mptcp/openmptcprouter-vps-admin
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps-admin.git synced 2025-03-09 15:40:05 +00:00
Code Issues Releases Wiki Activity

Fix and add client2client for OpenVPN

Browse source
This commit is contained in:
Ycarus 2020-01-13 21:47:29 +01:00
parent 6266935a7c
commit 36af20c00e
1 changed files with 75 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

97
omr-admin.py
View file

@ -20,6 +20,7 @@ import time
import uvicorn import uvicorn
import jwt import jwt
from jwt import PyJWTError from jwt import PyJWTError
from netaddr import *
from pprint import pprint from pprint import pprint
from datetime import datetime,timedelta from datetime import datetime,timedelta
from tempfile import mkstemp from tempfile import mkstemp
@ -234,12 +235,24 @@ def set_lastchange(sync = 0):
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json','w') as outfile: with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json','w') as outfile:
json.dump(data,outfile,indent=4) json.dump(data,outfile,indent=4)
def set_global_param(key,value):
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
content = f.read()
content = re.sub(",\s*}","}",content)
try:
data = json.loads(content)
except ValueError as e:
return jsonify({'error': 'Config file not readable','route': 'global_param'}), 200
data[key] = value
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json','w') as outfile:
json.dump(data,outfile,indent=4)
def modif_config_user(user,changes): def modif_config_user(user,changes):
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f: with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
content = json.load(f) content = json.load(f)
content['users'][0][user.username].update(changes) content['users'][0][user.username].update(changes)
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json','w') as f: with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json','w') as f:
json.dump(content,f) json.dump(content,f,indent=4)
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f: with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
omr_config_data = json.load(f) omr_config_data = json.load(f)
@ -283,7 +296,7 @@ class User(BaseModel):
vpn: str = None vpn: str = None
vpn_port: int = None vpn_port: int = None
vpn_client_ip: str = None vpn_client_ip: str = None
permission: str = 'rw' permissions: str = 'rw'
shadowsocks_port: int = None shadowsocks_port: int = None
disabled: bool = 'false' disabled: bool = 'false'
userid: int = None userid: int = None
@ -586,10 +599,10 @@ def config(current_user: User = Depends(get_current_user)):
vps_uptime = os.popen("cat /proc/uptime | awk '{print $1}'").read().rstrip() vps_uptime = os.popen("cat /proc/uptime | awk '{print $1}'").read().rstrip()
vps_domain = os.popen('wget -4 -qO- -T 1 http://hostname.openmptcprouter.com').read().rstrip() vps_domain = os.popen('wget -4 -qO- -T 1 http://hostname.openmptcprouter.com').read().rstrip()
#vps_domain = os.popen('dig -4 +short +times=3 +tries=1 -x ' + ipv4_addr + " | sed 's/\.$//'").read().rstrip() #vps_domain = os.popen('dig -4 +short +times=3 +tries=1 -x ' + ipv4_addr + " | sed 's/\.$//'").read().rstrip()
user_permission = current_user.permission user_permissions = current_user.permissions
vpn = current_user.vpn vpn = current_user.vpn
if current_user.permission == 'ro': if current_user.permissions == 'ro':
del available_vpn del available_vpn
available_vpn = [vpn] available_vpn = [vpn]
@ -599,7 +612,7 @@ def config(current_user: User = Depends(get_current_user)):
if '#DNAT net vpn:$OMR_ADDR tcp 1-64999' in line: if '#DNAT net vpn:$OMR_ADDR tcp 1-64999' in line:
shorewall_redirect = "disable" shorewall_redirect = "disable"
