From 1b40694395826be63639d7886eb1aaf9751e9aa5 Mon Sep 17 00:00:00 2001
From: Paul Rock <paul@drteam.rocks>
Date: Sun, 28 Jan 2018 17:03:01 +0300
Subject: [PATCH] web part refactoring, env support added, pure openvpn
 installation script added

---
 .env.example                                  |  31 ++++
 .gitignore                                    |   1 +
 composer.json                                 |  16 ++
 include/config.php                            |   6 +
 include/connect.php                           |   5 +
 {public/include => include}/functions.php     |   0
 {public/include => include}/grids.php         |   0
 .../html/form/configuration.php               |   0
 .../html/form/installation.php                |   0
 .../include => include}/html/form/login.php   |   0
 {public/include => include}/html/grids.php    |   0
 {public/include => include}/html/menu.php     |   0
 public/include/config.php                     |   7 -
 public/include/connect.php                    |   6 -
 public/index.php                              |  24 +--
 {public => scripts}/desinstall.sh             |   0
 scripts/install-openvpn.sh                    | 158 ++++++++++++++++++
 {public => scripts}/install.sh                |   0
 .../client-conf/gnu-linux/client.conf         |   0
 .../client-conf/gnu-linux/update-resolv.sh    |   0
 .../client-conf/osx-viscosity/client.conf     |   0
 .../client-conf/windows/client.ovpn           |   0
 .../installation/scripts/config.sh            |   0
 .../installation/scripts/connect.sh           |   0
 .../installation/scripts/disconnect.sh        |   0
 .../installation/scripts/functions.sh         |   0
 .../installation/scripts/login.sh             |   0
 {public => scripts}/installation/server.conf  |   0
 {public => scripts}/migration.php             |   0
 {public => scripts}/sql/schema-0.sql          |   0
 {public => scripts}/sql/schema-5.sql          |   0
 {public => scripts}/update.sh                 |   0
 32 files changed, 231 insertions(+), 23 deletions(-)
 create mode 100644 .env.example
 create mode 100644 composer.json
 create mode 100644 include/config.php
 create mode 100644 include/connect.php
 rename {public/include => include}/functions.php (100%)
 rename {public/include => include}/grids.php (100%)
 rename {public/include => include}/html/form/configuration.php (100%)
 rename {public/include => include}/html/form/installation.php (100%)
 rename {public/include => include}/html/form/login.php (100%)
 rename {public/include => include}/html/grids.php (100%)
 rename {public/include => include}/html/menu.php (100%)
 delete mode 100644 public/include/config.php
 delete mode 100644 public/include/connect.php
 rename {public => scripts}/desinstall.sh (100%)
 create mode 100755 scripts/install-openvpn.sh
 rename {public => scripts}/install.sh (100%)
 rename {public => scripts}/installation/client-conf/gnu-linux/client.conf (100%)
 rename {public => scripts}/installation/client-conf/gnu-linux/update-resolv.sh (100%)
 rename {public => scripts}/installation/client-conf/osx-viscosity/client.conf (100%)
 rename {public => scripts}/installation/client-conf/windows/client.ovpn (100%)
 rename {public => scripts}/installation/scripts/config.sh (100%)
 rename {public => scripts}/installation/scripts/connect.sh (100%)
 rename {public => scripts}/installation/scripts/disconnect.sh (100%)
 rename {public => scripts}/installation/scripts/functions.sh (100%)
 rename {public => scripts}/installation/scripts/login.sh (100%)
 rename {public => scripts}/installation/server.conf (100%)
 rename {public => scripts}/migration.php (100%)
 rename {public => scripts}/sql/schema-0.sql (100%)
 rename {public => scripts}/sql/schema-5.sql (100%)
 rename {public => scripts}/update.sh (100%)

diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..0e2e314
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,31 @@
+# Web-application parameters
+APP_PATH=/var/www/html/openvpn-admin
+
+# Database parameters
+DB_HOST=172.17.0.1
+DB_PORT=3306
+DB_NAME=openvpn-admin
+DB_USER=openvpn
+DB_PASS=openvpn_pass
+
+# OpenVPN settings
+VPN_ADDR=localhost
+VPN_PORT=1194
+VPN_PROTO=tcp
+VPN_GROUP=nogroup
+VPN_INIF=tun0
+VPN_OUTIF=eth0
