From a947ac8cea1b8fbd04314c4b9e33484ca34c8e64 Mon Sep 17 00:00:00 2001
From: marco370 <48531002-marco370@users.noreply.replit.com>
Date: Tue, 25 Nov 2025 17:49:26 +0000
Subject: [PATCH] Fix connection issues with MikroTik routers

Update the MikroTik manager to correctly use API ports (8728/8729) and SSL settings for establishing connections.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 7a657272-55ba-4a79-9a2e-f1ed9bc7a528
Replit-Commit-Checkpoint-Type: intermediate_checkpoint
Replit-Commit-Event-Id: 84f094af-954b-41c6-893f-6ee7fd519235
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/449cf7c4-c97a-45ae-8234-e5c5b8d6a84f/7a657272-55ba-4a79-9a2e-f1ed9bc7a528/jFtLBWL
---
 python_ml/mikrotik_manager.py | 48 ++++++++++++++++++++++++-----------
 1 file changed, 33 insertions(+), 15 deletions(-)

diff --git a/python_ml/mikrotik_manager.py b/python_ml/mikrotik_manager.py
index 6bf4cd4..69d0650 100644
--- a/python_ml/mikrotik_manager.py
+++ b/python_ml/mikrotik_manager.py
@@ -21,33 +21,39 @@ class MikroTikManager:
         self.timeout = timeout
         self.clients = {}  # Cache di client HTTP per router
     
-    def _get_client(self, router_ip: str, username: str, password: str, port: int = 8728) -> httpx.AsyncClient:
+    def _get_client(self, router_ip: str, username: str, password: str, port: int = 8728, use_ssl: bool = False) -> httpx.AsyncClient:
         """Ottiene o crea client HTTP per un router"""
-        key = f"{router_ip}:{port}"
+        key = f"{router_ip}:{port}:{use_ssl}"
         if key not in self.clients:
-            # API REST MikroTik usa porta HTTP/HTTPS (default 80/443)
-            # Per semplicità useremo richieste HTTP dirette
+            # API REST MikroTik:
+            # - Porta 8728: HTTP (default)
+            # - Porta 8729: HTTPS (SSL)
+            protocol = "https" if use_ssl or port == 8729 else "http"
             auth = base64.b64encode(f"{username}:{password}".encode()).decode()
             headers = {
                 "Authorization": f"Basic {auth}",
                 "Content-Type": "application/json"
             }
             self.clients[key] = httpx.AsyncClient(
-                base_url=f"http://{router_ip}",
+                base_url=f"{protocol}://{router_ip}:{port}",
                 headers=headers,
-                timeout=self.timeout
+                timeout=self.timeout,
+                verify=False  # Disable SSL verification for self-signed certs
             )
         return self.clients[key]
     
-    async def test_connection(self, router_ip: str, username: str, password: str, port: int = 8728) -> bool:
+    async def test_connection(self, router_ip: str, username: str, password: str, port: int = 8728, use_ssl: bool = False) -> bool:
         """Testa connessione a un router"""
         try:
-            client = self._get_client(router_ip, username, password, port)
+            # Auto-detect SSL: porta 8729 = SSL
+            if port == 8729:
+                use_ssl = True
+            client = self._get_client(router_ip, username, password, port, use_ssl)
             # Prova a leggere system identity
             response = await client.get("/rest/system/identity")
             return response.status_code == 200
         except Exception as e:
-            print(f"[ERROR] Connessione a {router_ip} fallita: {e}")
+            print(f"[ERROR] Connessione a {router_ip}:{port} fallita: {e}")
             return False
     
     async def add_address_list(
@@ -59,14 +65,18 @@ class MikroTikManager:
         list_name: str = "ddos_blocked",
         comment: str = "",
         timeout_duration: str = "1h",
-        port: int = 8728
+        port: int = 8728,
+        use_ssl: bool = False
     ) -> bool:
         """
         Aggiunge IP alla address-list del router
         timeout_duration: es. "1h", "30m", "1d"
         """
         try:
-            client = self._get_client(router_ip, username, password, port)
+            # Auto-detect SSL: porta 8729 = SSL
+            if port == 8729:
+                use_ssl = True
+            client = self._get_client(router_ip, username, password, port, use_ssl)
             
             # Controlla se IP già esiste
             response = await client.get("/rest/ip/firewall/address-list")
@@ -105,11 +115,15 @@ class MikroTikManager:
         password: str,
         ip_address: str,
         list_name: str = "ddos_blocked",
-        port: int = 8728
+        port: int = 8728,
+        use_ssl: bool = False
     ) -> bool:
         """Rimuove IP dalla address-list del router"""
         try:
-            client = self._get_client(router_ip, username, password, port)
+            # Auto-detect SSL: porta 8729 = SSL
+            if port == 8729:
+                use_ssl = True
+            client = self._get_client(router_ip, username, password, port, use_ssl)
             
             # Trova ID dell'entry
             response = await client.get("/rest/ip/firewall/address-list")
@@ -139,11 +153,15 @@ class MikroTikManager:
         username: str,
         password: str,
         list_name: Optional[str] = None,
-        port: int = 8728
+        port: int = 8728,
+        use_ssl: bool = False
     ) -> List[Dict]:
         """Ottiene address-list da router"""
         try:
-            client = self._get_client(router_ip, username, password, port)
+            # Auto-detect SSL: porta 8729 = SSL
+            if port == 8729:
+                use_ssl = True
+            client = self._get_client(router_ip, username, password, port, use_ssl)
             response = await client.get("/rest/ip/firewall/address-list")
             
             if response.status_code == 200: