Hexor/OutFleet
1
0
Fork 0
mirror of https://github.com/house-of-vanity/OutFleet.git synced 2025-08-21 14:37:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed last release

Browse Source
This commit is contained in:
Ultradesu
2025-07-20 22:30:04 +03:00
parent 9c8f0463a5
commit 42a923799b
8 changed files with 458 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
vpn/admin.py
View File

@@ -337,15 +337,23 @@ class UserAdmin(admin.ModelAdmin):
return qs
def save_model(self, request, obj, form, change):
import logging
logger = logging.getLogger(__name__)
super().save_model(request, obj, form, change)
selected_servers = form.cleaned_data.get('servers', [])
# Remove ACLs that are no longer selected
ACL.objects.filter(user=obj).exclude(server__in=selected_servers).delete()
removed_acls = ACL.objects.filter(user=obj).exclude(server__in=selected_servers)
for acl in removed_acls:
logger.info(f"Removing ACL for user {obj.username} from server {acl.server.name}")
removed_acls.delete()
# Create new ACLs for newly selected servers (with default links)
for server in selected_servers:
acl, created = ACL.objects.get_or_create(user=obj, server=server)
if created:
logger.info(f"Created new ACL for user {obj.username} on server {server.name}")
# Note: get_or_create will use the default save() method which creates default links
@admin.register(AccessLog)
@@ -405,7 +413,10 @@ class ACLAdmin(admin.ModelAdmin):
data = server.get_user(user)
return format_object(data)
except Exception as e:
return mark_safe(f"<span style='color: red;'>Error: {e}</span>")
import logging
logger = logging.getLogger(__name__)
logger.error(f"Failed to get user info for {user.username} on {server.name}: {e}")
return mark_safe(f"<span style='color: red;'>Server connection error: {e}</span>")
@admin.display(description='Dynamic Config Links')
def display_links(self, obj):

20
vpn/models.py
View File

@@ -1,4 +1,5 @@
import uuid
import logging
from django.db import models
from vpn.tasks import sync_user
from django.db.models.signals import post_save, pre_delete
@@ -8,6 +9,8 @@ import shortuuid
from django.contrib.auth.models import AbstractUser
logger = logging.getLogger(__name__)
class AccessLog(models.Model):
user = models.CharField(max_length=256, blank=True, null=True, editable=False)
server = models.CharField(max_length=256, blank=True, null=True, editable=False)
@@ -65,11 +68,24 @@ class ACL(models.Model):
@receiver(post_save, sender=ACL)
def acl_created_or_updated(sender, instance, created, **kwargs):
sync_user.delay_on_commit(instance.user.id, instance.server.id)
try:
sync_user.delay_on_commit(instance.user.id, instance.server.id)
if created:
logger.info(f"Scheduled sync for new ACL: user {instance.user.username} on server {instance.server.name}")
else:
logger.info(f"Scheduled sync for updated ACL: user {instance.user.username} on server {instance.server.name}")
except Exception as e:
logger.error(f"Failed to schedule sync task for ACL {instance.id}: {e}")
# Don't raise exception to avoid blocking ACL creation/update
@receiver(pre_delete, sender=ACL)
def acl_deleted(sender, instance, **kwargs):
sync_user.delay_on_commit(instance.user.id, instance.server.id)
try:
sync_user.delay_on_commit(instance.user.id, instance.server.id)
logger.info(f"Scheduled sync for deleted ACL: user {instance.user.username} on server {instance.server.name}")
except Exception as e:
logger.error(f"Failed to schedule sync task for ACL deletion {instance.id}: {e}")
# Don't raise exception to avoid blocking ACL deletion
class ACLLink(models.Model):

