qdm12 · jagaimoworks · Aug 3, 2024 · Aug 3, 2024 · Aug 5, 2024 · Aug 5, 2024
diff --git a/internal/portforward/interfaces.go b/internal/portforward/interfaces.go
@@ -9,6 +9,7 @@ type Service interface {
 	Start(ctx context.Context) (runError <-chan error, err error)
 	Stop() (err error)
 	GetPortsForwarded() (ports []uint16)
+	SetPortsForwarded(ctx context.Context, ports []uint16) (err error)
 }
 
 type Routing interface {

diff --git a/internal/portforward/loop.go b/internal/portforward/loop.go
@@ -157,6 +157,20 @@ func (l *Loop) GetPortsForwarded() (ports []uint16) {
 	return l.service.GetPortsForwarded()
 }
 
+func (l *Loop) SetPortsForwarded(ports []uint16) (err error) {
+	if l.service == nil {
+		return
+	}
+
+	err = l.service.SetPortsForwarded(l.runCtx, ports)
+	if err != nil {
+		l.logger.Error(err.Error())
+		return err
-	if err != nil {
-		l.logger.Error(err.Error())
-		return err
+	if err != nil {
+		return err
-	if err != nil {
-		l.logger.Error(err.Error())
-		return err
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func ptrTo[T any](value T) *T {
 	return &value
 }
diff --git a/internal/portforward/service/service.go b/internal/portforward/service/service.go
@@ -47,3 +47,45 @@ func (s *Service) GetPortsForwarded() (ports []uint16) {
 	copy(ports, s.ports)
 	return ports
 }
+
+func (s *Service) SetPortsForwarded(ctx context.Context, ports []uint16) (err error) {
+	for i, port := range s.ports {
+		err := s.portAllower.RemoveAllowedPort(ctx, port)
+		if err != nil {
+			for j := 0; j < i; j++ {
-			for j := 0; j < i; j++ {
+			for j := range i {
-			for j := 0; j < i; j++ {
+			for j := range i {
+				_ = s.portAllower.SetAllowedPort(ctx, s.ports[j], s.settings.Interface)
+			}
+			s.logger.Error(err.Error())
+			return err
-			s.logger.Error(err.Error())
-			return err
+			return fmt.Errorf("removing allowed port: %w", err)
-			s.logger.Error(err.Error())
-			return err
+			return fmt.Errorf("removing allowed port: %w", err)
+		}
+	}
+
+	for i, port := range ports {
+		err := s.portAllower.SetAllowedPort(ctx, port, s.settings.Interface)
+		if err != nil {
+			for j := 0; j < i; j++ {
+				_ = s.portAllower.RemoveAllowedPort(ctx, s.ports[j])
+			}
+			for _, port := range s.ports {
+				_ = s.portAllower.SetAllowedPort(ctx, port, s.settings.Interface)
+			}
+			s.logger.Error(err.Error())
+			return err
-			s.logger.Error(err.Error())
-			return err
+			return fmt.Errorf("setting allowed port: %w", err)
-			s.logger.Error(err.Error())
-			return err
+			return fmt.Errorf("setting allowed port: %w", err)
+		}
+	}
+
+	err = s.writePortForwardedFile(ports)
+	if err != nil {
+		_ = s.cleanup()
+		return err
+	}
+
+	s.portMutex.RLock()
+	defer s.portMutex.RUnlock()
+	s.ports = make([]uint16, len(ports))
+	copy(s.ports, ports)
+
+	s.logger.Info("updated: " + portsToString(s.ports))
+
+	return nil
+}
diff --git a/internal/server/handler.go b/internal/server/handler.go
@@ -11,7 +11,7 @@ import (
 func newHandler(ctx context.Context, logger infoWarner, logging bool,
 	buildInfo models.BuildInformation,
 	vpnLooper VPNLooper,
-	pfGetter PortForwardedGetter,
+	pf PortForwarding,
 	unboundLooper DNSLoop,
 	updaterLooper UpdaterLooper,
 	publicIPLooper PublicIPLoop,
@@ -21,7 +21,7 @@ func newHandler(ctx context.Context, logger infoWarner, logging bool,
 	handler := &handler{}
 
 	vpn := newVPNHandler(ctx, vpnLooper, storage, ipv6Supported, logger)
-	openvpn := newOpenvpnHandler(ctx, vpnLooper, pfGetter, logger)
+	openvpn := newOpenvpnHandler(ctx, vpnLooper, pf, logger)
 	dns := newDNSHandler(ctx, unboundLooper, logger)
 	updater := newUpdaterHandler(ctx, updaterLooper, logger)
 	publicip := newPublicIPHandler(publicIPLooper, logger)

diff --git a/internal/server/interfaces.go b/internal/server/interfaces.go
@@ -21,8 +21,9 @@ type DNSLoop interface {
 	GetStatus() (status models.LoopStatus)
 }
 
