Skip to content

Commit 12d31bf

Browse files
Merge pull request #670 from jaredhendrickson13/next_minor
v2.4.0 Fixes & Features
2 parents 4d9140d + d3fe0e1 commit 12d31bf

25 files changed

Lines changed: 556 additions & 126 deletions
Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
name: Weekly Schedule
2+
3+
on:
4+
workflow_dispatch: # Enable manual triggering
5+
schedule:
6+
- cron: "0 18 * * 1"
7+
8+
permissions:
9+
issues: write
10+
pull-requests: write
11+
12+
jobs:
13+
stale:
14+
runs-on: ubuntu-latest
15+
env:
16+
DAYS_BEFORE_STALE: 60
17+
steps:
18+
- uses: actions/stale@v9
19+
with:
20+
stale-issue-message: |
21+
This issue has been automatically marked as stale because it has had no recent activity in the last ${{ env.DAYS_BEFORE_STALE }} days.
22+
stale-pr-message: |
23+
This pull request has been automatically marked as stale because it has had no recent activity in the last ${{ env.DAYS_BEFORE_STALE }} days.
24+
days-before-stale: ${{ env.DAYS_BEFORE_STALE }}
25+
days-before-close: 0
26+
exempt-issue-labels: "feature request,enhancement,bug"

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
![Docs](https://img.shields.io/website?url=https%3A%2F%2Fpfrest.org&label=Documentation)
99

1010
The pfSense REST API package is an unofficial, open-source REST and GraphQL API for pfSense CE and pfSense Plus
11-
firewalls.It is designed to be light-weight, fast, and easy to use. This guide will help you get started with the REST
11+
firewalls. It is designed to be light-weight, fast, and easy to use. This guide will help you get started with the REST
1212
API package and provide you with the information you need to configure and use the package effectively.
1313

1414
## Key Features

docs/INSTALL_AND_CONFIG.md

Lines changed: 50 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,9 @@ pkg-static -C /dev/null add https://github.com/jaredhendrickson13/pfsense-api/re
4747
the [releases page](https://github.com/jaredhendrickson13/pfsense-api/releases) to find the package built for
4848
your version of pfSense.
4949
- When updating pfSense, **you must reinstall this package afterward** as pfSense removes unofficial packages during
50-
system updates and has no way to automatically reinstall them.
50+
system updates and has no way to automatically reinstall them.
51+
- If you're looking for a method of programmatically installing the package without SSH, check out
52+
[pfsense-vshell](https://github.com/jaredhendrickson13/pfsense-vshell)!
5153

5254
## Configuring the package
5355

@@ -70,16 +72,60 @@ pfsense-restapi delete
7072

7173
## Updating the package
7274

75+
Before updating the package, it is recommended to enable the REST API's 'Keep Backup' setting to ensure that your
76+
REST API configurations, keys and access lists are not lost during the update process. It is also highly recommended to
77+
read and understand both the release change notes on GitHub and the [versioning policy](#versioning-policy) to ensure
78+
you do not unintentionally introduce breaking changes to your environment.
79+
80+
!!! Tip
81+
While the package is updating, the REST API may be unavailable for a short period of time. Updates typically complete
82+
within a minute, but may vary depending on network environment and conditions. It is recommended to
83+
schedule updates during off-peak hours to minimize impact to your integrations. In the event that the update fails,
84+
or takes an excessive amount of time, it is recommended to uninstall and reinstall the package.
85+
86+
### From the pfSense webConfigurator
87+
88+
You can easily update or revert the package version from the pfSense webConfigurator by navigating to 'System' ->
89+
'REST API' -> 'Updates' and select the desired version. Click 'Save' to apply the desired version.
90+
91+
### From the API
92+
93+
You can update or revert the package to a specified version by sending a request to the [PATCH
94+
/api/v2/system/restapi/version](https://pfrest.org/api-docs/#/SYSTEM/patchSystemRESTAPIVersionEndpoint) endpoint.
95+
Simply set the `install_version` field to the desired version and send the request.
96+
97+
### From the command line
98+
7399
You can update the package to latest version available to your pfSense version by running the following command:
74100

75101
```bash
76102
pfsense-restapi update
77103
```
78104

79-
## Reverting the package to a specific version
80-
81-
If you need to revert or upgrade the package to a specific version, you can do so by running the following command:
105+
If you need to revert or upgrade the package to a _specific_ version, you can do so by running the following command:
82106

