smartvpn-http-hooks 1.0.7

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 452d36d90e1e0b42c1115a570b99d67a73aad680
+  data.tar.gz: 3bac4bacc5059ac0045b4c73517eceaf0e0b9e1c
+SHA512:
+  metadata.gz: e3d5f961cdea917deb8860d5e2132cafc713f36e8ff128fb25dbc0216fd4ae35059a452cfb0dfdcfda37bf22411487d03f2b31690be43981b426853a8a6e9b85
+  data.tar.gz: a4cb8b5fd0f11ce8955eb0633742de163a437ec91bea0d542868936d07665d8ae0bc2615062040501a91e2489a7640d2553bf2a1f29312d83fe2f92d9e00474b

data/.gitignore

@@ -0,0 +1 @@
+.idea/

data/.rspec

@@ -0,0 +1 @@
+--color

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,39 @@
+PATH
+  remote: .
+  specs:
+    smartvpn-http-hooks (1.0.7)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.3.5)
+    crack (0.4.2)
+      safe_yaml (~> 1.0.0)
+    diff-lcs (1.2.5)
+    metaclass (0.0.4)
+    mocha (1.0.0)
+      metaclass (~> 0.0.1)
+    rspec (2.14.1)
+      rspec-core (~> 2.14.0)
+      rspec-expectations (~> 2.14.0)
+      rspec-mocks (~> 2.14.0)
+    rspec-core (2.14.8)
+    rspec-expectations (2.14.5)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.14.6)
+    safe_yaml (1.0.1)
+    webmock (1.17.4)
+      addressable (>= 2.2.7)
+      crack (>= 0.3.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  mocha
+  rspec
+  smartvpn-http-hooks!
+  webmock
+
+BUNDLED WITH
+   1.17.1

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2015 SmartVPN.biz
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,22 @@
+# smartvpn-http-hooks
+
+This ruby gem is wrapper for OpenVPN server daemon.
+
+The main purpose of this gem - is to interact with remote API, located at billing system.
+
+This allows to authenticate user, track his connects/disconnects, apply hooks on connect/disconnect.
+
+### Hooks
+
+Built-in hooks allow to implement following features for specific user:
+
+* Automatic routing of I2P sites through I2P router
+* Automatic routing of TOR sites through TOR router
+* Applying selected proxy for all HTTP traffic of specific user
+
+### Disclaimer
+
+This is OpenSource, Free software. You may use it anyway you want. It is provided AS IS.
+
+Check out LICENSE file for more info.
+

data/bin/smartvpn-activate

@@ -0,0 +1,6 @@
+#!/usr/bin/ruby
+
+require 'smartvpn-http-hooks'
+
+api = Api::Activation.new
+api.activate

data/bin/smartvpn-authenticate

@@ -0,0 +1,8 @@
+#!/usr/bin/ruby
+
+require 'smartvpn-http-hooks'
+
+api_adapter_class = Api::Authentication
+
+authenticator = OpenvpnPasswordAuthenticator.new(ARGV, api_adapter_class)
+authenticator.authenticate

data/bin/smartvpn-connect

@@ -0,0 +1,6 @@
+#!/usr/bin/ruby
+
+require 'smartvpn-http-hooks'
+
+connection = Api::Connect.new
+connection.invoke

data/bin/smartvpn-disconnect

@@ -0,0 +1,7 @@
+#!/usr/bin/ruby
+
+require 'smartvpn-http-hooks'
+
+connection = Api::Disconnect.new
+connection.invoke
+

data/lib/api/activation.rb

@@ -0,0 +1,39 @@
+require File.expand_path('../billing', __FILE__)
+
+module Api
+  class Activation < Billing
+
+    def activate
+      if activated_successfully?
+        save_auth_key
+      else
+        raise "Can't activate server at billing"
+      end
+    end
+
+    private
+
+    def activated_successfully?
+      success_api_call?
+    end
+
+    def save_auth_key
+      key = JSON.parse(api_call_result.body)["auth_key"]
+      File.open('/etc/openvpn/auth_key', 'w') { |file| file.write(key) }
+    end
+
+    def signed_data
+      data
+    end
+
+    def data
+      {
+        hostname: hostname
+      }
+    end
+
+    def action
+      "activate"
+    end
+  end
+end

data/lib/api/authentication.rb

@@ -0,0 +1,27 @@
+require File.expand_path('../billing', __FILE__)
+
+module Api
+  class Authentication < Billing
+    def initialize(login, password)
+      @login, @password = login, password
+    end
+
+    def valid_credentials?
+      success_api_call?
+    end
+
+    private
+
+    def data
+      {
+        login: @login,
+        password: @password,
+        hostname: hostname
+      }
+    end
+
+    def action
+      "auth"
+    end
+  end
+end

data/lib/api/billing.rb

@@ -0,0 +1,44 @@
+require "socket"
+require 'net/http'
+require 'json'
+require File.expand_path('../../signer', __FILE__)
+
+module Api
+  class Billing
+    API_HOST = '/etc/openvpn/API_HOST'
+    KEY_PATH = '/etc/openvpn/auth_key'
+
+    def host_with_port
+      host =  File.read(API_HOST)
+      "http://#{host.strip}"
+    end
+
+    def auth_key
+      File.read(KEY_PATH)
+    end
+
+    def hostname
+      Socket.gethostname
+    end
+
+    def success_api_call?
+      api_call_result.code == '200'
+    end
+
+    def response
+      JSON.parse(api_call_result.body)
+    end
+
+    def api_call_result
+      @api_result ||= Net::HTTP.post_form(uri, signed_data)
+    end
+
+    def uri
+      URI("#{host_with_port}/api/#{action}")
+    end
+
+    def signed_data
+      data.merge!({ signature: Signer.sign_hash(data, auth_key) })
+    end
+  end
+end