+VPN_NET=10.8.0.0/24
+
+# OpenVPN key parameters
+EASYRSA_KEY_SIZE=2048
+EASYRSA_CA_EXPIRE=3650
+EASYRSA_CERT_EXPIRE=3650
+EASYRSA_REQ_COUNTRY="US"
+EASYRSA_REQ_PROVINCE="California"
+EASYRSA_REQ_CITY="San Francisco"
+EASYRSA_REQ_ORG="Copyleft Certificate Co"
+EASYRSA_REQ_OU="My Organizational Unit"
+EASYRSA_REQ_EMAIL=me@example.net
+EASYRSA_REQ_CN=ChangeMe
+EASYRSA_BATCH=true
diff --git a/.gitignore b/.gitignore
index 9993285..9a1fc58 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,3 +8,4 @@
 /public/css/
 /public/js/
 /public/img/
+/public/client-conf/
diff --git a/composer.json b/composer.json
new file mode 100644
index 0000000..f5ff126
--- /dev/null
+++ b/composer.json
@@ -0,0 +1,16 @@
+{
+    "name": "chocobozzz/openvpn-admin",
+    "authors": [
+        {
+            "name": "Florian Bigard",
+            "email": "florian.bigard@gmail.com"
+        },
+        {
+            "name": "Paul Rock",
+            "email": "paul@drteam.rocks"
+        }
+    ],
+    "require": {
+        "vlucas/phpdotenv": "^2.4"
+    }
+}
diff --git a/include/config.php b/include/config.php
new file mode 100644
index 0000000..f7f283c
--- /dev/null
+++ b/include/config.php
@@ -0,0 +1,6 @@
+<?php
+$host   = getenv('DB_HOST');
+$port   = getenv('DB_PORT');
+$db     = getenv('DB_NAME');
+$user   = getenv('DB_USER');
+$pass   = getenv('DB_PASS');
diff --git a/include/connect.php b/include/connect.php
new file mode 100644
index 0000000..4bfd669
--- /dev/null
+++ b/include/connect.php
@@ -0,0 +1,5 @@
+<?php
+require(__DIR__ . "/config.php");
+
+$options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION;
+$bdd = new PDO("mysql:host=$host;port=$port;dbname=$db", $user, $pass, $options);
diff --git a/public/include/functions.php b/include/functions.php
similarity index 100%
rename from public/include/functions.php
rename to include/functions.php
diff --git a/public/include/grids.php b/include/grids.php
similarity index 100%
rename from public/include/grids.php
rename to include/grids.php
diff --git a/public/include/html/form/configuration.php b/include/html/form/configuration.php
similarity index 100%
rename from public/include/html/form/configuration.php
rename to include/html/form/configuration.php
diff --git a/public/include/html/form/installation.php b/include/html/form/installation.php
similarity index 100%
rename from public/include/html/form/installation.php
rename to include/html/form/installation.php
diff --git a/public/include/html/form/login.php b/include/html/form/login.php
similarity index 100%
rename from public/include/html/form/login.php
rename to include/html/form/login.php
diff --git a/public/include/html/grids.php b/include/html/grids.php
similarity index 100%
rename from public/include/html/grids.php
rename to include/html/grids.php
diff --git a/public/include/html/menu.php b/include/html/menu.php
similarity index 100%
rename from public/include/html/menu.php
rename to include/html/menu.php
diff --git a/public/include/config.php b/public/include/config.php
deleted file mode 100644
index 8d6a3de..0000000
--- a/public/include/config.php
+++ /dev/null
@@ -1,7 +0,0 @@
-<?php
-	$host = 'localhost';
-	$port = '3306';
-	$db   = 'openvpn-admin';
-	$user = '';
-	$pass = '';
-?>
diff --git a/public/include/connect.php b/public/include/connect.php
deleted file mode 100644
index 0add7e4..0000000
--- a/public/include/connect.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-  require(dirname(__FILE__) . "/config.php");
-
-	$options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION;
-	$bdd = new PDO("mysql:host=$host;port=$port;dbname=$db", $user, $pass, $options);
-?>
diff --git a/public/index.php b/public/index.php
index 4418211..a602a4d 100644
--- a/public/index.php
+++ b/public/index.php
@@ -1,8 +1,12 @@
 <?php
+  # Enable dotEnv support
+  require_once __DIR__ . '/../vendor/autoload.php';
+  (new Dotenv\Dotenv(__DIR__ . '/../'))->load();
+
   session_start();
 
-  require(dirname(__FILE__) . '/include/functions.php');
-  require(dirname(__FILE__) . '/include/connect.php');
+  require(dirname(__FILE__) . '/../include/functions.php');
+  require(dirname(__FILE__) . '/../include/connect.php');
 
   // Disconnecting ?