-type PortForwardedGetter interface {
+type PortForwarding interface {
 	GetPortsForwarded() (ports []uint16)
+	SetPortsForwarded(ports []uint16) (err error)
 }
 
 type PublicIPLoop interface {

diff --git a/internal/server/openvpn.go b/internal/server/openvpn.go
@@ -11,19 +11,19 @@ import (
 )
 
 func newOpenvpnHandler(ctx context.Context, looper VPNLooper,
-	pfGetter PortForwardedGetter, w warner) http.Handler {
+	portForwarding PortForwarding, w warner) http.Handler {
 	return &openvpnHandler{
 		ctx:    ctx,
 		looper: looper,
-		pf:     pfGetter,
+		pf:     portForwarding,
 		warner: w,
 	}
 }
 
 type openvpnHandler struct {
 	ctx    context.Context //nolint:containedctx
 	looper VPNLooper
-	pf     PortForwardedGetter
+	pf     PortForwarding
 	warner warner
 }
 
@@ -50,6 +50,8 @@ func (h *openvpnHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		switch r.Method {
 		case http.MethodGet:
 			h.getPortForwarded(w)
+		case http.MethodPut:
+			h.setPortForwarded(w, r)
 		default:
 			errMethodNotSupported(w, r.Method)
 		}
@@ -141,3 +143,30 @@ func (h *openvpnHandler) getPortForwarded(w http.ResponseWriter) {
 		w.WriteHeader(http.StatusInternalServerError)
 	}
 }
+
+func (h *openvpnHandler) setPortForwarded(w http.ResponseWriter, r *http.Request) {
+	var data portsWrapper
+
+	decoder := json.NewDecoder(r.Body)
+	if err := decoder.Decode(&data); err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	if len(data.Ports) == 0 {
+		http.Error(w, "no port specified", http.StatusBadRequest)
+		return
+	}
+
+	if err := h.pf.SetPortsForwarded(data.Ports); err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
-	if err := h.pf.SetPortsForwarded(data.Ports); err != nil {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
+	if err := h.pf.SetPortsForwarded(data.Ports); err != nil {
+		h.warner.Warn(fmt.Sprintf("failed setting forwarded ports: %s", err))
+		http.Error(w, "failed setting forwarded ports", http.StatusInternalServerError)
-	if err := h.pf.SetPortsForwarded(data.Ports); err != nil {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
+	if err := h.pf.SetPortsForwarded(data.Ports); err != nil {
+		h.warner.Warn(fmt.Sprintf("failed setting forwarded ports: %s", err))
+		http.Error(w, "failed setting forwarded ports", http.StatusInternalServerError)
+		return
+	}
+
+	encoder := json.NewEncoder(w)
+	err := encoder.Encode(h.pf.GetPortsForwarded())
+	if err != nil {
+		h.warner.Warn(err.Error())
+		w.WriteHeader(http.StatusInternalServerError)
+	}
+}
diff --git a/internal/server/server.go b/internal/server/server.go
@@ -10,12 +10,12 @@ import (
 
 func New(ctx context.Context, address string, logEnabled bool, logger Logger,
 	buildInfo models.BuildInformation, openvpnLooper VPNLooper,
-	pfGetter PortForwardedGetter, unboundLooper DNSLoop,
+	pf PortForwarding, unboundLooper DNSLoop,
 	updaterLooper UpdaterLooper, publicIPLooper PublicIPLoop, storage Storage,
 	ipv6Supported bool) (
 	server *httpserver.Server, err error) {
 	handler := newHandler(ctx, logger, logEnabled, buildInfo,
-		openvpnLooper, pfGetter, unboundLooper, updaterLooper, publicIPLooper,
+		openvpnLooper, pf, unboundLooper, updaterLooper, publicIPLooper,
 		storage, ipv6Supported)
 
 	httpServerSettings := httpserver.Settings{