83107
```bash
84108
pfsense-restapi revert <version>
85109
```
110+
111+
## Versioning policy
112+
113+
The REST API package loosely follows [Semantic Versioning](https://semver.org/). The versioning policy is as follows:
114+
115+
- Major version changes (e.g. 1.x.x to 2.x.x) may include major breaking changes and are not guaranteed to be backwards
116+
compatible. Major changes will often include significant changes to the framework, endpoints, schemas, and/or behavior.
117+
- Minor version changes (e.g. 2.0.x to 2.1.x) may include new features, bug fixes, and/or minor breaking changes. Breaking
118+
changes will be isolated to specific endpoints and will be documented in the release notes.
119+
- Patch version changes (e.g. 2.0.0 to 2.0.1) will only include bug fixes and very small enhancements. Patches will
120+
never contain breaking changes or significant new features that could impact existing functionality.
121+
122+
### Pre-release versions
123+
124+
Pre-release versions are occasionally made available to the public to allow for testing of new features and fixes.
125+
Pre-releases will be notated as such on GitHub and are not considered as release candidates within the REST API package's
126+
update features by default. You may opt-in to pre-release updates by enabling the 'Allow Pre-releases' setting in the
127+
REST API settings.
128+
129+
!!! Warning
130+
Pre-release versions may contain breaking changes, bugs, and/or incomplete features. It is recommended to only use
131+
pre-release versions in testing environments and never in production.

docs/SECURITY.md

Lines changed: 17 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,21 +1,29 @@
11
# Security Policy
22

3-
## Supported Versions
3+
Security is a top priority for this project. The REST API package is designed to be secure and provide granular controls
4+
to help admins implement a multi-layered security approach to API access. This document outlines the security policy
5+
for the project and provides information on how to report a security vulnerability.
46

5-
Below are versions that are currently supported and will receive security updates when available.
7+
## Supported Versions
68

7-
| Version | Supported |
8-
|---------| ------------------ |
9-
| 2.2.x | :white_check_mark: |
10-
| 1.7.x | :white_check_mark: |
11-
| <=1.6.x | :x: |
9+
Currently, there are two supported versions of the package: the v2 package (pfSense-pkg-RESTAPI) and the legacy v1
10+
package (pfSense-pkg-API). The v2 package is the latest version of the package and is actively developed and fully
11+
maintained. The legacy v1 package is no longer actively developed and is only receiving compatibility fixes and critical
12+
security updates when necessary. It is highly recommended to regularly update to the latest version of the package to
13+
ensure you are receiving important bug fixes and security updates.
1214

1315
## Reporting a Vulnerability
1416

15-
Should you discover a vulnerability in the pfSense-API code, please report the issue in one of the following ways:
17+
Should you discover a vulnerability in the codebase, please report the issue using the order of preference below:
1618

1719
1. A pull request with code that fixes the discovered vulnerability
1820
2. A private email to either the project owner or the respective code owner
1921
3. As a last resort, you may open a public issue on the repository
2022

21-
Please note this is an independent and open-source project and no bug bounty or reward can be granted.
23+
Please do not disclose the details of the vulnerability publicly until it has been addressed by the maintainers.
24+
The maintainers will work to address the vulnerability as quickly as possible and will provide updates on the issue
25+
as they become available.
26+
27+
!!! Notice
28+
This is an open-source project and is developed and maintained by members of the pfSense community. No bug bounty
29+
can be offered for reported vulnerabilities.

docs/index.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -40,9 +40,9 @@ opening a pull request.
4040
- <a href="https://github.com/jaredhendrickson13"><img src="https://github.com/jaredhendrickson13.png" alt="Jared Hendrickson" title="Jared Hendrickson" width="30" height="30"/> Jared Hendrickson</img></a> - github@jaredhendrickson.com
4141

4242
!!! Important
43-
Unless your inquiry is regarding a security vulnerability or other sensitive matter, please do not contact the
44-
maintainers directly. Instead, please [open an issue](https://github.com/jaredhendrickson13/pfsense-api/issues/new/choose)
45-
to report a bug or request a feature. For general questions or help requests, please [open a discussion](https://github.com/jaredhendrickson13/pfsense-api/discussions/new/choose).
43+
Unless your inquiry is regarding a [security vulnerability](SECURITY.md) or other sensitive matter, please do not
44+
contact the maintainers directly. Instead, please [open an issue](https://github.com/jaredhendrickson13/pfsense-api/issues/new/choose) to report a bug or request a feature. For
45+
general questions or help requests, please [open a discussion](https://github.com/jaredhendrickson13/pfsense-api/discussions/new/choose).
4646