128
vpn/server_plugins/outline.py
View File

@@ -1,5 +1,4 @@
import logging
from venv import logger
import requests
from django.db import models
from .generic import Server
@@ -36,12 +35,15 @@ class _FingerprintAdapter(requests.adapters.HTTPAdapter):
class OutlineServer(Server):
logger = logging.getLogger(__name__)
admin_url = models.URLField(help_text="Management URL")
admin_access_cert = models.CharField(max_length=255, help_text="Fingerprint")
client_hostname = models.CharField(max_length=255, help_text="Server address for clients")
client_port = models.CharField(max_length=5, help_text="Server port for clients")
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.logger = logging.getLogger(__name__)
class Meta:
verbose_name = 'Outline'
verbose_name_plural = 'Outline'
@@ -59,9 +61,6 @@ class OutlineServer(Server):
return OutlineVPN(api_url=self.admin_url, cert_sha256=self.admin_access_cert)
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
def __str__(self):
return f"{self.name} ({self.client_hostname}:{self.client_port})"
@@ -85,6 +84,7 @@ class OutlineServer(Server):
def sync_users(self):
from vpn.models import User, ACL
logger = logging.getLogger(__name__)
logger.debug(f"[{self.name}] Sync all users")
keys = self.client.get_keys()
acls = ACL.objects.filter(server=self)
@@ -119,10 +119,28 @@ class OutlineServer(Server):
raise OutlineConnectionError("Client error. Can't connect.", original_exception=e)
def _get_key(self, user):
logger.error(f"Asking for key for user {user.username}")
result = self.client.get_key(str(user.username))
logger.error(f"Got key for user {user.username} - {result}")
return result
logger = logging.getLogger(__name__)
logger.debug(f"[{self.name}] Looking for key for user {user.username}")
try:
# Try to get key by username first
result = self.client.get_key(str(user.username))
logger.debug(f"[{self.name}] Found key for user {user.username} by username")
return result
except OutlineServerErrorException:
# If not found by username, search by password (hash)
logger.debug(f"[{self.name}] Key not found by username, searching by password")
try:
keys = self.client.get_keys()
for key in keys:
if key.password == user.hash:
logger.debug(f"[{self.name}] Found key for user {user.username} by password match")
return key
# No key found
logger.debug(f"[{self.name}] No key found for user {user.username}")
raise OutlineServerErrorException(f"Key not found for user {user.username}")
except Exception as e:
logger.error(f"[{self.name}] Error searching for key for user {user.username}: {e}")
raise OutlineServerErrorException(f"Error searching for key: {e}")
def get_user(self, user, raw=False):
user_info = self._get_key(user)
@@ -140,33 +158,53 @@ class OutlineServer(Server):
def add_user(self, user):
logger = logging.getLogger(__name__)
try:
server_user = self._get_key(user)
except OutlineServerErrorException as e:
server_user = None
logger.debug(f"[{self.name}] User {str(server_user)}")
result = {}
key = None
if server_user:
if server_user.method != "chacha20-ietf-poly1305" or \
server_user.port != int(self.client_port) or \
server_user.name != user.username or \
server_user.password != user.hash or \
self.client.delete_key(user.hash):
self.delete_user(user)
