Browse Source

Merge pull request #1 from RaspAP/master

Updates from upstream
pull/1154/head
Federico Frigo 8 months ago
committed by GitHub
parent
commit
b386f5285a
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 20
      .github/ISSUE_TEMPLATE/feature_request.md
  2. 33
      BACKERS.md
  3. 8
      README.md
  4. 4
      ajax/bandwidth/get_bandwidth.php
  5. 9
      ajax/bandwidth/get_bandwidth_hourly.php
  6. 2
      ajax/networking/get_netcfg.php
  7. 9
      ajax/networking/get_wgcfg.php
  8. 22
      ajax/networking/get_wgkey.php
  9. 93
      ajax/networking/save_net_dev_config.php
  10. 1
      ajax/networking/wifi_stations.php
  11. 26
      ajax/openvpn/activate_ovpncfg.php
  12. 13
      ajax/openvpn/del_ovpncfg.php
  13. 8
      app/css/hackernews.css
  14. 28
      app/img/wg-qr-code.php
  15. 8
      app/img/wifi-qr-code.php
  16. 131
      app/js/custom.js
  17. 2
      app/lib/system.php
  18. 505
      app/lib/uploader.php
  19. 2
      config/090_raspap.conf
  20. 4
      config/client_config/70-mobile-data-sticks.rules
  21. 3
      config/client_config/80-raspap-net-devices.rules
  22. 505
      config/client_config/huawei_hilink_api.sh
  23. 109
      config/client_config/info_huawei.sh
  24. 95
      config/client_config/info_huawei_hilink.sh
  25. 52
      config/client_config/info_huawei_modem.sh
  26. 13
      config/client_config/interfaces
  27. 1691
      config/client_config/mcc-mnc-table.csv
  28. 58
      config/client_config/onoff_huawei_hilink.sh
  29. 21
      config/client_config/ppp0_route.sh
  30. 21
      config/client_config/ppp0_setpin.sh
  31. 51
      config/client_config/raspap_helpers.sh
  32. 13
      config/client_config/start_huawei_hilink@.service
  33. 16
      config/client_config/start_ppp0_device.service
  34. 21
      config/client_config/wvdial.conf
  35. 64
      config/client_udev_prototypes.json
  36. 5
      config/config.php
  37. 19
      config/defaults.json
  38. 205
      config/iptables_rules.json
  39. BIN
      dist/raspap/css/fonts/RaspAP.eot
  40. 12
      dist/raspap/css/fonts/RaspAP.svg
  41. BIN
      dist/raspap/css/fonts/RaspAP.ttf
  42. BIN
      dist/raspap/css/fonts/RaspAP.woff
  43. 54
      dist/raspap/css/style.css
  44. 4
      includes/adblock.php
  45. 8
      includes/configure_client.php
  46. 8
      includes/defaults.php
  47. 2
      includes/dhcp.php
  48. 368
      includes/firewall.php
  49. 151
      includes/functions.php
  50. 307
      includes/get_clients.php
  51. 34
      includes/hostapd.php
  52. 20
      includes/internetRoute.php
  53. 117
      includes/openvpn.php
  54. 1
      includes/system.php
  55. 6
      includes/themes.php
  56. 30
      includes/wifi_functions.php
  57. 310
      includes/wireguard.php
  58. 30
      index.php
  59. 44
      installers/common.sh
  60. 2
      installers/configauth.sh
  61. 40
      installers/install_feature_clients.sh
  62. 20
      installers/install_feature_firewall.sh
  63. 2
      installers/openvpnlog.sh
  64. 27
      installers/raspap.sudoers
  65. 2
      installers/uninstall.sh
  66. 29
      installers/update_firewall.sh
  67. BIN
      locale/da_DK/LC_MESSAGES/messages.mo
  68. 69
      locale/da_DK/LC_MESSAGES/messages.po
  69. BIN
      locale/en_US/LC_MESSAGES/messages.mo
  70. 78
      locale/en_US/LC_MESSAGES/messages.po
  71. BIN
      locale/es_MX/LC_MESSAGES/messages.mo
  72. 116
      locale/es_MX/LC_MESSAGES/messages.po
  73. BIN
      locale/ja_JP/LC_MESSAGES/messages.mo
  74. 119
      locale/ja_JP/LC_MESSAGES/messages.po
  75. BIN
      locale/ko_KR/LC_MESSAGES/messages.mo
  76. 124
      locale/ko_KR/LC_MESSAGES/messages.po
  77. BIN
      locale/ro_RO/LC_MESSAGES/messages.mo
  78. 1206
      locale/ro_RO/LC_MESSAGES/messages.po
  79. BIN
      locale/ru_RU/LC_MESSAGES/messages.mo
  80. 68
      locale/ru_RU/LC_MESSAGES/messages.po
  81. 4
      templates/dhcp/logging.php
  82. 105
      templates/dhcp/static_leases.php
  83. 110
      templates/firewall.php
  84. 13
      templates/hostapd/advanced.php
  85. 124
      templates/openvpn.php
  86. 35
      templates/openvpn/configs.php
  87. 70
      templates/openvpn/general.php
  88. 16
      templates/openvpn/logging.php
  89. 2
      templates/themes.php
  90. 0
      templates/torproxy.php
  91. 108
      templates/wg/general.php
  92. 19
      templates/wg/logging.php
  93. 82
      templates/wg/peers.php
  94. 5
      templates/wifi_stations.php
  95. 7
      templates/wifi_stations/network.php
  96. 53
      templates/wireguard.php
  97. 25
      yarn.lock

20
.github/ISSUE_TEMPLATE/feature_request.md

@ -0,0 +1,20 @@
---
name: Feature request
about: Suggest an idea for this project
title: ''
labels: ''
assignees: ''
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.

