CCrypto
/
ccvpn3
3
2
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
CCrypto VPN public website https://vpn.ccrypto.org/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
47 Commits
1 Branch
48 MiB
 
 
 
 
 
 
Tree: 7d7742bdd0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7d7742bdd0'
${ noResults }
ccvpn3/lambdainst/views.py

480 lines
15 KiB
Raw Blame History 

  1. import requests

  2. import io

  3. import zipfile

  4. import hmac

  5. import base64

  6. from hashlib import sha256

  7. from urllib.parse import urlencode, parse_qsl

  8. from datetime import timedelta, datetime

  9. 

  10. from django.http import (

  11.     HttpResponse, JsonResponse,

  12.     HttpResponseRedirect,

  13.     HttpResponseNotFound, HttpResponseForbidden

  14. )

  15. from django.shortcuts import render, redirect

  16. from django.contrib.auth import authenticate

  17. from django.contrib.auth.decorators import login_required, user_passes_test

  18. from django.contrib.admin.sites import site

  19. from django.contrib import messages

  20. from django.utils.translation import ugettext as _

  21. from django.utils import timezone

  22. from django.conf import settings as project_settings

  23. from django.views.decorators.csrf import csrf_exempt

  24. from django.db.models import Count

  25. from django.contrib import auth

  26. from django.contrib.auth.models import User

  27. from django_countries import countries

  28. from constance import config as site_config

  29. import lcoreapi

  30. 

  31. from ccvpn.common import get_client_ip, get_price_float

  32. from payments.models import ACTIVE_BACKENDS

  33. from .forms import SignupForm, ReqEmailForm

  34. from .models import GiftCode, VPNUser

  35. from .core import core_api

  36. from . import core

  37. from . import graphs

  38. from . import openvpn

  39. 

  40. 

  41. def get_locations():

  42.     """ Pretty bad thing that returns get_locations() with translated stuff

  43.     that depends on the request

  44.     """

  45.     countries_d = dict(countries)

  46.     locations = core.get_locations()

  47.     for k, v in locations:

  48.         cc = v['country_code'].upper()

  49.         v['country_name'] = countries_d.get(cc, cc)

  50.     return locations

  51. 

  52. 

  53. def ca_crt(request):

  54.     return HttpResponse(content=project_settings.OPENVPN_CA,

  55.                         content_type='application/x-x509-ca-cert')

  56. 

  57. 

  58. def logout(request):

  59.     auth.logout(request)

  60.     return redirect('index')

  61. 

  62. 

  63. def signup(request):

  64.     if request.user.is_authenticated():

  65.         return redirect('account:index')

  66. 

  67.     if request.method != 'POST':

  68.         form = SignupForm()

  69.         return render(request, 'ccvpn/signup.html', dict(form=form))

  70. 

  71.     form = SignupForm(request.POST)

  72. 

  73.     if not form.is_valid():

  74.         return render(request, 'ccvpn/signup.html', dict(form=form))

  75. 

  76.     user = User.objects.create_user(form.cleaned_data['username'],

  77.                                     form.cleaned_data['email'],

  78.                                     form.cleaned_data['password'])

  79.     user.save()

  80. 

  81.     if core.VPN_AUTH_STORAGE == 'core':

  82.         core.create_user(form.cleaned_data['username'], form.cleaned_data['password'])

  83. 

  84.     try:

  85.         user.vpnuser.referrer = User.objects.get(id=request.session.get('referrer'))

  86.     except User.DoesNotExist:

  87.         pass

  88. 

  89.     user.vpnuser.campaign = request.session.get('campaign')

  90. 

  91.     user.vpnuser.save()

  92. 

  93.     user.backend = 'django.contrib.auth.backends.ModelBackend'

  94.     auth.login(request, user)

  95. 

  96.     return redirect('account:index')

  97. 

  98. 

  99. @login_required

  100. def discourse_login(request):

  101.     sso_secret = project_settings.DISCOURSE_SECRET

  102.     discourse_url = project_settings.DISCOURSE_URL

  103. 

  104.     if project_settings.DISCOURSE_SSO is not True:

  105.         return HttpResponseNotFound()

  106. 

  107.     payload = request.GET.get('sso', '')

  108.     signature = request.GET.get('sig', '')

  109. 

  110.     expected_signature = hmac.new(sso_secret.encode('utf-8'),

  111.                                   payload.encode('utf-8'),

  112.                                   sha256).hexdigest()

  113. 

  114.     if signature != expected_signature:

  115.         return HttpResponseNotFound()

  116. 

  117.     if request.method == 'POST' and 'email' in request.POST:

  118.         form = ReqEmailForm(request.POST)

  119.         if not form.is_valid():

  120.             return render(request, 'ccvpn/require_email.html', dict(form=form))

  121. 

