2018-11-08 17:05:34 +00:00
|
|
|
#!/usr/bin/env python3
|
2019-11-02 17:10:10 +00:00
|
|
|
# Copyright (C) 2018-2019 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
|
2018-11-16 13:14:08 +00:00
|
|
|
#
|
|
|
|
|
# This is free software, licensed under the GNU General Public License v3.0.
|
|
|
|
|
# See /LICENSE for more information.
|
|
|
|
|
#
|
2018-11-08 17:05:34 +00:00
|
|
|
|
2018-11-08 12:55:20 +00:00
|
|
|
import json
|
|
|
|
|
import base64
|
|
|
|
|
import uuid
|
|
|
|
|
import configparser
|
2018-11-14 16:34:13 +00:00
|
|
|
import subprocess
|
2018-11-08 17:05:34 +00:00
|
|
|
import os
|
2019-07-13 05:30:58 +00:00
|
|
|
import socket
|
2018-11-29 21:43:02 +00:00
|
|
|
import re
|
2019-06-02 21:11:58 +00:00
|
|
|
import hashlib
|
2019-08-30 05:52:59 +00:00
|
|
|
import time
|
2019-11-02 17:10:10 +00:00
|
|
|
import uvicorn
|
|
|
|
|
import jwt
|
|
|
|
|
from pprint import pprint
|
|
|
|
|
from datetime import datetime,timedelta
|
2018-11-08 17:05:34 +00:00
|
|
|
from tempfile import mkstemp
|
2019-11-02 17:10:10 +00:00
|
|
|
from typing import List
|
2018-11-08 17:05:34 +00:00
|
|
|
from shutil import move
|
2018-11-08 12:55:20 +00:00
|
|
|
from pprint import pprint
|
2019-10-10 19:13:14 +00:00
|
|
|
from netjsonconfig import OpenWrt
|
2019-11-02 17:10:10 +00:00
|
|
|
from fastapi import Depends, FastAPI, HTTPException, Security
|
|
|
|
|
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm, SecurityScopes
|
|
|
|
|
from jwt import PyJWTError
|
|
|
|
|
from passlib.context import CryptContext
|
|
|
|
|
from pydantic import BaseModel, ValidationError
|
|
|
|
|
from starlette.status import HTTP_401_UNAUTHORIZED
|
|
|
|
|
#from flask import Flask, jsonify, request, session
|
|
|
|
|
#from flask_jwt_simple import (
|
|
|
|
|
# JWTManager, jwt_required, create_jwt, get_jwt_identity
|
|
|
|
|
#)
|
2018-11-08 12:55:20 +00:00
|
|
|
|
|
|
|
|
|
2018-12-28 07:55:46 +00:00
|
|
|
import logging
|
2019-11-02 17:10:10 +00:00
|
|
|
log = logging.getLogger('api')
|
|
|
|
|
#log.setLevel(logging.ERROR)
|
|
|
|
|
log.setLevel(logging.DEBUG)
|
2018-11-08 12:55:20 +00:00
|
|
|
|
|
|
|
|
# Generate a random secret key
|
2019-11-02 17:10:10 +00:00
|
|
|
SECRET_KEY = uuid.uuid4().hex
|
|
|
|
|
JWT_SECRET_KEY = uuid.uuid4().hex
|
|
|
|
|
PERMANENT_SESSION_LIFETIME = timedelta(hours=24)
|
|
|
|
|
ACCESS_TOKEN_EXPIRE_MINUTES = 60
|
|
|
|
|
ALGORITHM = "HS256"
|
2018-11-08 12:55:20 +00:00
|
|
|
|
|
|
|
|
# Get main net interface
|
|
|
|
|
file = open('/etc/shorewall/params.net', "r")
|
|
|
|
|
read = file.read()
|
|
|
|
|
iface = None
|
|
|
|
|
for line in read.splitlines():
|
|
|
|
|
if 'NET_IFACE=' in line:
|
|
|
|
|
iface=line.split('=',1)[1]
|
|
|
|
|
|
|
|
|
|
# Get interface rx/tx
|
|
|
|
|
def get_bytes(t, iface='eth0'):
|
|
|
|
|
with open('/sys/class/net/' + iface + '/statistics/' + t + '_bytes', 'r') as f:
|
|
|
|
|
data = f.read();
|
|
|
|
|
return int(data)
|
|
|
|
|
|
|
|
|
|
def ordered(obj):
|
|
|
|
|
if isinstance(obj, dict):
|
|
|
|
|
return sorted((k, ordered(v)) for k, v in obj.items())
|
|
|
|
|
if isinstance(obj, list):
|
|
|
|
|
return sorted(ordered(x) for x in obj)
|
|
|
|
|
else:
|
|
|
|
|
return obj
|
|
|
|
|
|
2019-06-02 21:11:58 +00:00
|
|
|
def file_as_bytes(file):
|
|
|
|
|
with file:
|
|
|
|
|
return file.read()
|
|
|
|
|
|
2019-09-29 18:54:54 +00:00
|
|
|
def shorewall_add_port(port,proto,name,fwtype='ACCEPT'):
|
2019-06-02 21:11:58 +00:00
|
|
|
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
2019-04-18 19:09:26 +00:00
|
|
|
fd, tmpfile = mkstemp()
|
|
|
|
|
with open('/etc/shorewall/rules','r') as f, open(tmpfile,'a+') as n:
|
|
|
|
|
for line in f:
|
2019-09-29 18:54:54 +00:00
|
|
|
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line:
|
|
|
|
|
n.write(line)
|
|
|
|
|
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line:
|
|
|
|
|
n.write(line)
|
|
|
|
|
if fwtype == 'ACCEPT':
|
|
|
|
|
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR open ' + name + ' port ' + proto + "\n")
|
|
|
|
|
elif fwtype == 'DNAT':
|
|
|
|
|
n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' # OMR redirect ' + name + ' port ' + proto + "\n")
|
|
|
|
|
os.close(fd)
|
|
|
|
|
move(tmpfile,'/etc/shorewall/rules')
|
|
|
|
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
|
|
|
|
if not initial_md5 == final_md5:
|
|
|
|
|
os.system("systemctl -q reload shorewall")
|
|
|
|
|
|
|
|
|
|
def shorewall_del_port(port,proto,name,fwtype='ACCEPT'):
|
|
|
|
|
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
|
|
|
|
fd, tmpfile = mkstemp()
|
|
|
|
|
with open('/etc/shorewall/rules','r') as f, open(tmpfile,'a+') as n:
|
|
|
|
|
for line in f:
|
|
|
|
|
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line:
|
|
|
|
|
n.write(line)
|
|
|
|
|
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line:
|
2019-04-18 19:09:26 +00:00
|
|
|
n.write(line)
|
|
|
|
|
os.close(fd)
|
|
|
|
|
move(tmpfile,'/etc/shorewall/rules')
|
2019-06-02 21:11:58 +00:00
|
|
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
|
|
|
|
if not initial_md5 == final_md5:
|
|
|
|
|
os.system("systemctl -q reload shorewall")
|
2019-04-18 19:09:26 +00:00
|
|
|
|
2019-08-12 14:43:05 +00:00
|
|
|
def set_lastchange():
|
|
|
|
|
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
|
|
|
|
|
content = f.read()
|
|
|
|
|
content = re.sub(",\s*}","}",content)
|
|
|
|
|
try:
|
|
|
|
|