33
BACKERS.md

@ -15,23 +15,25 @@ You can [become a sponsor](https://github.com/sponsors/RaspAP) using your indivi
> ℹ️ **Important**: If you're sponsoring [RaspAP](https://github.com/RaspAP/sponsors) through a GitHub organization, please send a short email to [sponsors@raspap.com](mailto:sponsors@raspap.com) with the name of your organization and the account that should be added as a collaborator.
### Exclusive features
When backers were asked which feature they'd most like to see added to RaspAP, the ability to manage multiple OpenVPN client configurations topped the list of requests. We think this is a great idea, so we're adding this as the first feature exclusive to insiders.
✅ [Multiple OpenVPN client configs](https://docs.raspap.com/openvpn/#multiple-client-configs)
✅ [OpenVPN certificate authentication](https://docs.raspap.com/openvpn/#certificate-authentication)
✅ OpenVPN service logging
✅ Night mode toggle
✅ Restrict network to static clients
✅ [WireGuard support](https://docs.raspap.com/wireguard/)
✅ [Set AP transmit power](https://docs.raspap.com/ap-basics/#transmit-power)
Look for the list above to grow as we add more exclusive features.
### Funding targets
The following features are currently available exclusively to sponsors. A tangible side benefit of sponsorship is that Insiders are able to help steer future development of RaspAP. This is done through Insiders' access to discussions, feature requests, issues and pull requests in the private GitHub repository.
✅ [Network device management](https://docs.raspap.com/net-devices/)
✅ [Firewall settings](https://docs.raspap.com/firewall/)
✅ [WPA3-Personal AP security](https://docs.raspap.com/ap-basics/#wpa3-personal)
✅ [802.11w Protected Management Frames](https://docs.raspap.com/ap-basics/#80211w)
✅ [Printable Wi-Fi signs](https://docs.raspap.com/ap-basics/#printable-signs)
⚙️ Traffic shaping (in progress)
Look for the list above to grow as we add more exclusive features. Be sure to visit this page from time to time to learn about what's new, check the [Insiders docs page](https://docs.raspap.com/insiders/) and follow [@RaspAP on Twitter](https://twitter.com/rasp_ap) to stay updated.
## Funding targets
Below is a list of funding targets. When a funding target is reached, the features that are tied to it are merged back into RaspAP and released to the public for general availability.
#### $500
The first **Insiders Edition** includes the exclusive features listed above.
### $1000
The second **Insiders Edition** includes the features listed above.
### $500
The [first Insiders Edition goal](https://docs.raspap.com/insiders/#500-1st-insiders-edition) was reached in December 2021. Thank you sponsors!
### Frequently asked questions
@ -73,4 +75,3 @@ Yes. Whether you're an individual or a company, you may use RaspAP Insiders prec
* Please **don't distribute the source code** of Insiders. You may freely use it for public, private or commercial projects, fork it, mirror it, do whatever you want with it, but please don't release the source code, as it would counteract the sponsorware strategy.
* If you cancel your subscription, you're removed as a collaborator and will miss out on future updates of Insiders. However, you may *use the latest version* that's available to you as long as you like. Just remember that [GitHub deletes private forks](https://docs.github.com/en/github/setting-up-and-managing-your-github-user-account/removing-a-collaborator-from-a-personal-repository).

8
README.md

@ -1,5 +1,5 @@
![](https://i.imgur.com/xeKD93p.png)
[![Release 2.6.7](https://img.shields.io/badge/release-v2.6.7-green)](https://github.com/raspap/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Join Insiders](https://img.shields.io/static/v1?label=Join%20Insiders&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
[![Release 2.8.4](https://img.shields.io/badge/release-v2.8.4-green)](https://github.com/raspap/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Join Insiders](https://img.shields.io/static/v1?label=Join%20Insiders&message=%E2%9D%A4&logo=GitHub&color=ff69b4)](https://github.com/sponsors/RaspAP) ![https://travis-ci.com/github/raspap/raspap-webgui/](https://api.travis-ci.org/RaspAP/raspap-webgui.svg) [![Crowdin](https://badges.crowdin.net/raspap/localized.svg)](https://crowdin.com/project/raspap) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
RaspAP is feature-rich wireless router software that _just works_ on many popular [Debian-based devices](#supported-operating-systems), including the Raspberry Pi. Our popular [Quick installer](#quick-installer) creates a known-good default configuration for all current Raspberry Pis with onboard wireless. A fully responsive, mobile-ready interface gives you control over the relevant services and networking options. Advanced DHCP settings, WireGuard and OpenVPN support, [SSL certificates](https://docs.raspap.com/ssl-quick/), security audits, [captive portal integration](https://docs.raspap.com/captive/), themes and [multilingual options](https://docs.raspap.com/translations/) are included.
@ -122,9 +122,9 @@ RaspAP was originally made for Raspbian, but now also installs on the following
| Distribution | Release | Architecture | Support |
|---|:---:|:---:|:---:|
| Raspberry Pi OS | (32-bit) Lite Buster | ARM | Official |
| Armbian | Buster | [ARM](https://docs.armbian.com/#supported-socs) | Official |
| Debian | Buster | ARM / x86_64 | Beta |
| Raspberry Pi OS | (32-bit) Lite Bullseye | ARM | Official |
| Armbian | Bullseye | [ARM](https://docs.armbian.com/#supported-socs) | Official |
| Debian | Bullseye | ARM / x86_64 | Beta |
| Ubuntu | 18.04 LTS / 19.10 | ARM / x86_64 | Beta |
![](https://i.imgur.com/luiyYNw.png)

4
ajax/bandwidth/get_bandwidth.php

@ -42,10 +42,10 @@ $jsonobj = json_decode($jsonstdoutvnstat[0], true);
$timeunits = filter_input(INPUT_GET, 'tu');
if ($timeunits === 'm') {
// months
$jsonData = $jsonobj['interfaces'][0]['traffic']['months'];
$jsonData = $jsonobj['interfaces'][0]['traffic']['month'];
} else {
// default: days
$jsonData = $jsonobj['interfaces'][0]['traffic']['days'];
$jsonData = $jsonobj['interfaces'][0]['traffic']['day'];
}
$datasizeunits = filter_input(INPUT_GET, 'dsu');

9
ajax/bandwidth/get_bandwidth_hourly.php

@ -34,19 +34,16 @@ if (filter_input(INPUT_GET, 'tu') == 'h') {
23 => array('date' => '23:00', 'rx' => 0, 'tx' => 0)
);
exec(sprintf('vnstat -i %s --json h', escapeshellarg($interface)), $jsonstdoutvnstat, $exitcodedaily);
if ($exitcodedaily !== 0) {
exit('vnstat error');
}
$jsonobj = json_decode($jsonstdoutvnstat[0], true)['interfaces'][0];
$jsonData = $jsonobj['traffic']['hours'];
$jsonData = $jsonobj['traffic']['hour'];
for ($i = count($jsonData) - 1; $i >= 0; --$i) {
$data_template[$jsonData[$i]['id']]['rx'] = round($jsonData[$i]['rx'] / 1024, 0);
$data_template[$jsonData[$i]['id']]['tx'] = round($jsonData[$i]['tx'] / 1024, 0);
$data_template[$jsonData[$i]['time']['hour']]['rx'] = round($jsonData[$i]['rx'] / 1024, 0);
$data_template[$jsonData[$i]['time']['hour']]['tx'] = round($jsonData[$i]['tx'] / 1024, 0);
}
$data = array();

2
ajax/networking/get_netcfg.php

@ -52,7 +52,7 @@ if (isset($interface)) {
$dhcpdata['StaticRouters'] = $static_routers[1];
$dhcpdata['StaticDNS'] = $static_dns[1];
$dhcpdata['FallbackEnabled'] = empty($fallback) ? false: true;
$dhcpdata['DefaultRoute'] = empty($gateway) || $gateway[0] == "gateway";
$dhcpdata['DefaultRoute'] = $gateway[0] == "gateway";
echo json_encode($dhcpdata);
}

