#!/bin/bash
# 快速修复防火墙配置脚本

echo "=========================================="
echo "修复防火墙配置 - 开放8039端口"
echo "=========================================="
echo ""

# 检查是否有sudo权限
if [ "$EUID" -ne 0 ]; then 
    echo "⚠️  需要sudo权限执行此脚本"
    echo "请使用: sudo bash fix_firewall.sh"
    exit 1
fi

# 检查firewalld是否运行
if systemctl is-active --quiet firewalld; then
    echo "✓ firewalld正在运行"
    echo ""
    echo "当前开放的端口:"
    firewall-cmd --list-ports
    echo ""
    
    # 检查8039端口是否已开放
    if firewall-cmd --list-ports | grep -q "8039/tcp"; then
        echo "✓ 端口8039已经开放"
    else
        echo "正在开放端口8039..."
        firewall-cmd --permanent --add-port=8039/tcp
        firewall-cmd --reload
        echo "✓ 端口8039已开放"
    fi
    
    echo ""
    echo "验证开放的端口:"
    firewall-cmd --list-ports
    echo ""
    
elif systemctl is-active --quiet iptables; then
    echo "✓ iptables正在运行"
    echo "正在添加iptables规则..."
    iptables -I INPUT -p tcp --dport 8039 -j ACCEPT
    service iptables save 2>/dev/null || iptables-save > /etc/sysconfig/iptables
    echo "✓ 端口8039已开放"
    
else
    echo "⚠️  未检测到防火墙服务"
    echo "请手动配置防火墙或云服务器安全组"
fi

echo ""
echo "=========================================="
echo "下一步操作:"
echo "=========================================="
echo "1. 如果使用云服务器，请在控制台配置安全组:"
echo "   - 开放TCP端口8039"
echo "   - 源IP: 0.0.0.0/0 (或限制为特定IP)"
echo ""
echo "2. 测试连接:"
echo "   curl http://101.43.95.130:8039/appLogin -X POST \\"
echo "     -H \"Content-Type: application/x-www-form-urlencoded\" \\"
echo "     -d \"username=admin&password=admin123\""
echo ""
echo "3. 在Postman中测试:"
echo "   POST http://101.43.95.130:8039/appLogin"
echo ""