From 60e9a521bf36715e7fde079e763b9aacc3c2d8d3 Mon Sep 17 00:00:00 2001
From: Jos Schellevis <jos.schellevis@deciso.com>
Date: Thu, 9 Apr 2015 14:46:23 +0200
Subject: [PATCH] Proxy service work in progress, now supports dropdown subtabs

---
 .../mvc/app/models/OPNsense/Proxy/Proxy.xml   | 34 +++++++---
 .../mvc/app/views/OPNsense/Proxy/index.volt   | 50 ++++++++++----
 .../app/views/layout_partials/base_tabs.volt  | 25 +++----
 .../templates/OPNsense/Proxy/squid.conf       | 65 +++++++++++++++----
 4 files changed, 126 insertions(+), 48 deletions(-)

diff --git a/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml b/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
index 3ab7f1091..7ed9ae532 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.xml
@@ -5,10 +5,29 @@
     </description>
     <items>
         <general>
-        <enabled type="BooleanField">
-            <default>0</default>
-            <Required>Y</Required>
-        </enabled>
+            <enabled type="BooleanField">
+                <default>0</default>
+                <Required>Y</Required>
+            </enabled>
+            <logging>
+                <enable>
+                    <accessLog type="BooleanField">
+                        <default>1</default>
+                        <Required>Y</Required>
+                    </accessLog>
+                    <storeLog type="BooleanField">
+                        <default>1</default>
+                        <Required>Y</Required>
+                    </storeLog>
+                </enable>
+            </logging>
+            <alternateDNSservers type="CSVListField">
+                <Required>N</Required>
+            </alternateDNSservers>
+            <dnsV4First type="BooleanField">
+                <default>0</default>
+                <Required>Y</Required>
+            </dnsV4First>
         </general>
         <forward>
             <interfaces type="CSVListField">
@@ -25,13 +44,10 @@
                 <default>1</default>
                 <Required>Y</Required>
             </addACLforInterfaceSubnets>
-            <transparentProxyMode type="BooleanField">
+            <transparentMode type="BooleanField">
                 <default>0</default>
                 <Required>Y</Required>
-            </transparentProxyMode>
-            <alternateDNSservers type="CSVListField">
-                <Required>N</Required>
-            </alternateDNSservers>
+            </transparentMode>
         </forward>
     </items>
 </model>
diff --git a/src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt b/src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt
index 35407102e..e0302ed26 100644
--- a/src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/Proxy/index.volt
@@ -71,16 +71,16 @@ POSSIBILITY OF SUCH DAMAGE.
 
             });
         });
-        $("#save_proxy-forward").click(function(){
+        $("#save_proxy-forward-general").click(function(){
             // save data for Proxy TAB
-            saveFormToEndpoint(url="/api/proxy/settings/set",formid="frm_proxy-forward",callback_ok=function(){
+            saveFormToEndpoint(url="/api/proxy/settings/set",formid="frm_proxy-forward-general",callback_ok=function(){
                 // on correct save, perform reconfigure. set progress animation when reloading
-                $("#frm_proxy-forward_progress").addClass("fa fa-spinner fa-pulse");
+                $("#frm_proxy-forward-general_progress").addClass("fa fa-spinner fa-pulse");
 
                 //
                 ajaxCall(url="/api/proxy/service/reconfigure", sendData={}, callback=function(data,status){
                     // when done, disable progress animation.
-                    $("#frm_proxy-forward_progress").removeClass("fa fa-spinner fa-pulse");
+                    $("#frm_proxy-forward-general_progress").removeClass("fa fa-spinner fa-pulse");
 
                     if (status != "success" || data['status'] != 'ok' ) {
                         // fix error handling
@@ -177,6 +177,37 @@ maxheight: define max height of select box, default=170px to hold 5 items
             'label':'Enable proxy',
             'type':'checkbox',
             'help':'Enable or disable the proxy service.'
+            ],
+            ['id': 'proxy.general.logging.enable.accessLog',
+            'label':'Enable access logging',
+            'type':'checkbox',
+            'help':'Enable access logging for squid.',
+            'advanced':'true'
+            ],
+            ['id': 'proxy.general.logging.enable.storeLog',
+            'label':'Enable store logging',
+            'type':'checkbox',
+            'help':'Enable access logging for squid.',
+            'advanced':'true'
+            ],
+            ['id': 'proxy.general.alternateDNSservers',
+            'label':'Use alternate DNS-servers',
+            'type':'select_multiple',
+            'style':'tokenize',
+            'help':'Type IPs of alternative DNS servers you like to use.',
+            'hint':'Type IP adresses, followed by Enter.',
+            'allownew':'true',
+            'advanced':'true'
+            ],
+            ['id': 'proxy.general.dnsV4First',
+            'label':'Enable DNS v4 first',
+            'type':'checkbox',
+            'help':'This option reverses the order of preference to make Squid contact dual-stack websites over IPv4 first.
+            Squid will still perform both IPv6 and IPv4 DNS lookups before connecting.
+            <div class="alert alert-warning"><b class="text-danger">Warning:</b> This option will restrict the situations under which IPv6
+                connectivity is used (and tested). Hiding network problems
+                which would otherwise be detected and warned about.</div>',
+            'advanced':'true'
             ]}
         ],
         ['proxy-forward','Forward Proxy','subtabs': {
@@ -193,7 +224,7 @@ maxheight: define max height of select box, default=170px to hold 5 items
                 'type':'text',
                 'help':'The port the proxy service will listen to.'
                 ],
-                ['id': 'proxy.forward.transparentProxyMode',
+                ['id': 'proxy.forward.transparentMode',
                 'label':'Enable Transparent HTTP proxy',
                 'type':'checkbox',
                 'help':'Enable transparent proxe mode to forward all requests for destination port 80 to the proxy server without any additional configuration.'
@@ -203,15 +234,6 @@ maxheight: define max height of select box, default=170px to hold 5 items
                 'type':'checkbox',
                 'help':'When enabled the subnets of the selected interfaces will be added to the allow access list.',
                 'advanced':'true'
-                ],
-                ['id': 'proxy.forward.alternateDNSservers',
-                'label':'Use alternate DNS-servers',
-                'type':'select_multiple',
-                'style':'tokenize',
-                'help':'Type IPs of alternative DNS servers you like to use.',
-                'hint':'Type IP adresses, followed by Enter.',
-                'allownew':'true',
-                'advanced':'true'
                 ]}
             ]}
         ]
diff --git a/src/opnsense/mvc/app/views/layout_partials/base_tabs.volt b/src/opnsense/mvc/app/views/layout_partials/base_tabs.volt
index 21a1065fe..bcf90914d 100644
--- a/src/opnsense/mvc/app/views/layout_partials/base_tabs.volt
+++ b/src/opnsense/mvc/app/views/layout_partials/base_tabs.volt
@@ -40,22 +40,23 @@ POSSIBILITY OF SUCH DAMAGE.
             {% endfor %}
 
         <li role="presentation" class="dropdown {% if activetab|default("") == active_subtab %}active{% endif %}">
-            <a data-toggle="dropdown" href="#" class="dropdown-toggle" role="button">
-                <b>{{tab[1]}} <span class="caret"></span></b>
+            <a data-toggle="dropdown" href="#" class="dropdown-toggle pull-right visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" role="button" style="border-left: 1px dashed lightgray;">
+                <b><span class="caret"></span></b>
             </a>
-             <ul class="dropdown-menu" role="menu">
-                 {% for subtab in tab['subtabs']|default({})%}
-                 <li class="{% if activetab|default("") == subtab[0] %}active{% endif %}"><a data-toggle="tab" href="#subtab_{{subtab[0]}}"><i class="fa fa-check-square"></i> {{subtab[1]}}</a></li>
-                 {% endfor %}
-             </ul>
+            <a data-toggle="tab" href="#subtab_{{tab['subtabs'][0][0]}}" class="visible-lg-inline-block visible-md-inline-block visible-xs-inline-block visible-sm-inline-block" style="border-right:0px;"><b>{{tab[1]}}</b></a>
+            <ul class="dropdown-menu" role="menu">
+                {% for subtab in tab['subtabs']|default({})%}
+                <li class="{% if activetab|default("") == subtab[0] %}active{% endif %}"><a data-toggle="tab" href="#subtab_{{subtab[0]}}"><i class="fa fa-check-square"></i> {{subtab[1]}}</a></li>
+                {% endfor %}
+            </ul>
         </li>
     {% else %}
         {# Standard Tab #}
-            <li {% if activetab|default("") == tab[0] %} class="active" {% endif %}>
-                    <a data-toggle="tab" href="#tab_{{tab[0]}}">
-                        <b>{{tab[1]}}</b>
-                    </a>
-            </li>
+        <li {% if activetab|default("") == tab[0] %} class="active" {% endif %}>
+                <a data-toggle="tab" href="#tab_{{tab[0]}}">
+                    <b>{{tab[1]}}</b>
+                </a>
+        </li>
     {% endif %}
 {% endfor %}
 </ul>
diff --git a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
index 408ab7352..bf376cec3 100644
--- a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
+++ b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
@@ -1,37 +1,51 @@
 #
-# Recommended minimum configuration:
-#
+# Automatic generated configuration for Squid.
+# Do not edit this file manually.
 