data = json.loads(content)
|
|
|
|
|
except ValueError as e:
|
|
|
|
|
return jsonify({'error': 'Config file not readable','route': 'lastchange'}), 200
|
2019-09-16 05:51:04 +00:00
|
|
|
data["lastchange"] = time.time()
|
2019-08-12 14:43:05 +00:00
|
|
|
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json','w') as outfile:
|
|
|
|
|
json.dump(data,outfile,indent=4)
|
2019-04-18 19:09:26 +00:00
|
|
|
|
2019-11-02 17:10:10 +00:00
|
|
|
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
|
|
|
|
|
omr_config_data = json.load(f)
|
2019-04-18 19:09:26 +00:00
|
|
|
|
2019-11-02 17:10:10 +00:00
|
|
|
fake_users_db = omr_config_data['users'][0]
|
2018-11-08 12:55:20 +00:00
|
|
|
|
2019-11-02 17:10:10 +00:00
|
|
|
def verify_password(plain_password, hashed_password):
|
|
|
|
|
#return pwd_context.verify(plain_password, hashed_password)
|
|
|
|
|
log.debug("plain_password: " + plain_password + " - hashed_password: " + hashed_password)
|
|
|
|
|
if plain_password == hashed_password:
|
|
|
|
|
log.debug("password true")
|
|
|
|
|
return True
|
|
|
|
|
return False
|
2018-11-08 17:05:34 +00:00
|
|
|
|
2019-11-02 17:10:10 +00:00
|
|
|
def get_password_hash(password):
|
|
|
|
|
#return pwd_context.hash(password)
|
|
|
|
|
return password
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def get_user(db, username: str):
|
|
|
|
|
if username in db:
|
|
|
|
|
user_dict = db[username]
|
|
|
|
|
return UserInDB(**user_dict)
|
|
|
|
|
|
|
|
|
|
def authenticate_user(fake_db, username: str, password: str):
|
|
|
|
|
user = get_user(fake_db, username)
|
|
|
|
|
if not user:
|
|
|
|
|
log.debug("user doesn't exist")
|
|
|
|
|
return False
|
|
|
|
|
if not verify_password(password, user.hashed_password):
|
|
|
|
|
log.debug("wrong password")
|
|
|
|
|
return False
|
|
|
|
|
return user
|
|
|
|
|
|
|
|
|
|
class Token(BaseModel):
|
|
|
|
|
access_token: str
|
|
|
|
|
token_type: str
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class TokenData(BaseModel):
|
|
|
|
|
username: str = None
|
|
|
|
|
|
|
|
|
|
class User(BaseModel):
|
|
|
|
|
username: str
|
|
|
|
|
# email: str = None
|
|
|
|
|
# full_name: str = None
|
|
|
|
|
disabled: bool = None
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class UserInDB(User):
|
|
|
|
|
hashed_password: str
|
|
|
|
|
|
|
|
|
|
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/token")
|
|
|
|
|
app = FastAPI()
|
2018-11-08 12:55:20 +00:00
|
|
|
|
|
|
|
|
|
2019-11-02 17:10:10 +00:00
|
|
|
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
|
|
|
|
|
|
|
|
|
oauth2_scheme = OAuth2PasswordBearer(
|
|
|
|
|
tokenUrl="/token",
|
|
|
|
|
scopes={"me": "Read information about the current user.", "items": "Read items."},
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
def create_access_token(*, data: dict, expires_delta: timedelta = None):
|
|
|
|
|
to_encode = data.copy()
|
|
|
|
|
if expires_delta:
|
|
|
|
|
expire = datetime.utcnow() + expires_delta
|
|
|
|
|
else:
|
|
|
|
|
expire = datetime.utcnow() + timedelta(minutes=15)
|
|
|
|
|
to_encode.update({"exp": expire})
|
|
|
|
|
encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
|
|
|
|
|
return encoded_jwt
|
|
|
|
|
|
|
|
|
|
async def get_current_user(token: str = Depends(oauth2_scheme)):
|
|
|
|
|
credentials_exception = HTTPException(
|
|
|
|
|
status_code=HTTP_401_UNAUTHORIZED,
|
|
|
|
|
detail="Could not validate credentials",
|
|
|
|
|
headers={"WWW-Authenticate": "Bearer"},
|
|
|
|
|
)
|
|
|
|
|
try:
|
|
|
|
|
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
|
|
|
|
|
username: str = payload.get("sub")
|
|
|
|
|
if username is None:
|
|
|
|
|
raise credentials_exception
|
|
|
|
|
token_data = TokenData(username=username)
|
|
|
|
|
except PyJWTError:
|
|
|
|
|
raise credentials_exception
|
|
|
|
|
user = get_user(fake_users_db, username=token_data.username)
|
|
|
|
|
if user is None:
|
|
|
|
|
raise credentials_exception
|
|
|
|
|
return user
|
|
|
|
|
|
|
|
|
|
# Provide a method to create access tokens. The create_jwt()
|
|
|
|
|
# function is used to actually generate the token
|
|
|
|
|
@app.post('/token', response_model=Token)
|
|
|
|
|
async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends()):
|
|
|
|
|
user = authenticate_user(fake_users_db, form_data.username, form_data.password)
|
|
|
|
|
if not user:
|
|
|
|
|
raise HTTPException(status_code=400, detail="Incorrect username or password")
|
2018-11-08 12:55:20 +00:00
|
|
|
|
|
|
|
|
# Identity can be any data that is json serializable
|
2019-11-02 17:10:10 +00:00
|
|
|
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
|
|
|
|
|
access_token = create_access_token(
|
|
|
|
|
data={"sub": user.username}, expires_delta=access_token_expires
|
|
|
|
|
)
|
|
|
|
|
return {"access_token": access_token, "token_type": "bearer"}
|
2018-11-08 12:55:20 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
# Get VPS status
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.get('/status')
|
2018-11-08 12:55:20 +00:00
|
|
|
def status():
|
2018-11-29 13:47:05 +00:00
|
|
|
vps_loadavg = os.popen("cat /proc/loadavg | awk '{print $1\" \"$2\" \"$3}'").read().rstrip()
|
|
|
|
|
vps_uptime = os.popen("cat /proc/uptime | awk '{print $1}'").read().rstrip()
|
2019-07-13 05:30:58 +00:00
|
|
|
vps_hostname = socket.gethostname()
|
2018-12-06 09:48:23 +00:00
|
|
|
mptcp_enabled = os.popen('sysctl -n net.mptcp.mptcp_enabled').read().rstrip()
