mptcp/openmptcprouter-vps-admin
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps-admin.git synced 2025-03-09 15:40:05 +00:00
Code Issues Releases Wiki Activity

Add XRay user via API, fix Shorewall 6 delete rule

Browse source
This commit is contained in:
Ycarus (Yannick Chabanois) 2024-11-25 10:10:32 +01:00
parent f23a8b91c6
commit be866bf752
2 changed files with 59 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

8
debian/changelog vendored
View file

@ -1,3 +1,11 @@
omr-vps-admin (0.14+20241125) unstable; urgency=medium
* Block removal of userid 0
* Add XRay users via API
* Fix Shorewall IPv6 delete rules
-- OpenMPTCProuter <contact@openmptcprouter.com> Mon, 25 Nov 2024 10:09:35 +0200
omr-vps-admin (0.14+20241025) unstable; urgency=medium omr-vps-admin (0.14+20241025) unstable; urgency=medium
* Fix remove user * Fix remove user

62
omr-admin.py
View file

@ -454,21 +454,38 @@ def xray_add_user(user,xrayuuid='',ukeyss2022='',restart=1):
data = json.load(f) data = json.load(f)
exist = 0 exist = 0
for inbounds in data['inbounds']: for inbounds in data['inbounds']:
custominbounds = {"inbounds": []}
if inbounds['tag'] == 'omrin-tunnel': if inbounds['tag'] == 'omrin-tunnel':
inbounds['settings']['clients'].append({'id': xrayuuid, 'level': 0, 'alterId': 0, 'email': user}) inbounds['settings']['clients'].append({'id': xrayuuid, 'level': 0, 'alterId': 0, 'email': user})
os.system("xray api rmi --server=127.0.0.1:65080 omrin-tunnel")
custominbounds['inbounds'].append(inbounds)
os.system("xray api adi --server=127.0.0.1:65080 " + json.dumps(custominbounds))
if inbounds['tag'] == 'omrin-vmess-tunnel': if inbounds['tag'] == 'omrin-vmess-tunnel':
inbounds['settings']['clients'].append({'id': xrayuuid, 'level': 0, 'alterId': 0, 'email': user}) inbounds['settings']['clients'].append({'id': xrayuuid, 'level': 0, 'alterId': 0, 'email': user})
os.system("xray api rmi --server=127.0.0.1:65080 omrin-tunnel")
custominbounds['inbounds'].append(inbounds)
os.system("xray api adi --server=127.0.0.1:65080 " + json.dumps(custominbounds))
if inbounds['tag'] == 'omrin-trojan-tunnel': if inbounds['tag'] == 'omrin-trojan-tunnel':
inbounds['settings']['clients'].append({'password': xrayuuid, 'email': user}) inbounds['settings']['clients'].append({'password': xrayuuid, 'email': user})
os.system("xray api rmi --server=127.0.0.1:65080 omrin-tunnel")
custominbounds['inbounds'].append(inbounds)
os.system("xray api adi --server=127.0.0.1:65080 " + json.dumps(custominbounds))
if inbounds['tag'] == 'omrin-socks-tunnel': if inbounds['tag'] == 'omrin-socks-tunnel':
inbounds['settings']['accounts'].append({'pass': xrayuuid, 'user': user}) inbounds['settings']['accounts'].append({'pass': xrayuuid, 'user': user})
os.system("xray api rmi --server=127.0.0.1:65080 omrin-tunnel")
custominbounds['inbounds'].append(inbounds)
os.system("xray api adi --server=127.0.0.1:65080 " + json.dumps(custominbounds))
if inbounds['tag'] == 'omrin-shadowsocks-tunnel': if inbounds['tag'] == 'omrin-shadowsocks-tunnel':
inbounds['settings']['clients'].append({'password': ukeyss2022, 'email': user}) inbounds['settings']['clients'].append({'password': ukeyss2022, 'email': user})
os.system("xray api rmi --server=127.0.0.1:65080 omrin-tunnel")
custominbounds['inbounds'].append(inbounds)
os.system("xray api adi --server=127.0.0.1:65080 " + json.dumps(custominbounds))
with open('/etc/xray/xray-server.json', 'w') as f: with open('/etc/xray/xray-server.json', 'w') as f:
json.dump(data, f, indent=4) json.dump(data, f, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest() final_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
if initial_md5 != final_md5 and restart == 1: #if initial_md5 != final_md5 and restart == 1:
os.system("systemctl -q restart xray") # os.system("systemctl -q restart xray")
return xrayuuid return xrayuuid
def v2ray_del_user(user, restart=1, protocol="vless"): def v2ray_del_user(user, restart=1, protocol="vless"):
@ -503,31 +520,47 @@ def xray_del_user(user, restart=1, protocol="vless"):
with open('/etc/xray/xray-server.json') as f: with open('/etc/xray/xray-server.json') as f:
data = json.load(f) data = json.load(f)
for inbounds in data['inbounds']: for inbounds in data['inbounds']:
custominbounds = {"inbounds": []}
if inbounds['tag'] == 'omrin-tunnel': if inbounds['tag'] == 'omrin-tunnel':
for xrayuser in inbounds['settings']['clients']: for xrayuser in inbounds['settings']['clients']:
if xrayuser['email'] == user: if xrayuser['email'] == user:
inbounds['settings']['clients'].remove(xrayuser) inbounds['settings']['clients'].remove(xrayuser)
os.system("xray api rmi --server=127.0.0.1:65080 omrin-tunnel")
custominbounds['inbounds'].append(inbounds)
os.system("xray api adi --server=127.0.0.1:65080 " + json.dumps(custominbounds))
if inbounds['tag'] == 'omrin-vmess-tunnel': if inbounds['tag'] == 'omrin-vmess-tunnel':
for xrayuser in inbounds['settings']['clients']: for xrayuser in inbounds['settings']['clients']:
if xrayuser['email'] == user: if xrayuser['email'] == user:
inbounds['settings']['clients'].remove(xrayuser) inbounds['settings']['clients'].remove(xrayuser)
os.system("xray api rmi --server=127.0.0.1:65080 omrin-tunnel")
custominbounds['inbounds'].append(inbounds)
os.system("xray api adi --server=127.0.0.1:65080 " + json.dumps(custominbounds))
if inbounds['tag'] == 'omrin-trojan-tunnel': if inbounds['tag'] == 'omrin-trojan-tunnel':
for xrayuser in inbounds['settings']['clients']: for xrayuser in inbounds['settings']['clients']:
if xrayuser['email'] == user: if xrayuser['email'] == user:
inbounds['settings']['clients'].remove(xrayuser) inbounds['settings']['clients'].remove(xrayuser)
os.system("xray api rmi --server=127.0.0.1:65080 omrin-tunnel")
custominbounds['inbounds'].append(inbounds)
os.system("xray api adi --server=127.0.0.1:65080 " + json.dumps(custominbounds))
if inbounds['tag'] == 'omrin-socks-tunnel': if inbounds['tag'] == 'omrin-socks-tunnel':
for xrayuser in inbounds['settings']['accounts']: for xrayuser in inbounds['settings']['accounts']:
if xrayuser['user'] == user: if xrayuser['user'] == user:
inbounds['settings']['accounts'].remove(xrayuser) inbounds['settings']['accounts'].remove(xrayuser)
os.system("xray api rmi --server=127.0.0.1:65080 omrin-tunnel")
custominbounds['inbounds'].append(inbounds)
os.system("xray api adi --server=127.0.0.1:65080 " + json.dumps(custominbounds))
if inbounds['tag'] == 'omrin-shadowsocks-tunnel': if inbounds['tag'] == 'omrin-shadowsocks-tunnel':
for xrayuser in inbounds['settings']['clients']: for xrayuser in inbounds['settings']['clients']:
if xrayuser['email'] == user: if xrayuser['email'] == user:
inbounds['settings']['clients'].remove(xrayuser) inbounds['settings']['clients'].remove(xrayuser)
os.system("xray api rmi --server=127.0.0.1:65080 omrin-tunnel")
custominbounds['inbounds'].append(inbounds)
os.system("xray api adi --server=127.0.0.1:65080 " + json.dumps(custominbounds))
with open('/etc/xray/xray-server.json', 'w') as f: with open('/etc/xray/xray-server.json', 'w') as f:
json.dump(data, f, indent=4) json.dump(data, f, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest() final_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
if initial_md5 != final_md5 and restart == 1: #if initial_md5 != final_md5 and restart == 1:
os.system("systemctl -q restart xray") # os.system("systemctl -q restart xray")
def v2ray_add_outbound(tag,ip, restart=1): def v2ray_add_outbound(tag,ip, restart=1):
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest() initial_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
@ -1073,20 +1106,25 @@ def shorewall6_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='',
if initial_md5 != final_md5: if initial_md5 != final_md5:
