luci-mod-network: replace controller address check action with cgi-io script

This change removes the last bit of Lua code from luci-mod-network.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json

@@ -20,7 +20,7 @@
 	"luci-access": {
 		"description": "Grant access to basic LuCI procedures",
 		"read": {
-			"cgi-io": [ "backup", "download" ],
+			"cgi-io": [ "backup", "download", "exec" ],
 			"file": {
 				"/": [ "list" ],
 				"/*": [ "list" ],
@@ -47,7 +47,8 @@
 				"/usr/bin/ping6 *": [ "exec" ],
 				"/usr/bin/traceroute *": [ "exec" ],
 				"/usr/bin/traceroute6 *": [ "exec" ],
-				"/usr/bin/nslookup *": [ "exec" ]
+				"/usr/bin/nslookup *": [ "exec" ],
+				"/usr/libexec/luci-peeraddr": [ "exec" ]
 			},
 			"ubus": {
 				"file": [ "list", "read", "stat" ],

modules/luci-mod-network/htdocs/luci-static/resources/view/network/interfaces.js

@@ -160,8 +160,8 @@ function iface_updown(up, id, ev, force) {
 	btns[1].disabled = true;
 
 	if (!up) {
-		L.Request.get(L.url('admin/network/remote_addr')).then(function(res) {
+		L.resolveDefault(fs.exec_direct('/usr/libexec/luci-peeraddr')).then(function(res) {
-			var info = res.json();
+			var info = null; try { info = JSON.parse(res); } catch(e) {}
 
 			if (L.isObject(info) &&
 			    Array.isArray(info.inbound_interfaces) &&

modules/luci-mod-network/luasrc/controller/admin/network.lua

@@ -1,68 +0,0 @@
--- Copyright 2008 Steven Barth <steven@midlink.org>
--- Copyright 2011-2018 Jo-Philipp Wich <jo@mein.io>
--- Licensed to the public under the Apache License 2.0.
-
-module("luci.controller.admin.network", package.seeall)
-
-local function addr2dev(addr, src)
-	local ip = require "luci.ip"
-	local route = ip.route(addr, src)
-	if not src and route and route.src then
-		route = ip.route(addr, route.src:string())
-	end
-	return route and route.dev
-end
-
-function remote_addr()
-	local uci    = require "luci.model.uci"
-	local peer   = luci.http.getenv("REMOTE_ADDR")
-	local serv   = luci.http.getenv("SERVER_ADDR")
-	local device = addr2dev(peer, serv)
-	local ifaces = luci.util.ubus("network.interface", "dump")
-	local indevs = {}
-	local inifs  = {}
-
-	local result = {
-		remote_addr        = peer,
-		server_addr        = serv,
-		inbound_devices    = {},
-		inbound_interfaces = {}
-	}
-
-	if type(ifaces) == "table" and type(ifaces.interface) == "table" then
-		for _, iface in ipairs(ifaces.interface) do
-			if type(iface) == "table" then
-				if iface.device == device or iface.l3_device == device then
-					inifs[iface.interface] = true
-					indevs[device] = true
-				end
-
-				local peeraddr = uci:get("network", iface.interface, "peeraddr")
-				for _, ai in ipairs(peeraddr and nixio.getaddrinfo(peeraddr) or {}) do
-					local peerdev = addr2dev(ai.address)
-					if peerdev then
-						for _, iface in ipairs(ifaces.interface) do
-							if type(iface) == "table" and
-							   (iface.device == peerdev or iface.l3_device == peerdev)
-							then
-								inifs[iface.interface] = true
-								indevs[peerdev] = true
-							end
-						end
-					end
-				end
-			end
-		end
-	end
-
-	for k in pairs(inifs) do
-		result.inbound_interfaces[#result.inbound_interfaces + 1] = k
-	end
-
-	for k in pairs(indevs) do
-		result.inbound_devices[#result.inbound_devices + 1] = k
-	end
-
-	luci.http.prepare_content("application/json")
-	luci.http.write_json(result)
-end

modules/luci-mod-network/root/usr/libexec/luci-peeraddr

@@ -0,0 +1,46 @@
+#!/bin/sh
+
+NL="
+"
+
+function ifaces_by_device() {
+	ubus call network.interface dump 2>/dev/null | \
+		jsonfilter -e "@.interface[@.device='$1' || @.l3_device='$1'].interface"
+}
+
+function device_by_addr() {
+	set -- $(ip route get "$1" ${2:+from "$2"} 2>/dev/null)
+	echo "$5"
+}
+
+for inbound_device in $(device_by_addr "$REMOTE_ADDR" "$SERVER_ADDR"); do
+	inbound_devices="$inbound_device"
+	inbound_interfaces=""
+
+	for iface in $(ifaces_by_device "$inbound_device"); do
+		inbound_interfaces="${inbound_interfaces:+$inbound_interfaces$NL}$iface"
+
+		for peeraddr in $(uci get "network.$iface.peeraddr"); do
+			for ipaddr in $(resolveip -t 1 "$peeraddr" 2>/dev/null); do
+				for peerdev in $(device_by_addr "$ipaddr"); do
+					for iface in $(ifaces_by_device "$peerdev"); do
+						inbound_devices="${inbound_devices:+$inbound_devices$NL}$peerdev"
+						inbound_interfaces="${inbound_interfaces:+$inbound_interfaces$NL}$iface"
+					done
+				done
+			done
+		done
+	done
+done
+
+inbound_devices="$(echo "$inbound_devices" | sort -u | sed ':a;N;$!ba;s/\n/", "/g')"
+inbound_interfaces="$(echo "$inbound_interfaces" | sort -u | sed ':a;N;$!ba;s/\n/", "/g')"
+
+cat <<JSON
+{
+	"remote_addr": "$REMOTE_ADDR",
+	"server_addr": "$SERVER_ADDR",
+	"inbound_devices": [ ${inbound_devices:+\"$inbound_devices\"} ],
+	"inbound_interfaces": [ ${inbound_interfaces:+\"$inbound_interfaces\"} ]
+}
+JSON