|
2018-11-29 13:47:05 +00:00
|
|
|
|
2018-11-08 12:55:20 +00:00
|
|
|
if iface:
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'vps': {'loadavg': vps_loadavg,'uptime': vps_uptime,'mptcp': mptcp_enabled,'hostname': vps_hostname}, 'network': {'tx': get_bytes('tx',iface),'rx': get_bytes('rx',iface)}}
|
2018-11-08 12:55:20 +00:00
|
|
|
else:
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'error': 'No iface defined','route': 'status'}
|
2018-11-08 12:55:20 +00:00
|
|
|
|
|
|
|
|
# Get VPS config
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.get('/config')
|
|
|
|
|
def config(current_user: User = Depends(get_current_user)):
|
2019-03-27 20:28:18 +00:00
|
|
|
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
|
|
|
|
|
try:
|
|
|
|
|
omr_config_data = json.load(f)
|
|
|
|
|
except ValueError as e:
|
|
|
|
|
omr_config_data = {}
|
2018-11-08 12:55:20 +00:00
|
|
|
with open('/etc/shadowsocks-libev/config.json') as f:
|
2018-11-29 21:43:02 +00:00
|
|
|
content = f.read()
|
|
|
|
|
content = re.sub(",\s*}","}",content)
|
2018-12-06 09:48:23 +00:00
|
|
|
try:
|
|
|
|
|
data = json.loads(content)
|
|
|
|
|
except ValueError as e:
|
|
|
|
|
data = {'key': '', 'server_port': 65101, 'method': 'chacha20'}
|
2018-11-08 12:55:20 +00:00
|
|
|
shadowsocks_key = data["key"]
|
|
|
|
|
shadowsocks_port = data["server_port"]
|
|
|
|
|
shadowsocks_method = data["method"]
|
2018-11-29 22:14:23 +00:00
|
|
|
if 'fast_open' in data:
|
|
|
|
|
shadowsocks_fast_open = data["fast_open"]
|
|
|
|
|
else:
|
|
|
|
|
shadowsocks_fast_open = False
|
2019-01-02 14:10:38 +00:00
|
|
|
if 'reuse_port' in data:
|
2018-11-29 22:14:23 +00:00
|
|
|
shadowsocks_reuse_port = data["reuse_port"]
|
|
|
|
|
else:
|
|
|
|
|
shadowsocks_reuse_port = False
|
|
|
|
|
if 'no_delay' in data:
|
|
|
|
|
shadowsocks_no_delay = data["no_delay"]
|
|
|
|
|
else:
|
|
|
|
|
shadowsocks_no_delay = False
|
|
|
|
|
if 'mptcp' in data:
|
|
|
|
|
shadowsocks_mptcp = data["mptcp"]
|
|
|
|
|
else:
|
|
|
|
|
shadowsocks_mptcp = False
|
2019-01-02 14:10:38 +00:00
|
|
|
if 'ebpf' in data:
|
|
|
|
|
shadowsocks_ebpf = data["ebpf"]
|
|
|
|
|
else:
|
|
|
|
|
shadowsocks_ebpf = False
|
2018-11-08 12:55:20 +00:00
|
|
|
if "plugin" in data:
|
|
|
|
|
shadowsocks_obfs = True
|
2019-01-25 19:43:49 +00:00
|
|
|
if 'v2ray' in data["plugin"]:
|
|
|
|
|
shadowsocks_obfs_plugin = 'v2ray'
|
|
|
|
|
else:
|
|
|
|
|
shadowsocks_obfs_plugin = 'obfs'
|
|
|
|
|
if 'tls' in data["plugin_opts"]:
|
|
|
|
|
shadowsocks_obfs_type = 'tls'
|
|
|
|
|
else:
|
2019-01-25 21:17:55 +00:00
|
|
|
shadowsocks_obfs_type = 'http'
|
2018-11-08 12:55:20 +00:00
|
|
|
else:
|
|
|
|
|
shadowsocks_obfs = False
|
2019-01-25 19:43:49 +00:00
|
|
|
shadowsocks_obfs_plugin = ''
|
|
|
|
|
shadowsocks_obfs_type = ''
|
2018-12-06 09:48:23 +00:00
|
|
|
if os.path.isfile('/etc/glorytun-tcp/tun0.key'):
|
|
|
|
|
glorytun_key = open('/etc/glorytun-tcp/tun0.key').readline().rstrip()
|
|
|
|
|
else:
|
|
|
|
|
glorytun_key = ''
|
|
|
|
|
glorytun_port = '65001'
|
2019-05-23 19:55:49 +00:00
|
|
|
glorytun_chacha = False
|
2018-12-06 09:48:23 +00:00
|
|
|
if os.path.isfile('/etc/glorytun-tcp/tun0'):
|
|
|
|
|
with open('/etc/glorytun-tcp/tun0',"r") as glorytun_file:
|
|
|
|
|
for line in glorytun_file:
|
|
|
|
|
if 'PORT=' in line:
|
|
|
|
|
glorytun_port = line.replace(line[:5], '').rstrip()
|
2019-05-23 19:55:49 +00:00
|
|
|
if 'chacha' in line:
|
|
|
|
|
glorytun_chacha = True
|
2019-03-27 20:28:18 +00:00
|
|
|
if 'glorytun_tcp_type' in omr_config_data:
|
|
|
|
|
if omr_config_data['glorytun_tcp_type'] == 'static':
|
|
|
|
|
glorytun_tcp_host_ip = '10.255.255.1'
|
|
|
|
|
glorytun_tcp_client_ip = '10.255.255.2'
|
|
|
|
|
else:
|
|
|
|
|
glorytun_tcp_host_ip = 'dhcp'
|
|
|
|
|
glorytun_tcp_client_ip = 'dhcp'
|
|
|
|
|
else:
|
|
|
|
|
glorytun_tcp_host_ip = '10.255.255.1'
|
|
|
|
|
glorytun_tcp_client_ip = '10.255.255.2'
|
|
|
|
|
if 'glorytun_udp_type' in omr_config_data:
|
|
|
|
|
if omr_config_data['glorytun_udp_type'] == 'static':
|
2019-05-07 19:45:11 +00:00
|
|
|
glorytun_udp_host_ip = '10.255.254.1'
|
|
|
|
|
glorytun_udp_client_ip = '10.255.254.2'
|
2019-03-27 20:28:18 +00:00
|
|
|
else:
|
|
|
|
|
glorytun_udp_host_ip = 'dhcp'
|
|
|
|
|
glorytun_udp_client_ip = 'dhcp'
|
|
|
|
|
else:
|
2019-05-07 19:45:11 +00:00
|
|
|
glorytun_udp_host_ip = '10.255.254.1'
|
|
|
|
|
glorytun_udp_client_ip = '10.255.254.2'
|
2018-12-03 10:07:03 +00:00
|
|
|
available_vpn = ["glorytun-tcp", "glorytun-udp"]
|
2019-08-02 15:22:43 +00:00
|
|
|
if os.path.isfile('/etc/dsvpn/dsvpn.key'):
|
|
|
|
|
dsvpn_key = open('/etc/dsvpn/dsvpn.key').readline().rstrip()
|
|
|
|
|
available_vpn.append("dsvpn")
|
|
|
|
|
else:
|
|
|
|
|
dsvpn_key = ''
|
|
|
|
|
dsvpn_port = '65011'
|
2019-08-07 18:42:42 +00:00
|
|
|
dsvpn_host_ip = '10.255.251.1'
|
|
|
|
|
dsvpn_client_ip = '10.255.251.2'
|
2018-11-23 14:19:30 +00:00
|
|
|
|
2019-03-28 19:17:06 +00:00
|
|
|
if os.path.isfile('/etc/iperf3/public.pem'):
|
|
|
|
|
with open('/etc/iperf3/public.pem',"rb") as iperfkey_file:
|
2019-03-27 20:28:18 +00:00
|
|
|
iperf_keyb = base64.b64encode(iperfkey_file.read())
|
|
|
|
|
iperf3_key = iperf_keyb.decode('utf-8')
|
|
|
|
|
else:
|
|
|
|
|
iperf3_key = ''
|
|
|
|
|
|
2019-04-18 19:09:26 +00:00
|
|
|
if os.path.isfile('/etc/pihole/setupVars.conf'):
|
|
|
|
|
pihole = True
|
|
|
|
|
else:
|
|
|
|
|
pihole = False
|
2019-03-27 20:28:18 +00:00
