Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Simple webapp for config #1616

Draft
wants to merge 40 commits into
base: master
Choose a base branch
from

Conversation

summerisgone
Copy link

@summerisgone summerisgone commented Oct 15, 2019

Simple webapp for #196

Description

Web server introduces two new requirements: pyyaml + aiohttp.
To launch it run python app/server.py and open http://localhost:9000/. Server will show interactive forms for users configuration and will allow to proceed with digitalocean (only yet) setup.

Demo:

2020-05-19 01 58 00

Motivation and Context

Your project helped me out when I had issues with ISP country-wide. I want to give back.

How Has This Been Tested?

Tests will be added by the time of scaling app to all providers.

Types of changes

  • New feature (non-breaking change which adds functionality)

Checklist:

  • ✅ I have read the CONTRIBUTING document.

  • 🤷‍♂ My code follows the code style of this

  • My change requires a change to the documentation.

  • I have updated the documentation accordingly.

  • I have added tests to cover my changes.

  • All new and existing tests passed.

  • Add all supported cloud providers

    • DigitalOcean
    • Amazon Lightsail
    • Amazon EC2
    • Microsoft Azure
    • Google Compute Engine
    • Hetzner Cloud
    • Vultr
    • Scaleway
    • Linode
    • OpenStack (DreamCompute optimised)
    • CloudStack (Exoscale optimised)
    • Existing Ubuntu
  • Make installation process persistent per-connection and controllable (now user can't terminate it)

  • Success screen 😅

@CLAassistant
Copy link

CLAassistant commented Oct 15, 2019

CLA assistant check
All committers have signed the CLA.

requirements.txt Outdated Show resolved Hide resolved
app/server.py Outdated
await ws.close()
else:
p = await asyncio.create_subprocess_shell(
msg.data,
Copy link
Member

@disconnect3d disconnect3d Oct 29, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This spawns a process based on data received from an unauthenticated websocket.

Which basically means... assuming a victim launched this server an attacker can prepare a website that would connect to localhost websocket (new WebSocket("ws://127.0.0.1:8080/ws");) and then send proper payload to execute arbitrary code on victim's machine.

It would be much better not to spawn any processes at all and if it is really needed, the connection must be authenticated.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Author

@summerisgone summerisgone Oct 30, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@disconnect3d does Ansible provides API for launching playbooks other than from the command line?
Also, implementation depends highly on how this script will be used (see my questions in PR description) - if you consider host it as "cloud VPN solution", as dosxvpn or tinfoilsecurity.com does - it would need auth middleware to support multiple tenants. If it supposed to be run only on the local machine - probably Ansible python API (if applicable) would work better.
The current implementation doesn't assume any of the above - it works like web UI for collecting ansible CLI arguments, reflect its progress and be shut down after VPN is set up.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, I probably missed that API from the first time. Will check it out!

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jackivanov I'm not good at ansible, could you help me or give an advice?
I'm able to run playbook from this snippet:

PlaybookCLI(['ansible-playbook', 'main.yml']).run()

But in that case I can't display feedback, which is valuable, since installation process takes a long time and may exit with error. I'm looking for snippet which allows to set up custom stdout_callback and play scenario from yaml file, like above.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@summerisgone You don't seem to be running ansible via the API. You can find a working example by the link I sent above

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jackivanov example you provided doesn't allow to load playbooks

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not well familiar with Ansible API, but as far I recall, there is a class called PlaybookExecutor that can be used. See here and here

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jackivanov or @disconnect3d could you please take another look on current approach of executing playbooks from web?

app/server.py Outdated Show resolved Hide resolved
@summerisgone summerisgone marked this pull request as ready for review October 31, 2019 05:45
app/playbook.py Outdated

display.display(taskmsg)

return inventory.groups['vpn-host'].hosts[0].vars
Copy link
Author

@summerisgone summerisgone Feb 26, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here are original lines, the only I changed:
https://github.com/ansible/ansible/blob/devel/lib/ansible/cli/playbook.py#L193-L195

I made assumption that playbook will provision only one host

@summerisgone summerisgone force-pushed the 196-simple-webapp-config branch from 4d0037c to 76c88d2 Compare April 4, 2020 20:52
@jackivanov jackivanov marked this pull request as draft April 25, 2020 16:42
@jackivanov jackivanov changed the title [DRAFT] Simple webapp for config Simple webapp for config Apr 25, 2020
@summerisgone
Copy link
Author

Updated description with fresh demo

@summerisgone
Copy link
Author

Guys, I need help with MS Azure provider, it doesn't allow to create account from my country! 🤯

@summerisgone
Copy link
Author

Have issues with Hetzner as well: they disabled my account without description. Reaching out their support

@summerisgone summerisgone force-pushed the 196-simple-webapp-config branch from 52c5e1f to 3c6d0da Compare January 26, 2021 19:55
@summerisgone
Copy link
Author

Rebased on recent master

@summerisgone summerisgone force-pushed the 196-simple-webapp-config branch from 24378d5 to 15b0d1f Compare July 6, 2021 19:59
@thy-dye
Copy link

thy-dye commented Jan 12, 2023

Would the web interface also work on windows? I am interesting in progressing Algo VPN both as a project for school and to gain more insight into the programming world.

@summerisgone
Copy link
Author

Would the web interface also work on windows? I am interesting in progressing Algo VPN both as a project for school and to gain more insight into the programming world.

As long as Windows has modern browser (Edge, Chrome, Firefox) - web would work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants