iflow-mcp_enuno-unifi-mcp-server 0.2.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- iflow_mcp_enuno_unifi_mcp_server-0.2.1.dist-info/METADATA +1282 -0
- iflow_mcp_enuno_unifi_mcp_server-0.2.1.dist-info/RECORD +81 -0
- iflow_mcp_enuno_unifi_mcp_server-0.2.1.dist-info/WHEEL +4 -0
- iflow_mcp_enuno_unifi_mcp_server-0.2.1.dist-info/entry_points.txt +2 -0
- iflow_mcp_enuno_unifi_mcp_server-0.2.1.dist-info/licenses/LICENSE +201 -0
- src/__init__.py +3 -0
- src/__main__.py +6 -0
- src/api/__init__.py +5 -0
- src/api/client.py +727 -0
- src/api/site_manager_client.py +176 -0
- src/cache.py +483 -0
- src/config/__init__.py +5 -0
- src/config/config.py +321 -0
- src/main.py +2234 -0
- src/models/__init__.py +126 -0
- src/models/acl.py +41 -0
- src/models/backup.py +272 -0
- src/models/client.py +74 -0
- src/models/device.py +53 -0
- src/models/dpi.py +50 -0
- src/models/firewall_policy.py +123 -0
- src/models/firewall_zone.py +28 -0
- src/models/network.py +62 -0
- src/models/qos_profile.py +458 -0
- src/models/radius.py +141 -0
- src/models/reference_data.py +34 -0
- src/models/site.py +59 -0
- src/models/site_manager.py +120 -0
- src/models/topology.py +138 -0
- src/models/traffic_flow.py +137 -0
- src/models/traffic_matching_list.py +56 -0
- src/models/voucher.py +42 -0
- src/models/vpn.py +73 -0
- src/models/wan.py +48 -0
- src/models/zbf_matrix.py +49 -0
- src/resources/__init__.py +8 -0
- src/resources/clients.py +111 -0
- src/resources/devices.py +102 -0
- src/resources/networks.py +93 -0
- src/resources/site_manager.py +64 -0
- src/resources/sites.py +86 -0
- src/tools/__init__.py +25 -0
- src/tools/acls.py +328 -0
- src/tools/application.py +42 -0
- src/tools/backups.py +1173 -0
- src/tools/client_management.py +505 -0
- src/tools/clients.py +203 -0
- src/tools/device_control.py +325 -0
- src/tools/devices.py +354 -0
- src/tools/dpi.py +241 -0
- src/tools/dpi_tools.py +89 -0
- src/tools/firewall.py +417 -0
- src/tools/firewall_policies.py +430 -0
- src/tools/firewall_zones.py +515 -0
- src/tools/network_config.py +388 -0
- src/tools/networks.py +190 -0
- src/tools/port_forwarding.py +263 -0
- src/tools/qos.py +1070 -0
- src/tools/radius.py +763 -0
- src/tools/reference_data.py +107 -0
- src/tools/site_manager.py +466 -0
- src/tools/site_vpn.py +95 -0
- src/tools/sites.py +187 -0
- src/tools/topology.py +406 -0
- src/tools/traffic_flows.py +1062 -0
- src/tools/traffic_matching_lists.py +371 -0
- src/tools/vouchers.py +249 -0
- src/tools/vpn.py +76 -0
- src/tools/wans.py +30 -0
- src/tools/wifi.py +498 -0
- src/tools/zbf_matrix.py +326 -0
- src/utils/__init__.py +88 -0
- src/utils/audit.py +213 -0
- src/utils/exceptions.py +114 -0
- src/utils/helpers.py +159 -0
- src/utils/logger.py +105 -0
- src/utils/sanitize.py +244 -0
- src/utils/validators.py +160 -0
- src/webhooks/__init__.py +6 -0
- src/webhooks/handlers.py +196 -0
- src/webhooks/receiver.py +290 -0
|
@@ -0,0 +1,263 @@
|
|
|
1
|
+
"""Port forwarding management MCP tools."""