|
|
|
|
2018-11-23 14:19:30 +00:00
|
|
|
if os.path.isfile('/etc/openvpn/server/static.key'):
|
|
|
|
|
with open('/etc/openvpn/server/static.key',"rb") as ovpnkey_file:
|
2019-01-06 17:53:06 +00:00
|
|
|
openvpn_keyb = base64.b64encode(ovpnkey_file.read())
|
|
|
|
|
openvpn_key = openvpn_keyb.decode('utf-8')
|
|
|
|
|
available_vpn.append("openvpn")
|
2018-11-23 14:19:30 +00:00
|
|
|
else:
|
|
|
|
|
openvpn_key = ''
|
2019-10-25 18:22:00 +00:00
|
|
|
if os.path.isfile('/etc/openvpn/client/client.key'):
|
|
|
|
|
with open('/etc/openvpn/client/client.key',"rb") as ovpnkey_file:
|
|
|
|
|
openvpn_keyb = base64.b64encode(ovpnkey_file.read())
|
|
|
|
|
openvpn_client_key = openvpn_keyb.decode('utf-8')
|
|
|
|
|
else:
|
|
|
|
|
openvpn_client_key = ''
|
|
|
|
|
if os.path.isfile('/etc/openvpn/client/client.crt'):
|
|
|
|
|
with open('/etc/openvpn/client/client.crt',"rb") as ovpnkey_file:
|
|
|
|
|
openvpn_keyb = base64.b64encode(ovpnkey_file.read())
|
|
|
|
|
openvpn_client_crt = openvpn_keyb.decode('utf-8')
|
|
|
|
|
else:
|
|
|
|
|
openvpn_client_crt = ''
|
|
|
|
|
if os.path.isfile('/etc/openvpn/server/ca.crt'):
|
|
|
|
|
with open('/etc/openvpn/server/ca.crt',"rb") as ovpnkey_file:
|
|
|
|
|
openvpn_keyb = base64.b64encode(ovpnkey_file.read())
|
|
|
|
|
openvpn_client_ca = openvpn_keyb.decode('utf-8')
|
|
|
|
|
else:
|
|
|
|
|
openvpn_client_ca = ''
|
2018-12-06 09:48:23 +00:00
|
|
|
openvpn_port = '65301'
|
|
|
|
|
if os.path.isfile('/etc/openvpn/openvpn-tun0.conf'):
|
|
|
|
|
with open('/etc/openvpn/openvpn-tun0.conf',"r") as openvpn_file:
|
|
|
|
|
for line in openvpn_file:
|
|
|
|
|
if 'port ' in line:
|
|
|
|
|
openvpn_port = line.replace(line[:5], '').rstrip()
|
2019-04-20 16:16:22 +00:00
|
|
|
openvpn_host_ip = '10.255.252.1'
|
|
|
|
|
openvpn_client_ip = '10.255.252.2'
|
2019-02-09 14:30:56 +00:00
|
|
|
#openvpn_client_ip = 'dhcp'
|
2018-11-23 14:19:30 +00:00
|
|
|
|
|
|
|
|
if os.path.isfile('/etc/mlvpn/mlvpn0.conf'):
|
|
|
|
|
mlvpn_config = configparser.ConfigParser()
|
|
|
|
|
mlvpn_config.readfp(open(r'/etc/mlvpn/mlvpn0.conf'))
|
|
|
|
|
mlvpn_key = mlvpn_config.get('general','password').strip('"')
|
2018-12-03 10:07:03 +00:00
|
|
|
available_vpn.append("mlvpn")
|
2018-11-23 14:19:30 +00:00
|
|
|
else:
|
|
|
|
|
mlvpn_key = ''
|
2019-04-20 16:16:22 +00:00
|
|
|
mlvpn_host_ip = '10.255.253.1'
|
|
|
|
|
mlvpn_client_ip = '10.255.253.2'
|
2018-12-03 10:07:03 +00:00
|
|
|
|
2018-11-14 16:34:13 +00:00
|
|
|
|
2018-11-21 09:00:00 +00:00
|
|
|
mptcp_enabled = os.popen('sysctl -n net.mptcp.mptcp_enabled').read().rstrip()
|
2018-11-14 16:34:13 +00:00
|
|
|
mptcp_checksum = os.popen('sysctl -n net.mptcp.mptcp_checksum').read().rstrip()
|
|
|
|
|
mptcp_path_manager = os.popen('sysctl -n net.mptcp.mptcp_path_manager').read().rstrip()
|
|
|
|
|
mptcp_scheduler = os.popen('sysctl -n net.mptcp.mptcp_scheduler').read().rstrip()
|
|
|
|
|
mptcp_syn_retries = os.popen('sysctl -n net.mptcp.mptcp_syn_retries').read().rstrip()
|
|
|
|
|
|
|
|
|
|
congestion_control = os.popen('sysctl -n net.ipv4.tcp_congestion_control').read().rstrip()
|
2018-11-08 12:55:20 +00:00
|
|
|
|
2018-11-21 09:00:00 +00:00
|
|
|
ipv6_network = os.popen('ip -6 addr show ' + iface +' | grep -oP "(?<=inet6 ).*(?= scope global)"').read().rstrip()
|
2019-02-28 07:26:37 +00:00
|
|
|
#ipv6_addr = os.popen('wget -6 -qO- -T 2 ipv6.openmptcprouter.com').read().rstrip()
|
2019-03-10 20:44:33 +00:00
|
|
|
ipv6_addr = os.popen('ip -6 addr show ' + iface +' | grep -oP "(?<=inet6 ).*(?= scope global)" | cut -d/ -f1').read().rstrip()
|
2019-07-25 06:25:12 +00:00
|
|
|
#ipv4_addr = os.popen('wget -4 -qO- -T 1 https://ip.openmptcprouter.com').read().rstrip()
|
2019-08-07 18:42:42 +00:00
|
|
|
ipv4_addr = os.popen("dig -4 TXT +timeout=2 +tries=1 +short o-o.myaddr.l.google.com @ns1.google.com | awk -F'\"' '{ print $2}'").read().rstrip()
|
2019-07-25 06:25:12 +00:00
|
|
|
if ipv4_addr == '':
|
|
|
|
|
ipv4_addr = os.popen('wget -4 -qO- -T 1 http://ifconfig.co').read().rstrip()
|
|
|
|
|
#ipv4_addr = ""
|
2018-11-21 09:00:00 +00:00
|
|
|
|
2019-06-15 18:31:01 +00:00
|
|
|
test_aes = os.popen('cat /proc/cpuinfo | grep aes').read().rstrip()
|
|
|
|
|
if test_aes == '':
|
|
|
|
|
vps_aes = False
|
|
|
|
|
else:
|
|
|
|
|
vps_aes = True
|
2018-11-21 09:00:00 +00:00
|
|
|
vps_kernel = os.popen('uname -r').read().rstrip()
|
|
|
|
|
vps_machine = os.popen('uname -m').read().rstrip()
|
2019-03-29 17:27:58 +00:00
|
|
|
vps_omr_version = os.popen("grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}'").read().rstrip()
|
2018-11-29 13:47:05 +00:00
|
|
|
vps_loadavg = os.popen("cat /proc/loadavg | awk '{print $1" "$2" "$3}'").read().rstrip()
|
|
|
|
|
vps_uptime = os.popen("cat /proc/uptime | awk '{print $1}'").read().rstrip()
|
2019-07-25 06:25:12 +00:00
|
|
|
vps_domain = os.popen('wget -4 -qO- -T 1 http://hostname.openmptcprouter.com').read().rstrip()
|
|
|
|
|
#vps_domain = os.popen('dig -4 +short +times=3 +tries=1 -x ' + ipv4_addr + " | sed 's/\.$//'").read().rstrip()
|
2018-11-16 13:14:08 +00:00
|
|
|
|
2019-06-24 16:14:16 +00:00
|
|
|
vpn = ''
|
|
|
|
|
if os.path.isfile('/etc/openmptcprouter-vps-admin/current-vpn'):
|
|
|
|
|
vpn = os.popen('cat /etc/openmptcprouter-vps-admin/current-vpn').read().rstrip()
|
|
|
|
|
if vpn == '':
|
|
|
|
|
vpn = 'glorytun-tcp'
|
|
|
|
|
|
2018-11-14 14:10:42 +00:00
|
|
|
shorewall_redirect = "enable"
