From 653e3be985ef3c0d0ca85e5c9e5550883f78fffb Mon Sep 17 00:00:00 2001
From: Sulaiman Sulaiman <s.su14iman@gmail.com>
Date: Sat, 31 Aug 2024 09:47:08 +0200
Subject: [PATCH] add firewall command   - the firewall command will allow the
 user to enable or disable the firewall on the modem

---
 README.md                      | 75 ++++++++++++++++++++++++++--------
 src/commands/firewall.ts       | 57 ++++++++++++++++++++++++++
 src/modem/arris-modem.ts       | 25 ++++++++++++
 src/modem/modem.ts             |  5 +++
 src/modem/technicolor-modem.ts | 25 +++++++++++-
 5 files changed, 168 insertions(+), 19 deletions(-)
 create mode 100644 src/commands/firewall.ts

diff --git a/README.md b/README.md
index 3cf0b0a..d646e9f 100644
--- a/README.md
+++ b/README.md
@@ -9,15 +9,22 @@ Access your Arris TG3442DE or Technicolor CGA4322DE, CGA6444VF (aka Vodafone Sta
 [![npm](https://img.shields.io/npm/v/vodafone-station-cli)](https://www.npmjs.com/package/vodafone-station-cli)
 
 <!-- toc -->
-* [Features](#features)
-* [Demo](#demo)
-* [Supported hardware](#supported-hardware)
-* [Software requirements](#software-requirements)
-* [Notes](#notes)
-* [Useful related projects:](#useful-related-projects)
-* [Running from source](#running-from-source)
-* [Usage](#usage)
-* [Commands](#commands)
+- [vodafone-station-cli](#vodafone-station-cli)
+- [Features](#features)
+- [Demo](#demo)
+- [Supported hardware](#supported-hardware)
+- [Software requirements](#software-requirements)
+- [Notes](#notes)
+- [Useful related projects:](#useful-related-projects)
+- [Running from source](#running-from-source)
+- [Usage](#usage)
+- [Commands](#commands)
+  - [`vodafone-station-cli diagnose`](#vodafone-station-cli-diagnose)
+  - [`vodafone-station-cli discover`](#vodafone-station-cli-discover)
+  - [`vodafone-station-cli docsis`](#vodafone-station-cli-docsis)
+  - [`vodafone-station-cli firewall`](#vodafone-station-cli-firewall)
+  - [`vodafone-station-cli help [COMMAND]`](#vodafone-station-cli-help-command)
+  - [`vodafone-station-cli restart`](#vodafone-station-cli-restart)
 <!-- tocstop -->
 
 # Features
@@ -551,11 +558,22 @@ USAGE
 <!-- usagestop -->
 # Commands
 <!-- commands -->
-* [`vodafone-station-cli diagnose`](#vodafone-station-cli-diagnose)
-* [`vodafone-station-cli discover`](#vodafone-station-cli-discover)
-* [`vodafone-station-cli docsis`](#vodafone-station-cli-docsis)
-* [`vodafone-station-cli help [COMMAND]`](#vodafone-station-cli-help-command)
-* [`vodafone-station-cli restart`](#vodafone-station-cli-restart)
+- [vodafone-station-cli](#vodafone-station-cli)
+- [Features](#features)
+- [Demo](#demo)
+- [Supported hardware](#supported-hardware)
+- [Software requirements](#software-requirements)
+- [Notes](#notes)
+- [Useful related projects:](#useful-related-projects)
+- [Running from source](#running-from-source)
+- [Usage](#usage)
+- [Commands](#commands)
+  - [`vodafone-station-cli diagnose`](#vodafone-station-cli-diagnose)
+  - [`vodafone-station-cli discover`](#vodafone-station-cli-discover)
+  - [`vodafone-station-cli docsis`](#vodafone-station-cli-docsis)
+  - [`vodafone-station-cli firewall`](#vodafone-station-cli-firewall)
+  - [`vodafone-station-cli help [COMMAND]`](#vodafone-station-cli-help-command)
+  - [`vodafone-station-cli restart`](#vodafone-station-cli-restart)
 
