Support special webserver.port ports ending in "s" (secure) and "r" (redirect) (#5499)

advanced/Scripts/api.sh

@@ -21,20 +21,60 @@
 TestAPIAvailability() {
 
     # as we are running locally, we can get the port value from FTL directly
-    PORT="$(pihole-FTL --config webserver.port)"
-    PORT="${PORT%%,*}"
+    local chaos_api_list availabilityResonse
 
-    availabilityResonse=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:${PORT}/api/auth")
+    # Query the API URLs from FTL using CHAOS TXT local.api.ftl
+    # The result is a space-separated enumeration of full URLs
+    # e.g., "http://localhost:80/api/" "https://localhost:443/api/"
+    chaos_api_list="$(dig +short chaos txt local.api.ftl @127.0.0.1)"
 
-    # test if http status code was 200 (OK) or 401 (authentication required)
-    if [ ! "${availabilityResonse}" = 200 ] && [ ! "${availabilityResonse}" = 401 ]; then
-        echo "API not available at: http://localhost:${PORT}/api"
+    # If the query was not successful, the variable is empty
+    if [ -z "${chaos_api_list}" ]; then
+        echo "API not available. Please check connectivity"
+        exit 1
+    fi
+
+    # Iterate over space-separated list of URLs
+    while [ -n "${chaos_api_list}" ]; do
+        # Get the first URL
+        API_URL="${chaos_api_list%% *}"
+        # Strip leading and trailing quotes
+        API_URL="${API_URL%\"}"
+        API_URL="${API_URL#\"}"
+
+        # Test if the API is available at this URL
+        availabilityResonse=$(curl -skS -o /dev/null -w "%{http_code}" "${API_URL}auth")
+
+        # Test if http status code was 200 (OK) or 401 (authentication required)
+        if [ ! "${availabilityResonse}" = 200 ] && [ ! "${availabilityResonse}" = 401 ]; then
+            # API is not available at this port/protocol combination
+            API_PORT=""
+        else
+            # API is available at this URL combination
+            break
+        fi
+
+        # Remove the first URL from the list
+        local last_api_list
+        last_api_list="${chaos_api_list}"
+        chaos_api_list="${chaos_api_list#* }"
+
+        # If the list did not change, we are at the last element
+        if [ "${last_api_list}" = "${chaos_api_list}" ]; then
+            # Remove the last element
+            chaos_api_list=""
+        fi
+    done
+
+    # if API_PORT is empty, no working API port was found
+    if [ -n "${API_PORT}" ]; then
+        echo "API not available at: ${API_URL}"
         echo "Exiting."
         exit 1
     fi
 }
 
-Authenthication() {
+Authentication() {
     # Try to authenticate
     LoginAPI
 
@@ -54,23 +94,23 @@ Authenthication() {
 }
 
 LoginAPI() {
-	sessionResponse="$(curl --silent -X POST "http://localhost:${PORT}/api/auth" --user-agent "Pi-hole cli " --data "{\"password\":\"${password}\"}" )"
+  sessionResponse="$(curl -skS -X POST "${API_URL}auth" --user-agent "Pi-hole cli " --data "{\"password\":\"${password}\"}" )"
 
   if [ -z "${sessionResponse}" ]; then
     echo "No response from FTL server. Please check connectivity"
     exit 1
   fi
-	# obtain validity and session ID from session response
-	validSession=$(echo "${sessionResponse}"| jq .session.valid 2>/dev/null)
-	SID=$(echo "${sessionResponse}"| jq --raw-output .session.sid 2>/dev/null)
+  # obtain validity and session ID from session response
+  validSession=$(echo "${sessionResponse}"| jq .session.valid 2>/dev/null)
+  SID=$(echo "${sessionResponse}"| jq --raw-output .session.sid 2>/dev/null)
 }
 
 DeleteSession() {
-    # if a valid Session exists (no password required or successful authenthication) and
-    # SID is not null (successful authenthication only), delete the session
+    # if a valid Session exists (no password required or successful Authentication) and
+    # SID is not null (successful Authentication only), delete the session
     if [ "${validSession}" = true ] && [ ! "${SID}" = null ]; then
         # Try to delete the session. Omit the output, but get the http status code
-        deleteResponse=$(curl -s -o /dev/null -w "%{http_code}" -X DELETE "http://localhost:${PORT}/api/auth"  -H "Accept: application/json" -H "sid: ${SID}")
+        deleteResponse=$(curl -skS -o /dev/null -w "%{http_code}" -X DELETE "${API_URL}auth"  -H "Accept: application/json" -H "sid: ${SID}")
 
         case "${deleteResponse}" in
             "200") printf "%b" "A session that was not created cannot be deleted (e.g., empty API password).\n";;
@@ -84,7 +124,7 @@ DeleteSession() {
 GetFTLData() {
   local data response status
   # get the data from querying the API as well as the http status code
-  response=$(curl -s -w "%{http_code}" -X GET "http://localhost:${PORT}/api$1" -H "Accept: application/json" -H "sid: ${SID}" )
+  response=$(curl -skS -w "%{http_code}" -X GET "${API_URL}$1" -H "Accept: application/json" -H "sid: ${SID}" )
 
   # status are the last 3 characters
   status=$(printf %s "${response#"${response%???}"}")

advanced/Scripts/query.sh

@@ -121,14 +121,14 @@ Main(){
     # or b) for the /search endpoint (webserver.api.searchAPIauth) no authentication is required.
     # Therefore, we try to query directly without authentication but do authenticat if 401 is returned
 
-    data=$(GetFTLData "/search/${domain}?N=${max_results}&partial=${partial}")
+    data=$(GetFTLData "search/${domain}?N=${max_results}&partial=${partial}")
 
     if [ "${data}" = 401 ]; then
         # Unauthenticated, so authenticate with the FTL server required
-        Authenthication
+        Authentication
 
         # send query again
-        data=$(GetFTLData "/search/${domain}?N=${max_results}&partial=${partial}")
+        data=$(GetFTLData "search/${domain}?N=${max_results}&partial=${partial}")
     fi
 
     GenerateOutput "${data}"