os.system("systemctl -q reload shorewall6") os.system("systemctl -q reload shorewall6")
def shorewall6_del_port(username, port, proto, name, fwtype='ACCEPT', source_dip='', dest_ip=''): def shorewall6_del_port(username, port, proto, name, fwtype='ACCEPT', source_dip='', dest_ip='', gencomment=''):
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest() initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
fd, tmpfile = mkstemp() fd, tmpfile = mkstemp()
with open('/etc/shorewall6/rules', 'r') as f, open(tmpfile, 'a+') as n: with open('/etc/shorewall6/rules', 'r') as f, open(tmpfile, 'a+') as n:
for line in f: for line in f:
if source_dip == '': if source_dip == '' and dest_ip == '':
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' open ' + name + ' port ' + proto + gencomment in line: if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto + gencomment in line and not port + ' # OMR ' + username + ' open ' + name + ' port ' + proto + gencomment in line:
n.write(line) n.write(line)
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto + gencomment in line: elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto + gencomment in line and not port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto + gencomment in line:
n.write(line) n.write(line)
else: else:
if fwtype == 'ACCEPT' and not '# OMR ' + username + ' open ' + name + ' port ' + proto + ' to ' + source_dip + gencomment in line: comment = ''
if source_dip != '':
comment = ' to ' + source_dip
if dest_ip != '':
comment = comment + ' from ' + dest_ip
if fwtype == 'ACCEPT' and not '# OMR ' + username + ' open ' + name + ' port ' + proto + comment + gencomment in line:
n.write(line) n.write(line)
elif fwtype == 'DNAT' and not '# OMR ' + username + ' redirect ' + name + ' port ' + proto + ' to ' + source_dip + gencomment in line: elif fwtype == 'DNAT' and not '# OMR ' + username + ' redirect ' + name + ' port ' + proto + comment + gencomment in line:
n.write(line) n.write(line)
os.close(fd) os.close(fd)
move(tmpfile, '/etc/shorewall6/rules') move(tmpfile, '/etc/shorewall6/rules')
@ -3369,10 +3407,11 @@ def remove_user(*, params: RemoveUser, current_user: User = Depends(get_current_
return {'result': 'permission', 'reason': 'Need admin user', 'route': 'remove_user'} return {'result': 'permission', 'reason': 'Need admin user', 'route': 'remove_user'}
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f: with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
content = json.load(f) content = json.load(f)
if not params.username in content['users'][0]:
return {'result': 'error', 'reason': 'User doesnt exist', 'route': 'remove_user'}
userid = int(content['users'][0][params.username]['userid']) userid = int(content['users'][0][params.username]['userid'])
if userid == 0: if userid == 0:
return {'result': 'not allowed', 'reason': 'Userid 0 is protected', 'route': 'remove_user'} return {'result': 'not allowed', 'reason': 'Userid 0 is protected', 'route': 'remove_user'}
del content['users'][0][params.username]
if os.path.isfile('/etc/shadowsocks-libev/manager.json'): if os.path.isfile('/etc/shadowsocks-libev/manager.json'):
shadowsocks_port = content['users'][0][params.username]['shadowsocks_port'] shadowsocks_port = content['users'][0][params.username]['shadowsocks_port']
remove_ss_user(str(shadowsocks_port)) remove_ss_user(str(shadowsocks_port))
@ -3382,6 +3421,7 @@ def remove_user(*, params: RemoveUser, current_user: User = Depends(get_current_
v2ray_del_user(params.username) v2ray_del_user(params.username)
if os.path.isfile('/etc/xray/xray-server.json'): if os.path.isfile('/etc/xray/xray-server.json'):
xray_del_user(params.username) xray_del_user(params.username)
del content['users'][0][params.username]
if content: if content:
LOG.debug("backup_config() in remove user") LOG.debug("backup_config() in remove user")
backup_config() backup_config()