|
2018-11-08 17:22:43 +00:00
|
|
|
with open('/etc/shorewall/rules','r') as f:
|
|
|
|
|
for line in f:
|
|
|
|
|
if '#DNAT net vpn:$OMR_ADDR tcp 1-64999' in line:
|
2018-11-14 14:10:42 +00:00
|
|
|
shorewall_redirect = "disable"
|
2018-11-08 17:22:43 +00:00
|
|
|
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'vps': {'kernel': vps_kernel,'machine': vps_machine,'omr_version': vps_omr_version,'loadavg': vps_loadavg,'uptime': vps_uptime,'aes': vps_aes},'shadowsocks': {'key': shadowsocks_key,'port': shadowsocks_port,'method': shadowsocks_method,'fast_open': shadowsocks_fast_open,'reuse_port': shadowsocks_reuse_port,'no_delay': shadowsocks_no_delay,'mptcp': shadowsocks_mptcp,'ebpf': shadowsocks_ebpf,'obfs': shadowsocks_obfs,'obfs_plugin': shadowsocks_obfs_plugin,'obfs_type': shadowsocks_obfs_type},'glorytun': {'key': glorytun_key,'udp': {'host_ip': glorytun_udp_host_ip,'client_ip': glorytun_udp_client_ip},'tcp': {'host_ip': glorytun_tcp_host_ip,'client_ip': glorytun_tcp_client_ip},'port': glorytun_port,'chacha': glorytun_chacha},'dsvpn': {'key': dsvpn_key, 'host_ip': dsvpn_host_ip, 'client_ip': dsvpn_client_ip, 'port': dsvpn_port},'openvpn': {'key': openvpn_key,'client_key': openvpn_client_key,'client_crt': openvpn_client_crt,'client_ca': openvpn_client_ca,'host_ip': openvpn_host_ip, 'client_ip': openvpn_client_ip, 'port': openvpn_port},'mlvpn': {'key': mlvpn_key, 'host_ip': mlvpn_host_ip, 'client_ip': mlvpn_client_ip},'shorewall': {'redirect_ports': shorewall_redirect},'mptcp': {'enabled': mptcp_enabled,'checksum': mptcp_checksum,'path_manager': mptcp_path_manager,'scheduler': mptcp_scheduler, 'syn_retries': mptcp_syn_retries},'network': {'congestion_control': congestion_control,'ipv6_network': ipv6_network,'ipv6': ipv6_addr,'ipv4': ipv4_addr,'domain': vps_domain},'vpn': {'available': available_vpn,'current': vpn},'iperf': {'user': 'openmptcprouter','password': 'openmptcprouter', 'key': iperf3_key},'pihole': {'state': pihole}}
|
2018-11-08 12:55:20 +00:00
|
|
|
|
|
|
|
|
# Set shadowsocks config
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.get('/shadowsocks')
|
|
|
|
|
def shadowsocks(current_user: User = Depends(get_current_user)):
|
2018-11-14 14:10:42 +00:00
|
|
|
with open('/etc/shadowsocks-libev/config.json') as f:
|
2018-11-29 21:43:02 +00:00
|
|
|
content = f.read()
|
|
|
|
|
content = re.sub(",\s*}","}",content)
|
2018-12-06 09:48:23 +00:00
|
|
|
try:
|
|
|
|
|
data = json.loads(content)
|
|
|
|
|
except ValueError as e:
|
|
|
|
|
data = {'timeout': 600, 'verbose': 0, 'prefer_ipv6': False}
|
2018-11-29 21:43:02 +00:00
|
|
|
#key = data["key"]
|
2018-12-06 09:48:23 +00:00
|
|
|
if 'timeout' in data:
|
|
|
|
|
timeout = data["timeout"]
|
2018-11-29 22:14:23 +00:00
|
|
|
if 'verbose' in data:
|
|
|
|
|
verbose = data["verbose"]
|
|
|
|
|
else:
|
|
|
|
|
verbose = 0
|
2018-11-08 12:55:20 +00:00
|
|
|
prefer_ipv6 = data["prefer_ipv6"]
|
|
|
|
|
params = request.get_json()
|
|
|
|
|
port = params.get('port', None)
|
|
|
|
|
method = params.get('method', None)
|
|
|
|
|
fast_open = params.get('fast_open', None)
|
|
|
|
|
reuse_port = params.get('reuse_port', None)
|
|
|
|
|
no_delay = params.get('no_delay', None)
|
|
|
|
|
mptcp = params.get('mptcp', None)
|
2019-01-25 19:43:49 +00:00
|
|
|
obfs = params.get('obfs', False)
|
|
|
|
|
obfs_plugin = params.get('obfs_plugin', False)
|
|
|
|
|
obfs_type = params.get('obfs_type', None)
|
2019-01-06 17:53:06 +00:00
|
|
|
ebpf = params.get('ebpf', False)
|
2018-11-29 21:43:02 +00:00
|
|
|
key = params.get('key', None)
|
|
|
|
|
if not key:
|
2018-12-06 09:48:23 +00:00
|
|
|
if 'key' in data:
|
|
|
|
|
key = data["key"]
|
2019-08-29 20:39:22 +00:00
|
|
|
#ipv4_addr = os.popen('wget -4 -qO- -T 2 http://ip.openmptcprouter.com').read().rstrip()
|
2019-04-18 20:34:14 +00:00
|
|
|
vps_domain = os.popen('wget -4 -qO- -T 2 http://hostname.openmptcprouter.com').read().rstrip()
|
2019-04-18 19:09:26 +00:00
|
|
|
|
2019-01-06 17:53:06 +00:00
|
|
|
if port is None or method is None or fast_open is None or reuse_port is None or no_delay is None or key is None:
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'error','reason': 'Invalid parameters','route': 'shadowsocks'}
|
2018-11-08 12:55:20 +00:00
|
|
|
if obfs:
|
2019-01-25 19:57:27 +00:00
|
|
|
if obfs_plugin == 'v2ray':
|
|
|
|
|
if obfs_type == 'tls':
|
2019-04-18 19:09:26 +00:00
|
|
|
if vps_domain == '':
|
2019-08-29 20:39:22 +00:00
|
|
|
shadowsocks_config = {'server': '::0','server_port': port,'local_port': 1081,'mode': 'tcp_and_udp','key': key,'timeout': timeout,'method': method,'verbose': verbose,'ipv6_first': True, 'prefer_ipv6': prefer_ipv6,'fast_open': fast_open,'no_delay': no_delay,'reuse_port': reuse_port,'mptcp': mptcp,'ebpf': ebpf,'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/v2ray-plugin','plugin_opts': 'server;tls'}
|
2019-04-18 19:09:26 +00:00
|
|
|
else:
|
2019-08-29 20:39:22 +00:00
|
|
|
shadowsocks_config = {'server': '::0','server_port': port,'local_port': 1081,'mode': 'tcp_and_udp','key': key,'timeout': timeout,'method': method,'verbose': verbose,'ipv6_first': True, 'prefer_ipv6': prefer_ipv6,'fast_open': fast_open,'no_delay': no_delay,'reuse_port': reuse_port,'mptcp': mptcp,'ebpf': ebpf,'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/v2ray-plugin','plugin_opts': 'server;tls;host=' + vps_domain}
|
2019-01-25 19:43:49 +00:00
|
|
|