return {'vps': {'kernel': vps_kernel,'machine': vps_machine,'omr_version': vps_omr_version,'loadavg': vps_loadavg,'uptime': vps_uptime,'aes': vps_aes},'shadowsocks': {'traffic': ss_traffic,'key': shadowsocks_key,'port': shadowsocks_port,'method': shadowsocks_method,'fast_open': shadowsocks_fast_open,'reuse_port': shadowsocks_reuse_port,'no_delay': shadowsocks_no_delay,'mptcp': shadowsocks_mptcp,'ebpf': shadowsocks_ebpf,'obfs': shadowsocks_obfs,'obfs_plugin': shadowsocks_obfs_plugin,'obfs_type': shadowsocks_obfs_type},'glorytun': {'key': glorytun_key,'udp': {'host_ip': glorytun_udp_host_ip,'client_ip': glorytun_udp_client_ip},'tcp': {'host_ip': glorytun_tcp_host_ip,'client_ip': glorytun_tcp_client_ip},'port': glorytun_port,'chacha': glorytun_chacha},'dsvpn': {'key': dsvpn_key, 'host_ip': dsvpn_host_ip, 'client_ip': dsvpn_client_ip, 'port': dsvpn_port},'openvpn': {'key': openvpn_key,'client_key': openvpn_client_key,'client_crt': openvpn_client_crt,'client_ca': openvpn_client_ca,'host_ip': openvpn_host_ip, 'client_ip': openvpn_client_ip, 'port': openvpn_port},'mlvpn': {'key': mlvpn_key, 'host_ip': mlvpn_host_ip, 'client_ip': mlvpn_client_ip},'shorewall': {'redirect_ports': shorewall_redirect},'mptcp': {'enabled': mptcp_enabled,'checksum': mptcp_checksum,'path_manager': mptcp_path_manager,'scheduler': mptcp_scheduler, 'syn_retries': mptcp_syn_retries},'network': {'congestion_control': congestion_control,'ipv6_network': ipv6_network,'ipv6': ipv6_addr,'ipv4': ipv4_addr,'domain': vps_domain},'vpn': {'available': available_vpn,'current': vpn},'iperf': {'user': 'openmptcprouter','password': 'openmptcprouter', 'key': iperf3_key},'pihole': {'state': pihole},'user': {'name': current_user.username,'permission': user_permission}} return {'vps': {'kernel': vps_kernel,'machine': vps_machine,'omr_version': vps_omr_version,'loadavg': vps_loadavg,'uptime': vps_uptime,'aes': vps_aes},'shadowsocks': {'traffic': ss_traffic,'key': shadowsocks_key,'port': shadowsocks_port,'method': shadowsocks_method,'fast_open': shadowsocks_fast_open,'reuse_port': shadowsocks_reuse_port,'no_delay': shadowsocks_no_delay,'mptcp': shadowsocks_mptcp,'ebpf': shadowsocks_ebpf,'obfs': shadowsocks_obfs,'obfs_plugin': shadowsocks_obfs_plugin,'obfs_type': shadowsocks_obfs_type},'glorytun': {'key': glorytun_key,'udp': {'host_ip': glorytun_udp_host_ip,'client_ip': glorytun_udp_client_ip},'tcp': {'host_ip': glorytun_tcp_host_ip,'client_ip': glorytun_tcp_client_ip},'port': glorytun_port,'chacha': glorytun_chacha},'dsvpn': {'key': dsvpn_key, 'host_ip': dsvpn_host_ip, 'client_ip': dsvpn_client_ip, 'port': dsvpn_port},'openvpn': {'key': openvpn_key,'client_key': openvpn_client_key,'client_crt': openvpn_client_crt,'client_ca': openvpn_client_ca,'host_ip': openvpn_host_ip, 'client_ip': openvpn_client_ip, 'port': openvpn_port},'mlvpn': {'key': mlvpn_key, 'host_ip': mlvpn_host_ip, 'client_ip': mlvpn_client_ip},'shorewall': {'redirect_ports': shorewall_redirect},'mptcp': {'enabled': mptcp_enabled,'checksum': mptcp_checksum,'path_manager': mptcp_path_manager,'scheduler': mptcp_scheduler, 'syn_retries': mptcp_syn_retries},'network': {'congestion_control': congestion_control,'ipv6_network': ipv6_network,'ipv6': ipv6_addr,'ipv4': ipv4_addr,'domain': vps_domain},'vpn': {'available': available_vpn,'current': vpn},'iperf': {'user': 'openmptcprouter','password': 'openmptcprouter', 'key': iperf3_key},'pihole': {'state': pihole},'user': {'name': current_user.username,'permission': user_permissions}}
# Set shadowsocks config # Set shadowsocks config
class ShadowsocksConfigparams(BaseModel): class ShadowsocksConfigparams(BaseModel):
@ -616,7 +629,7 @@ class ShadowsocksConfigparams(BaseModel):
@app.post('/shadowsocks') @app.post('/shadowsocks')
def shadowsocks(*,params: ShadowsocksConfigparams,current_user: User = Depends(get_current_user)): def shadowsocks(*,params: ShadowsocksConfigparams,current_user: User = Depends(get_current_user)):
if current_user.permission == "ro": if current_user.permissions == "ro":
set_lastchange(10) set_lastchange(10)
return {'result': 'permission','reason': 'Read only user','route': 'shadowsocks'} return {'result': 'permission','reason': 'Read only user','route': 'shadowsocks'}
