securevpn-xyz-http-hooks 1.3.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: b44cd788085a4c09799e288dcd99b93276321417
+  data.tar.gz: def5da481d4276d9e4734e3c7fa45be26cf05c3b
+SHA512:
+  metadata.gz: ba5b11c6e6fe537655872815b1c61139ea26a77ce7045b6b41cd286aa4a880446bb6c22a9eeace2950bd3658a0e7b51100712d9f7beef5f98c58b2e9083b45b2
+  data.tar.gz: 0ae7d404cb044d19da4bc3f013620d196a58166a95a760fd7d055ad6d85782d6e708b9631b4bf5d09eb420940b661a87d0c1b9dcf36a1f4c7098db37c5eb3e1e

data/.rspec

@@ -0,0 +1 @@
+--color

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,39 @@
+PATH
+  remote: .
+  specs:
+    securevpn-xyz-http-hooks (1.1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.3.5)
+    crack (0.4.2)
+      safe_yaml (~> 1.0.0)
+    diff-lcs (1.2.5)
+    metaclass (0.0.4)
+    mocha (1.0.0)
+      metaclass (~> 0.0.1)
+    rspec (2.14.1)
+      rspec-core (~> 2.14.0)
+      rspec-expectations (~> 2.14.0)
+      rspec-mocks (~> 2.14.0)
+    rspec-core (2.14.8)
+    rspec-expectations (2.14.5)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.14.6)
+    safe_yaml (1.0.1)
+    webmock (1.17.4)
+      addressable (>= 2.2.7)
+      crack (>= 0.3.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  mocha
+  rspec
+  securevpn-xyz-http-hooks!
+  webmock
+
+BUNDLED WITH
+   1.10.6

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2015 securevpn.xyz
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,22 @@
+#### openvpn-http-hooks
+
+This ruby gem is wrapper for OpenVPN server daemon.
+
+The main purpose of this gem - is to interact with remote API, located at billing system.
+
+This allows to authenticate user, track his connects/disconnects, apply hooks on connect/disconnect.
+
+### Hooks
+
+Built-in hooks allow to implement following features for specific user:
+
+* Automatic routing of I2P sites through I2P router
+* Automatic routing of TOR sites through TOR router
+* Applying selected proxy for all HTTP traffic of specific user
+
+### Disclaimer
+
+This is OpenSource, Free software. You may use it anyway you want. It is provided AS IS.
+
+Check out LICENSE file for more info.
+

data/bin/openvpn-activate

@@ -0,0 +1,6 @@
+#!/usr/bin/ruby
+
+require 'openvpn-http-hooks'
+
+api = Api::Activation.new
+api.activate

data/bin/openvpn-authenticate

@@ -0,0 +1,8 @@
+#!/usr/bin/ruby
+
+require 'openvpn-http-hooks'
+
+api_adapter_class = Api::Authentication
+
+authenticator = OpenvpnPasswordAuthenticator.new(ARGV, api_adapter_class)
+authenticator.authenticate

data/bin/openvpn-connect

@@ -0,0 +1,6 @@
+#!/usr/bin/ruby
+
+require 'openvpn-http-hooks'
+
+connection = Api::Connect.new
+connection.invoke

data/bin/openvpn-disconnect

@@ -0,0 +1,7 @@
+#!/usr/bin/ruby
+
+require 'openvpn-http-hooks'
+
+connection = Api::Disconnect.new
+connection.invoke
+

data/lib/api/activation.rb

@@ -0,0 +1,37 @@
+require File.expand_path('../billing', __FILE__)
+
+module Api
+  class Activation < Billing
+
+    def activate
+      if activated_successfully?
+        save_auth_key
+      else
+        raise "Can't activate server at billing"
+      end
+    end
+
+    private
+
+    def activated_successfully?
+      success_api_call?
+    end
+
+    def save_auth_key
+      key = JSON.parse(api_call_result.body)["auth_key"]
+      File.open('/etc/openvpn/auth_key', 'w') { |file| file.write(key) }
+    end
+
+    def signed_data
+      data
+    end
+
+    def data
+      "hostname=#{hostname}"
+    end
+
+    def action
+      "activate"
+    end
+  end
+end

data/lib/api/authentication.rb

@@ -0,0 +1,23 @@
+require File.expand_path('../billing', __FILE__)
+
+module Api
+  class Authentication < Billing
+    def initialize(login, password)
+      @login, @password = login, password
+    end
+
+    def valid_credentials?
+      success_api_call?
+    end
+
+    private
+
+    def data
+      "login=#{@login}&password=#{@password}&hostname=#{hostname}"
+    end
+
+    def action
+      "auth"
+    end
+  end
+end