9
ajax/networking/get_wgcfg.php

@ -0,0 +1,9 @@
<?php
require '../../includes/csrf.php';
require_once '../../includes/config.php';
// fetch wg client.conf
exec('sudo cat '. RASPI_WIREGUARD_PATH.'client.conf', $return);
echo implode(PHP_EOL,$return);

22
ajax/networking/get_wgkey.php

@ -0,0 +1,22 @@
<?php
require '../../includes/csrf.php';
require_once '../../includes/config.php';
$entity = $_POST['entity'];
if (isset($entity)) {
// generate public/private key pairs for entity
$pubkey = RASPI_WIREGUARD_PATH.$entity.'-public.key';
$privkey = RASPI_WIREGUARD_PATH.$entity.'-private.key';
$pubkey_tmp = '/tmp/'.$entity.'-public.key';
$privkey_tmp = '/tmp/'.$entity.'-private.key';
exec("sudo wg genkey | tee $privkey_tmp | wg pubkey > $pubkey_tmp", $return);
$wgdata['pubkey'] = str_replace("\n",'',file_get_contents($pubkey_tmp));
exec("sudo mv $privkey_tmp $privkey", $return);
exec("sudo mv $pubkey_tmp $pubkey", $return);
echo json_encode($wgdata);
}

93
ajax/networking/save_net_dev_config.php

@ -0,0 +1,93 @@
<?php
/*
Save settings of network devices (type, name, PW, APN ...)
Called by js saveNetDeviceSettings (App/js/custom.js)
*/
require '../../includes/csrf.php';
require_once '../../includes/config.php';
require_once '../../includes/functions.php';
if (isset($_POST['interface'])) {
$int = $_POST['interface'];
$cfg = [];
$file = $RASPI_MOBILEDATA_CONFIG;
$cfgfile="/etc/wvdial.conf";
if ( $int == "mobiledata") {
$cfg['pin'] = $_POST["pin-mobile"];
$cfg['apn'] = $_POST["apn-mobile"];
$cfg['apn_user'] = $_POST["apn-user-mobile"];
$cfg['apn_pw'] = $_POST["apn-pw-mobile"];
$cfg['router_user'] = $cfg['apn_user'] ;
$cfg['router_pw'] = $cfg['apn_pw'] ;
if (file_exists($cfgfile)) {
if($cfg["pin"] !== "") exec('sudo /bin/sed -i "s/CPIN=\".*\"/CPIN=\"'.$cfg["pin"].'\"/gi" '.$cfgfile);
if($cfg["apn"] !== "") exec('sudo /bin/sed -i "s/\"IP\"\,\".*\"/\"IP\"\,\"'.$cfg["apn"].'\"/gi" '.$cfgfile);
if($cfg["apn_user"] !== "") exec('sudo /bin/sed -i "s/^username = .*$/Username = '.$cfg["apn_user"].'/gi" '.$cfgfile);
if($cfg["apn_pw"] !== "") exec('sudo /bin/sed -i "s/^password = .*$/Password = '.$cfg["apn_pw"].'/gi" '.$cfgfile);
}
if (write_php_ini($cfg, RASPI_MOBILEDATA_CONFIG)) {
$jsonData = ['return'=>0,'output'=>['Successfully saved mobile data settings']];
} else {
$jsonData = ['return'=>1,'output'=>['Error saving mobile data settings']];
}
} else if ( preg_match("/netdevices/",$int)) {
if(!isset($_POST['opts']) ) {
$jsonData = ['return'=>0,'output'=>['No valid data to add/delete udev rule ']];
echo json_encode($jsonData);
return;
} else {
$opts=explode(" ",$_POST['opts'] );
$dev=$opts[0];
$vid=$_POST["int-vid-".$dev];
$pid=$_POST["int-pid-".$dev];
$mac=$_POST["int-mac-".$dev];
$name=trim($_POST["int-name-".$dev]);
// limit device name to letters and numbers. Total length max 20
$name=preg_replace("/[^a-z0-9]/", "", strtolower($name));
$name=substr($name, 0, min(strlen($name),20));
$type=$_POST["int-type-".$dev];
$newtype=$_POST["int-new-type-".$dev];
$udevfile=$_SESSION["udevrules"]["udev_rules_file"]; // default file /etc/udev/rules.d/80-net-devices.rules";
// find the rule prototype and prefix
$rule = "";
foreach($_SESSION["udevrules"]["network_devices"] as $devt) {
if($devt["type"]==$newtype) {
$rulenew = $devt["udev_rule"];
$prefix = $devt["name_prefix"];
}
}
// check for an existing rule and delete lines with same MAC or same VID/PID
if (!empty($vid) && !empty($pid)) {
$rule = '^.*ATTRS{idVendor}==\"' . $vid . '\".*ATTRS{idProduct}==\"' . $pid . '\".*$';
exec('sudo sed -i "/'.$rule.'/Id" '.$udevfile); // clear all entries with this VID/PID
$rule = '^.*ATTRS{idProduct}==\"' . $pid . '\".*ATTRS{idVendor}==\"' . $vid . '\".*$';
exec('sudo sed -i "/'.$rule.'/Id" '.$udevfile); // clear all entries with this VID/PID
}
if (!empty($mac)) {
exec('sudo sed -i "/^.*'.$mac.'.*$/d" '.$udevfile); // clear all entries with same MAC
}
// create new entry
if ( ($type != $newtype) || !empty($name) ) { // new device type or new name
if (empty($name)) $name = $prefix."%n";
if (!empty($mac)) $rule = preg_replace("/\\\$MAC\\\$/i", $mac, $rulenew);
if (!empty($vid)) $rule = preg_replace("/\\\$IDVENDOR\\\$/i", $vid, $rule);
if (!empty($pid)) $rule = preg_replace("/\\\$IDPRODUCT\\\$/i", $pid, $rule);
if (!empty($name)) $rule = preg_replace("/\\\$DEVNAME\\\$/i",$name,$rule);
if (!empty($rule)) exec('echo \''.$rule.'\' | sudo /usr/bin/tee -a '.$udevfile);
}
$jsonData = ['return'=>0,'output'=>['Settings changed for device '.$dev. '<br>Changes will only be in effect after reconnecting the device' ] ];
}
} else {
$jsonData = ['return'=>1,'output'=>['Unknown network configuration']];
}
} else {
$jsonData = ['return'=>2,'output'=>'Unable to detect interface'];
}
echo json_encode($jsonData);

1
ajax/networking/wifi_stations.php

@ -14,6 +14,7 @@ knownWifiStations($networks);
nearbyWifiStations($networks, !isset($_REQUEST["refresh"]));
connectedWifiStations($networks);
sortNetworksByRSSI($networks);
foreach ($networks as $ssid => $network) $networks[$ssid]["ssidutf8"] = ssid2utf8( $ssid );
$connected = array_filter($networks, function($n) { return $n['connected']; } );
$known = array_filter($networks, function($n) { return !$n['connected'] && $n['configured']; } );

