Merge pull request #89 from EvilFreelancer/master

Total refactoring and a few new features

.bowerrc

@@ -1,3 +0,0 @@
-{
-  "directory": "vendor"
-}

.env.example

@@ -0,0 +1,31 @@
+# Web-application parameters
+APP_PATH=/var/www/html/openvpn-admin
+
+# Database parameters
+DB_HOST=172.17.0.1
+DB_PORT=3306
+DB_NAME=openvpn-admin
+DB_USER=openvpn
+DB_PASS=openvpn_pass
+
+# OpenVPN settings
+VPN_ADDR=localhost
+VPN_PORT=1194
+VPN_PROTO=tcp
+VPN_GROUP=nogroup
+VPN_INIF=tun0
+VPN_OUTIF=eth0
+VPN_NET=10.8.0.0/24
+
+# OpenVPN key parameters
+EASYRSA_KEY_SIZE=2048
+EASYRSA_CA_EXPIRE=3650
+EASYRSA_CERT_EXPIRE=3650
+EASYRSA_REQ_COUNTRY="US"
+EASYRSA_REQ_PROVINCE="California"
+EASYRSA_REQ_CITY="San Francisco"
+EASYRSA_REQ_ORG="Copyleft Certificate Co"
+EASYRSA_REQ_OU="My Organizational Unit"
+EASYRSA_REQ_EMAIL=me@example.net
+EASYRSA_REQ_CN=ChangeMe
+EASYRSA_BATCH=true

.gitignore

@@ -1,2 +1,12 @@
-.phpintel
+/.phpintel
-vendor/
+/.env
+/.idea/
+/vendor/
+/node_modules/
+/composer.lock
+/package-lock.json
+/public/css/
+/public/fonts/
+/public/js/
+/public/img/
+/public/client-conf/

README.md

@@ -16,12 +16,20 @@ Administrate its OpenVPN with a web interface (logs visualisations, users managi
   * PHP >= 5.5 with modules:
     * zip
     * pdo_mysql
-  * bower
+  * composer
+  * npm
   * unzip
   * wget
   * sed
   * curl
 
