h2>
+
+<%= turbo_frame_tag "status_display" do %>
+  <span>Select Name List:
+    <%= form_with url: update_display_rules_path, method: :patch, remote: false do %>
+      <%= select_tag :rules_name, options_for_select(["allowed_remotes", "allowed_remotes_crm"], selected: nil),{ onchange: "this.form.submit();", prompt: "Please select rule name" } %>
+    <% end %>
+  </span>
+
+  <br/>
+  <span>Rules Name: <%= raw @rule_name%></span>
+  <br/>
+  <span>Allowed IPs: <%= raw @allowed_ips_output%></span>
+<% end %>
+
+<br/><br/>
+
+<%= form_for @firewall , method: :post do |f|  %>
+    <div>
+      <%= f.label :name, "Name Rule" %>
+      <%= f.text_field :name  %>
+    </div>
+    <br/>
+    <div>
+      <%= f.label :ipAddress, "IP Allow" %>
+      <%= f.text_field :ipAddress %>
+    </div>
+    <br/>
+    <div>
+      <%= f.submit "Submit", class: "btn btn-primary" %>
+    </div>
+  <% end %>
diff --git a/app/views/shared/_navbar.html.erb b/app/views/shared/_navbar.html.erb
@@ -23,6 +23,9 @@
           <li class="nav-item">
             <a class="nav-link" href="/admin/vpn_configurations">Configuration</a>
           </li>
+          <li class="nav-item">
+            <a class="nav-link" href="/firewall/rules">IP</a>
+          </li>
         <% end %>
         <li class="nav-item">
           <a class="nav-link" href="/logout">Logout</a>

diff --git a/app/views/vpn_devices/_vpn_device.html.erb b/app/views/vpn_devices/_vpn_device.html.erb
@@ -1,19 +1,25 @@
 <table class="table table-striped table-hover">
   <thead class="table-light">
   <tr>
-    <th>User</th>
-    <th>VPN Device</th>
-    <th colspan="2"></th>
+  <th>Row</th>
+  <th>User ID</th>
+  <th>User</th>
+  <th>Device IP</th>
+  <th>Device description</th>
+  <th colspan="2"></th>
   </tr>
   </thead>
 
   <tbody>
-  <% @vpn_devices.each do |vpn_device| %>
+  <% @vpn_devices.each_with_index do |vpn_device,index| %>
     <tr>
-      <td><%= vpn_device.user.name %></td>
-      <td><%= link_to vpn_device.description, vpn_device %></td>
-
-      <td><%= link_to 'Destroy', vpn_device, method: :delete, data: { confirm: 'Are you sure?' }, class: 'btn btn-danger btn-sm' %></td>
+    <td><%= index+1 %></td>
+    <td><%= vpn_device.user.id %></td>
+    <td><%= vpn_device.user.name %></td>
+    <td><%= vpn_device.ip_allocation.ip_address %></td>
+    <td><%= vpn_device.description %></td>
+    <td><%= link_to 'Remove Device', vpn_device, data: { turbo_method: :delete, turbo_confirm: 'Are you sure?' }, class: 'btn btn-danger btn-sm' %></td>
+    <td><%= link_to 'Show Device', vpn_device, data: { turbo_method: :get }, class: 'btn btn-primary btn-sm' %></td>
     </tr>
   <% end %>
   </tbody>

diff --git a/app/views/vpn_devices/_vpn_devices.html.erb b/app/views/vpn_devices/_vpn_devices.html.erb
@@ -6,7 +6,7 @@
     <%= form_with model: vpn_device do |form| %>
       <div class="row">
         <div class="col-md-3">
-          <%= form.text_field :description, id: "description", class: "form-control", placeholder: "Device Description" %>
+          <%= form.text_field :description, id: "description", class: "form-control", placeholder: "Device Description" , required: true %>
         </div>
 
         <div class="col-md-3">
@@ -31,11 +31,12 @@
         </div>
       </div>
     <% end %>
+    <br/>
   <% end %>
 <% end %>
 
