import requests import io import zipfile import hmac import base64 from hashlib import sha256 from urllib.parse import urlencode, parse_qsl from datetime import timedelta, datetime from django.http import ( HttpResponse, JsonResponse, HttpResponseRedirect, HttpResponseNotFound, HttpResponseForbidden ) from django.shortcuts import render, redirect from django.contrib.auth import authenticate from django.contrib.auth.decorators import login_required, user_passes_test from django.contrib.admin.sites import site from django.contrib import messages from django.utils.translation import ugettext as _ from django.utils import timezone from django.conf import settings as project_settings from django.views.decorators.csrf import csrf_exempt from django.db.models import Count from django.contrib import auth from django.contrib.auth.models import User from django_countries import countries from constance import config as site_config import lcoreapi from ccvpn.common import get_client_ip, get_price_float from payments.models import ACTIVE_BACKENDS from .forms import SignupForm, ReqEmailForm from .models import GiftCode, VPNUser from .core import core_api from . import core from . import graphs from . import openvpn def get_locations(): """ Pretty bad thing that returns get_locations() with translated stuff that depends on the request """ countries_d = dict(countries) locations = core.get_locations() for k, v in locations: cc = v['country_code'].upper() v['country_name'] = countries_d.get(cc, cc) return locations def ca_crt(request): return HttpResponse(content=project_settings.OPENVPN_CA, content_type='application/x-x509-ca-cert') def logout(request): auth.logout(request) return redirect('index') def signup(request): if request.user.is_authenticated: return redirect('account:index') if request.method != 'POST': form = SignupForm() return render(request, 'ccvpn/signup.html', dict(form=form)) form = SignupForm(request.POST) if not form.is_valid(): return render(request, 'ccvpn/signup.html', dict(form=form)) user = User.objects.create_user(form.cleaned_data['username'], form.cleaned_data['email'], form.cleaned_data['password']) user.save() if core.VPN_AUTH_STORAGE == 'core': core.create_user(form.cleaned_data['username'], form.cleaned_data['password']) try: user.vpnuser.referrer = User.objects.get(id=request.session.get('referrer')) except User.DoesNotExist: pass user.vpnuser.campaign = request.session.get('campaign') user.vpnuser.save() user.backend = 'django.contrib.auth.backends.ModelBackend' auth.login(request, user) return redirect('account:index') @login_required def discourse_login(request): sso_secret = project_settings.DISCOURSE_SECRET discourse_url = project_settings.DISCOURSE_URL if project_settings.DISCOURSE_SSO is not True: return HttpResponseNotFound() payload = request.GET.get('sso', '') signature = request.GET.get('sig', '') expected_signature = hmac.new(sso_secret.encode('utf-8'), payload.encode('utf-8'), sha256).hexdigest() if signature != expected_signature: return HttpResponseNotFound() if request.method == 'POST' and 'email' in request.POST: form = ReqEmailForm(request.POST) if not form.is_valid(): return render(request, 'ccvpn/require_email.html', dict(form=form)) request.user.email = form.cleaned_data['email'] request.user.save() if not request.user.email: form = ReqEmailForm() return render(request, 'ccvpn/require_email.html', dict(form=form)) try: payload = base64.b64decode(payload).decode('utf-8') payload_data = dict(parse_qsl(payload)) except (TypeError, ValueError): return HttpResponseNotFound() payload_data.update({ 'external_id': request.user.id, 'username': request.user.username, 'email': request.user.email, 'require_activation': 'true', }) payload = urlencode(payload_data) payload = base64.b64encode(payload.encode('utf-8')) signature = hmac.new(sso_secret.encode('utf-8'), payload, sha256).hexdigest() redirect_query = urlencode(dict(sso=payload, sig=signature)) redirect_path = '/session/sso_login?' + redirect_query return HttpResponseRedirect(discourse_url + redirect_path) @login_required def index(request): ref_url = project_settings.ROOT_URL + '?ref=' + str(request.user.id) twitter_url = 'https://twitter.com/intent/tweet?' twitter_args = { 'text': _("Awesome VPN! 3€ per month, with a free 7 days trial!"), 'via': 'CCrypto_VPN', 