From 3f7c4ebb959a158f36647e3ac500f1150c6a8190 Mon Sep 17 00:00:00 2001
From: Ycarus <ycarus@zugaina.org>
Date: Mon, 23 Nov 2020 16:54:46 +0100
Subject: [PATCH] Fix for firewall rules deletion and small changes

---
 omr-admin.py | 47 +++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 45 insertions(+), 2 deletions(-)

diff --git a/omr-admin.py b/omr-admin.py
index 1dea41d..a28440d 100755
--- a/omr-admin.py
+++ b/omr-admin.py
@@ -148,6 +148,31 @@ def get_username_from_userid(userid):
             return user
     return ''
 
+def check_username_serial(username, serial):
+    with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
+        content = f.read()
+    content = re.sub(",\s*}", "}", content) # pylint: disable=W1401
+    try:
+        data = json.loads(content)
+    except ValueError as e:
+        return {'error': 'Config file not readable', 'route': 'check_serial'}
+    if 'serial_enforce' not in content or content['serial_enforce'] == False:
+        return True
+    if 'serial' not in content['users'][0][username]:
+        content['users'][0][username]['serial'] = serial
+        with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json', 'w') as outfile:
+            json.dump(content, outfile, indent=4)
+        return True
+    if content['users'][0][username]['serial'] == serial:
+        return True
+    if 'serial_error' not in content['users'][0][username]:
+        content['users'][0][username]['serial_error'] = 0
+    else:
+        content['users'][0][username]['serial_error'] = content['users'][0][username]['serial_error'] + 1
+    with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json', 'w') as outfile:
+        json.dump(content, outfile, indent=4)
+    return False
+
 def set_global_param(key, value):
     with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
         content = f.read()
@@ -241,6 +266,7 @@ def v2ray_add_user(user, restart=1):
     final_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
     if initial_md5 != final_md5 and restart == 1:
         os.system("systemctl -q restart v2ray")
+    return v2rayuuid
 
 def v2ray_del_user(user, restart=1):
     v2rayuuid = str(uuid.uuid1())
@@ -626,6 +652,7 @@ def shorewall_del_port(username, port, proto, name, fwtype='ACCEPT', source_dip=
                 elif fwtype == 'DNAT' and not port + '	# OMR redirect ' + name + ' port ' + proto in line and not port + '	# OMR ' + username + ' redirect ' + name + ' port ' + proto in line:
                     n.write(line)
             else:
+                comment = ''
                 if source_dip != '':
                     comment = ' to ' + source_dip
                 if dest_ip != '':
@@ -967,13 +994,16 @@ async def status(request: Request):
 
 # Get VPS status
 @app.get('/status', summary="Get current server load average, uptime and release")
-async def status(userid: Optional[int] = Query(None), current_user: User = Depends(get_current_user)):
+async def status(userid: Optional[int] = Query(None), serial: Optional[str] = Query(None), current_user: User = Depends(get_current_user)):
     LOG.debug('Get status...')
     if not current_user.permissions == "admin":
         userid = current_user.userid
     if userid is None:
         userid = 0
     username = get_username_from_userid(userid)
+    if not current_user.permissions == "admin" and serial is not None:
+        if not check_username_serial(username, serial):
+            return {'error': 'False serial number'}
     vps_loadavg = os.popen("cat /proc/loadavg | awk '{print $1\" \"$2\" \"$3}'").read().rstrip()
     vps_uptime = os.popen("cat /proc/uptime | awk '{print $1}'").read().rstrip()
     vps_hostname = socket.gethostname()
@@ -1021,13 +1051,16 @@ async def status(userid: Optional[int] = Query(None), current_user: User = Depen
 
 # Get VPS config
 @app.get('/config', summary="Get full server configuration for current user")
-async def config(userid: Optional[int] = Query(None), current_user: User = Depends(get_current_user)):
+async def config(userid: Optional[int] = Query(None), serial: Optional[str] = Query(None), current_user: User = Depends(get_current_user)):
     LOG.debug('Get config...')
     if not current_user.permissions == "admin":
         userid = current_user.userid
     if userid is None:
         userid = 0
     username = get_username_from_userid(userid)
+    if not current_user.permissions == "admin" and serial is not None:
+        if not check_username_serial(username, serial):
+            return {'error': 'False serial number'}
     with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
         try:
             omr_config_data = json.load(f)
@@ -2330,6 +2363,16 @@ def client2client(*, params: ClienttoClient, current_user: User = Depends(get_cu
         os.system("systemctl -q reload shorewall")
     return {'result': 'done'}
 
+class SerialEnforce(BaseModel):
+    enable: bool = False
+
+@app.post('/serialenforce', summary="Enable client serial number control")
+def serialenforce(*, params: SerialEnforce, current_user: User = Depends(get_current_user)):
+    if not current_user.permissions == "admin":
+        return {'result': 'permission', 'reason': 'Need admin user', 'route': 'serialenforce'}
+    set_global_param('serial_enforce', params.enable)
+    return {'result': 'done'}
+
 @app.get('/list_users', summary="List all users")
 async def list_users(current_user: User = Depends(get_current_user)):
     if not current_user.permissions == "admin":