-<% if vpn_devices_require_updates.count == 0 %>
-  <%= link_to 'Add a VPN Device', new_vpn_device_path, class: 'btn btn-primary btn-sm' %>
+<% if vpn_devices.count == 0 && vpn_devices_require_updates.count == 0 %>
+  <%= button_tag "Add a VPN Device", onclick: "window.location.href='#{new_vpn_device_path}'", class: "btn btn-primary btn-sm" %>
 <% end %>
 <br>
 <br>
@@ -93,15 +94,7 @@
                 <h6 class="card-title"> <%= vpn_device.ip_allocation.ip_address %></h6>
               </div>
             </div>
-            <div class="row">
-              <div class="col-sm-4">
-                <h6 class="card-title">Accessible remote networks</h6>
-              </div>
-              <div class="col-sm-8">
-                <td></td>
-                <h6 class="card-title"> <%= @vpn_configuration.network_addresses.map(&:network_address).join(", ") %></h6>
-              </div>
-            </div>
+
             <br/>
 
             <%= link_to 'Download Configuration', download_config_path(vpn_device.id), class: 'btn btn-primary btn-sm' %>

diff --git a/app/views/vpn_devices/index.html.erb b/app/views/vpn_devices/index.html.erb
@@ -6,18 +6,23 @@
   <table class="table table-striped table-hover">
     <thead class="table-light">
     <tr>
+      <th>Row</th>
+      <th>User ID</th>
       <th>User</th>
+      <th>Device IP</th>
       <th>Device description</th>
       <th colspan="2"></th>
     </tr>
     </thead>
 
     <tbody>
-    <% @vpn_devices.each do |vpn_device| %>
+    <% @vpn_devices.each_with_index do |vpn_device,index| %>
       <tr>
+        <td><%= index+1 %></td>
+        <td><%= vpn_device.user.id %></td>
         <td><%= vpn_device.user.name %></td>
+        <td><%= vpn_device.ip_allocation.ip_address %></td>
         <td><%= vpn_device.description %></td>
-
         <td><%= link_to 'Remove Device', vpn_device, data: { turbo_method: :delete, turbo_confirm: 'Are you sure?' }, class: 'btn btn-danger btn-sm' %></td>
         <td><%= link_to 'Show Device', vpn_device, data: { turbo_method: :get }, class: 'btn btn-primary btn-sm' %></td>
       </tr>

diff --git a/app/views/vpn_devices/show.html.erb b/app/views/vpn_devices/show.html.erb
@@ -57,16 +57,6 @@
                   <%= @vpn_device.ip_allocation.ip_address %></h6>
               </div>
             </div>
-            <div class="row">
-              <div class="col-sm-4">
-                <h6 class="card-title">Accessible remote networks</h6>
-              </div>
-              <div class="col-sm-8">
-                <td></td>
-                <h6 class="card-title">
-                  <%= @vpn_configuration.network_addresses.map(&:network_address).join(", ") %></h6>
-              </div>
-            </div>
             <br/>
 
             <%= link_to "Download Configuration",

diff --git a/config/routes.rb b/config/routes.rb
@@ -1,6 +1,7 @@
 Rails.application.routes.draw do
   resources :configurations
   resources :vpn_devices
+  resources :firewalls
   get 'dns_records/refresh', to: 'dns_records#refresh_zones', as: 'refresh_dns_records'
   resources :dns_records
   get 'home/index'
@@ -12,8 +13,13 @@
   get 'auth/:provider/callback', to: 'sessions#create'
   get 'auth/failure', to: redirect('/')
   get 'logout', to: 'sessions#destroy', as: 'logout'
-
   get 'admin/users'
+  #get 'firewall' , to: 'firewall#index'
+  post 'firewalls', to: 'firewalls#create', as: 'firewall_create'
+  patch 'firewalls', to: 'firewalls#update_display_rules', as: 'update_display_rules'
+
+  patch 'admin/user/:id', to: 'admin#update_users_admin', as: 'update_users_admin'
+
   get 'admin/vpn_configurations'
   patch 'admin/vpn_configuration/:id', to: 'admin#update_vpn_configuration', as: 'update_vpn_configuration'
 

diff --git a/db/schema.rb b/db/schema.rb
@@ -40,9 +40,11 @@
     t.string "uid"
     t.string "email"
     t.string "name"
+    t.string "role"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
     t.boolean "admin"
+    t.boolean "isDeleted", default: false
   end
 
   create_table "vpn_configurations", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t|