 ## `vodafone-station-cli diagnose`
 
@@ -576,7 +594,7 @@ EXAMPLES
   $ vodafone-station-cli diagnose
 ```
 
-_See code: [src/commands/diagnose.ts](https://github.com/totev/vodafone-station-cli/blob/v1.2.8/src/commands/diagnose.ts)_
+_See code: [src/commands/diagnose.ts](./src/commands/diagnose.ts)_
 
 ## `vodafone-station-cli discover`
 
@@ -593,7 +611,7 @@ EXAMPLES
   $ vodafone-station-cli discover
 ```
 
-_See code: [src/commands/discover.ts](https://github.com/totev/vodafone-station-cli/blob/v1.2.8/src/commands/discover.ts)_
+_See code: [src/commands/discover.ts](./src/commands/discover.ts)_
 
 ## `vodafone-station-cli docsis`
 
@@ -616,7 +634,28 @@ EXAMPLES
   {JSON data}
 ```
 
-_See code: [src/commands/docsis.ts](https://github.com/totev/vodafone-station-cli/blob/v1.2.8/src/commands/docsis.ts)_
+_See code: [src/commands/docsis.ts](./src/commands/docsis.ts)_
+
+## `vodafone-station-cli firewall`
+
+turn on/off the firewall
+
+```
+USAGE
+  $ vodafone-station-cli firewall [-a on|off] [-p <value>]
+
+FLAGS
+  -a, --action=(on|off)   firewall action
+  -p, --password=<value>  router/modem password
+
+DESCRIPTION
+  turn on/off the firewall
+
+EXAMPLES
+  $ vodafone-station-cli firewall -a off -p PASSWORD
+```
+
+_See code: [src/commands/firewall.ts](./src/commands/firewall.ts)_
 
 ## `vodafone-station-cli help [COMMAND]`
 
@@ -656,5 +695,5 @@ EXAMPLES
   $ vodafone-station-cli restart -p PASSWORD
 ```
 
-_See code: [src/commands/restart.ts](https://github.com/totev/vodafone-station-cli/blob/v1.2.8/src/commands/restart.ts)_
+_See code: [src/commands/restart.ts](./src/commands/restart.ts)_
 <!-- commandsstop -->
diff --git a/src/commands/firewall.ts b/src/commands/firewall.ts
new file mode 100644
index 0000000..a18f7f9
--- /dev/null
+++ b/src/commands/firewall.ts
@@ -0,0 +1,57 @@
+import { Action } from './../../node_modules/rxjs/src/internal/scheduler/Action';
+import {Flags} from '@oclif/core'
+import Command from '../base-command'
+import {discoverModemIp, ModemDiscovery} from '../modem/discovery'
+import {modemFactory} from '../modem/factory'
+
+export default class Restart extends Command {
+  static description =
+    'turn on/off the firewall';
+
+  static examples = [
+    '$ vodafone-station-cli firewall -a off -p PASSWORD',
+  ];
+
+
+  static flags = {
+    action: Flags.enum({
+      char: 'a',
+      options: ['on', 'off'],
+      description: 'firewall action',
+    }),
+    password: Flags.string({
+      char: 'p',
+      description: 'router/modem password',
+    }),
+  };
+
+  async firewallAction(password: string, action:boolean): Promise<void> {
+    const modemIp = await discoverModemIp()
+    const discoveredModem = await new ModemDiscovery(modemIp, this.logger).discover()
+    const modem = modemFactory(discoveredModem, this.logger)
+    try {
+      await modem.login(password)
+      await modem.firewall(action);
+    } catch (error) {
+      this.log('Something went wrong.', error)
+    } finally {
+      action ? this.log('Firewall is now enabled') : this.log('Firewall is now disabled')
+      await modem.logout()
+    }
+  }
+
+  async run(): Promise<void> {
+    const {flags} = await this.parse(Restart)
+
+    const password: string = flags.password ?? process.env.VODAFONE_ROUTER_PASSWORD
+    const action: boolean = flags.action === "off" ? false : true
+    if (!password || password === '') {
+      this.log(
+        'You must provide a password either using -p or by setting the environment variable VODAFONE_ROUTER_PASSWORD'
+      )
+      this.exit()
+    }
+    await this.firewallAction(password!, action)
+    this.exit()
+  }
+}
diff --git a/src/modem/arris-modem.ts b/src/modem/arris-modem.ts
index a99a9eb..45d3056 100644
--- a/src/modem/arris-modem.ts
+++ b/src/modem/arris-modem.ts
@@ -267,6 +267,31 @@ export class Arris extends Modem {
     }
   }
 