else:
|
2019-08-29 20:39:22 +00:00
|
|
|
shadowsocks_config = {'server': '::0','server_port': port,'local_port': 1081,'mode': 'tcp_and_udp','key': key,'timeout': timeout,'method': method,'verbose': verbose,'ipv6_first': True, 'prefer_ipv6': prefer_ipv6,'fast_open': fast_open,'no_delay': no_delay,'reuse_port': reuse_port,'mptcp': mptcp,'ebpf': ebpf,'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/v2ray-plugin','plugin_opts': 'server'}
|
2019-01-25 19:43:49 +00:00
|
|
|
else:
|
2019-01-25 19:57:27 +00:00
|
|
|
if obfs_type == 'tls':
|
2019-04-18 19:09:26 +00:00
|
|
|
if vps_domain == '':
|
2019-08-29 20:39:22 +00:00
|
|
|
shadowsocks_config = {'server': ('[::0]', '0.0.0.0'),'server_port': port,'local_port': 1081,'mode': 'tcp_and_udp','key': key,'timeout': timeout,'method': method,'verbose': verbose,'ipv6_first': True, 'prefer_ipv6': prefer_ipv6,'fast_open': fast_open,'no_delay': no_delay,'reuse_port': reuse_port,'mptcp': mptcp,'ebpf': ebpf,'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/obfs-server','plugin_opts': 'obfs=tls;mptcp;fast-open;t=400'}
|
2019-04-18 19:09:26 +00:00
|
|
|
else:
|
2019-08-29 20:39:22 +00:00
|
|
|
shadowsocks_config = {'server': ('[::0]', '0.0.0.0'),'server_port': port,'local_port': 1081,'mode': 'tcp_and_udp','key': key,'timeout': timeout,'method': method,'verbose': verbose,'ipv6_first': True, 'prefer_ipv6': prefer_ipv6,'fast_open': fast_open,'no_delay': no_delay,'reuse_port': reuse_port,'mptcp': mptcp,'ebpf': ebpf,'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/obfs-server','plugin_opts': 'obfs=tls;mptcp;fast-open;t=400;host=' + vps_domain}
|
2019-01-25 19:43:49 +00:00
|
|
|
else:
|
2019-08-29 20:39:22 +00:00
|
|
|
shadowsocks_config = {'server': ('[::0]', '0.0.0.0'),'server_port': port,'local_port': 1081,'mode': 'tcp_and_udp','key': key,'timeout': timeout,'method': method,'verbose': verbose,'ipv6_first': True, 'prefer_ipv6': prefer_ipv6,'fast_open': fast_open,'no_delay': no_delay,'reuse_port': reuse_port,'mptcp': mptcp,'ebpf': ebpf,'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/obfs-server','plugin_opts': 'obfs=http;mptcp;fast-open;t=400'}
|
2018-11-08 12:55:20 +00:00
|
|
|
else:
|
2019-08-29 20:39:22 +00:00
|
|
|
shadowsocks_config = {'server': ('[::0]', '0.0.0.0'),'server_port': port,'local_port': 1081,'mode': 'tcp_and_udp','key': key,'timeout': timeout,'method': method,'verbose': verbose,'ipv6_first': True, 'prefer_ipv6': prefer_ipv6,'fast_open': fast_open,'no_delay': no_delay,'reuse_port': reuse_port,'mptcp': mptcp,'ebpf': ebpf,'acl': '/etc/shadowsocks-libev/local.acl'}
|
2018-11-08 12:55:20 +00:00
|
|
|
|
|
|
|
|
if ordered(data) != ordered(json.loads(json.dumps(shadowsocks_config))):
|
2018-11-14 14:10:42 +00:00
|
|
|
with open('/etc/shadowsocks-libev/config.json','w') as outfile:
|
2018-12-06 09:48:23 +00:00
|
|
|
json.dump(shadowsocks_config,outfile,indent=4)
|
2018-11-08 17:05:34 +00:00
|
|
|
os.system("systemctl restart shadowsocks-libev-server@config.service")
|
|
|
|
|
for x in range (1,os.cpu_count()):
|
2018-11-14 14:10:42 +00:00
|
|
|
os.system("systemctl restart shadowsocks-libev-server@config" + str(x) + ".service")
|
2019-09-29 18:54:54 +00:00
|
|
|
shorewall_add_port(str(port),'tcp','shadowsocks')
|
|
|
|
|
shorewall_add_port(str(port),'udp','shadowsocks')
|
2019-08-12 14:43:05 +00:00
|
|
|
set_lastchange()
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'done','reason': 'changes applied','route': 'shadowsocks'}
|
2018-11-08 12:55:20 +00:00
|
|
|
else:
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'done','reason': 'no changes','route': 'shadowsocks'}
|
2018-11-08 12:55:20 +00:00
|
|
|
|
2018-11-08 17:05:34 +00:00
|
|
|
# Set shorewall config
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.post('/shorewall')
|
|
|
|
|
def shorewall(current_user: User = Depends(get_current_user)):
|
2018-11-08 17:05:34 +00:00
|
|
|
params = request.get_json()
|
|
|
|
|
state = params.get('redirect_ports', None)
|
2019-01-06 17:53:06 +00:00
|
|
|
if state is None:
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'error','reason': 'Invalid parameters','route': 'shorewall'}
|
2019-06-02 21:11:58 +00:00
|
|
|
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
2018-11-08 17:05:34 +00:00
|
|
|
fd, tmpfile = mkstemp()
|
|
|
|
|
with open('/etc/shorewall/rules','r') as f, open(tmpfile,'a+') as n:
|
|
|
|
|
for line in f:
|
2018-12-03 10:07:03 +00:00
|
|
|
if state == 'enable' and line == '#DNAT net vpn:$OMR_ADDR tcp 1-64999\n':
|
2018-11-08 17:05:34 +00:00
|
|
|
n.write(line.replace(line[:1], ''))
|
2018-12-03 10:07:03 +00:00
|
|
|
elif state == 'enable' and line == '#DNAT net vpn:$OMR_ADDR udp 1-64999\n':
|
2018-11-08 17:05:34 +00:00
|
|
|
n.write(line.replace(line[:1], ''))
|
2018-12-03 10:07:03 +00:00
|
|
|
elif state == 'disable' and line == 'DNAT net vpn:$OMR_ADDR tcp 1-64999\n':
|
2018-11-08 17:05:34 +00:00
|
|
|
n.write('#' + line)
|
2018-12-03 10:07:03 +00:00
|
|
|
elif state == 'disable' and line == 'DNAT net vpn:$OMR_ADDR udp 1-64999\n':
|
2018-11-08 17:05:34 +00:00
|
|
|
n.write('#' + line)
|
|
|
|
|
else:
|
|
|
|
|
n.write(line)
|
|
|
|
|
os.close(fd)
|
2018-11-16 13:14:08 +00:00
|
|
|
move(tmpfile,'/etc/shorewall/rules')
|
2019-06-02 21:11:58 +00:00
|
|
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
|
|
|
|
|
if not initial_md5 == final_md5:
|
|
|
|
|
os.system("systemctl -q reload shorewall")