ipv6_network = os.popen('ip -6 addr show ' + iface +' | grep -oP "(?<=inet6 ).*(?= scope global)"').read().rstrip() ipv6_network = os.popen('ip -6 addr show ' + iface +' | grep -oP "(?<=inet6 ).*(?= scope global)"').read().rstrip()
@ -715,7 +728,7 @@ class ShorewallAllparams(BaseModel):
@app.post('/shorewall') @app.post('/shorewall')
def shorewall(*, params: ShorewallAllparams,current_user: User = Depends(get_current_user)): def shorewall(*, params: ShorewallAllparams,current_user: User = Depends(get_current_user)):
if current_user.permission == "ro": if current_user.permissions == "ro":
return {'result': 'permission','reason': 'Read only user','route': 'shorewall'} return {'result': 'permission','reason': 'Read only user','route': 'shorewall'}
state = params.redirect_ports state = params.redirect_ports
if state is None: if state is None:
@ -794,7 +807,7 @@ class Shorewallparams(BaseModel):
@app.post('/shorewallopen') @app.post('/shorewallopen')
def shorewall_open(*,params: Shorewallparams, current_user: User = Depends(get_current_user)): def shorewall_open(*,params: Shorewallparams, current_user: User = Depends(get_current_user)):
if current_user.permission == "ro": if current_user.permissions == "ro":
return {'result': 'permission','reason': 'Read only user','route': 'shorewallopen'} return {'result': 'permission','reason': 'Read only user','route': 'shorewallopen'}
name = params.name name = params.name
port = params.port port = params.port
@ -810,7 +823,7 @@ def shorewall_open(*,params: Shorewallparams, current_user: User = Depends(get_c
@app.post('/shorewallclose') @app.post('/shorewallclose')
def shorewall_close(*,params: Shorewallparams,current_user: User = Depends(get_current_user)): def shorewall_close(*,params: Shorewallparams,current_user: User = Depends(get_current_user)):
if current_user.permission == "ro": if current_user.permissions == "ro":
return {'result': 'permission','reason': 'Read only user','route': 'shorewallclose'} return {'result': 'permission','reason': 'Read only user','route': 'shorewallclose'}
name = params.name name = params.name
port = params.port port = params.port
@ -858,7 +871,7 @@ class Vpn(BaseModel):
# Set global VPN config # Set global VPN config
@app.post('/vpn') @app.post('/vpn')
def vpn(*,vpnconfig: Vpn,current_user: User = Depends(get_current_user)): def vpn(*,vpnconfig: Vpn,current_user: User = Depends(get_current_user)):
if current_user.permission == "ro": if current_user.permissions == "ro":
set_lastchange(10) set_lastchange(10)
return {'result': 'permission','reason': 'Read only user','route': 'vpn'} return {'result': 'permission','reason': 'Read only user','route': 'vpn'}
vpn = vpnconfig.vpn vpn = vpnconfig.vpn
@ -879,7 +892,7 @@ class GlorytunConfig(BaseModel):
# Set Glorytun config # Set Glorytun config
@app.post('/glorytun') @app.post('/glorytun')
def glorytun(*, glorytunconfig: GlorytunConfig,current_user: User = Depends(get_current_user)): def glorytun(*, glorytunconfig: GlorytunConfig,current_user: User = Depends(get_current_user)):
if current_user.permission == "ro": if current_user.permissions == "ro":
set_lastchange(10) set_lastchange(10)
return {'result': 'permission','reason': 'Read only user','route': 'glorytun'} return {'result': 'permission','reason': 'Read only user','route': 'glorytun'}
userid = current_user.userid userid = current_user.userid
@ -939,7 +952,7 @@ class DSVPN(BaseModel):
@app.post('/dsvpn') @app.post('/dsvpn')
def dsvpn(*,params: DSVPN,current_user: User = Depends(get_current_user)): def dsvpn(*,params: DSVPN,current_user: User = Depends(get_current_user)):
if current_user.permission == "ro": if current_user.permissions == "ro":
set_lastchange(10) set_lastchange(10)
return {'result': 'permission','reason': 'Read only user','route': 'dsvpn'} return {'result': 'permission','reason': 'Read only user','route': 'dsvpn'}
userid = current_user.userid userid = current_user.userid
@ -976,7 +989,7 @@ class OpenVPN(BaseModel):
@app.post('/openvpn') @app.post('/openvpn')