26
ajax/openvpn/activate_ovpncfg.php

@ -0,0 +1,26 @@
<?php
require_once '../../includes/config.php';
require_once '../../includes/functions.php';
if (isset($_POST['cfg_id'])) {
$ovpncfg_id = $_POST['cfg_id'];
$ovpncfg_client = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_client.conf';
$ovpncfg_login = RASPI_OPENVPN_CLIENT_PATH.$ovpncfg_id.'_login.conf';
// remove existing client config +login and symbolically link the selected one
system("sudo rm ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
system("sudo ln -s $ovpncfg_client ".RASPI_OPENVPN_CLIENT_CONFIG, $return);
system("sudo rm ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
system("sudo ln -s $ovpncfg_login ".RASPI_OPENVPN_CLIENT_LOGIN, $return);
// restart service
exec("sudo /bin/systemctl stop openvpn-client@client", $return);
sleep(1);
exec("sudo /bin/systemctl enable openvpn-client@client", $return);
sleep(1);
exec("sudo /bin/systemctl start openvpn-client@client", $return);
echo json_encode($return);
}

13
ajax/openvpn/del_ovpncfg.php

@ -0,0 +1,13 @@
<?php
require_once '../../includes/config.php';
require_once '../../includes/functions.php';
if (isset($_POST['cfg_id'])) {
$ovpncfg_id = $_POST['cfg_id'];
$ovpncfg_files = pathinfo(RASPI_OPENVPN_CLIENT_LOGIN, PATHINFO_DIRNAME).'/'.$ovpncfg_id.'_*.conf';
exec("sudo rm $ovpncfg_files", $return);
$jsonData = ['return'=>$return];
echo json_encode($jsonData);
}

8
app/css/hackernews.css

@ -79,6 +79,9 @@ h5.card-title {
font-family: Verdana, Geneva, sans-serif;
}
.sidebar-light hr.sidebar-divider {
padding-top: 0.5rem;
}
ul.nav-tabs, .nav-tabs .nav-link {
background-color: #f6f6ef;
@ -163,6 +166,7 @@ ul.nav-tabs, .nav-tabs .nav-link {
.info-item-xs {
font-size: 0.7rem;
margin-left: 0.3rem;
line-height: 1.5em;
}
.info-item-wifi {
@ -200,6 +204,10 @@ ul.nav-tabs, .nav-tabs .nav-link {
}
}
.fas.fa-circle {
font-size: 0.5rem;
}
.logoutput {
width:100%;
height:300px;

28
app/img/wg-qr-code.php

@ -0,0 +1,28 @@
<?php
require_once '../../includes/config.php';
require_once '../../includes/defaults.php';
require_once '../../includes/functions.php';
// prevent direct file access
if (!isset($_SERVER['HTTP_REFERER'])) {
header('HTTP/1.0 403 Forbidden');
exit;
}
exec("sudo cat " .RASPI_WIREGUARD_PATH.'client.conf', $return);
$peer_conf = implode(PHP_EOL,$return);
$peer_conf.= PHP_EOL;
$command = "qrencode -t svg -m 0 -o - " . mb_escapeshellarg($peer_conf);
$svg = shell_exec($command);
$etag = hash('sha256', $peer_conf);
$content_length = strlen($svg);
$last_modified = date("Y-m-d H:i:s");
header("Content-Type: image/svg+xml");
header("Content-Length: $content_length");
header("Last-Modified: $last_modified");
header("ETag: \"$etag\"");
header("X-QR-Code-Content: $peer_conf");
echo shell_exec($command);

8
app/img/wifi-qr-code.php

@ -10,11 +10,6 @@ if (!isset($_SERVER['HTTP_REFERER'])) {
exit;
}
function qr_encode($str)
{
return preg_replace('/(?<!\\\)([\":;,])/', '\\\\\1', $str);
}
$hostapd = parse_ini_file(RASPI_HOSTAPD_CONFIG, false, INI_SCANNER_RAW);
// assume wpa encryption and get the passphrase
@ -52,7 +47,8 @@ $content_length = strlen($svg);
header("Content-Type: image/svg+xml");
header("Content-Length: $content_length");
header("Last-Modified: $last_modified");
header("Content-Disposition: attachment; filename=\"qr.svg\"");
header("ETag: \"$etag\"");
header("X-QR-Code-Content: $data");
echo shell_exec($command);
echo $svg;