data/lib/api/billing.rb

@@ -0,0 +1,55 @@
+require "socket"
+require 'net/http'
+require 'net/https'
+require 'uri'
+require 'json'
+
+require File.expand_path('../../signer', __FILE__)
+
+module Api
+  class Billing
+    API_HOST = "api.securevpn.xyz"
+    KEY_PATH = "/etc/openvpn/auth_key"
+
+    def host_with_port
+      "https://#{API_HOST}"
+    end
+
+    def auth_key
+      File.read(KEY_PATH)
+    end
+
+    def hostname
+      Socket.gethostname
+    end
+
+    def success_api_call?
+      api_call_result.code == '200'
+    end
+
+    def response
+      JSON.parse(api_call_result.body)
+    end
+
+    def api_call_result
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = true
+      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+
+      request = Net::HTTP::Post.new(uri.path)
+      request["content-type"] = 'application/x-www-form-urlencoded'
+      request.body = signed_data
+
+      @api_result ||= http.request(request)
+    end
+
+    def uri
+      URI("#{host_with_port}/api/#{action}")
+    end
+
+    def signed_data
+      data
+      #data + "&signature=#{Signer.sign_hash(data, auth_key)}"
+    end
+  end
+end

data/lib/api/connect.rb

@@ -0,0 +1,21 @@
+module Api
+  class Connect < Connection
+    def invoke
+      invoke_if_valid_api_call do
+        activate_options
+      end
+    end
+
+    def action
+      'connect'
+    end
+
+    private
+
+    def activate_options
+      options.each do |code, data_array|
+        data[:option_class].activate(common_name, data[:attributes])
+      end
+    end
+  end
+end

data/lib/api/connection.rb

@@ -0,0 +1,70 @@
+require File.expand_path('../billing', __FILE__)
+
+module Api
+  class Connection < Billing
+    def invoke_if_valid_api_call(&block)
+      yield if success_api_call?
+      trigger_script_return
+    end
+
+    def trigger_script_return
+      if success_api_call?
+        exit 0
+      else
+        exit 1
+      end
+    end
+
+    def common_name
+      response["common_name"]
+    end
+
+    def options
+      result = {}
+      option_codes.reduce(result) do |options_with_codes, option_code|
+        options_with_codes[option_code] =
+          {
+            option_class: Option::Repository.find_by_code(option_code),
+            attributes: attributes_for_option(option_code)
+          }
+        options_with_codes
+      end
+      result
+    end
+
+    private
+
+    def data
+      "hostname=#{hostname}&traffic_in=#{traffic_in}&traffic_out=#{traffic_out}&login=#{response["common_name"]}"
+    end
+
+    def data_array
+      {
+        hostname: hostname,
+        traffic_in: traffic_in,
+        traffic_out: traffic_out,
+        login: ENV['common_name']
+      }
+    end
+
+    def option_codes
+      response["options"]
+    end
+
+    def option_attributes
+      response["option_attributes"]
+    end
+
+    def attributes_for_option(code)
+      option_attributes[code]
+    end
+
+    def traffic_in
+      ENV['bytes_received'] || "0"
+    end
+
+    def traffic_out
+      ENV['bytes_sent'] || "0"
+    end
+  end
+end

data/lib/api/disconnect.rb

@@ -0,0 +1,21 @@
+module Api
+  class Disconnect < Connection
+    def invoke
+      invoke_if_valid_api_call do
+        deactivate_options
+      end
+    end
+
+    def action
+      'disconnect'
+    end
+
+    private
+
+    def deactivate_options
+      options.each do |code, data|
+        data[:option_class].deactivate(common_name, data[:attributes])
+      end
+    end
+  end
+end

data/lib/exceptions/option_not_found.rb

@@ -0,0 +1,2 @@
+class OptionNotFound < StandardError
+end

data/lib/openvpn-http-hooks.rb

@@ -0,0 +1,19 @@
+require 'api/activation'
+require 'api/authentication'
+require 'api/connection'
+require 'api/connect'
+require 'api/disconnect'
+
+require 'option/base'
+require 'option/i2p'
+require 'option/proxy'
+require 'option/repository'
+
+require 'system/openvpn_status'
+require 'system/openvpn_status_log_reader'
+require 'system/openvpn_status_log_parser'
+
+require 'exceptions/option_not_found'
+
+require 'openvpn_password_authenticator'
+require 'signer'

data/lib/openvpn_password_authenticator.rb

@@ -0,0 +1,18 @@
+class OpenvpnPasswordAuthenticator
+  attr_accessor :api
+
+  def initialize(args, api_adapter_class)
+    content = File.read(args[0])
+    @login, @password = content.split("\n")
+    @api = api_adapter_class.new(@login, @password)
+  end
+
+  def authenticate
+    if @api.valid_credentials?
+      exit 0
+    else
+      exit 1
+    end
+  end
+
+end

data/lib/option/base.rb

@@ -0,0 +1,30 @@
+module Option
+  class Base
+    attr_accessor :common_name, :attributes
+
+    class << self
+      def activate(common_name, attributes={})
+        option_object = new(common_name, attributes)
+        option_object.activate!
+      end
+
+      def deactivate(common_name, attributes={})
+        option_object = new(common_name, attributes)
+        option_object.deactivate!
+      end
+    end
+
+    def initialize(common_name, attributes)
+      @common_name = common_name
+      @attributes  = attributes
+    end
+
+    def virtual_ip
+      System::OpenvpnStatus.current_virtual_address
+    end
+
+    def server_virtual_ip
+      System::OpenvpnStatus.server_virtual_address
+    end
+  end
+end