|
|
2
|
+
|
|
3
|
+
from typing import Any
|
|
4
|
+
|
|
5
|
+
from ..api import UniFiClient
|
|
6
|
+
from ..config import Settings
|
|
7
|
+
from ..utils import (
|
|
8
|
+
ResourceNotFoundError,
|
|
9
|
+
ValidationError,
|
|
10
|
+
get_logger,
|
|
11
|
+
log_audit,
|
|
12
|
+
validate_confirmation,
|
|
13
|
+
validate_ip_address,
|
|
14
|
+
validate_limit_offset,
|
|
15
|
+
validate_port,
|
|
16
|
+
validate_site_id,
|
|
17
|
+
)
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
async def list_port_forwards(
|
|
21
|
+
site_id: str,
|
|
22
|
+
settings: Settings,
|
|
23
|
+
limit: int | None = None,
|
|
24
|
+
offset: int | None = None,
|
|
25
|
+
) -> list[dict[str, Any]]:
|
|
26
|
+
"""List all port forwarding rules in a site (read-only).
|
|
27
|
+
|
|
28
|
+
Args:
|
|
29
|
+
site_id: Site identifier
|
|
30
|
+
settings: Application settings
|
|
31
|
+
limit: Maximum number of rules to return
|
|
32
|
+
offset: Number of rules to skip
|
|
33
|
+
|
|
34
|
+
Returns:
|
|
35
|
+
List of port forwarding rule dictionaries
|
|
36
|
+
"""
|
|
37
|
+
site_id = validate_site_id(site_id)
|
|
38
|
+
limit, offset = validate_limit_offset(limit, offset)
|
|
39
|
+
logger = get_logger(__name__, settings.log_level)
|
|
40
|
+
|
|
41
|
+
async with UniFiClient(settings) as client:
|
|
42
|
+
await client.authenticate()
|
|
43
|
+
|
|
44
|
+
response = await client.get(f"/ea/sites/{site_id}/rest/portforward")
|
|
45
|
+
# Handle both list and dict responses
|
|
46
|
+
rules_data: list[dict[str, Any]] = (
|
|
47
|
+
response if isinstance(response, list) else response.get("data", [])
|
|
48
|
+
)
|
|
49
|
+
|
|
50
|
+
# Apply pagination
|
|
51
|
+
paginated = rules_data[offset : offset + limit]
|
|
52
|
+
|
|
53
|
+
logger.info(f"Retrieved {len(paginated)} port forwarding rules for site '{site_id}'")
|
|
54
|
+
return paginated
|
|
55
|
+
|
|
56
|
+
|
|
57
|
+
async def create_port_forward(
|
|
58
|
+
site_id: str,
|
|
59
|
+
name: str,
|
|
60
|
+
dst_port: int,
|
|
61
|
+
fwd_ip: str,
|
|
62
|
+
fwd_port: int,
|
|
63
|
+
settings: Settings,
|
|
64
|
+
protocol: str = "tcp_udp",
|
|
65
|
+
src: str = "any",
|
|
66
|
+
enabled: bool = True,
|
|
67
|
+
log: bool = False,
|
|
68
|
+
confirm: bool = False,
|
|
69
|
+
dry_run: bool = False,
|
|
70
|
+
) -> dict[str, Any]:
|
|
71
|
+
"""Create a port forwarding rule.
|
|
72
|
+
|
|
73
|
+
Args:
|
|
74
|
+
site_id: Site identifier
|
|
75
|
+
name: Rule name/description
|
|
76
|
+
dst_port: Destination port (external/WAN port)
|
|
77
|
+
fwd_ip: Forward to IP address (internal/LAN)
|
|
78
|
+
fwd_port: Forward to port (internal)
|
|
79
|
+
settings: Application settings
|
|
80
|
+
protocol: Protocol (tcp, udp, tcp_udp)
|
|
81
|
+
src: Source restriction (any, or specific IP/network)
|
|
82
|
+
enabled: Enable the rule immediately
|
|
83
|
+
log: Enable logging for this rule
|
|
84
|
+
confirm: Confirmation flag (must be True to execute)
|
|
85
|
+
dry_run: If True, validate but don't create the rule
|
|
86
|
+
|
|
87
|
+
Returns:
|
|
88
|
+
Created port forwarding rule dictionary or dry-run result
|
|
89
|
+
|
|
90
|
+
Raises:
|
|
91
|
+
ConfirmationRequiredError: If confirm is not True
|
|
92
|
+
ValidationError: If validation fails
|
|
93
|
+
"""
|
|
94
|
+
site_id = validate_site_id(site_id)
|
|
95
|
+