131
app/js/custom.js

@ -1,6 +1,5 @@
function msgShow(retcode,msg) {
if(retcode == 0) {
var alertType = 'success';
if(retcode == 0) { var alertType = 'success';
} else if(retcode == 2 || retcode == 1) {
var alertType = 'danger';
}
@ -123,6 +122,11 @@ $(document).on("click", "#gen_wpa_passphrase", function(e) {
$('#txtwpapassphrase').val(genPassword(63));
});
// Enable Bootstrap tooltips
$(function () {
$('[data-toggle="tooltip"]').tooltip()
})
function genPassword(pwdLen) {
var pwdChars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
var rndPass = Array(pwdLen).fill(pwdChars).map(function(x) { return x[Math.floor(Math.random() * x.length)] }).join('');
@ -252,6 +256,69 @@ $('#hostapdModal').on('shown.bs.modal', function (e) {
$('#configureClientModal').on('shown.bs.modal', function (e) {
});
$('#ovpn-confirm-delete').on('click', '.btn-delete', function (e) {
var cfg_id = $(this).data('recordId');
$.post('ajax/openvpn/del_ovpncfg.php',{'cfg_id':cfg_id},function(data){
jsonData = JSON.parse(data);
$("#ovpn-confirm-delete").modal('hide');
var row = $(document.getElementById("openvpn-client-row-" + cfg_id));
row.fadeOut( "slow", function() {
row.remove();
});
});
});
$('#ovpn-confirm-delete').on('show.bs.modal', function (e) {
var data = $(e.relatedTarget).data();
$('.btn-delete', this).data('recordId', data.recordId);
});
$('#ovpn-confirm-activate').on('click', '.btn-activate', function (e) {
var cfg_id = $(this).data('record-id');
$.post('ajax/openvpn/activate_ovpncfg.php',{'cfg_id':cfg_id},function(data){
jsonData = JSON.parse(data);
$("#ovpn-confirm-activate").modal('hide');
setTimeout(function(){
window.location.reload();
},300);
});
});
$('#ovpn-confirm-activate').on('shown.bs.modal', function (e) {
var data = $(e.relatedTarget).data();
$('.btn-activate', this).data('recordId', data.recordId);
});
$('#ovpn-userpw,#ovpn-certs').on('click', function (e) {
if (this.id == 'ovpn-userpw') {
$('#PanelCerts').hide();
$('#PanelUserPW').show();
} else if (this.id == 'ovpn-certs') {
$('#PanelUserPW').hide();
$('#PanelCerts').show();
}
});
$(document).ready(function(){
$("#PanelManual").hide();
});
$('#wg-upload,#wg-manual').on('click', function (e) {
if (this.id == 'wg-upload') {
$('#PanelManual').hide();
$('#PanelUpload').show();
} else if (this.id == 'wg-manual') {
$('#PanelUpload').hide();
$('#PanelManual').show();
}
});
// Add the following code if you want the name of the file appear on select
$(".custom-file-input").on("change", function() {
var fileName = $(this).val().split("\\").pop();
$(this).siblings(".custom-file-label").addClass("selected").html(fileName);
});
/*
Sets the wirelss channel select options based on hw_mode and country_code.
@ -320,6 +387,55 @@ function updateBlocklist() {
function clearBlocklistStatus() {
$('#cbxblocklist-status').removeClass('check-updated').addClass('check-hidden');
}
// Handler for the wireguard generate key button
$('.wg-keygen').click(function(){
var entity_pub = $(this).parent('div').prev('input[type="text"]');
var entity_priv = $(this).parent('div').next('input[type="hidden"]');
var updated = entity_pub.attr('name')+"-pubkey-status";
$.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name') },function(data){
var jsonData = JSON.parse(data);
entity_pub.val(jsonData.pubkey);
$('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700);
})
})
// Handler for wireguard client.conf download
$('.wg-client-dl').click(function(){
var req = new XMLHttpRequest();
var url = 'ajax/networking/get_wgcfg.php';
req.open('get', url, true);
req.responseType = 'blob';
req.setRequestHeader('Content-type', 'text/plain; charset=UTF-8');
req.onreadystatechange = function (event) {
if(req.readyState == 4 && req.status == 200) {
var blob = req.response;
var link=document.createElement('a');
link.href=window.URL.createObjectURL(blob);
link.download = 'client.conf';
link.click();
}
}
req.send();
})
// Event listener for Bootstrap's form validation
window.addEventListener('load', function() {
// Fetch all the forms we want to apply custom Bootstrap validation styles to
var forms = document.getElementsByClassName('needs-validation');
// Loop over them and prevent submission
var validation = Array.prototype.filter.call(forms, function(form) {
form.addEventListener('submit', function(event) {
//console.log(event.submitter);
if (form.checkValidity() === false) {
event.preventDefault();
event.stopPropagation();
}
form.classList.add('was-validated');
}, false);
});
}, false);
// Static Array method
Array.range = (start, end) => Array.from({length: (end - start)}, (v, k) => k + start);
@ -369,6 +485,17 @@ function set_theme(theme) {
setCookie('theme',theme,90);
}
$(function() {
$('#night-mode').change(function() {
var state = $(this).is(':checked');
if (state == true && getCookie('theme') != 'lightsout.css') {
set_theme('lightsout.css');
} else {
set_theme('custom.php');
}
});
});
function setCookie(cname, cvalue, exdays) {
var d = new Date();
d.setTime(d.getTime() + (exdays*24*60*60*1000));

2
app/lib/system.php

@ -42,7 +42,7 @@ class Sysinfo
public function usedMemory()
{
$used = shell_exec("free -m | awk '/Mem:/ { total=$2 ; used=$3 } END { print used/total*100}'");
$used = shell_exec("free -m | awk 'NR==2{ total=$2 ; used=$3 } END { print used/total*100}'");
return floor($used);
}