|
2018-11-08 17:05:34 +00:00
|
|
|
# Need to do the same for IPv6...
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'done','reason': 'changes applied'}
|
2018-11-08 17:05:34 +00:00
|
|
|
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.post('/shorewalllist')
|
|
|
|
|
def shorewall_list(current_user: User = Depends(get_current_user)):
|
2019-09-29 18:54:54 +00:00
|
|
|
params = request.get_json()
|
|
|
|
|
name = params.get('name', None)
|
|
|
|
|
if name is None:
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'error','reason': 'Invalid parameters','route': 'shorewalllist'}
|
2019-09-29 18:54:54 +00:00
|
|
|
fwlist = []
|
|
|
|
|
with open('/etc/shorewall/rules','r') as f:
|
|
|
|
|
for line in f:
|
|
|
|
|
if '# OMR ' + name in line:
|
|
|
|
|
fwlist.append(line)
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'list': fwlist}
|
2019-09-29 18:54:54 +00:00
|
|
|
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.post('/shorewallopen')
|
|
|
|
|
def shorewall_open(current_user: User = Depends(get_current_user)):
|
2019-09-29 18:54:54 +00:00
|
|
|
params = request.get_json()
|
|
|
|
|
name = params.get('name', None)
|
|
|
|
|
port = params.get('port', None)
|
|
|
|
|
proto = params.get('proto', None)
|
|
|
|
|
fwtype = params.get('fwtype', None)
|
|
|
|
|
if name is None:
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'error','reason': 'Invalid parameters','route': 'shorewalllist'}
|
2019-09-29 18:54:54 +00:00
|
|
|
shorewall_add_port(str(port),proto,name,fwtype)
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'done','reason': 'changes applied'}
|
2019-09-29 18:54:54 +00:00
|
|
|
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.post('/shorewallclose')
|
|
|
|
|
def shorewall_close(current_user: User = Depends(get_current_user)):
|
2019-09-29 18:54:54 +00:00
|
|
|
params = request.get_json()
|
|
|
|
|
name = params.get('name', None)
|
|
|
|
|
port = params.get('port', None)
|
|
|
|
|
proto = params.get('proto', None)
|
|
|
|
|
fwtype = params.get('fwtype', None)
|
|
|
|
|
if name is None:
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'error','reason': 'Invalid parameters','route': 'shorewalllist'}
|
2019-09-29 18:54:54 +00:00
|
|
|
shorewall_del_port(str(port),proto,name,fwtype)
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'done','reason': 'changes applied'}
|
2019-09-29 18:54:54 +00:00
|
|
|
|
2018-11-14 16:34:13 +00:00
|
|
|
# Set MPTCP config
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.post('/mptcp')
|
|
|
|
|
def mptcp(current_user: User = Depends(get_current_user)):
|
2018-11-14 16:34:13 +00:00
|
|
|
params = request.get_json()
|
|
|
|
|
checksum = params.get('checksum', None)
|
|
|
|
|
path_manager = params.get('path_manager', None)
|
|
|
|
|
scheduler = params.get('scheduler', None)
|
|
|
|
|
syn_retries = params.get('syn_retries', None)
|
|
|
|
|
congestion_control = params.get('congestion_control', None)
|
2019-01-06 18:00:45 +00:00
|
|
|
if not checksum or not path_manager or not scheduler or not syn_retries or not congestion_control:
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'error','reason': 'Invalid parameters','route': 'mptcp'}
|
2018-12-28 07:55:46 +00:00
|
|
|
os.system('sysctl -qw net.mptcp.mptcp_checksum=' + checksum)
|
|
|
|
|
os.system('sysctl -qw net.mptcp.mptcp_path_manager=' + path_manager)
|
|
|
|
|
os.system('sysctl -qw net.mptcp.mptcp_scheduler=' + scheduler)
|
|
|
|
|
os.system('sysctl -qw net.mptcp.mptcp_syn_retries=' + syn_retries)
|
|
|
|
|
os.system('sysctl -qw net.ipv4.tcp_congestion_control=' + congestion_control)
|
2019-08-12 14:43:05 +00:00
|
|
|
set_lastchange()
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'done','reason': 'changes applied'}
|
|
|
|
|
|
|
|
|
|
class Vpn(BaseModel):
|
|
|
|
|
vpn: str
|
2018-11-14 16:34:13 +00:00
|
|
|
|
2019-06-24 16:14:16 +00:00
|
|
|
# Set global VPN config
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.post('/vpn')
|
|
|
|
|
def vpn(*,vpnconfig: Vpn,current_user: User = Depends(get_current_user)):
|
|
|
|
|
vpn = vpnconfig.vpn
|
|
|
|
|
log.debug("VPN !")
|
2019-06-24 16:14:16 +00:00
|
|
|
if not vpn:
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'error','reason': 'Invalid parameters','route': 'vpn'}
|
2019-06-24 16:14:16 +00:00
|
|
|
os.system('echo ' + vpn + ' > /etc/openmptcprouter-vps-admin/current-vpn')
|
2019-08-12 14:43:05 +00:00
|
|
|
set_lastchange()
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'done','reason': 'changes applied'}
|
|
|
|
|
|
2019-06-24 16:14:16 +00:00
|
|
|
|
2019-11-02 17:10:10 +00:00
|
|
|
class GlorytunConfig(BaseModel):
|
|
|
|
|
key: str
|
|
|
|
|
port: int
|
|
|
|
|
chacha: bool
|
2018-11-14 16:34:13 +00:00
|
|
|
|
2018-12-06 09:48:23 +00:00
|
|
|
# Set Glorytun config
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.post('/glorytun')
|
|
|
|
|
def glorytun(*, glorytunconfig: GlorytunConfig,current_user: User = Depends(get_current_user)):
|
|
|
|
|
key = glorytunconfig.key
|
|
|
|
|
port = glorytunconfig.port
|
|
|
|
|
chacha = glorytunconfig.chacha
|
2019-06-02 21:11:58 +00:00
|
|
|
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/glorytun-tcp/tun0', 'rb'))).hexdigest()
|
2018-12-06 09:48:23 +00:00
|
|
|
with open('/etc/glorytun-tcp/tun0.key','w') as outfile:
|
|
|
|
|
outfile.write(key)
|
|
|
|
|
with open('/etc/glorytun-udp/tun0.key','w') as outfile:
|
|
|
|
|
outfile.write(key)
|
|
|
|
|
fd, tmpfile = mkstemp()
|
|
|
|
|
with open('/etc/glorytun-tcp/tun0','r') as f, open(tmpfile,'a+') as n:
|
|
|
|
|
for line in f:
|
|
|
|
|
if 'PORT=' in line:
|
|
|
|
|
n.write('PORT=' + str(port) + '\n')
|
2019-05-23 19:55:49 +00:00
|
|
|
elif 'OPTIONS=' in line:
|
|
|
|
|
if chacha:
|
|
|
|
|
n.write('OPTIONS="chacha20 retry count -1 const 5000000 timeout 90000 keepalive count 5 idle 10 interval 2 buffer-size 65536 multiqueue"\n')
|
|
|
|
|
else:
|
|
|
|
|
n.write('OPTIONS="retry count -1 const 5000000 timeout 90000 keepalive count 5 idle 10 interval 2 buffer-size 65536 multiqueue"\n')
|
2018-12-06 09:48:23 +00:00
|
|
|
else:
|
|
|
|
|
n.write(line)
|
|
|
|
|
os.close(fd)
|
|
|
|
|
move(tmpfile,'/etc/glorytun-tcp/tun0')
|
2019-06-02 21:11:58 +00:00
|
|
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/glorytun-tcp/tun0', 'rb'))).hexdigest()
|
|
|
|
|
if not initial_md5 == final_md5:
|
|
|
|
|
os.system("systemctl -q restart glorytun-tcp@tun0")
|
|
|
|
|
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/glorytun-udp/tun0', 'rb'))).hexdigest()
|
2018-12-06 09:48:23 +00:00
|
|
|
fd, tmpfile = mkstemp()
|
|
|
|
|
with open('/etc/glorytun-udp/tun0','r') as f, open(tmpfile,'a+') as n:
|
|
|
|
|
for line in f:
|
|
|
|
|
if 'BIND_PORT=' in line:
|
|
|
|
|
n.write('BIND_PORT=' + str(port) + '\n')
|
2019-05-23 19:55:49 +00:00
|
|
|
elif 'OPTIONS=' in line:
|
|
|
|
|
if chacha:
|
|
|
|
|
n.write('OPTIONS="chacha persist"\n')
|
|
|
|
|
else:
|
|
|
|
|
n.write('OPTIONS="persist"\n')
|
2018-12-06 09:48:23 +00:00
|
|
|
else:
|
|
|
|
|
n.write(line)
|
|
|
|
|
os.close(fd)
|
|
|
|
|
move(tmpfile,'/etc/glorytun-udp/tun0')
|
2019-06-02 21:11:58 +00:00
|
|
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/glorytun-udp/tun0', 'rb'))).hexdigest()
|
|
|
|
|
if not initial_md5 == final_md5:
|
|
|
|
|
os.system("systemctl -q restart glorytun-udp@tun0")
|
2019-09-29 18:54:54 +00:00
|
|
|
shorewall_add_port(str(port),'tcp','glorytun')
|
2019-08-12 14:43:05 +00:00
|
|
|
set_lastchange()