 # setup listen configuration
-{% if helpers.exists('OPNsense.proxy.general.port') %}
-{%   for interface in OPNsense.proxy.general.interfaces.split(",") %}
+{% if helpers.exists('OPNsense.proxy.forward.interfaces') %}
+{%   for interface in OPNsense.proxy.forward.interfaces.split(",") %}
 {%      for intf_key,intf_item in interfaces.iteritems() %}
 {%          if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
-http_port {{intf_item.ipaddr}}:{{  OPNsense.proxy.general.port }}
+http_port {{intf_item.ipaddr}}:{{  OPNsense.proxy.forward.port }} {%if OPNsense.proxy.forward.transparentMode == '1' %}tproxy{% endif %}
+
 {%          endif %}
 {%      endfor %}
 {# virtual ip's #}
 {%      if helpers.exists('virtualip') %}
 {%          for intf_key,intf_item in virtualip.iteritems() %}
 {%              if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
-http_port {{intf_item.subnet}}:{{  OPNsense.proxy.general.port }}
+http_port {{intf_item.subnet}}:{{  OPNsense.proxy.forward.port }}
 {%              endif %}
 {%          endfor %}
 {%      endif %}
 {%   endfor %}
 {% endif %}
 
-
-
 # Example rule allowing access from your local networks.
 # Adapt to list your (internal) IP networks from where browsing
 # should be allowed
-acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
-acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
-acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
-acl localnet src fc00::/7       # RFC 4193 local private network range
-acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
+{% if helpers.exists('OPNsense.proxy.forward.addACLforInterfaceSubnets') %}
+{%  if OPNsense.proxy.forward.addACLforInterfaceSubnets == '1' %}
+{%   for interface in OPNsense.proxy.forward.interfaces.split(",") %}
+{%      for intf_key,intf_item in interfaces.iteritems() %}
+{%          if intf_key == interface and intf_item.ipaddr != 'dhcp' %}
+acl localnet src {{intf_item.ipaddr}}/{{intf_item.subnet}} # Possible internal network
+{%          endif %}
+{%      endfor %}
+{%      if helpers.exists('virtualip') %}
+{%          for intf_key,intf_item in virtualip.iteritems() %}
+{%              if intf_item.interface == interface and intf_item.mode == 'ipalias' %}
+acl localnet src {{intf_item.subnet}}/{{intf_item.subnet}} # Possible internal network
+{%              endif %}
+{%          endfor %}
+{%      endif %}
+{%   endfor %}
+{%  endif %}
+{% endif %}
 
+#acl localnet src fc00::/7       # RFC 4193 local private network range
+#acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
 acl SSL_ports port 443
 acl Safe_ports port 80		# http
 acl Safe_ports port 21		# ftp
@@ -89,3 +103,28 @@ refresh_pattern ^ftp:		1440	20%	10080
 refresh_pattern ^gopher:	1440	0%	1440
 refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
 refresh_pattern .		0	20%	4320
+
+# Squid Options
+{% if helpers.exists('OPNsense.proxy.general.dnsV4First') %}
+{%      if OPNsense.proxy.general.dnsV4First == '1' %}
+# dns_v4_first reverses the order of preference to make Squid contact dual-stack websites over IPv4 first
+dns_v4_first on
+{%      endif %}
+{% endif %}
+{% if helpers.exists('OPNsense.proxy.general.logging.enable.accessLog') %}
+{%      if OPNsense.proxy.general.logging.enable.accessLog == '0' %}
+# Disable access logging
+access_log none
+{%      endif %}
+{% endif %}
+{% if helpers.exists('OPNsense.proxy.general.logging.enable.storeLog') %}
+{%      if OPNsense.proxy.general.logging.enable.storeLog == '0' %}
+# Disable cache store log
+cache_store_log none
+{%      endif %}
+{% endif %}
+{% if helpers.exists('OPNsense.proxy.general.alternateDNSservers' ) %}
+{%   for dns in OPNsense.proxy.general.alternateDNSservers.split(",") %}
+dns_nameservers {{dns}}
+{%   endfor %}
+{% endif %}
\ No newline at end of file