505
app/lib/uploader.php

@ -0,0 +1,505 @@
<?php
/**
* Simple PHP upload class
*
* Adapted from aivis/PHP-file-upload-class
*
* @description File upload class for RaspAP
* @author Bill Zimmerman <billzimmerman@gmail.com>
* @author Aivis Silins
* @link https://github.com/aivis/PHP-file-upload-class
* @license https://github.com/raspap/raspap-webgui/blob/master/LICENSE
*/
namespace RaspAP\Uploader;
class Upload
{
/**
* Default directory persmissions (destination)
*/
protected $default_permissions = 0750;
/**
* File post array
*
* @var array
*/
protected $file_post = array();
/**
* Destination directory
*
* @var string
*/
protected $destination;
/**
* Fileinfo
*
* @var object
*/
protected $finfo;
/**
* Data about file
*
* @var array
*/
public $file = array();
/**
* Max. file size
*
* @var int
*/
protected $max_file_size;
/**
* Allowed mime types
*
* @var array
*/
protected $mimes = array();
/**
* Temp path
*
* @var string
*/
protected $tmp_name;
/**
* Validation errors
*
* @var array
*/
protected $validation_errors = array();
/**
* Filename (new)
*
* @var string
*/
protected $filename;
/**
* Internal callbacks (filesize check, mime, etc)
*
* @var array
*/
private $callbacks = array();
/**
* Root dir
*
* @var string
*/
protected $root;
/**
* Return upload object
*
* $destination = 'path/to/file/destination/';
*
* @param string $destination
* @param string $root
* @return Upload
*/
public static function factory($destination, $root = false)
{
return new Upload($destination, $root);
}
/**
* Define root constant and set & create destination path
*
* @param string $destination
* @param string $root
*/
public function __construct($destination, $root = false)
{
if ($root) {
$this->root = $root;
} else {
$this->root = $_SERVER['DOCUMENT_ROOT'] . DIRECTORY_SEPARATOR;
}
// set & create destination path
if (!$this->set_destination($destination)) {
throw new Exception('Upload: Unable to create destination. '.$this->root . $this->destination);
}
//create finfo object
$this->finfo = new \finfo();
}
/**
* Set target filename
*
* @param string $filename
*/
public function set_filename($filename)
{
$this->filename = $filename;
}
/**
* Check & Save file
*
* Return data about current upload
*
* @return array
*/
public function upload($filename = false)
{
if($filename ) {
$this->set_filename($filename);
}
$this->set_filename($filename);
if ($this->check()) {
$this->save();
}
// return state data
return $this->get_state();
}
/**
* Save file on server
* Return state data
*
* @return array
*/
public function save()
{
$this->save_file();
return $this->get_state();
}
/**
* Validate file (execute callbacks)
* Returns TRUE if validation successful
*
* @return bool
*/
public function check()
{
//execute callbacks (check filesize, mime, also external callbacks
$this->validate();
//add error messages
$this->file['errors'] = $this->get_errors();
//change file validation status
$this->file['status'] = empty($this->validation_errors);
return $this->file['status'];
}
/**
* Get current state data
*
* @return array
*/
public function get_state()
{
return $this->file;
}
/**
* Save file on server
*/
protected function save_file()
{
//create & set new filename
if(empty($this->filename)) {
$this->create_new_filename();
}
//set filename
$this->file['filename'] = $this->filename;
//set full path
$this->file['full_path'] = $this->root . $this->destination . $this->filename;
$this->file['path'] = $this->destination . $this->filename;
$status = move_uploaded_file($this->tmp_name, $this->file['full_path']);
//checks whether upload successful
if (!$status) {
throw new Exception('Upload: Failed to upload file.');
}
//done
$this->file['status'] = true;
}
/**
* Set data about file
*/
protected function set_file_data()
{
$file_size = $this->get_file_size();
$this->file = array(
'status' => false,
'destination' => $this->destination,
'size_in_bytes' => $file_size,
'size_in_mb' => $this->bytes_to_mb($file_size),
'mime' => $this->get_file_mime(),
'filename' => $this->file_post['name'],
'tmp_name' => $this->file_post['tmp_name'],
'post_data' => $this->file_post,
);
}
/**
* Set validation error
*
* @param string $message
*/
public function set_error($message)
{
$this->validation_errors[] = $message;
}
/**
* Return validation errors
*
* @return array
*/
public function get_errors()
{
return $this->validation_errors;
}
/**
* Set external callback methods
*
* @param object $instance_of_callback_object
* @param array $callback_methods
*/
public function callbacks($instance_of_callback_object, $callback_methods)
{
if (empty($instance_of_callback_object)) {
throw new Exception('Upload: $instance_of_callback_object cannot be empty.');
}
if (!is_array($callback_methods)) {
throw new Exception('Upload: $callback_methods data type need to be array.');
}
$this->external_callback_object = $instance_of_callback_object;
$this->external_callback_methods = $callback_methods;
}
/**
* Execute callbacks
*/
protected function validate()
{
//get curent errors
$errors = $this->get_errors();
if (empty($errors)) {
//set data about current file
$this->set_file_data();
//execute internal callbacks
$this->execute_callbacks($this->callbacks, $this);
//execute external callbacks
$this->execute_callbacks($this->external_callback_methods, $this->external_callback_object);
}
}
/**
* Execute callbacks
*/
protected function execute_callbacks($callbacks, $object)
{
foreach($callbacks as $method) {
$object->$method($this);
}
}
/**
* File mime type validation callback
*
* @param object $object
*/
protected function check_mime_type($object)
{
if (!empty($object->mimes)) {
if (!in_array($object->file['mime'], $object->mimes)) {
$object->set_error('MIME type not allowed.');
}
}
}
/**
* Set allowed mime types
*
* @param array $mimes
*/
public function set_allowed_mime_types($mimes)
{
$this->mimes = $mimes;
//if mime types is set -> set callback
$this->callbacks[] = 'check_mime_type';
}
/**
* File size validation callback
*
* @param object $object
*/
protected function check_file_size($object)
{
if (!empty($object->max_file_size)) {
$file_size_in_mb = $this->bytes_to_mb($object->file['size_in_bytes']);
if ($object->max_file_size <= $file_size_in_mb) {
$object->set_error('File exceeds maximum allowed size.');
}
}
}
/**
* Set max file size
*
* @param int $size
*/
public function set_max_file_size($size)
{
$this->max_file_size = $size;
//if max file size is set -> set callback
$this->callbacks[] = 'check_file_size';
}
/**
* Set File array to object
*
* @param array $file
*/
public function file($file)
{
$this->set_file_array($file);
}
/**
* Set file array
*
* @param array $file
*/
protected function set_file_array($file)
{
//checks whether file array is valid
if (!$this->check_file_array($file)) {
//file not selected or some bigger problems (broken files array)
$this->set_error('Please select file.');
}
//set file data
$this->file_post = $file;
//set tmp path
$this->tmp_name = $file['tmp_name'];
}
/**
* Checks whether Files post array is valid
*
* @return bool
*/
protected function check_file_array($file)
{
return isset($file['error'])
&& !empty($file['name'])
&& !empty($file['type'])
&& !empty($file['tmp_name'])
&& !empty($file['size']);
}
/**
* Get file mime type
*
* @return string
*/
protected function get_file_mime()
{
return $this->finfo->file($this->tmp_name, FILEINFO_MIME_TYPE);
}
/**
* Get file size
*
* @return int
*/
protected function get_file_size()
{
return filesize($this->tmp_name);
}
/**
* Set destination path (return TRUE on success)
*
* @param string $destination
* @return bool
*/
protected function set_destination($destination)
{
$this->destination = $destination . DIRECTORY_SEPARATOR;
return $this->destination_exist() ? true : $this->create_destination();
}
/**
* Checks whether destination folder exists
*
* @return bool
*/
protected function destination_exist()
{
return is_writable($this->root . $this->destination);
}
/**
* Create path to destination
*
* @param string $dir
* @return bool
*/
protected function create_destination()
{
return mkdir($this->root . $this->destination, $this->default_permissions, true);
}
/**
* Set unique filename
*
* @return string
*/
protected function create_new_filename()
{
$filename = sha1(mt_rand(1, 9999) . $this->destination . uniqid()) . time();
$this->set_filename($filename);
}
/**
* Convert bytes to MB
*
* @param int $bytes
* @return int
*/
protected function bytes_to_mb($bytes)
{
return round(($bytes / 1048576), 2);
}
}

2
config/090_raspap.conf

@ -1,4 +1,4 @@
# RaspAP default config
log-facility=/tmp/dnsmasq.log
log-facility=/var/log/dnsmasq.log
conf-dir=/etc/dnsmasq.d

4
config/client_config/70-mobile-data-sticks.rules

@ -0,0 +1,4 @@
# mobile data modem - ttyUSB0 device appears
SUBSYSTEM=="tty", KERNEL=="ttyUSB0", TAG+="systemd", ENV{SYSTEMD_WANTS}="start start_ppp0_device.service"

3
config/client_config/80-raspap-net-devices.rules

@ -0,0 +1,3 @@
SUBSYSTEM=="net", ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="12d1", ATTRS{idProduct}=="14db", NAME="hilink%n", TAG+="systemd", ENV{SYSTEMD_WANTS}="start start_huawei_hilink@hilink%n.service"