'url': ref_url, 'related': 'CCrypto_VPN,CCrypto_org' } class price_fn: """ Clever hack to get the price in templates with {{price.3}} with 3 an arbitrary number of months """ def __getitem__(self, months): n = int(months) * get_price_float() c = project_settings.PAYMENTS_CURRENCY[1] return '%.2f %s' % (n, c) context = dict( title=_("Account"), ref_url=ref_url, twitter_link=twitter_url + urlencode(twitter_args), subscription=request.user.vpnuser.get_subscription(include_unconfirmed=True), backends=sorted(ACTIVE_BACKENDS.values(), key=lambda x: x.backend_id), subscr_backends=sorted((b for b in ACTIVE_BACKENDS.values() if b.backend_has_recurring), key=lambda x: x.backend_id), default_backend='paypal', recaptcha_site_key=project_settings.RECAPTCHA_SITE_KEY, price=price_fn(), user_motd=site_config.MOTD_USER, ) return render(request, 'lambdainst/account.html', context) def captcha_test(grr, request): api_url = project_settings.RECAPTCHA_API if api_url == 'TEST' and grr == 'TEST-TOKEN': # FIXME: i'm sorry. return True data = dict(secret=project_settings.RECAPTCHA_SECRET_KEY, remoteip=get_client_ip(request), response=grr) try: r = requests.post(api_url, data=data) r.raise_for_status() d = r.json() return d.get('success') except (requests.ConnectionError, requests.HTTPError, ValueError): return False @login_required def trial(request): if request.method != 'POST' or not request.user.vpnuser.can_have_trial: return redirect('account:index') grr = request.POST.get('g-recaptcha-response', '') if captcha_test(grr, request): request.user.vpnuser.give_trial_period() request.user.vpnuser.save() messages.success(request, _("OK!")) else: messages.error(request, _("Invalid captcha")) return redirect('account:index') @login_required def settings(request): if request.method != 'POST': return render(request, 'lambdainst/settings.html') pw = request.POST.get('password') pw2 = request.POST.get('password2') if pw and pw2: if pw != pw2: messages.error(request, _("Passwords do not match")) else: request.user.set_password(pw) if core.VPN_AUTH_STORAGE == 'core': core.update_user_password(request.user, pw) messages.success(request, _("OK!")) email = request.POST.get('email') if email: request.user.email = email else: request.user.email = '' request.user.save() return render(request, 'lambdainst/settings.html', dict(title=_("Settings"))) @login_required def gift_code(request): try: code = GiftCode.objects.get(code=request.POST.get('code', '').strip(), available=True) except GiftCode.DoesNotExist: code = None if code is None: messages.error(request, _("Gift code not found or already used.")) elif not code.use_on(request.user): messages.error(request, _("Gift code only available to free accounts.")) else: messages.success(request, _("OK!")) return redirect('account:index') @login_required def logs(request): page_size = 20 page = int(request.GET.get('page', 0)) offset = page * page_size base = core_api.info['current_instance'] path = '/users/' + request.user.username + '/sessions/' try: l = core_api.get(base + path, offset=offset, limit=page_size) total_count = l['total_count'] items = l['items'] except lcoreapi.APINotFoundError: total_count = 0 items = [] return render(request, 'lambdainst/logs.html', { 'sessions': items, 'page': page, 'prev': page - 1 if page > 0 else None, 'next': page + 1 if offset + page_size < total_count else None, 'last_page': total_count // page_size, 'title': _("Logs"), }) @login_required def config(request): return render(request, 'lambdainst/config.html', dict( title=_("Config"), config_os=openvpn.CONFIG_OS, config_countries=(c for _, c in get_locations()), config_protocols=openvpn.PROTOCOLS, )) @login_required def config_dl(request): allowed_cc = [cc for (cc, _) in get_locations()] os = request.GET.get('client_os') common_options = { 'username': request.user.username, 'protocol': request.GET.get('protocol'), 'os': os, 'http_proxy': request.GET.get('http_proxy'), 'ipv6': 'enable_ipv6' in request.GET, } # Should be validated since it's used in the filename # other common options are only put in the config file protocol = common_options['protocol'] if protocol not in ('udp', 'udpl', 'tcp'): return HttpResponseNotFound() location = request.GET.get('gateway') if location == 'all': # Multiple gateways in a zip archive f = io.BytesIO() z = zipfile.ZipFile(f, mode='w') for