def openvpn(*,ovpn: OpenVPN,current_user: User = Depends(get_current_user)): def openvpn(*,ovpn: OpenVPN,current_user: User = Depends(get_current_user)):
if current_user.permission == "ro": if current_user.permissions == "ro":
set_lastchange(10) set_lastchange(10)
return {'result': 'permission','reason': 'Read only user','route': 'openvpn'} return {'result': 'permission','reason': 'Read only user','route': 'openvpn'}
key = ovpn.key key = ovpn.key
@ -1020,17 +1033,35 @@ def router(*,lanconfig: Lanips,current_user: User = Depends(get_current_user)):
modif_config_user(current_user,{'lanips': lanips}) modif_config_user(current_user,{'lanips': lanips})
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f: with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
omr_config_data = json.load(f) omr_config_data = json.load(f)
client2client = false client2client = False
if 'client2client' in omr_config_data: if 'client2client' in omr_config_data:
client2client = omr_config_data["client2client"] client2client = omr_config_data["client2client"]
if 'client2client' == True:
with open('/etc/openvpn/ccd/' + current_user.username,'w') as outfile:
for lan in lanips:
ip = IPNetwork(lan)
outfile.write('iroute ' + str(ip.network) + ' ' + str(ip.netmask) + "\n")
#outfile.write('route ' + str(ip.network) + ' ' + str(ip.netmask) + "\n")
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/openvpn/tun0.conf', 'rb'))).hexdigest()
fd, tmpfile = mkstemp()
with open('/etc/openvpn/tun0.conf','r') as f, open(tmpfile,'a+') as n:
for line in f:
if not 'push "route ' + str(ip.network) + ' ' + str(ip.netmask) + '"' in line:
n.write(line)
n.write('push "route ' + str(ip.network) + ' ' + str(ip.netmask) + '"' + "\n")
os.close(fd)
move(tmpfile,'/etc/openvpn/tun0.conf')
final_md5 = hashlib.md5(file_as_bytes(open('/etc/openvpn/tun0.conf', 'rb'))).hexdigest()
if not initial_md5 == final_md5:
os.system("systemctl -q restart openvpn@tun0")
set_lastchange()
return {'result': 'done','reason': 'changes applied'} return {'result': 'done','reason': 'changes applied'}
# Update VPS # Update VPS
@app.get('/update') @app.get('/update')
def update(current_user: User = Depends(get_current_user)): def update(current_user: User = Depends(get_current_user)):
if current_user.permission == "ro": if current_user.permissions == "ro":
return {'result': 'permission','reason': 'Read only user','route': 'update'} return {'result': 'permission','reason': 'Read only user','route': 'update'}
os.system("wget -O - http://www.openmptcprouter.com/server/debian9-x86_64.sh | sh") os.system("wget -O - http://www.openmptcprouter.com/server/debian9-x86_64.sh | sh")
# Need to reboot if kernel change # Need to reboot if kernel change
@ -1042,7 +1073,7 @@ class Backupfile(BaseModel):
@app.post('/backuppost') @app.post('/backuppost')
def backuppost(*,backupfile: Backupfile ,current_user: User = Depends(get_current_user)): def backuppost(*,backupfile: Backupfile ,current_user: User = Depends(get_current_user)):
if current_user.permission == "ro": if current_user.permissions == "ro":
return {'result': 'permission','reason': 'Read only user','route': 'backuppost'} return {'result': 'permission','reason': 'Read only user','route': 'backuppost'}
backup_file = backupfile.data backup_file = backupfile.data
if not backup_file: if not backup_file:
@ -1076,7 +1107,7 @@ def show_backup(current_user: User = Depends(get_current_user)):
@app.post('/backupedit') @app.post('/backupedit')
def edit_backup(params,current_user: User = Depends(get_current_user)): def edit_backup(params,current_user: User = Depends(get_current_user)):
if current_user.permission == "ro": if current_user.permissions == "ro":
return {'result': 'permission','reason': 'Read only user','route': 'backupedit'} return {'result': 'permission','reason': 'Read only user','route': 'backupedit'}
o = OpenWrt(params) o = OpenWrt(params)
o.write(current_user.username + '-backup',path='/var/opt/openmptcprouter/') o.write(current_user.username + '-backup',path='/var/opt/openmptcprouter/')