505
config/client_config/huawei_hilink_api.sh

@ -0,0 +1,505 @@
#!/bin/bash
#
# Huawei Hilink API
# =================
# - communication with Hilink devices via HTTP
# - send a standard http request with a xml formatted string to the device (default IP 192.169.8.1)
# - Howto:
# o "source" this script in your own script from the command line
# o if hilink_host ip/name differs, set "hilink_host=192.168.178.1" before calling any function
# o if the device is locked by a password, set hilink_user="admin"; hilink_password"1234secret"
# _login is called automatically
# only password type 4 is supported
# o if the SIM is requiring a PIN, set "hilink_pin=1234"
# o connect device to network: _switchMobileData ON ( or 1 )
# o disconnect device: _switchMobileData OFF ( or 0 )
# o get informations about the device: _getDeviceInformation and _getStatus and _getNetProvider
# all functions return XML formatted data in $response.
# o _getAllInformations: returns all available informations as key/value pairs (outputs text)
# o Check if device is connected: "if _isConnected; then .... fi"
# o $response can be parsed by calling _valueFromResponse
# e.g "_valueFromResponse msisdn" to get the phone number after a call to _getDeviceInformation
#
#
# Usage of functions
# - call the function with parameters (if required)
# - return code: 0 - success; 1 - failed
# - $status: status information (OK, ERROR)
# - $response: xml response to be parsed for the required information
#
#
# required software: curl, base64, sha256sum, sed
#
# ToDo: improve error handling
#
# zbchristian 2021
#
# Initialization procedure
# ========================
#
# hilink_host=192.168.8.1 # ip address of device
# hilink_user="admin" # user name if locked (default admin)
# hilink_password="1234Secret" # password if locked
# hilink_pin="1234" # PIN of SIM
# _initHilinkAPI # initialize the API
#
# Termination
# ===========
# cleanup the API before quitting the shell
# _closeHilinkAPI (optional: add parameter "save" to save the session/token data for subsequent calls. Valid for a few minutes.)
#
# BE AWARE, THAT THE API USES SOME GLOBAL VARIABLES : hilink_host, user, password, pin, response, status
# USE THESE ONLY TO COMMUNICATE WITH THE API.
# DO NOT USE THE VARIABLE PRE_FIX "hilink_" FOR YOUR OWN VARIABLES
#
hilink_host_default="192.168.8.1"
hilink_save_file="/tmp/hilink_api_saved.dat"
hilink_save_age=60
hilink_header_file="/tmp/hilink_login_hdr.txt"
# initialize
function _initHilinkAPI() {
local age
if [ -z "$hilink_host" ]; then hilink_host=$hilink_host_default; fi
if ! _hostReachable; then return 1; fi
if [ -f $hilink_save_file ]; then # found file with saved data
_getSavedData
age=$(( $(date +%s) - $(stat $hilink_save_file -c %Y) ))
if [[ $age -gt $hilink_save_age ]]; then
rm -f $hilink_save_file
_logout
_sessToken
fi
fi
if [ -z "$hilink_sessID" ] || [ -z "$hilink_token" ]; then _sessToken; fi
_login
return $?
}
function _getSavedData() {
local dat
if [ -f $hilink_save_file ]; then # restore saved session data
dat=$(cat $hilink_save_file)
hilink_sessID=$(echo "$dat" | sed -nr 's/sessionid: ([a-z0-9]*)/\1/ip')
hilink_token=$(echo "$dat" | sed -nr 's/token: ([a-z0-9]*)/\1/ip')
hilink_tokenlist=( $(echo "$dat" | sed -nr 's/tokenlist: ([a-z0-9 ]*)/\1/ip') )
fi
}
# Cleanup
# parameter: "save" - will store sessionid and tokens in file
function _closeHilinkAPI() {
local opt
if [ -z "$hilink_host" ]; then hilink_host=$hilink_host_default; fi
if ! _hostReachable; then return 1; fi
rm -f $hilink_save_file
[ ! -z "$1" ] && opt="${1,,}"
if [ ! -z "$opt" ] && [ "$opt" = "save" ]; then
echo "sessionid: $hilink_sessID" > $hilink_save_file
echo "token: $hilink_token" >> $hilink_save_file
echo "tokenlist: ${hilink_tokenlist[@]}" >> $hilink_save_file
fi
_logout
hilink_tokenlist=""
hilink_sessID=""
hilink_token=""
return 0
}
# get status (connection status, DNS, )
# parameter: none
function _getStatus() {
if _login; then
if _sendRequest "api/monitoring/status"; then
if [ ! -z "$1" ]; then _valueFromResponse "$1"; fi
fi
return $?
fi
return 1
}
function _isConnected() {
local conn
conn=$(_getStatus "connectionstatus")
status="NO"
if [ ! -z "$conn" ] && [ $conn -eq 901 ]; then
status="YES"
return 0
fi
return 1
}
# get device information (device name, imei, imsi, msisdn-phone number, MAC, WAN IP ...)
# parameter: name of parameter to return
function _getDeviceInformation() {
if _login; then
if _sendRequest "api/device/information"; then
if [ ! -z "$1" ]; then _valueFromResponse "$1"; fi
fi
return $?
fi
return 1
}
# get net provider information
# parameter: name of parameter to return
function _getNetProvider() {
if _login; then
if _sendRequest "api/net/current-plmn"; then
if [ ! -z "$1" ]; then _valueFromResponse "$1"; fi
fi
return $?
fi
return 1
}
# get signal level
# parameter: name of parameter to return
function _getSignal() {
if _login; then
if _sendRequest "api/device/signal"; then
if [ ! -z "$1" ]; then _valueFromResponse "$1"; fi
fi
return $?
fi
return 1
}
function _getAllInformations() {
if _getDeviceInformation; then _keyValuePairs; fi
if _getSignal; then _keyValuePairs; fi
if _getNetProvider; then _keyValuePairs; fi
}
# get status of mobile data connection
# parameter: none
function _getMobileDataStatus() {
if _login; then
if _sendRequest "api/dialup/mobile-dataswitch"; then
status=$(_valueFromResponse "dataswitch")
if [ $? -eq 0 ] && [ ! -z "$status" ]; then echo "$status"; fi
fi
return $?
fi
return 1
}
# PIN of SIM can be passed either as $hilink_pin, or as parameter
# parameter: PIN number of SIM card
function _enableSIM() {
#SimState:
#255 - no SIM,
#256 - error CPIN,
#257 - ready,
#258 - PIN disabled,
#259 - check PIN,
#260 - PIN required,
#261 - PUK required
local simstate
if [ ! -z "$1" ]; then hilink_pin="$1"; fi
if ! _login; then return 1; fi
if _sendRequest "api/pin/status"; then
simstate=$(echo $response | sed -rn 's/.*<simstate>([0-9]*)<\/simstate>.*/\1/pi')
if [[ $simstate -eq 257 ]]; then status="SIM ready"; return 0; fi
if [[ $simstate -eq 260 ]]; then