  122.         request.user.email = form.cleaned_data['email']

  123.         request.user.save()

  124. 

  125.     if not request.user.email:

  126.         form = ReqEmailForm()

  127.         return render(request, 'ccvpn/require_email.html', dict(form=form))

  128. 

  129.     try:

  130.         payload = base64.b64decode(payload).decode('utf-8')

  131.         payload_data = dict(parse_qsl(payload))

  132.     except (TypeError, ValueError):

  133.         return HttpResponseNotFound()

  134. 

  135.     payload_data.update({

  136.         'external_id': request.user.id,

  137.         'username': request.user.username,

  138.         'email': request.user.email,

  139.         'require_activation': 'true',

  140.     })

  141. 

  142.     payload = urlencode(payload_data)

  143.     payload = base64.b64encode(payload.encode('utf-8'))

  144.     signature = hmac.new(sso_secret.encode('utf-8'), payload, sha256).hexdigest()

  145.     redirect_query = urlencode(dict(sso=payload, sig=signature))

  146.     redirect_path = '/session/sso_login?' + redirect_query

  147. 

  148.     return HttpResponseRedirect(discourse_url + redirect_path)

  149. 

  150. 

  151. @login_required

  152. def index(request):

  153.     ref_url = project_settings.ROOT_URL + '?ref=' + str(request.user.id)

  154. 

  155.     twitter_url = 'https://twitter.com/intent/tweet?'

  156.     twitter_args = {

  157.         'text': _("Awesome VPN! 3€ per month, with a free 7 days trial!"),

  158.         'via': 'CCrypto_VPN',

  159.         'url': ref_url,

  160.         'related': 'CCrypto_VPN,CCrypto_org'

  161.     }

  162. 

  163.     class price_fn:

  164.         """ Clever hack to get the price in templates with {{price.3}} with

  165.         3 an arbitrary number of months

  166.         """

  167.         def __getitem__(self, months):

  168.             n = int(months) * get_price_float()

  169.             c = project_settings.PAYMENTS_CURRENCY[1]

  170.             return '%.2f %s' % (n, c)

  171. 

  172.     context = dict(

  173.         title=_("Account"),

  174.         ref_url=ref_url,

  175.         twitter_link=twitter_url + urlencode(twitter_args),

  176.         subscription=request.user.vpnuser.get_subscription(include_unconfirmed=True),

  177.         backends=sorted(ACTIVE_BACKENDS.values(), key=lambda x: x.backend_id),

  178.         subscr_backends=sorted((b for b in ACTIVE_BACKENDS.values()

  179.                                 if b.backend_has_recurring),

  180.                                key=lambda x: x.backend_id),

  181.         default_backend='paypal',

  182.         recaptcha_site_key=project_settings.RECAPTCHA_SITE_KEY,

  183.         price=price_fn(),

  184.         user_motd=site_config.MOTD_USER,

  185.     )

  186.     return render(request, 'lambdainst/account.html', context)

  187. 

  188. 

  189. def captcha_test(grr, request):

  190.     api_url = project_settings.RECAPTCHA_API

  191. 

  192.     if api_url == 'TEST' and grr == 'TEST-TOKEN':

  193.         # FIXME: i'm sorry.

  194.         return True

  195. 

  196.     data = dict(secret=project_settings.RECAPTCHA_SECRET_KEY,

  197.                 remoteip=get_client_ip(request),

  198.                 response=grr)

  199. 

  200.     try:

  201.         r = requests.post(api_url, data=data)

  202.         r.raise_for_status()

  203.         d = r.json()

  204.         return d.get('success')

  205.     except (requests.ConnectionError, requests.HTTPError, ValueError):

  206.         return False

  207. 

  208. 

  209. @login_required

  210. def trial(request):

  211.     if request.method != 'POST' or not request.user.vpnuser.can_have_trial:

  212.         return redirect('account:index')

  213. 

  214.     grr = request.POST.get('g-recaptcha-response', '')

  215.     if captcha_test(grr, request):

  216.         request.user.vpnuser.give_trial_period()

  217.         request.user.vpnuser.save()

  218.         messages.success(request, _("OK!"))

  219.     else:

  220.         messages.error(request, _("Invalid captcha"))

  221. 

  222.     return redirect('account:index')

  223. 

  224. 

  225. @login_required

  226. def settings(request):

  227.     if request.method != 'POST':

  228.         return render(request, 'lambdainst/settings.html')

  229. 

  230.     pw = request.POST.get('password')

  231.     pw2 = request.POST.get('password2')

  232.     if pw and pw2:

  233.         if pw != pw2:

  234.             messages.error(request, _("Passwords do not match"))

  235.         else:

  236.             request.user.set_password(pw)

  237. 

  238.             if core.VPN_AUTH_STORAGE == 'core':

  239.                 core.update_user_password(request.user, pw)

  240. 

  241.             messages.success(request, _("OK!"))

  242. 

  243.     email = request.POST.get('email')

  244.     if email:

  245.         request.user.email = email

  246.     else:

  247.         request.user.email = ''

  248. 

  249.     request.user.save()

  250. 

  251.     return render(request, 'lambdainst/settings.html', dict(title=_("Settings")))

  252. 

  253. 

  254. @login_required

  255. def gift_code(request):

  256.     try:

  257.         code = GiftCode.objects.get(code=request.POST.get('code', '').strip(), available=True)

  258.     except GiftCode.DoesNotExist:

  259.         code = None

  260. 

  261.     if code is None:

  262.         messages.error(request, _("Gift code not found or already used."))

  263.     elif not code.use_on(request.user):

  264.         messages.error(request, _("Gift code only available to free accounts."))

  265.     else:

  266.         messages.success(request, _("OK!"))

  267. 

  268.     return redirect('account:index')

  269. 

  270. 

  271. @login_required

  272. def logs(request):

  273.     page_size = 20

  274.     page = int(request.GET.get('page', 0))

  275.     offset = page * page_size

  276. 

  277.     base = core_api.info['current_instance']

  278.     path = '/users/' + request.user.username + '/sessions/'

  279.     try:

  280.         l = core_api.get(base + path, offset=offset, limit=page_size)

  281.         total_count = l['total_count']

  282.         items = l['items']

  283.     except lcoreapi.APINotFoundError:

  284.         total_count = 0

  285.         items = []

  286.     return render(request, 'lambdainst/logs.html', {

  287.         'sessions': items,

  288.         'page': page,

  289.         'prev': page - 1 if page > 0 else None,

  290.         'next': page + 1 if offset + page_size < total_count else None,

  291.         'last_page': total_count // page_size,

  292.         'title': _("Logs"),

  293.     })

  294. 

  295. 

  296. @login_required

  297. def config(request):

  298.     return render(request, 'lambdainst/config.html', dict(

  299.         title=_("Config"),

  300.         config_os=openvpn.CONFIG_OS,

  301.         config_countries=(c for _, c in get_locations()),

  302.         config_protocols=openvpn.PROTOCOLS,

  303.     ))

  304. 

  305. 

  306. @login_required

  307. def config_dl(request):

  308.     allowed_cc = [cc for (cc, _) in get_locations()]

  309. 

  310.     os = request.GET.get('client_os')

  311. 

  312.     common_options = {

  313.         'username': request.user.username,

  314.         'protocol': request.GET.get('protocol'),

  315.         'os': os,

  316.         'http_proxy': request.GET.get('http_proxy'),

  317.         'ipv6': 'enable_ipv6' in request.GET,

  318.     }

  319. 

  320.     # Should be validated since it's used in the filename

  321.     # other common options are only put in the config file

  322.     protocol = common_options['protocol']

  323.     if protocol not in ('udp', 'udpl', 'tcp'):

  324.         return HttpResponseNotFound()

  325. 

  326.     location = request.GET.get('gateway')

  327. 

  328.     if location == 'all':

  329.         # Multiple gateways in a zip archive

  330. 

  331.         f = io.BytesIO()

  332.         z = zipfile.ZipFile(f, mode='w')

  333. 

  334.         for gw_name in allowed_cc + ['random']:

  335.             if os == 'chromeos':

  336.                 filename = 'ccrypto-%s-%s.onc' % (gw_name, protocol)

  337.             else:

  338.                 filename = 'ccrypto-%s-%s.ovpn' % (gw_name, protocol)

  339.             config = openvpn.make_config(gw_name=gw_name, **common_options)

  340.             z.writestr(filename, config.encode('utf-8'))

  341. 

  342.         z.close()

  343. 

  344.         r = HttpResponse(content=f.getvalue(), content_type='application/zip')

  345.         r['Content-Disposition'] = 'attachment; filename="%s.zip"' % filename

  346.         return r

  347.     else:

  348.         # Single gateway

  349.         if location[3:] in allowed_cc:

  350.             gw_name = location[3:]

  351.         else:

  352.             gw_name = 'random'

  353.         if os == 'chromeos':

  354.             filename = 'ccrypto-%s-%s.onc' % (gw_name, protocol)

  355.         else:

  356.             filename = 'ccrypto-%s-%s.ovpn' % (gw_name, protocol)

  357. 

  358.         config = openvpn.make_config(gw_name=gw_name, **common_options)

  359. 

  360.         if 'plain' in request.GET:

  361.             return HttpResponse(content=config, content_type='text/plain')

  362.         else:

  363.             if os == 'chromeos':

  364.                 r = HttpResponse(content=config, content_type='application/x-onc')

  365.             else:

  366.                 r = HttpResponse(content=config, content_type='application/x-openvpn-profile')

  367.             r['Content-Disposition'] = 'attachment; filename="%s"' % filename

  368.             return r

  369. 