@ -1102,7 +1133,7 @@ class NewUser(BaseModel):
@app.post('/add_user') @app.post('/add_user')
def add_user(*, params: NewUser,current_user: User = Depends(get_current_user)): def add_user(*, params: NewUser,current_user: User = Depends(get_current_user)):
if not current_user.permission == "admin": if not current_user.permissions == "admin":
return {'result': 'permission','reason': 'Need admin user','route': 'add_user'} return {'result': 'permission','reason': 'Need admin user','route': 'add_user'}
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f: with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
content = json.load(f) content = json.load(f)
@ -1114,7 +1145,7 @@ def add_user(*, params: NewUser,current_user: User = Depends(get_current_user)):
if usercontent['userid'] > userid: if usercontent['userid'] > userid:
userid = usercontent['userid'] userid = usercontent['userid']
user_key = secrets.token_hex(32) user_key = secrets.token_hex(32)
user_json = json.loads('{"'+ params.username + '": {"username":"'+ params.username +'","permission":"'+params.permission+'","user_password": "'+user_key.upper()+'","disabled":"false"}}') user_json = json.loads('{"'+ params.username + '": {"username":"'+ params.username +'","permissions":"'+params.permission+'","user_password": "'+user_key.upper()+'","disabled":"false"}}')
# shadowsocks_port = params.shadowsocks_port # shadowsocks_port = params.shadowsocks_port
# if params.shadowsocks_port is None: # if params.shadowsocks_port is None:
shadowsocks_port = '651{:02d}'.format(userid) shadowsocks_port = '651{:02d}'.format(userid)
@ -1140,7 +1171,7 @@ class RemoveUser(BaseModel):
@app.post('/remove_user') @app.post('/remove_user')
def remove_user(*, params: RemoveUser,current_user: User = Depends(get_current_user)): def remove_user(*, params: RemoveUser,current_user: User = Depends(get_current_user)):
if not current_user.permission == "admin": if not current_user.permissions == "admin":
return {'result': 'permission','reason': 'Need admin user','route': 'remove_user'} return {'result': 'permission','reason': 'Need admin user','route': 'remove_user'}
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f: with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
content = json.load(f) content = json.load(f)
@ -1154,9 +1185,31 @@ def remove_user(*, params: RemoveUser,current_user: User = Depends(get_current_u
set_lastchange(30) set_lastchange(30)
os.execv(__file__, sys.argv) os.execv(__file__, sys.argv)
class ClienttoClient(BaseModel):
enable: bool = False
@app.post('/client2client')
def client2client(*, params: ClienttoClient,current_user: User = Depends(get_current_user)):
if not current_user.permissions == "admin":
return {'result': 'permission','reason': 'Need admin user','route': 'client2client'}
set_global_param('client2client',params.enable)
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/openvpn/tun0.conf', 'rb'))).hexdigest()
fd, tmpfile = mkstemp()
with open('/etc/openvpn/tun0.conf','r') as f, open(tmpfile,'a+') as n:
for line in f:
if not 'client-to-client' in line:
n.write(line)
n.write('client-to-client' + "\n")
os.close(fd)
move(tmpfile,'/etc/openvpn/tun0.conf')
final_md5 = hashlib.md5(file_as_bytes(open('/etc/openvpn/tun0.conf', 'rb'))).hexdigest()
if not initial_md5 == final_md5:
os.system("systemctl -q restart openvpn@tun0")
return {'result': 'done'}
@app.get('/list_users') @app.get('/list_users')
def list_users(current_user: User = Depends(get_current_user)): def list_users(current_user: User = Depends(get_current_user)):
if not current_user.permission == "admin": if not current_user.permissions == "admin":
return {'result': 'permission','reason': 'Need admin user','route': 'list_users'} return {'result': 'permission','reason': 'Need admin user','route': 'list_users'}
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f: with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
content = json.load(f) content = json.load(f)