status="PIN required"
if [ ! -z "$hilink_pin" ]; then _setPIN "$hilink_pin"; fi
return $?
fi
if [[ $simstate -eq 255 ]]; then status="NO SIM"; return 1; fi
fi
return 1
}
# obtain session and verification token - stored in vars $hilink_sessID and $token
# parameter: none
function _sessToken() {
hilink_tokenlist=""
hilink_token=""
hilink_sessID=""
response=$(curl -s http://$hilink_host/api/webserver/SesTokInfo -m 5 2> /dev/null)
if [ -z "$response" ]; then echo "No access to device at $hilink_host"; return 1; fi
status=$(echo "$response" | sed -nr 's/.*<code>([0-9]*)<\/code>.*/\1/ip')
if [ -z "$status" ]; then
hilink_token=$(echo $response | sed -r 's/.*<TokInfo>(.*)<\/TokInfo>.*/\1/')
hilink_sessID=$(echo $response | sed -r 's/.*<SesInfo>(.*)<\/SesInfo>.*/\1/')
if [ ! -z "$hilink_sessID" ] && [ ! -z "$hilink_token" ]; then
hilink_sessID="SessionID=$hilink_sessID"
return 0
fi
fi
return 1
}
# unlock device (if locked) with user name and password
# requires stored hilink_user="admin"; hilink_password"1234secret";hilink_host=$hilink_host_default
# parameter: none
function _login() {
local ret encpw pwtype pwtype3 hashedpw pwtype4
if _loginState; then return 0; fi # login not required, or already done
_sessToken
# get password type
if ! _sendRequest "api/user/state-login"; then return 1; fi
pwtype=$(echo "$response" | sed -rn 's/.*<password_type>([0-9])<\/password_type>.*/\1/pi')
if [ -z "$pwtype" ];then pwtype=4; fi # fallback is type 4
ret=1
if [[ ! -z "$hilink_user" ]] && [[ ! -z "$hilink_password" ]]; then
# password encoding
# type 3 : base64(pw) encoded
# type 4 : base64(sha256sum(user + base64(sha256sum(pw)) + token))
pwtype3=$(echo -n "$hilink_password" | base64 --wrap=0)
hashedpw=$(echo -n "$hilink_password" | sha256sum -b | sed -nr 's/^([0-9a-z]*).*$/\1/ip' )
hashedpw=$(echo -n "$hashedpw" | base64 --wrap=0)
pwtype4=$(echo -n "$hilink_user$hashedpw$hilink_token" | sha256sum -b | sed -nr 's/^([0-9a-z]*).*$/\1/ip' )
encpw=$(echo -n "$pwtype4" | base64 --wrap=0)
if [ $pwtype -ne 4 ]; then encpw=$pwtype3; fi
hilink_xmldata="<?xml version='1.0' encoding='UTF-8'?><request><Username>$hilink_user</Username><Password>$encpw</Password><password_type>$pwtype</password_type></request>"
hilink_xtraopts="--dump-header $hilink_header_file"
rm -f $hilink_header_file
_sendRequest "api/user/login"
if [ ! -z "$status" ] && [ "$status" = "OK" ]; then
# store the list of 30 tokens. Each token is valid for a single request
hilink_tokenlist=( $(cat $hilink_header_file | sed -rn 's/^__RequestVerificationToken:\s*([0-9a-z#]*).*$/\1/pi' | sed 's/#/ /g') )
_getToken
hilink_sessID=$(cat $hilink_header_file | grep -ioP 'SessionID=([a-z0-9]*)')
if [ ! -z "$hilink_sessID" ] && [ ! -z "$hilink_token" ]; then ret=0; fi
fi
rm -f $hilink_header_file
fi
return $ret
}
# logout of hilink device
# parameter: none
function _logout() {
if _loginState; then
hilink_xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><Logout>1</Logout></request>"
if _sendRequest "api/user/logout"; then
hilink_tokenlist=""
hilink_sessID=""
hilink_token=""
hilink_login_enabled=""
fi
return $?
fi
return 1
}
# parameter: none
function _loginState() {
local state
status="OK"
if [ -z "$hilink_login_enabled" ]; then _checkLoginEnabled; fi
if [ $hilink_login_enabled -eq 1 ]; then return 0; fi # login is disabled
_sendRequest "api/user/state-login"
state=`echo "$response" | sed -rn 's/.*<state>(.*)<\/state>.*/\1/pi'`
if [ ! -z "$state" ] && [ $state -eq 0 ]; then # already logged in
return 0
fi
return 1
}
function _checkLoginEnabled() {
local state
if _sendRequest "api/user/hilink_login"; then
hilink_login_enabled=0
state=$(echo $response | sed -rn 's/.*<hilink_login>(.*)<\/hilink_login>.*/\1/pi')
if [ ! -z "$state" ] && [ $state -eq 0 ]; then # no login enabled
hilink_login_enabled=1
fi
else
hilink_login_enabled=""
fi
}
# switch mobile data on/off 1/0
# if SIM is locked, $hilink_pin has to be set
# parameter: state - ON/OFF or 1/0
function _switchMobileData() {
local mode
if [ -z "$1" ]; then return 1; fi
_login
mode="${1,,}"
[ "$mode" = "on" ] && mode=1
[ "$mode" = "off" ] && mode=0
if [[ $mode -ge 0 ]]; then
if _enableSIM "$hilink_pin"; then
hilink_xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><dataswitch>$mode</dataswitch></request>"
_sendRequest "api/dialup/mobile-dataswitch"
return $?
fi
fi
return 1
}
# parameter: PIN of SIM card
function _setPIN() {
local pin
if [ -z "$1" ]; then return 1; fi
pin="$1"
hilink_xmldata="<?xml version: '1.0' encoding='UTF-8'?><request><OperateType>0</OperateType><CurrentPin>$pin</CurrentPin><NewPin></NewPin><PukCode></PukCode></request>"
_sendRequest "api/pin/operate"
return $?
}
# Send request to host at http://$hilink_host/$apiurl
# data in $hilink_xmldata and options in $hilink_xtraopts
# parameter: apiurl (e.g. "api/user/login")
function _sendRequest() {
local ret apiurl
status="ERROR"
if [ -z "$1" ]; then return 1; fi
apiurl="$1"
ret=1
if [ -z "$hilink_sessID" ] || [ -z "$hilink_token" ]; then _sessToken; fi
if [ -z "$hilink_xmldata" ];then
response=$(curl -s http://$hilink_host/$apiurl -m 10 \
-H "Cookie: $hilink_sessID")
else
response=$(curl -s -X POST http://$hilink_host/$apiurl -m 10 \
-H "Content-Type: text/xml" \
-H "Cookie: $hilink_sessID" \
-H "__RequestVerificationToken: $hilink_token" \
-d "$hilink_xmldata" $hilink_xtraopts 2> /dev/null)
_getToken
fi
if [ ! -z "$response" ];then
response=$(echo $response | tr -d '\012\015') # delete newline chars
status=$(echo "$response" | sed -nr 's/.*<code>([0-9]*)<\/code>.*/\1/ip') # check for error code
if [ -z "$status" ]; then
status="OK"
response=$(echo "$response" | sed -nr 's/.*<response>(.*)<\/response>.*/\1/ip')
[ -z "$response" ] && response="none"
ret=0
else
status="ERROR $status"
fi
else
status="ERROR"
fi
if [[ "$status" =~ ERROR ]]; then _handleError; fi
hilink_xtraopts=""
hilink_xmldata=""
return $ret
}
# handle the list of tokens available after login
# parameter: none
function _getToken() {
if [ ! -z "$hilink_tokenlist" ] && [ ${#hilink_tokenlist[@]} -gt 0 ]; then