validate_confirmation(confirm, "port forwarding operation")
|
|
96
|
+
logger = get_logger(__name__, settings.log_level)
|
|
97
|
+
|
|
98
|
+
# Validate ports
|
|
99
|
+
validate_port(dst_port)
|
|
100
|
+
validate_port(fwd_port)
|
|
101
|
+
|
|
102
|
+
# Validate forward IP
|
|
103
|
+
validate_ip_address(fwd_ip)
|
|
104
|
+
|
|
105
|
+
# Validate protocol
|
|
106
|
+
valid_protocols = ["tcp", "udp", "tcp_udp"]
|
|
107
|
+
if protocol not in valid_protocols:
|
|
108
|
+
raise ValidationError(f"Invalid protocol '{protocol}'. Must be one of: {valid_protocols}")
|
|
109
|
+
|
|
110
|
+
# Validate source if not "any"
|
|
111
|
+
if src != "any":
|
|
112
|
+
validate_ip_address(src.split("/")[0]) # Validate IP part of CIDR
|
|
113
|
+
|
|
114
|
+
# Build port forward data
|
|
115
|
+
pf_data = {
|
|
116
|
+
"name": name,
|
|
117
|
+
"dst_port": str(dst_port),
|
|
118
|
+
"fwd": fwd_ip,
|
|
119
|
+
"fwd_port": str(fwd_port),
|
|
120
|
+
"proto": protocol,
|
|
121
|
+
"src": src,
|
|
122
|
+
"enabled": enabled,
|
|
123
|
+
"log": log,
|
|
124
|
+
}
|
|
125
|
+
|
|
126
|
+
# Log parameters for audit
|
|
127
|
+
parameters = {
|
|
128
|
+
"site_id": site_id,
|
|
129
|
+
"name": name,
|
|
130
|
+
"dst_port": dst_port,
|
|
131
|
+
"fwd_ip": fwd_ip,
|
|
132
|
+
"fwd_port": fwd_port,
|
|
133
|
+
"protocol": protocol,
|
|
134
|
+
"src": src,
|
|
135
|
+
"enabled": enabled,
|
|
136
|
+
}
|
|
137
|
+
|
|
138
|
+
if dry_run:
|
|
139
|
+
logger.info(
|
|
140
|
+
f"DRY RUN: Would create port forward '{name}' "
|
|
141
|
+
f"({dst_port} -> {fwd_ip}:{fwd_port}) in site '{site_id}'"
|
|
142
|
+
)
|
|
143
|
+
log_audit(
|
|
144
|
+
operation="create_port_forward",
|
|
145
|
+
parameters=parameters,
|
|
146
|
+
result="dry_run",
|
|
147
|
+
site_id=site_id,
|
|
148
|
+
dry_run=True,
|
|
149
|
+
)
|
|
150
|
+
return {"dry_run": True, "would_create": pf_data}
|
|
151
|
+
|
|
152
|
+
try:
|
|
153
|
+
async with UniFiClient(settings) as client:
|
|
154
|
+
await client.authenticate()
|
|
155
|
+
|
|
156
|
+
response = await client.post(f"/ea/sites/{site_id}/rest/portforward", json_data=pf_data)
|
|
157
|
+
# Handle both list and dict responses
|
|
158
|
+
created_rule: dict[str, Any] = (
|
|
159
|
+
response[0] if isinstance(response, list) else response.get("data", [{}])[0]
|
|
160
|
+
)
|
|
161
|
+
|
|
162
|
+
logger.info(
|
|
163
|
+
f"Created port forward '{name}' "
|
|
164
|
+
f"({dst_port} -> {fwd_ip}:{fwd_port}) in site '{site_id}'"
|
|
165
|
+
)
|
|
166
|
+
log_audit(
|
|
167
|
+
operation="create_port_forward",
|
|
168
|
+
parameters=parameters,
|
|
169
|
+
result="success",
|
|
170
|
+
site_id=site_id,
|
|
171
|
+
)
|
|
172
|
+
|
|
173
|
+
return created_rule
|
|
174
|
+
|
|
175
|
+
except Exception as e:
|
|
176
|
+
logger.error(f"Failed to create port forward '{name}': {e}")
|
|
177
|
+
log_audit(
|
|
178
|
+
operation="create_port_forward",
|
|
179
|
+
parameters=parameters,
|
|
180
|
+
result="failed",
|
|
181
|
+
site_id=site_id,
|
|
182
|
+
)
|
|
183
|
+
raise
|
|
184
|
+
|
|
185
|
+
|
|
186
|
+
async def delete_port_forward(
|
|
187
|
+
site_id: str,
|
|
188
|
+
rule_id: str,
|
|
189
|
+
settings: Settings,
|
|
190
|
+
confirm: bool = False,
|
|
191
|
+
dry_run: bool = False,
|
|
192
|
+
) -> dict[str, Any]:
|
|
193
|
+
"""Delete a port forwarding rule.