+  async firewall(status:boolean = true): Promise<void> {
+    const action = status ? 'on' : 'off'
+    try {
+      const {data} = await this.httpClient.post(
+        'api/v1/firewall',
+        {
+          FirewallLevel: action,
+          FirewallLevelV6: action
+        },
+        {
+          headers: {
+            csrfNonce: this.csrfNonce,
+            Referer: `http://${this.modemIp}/?status_docsis&mid=StatusDocsis`,
+            Connection: 'keep-alive',
+          },
+        }
+      )
+      this.logger.log('Firewall is enabled')
+      return data
+    } catch (error) {
+      this.logger.error('Could not enable firewall.', error)
+      throw error
+    }
+  }
+
   _convertGetExposedHostSettings(settings: ArrisGetExposedHostSettings): ExposedHostSettings {
     return {
       serviceName: settings.ServiceName,
diff --git a/src/modem/modem.ts b/src/modem/modem.ts
index 1a18235..34c8d6c 100644
--- a/src/modem/modem.ts
+++ b/src/modem/modem.ts
@@ -70,6 +70,7 @@ export interface HostExposureSettings {
 export interface GenericModem {
   logout(): Promise<void>;
   login(password: string): Promise<void>;
+  firewall(status?: boolean): Promise<void>;
   docsis(): Promise<DocsisStatus>;
   restart(): Promise<unknown>;
   getHostExposure(): Promise<HostExposureSettings>;
@@ -96,6 +97,10 @@ export abstract class Modem implements GenericModem {
     throw new Error('Method not implemented.')
   }
 
+  firewall(_status: boolean = true): Promise<void> {
+    throw new Error('Method not implemented.')
+  }
+
   logout(): Promise<void> {
     throw new Error('Method not implemented.')
   }
diff --git a/src/modem/technicolor-modem.ts b/src/modem/technicolor-modem.ts
index 0c8f02e..9c49019 100644
--- a/src/modem/technicolor-modem.ts
+++ b/src/modem/technicolor-modem.ts
@@ -202,7 +202,7 @@ export class Technicolor extends Modem {
         'Referer': `http://${this.modemIp}`,
       }
     })
-    
+
     this.logger.debug('Token response: ', tokenResponse)
     const {data: restartResponse} = await this.httpClient.post<TechnicolorBaseResponse>('api/v1/sta_restart',
       'restart=Router%2CWifi%2CVoIP%2CDect%2CMoCA&ui_access=reboot_device', {
@@ -219,5 +219,28 @@ export class Technicolor extends Modem {
     }
     return restartResponse
   }
+
+  async firewall(status: boolean = true): Promise<void> {
+    const action = status ? 'on' : 'off'
+    const { data: tokenResponse } = await this.httpClient.get<TechnicolorTokenResponse>('api/v1/session/init_page', {
+      headers: {
+        'Referer': `http://${this.modemIp}`,
+      }
+    })
+    this.logger.debug('Token response: ', tokenResponse)
+    const {data: restartResponse} = await this.httpClient.post<TechnicolorBaseResponse>('api/v1/firewall',
+      `FirewallLevel=${action}&FirewallLevelV6=${action}`, {
+        headers: {
+          'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
+          'X-CSRF-TOKEN': tokenResponse.token,
+          'Referer': `http://${this.modemIp}`,
+        },
+      })
+
+    if (restartResponse?.error === 'error') {
+      this.logger.debug(restartResponse)
+      throw new Error(`Could not restart router: ${restartResponse.message}`)
+    }
+  }
 }