luci-app-unblockmusic: add http and https ACL filter

2025-04-17 21:03:30 +00:00 · 2020-03-06 00:08:19 -08:00 · 2020-03-06 00:08:19 -08:00 · 1846bd979c
commit 1846bd979c
parent 9c8119b096
3 changed files with 69 additions and 3 deletions
--- a/package/lean/luci-app-unblockmusic/Makefile
+++ b/package/lean/luci-app-unblockmusic/Makefile
@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-unblockmusic
 PKG_VERSION:=2.3.1
-PKG_RELEASE:=30
+PKG_RELEASE:=31

 PKG_CONFIG_DEPENDS := \
 	CONFIG_UnblockNeteaseMusic_Go \
--- a/package/lean/luci-app-unblockmusic/luasrc/model/cbi/unblockmusic.lua
+++ b/package/lean/luci-app-unblockmusic/luasrc/model/cbi/unblockmusic.lua
@ -69,4 +69,29 @@ o.write = function()
 end
 o:depends("apptype", "nodejs")

+t=mp:section(TypedSection,"acl_rule",translate("例外客户端规则"),
+translate("可以为局域网客户端分别设置不同的例外模式，默认无需设置"))
+t.template="cbi/tblsection"
+t.sortable=true
+t.anonymous=true
+t.addremove=true
+
+e=t:option(Value,"ipaddr",translate("IP Address"))
+e.width="40%"
+e.datatype="ip4addr"
+e.placeholder="0.0.0.0/0"
+luci.ip.neighbors({ family = 4 }, function(entry)
+	if entry.reachable then
+		e:value(entry.dest:string())
+	end
+end)
+
+e=t:option(ListValue,"filter_mode",translate("例外协议"))
+e.width="40%"
+e.default="disable"
+e.rmempty=false
+e:value("disable",translate("不代理HTTP和HTTPS"))
+e:value("http",translate("不代理HTTP"))
+e:value("https",translate("不代理HTTPS"))
+
 return mp
--- a/package/lean/luci-app-unblockmusic/root/etc/init.d/unblockmusic
+++ b/package/lean/luci-app-unblockmusic/root/etc/init.d/unblockmusic
@ -10,6 +10,16 @@ uci_get_by_type() {
 	echo ${ret:=$3}
 }

+uci_get_by_name() {
+	local index=0
+	if [ -n $4 ]; then
+	
+		index=$4
+	fi
+	local ret=$(uci get $NAME.@$1[$index].$2 2>/dev/null)
+	echo ${ret:=$3}
+}
+
 check_host() {
  local host=$1
  if echo $host | grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" >/dev/null; then
@ -27,6 +37,30 @@ check_host() {
 	echo -e $hostip
 }

+ip_rule()
+{
+  local icount=$(uci show unblockmusic | grep 'filter_mode' | wc -l)
+  let icount=icount-1
+	for i in $(seq 0 $icount)
+	do
+		local ip=$(uci_get_by_name acl_rule ipaddr '' $i)
+		local mode=$(uci_get_by_name acl_rule filter_mode '' $i)
+		echo $i $ip $mode
+		case "$mode" in
+		http)
+			ipset -! add music_http $ip
+			;;
+		https)
+			ipset -! add music_https $ip
+			;;
+		disable)
+			ipset -! add music_http $ip
+			ipset -! add music_https $ip
+			;;
+		esac
+	done
+}
+
 ENABLE=$(uci_get_by_type unblockmusic enabled 0)
 TYPE=$(uci_get_by_type unblockmusic musicapptype default)
 AUTOUPDATE=$(uci_get_by_type unblockmusic autoupdate 0)
@ -46,6 +80,8 @@ ipt_n="iptables -t nat"
 add_rule()
 {
  ipset -! -N music hash:ip
+  ipset -! -N music_http hash:ip
+  ipset -! -N music_https hash:ip
 	$ipt_n -N CLOUD_MUSIC
 	$ipt_n -A CLOUD_MUSIC -d 0.0.0.0/8 -j RETURN
 	$ipt_n -A CLOUD_MUSIC -d 10.0.0.0/8 -j RETURN
@ -56,14 +92,16 @@ add_rule()
 	$ipt_n -A CLOUD_MUSIC -d 224.0.0.0/4 -j RETURN
 	$ipt_n -A CLOUD_MUSIC -d 240.0.0.0/4 -j RETURN
 	if [ "$APPTYPE" != "cloud" ]; then
-    $ipt_n -A CLOUD_MUSIC -p tcp --dport 80 -j REDIRECT --to-ports 5200
-    $ipt_n -A CLOUD_MUSIC -p tcp --dport 443 -j REDIRECT --to-ports 5201
+    $ipt_n -A CLOUD_MUSIC -p tcp -m set ! --match-set music_http src --dport 80 -j REDIRECT --to-ports 5200
+    $ipt_n -A CLOUD_MUSIC -p tcp -m set ! --match-set music_https src --dport 443 -j REDIRECT --to-ports 5201
  else
    $ipt_n -A CLOUD_MUSIC -p tcp --dport 80 -j DNAT --to $cloudip:$cloudhttp
    $ipt_n -A CLOUD_MUSIC -p tcp --dport 443 -j DNAT --to $cloudip:$cloudhttps
 	fi
 	$ipt_n -I PREROUTING -p tcp -m set --match-set music dst -j CLOUD_MUSIC
 	iptables -I OUTPUT -d 223.252.199.10 -j DROP
+	
+	ip_rule
 }

 del_rule(){
@ -72,6 +110,9 @@ del_rule(){
 	$ipt_n -X CLOUD_MUSIC  2>/dev/null
 	iptables -D OUTPUT -d 223.252.199.10 -j DROP 2>/dev/null
 	
+	ipset -X music_http 2>/dev/null
+	ipset -X music_https 2>/dev/null
+	
 	rm -f /tmp/dnsmasq.d/dnsmasq-163.conf
 	/etc/init.d/dnsmasq reload >/dev/null 2>&1
 }