  370. 

  371. @csrf_exempt

  372. def api_auth(request):

  373.     if request.method != 'POST':

  374.         return HttpResponseNotFound()

  375. 

  376.     if core.VPN_AUTH_STORAGE != 'inst':

  377.         return HttpResponseNotFound()

  378. 

  379.     username = request.POST.get('username')

  380.     password = request.POST.get('password')

  381.     secret = request.POST.get('secret')

  382. 

  383.     if secret != core.LCORE_INST_SECRET:

  384.         return HttpResponseForbidden(content="Invalid secret")

  385. 

  386.     user = authenticate(username=username, password=password)

  387.     if not user or not user.is_active:

  388.         return JsonResponse(dict(status='fail', message="Invalid credentials"))

  389. 

  390.     if not user.vpnuser.is_paid:

  391.         return JsonResponse(dict(status='fail', message="Not allowed to connect"))

  392. 

  393.     user.vpnuser.last_vpn_auth = timezone.now()

  394.     user.vpnuser.save()

  395. 

  396.     return JsonResponse(dict(status='ok'))

  397. 

  398. 

  399. def api_locations(request):

  400.     def format_loc(cc, l):

  401.         return {

  402.             'country_name': l['country_name'],

  403.             'country_code': cc,

  404.             'hostname': l['hostname'],

  405.             'bandwidth': l['bandwidth'],

  406.             'servers': l['servers'],

  407.         }

  408.     return JsonResponse(dict(locations=[format_loc(cc, l) for cc, l in get_locations()]))

  409. 

  410. 

  411. def status(request):

  412.     locations = get_locations()

  413. 

  414.     ctx = {

  415.         'title': _("Status"),

  416.         'n_users': VPNUser.objects.filter(expiration__gte=timezone.now()).count(),

  417.         'n_sess': core.current_active_sessions(),

  418.         'n_gws': sum(l['servers'] for cc, l in locations),

  419.         'n_countries': len(set(cc for cc, l in locations)),

  420.         'total_bw': sum(l['bandwidth'] for cc, l in locations),

  421.         'locations': locations,

  422.     }

  423.     return render(request, 'lambdainst/status.html', ctx)

  424. 

  425. 

  426. @user_passes_test(lambda user: user.is_staff)

  427. def admin_status(request):

  428.     graph_name = request.GET.get('graph_name')

  429.     graph_period = request.GET.get('period')

  430.     if graph_period not in ('y', 'm'):

  431.         graph_period = 'm'

  432.     if graph_name:

  433.         if graph_name == 'users':

  434.             content = graphs.users_graph(graph_period)

  435.         elif graph_name == 'payments_paid':

  436.             content = graphs.payments_paid_graph(graph_period)

  437.         elif graph_name == 'payments_success':

  438.             content = graphs.payments_success_graph(graph_period)

  439.         else:

  440.             return HttpResponseNotFound()

  441.         return HttpResponse(content=content, content_type='image/svg+xml')

  442. 

  443.     payment_status = ((b, b.get_info()) for b in ACTIVE_BACKENDS.values())

  444.     payment_status = ((b, i) for (b, i) in payment_status if i)

  445. 

  446.     ctx = {

  447.         'api_status': {k: str(v) for k, v in core_api.info.items()},

  448.         'payment_backends': sorted(ACTIVE_BACKENDS.values(), key=lambda x: x.backend_id),

  449.         'payment_status': payment_status,

  450.     }

  451.     ctx.update(site.each_context(request))

  452.     return render(request, 'lambdainst/admin_status.html', ctx)

  453. 

  454. 

  455. @user_passes_test(lambda user: user.is_staff)

  456. def admin_ref(request):

  457.     last_week = datetime.now() - timedelta(days=7)

  458.     last_month = datetime.now() - timedelta(days=30)

  459. 

  460.     top_ref = User.objects.annotate(n_ref=Count('referrals')).order_by('-n_ref')[:10]

  461.     top_ref_week = User.objects.filter(referrals__user__date_joined__gt=last_week) \

  462.                                .annotate(n_ref=Count('referrals')) \

  463.                                .order_by('-n_ref')[:10]

  464.     top_ref_month = User.objects.filter(referrals__user__date_joined__gt=last_month) \

  465.                                 .annotate(n_ref=Count('referrals')) \

  466.                                 .order_by('-n_ref')[:10]

  467. 

  468.     ctx = {

  469.         'top_ref': top_ref,

  470.         'top_ref_week': top_ref_week,

  471.         'top_ref_month': top_ref_month,

  472.     }

  473.     ctx.update(site.each_context(request))

  474.     return render(request, 'lambdainst/admin_ref.html', ctx)

  475. 

  476. 

  477. 

  478.