   if(isset($_GET['logout'])){
@@ -129,7 +133,7 @@
         // Create the initial tables
         $migrations = getMigrationSchemas();
         foreach ($migrations as $migration_value) {
-          $sql_file = dirname(__FILE__) . "/sql/schema-$migration_value.sql";
+          $sql_file = dirname(__FILE__) . "/../scripts/sql/schema-$migration_value.sql";
           try {
             $sql = file_get_contents($sql_file);
             $bdd->exec($sql);
@@ -158,8 +162,8 @@
       }
       // Print the installation form
       else {
-        require(dirname(__FILE__) . '/include/html/menu.php');
-        require(dirname(__FILE__) . '/include/html/form/installation.php');
+        require(dirname(__FILE__) . '/../include/html/menu.php');
+        require(dirname(__FILE__) . '/../include/html/form/installation.php');
       }
 
       exit(-1);
@@ -170,8 +174,8 @@
       if(isset($error) && $error == true)
         printError('Login error');
 
-      require(dirname(__FILE__) . '/include/html/menu.php');
-      require(dirname(__FILE__) . '/include/html/form/configuration.php');
+      require(dirname(__FILE__) . '/../include/html/menu.php');
+      require(dirname(__FILE__) . '/../include/html/form/configuration.php');
     }
 
 
@@ -180,8 +184,8 @@
       if(isset($error) && $error == true)
         printError('Login error');
 
-      require(dirname(__FILE__) . '/include/html/menu.php');
-      require(dirname(__FILE__) . '/include/html/form/login.php');
+      require(dirname(__FILE__) . '/../include/html/menu.php');
+      require(dirname(__FILE__) . '/../include/html/form/login.php');
     }
 
     // --------------- GRIDS ---------------
@@ -201,7 +205,7 @@
       </nav>
 
   <?php
-      require(dirname(__FILE__) . '/include/html/grids.php');
+      require(dirname(__FILE__) . '/../include/html/grids.php');
     }
   ?>
   </body>
diff --git a/public/desinstall.sh b/scripts/desinstall.sh
similarity index 100%
rename from public/desinstall.sh
rename to scripts/desinstall.sh
diff --git a/scripts/install-openvpn.sh b/scripts/install-openvpn.sh
new file mode 100755
index 0000000..db8596a
--- /dev/null
+++ b/scripts/install-openvpn.sh
@@ -0,0 +1,158 @@
+#!/bin/bash
+
+print_error() {
+    echo "$1"
+    exit
+}
+
+read_env() {
+    source "$1"
+#    grep -vE '^#|^$' "$1" | sed -r 's/\ /\\\ /g; s/\=/\t/g' | \
+#    while read env val
+#        do
+#            env - $env="$val"
+#    done
+}
+
+# Ensure to be root
+if [ "$EUID" -ne 0 ]; then
+  echo "Please run as root"
+  exit
+fi
+
+base_path=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+
+# Read dotEnv file
+read_env "$base_path/../.env"
+
+printf "\n################## Server informations ##################\n"
+
+[ ! -z "$VPN_ADDR" ] && echo "VPN_ADDR=$VPN_ADDR"
+[ -z "$VPN_ADDR" ]  && read -p "Server Hostname/IP: " VPN_ADDR
+[ -z "$VPN_ADDR" ]  && print_error "Server address is required!"