gw_name in allowed_cc + ['random']: if os == 'chromeos': filename = 'ccrypto-%s-%s.onc' % (gw_name, protocol) else: filename = 'ccrypto-%s-%s.ovpn' % (gw_name, protocol) config = openvpn.make_config(gw_name=gw_name, **common_options) z.writestr(filename, config.encode('utf-8')) z.close() r = HttpResponse(content=f.getvalue(), content_type='application/zip') r['Content-Disposition'] = 'attachment; filename="%s.zip"' % filename return r else: # Single gateway if location[3:] in allowed_cc: gw_name = location[3:] else: gw_name = 'random' if os == 'chromeos': filename = 'ccrypto-%s-%s.onc' % (gw_name, protocol) else: filename = 'ccrypto-%s-%s.ovpn' % (gw_name, protocol) config = openvpn.make_config(gw_name=gw_name, **common_options) if 'plain' in request.GET: return HttpResponse(content=config, content_type='text/plain') else: if os == 'chromeos': r = HttpResponse(content=config, content_type='application/x-onc') else: r = HttpResponse(content=config, content_type='application/x-openvpn-profile') r['Content-Disposition'] = 'attachment; filename="%s"' % filename return r @csrf_exempt def api_auth(request): if request.method != 'POST': return HttpResponseNotFound() if core.VPN_AUTH_STORAGE != 'inst': return HttpResponseNotFound() username = request.POST.get('username') password = request.POST.get('password') secret = request.POST.get('secret') if secret != core.LCORE_INST_SECRET: return HttpResponseForbidden(content="Invalid secret") user = authenticate(username=username, password=password) if not user or not user.is_active: return JsonResponse(dict(status='fail', message="Invalid credentials")) if not user.vpnuser.is_paid: return JsonResponse(dict(status='fail', message="Not allowed to connect")) user.vpnuser.last_vpn_auth = timezone.now() user.vpnuser.save() return JsonResponse(dict(status='ok')) def api_locations(request): def format_loc(cc, l): msg = ' [%s]' % l['message'] if l['message'] else '' return { 'country_name': l['country_name'] + msg, 'country_code': cc, 'hostname': l['hostname'], 'bandwidth': l['bandwidth'], 'servers': l['servers'], } return JsonResponse(dict(locations=[format_loc(cc, l) for cc, l in get_locations()])) def status(request): locations = get_locations() ctx = { 'title': _("Status"), 'n_users': VPNUser.objects.filter(expiration__gte=timezone.now()).count(), 'n_sess': core.current_active_sessions(), 'n_gws': sum(l['servers'] for cc, l in locations), 'n_countries': len(set(cc for cc, l in locations)), 'total_bw': sum(l['bandwidth'] for cc, l in locations), 'locations': locations, } return render(request, 'lambdainst/status.html', ctx) @user_passes_test(lambda user: user.is_staff) def admin_status(request): graph_name = request.GET.get('graph_name') graph_period = request.GET.get('period') if graph_period not in ('y', 'm'): graph_period = 'm' if graph_name: if graph_name == 'users': content = graphs.users_graph(graph_period) elif graph_name == 'payments_paid': content = graphs.payments_paid_graph(graph_period) elif graph_name == 'payments_success': content = graphs.payments_success_graph(graph_period) else: return HttpResponseNotFound() return HttpResponse(content=content, content_type='image/svg+xml') payment_status = ((b, b.get_info()) for b in ACTIVE_BACKENDS.values()) payment_status = ((b, i) for (b, i) in payment_status if i) ctx = { 'api_status': {k: str(v) for k, v in core_api.info.items()}, 'payment_backends': sorted(ACTIVE_BACKENDS.values(), key=lambda x: x.backend_id), 'payment_status': payment_status, } ctx.update(site.each_context(request)) return render(request, 'lambdainst/admin_status.html', ctx) @user_passes_test(lambda user: user.is_staff) def admin_ref(request): last_week = datetime.now() - timedelta(days=7) last_month = datetime.now() - timedelta(days=30) top_ref = User.objects.annotate(n_ref=Count('referrals')).order_by('-n_ref')[:10] top_ref_week = User.objects.filter(referrals__user__date_joined__gt=last_week) \ .annotate(n_ref=Count('referrals')) \ .order_by('-n_ref')[:10] top_ref_month = User.objects.filter(referrals__user__date_joined__gt=last_month) \ .annotate(n_ref=Count('referrals')) \ .order_by('-n_ref')[:10] ctx = { 'top_ref': top_ref, 'top_ref_week': top_ref_week, 'top_ref_month': top_ref_month, } ctx.update(site.each_context(request)) return render(request, 'lambdainst/admin_ref.html', ctx)