key = self.client.create_key(
key_id=user.username,
name=user.username,
method=server_user.method,
password=user.hash,
data_limit=None,
port=server_user.port
)
logger.debug(f"[{self.name}] User {user.username} updated")
# Check if user needs update - but don't delete immediately
needs_update = (
server_user.method != "chacha20-ietf-poly1305" or
server_user.port != int(self.client_port) or
server_user.name != user.username or
server_user.password != user.hash
)
if needs_update:
# Delete old key before creating new one
try:
self.client.delete_key(server_user.key_id)
logger.debug(f"[{self.name}] Deleted outdated key for user {user.username}")
except Exception as e:
logger.warning(f"[{self.name}] Failed to delete old key for user {user.username}: {e}")
# Create new key with correct parameters
try:
key = self.client.create_key(
key_id=user.username,
name=user.username,
method="chacha20-ietf-poly1305",
password=user.hash,
data_limit=None,
port=int(self.client_port)
)
logger.info(f"[{self.name}] User {user.username} updated")
except OutlineServerErrorException as e:
raise OutlineConnectionError(f"Failed to create updated key for user {user.username}", original_exception=e)
else:
# User exists and is up to date
key = server_user
logger.debug(f"[{self.name}] User {user.username} already up to date")
else:
# User doesn't exist, create new key
try:
key = self.client.create_key(
key_id=user.username,
@@ -180,23 +218,39 @@ class OutlineServer(Server):
except OutlineServerErrorException as e:
error_message = str(e)
if "code\":\"Conflict" in error_message:
logger.warning(f"[{self.name}] Conflict for User {user.username}, trying to force sync. {error_message}")
for key in self.client.get_keys():
logger.warning(f"[{self.name}] checking user: {key.name} passowrd: {key.password}")
if key.password == user.hash:
self.delete_user(user)
return self.add_user(user)
logger.warning(f"[{self.name}] Conflict for User {user.username}, trying to resolve. {error_message}")
# Find conflicting key by password and remove it
try:
for existing_key in self.client.get_keys():
if existing_key.password == user.hash:
logger.warning(f"[{self.name}] Found conflicting key {existing_key.key_id} with same password")
self.client.delete_key(existing_key.key_id)
break
# Try to create again after cleanup
return self.add_user(user)
except Exception as cleanup_error:
logger.error(f"[{self.name}] Failed to resolve conflict for user {user.username}: {cleanup_error}")
raise OutlineConnectionError(f"Conflict resolution failed for user {user.username}", original_exception=e)
else:
raise OutlineConnectionError("API Error", original_exception=e)
# Build result from key object
try:
result['key_id'] = key.key_id
result['name'] = key.name
result['method'] = key.method
result['password'] = key.password
result['data_limit'] = key.data_limit
result['port'] = key.port
if key:
result = {
'key_id': key.key_id,
'name': key.name,
'method': key.method,
'password': key.password,
'data_limit': key.data_limit,
'port': key.port
}
else:
result = {"error": "No key object returned"}
except Exception as e:
logger.error(f"[{self.name}] Error building result for user {user.username}: {e}")
result = {"error": str(e)}
return result
def delete_user(self, user):