data/lib/api/connect.rb

@@ -0,0 +1,21 @@
+module Api
+  class Connect < Connection
+    def invoke
+      invoke_if_valid_api_call do
+        activate_options
+      end
+    end
+
+    def action
+      'connect'
+    end
+
+    private
+
+    def activate_options
+      options.each do |code, data|
+        data[:option_class].activate(common_name, data[:attributes])
+      end
+    end
+  end
+end

data/lib/api/connection.rb

@@ -0,0 +1,66 @@
+require File.expand_path('../billing', __FILE__)
+
+module Api
+  class Connection < Billing
+    def invoke_if_valid_api_call(&block)
+      yield if success_api_call?
+      trigger_script_return
+    end
+
+    def trigger_script_return
+      if success_api_call?
+        exit 0
+      else
+        exit 1
+      end
+    end
+
+    def common_name
+      response["common_name"]
+    end
+
+    def options
+      result = {}
+      option_codes.reduce(result) do |options_with_codes, option_code|
+        options_with_codes[option_code] =
+          {
+            option_class: Option::Repository.find_by_code(option_code),
+            attributes: attributes_for_option(option_code)
+          }
+        options_with_codes
+      end
+      result
+    end
+
+    private
+
+    def data
+      {
+        hostname: hostname,
+        traffic_in: traffic_in,
+        traffic_out: traffic_out,
+        login: ENV['common_name']
+      }
+    end
+
+    def option_codes
+      response["options"]
+    end
+
+    def option_attributes
+      response["option_attributes"]
+    end
+
+    def attributes_for_option(code)
+      option_attributes[code]
+    end
+
+    def traffic_in
+      ENV['bytes_received'] || "0"
+    end
+
+    def traffic_out
+      ENV['bytes_sent'] || "0"
+    end
+  end
+end

data/lib/api/disconnect.rb

@@ -0,0 +1,21 @@
+module Api
+  class Disconnect < Connection
+    def invoke
+      invoke_if_valid_api_call do
+        deactivate_options
+      end
+    end
+
+    def action
+      'disconnect'
+    end
+
+    private
+
+    def deactivate_options
+      options.each do |code, data|
+        data[:option_class].deactivate(common_name, data[:attributes])
+      end
+    end
+  end
+end

data/lib/exceptions/option_not_found.rb

@@ -0,0 +1,2 @@
+class OptionNotFound < StandardError
+end

data/lib/openvpn_password_authenticator.rb

@@ -0,0 +1,18 @@
+class OpenvpnPasswordAuthenticator
+  attr_accessor :api
+
+  def initialize(args, api_adapter_class)
+    content = File.read(args[0])
+    @login, @password = content.split("\n")
+    @api = api_adapter_class.new(@login, @password)
+  end
+
+  def authenticate
+    if @api.valid_credentials?
+      exit 0
+    else
+      exit 1
+    end
+  end
+
+end

data/lib/option/base.rb

@@ -0,0 +1,30 @@
+module Option
+  class Base
+    attr_accessor :common_name, :attributes
+
+    class << self
+      def activate(common_name, attributes={})
+        option_object = new(common_name, attributes)
+        option_object.activate!
+      end
+
+      def deactivate(common_name, attributes={})
+        option_object = new(common_name, attributes)
+        option_object.deactivate!
+      end
+    end
+
+    def initialize(common_name, attributes)
+      @common_name = common_name
+      @attributes  = attributes
+    end
+
+    def virtual_ip
+      System::OpenvpnStatus.current_virtual_address
+    end
+
+    def server_virtual_ip
+      System::OpenvpnStatus.server_virtual_address
+    end
+  end
+end

data/lib/option/i2p.rb

@@ -0,0 +1,28 @@
+module Option
+  class I2p < Base
+    def activate!
+      add_firewall_routes
+    end
+
+    def deactivate!
+      remove_firewall_routes
+    end
+
+    private
+
+    def add_firewall_routes
+      system "/sbin/iptables -t filter -D INPUT -p tcp -m tcp --dport 8118 -j DROP"
+      system "/sbin/iptables -t filter -A INPUT -s #{virtual_ip} -p tcp -m tcp --dport 8118 -j ACCEPT"
+      system "/sbin/iptables -t filter -A INPUT -p tcp -m tcp --dport 8118 -j DROP"
+      system "/sbin/iptables -t nat -A PREROUTING -p udp -m udp -s #{virtual_ip} --dport 53 -j DNAT --to-destination #{server_virtual_ip}:53"
+      system "/sbin/iptables -t nat -A PREROUTING -p tcp -m tcp -s #{virtual_ip} --dport 53 -j DNAT --to-destination #{server_virtual_ip}:53"
+      true
+    end
+
+    def remove_firewall_routes
+      system "/sbin/iptables -D INPUT -s #{virtual_ip} -p tcp -m tcp --dport 8118 -j ACCEPT"
+      system "/sbin/iptables -t nat -D PREROUTING -p udp -m udp -s #{virtual_ip} --dport 53 -j DNAT --to-destination #{server_virtual_ip}:53"
+      system "/sbin/iptables -t nat -D PREROUTING -p tcp -m tcp -s #{virtual_ip} --dport 53 -j DNAT --to-destination #{server_virtual_ip}:53"
+    end
+  end
+end