feat(mitmproxy): Add bans list and unban RPCD methods

New methods for threats monitor dashboard:
- bans: Get CrowdSec decisions with counts by source
  Returns total, mitmproxy_autoban, crowdsec counts + full bans array
- unban: Remove ban by IP address

Updates ACL to include new methods for LuCI access.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

package/secubox/luci-app-mitmproxy/root/usr/libexec/rpcd/luci.mitmproxy

@@ -644,6 +644,64 @@ sync_routes() {
 	json_dump
 }
 
+get_bans() {
+	# Get CrowdSec decisions as JSON and output directly
+	local bans_json="[]"
+	local total=0
+	local autoban=0
+	local crowdsec_count=0
+
+	if command -v cscli >/dev/null 2>&1; then
+		bans_json=$(cscli decisions list -o json 2>/dev/null)
+		if [ -z "$bans_json" ] || [ "$bans_json" = "null" ]; then
+			bans_json="[]"
+		else
+			# Count using grep on the raw JSON - patterns match with/without spaces
+			total=$(echo "$bans_json" | grep -c '"id":' 2>/dev/null) || total=0
+			autoban=$(echo "$bans_json" | grep -c '"origin":.*"cscli"' 2>/dev/null) || autoban=0
+			crowdsec_count=$(echo "$bans_json" | grep -c '"origin":.*"crowdsec"' 2>/dev/null) || crowdsec_count=0
+		fi
+	fi
+
+	# Build response with embedded bans array
+	printf '{"success":true,"total":%d,"mitmproxy_autoban":%d,"crowdsec":%d,"bans":%s}\n' \
+		"$total" "$autoban" "$crowdsec_count" "$bans_json"
+}
+
+unban_ip() {
+	read -r input
+	local ip=$(echo "$input" | jsonfilter -e '@.ip' 2>/dev/null)
+
+	json_init
+
+	if [ -z "$ip" ]; then
+		json_add_boolean "success" 0
+		json_add_string "error" "IP address required"
+		json_dump
+		return
+	fi
+
+	if ! command -v cscli >/dev/null 2>&1; then
+		json_add_boolean "success" 0
+		json_add_string "error" "CrowdSec not installed"
+		json_dump
+		return
+	fi
+
+	cscli decisions delete --ip "$ip" >/dev/null 2>&1
+	local result=$?
+
+	if [ $result -eq 0 ]; then
+		json_add_boolean "success" 1
+		json_add_string "message" "Unbanned $ip"
+	else
+		json_add_boolean "success" 0
+		json_add_string "error" "Failed to unban $ip"
+	fi
+
+	json_dump
+}
+
 wan_setup() {
 	json_init
 
@@ -695,7 +753,7 @@ wan_clear() {
 }
 
 list_methods() { cat <<'EOFM'
-{"status":{},"status_cached":{},"settings":{},"save_settings":{"mode":"str","enabled":"bool","proxy_port":"int","web_port":"int","apply_now":"bool","wan_protection_enabled":"bool","wan_interface":"str"},"set_mode":{"mode":"str","apply_now":"bool"},"setup_firewall":{},"clear_firewall":{},"wan_setup":{},"wan_clear":{},"install":{},"start":{},"stop":{},"restart":{},"alerts":{},"threat_stats":{},"subdomain_metrics":{},"clear_alerts":{},"haproxy_enable":{},"haproxy_disable":{},"sync_routes":{}}
+{"status":{},"status_cached":{},"settings":{},"save_settings":{"mode":"str","enabled":"bool","proxy_port":"int","web_port":"int","apply_now":"bool","wan_protection_enabled":"bool","wan_interface":"str"},"set_mode":{"mode":"str","apply_now":"bool"},"setup_firewall":{},"clear_firewall":{},"wan_setup":{},"wan_clear":{},"install":{},"start":{},"stop":{},"restart":{},"alerts":{},"threat_stats":{},"subdomain_metrics":{},"clear_alerts":{},"haproxy_enable":{},"haproxy_disable":{},"sync_routes":{},"bans":{},"unban":{"ip":"str"}}
 EOFM
 }
 
@@ -723,6 +781,8 @@ case "$1" in
 			haproxy_enable) haproxy_enable ;;
 			haproxy_disable) haproxy_disable ;;
 			sync_routes) sync_routes ;;
+			bans) get_bans ;;
+			unban) unban_ip ;;
 			*) echo '{"error":"Unknown method"}' ;;
 		esac
 		;;

package/secubox/luci-app-mitmproxy/root/usr/share/rpcd/acl.d/luci-app-mitmproxy.json

@@ -3,7 +3,7 @@
 		"description": "Grant access to mitmproxy",
 		"read": {
 			"ubus": {
-				"luci.mitmproxy": ["status", "settings", "alerts", "threat_stats", "subdomain_metrics"]
+				"luci.mitmproxy": ["status", "settings", "alerts", "threat_stats", "subdomain_metrics", "bans"]
 			},
 			"uci": ["mitmproxy"]
 		},
@@ -23,7 +23,8 @@
 					"clear_alerts",
 					"haproxy_enable",
 					"haproxy_disable",
-					"sync_routes"
+					"sync_routes",
+					"unban"
 				]
 			},
 			"uci": ["mitmproxy"]