1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps-admin.git synced 2025-03-09 15:40:05 +00:00

Add shorewall settings change

This commit is contained in:
Ycarus 2018-11-08 17:05:34 +00:00
parent a193a9189c
commit 36368f57c3

View file

@ -1,7 +1,12 @@
#!/usr/bin/env python3
import json import json
import base64 import base64
import uuid import uuid
import configparser import configparser
import os
from tempfile import mkstemp
from shutil import move
from pprint import pprint from pprint import pprint
from flask import Flask, jsonify, request from flask import Flask, jsonify, request
from flask_jwt_simple import ( from flask_jwt_simple import (
@ -46,6 +51,9 @@ def login():
if not request.is_json: if not request.is_json:
return jsonify({"msg": "Missing JSON in request"}), 400 return jsonify({"msg": "Missing JSON in request"}), 400
with open('omr-admin-config.json') as f:
omr_config_data = json.load(f)
params = request.get_json() params = request.get_json()
username = params.get('username', None) username = params.get('username', None)
password = params.get('password', None) password = params.get('password', None)
@ -55,7 +63,7 @@ def login():
if not password: if not password:
return jsonify({"msg": "Missing password parameter"}), 400 return jsonify({"msg": "Missing password parameter"}), 400
if username != 'test' or password != 'test': if username != omr_config_data["user"] or password != omr_config_data["pass"]:
return jsonify({"msg": "Bad username or password"}), 401 return jsonify({"msg": "Bad username or password"}), 401
# Identity can be any data that is json serializable # Identity can be any data that is json serializable
@ -116,6 +124,8 @@ def shadowsocks():
no_delay = params.get('no_delay', None) no_delay = params.get('no_delay', None)
mptcp = params.get('mptcp', None) mptcp = params.get('mptcp', None)
obfs = params.get('obfs', None) obfs = params.get('obfs', None)
if not port or not method or not fast_open or not reuse_port or not no_delay or not mptcp or not obfs:
raise BadRequestError("Invalid parameters")
if obfs: if obfs:
shadowsocks_config = {'server': ('[::0]', '0.0.0.0'),'server_port': port,'local_port': 1081,'mode': 'tcp_and_udp','key': key,'timeout': timeout,'method': method,'verbose': verbose,'prefer_ipv6': prefer_ipv6,'fast_open': fast_open,'no_delay': no_delay,'reuse_port': reuse_port,'mptcp': mptcp,'plugin': '/usr/local/bin/obfs-server','plugin_opts': 'obfs=http;mptcp;fast-open;t=400'} shadowsocks_config = {'server': ('[::0]', '0.0.0.0'),'server_port': port,'local_port': 1081,'mode': 'tcp_and_udp','key': key,'timeout': timeout,'method': method,'verbose': verbose,'prefer_ipv6': prefer_ipv6,'fast_open': fast_open,'no_delay': no_delay,'reuse_port': reuse_port,'mptcp': mptcp,'plugin': '/usr/local/bin/obfs-server','plugin_opts': 'obfs=http;mptcp;fast-open;t=400'}
else: else:
@ -124,9 +134,39 @@ def shadowsocks():
if ordered(data) != ordered(json.loads(json.dumps(shadowsocks_config))): if ordered(data) != ordered(json.loads(json.dumps(shadowsocks_config))):
with open('/etc/shadowsocks-libev/config.json.new','w') as outfile: with open('/etc/shadowsocks-libev/config.json.new','w') as outfile:
json.dump(shadowsocks_config,outfile) json.dump(shadowsocks_config,outfile)
os.system("systemctl restart shadowsocks-libev-server@config.service")
for x in range (1,os.cpu_count()):
os.system("systemctl restart shadowsocks-libev-server@config" + x + ".service")
return jsonify(**shadowsocks_config) return jsonify(**shadowsocks_config)
else: else:
return jsonify({'result': 'done'}) return jsonify({'result': 'done'})
# Set shorewall config
@app.route('/shorewall', methods=['POST'])
@jwt_required
def shorewall():
params = request.get_json()
state = params.get('redirect_ports', None)
if not state:
raise BadRequestError('Invalid parameter')
fd, tmpfile = mkstemp()
with open('/etc/shorewall/rules','r') as f, open(tmpfile,'a+') as n:
for line in f:
if state == 'enable' and '#DNAT net vpn:$OMR_ADDR tcp 1-64999' in line:
n.write(line.replace(line[:1], ''))
elif state == 'enable' and '#DNAT net vpn:$OMR_ADDR udp 1-64999' in line:
n.write(line.replace(line[:1], ''))
elif state == 'disable' and 'DNAT net vpn:$OMR_ADDR tcp 1-64999' in line:
n.write('#' + line)
elif state == 'disable' and 'DNAT net vpn:$OMR_ADDR udp 1-64999' in line:
n.write('#' + line)
else:
n.write(line)
os.close(fd)
move(tmpfile,'/etc/shorewall/rules.new')
# Need to do the same for IPv6...
return jsonify({'result': 'done'})
if __name__ == '__main__': if __name__ == '__main__':
app.run(host='0.0.0.0',port=65500,ssl_context=('cert.pem','key.pem')) app.run(host='0.0.0.0',port=65500,ssl_context=('cert.pem','key.pem'))