CCrypto
/
ccvpn3
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
CCrypto VPN public website https://vpn.ccrypto.org/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
47 Commits
1 Branch
136 MiB
 
 
 
 
 
 
Tree: 7d7742bdd0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7d7742bdd0'
${ noResults }
ccvpn3/lambdainst/core.py

178 lines
5.3 KiB
Raw Blame History 

  1. from datetime import timedelta, datetime

  2. import lcoreapi

  3. from django.conf import settings

  4. import logging

  5. 

  6. cluster_messages = settings.LAMBDAINST_CLUSTER_MESSAGES

  7. 

  8. lcore_settings = settings.LCORE

  9. 

  10. LCORE_BASE_URL = lcore_settings.get('BASE_URL')

  11. LCORE_API_KEY = lcore_settings['API_KEY']

  12. LCORE_API_SECRET = lcore_settings['API_SECRET']

  13. LCORE_SOURCE_ADDR = lcore_settings.get('SOURCE_ADDRESS')

  14. LCORE_INST_SECRET = lcore_settings['INST_SECRET']

  15. LCORE_TIMEOUT = lcore_settings.get('TIMEOUT', 10)

  16. 

  17. # The default is to log the exception and only raise it if we cannot show

  18. # the previous value or a default value instead.

  19. LCORE_RAISE_ERRORS = bool(lcore_settings.get('RAISE_ERRORS', False))

  20. 

  21. LCORE_CACHE_TTL = lcore_settings.get('CACHE_TTL', 60)

  22. if isinstance(LCORE_CACHE_TTL, int):

  23.     LCORE_CACHE_TTL = timedelta(seconds=LCORE_CACHE_TTL)

  24. assert isinstance(LCORE_CACHE_TTL, timedelta)

  25. 

  26. VPN_AUTH_STORAGE = settings.VPN_AUTH_STORAGE

  27. assert VPN_AUTH_STORAGE in ('core', 'inst')

  28. 

  29. core_api = lcoreapi.API(LCORE_API_KEY, LCORE_API_SECRET, LCORE_BASE_URL,

  30.                         timeout=LCORE_TIMEOUT)

  31. 

  32. 

  33. class APICache:

  34.     """ Cache data for a time, try to update and silence errors.

  35.     Outdated data is not a problem.

  36.     """

  37.     def __init__(self, ttl=None, initial=None):

  38.         self.cache_date = datetime.fromtimestamp(0)

  39.         self.ttl = ttl or LCORE_CACHE_TTL

  40. 

  41.         self.has_cached_value = initial is not None

  42.         self.cached = initial() if initial else None

  43. 

  44.     def query(self, wrapped, *args, **kwargs):

  45.         try:

  46.             return wrapped(*args, **kwargs)

  47.         except lcoreapi.APIError:

  48.             logger = logging.getLogger('django.request')

  49.             logger.exception("core api error")

  50. 

  51.             if LCORE_RAISE_ERRORS:

  52.                 raise

  53. 

  54.             if not self.has_cached_value:

  55.                 # We only return a default value if we were given one.

  56.                 # Prevents returning an unexpected None.

  57.                 raise

  58. 

  59.             # Return previous value

  60.             return self.cached

  61. 

  62.     def __call__(self, wrapped):

  63.         def wrapper(*args, **kwargs):

  64.             if self.cache_date > (datetime.now() - self.ttl):

  65.                 return self.cached

  66. 

  67.             self.cached = self.query(wrapped, *args, **kwargs)

  68. 

  69.             # New results *and* errors are cached

  70.             self.cache_date = datetime.now()

  71.             return self.cached

  72.         return wrapper

  73. 

  74. 

  75. @APICache(initial=lambda: 0)

  76. def current_active_sessions():

  77.     return core_api.get(core_api.info['current_instance'] + '/sessions', active=True)['total_count']

  78. 

  79. 

  80. @APICache(initial=lambda: [])

  81. def get_locations():

  82.     gateways = core_api.get('/gateways/', enabled=True)

  83.     locations = {}

  84. 

  85.     for gw in gateways.list_iter():

  86.         cc = gw['cluster_name']

  87. 

  88.         if cc not in locations:

  89.             locations[cc] = dict(

  90.                 servers=0,

  91.                 bandwidth=0,

  92.                 hostname='gw.' + cc + '.204vpn.net',

  93.                 country_code=cc,

  94.                 message=cluster_messages.get(cc),

  95.             )

  96. 

  97.         locations[cc]['servers'] += 1

  98.         locations[cc]['bandwidth'] += gw['bandwidth']

  99. 

  100.     locations = sorted(locations.items(), key=lambda x: x[1]['country_code'])

  101.     return locations

  102. 

  103. 

  104. @APICache(initial=lambda: [])

  105. def get_gateway_exit_ips():

  106.     gateways = core_api.get('/gateways/', enabled=True)

  107.     ipv4_list = []

  108.     ipv6_list = []

  109. 

  110.     for gw in gateways.list_iter():

  111.         ma = gw['main_addr']

  112.         if ma.get('ipv4'):

  113.             ipv4_list.append(ma['ipv4'])

  114.         if ma.get('ipv6'):

  115.             ipv6_list.append(ma['ipv6'])

  116. 

  117.     # TODO: IPv6 support

  118. 

  119.     return ipv4_list

  120. 

  121. 

  122. def is_vpn_gateway(ip):

  123.     addresses = get_gateway_exit_ips()

  124.     return ip in addresses

  125. 

  126. 

  127. def create_user(username, cleartext_password):

  128.     """ The password will be hashed and stored safely on the core,

  129.     so we have to send it clearly here.

  130.     """

  131.     path = core_api.info['current_instance'] + '/users/'

  132.     core_api.post(path, data={

  133.         'username': username,

  134.         'password': cleartext_password,

  135.         'expiration_date': datetime(1, 1, 1).isoformat(),  # Expired.

  136.     })

  137. 

  138. 

  139. def update_user_expiration(user):

  140.     path = core_api.info['current_instance'] + '/users/' + user.username

  141. 

  142.     try:

  143.         if not user.is_active:

  144.             core_api.patch(path, data={

  145.                 'expiration_date': datetime(1, 1, 1).isoformat(),  # Expired.

  146.             })

  147.             return

  148. 

  149.         core_api.patch(path, data={

  150.             'expiration_date': user.vpnuser.expiration,

  151.         })

  152.     except lcoreapi.APIError:

  153.         # User can't do anything to this, we should just report it

  154.         logger = logging.getLogger('django.request')

  155.         logger.exception("core api error, missing user (exp update)")

  156. 

  157. 

  158. def update_user_password(user, cleartext_password):

  159.     path = core_api.info['current_instance'] + '/users/' + user.username

  160. 

  161.     try:

  162.         core_api.patch(path, data={

  163.             'password': cleartext_password,

  164.         })

  165.     except lcoreapi.APINotFoundError:

  166.         # This time we can try fix it!

  167.         create_user(user.username, cleartext_password)

  168.     except lcoreapi.APIError:

  169.         # and maybe fail.

  170.         logger = logging.getLogger('django.request')

  171.         logger.exception("core api error (password update)")

  172. 

  173. 

  174. def delete_user(username):

  175.     path = core_api.info['current_instance'] + '/users/' + username

  176.     core_api.delete(path)