-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simple webapp for config #1616
base: master
Are you sure you want to change the base?
Simple webapp for config #1616
Conversation
app/server.py
Outdated
await ws.close() | ||
else: | ||
p = await asyncio.create_subprocess_shell( | ||
msg.data, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This spawns a process based on data received from an unauthenticated websocket.
Which basically means... assuming a victim launched this server an attacker can prepare a website that would connect to localhost websocket (new WebSocket("ws://127.0.0.1:8080/ws");
) and then send proper payload to execute arbitrary code on victim's machine.
It would be much better not to spawn any processes at all and if it is really needed, the connection must be authenticated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@disconnect3d does Ansible provides API for launching playbooks other than from the command line?
Also, implementation depends highly on how this script will be used (see my questions in PR description) - if you consider host it as "cloud VPN solution", as dosxvpn or tinfoilsecurity.com does - it would need auth middleware to support multiple tenants. If it supposed to be run only on the local machine - probably Ansible python API (if applicable) would work better.
The current implementation doesn't assume any of the above - it works like web UI for collecting ansible CLI arguments, reflect its progress and be shut down after VPN is set up.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@summerisgone Yes, take a look at this https://docs.ansible.com/ansible/latest/dev_guide/developing_api.html
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, I probably missed that API from the first time. Will check it out!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jackivanov I'm not good at ansible, could you help me or give an advice?
I'm able to run playbook from this snippet:
PlaybookCLI(['ansible-playbook', 'main.yml']).run()
But in that case I can't display feedback, which is valuable, since installation process takes a long time and may exit with error. I'm looking for snippet which allows to set up custom stdout_callback
and play scenario from yaml file, like above.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@summerisgone You don't seem to be running ansible via the API. You can find a working example by the link I sent above
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jackivanov example you provided doesn't allow to load playbooks
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jackivanov or @disconnect3d could you please take another look on current approach of executing playbooks from web?
app/playbook.py
Outdated
|
||
display.display(taskmsg) | ||
|
||
return inventory.groups['vpn-host'].hosts[0].vars |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here are original lines, the only I changed:
https://github.com/ansible/ansible/blob/devel/lib/ansible/cli/playbook.py#L193-L195
I made assumption that playbook will provision only one host
4d0037c
to
76c88d2
Compare
Updated description with fresh demo |
Guys, I need help with MS Azure provider, it doesn't allow to create account from my country! 🤯 |
Have issues with Hetzner as well: they disabled my account without description. Reaching out their support |
52c5e1f
to
3c6d0da
Compare
Rebased on recent master |
24378d5
to
15b0d1f
Compare
Would the web interface also work on windows? I am interesting in progressing Algo VPN both as a project for school and to gain more insight into the programming world. |
As long as Windows has modern browser (Edge, Chrome, Firefox) - web would work |
Simple webapp for #196
Description
Web server introduces two new requirements: pyyaml + aiohttp.
To launch it run
python app/server.py
and open http://localhost:9000/. Server will show interactive forms for users configuration and will allow to proceed with digitalocean (only yet) setup.Demo:
Motivation and Context
Your project helped me out when I had issues with ISP country-wide. I want to give back.
How Has This Been Tested?
Tests will be added by the time of scaling app to all providers.
Types of changes
Checklist:
✅ I have read the CONTRIBUTING document.
🤷♂ My code follows the code style of this
My change requires a change to the documentation.
I have updated the documentation accordingly.
I have added tests to cover my changes.
All new and existing tests passed.
Add all supported cloud providers
Make installation process persistent per-connection and controllable (now user can't terminate it)
Success screen 😅