+
+[ ! -z "$VPN_PROTO" ] && echo "VPN_PROTO=$VPN_PROTO"
+[ -z "$VPN_PROTO" ] && read -p "OpenVPN protocol (tcp or udp) [tcp]: " VPN_PROTO
+[ -z "$VPN_PROTO" ] && VPN_PROTO="tcp"
+
+[ ! -z "$VPN_PORT" ] && echo "VPN_PORT=$VPN_PORT"
+[ -z "$VPN_PORT" ]  && read -p "OpenVPN port [443]: " VPN_PORT
+[ -z "$VPN_PORT" ]  && VPN_PORT="443"
+
+[ ! -z "$VPN_GROUP" ] && echo "VPN_GROUP=$VPN_GROUP"
+[ -z "$VPN_GROUP" ] && read -p "OpenVPN group [nogroup]: " VPN_GROUP
+[ -z "$VPN_GROUP" ] && VPN_GROUP="nogroup"
+
+[ ! -z "$VPN_INIF" ] && echo "VPN_INIF=$VPN_INIF"
+[ -z "$VPN_INIF" ]  && read -p "OpenVPN input interface [tun0]: " VPN_INIF
+[ -z "$VPN_INIF" ]  && VPN_INIF="tun0"
+
+[ ! -z "VPN_OUTIF" ] && echo "VPN_OUTIF=$VPN_OUTIF"
+[ -z "$VPN_OUTIF" ] && read -p "OpenVPN output interface [eth0]: " VPN_OUTIF
+[ -z "$VPN_OUTIF" ] && VPN_OUTIF="eth0"
+
+[ ! -z "$VPN_NET" ] && echo "VPN_NET=$VPN_NET"
+[ -z "$VPN_NET" ]   && read -p "OpenVPN clients subnet [10.8.0.0/24]: " VPN_NET
+[ -z "$VPN_NET" ]   && VPN_NET="10.8.0.0/24"
+
+
+printf "\n################## Certificates informations ##################\n"
+
+[ -z "$EASYRSA_KEY_SIZE" ]      && read -p "Key size (1024, 2048 or 4096) [2048]: " EASYRSA_KEY_SIZE
+[ -z "$EASYRSA_CA_EXPIRE" ]     && read -p "Root certificate expiration (in days) [3650]: " EASYRSA_CA_EXPIRE
+[ -z "$EASYRSA_CERT_EXPIRE" ]   && read -p "Certificate expiration (in days) [3650]: " EASYRSA_CERT_EXPIRE
+[ -z "$EASYRSA_REQ_COUNTRY" ]   && read -p "Country Name (2 letter code) [US]: " EASYRSA_REQ_COUNTRY
+[ -z "$EASYRSA_REQ_PROVINCE" ]  && read -p "State or Province Name (full name) [California]: " EASYRSA_REQ_PROVINCE
+[ -z "$EASYRSA_REQ_CITY" ]      && read -p "Locality Name (eg, city) [San Francisco]: " EASYRSA_REQ_CITY
+[ -z "$EASYRSA_REQ_ORG" ]       && read -p "Organization Name (eg, company) [Copyleft Certificate Co]: " EASYRSA_REQ_ORG
+[ -z "$EASYRSA_REQ_OU" ]        && read -p "Organizational Unit Name (eg, section) [My Organizational Unit]: " EASYRSA_REQ_OU
+[ -z "$EASYRSA_REQ_EMAIL" ]     && read -p "Email Address [me@example.net]: " EASYRSA_REQ_EMAIL
+[ -z "$EASYRSA_REQ_CN" ]        && read -p "Common Name (eg, your name or your server's hostname) [ChangeMe]: " EASYRSA_REQ_CN
+
+
+printf "\n################## Creating the certificates ##################\n"
+
+EASYRSA_RELEASES=( $(
+  curl -s https://api.github.com/repos/OpenVPN/easy-rsa/releases | \
+  grep 'tag_name' | \
+  grep -E '3(\.[0-9]+)+' | \
+  awk '{ print $2 }' | \
+  sed 's/[,|"|v]//g'
+) )
+EASYRSA_LATEST=${EASYRSA_RELEASES[0]}
+
+# Get the rsa keys
+wget -q https://github.com/OpenVPN/easy-rsa/releases/download/v${EASYRSA_LATEST}/EasyRSA-${EASYRSA_LATEST}.tgz -O /tmp/EasyRSA-${EASYRSA_LATEST}.tgz
+mkdir -p /etc/openvpn/easy-rsa
+tar -xaf /tmp/EasyRSA-${EASYRSA_LATEST}.tgz -C /etc/openvpn/easy-rsa --strip-components=1
+rm -r /tmp/EasyRSA-${EASYRSA_LATEST}.tgz
+cd /etc/openvpn/easy-rsa