|
|
194
|
+
|
|
195
|
+
Args:
|
|
196
|
+
site_id: Site identifier
|
|
197
|
+
rule_id: Port forwarding rule ID
|
|
198
|
+
settings: Application settings
|
|
199
|
+
confirm: Confirmation flag (must be True to execute)
|
|
200
|
+
dry_run: If True, validate but don't delete the rule
|
|
201
|
+
|
|
202
|
+
Returns:
|
|
203
|
+
Deletion result dictionary
|
|
204
|
+
|
|
205
|
+
Raises:
|
|
206
|
+
ConfirmationRequiredError: If confirm is not True
|
|
207
|
+
ResourceNotFoundError: If rule not found
|
|
208
|
+
"""
|
|
209
|
+
site_id = validate_site_id(site_id)
|
|
210
|
+
validate_confirmation(confirm, "port forwarding operation")
|
|
211
|
+
logger = get_logger(__name__, settings.log_level)
|
|
212
|
+
|
|
213
|
+
parameters = {"site_id": site_id, "rule_id": rule_id}
|
|
214
|
+
|
|
215
|
+
if dry_run:
|
|
216
|
+
logger.info(
|
|
217
|
+
f"DRY RUN: Would delete port forwarding rule '{rule_id}' " f"from site '{site_id}'"
|
|
218
|
+
)
|
|
219
|
+
log_audit(
|
|
220
|
+
operation="delete_port_forward",
|
|
221
|
+
parameters=parameters,
|
|
222
|
+
result="dry_run",
|
|
223
|
+
site_id=site_id,
|
|
224
|
+
dry_run=True,
|
|
225
|
+
)
|
|
226
|
+
return {"dry_run": True, "would_delete": rule_id}
|
|
227
|
+
|
|
228
|
+
try:
|
|
229
|
+
async with UniFiClient(settings) as client:
|
|
230
|
+
await client.authenticate()
|
|
231
|
+
|
|
232
|
+
# Verify rule exists before deleting
|
|
233
|
+
response = await client.get(f"/ea/sites/{site_id}/rest/portforward")
|
|
234
|
+
# Handle both list and dict responses
|
|
235
|
+
rules_data: list[dict[str, Any]] = (
|
|
236
|
+
response if isinstance(response, list) else response.get("data", [])
|
|
237
|
+
)
|
|
238
|
+
|
|
239
|
+
rule_exists = any(rule.get("_id") == rule_id for rule in rules_data)
|
|
240
|
+
if not rule_exists:
|
|
241
|
+
raise ResourceNotFoundError("port_forward_rule", rule_id)
|
|
242
|
+
|
|
243
|
+
response = await client.delete(f"/ea/sites/{site_id}/rest/portforward/{rule_id}")
|
|
244
|
+
|
|
245
|
+
logger.info(f"Deleted port forwarding rule '{rule_id}' from site '{site_id}'")
|
|
246
|
+
log_audit(
|
|
247
|
+
operation="delete_port_forward",
|
|
248
|
+
parameters=parameters,
|
|
249
|
+
result="success",
|
|
250
|
+
site_id=site_id,
|
|
251
|
+
)
|
|
252
|
+
|
|
253
|
+
return {"success": True, "deleted_rule_id": rule_id}
|
|
254
|
+
|
|
255
|
+
except Exception as e:
|
|
256
|
+
logger.error(f"Failed to delete port forwarding rule '{rule_id}': {e}")
|
|
257
|
+
log_audit(
|
|
258
|
+
operation="delete_port_forward",
|
|
259
|
+
parameters=parameters,
|
|
260
|
+
result="failed",
|
|
261
|
+
site_id=site_id,
|
|
262
|
+
)
|
|
263
|
+
raise
|