120
vpn/tasks.py
View File

@@ -1,9 +1,7 @@
import logging
from celery import group, shared_task
#from django_celery_results.models import TaskResult
from outline_vpn.outline_vpn import OutlineServerErrorException
from celery.exceptions import Retry
logger = logging.getLogger(__name__)
@@ -13,61 +11,113 @@ class TaskFailedException(Exception):
super().__init__(f"{self.message}")
@shared_task(name="sync_all_servers")
def sync_all_users():
from .models import User, ACL
@shared_task(name="sync_all_servers", bind=True, autoretry_for=(Exception,), retry_kwargs={'max_retries': 3, 'countdown': 60})
def sync_all_users(self):
from vpn.server_plugins import Server
servers = Server.objects.all()
if not servers.exists():
logger.warning("No servers found for synchronization")
return "No servers to sync"
tasks = group(sync_users.s(server.id) for server in servers)
result = tasks.apply_async()
return result
return f"Initiated sync for {servers.count()} servers"
@shared_task(name="sync_all_users_on_server")
def sync_users(server_id):
from .models import Server
status = {}
@shared_task(name="sync_all_users_on_server", bind=True, autoretry_for=(Exception,), retry_kwargs={'max_retries': 3, 'countdown': 60})
def sync_users(self, server_id):
from vpn.server_plugins import Server
try:
server = Server.objects.get(id=server_id)
sync = server.sync_users()
if sync:
logger.info(f"Starting user sync for server {server.name}")
sync_result = server.sync_users()
if sync_result:
logger.info(f"Successfully synced users for server {server.name}")
return f"Successfully synced users for server {server.name}"
else:
raise TaskFailedException(f"Sync failed for server {server.name}")
except Server.DoesNotExist:
logger.error(f"Server with id {server_id} not found")
raise TaskFailedException(f"Server with id {server_id} not found")
except Exception as e:
logger.error(f"Error syncing users for server {server.name}: {e}")
raise TaskFailedException(message=f"Error syncing users for server {server.name}")
logger.error(f"Error syncing users for server id {server_id}: {e}")
if self.request.retries < 3:
logger.info(f"Retrying sync for server id {server_id} (attempt {self.request.retries + 1})")
raise self.retry(countdown=60)
raise TaskFailedException(f"Error syncing users for server id {server_id}: {e}")
@shared_task(name="sync_server_info")
def sync_server(id):
@shared_task(name="sync_server_info", bind=True, autoretry_for=(Exception,), retry_kwargs={'max_retries': 3, 'countdown': 30})
def sync_server(self, id):
from vpn.server_plugins import Server
# task_result = TaskResult.objects.get_task(self.request.id)
# task_result.status='RUNNING'
# task_result.save()
return {"status": Server.objects.get(id=id).sync()}
try:
server = Server.objects.get(id=id)
logger.info(f"Starting server info sync for {server.name}")
sync_result = server.sync()
return {"status": sync_result, "server": server.name}
except Server.DoesNotExist:
logger.error(f"Server with id {id} not found")
return {"error": f"Server with id {id} not found"}
except Exception as e:
logger.error(f"Error syncing server info for id {id}: {e}")
if self.request.retries < 3:
logger.info(f"Retrying server sync for id {id} (attempt {self.request.retries + 1})")
raise self.retry(countdown=30)
return {"error": f"Error syncing server info: {e}"}
@shared_task(name="sync_user_on_server")
def sync_user(user_id, server_id):
@shared_task(name="sync_user_on_server", bind=True, autoretry_for=(Exception,), retry_kwargs={'max_retries': 5, 'countdown': 30})
def sync_user(self, user_id, server_id):
from .models import User, ACL
from vpn.server_plugins import Server
errors = {}
result = {}
user = User.objects.get(id=user_id)
acls = ACL.objects.filter(user=user)
server = Server.objects.get(id=server_id)
try:
if acls.filter(server=server).exists():
user = User.objects.get(id=user_id)
server = Server.objects.get(id=server_id)
logger.info(f"Syncing user {user.username} on server {server.name}")
# Check if ACL exists
acl_exists = ACL.objects.filter(user=user, server=server).exists()
if acl_exists:
# User should exist on server
result[server.name] = server.add_user(user)
logger.info(f"Added/updated user {user.username} on server {server.name}")
else:
# User should be removed from server
result[server.name] = server.delete_user(user)
logger.info(f"Removed user {user.username} from server {server.name}")
except User.DoesNotExist:
error_msg = f"User with id {user_id} not found"
logger.error(error_msg)
errors["user"] = error_msg
except Server.DoesNotExist:
error_msg = f"Server with id {server_id} not found"
logger.error(error_msg)
errors["server"] = error_msg
except Exception as e:
errors[server.name] = {"error": e}
finally:
if errors:
raise TaskFailedException(message=f"Errors during taks: {errors}")
return result
error_msg = f"Error syncing user {user_id} on server {server_id}: {e}"
logger.error(error_msg)
errors[f"server_{server_id}"] = error_msg
# Retry on failure unless it's a permanent error
if self.request.retries < 5:
logger.info(f"Retrying user sync for user {user_id} on server {server_id} (attempt {self.request.retries + 1})")
raise self.retry(countdown=30)
if errors:
raise TaskFailedException(message=f"Errors during task: {errors}")
return result