+
+# Init PKI dirs and build CA certs
+./easyrsa --batch init-pki
+./easyrsa --batch build-ca nopass
+# Generate Diffie-Hellman parameters
+./easyrsa --batch gen-dh
+# Generate server keypair
+./easyrsa --batch build-server-full server nopass
+
+# Generate shared-secret for TLS Authentication
+openvpn --genkey --secret pki/ta.key
+
+
+printf "\n################## Setup OpenVPN ##################\n"
+
+# Copy certificates and the server configuration in the openvpn directory
+cp /etc/openvpn/easy-rsa/pki/{ca.crt,ta.key,issued/server.crt,private/server.key,dh.pem} "/etc/openvpn/"
+cp "$base_path/installation/server.conf" "/etc/openvpn/"
+mkdir "/etc/openvpn/ccd"
+sed -i "s/port 443/port $VPN_PORT/" "/etc/openvpn/server.conf"
+sed -i "s/proto tcp/proto $VPN_PROTO/" "/etc/openvpn/server.conf"
+sed -i "s/group nogroup/group $VPN_GROUP/" "/etc/openvpn/server.conf"
+
+
+printf "\n################## Setup firewall ##################\n"
+
+# Make ip forwading and make it persistent
+echo 1 > "/proc/sys/net/ipv4/ip_forward"
+echo "net.ipv4.ip_forward = 1" >> "/etc/sysctl.conf"
+
+# Iptable rules
+iptables -I FORWARD -i $VPN_INIF -j ACCEPT
+iptables -I FORWARD -o $VPN_INIF -j ACCEPT
+iptables -I OUTPUT -o $VPN_INIF -j ACCEPT
+
+iptables -A FORWARD -i $VPN_INIF -o $VPN_OUTIF -j ACCEPT
+iptables -t nat -A POSTROUTING -o $VPN_OUTIF -j MASQUERADE
+iptables -t nat -A POSTROUTING -s $VPN_NET -o eth0 -j MASQUERADE
+
+
+printf "\n################## Setup web application ##################\n"
+
+# Copy bash scripts (which will insert row in MySQL)
+cp -r "$base_path/installation/scripts" "/etc/openvpn/"
+chmod +x "/etc/openvpn/scripts/"*
+
+# Configure MySQL in openvpn scripts
+sed -i "s/USER=''/USER='$DB_USER'/" "/etc/openvpn/scripts/config.sh"
+sed -i "s/PASS=''/PASS='$DB_PASS'/" "/etc/openvpn/scripts/config.sh"
+
+cp -r "$base_path/installation/client-conf" "$base_path/../public"
+# New workspace
+cd "$base_path/../public"
+
+# Replace in the client configurations with the ip of the server and openvpn protocol
+for file in "./client-conf/gnu-linux/client.conf" "./client-conf/osx-viscosity/client.conf" "./client-conf/windows/client.ovpn"; do
+  sed -i "s/remote xxx\.xxx\.xxx\.xxx 443/remote $VPN_ADDR $VPN_PORT/" $file
+
+  if [ $VPN_PROTO = "udp" ]; then
+    sed -i "s/proto tcp-client/proto udp/" $file
+  fi
+done
+
+# Copy ta.key inside the client-conf directory
+for directory in "./client-conf/gnu-linux/" "./client-conf/osx-viscosity/" "./client-conf/windows/"; do
+  cp "/etc/openvpn/"{ca.crt,ta.key} $directory
+done
+
+printf "\033[1m\n#################################### Finish ####################################\n"
diff --git a/public/install.sh b/scripts/install.sh
similarity index 100%
rename from public/install.sh
rename to scripts/install.sh
diff --git a/public/installation/client-conf/gnu-linux/client.conf b/scripts/installation/client-conf/gnu-linux/client.conf