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'done'}
|
2018-12-06 09:48:23 +00:00
|
|
|
|
2019-08-02 15:22:43 +00:00
|
|
|
# Set A Dead Simple VPN config
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.post('/dsvpn')
|
|
|
|
|
def dsvpn(current_user: User = Depends(get_current_user)):
|
2019-08-02 15:22:43 +00:00
|
|
|
params = request.get_json()
|
|
|
|
|
key = params.get('key', None)
|
|
|
|
|
port = params.get('port', None)
|
|
|
|
|
if not key or port is None:
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'error','reason': 'Invalid parameters','route': 'dsvpn'}
|
2019-08-02 15:22:43 +00:00
|
|
|
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/dsvpn/dsvpn.key', 'rb'))).hexdigest()
|
|
|
|
|
with open('/etc/dsvpn/dsvpn.key','w') as outfile:
|
|
|
|
|
outfile.write(key)
|
|
|
|
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/dsvpn/dsvpn.key', 'rb'))).hexdigest()
|
|
|
|
|
if not initial_md5 == final_md5:
|
|
|
|
|
os.system("systemctl -q restart dsvpn-server")
|
2019-09-29 18:54:54 +00:00
|
|
|
shorewall_add_port(str(port),'tcp','dsvpn')
|
2019-08-12 14:43:05 +00:00
|
|
|
set_lastchange()
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'done'}
|
2019-08-02 15:22:43 +00:00
|
|
|
|
2018-12-06 09:48:23 +00:00
|
|
|
# Set OpenVPN config
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.post('/openvpn')
|
|
|
|
|
def openvpn(current_user: User = Depends(get_current_user)):
|
2018-11-29 21:43:02 +00:00
|
|
|
params = request.get_json()
|
|
|
|
|
key = params.get('key', None)
|
|
|
|
|
if not key:
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'error','reason': 'Invalid parameters','route': 'openvpn'}
|
2019-06-02 21:11:58 +00:00
|
|
|
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/openvpn/server/static.key', 'rb'))).hexdigest()
|
2018-12-06 09:48:23 +00:00
|
|
|
with open('/etc/openvpn/server/static.key','w') as outfile:
|
|
|
|
|
outfile.write(base64.b64decode(key))
|
2019-06-02 21:11:58 +00:00
|
|
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/openvpn/server/static.key', 'rb'))).hexdigest()
|
|
|
|
|
if not initial_md5 == final_md5:
|
|
|
|
|
os.system("systemctl -q restart openvpn@tun0")
|
2019-08-12 14:43:05 +00:00
|
|
|
set_lastchange()
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'done'}
|
|
|
|
|
|
|
|
|
|
class Wanips(BaseModel):
|
|
|
|
|
ips: str
|
2018-11-14 14:10:42 +00:00
|
|
|
|
2019-08-29 20:39:22 +00:00
|
|
|
# Set WANIP
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.post('/wan')
|
|
|
|
|
def wan(*, wanips: Wanips,current_user: User = Depends(get_current_user)):
|
|
|
|
|
ips = wanips.ips
|
2019-08-29 20:39:22 +00:00
|
|
|
if not ips:
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'error','reason': 'Invalid parameters','route': 'wan'}
|
2019-08-29 20:39:22 +00:00
|
|
|
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shadowsocks-libev/local.acl', 'rb'))).hexdigest()
|
|
|
|
|
with open('/etc/shadowsocks-libev/local.acl','w') as outfile:
|
|
|
|
|
outfile.write('[white_list]\n')
|
|
|
|
|
outfile.write(ips)
|
|
|
|
|
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shadowsocks-libev/local.acl', 'rb'))).hexdigest()
|
2019-09-16 05:51:04 +00:00
|
|
|
#if not initial_md5 == final_md5:
|
|
|
|
|
#os.system("systemctl restart shadowsocks-libev-server@config.service")
|
|
|
|
|
#for x in range (1,os.cpu_count()):
|
|
|
|
|
#os.system("systemctl restart shadowsocks-libev-server@config" + str(x) + ".service")
|
2019-08-29 20:39:22 +00:00
|
|
|
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'done'}
|
2019-08-29 20:39:22 +00:00
|
|
|
|
2018-12-06 09:48:23 +00:00
|
|
|
# Update VPS
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.get('/update')
|
|
|
|
|
def update(current_user: User = Depends(get_current_user)):
|
2018-12-06 09:48:23 +00:00
|
|
|
os.system("wget -O - http://www.openmptcprouter.com/server/debian9-x86_64.sh | sh")
|
|
|
|
|
# Need to reboot if kernel change
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'done'}
|
2018-11-08 17:05:34 +00:00
|
|
|
|
2019-09-29 18:54:54 +00:00
|
|
|
# Backup
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.post('/backuppost')
|
|
|
|
|
def backuppost(current_user: User = Depends(get_current_user)):
|
2019-09-29 18:54:54 +00:00
|
|
|
params = request.get_json()
|
|
|
|
|
backup_file = params.get('data', None)
|
|
|
|
|
if not backup_file:
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'error','reason': 'Invalid parameters','route': 'backuppost'}
|
2019-09-29 18:54:54 +00:00
|
|
|
with open('/var/opt/openmptcprouter/backup.tar.gz','wb') as f:
|
|
|
|
|
f.write(base64.b64decode(backup_file))
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'done'}
|
2019-09-29 18:54:54 +00:00
|
|
|
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.get('/backupget')
|
|
|
|
|
def send_backup(current_user: User = Depends(get_current_user)):
|
2019-09-29 18:54:54 +00:00
|
|
|
with open('/var/opt/openmptcprouter/backup.tar.gz',"rb") as backup_file:
|
|
|
|
|
file_base64 = base64.b64encode(backup_file.read())
|
|
|
|
|
file_base64utf = file_base64.decode('utf-8')
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'data': file_base64utf}
|
2019-09-29 18:54:54 +00:00
|
|
|
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.get('/backuplist')
|
|
|
|
|
def list_backup(current_user: User = Depends(get_current_user)):
|
2019-10-10 19:13:14 +00:00
|
|
|
if os.path.isfile('/var/opt/openmptcprouter/backup.tar.gz'):
|
|
|
|
|
modiftime = os.path.getmtime('/var/opt/openmptcprouter/backup.tar.gz')
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'backup': True, 'modif': modiftime}
|
2019-10-10 19:13:14 +00:00
|
|
|
else:
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'backup': False}
|
2019-10-10 19:13:14 +00:00
|
|
|
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.get('/backupshow')
|
|
|
|
|
def show_backup(current_user: User = Depends(get_current_user)):
|
2019-10-10 19:13:14 +00:00
|
|
|
if os.path.isfile('/var/opt/openmptcprouter/backup.tar.gz'):
|
|
|
|
|
router = OpenWrt(native=open('/var/opt/openmptcprouter/backup.tar.gz'))
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'backup': True,'data': router}
|
2019-10-10 19:13:14 +00:00
|
|
|
else:
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'backup': False}
|
2019-10-10 19:13:14 +00:00
|
|
|
|
2019-11-02 17:10:10 +00:00
|
|
|
@app.post('/backupedit')
|
|
|
|
|
def edit_backup(current_user: User = Depends(get_current_user)):
|
2019-10-10 19:13:14 +00:00
|
|
|
params = request.get_data()
|
|
|
|
|
o = OpenWrt(params)
|
2019-10-25 18:22:00 +00:00
|
|
|
o.write('backup',path='/var/opt/openmptcprouter/')
|
2019-11-02 17:10:10 +00:00
|
|
|
return {'result': 'done'}
|
2019-10-10 19:13:14 +00:00
|
|
|
|
2019-09-29 18:54:54 +00:00
|
|
|
|
2018-11-08 12:55:20 +00:00
|
|
|
if __name__ == '__main__':
|
2018-12-13 14:14:45 +00:00
|
|
|
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
|
|
|
|
|
omr_config_data = json.load(f)
|
|
|
|
|
omrport=65500
|
|
|
|
|
if 'port' in omr_config_data:
|
|
|
|
|
omrport = omr_config_data["port"]
|
2019-11-02 17:10:10 +00:00
|
|
|
uvicorn.run(app,host='0.0.0.0',port=omrport,log_level='debug',ssl_certfile='/etc/openmptcprouter-vps-admin/cert.pem',ssl_keyfile='/etc/openmptcprouter-vps-admin/key.pem')
|
|
|
|
|
# uvicorn.run(app,host='0.0.0.0',port=omrport,ssl_context=('/etc/openmptcprouter-vps-admin/cert.pem','/etc/openmptcprouter-vps-admin/key.pem'),threaded=True)
|
