1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps-admin.git synced 2025-03-09 15:40:05 +00:00

Add backup and only needed firewall redirect support

This commit is contained in:
Ycarus 2019-09-29 18:54:54 +00:00
parent bc84d257ef
commit 933ed4a158

View file

@ -64,14 +64,34 @@ def file_as_bytes(file):
with file: with file:
return file.read() return file.read()
def shorewall_port(port,proto,name): def shorewall_add_port(port,proto,name,fwtype='ACCEPT'):
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest() initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
fd, tmpfile = mkstemp() fd, tmpfile = mkstemp()
with open('/etc/shorewall/rules','r') as f, open(tmpfile,'a+') as n: with open('/etc/shorewall/rules','r') as f, open(tmpfile,'a+') as n:
for line in f: for line in f:
if not '# OMR open ' + name + ' port ' + proto in line: if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line:
n.write(line)
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line:
n.write(line)
if fwtype == 'ACCEPT':
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR open ' + name + ' port ' + proto + "\n")
elif fwtype == 'DNAT':
n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' # OMR redirect ' + name + ' port ' + proto + "\n")
os.close(fd)
move(tmpfile,'/etc/shorewall/rules')
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
if not initial_md5 == final_md5:
os.system("systemctl -q reload shorewall")
def shorewall_del_port(port,proto,name,fwtype='ACCEPT'):
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
fd, tmpfile = mkstemp()
with open('/etc/shorewall/rules','r') as f, open(tmpfile,'a+') as n:
for line in f:
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line:
n.write(line)
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line:
n.write(line) n.write(line)
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR open ' + name + ' port ' + proto + "\n")
os.close(fd) os.close(fd)
move(tmpfile,'/etc/shorewall/rules') move(tmpfile,'/etc/shorewall/rules')
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest() final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
@ -378,8 +398,8 @@ def shadowsocks():
os.system("systemctl restart shadowsocks-libev-server@config.service") os.system("systemctl restart shadowsocks-libev-server@config.service")
for x in range (1,os.cpu_count()): for x in range (1,os.cpu_count()):
os.system("systemctl restart shadowsocks-libev-server@config" + str(x) + ".service") os.system("systemctl restart shadowsocks-libev-server@config" + str(x) + ".service")
shorewall_port(str(port),'tcp','shadowsocks') shorewall_add_port(str(port),'tcp','shadowsocks')
shorewall_port(str(port),'udp','shadowsocks') shorewall_add_port(str(port),'udp','shadowsocks')
set_lastchange() set_lastchange()
return jsonify({'result': 'done','reason': 'changes applied','route': 'shadowsocks'}) return jsonify({'result': 'done','reason': 'changes applied','route': 'shadowsocks'})
else: else:
@ -415,6 +435,46 @@ def shorewall():
# Need to do the same for IPv6... # Need to do the same for IPv6...
return jsonify({'result': 'done','reason': 'changes applied'}) return jsonify({'result': 'done','reason': 'changes applied'})
@app.route('/shorewalllist', methods=['POST'])
@jwt_required
def shorewall_list():
params = request.get_json()
name = params.get('name', None)
if name is None:
return jsonify({'result': 'error','reason': 'Invalid parameters','route': 'shorewalllist'})
fwlist = []
with open('/etc/shorewall/rules','r') as f:
for line in f:
if '# OMR ' + name in line:
fwlist.append(line)
return jsonify({'list': fwlist})
@app.route('/shorewallopen', methods=['POST'])
@jwt_required
def shorewall_open():
params = request.get_json()
name = params.get('name', None)
port = params.get('port', None)
proto = params.get('proto', None)
fwtype = params.get('fwtype', None)
if name is None:
return jsonify({'result': 'error','reason': 'Invalid parameters','route': 'shorewalllist'})
shorewall_add_port(str(port),proto,name,fwtype)
return jsonify({'result': 'done','reason': 'changes applied'})
@app.route('/shorewallclose', methods=['POST'])
@jwt_required
def shorewall_close():
params = request.get_json()
name = params.get('name', None)
port = params.get('port', None)
proto = params.get('proto', None)
fwtype = params.get('fwtype', None)
if name is None:
return jsonify({'result': 'error','reason': 'Invalid parameters','route': 'shorewalllist'})
shorewall_del_port(str(port),proto,name,fwtype)
return jsonify({'result': 'done','reason': 'changes applied'})
# Set MPTCP config # Set MPTCP config
@app.route('/mptcp', methods=['POST']) @app.route('/mptcp', methods=['POST'])
@jwt_required @jwt_required
@ -498,7 +558,7 @@ def glorytun():
final_md5 = hashlib.md5(file_as_bytes(open('/etc/glorytun-udp/tun0', 'rb'))).hexdigest() final_md5 = hashlib.md5(file_as_bytes(open('/etc/glorytun-udp/tun0', 'rb'))).hexdigest()
if not initial_md5 == final_md5: if not initial_md5 == final_md5:
os.system("systemctl -q restart glorytun-udp@tun0") os.system("systemctl -q restart glorytun-udp@tun0")
shorewall_port(str(port),'tcp','glorytun') shorewall_add_port(str(port),'tcp','glorytun')
set_lastchange() set_lastchange()
return jsonify({'result': 'done'}) return jsonify({'result': 'done'})
@ -517,7 +577,7 @@ def dsvpn():
final_md5 = hashlib.md5(file_as_bytes(open('/etc/dsvpn/dsvpn.key', 'rb'))).hexdigest() final_md5 = hashlib.md5(file_as_bytes(open('/etc/dsvpn/dsvpn.key', 'rb'))).hexdigest()
if not initial_md5 == final_md5: if not initial_md5 == final_md5:
os.system("systemctl -q restart dsvpn-server") os.system("systemctl -q restart dsvpn-server")
shorewall_port(str(port),'tcp','dsvpn') shorewall_add_port(str(port),'tcp','dsvpn')
set_lastchange() set_lastchange()
return jsonify({'result': 'done'}) return jsonify({'result': 'done'})
@ -566,6 +626,27 @@ def update():
# Need to reboot if kernel change # Need to reboot if kernel change
return jsonify({'result': 'done'}) return jsonify({'result': 'done'})
# Backup
@app.route('/backuppost', methods=['POST'])
@jwt_required
def backuppost():
params = request.get_json()
backup_file = params.get('data', None)
if not backup_file:
return jsonify({'result': 'error','reason': 'Invalid parameters','route': 'backuppost'})
with open('/var/opt/openmptcprouter/backup.tar.gz','wb') as f:
f.write(base64.b64decode(backup_file))
return jsonify({'result': 'done'})
@app.route('/backup', methods=['GET'])
@jwt_required
def send_backup():
with open('/var/opt/openmptcprouter/backup.tar.gz',"rb") as backup_file:
file_base64 = base64.b64encode(backup_file.read())
file_base64utf = file_base64.decode('utf-8')
return jsonify({'data': file_base64utf})
if __name__ == '__main__': if __name__ == '__main__':
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f: with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
omr_config_data = json.load(f) omr_config_data = json.load(f)