4747
## Disclaimers
4848

mkdocs.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ nav:
1717
- Advanced Topics:
1818
- Introduction: ADVANCED_TOPICS_INTRO.md
1919
- Contributing & Development: CONTRIBUTING.md
20+
- Security Policy: SECURITY.md
2021
- Building Custom Authentication: BUILDING_CUSTOM_AUTH_CLASSES.md
2122
- Building Custom Query Filters: BUILDING_CUSTOM_QUERY_FILTER_CLASSES.md
2223
- Building Custom Models: BUILDING_CUSTOM_MODEL_CLASSES.md

pfSense-pkg-RESTAPI/files/usr/local/pkg/RESTAPI/Core/Endpoint.inc

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1147,8 +1147,10 @@ class Endpoint {
11471147
* Creates a new object for the assigned Model using the data submitted in a POST request.
11481148
*/
11491149
protected function post(): Model|ModelSet {
1150-
# POST request cannot include an ID, strip the ID if present
1151-
unset($this->request_data['id']);
1150+
# POST requests cannot include an ID unless auto_create_id is off
1151+
if ($this->model->auto_create_id) {
1152+
unset($this->request_data['id']);
1153+
}
11521154

11531155
# Construct the model from representation using the client's request data
11541156
$this->model->from_representation(data: $this->request_data);

pfSense-pkg-RESTAPI/files/usr/local/pkg/RESTAPI/Core/Model.inc

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,15 @@ class Model {
8989
*/
9090
public string $id_type = 'integer';
9191

92+
/**
93+
* @var bool $auto_create_id
94+
* Enables or disables automatic creation of an ID for this Model object when the `create()` method is called. If
95+
* set to `true`, the ID will be automatically generated. If set to `false`, an ID must be provided before the
96+
* `create()` method is called. This applies exclusively to Models with $many enabled and is usually only
97+
* relevant to Model classes that use an internal callable method.
98+
*/
99+
public bool $auto_create_id = true;
100+
92101
/**
93102
* @var mixed $parent_id
94103
* For Models acting as children to a different Model class, this property will contain the ID of the parent model
@@ -2036,7 +2045,7 @@ class Model {
20362045
*/
20372046
final public function create(bool $apply = false): Model {
20382047
# Ensure all object Fields and validations succeed for proceeding.
2039-
if ($this->validate(create_id: true)) {
2048+
if ($this->validate(requires_id: !$this->auto_create_id, create_id: $this->auto_create_id)) {
20402049
# Check if creating this object would put the total number of objects over the $many_maximum
20412050
$this->check_many_maximum();
20422051

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
<?php
2+
3+
namespace RESTAPI\Endpoints;
4+
5+
require_once 'RESTAPI/autoloader.inc';
6+
7+
use RESTAPI\Core\Endpoint;
8+
9+
/**
10+
* Defines an Endpoint for interacting with the DHCPRelay Model object at /api/v2/services/dhcp_relay.
11+
*/
12+
class ServicesDHCPRelayEndpoint extends Endpoint {
13+
public function __construct() {
14+
# Set Endpoint attributes
15+
$this->url = '/api/v2/services/dhcp_relay';
16+
$this->model_name = 'DHCPRelay';
17+
$this->request_method_options = ['GET', 'PATCH'];
18+
19+
# Construct the parent Endpoint object
20+
parent::__construct();
21+
}
22+
}
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
<?php
2+
3+
namespace RESTAPI\Endpoints;
4+
5+
require_once 'RESTAPI/autoloader.inc';
6+
7+
use RESTAPI\Core\Endpoint;
8+
9+
/**
10+
* Defines an Endpoint for interacting with a singular HAProxyFrontendCertificate Model object at
11+
* /api/v2/services/haproxy/frontend/certificate.
12+
*/
13+
class ServicesHAProxyFrontendCertificateEndpoint extends Endpoint {
14+
public function __construct() {
15+
# Set Endpoint attributes
16+
$this->url = '/api/v2/services/haproxy/frontend/certificate';
17+
$this->model_name = 'HAProxyFrontendCertificate';
18+
$this->request_method_options = ['GET', 'POST', 'PATCH', 'DELETE'];
19+
20+
# Construct the parent Endpoint object
21+
parent::__construct();
22+
}
23+
}

0 commit comments

Comments
 (0)