93
vpn/templates/admin/simple_move_clients.html Normal file
View File

@@ -0,0 +1,93 @@
{% extends "admin/base_site.html" %}
{% load i18n admin_urls static admin_list %}
{% block title %}{{ title }} | {{ site_title|default:_('Django site admin') }}{% endblock %}
{% block extrahead %}
<link rel="stylesheet" type="text/css" href="{% static 'admin/css/vpn_admin.css' %}">
{% endblock %}
{% block breadcrumbs %}
<div class="breadcrumbs">
<a href="{% url 'admin:index' %}">{% trans 'Home' %}</a>
&rsaquo; <a href="{% url 'admin:app_list' app_label=opts.app_label %}">{{ opts.app_config.verbose_name }}</a>
&rsaquo; <a href="{% url 'admin:vpn_server_changelist' %}">{{ opts.verbose_name_plural|capfirst }}</a>
&rsaquo; {{ title }}
</div>
{% endblock %}
{% block content %}
<h1>{{ title }}</h1>
<div class="module aligned">
<div class="form-row">
<div class="form-row field-box">
<label>Source Server:</label>
<div class="readonly"><strong>{{ source_server.name }}</strong> ({{ source_server.server_type }})</div>
</div>
<div class="form-row field-box">
<label>Statistics:</label>
<div class="readonly">
<strong>{{ links_count }}</strong> client link(s) for <strong>{{ users_count }}</strong> user(s)
</div>
</div>
</div>
</div>
{% if links_count == 0 %}
<div class="messagelist">
<div class="warning">No client links found on this server.</div>
</div>
<div class="submit-row">
<a href="{% url 'admin:vpn_server_changelist' %}" class="default">« Back to server list</a>
</div>
{% else %}
<form method="post" id="move-form">
{% csrf_token %}
<fieldset class="module aligned">
<h2>Move Options</h2>
<div class="form-row">
<div>
<label for="target_server" class="required">Target Server:</label>
<select id="target_server" name="target_server" class="vLargeTextField" required>
<option value="">-- Select target server --</option>
{% for server in all_servers %}
<option value="{{ server.id }}">{{ server.name }} ({{ server.server_type }})</option>
{% endfor %}
</select>
</div>
</div>
<div class="form-row">
<div>
<label for="add_prefix">Add prefix to comments (optional):</label>
<input type="text" id="add_prefix" name="add_prefix" class="vTextField"
placeholder="e.g. [FROM {{ source_server.name }}]">
<p class="help">This prefix will be added to all client link comments</p>
</div>
</div>
</fieldset>
<div class="submit-row">
<input type="submit" value="Move All Client Links" class="default"
onclick="return confirm('Are you sure you want to move ALL {{ links_count }} client link(s) from {{ source_server.name }} to the selected target server?\\n\\nThis action cannot be undone.');">
<a href="{% url 'admin:vpn_server_changelist' %}" class="button cancel">Cancel</a>
</div>
</form>
<div class="help">
<h3>What will happen:</h3>
<ul>
<li>All {{ links_count }} client links will be moved from <strong>{{ source_server.name }}</strong> to the target server</li>
<li>Users who don't have access to the target server will get new ACL entries created automatically</li>
<li>Empty ACL entries on the source server will be cleaned up</li>
<li>All link settings and comments will be preserved (with optional prefix)</li>
<li>This operation is database-only and doesn't require server connectivity</li>
</ul>
</div>
{% endif %}
{% endblock %}

11
vpn/templates/admin/vpn/server/change_list.html.backup Normal file
View File

@@ -0,0 +1,11 @@
{% extends "admin/change_list.html" %}
{% load admin_list admin_urls %}
{% block content_title %}
<h1>{{ cl.opts.verbose_name_plural|capfirst }}</h1>
{% endblock %}
{% comment %}
This template overrides the default changelist to provide a cleaner interface
without any bulk operations blocks that might be added by external packages
{% endcomment %}

12
vpn/views.py
View File

@@ -22,20 +22,28 @@ def userFrontend(request, user_hash):
def shadowsocks(request, link):
from .models import ACLLink, AccessLog
import logging
logger = logging.getLogger(__name__)
try:
acl_link = get_object_or_404(ACLLink, link=link)
acl = acl_link.acl
logger.info(f"Found ACL link for user {acl.user.username} on server {acl.server.name}")
except Http404:
logger.warning(f"ACL link not found: {link}")
AccessLog.objects.create(user=None, server="Unknown", action="Failed",
data=f"ACL not found for link: {link}")
return JsonResponse({"error": "Not allowed"}, status=403)
try:
server_user = acl.server.get_user(acl.user, raw=True)
logger.info(f"Successfully retrieved user credentials for {acl.user.username} from {acl.server.name}")
except Exception as e:
logger.error(f"Failed to get user credentials for {acl.user.username} from {acl.server.name}: {e}")
AccessLog.objects.create(user=acl.user, server=acl.server.name, action="Failed",
data=f"{e}")
return JsonResponse({"error": f"Couldn't get credentials from server. {e}"})
data=f"Failed to get credentials: {e}")
return JsonResponse({"error": f"Couldn't get credentials from server. {e}"}, status=500)
if request.GET.get('mode') == 'json':
config = {