similarity index 100%
rename from public/installation/client-conf/gnu-linux/client.conf
rename to scripts/installation/client-conf/gnu-linux/client.conf
diff --git a/public/installation/client-conf/gnu-linux/update-resolv.sh b/scripts/installation/client-conf/gnu-linux/update-resolv.sh
similarity index 100%
rename from public/installation/client-conf/gnu-linux/update-resolv.sh
rename to scripts/installation/client-conf/gnu-linux/update-resolv.sh
diff --git a/public/installation/client-conf/osx-viscosity/client.conf b/scripts/installation/client-conf/osx-viscosity/client.conf
similarity index 100%
rename from public/installation/client-conf/osx-viscosity/client.conf
rename to scripts/installation/client-conf/osx-viscosity/client.conf
diff --git a/public/installation/client-conf/windows/client.ovpn b/scripts/installation/client-conf/windows/client.ovpn
similarity index 100%
rename from public/installation/client-conf/windows/client.ovpn
rename to scripts/installation/client-conf/windows/client.ovpn
diff --git a/public/installation/scripts/config.sh b/scripts/installation/scripts/config.sh
similarity index 100%
rename from public/installation/scripts/config.sh
rename to scripts/installation/scripts/config.sh
diff --git a/public/installation/scripts/connect.sh b/scripts/installation/scripts/connect.sh
similarity index 100%
rename from public/installation/scripts/connect.sh
rename to scripts/installation/scripts/connect.sh
diff --git a/public/installation/scripts/disconnect.sh b/scripts/installation/scripts/disconnect.sh
similarity index 100%
rename from public/installation/scripts/disconnect.sh
rename to scripts/installation/scripts/disconnect.sh
diff --git a/public/installation/scripts/functions.sh b/scripts/installation/scripts/functions.sh
similarity index 100%
rename from public/installation/scripts/functions.sh
rename to scripts/installation/scripts/functions.sh
diff --git a/public/installation/scripts/login.sh b/scripts/installation/scripts/login.sh
similarity index 100%
rename from public/installation/scripts/login.sh
rename to scripts/installation/scripts/login.sh
diff --git a/public/installation/server.conf b/scripts/installation/server.conf
similarity index 100%
rename from public/installation/server.conf
rename to scripts/installation/server.conf
diff --git a/public/migration.php b/scripts/migration.php
similarity index 100%
rename from public/migration.php
rename to scripts/migration.php
diff --git a/public/sql/schema-0.sql b/scripts/sql/schema-0.sql
similarity index 100%
rename from public/sql/schema-0.sql
rename to scripts/sql/schema-0.sql
diff --git a/public/sql/schema-5.sql b/scripts/sql/schema-5.sql
similarity index 100%
rename from public/sql/schema-5.sql
rename to scripts/sql/schema-5.sql
diff --git a/public/update.sh b/scripts/update.sh
similarity index 100%
rename from public/update.sh
rename to scripts/update.sh