+### Debian Stretch
+
+````
+# apt-get install openvpn nginx composer php-fpm php-mysql mysql-server php nodejs unzip git wget sed curl
+# ln -s /usr/bin/nodejs /usr/bin/node
+````
+
 ### Debian Jessie
 
 ````
@@ -46,16 +54,29 @@ Administrate its OpenVPN with a web interface (logs visualisations, users managi
 
 Only tested on Debian Jessie. Feel free to open issues.
 
-## Installation
+## Installation (full)
 
   * Setup OpenVPN and the web application:
 
         $ cd ~/my_coding_workspace
         $ git clone https://github.com/Chocobozzz/OpenVPN-Admin openvpn-admin
         $ cd openvpn-admin
-        # ./install.sh www_base_dir web_user web_group
+        $ npm install
+        $ composer install
+
+You can predefine all environment parameters, just copy example and put your changes in `.env`
+
+    # cp .env.example .env
+
+If you want to make ths full installation (with preparing of MySQL, Web-server and OpenVPN)
+
+    # ./install.sh www_base_dir web_user web_group
+
+If you want to configure only OpenVPN:
+
+    # ./install-openvpn.sh
 
-  * Setup the web server (Apache, NGinx...) to serve the web application.
+  * Setup the web server (Apache, Nginx...) to serve the web application.
   * Create the admin of the web application by visiting `http://your-installation/index.php?installation`
 
 ## Usage

composer.json

@@ -0,0 +1,16 @@
+{
+    "name": "chocobozzz/openvpn-admin",
+    "authors": [
+        {
+            "name": "Florian Bigard",
+            "email": "florian.bigard@gmail.com"
+        },
+        {
+            "name": "Paul Rock",
+            "email": "paul@drteam.rocks"
+        }
+    ],
+    "require": {
+        "vlucas/phpdotenv": "^2.4"
+    }
+}

gulpfile.js

@@ -0,0 +1,62 @@
+var gulp = require('gulp');
+var copy = require('gulp-copy');
+var del = require('del');
+
+gulp.task('default', ['img', 'css', 'font', 'js']);
+
+gulp.task('clean:img', function () {
+    return del(['public/img']);
+});
+
+gulp.task('img', ['clean:img'], function () {
+    return gulp.src('resources/img/**/*')
+        .pipe(gulp.dest('public/img'));
+});
+
+gulp.task('clean:css', function () {
+    return del(['public/css']);
+});
+
+gulp.task('css', ['clean:css'], function () {
+    gulp.src(['resources/css/**/*.css'])
+        .pipe(gulp.dest('public/css'));
+
+    gulp
+        .src([
+            'node_modules/bootstrap/dist/css/bootstrap.min.css',
+            'node_modules/x-editable/dist/bootstrap3-editable/css/bootstrap-editable.css',
+            'node_modules/bootstrap-table/dist/bootstrap-table.min.css',
+            'node_modules/bootstrap-datepicker/dist/css/bootstrap-datepicker3.css'
+        ])
+        .pipe(gulp.dest('public/css'));
+});
+
+gulp.task('clean:font', function() {
+    return del(['public/fonts']);
+});
+
+gulp.task('font', ['clean:font'], function() {
+    return gulp.src([
+        'node_modules/bootstrap/dist/fonts/*',
+    ]).pipe(gulp.dest('public/fonts'));
+});
+
+gulp.task('clean:js', function () {
+    return del(['public/js']);
+});
+
+gulp.task('js', ['clean:js'], function () {
+    gulp.src(['resources/js/**/*.js'])
+        .pipe(gulp.dest('public/js'));
+
+    gulp
+        .src([
+            'node_modules/jquery/dist/jquery.min.js',
+            'node_modules/bootstrap/dist/js/bootstrap.min.js',
+            'node_modules/bootstrap-table/dist/bootstrap-table.min.js',
+            'node_modules/bootstrap-datepicker/dist/js/bootstrap-datepicker.js',
+            'node_modules/bootstrap-table/dist/extensions/editable/bootstrap-table-editable.min.js',
+            'node_modules/x-editable/dist/bootstrap3-editable/js/bootstrap-editable.js'
+        ])
+        .pipe(gulp.dest('public/js'));
+});

include/config.php

@@ -1,7 +1,6 @@
 <?php
-	$host = 'localhost';
+$host   = getenv('DB_HOST');
-	$port = '3306';
+$port   = getenv('DB_PORT');
-	$db   = 'openvpn-admin';
+$db     = getenv('DB_NAME');
-	$user = '';
+$user   = getenv('DB_USER');
-	$pass = '';
+$pass   = getenv('DB_PASS');
-?>

include/connect.php

@@ -1,6 +1,5 @@
 <?php
-  require(dirname(__FILE__) . "/config.php");
+require(__DIR__ . "/config.php");
 
-	$options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION;
+$options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION;
-	$bdd = new PDO("mysql:host=$host;port=$port;dbname=$db", $user, $pass, $options);
+$bdd = new PDO("mysql:host=$host;port=$port;dbname=$db", $user, $pass, $options);
-?>

include/html/grids.php

@@ -83,14 +83,3 @@
       </div>
    </div>
 </div>
-
-<script src="vendor/jquery/dist/jquery.min.js"></script>
-<script src="vendor/bootstrap/js/modal.js"></script>
-<script src="vendor/bootstrap/js/tooltip.js"></script>
-<script src="vendor/bootstrap/js/tab.js"></script>
-<script src="vendor/bootstrap/js/popover.js"></script>
-<script src="vendor/bootstrap-table/dist/bootstrap-table.min.js"></script>
-<script src="vendor/bootstrap-datepicker/dist/js/bootstrap-datepicker.js"></script>
-<script src="vendor/bootstrap-table/dist/extensions/editable/bootstrap-table-editable.min.js"></script>
-<script src="vendor/x-editable/dist/bootstrap3-editable/js/bootstrap-editable.js"></script>
-<script src="js/grids.js"></script>

package.json

@@ -2,21 +2,34 @@
   "name": "openvpn-admin",
   "version": "0.3.2",
   "description": "Setup and administration of openvpn with a web interface",
-  "dependencies": {
+  "homepage": "https://github.com/EvilFreelancer/OpenVPN-Admin#readme",
-    "bootstrap": "^3.3.7",
+  "repository": {
-    "bootstrap-table": "^1.11.0",
+    "type": "git",
-    "jquery": "^2.2.4",
+    "url": "git+https://github.com/EvilFreelancer/OpenVPN-Admin.git"
-    "x-editable": "^1.5.1",
-    "bootstrap-datepicker": "^1.6.4"
   },
+  "authors": [
+    "Florian Bigard <florian.bigard@gmail.com>"
+  ],
   "keywords": [
     "openvpn",
     "admin",
     "setup"
   ],
-  "authors": [
-    "Florian Bigard <florian.bigard@gmail.com>"
-  ],
   "license": "GPLv3",
-  "private": true
+  "bugs": {
+    "url": "https://github.com/EvilFreelancer/OpenVPN-Admin/issues"
+  },
+  "dependencies": {
+    "gulp": "^3.9.0",
+    "gulp-copy": "^1.1.0",
+    "del": "^2.0.0",
+    "bootstrap": "^3.3.7",
+    "bootstrap-table": "^1.11.0",
+    "jquery": "^2.2.4",
+    "x-editable": "^1.5.1",
+    "bootstrap-datepicker": "^1.6.4"
+  },
+  "scripts": {
+    "postinstall": "gulp"
+  }
 }

public/grids.php

@@ -4,9 +4,14 @@
   if(!isset($_SESSION['admin_id']))
     exit -1;
 
-  require(dirname(__FILE__) . '/connect.php');
+  // Enable dotEnv support
-  require(dirname(__FILE__) . '/functions.php');
+  require_once __DIR__ . '/../vendor/autoload.php';
+  (new Dotenv\Dotenv(__DIR__ . '/../'))->load();
 
+  session_start();
+
+  require(dirname(__FILE__) . '/../include/functions.php');
+  require(dirname(__FILE__) . '/../include/connect.php');
 
   // ---------------- SELECT ----------------
   if(isset($_GET['select'])){

public/index.php

@@ -1,8 +1,12 @@
 <?php
+  // Enable dotEnv support
+  require_once __DIR__ . '/../vendor/autoload.php';
+  (new Dotenv\Dotenv(__DIR__ . '/../'))->load();
+
   session_start();
 
-  require(dirname(__FILE__) . '/include/functions.php');
+  require(dirname(__FILE__) . '/../include/functions.php');
-  require(dirname(__FILE__) . '/include/connect.php');
+  require(dirname(__FILE__) . '/../include/connect.php');
 
   // Disconnecting ?
   if(isset($_GET['logout'])){
@@ -95,13 +99,13 @@
 
     <title>OpenVPN-Admin</title>
 
-    <link rel="stylesheet" href="vendor/bootstrap/dist/css/bootstrap.min.css" type="text/css" />
+    <link rel="stylesheet" href="/css/bootstrap.min.css" type="text/css" />
-    <link rel="stylesheet" href="vendor/x-editable/dist/bootstrap3-editable/css/bootstrap-editable.css" type="text/css" />
+    <link rel="stylesheet" href="/css/bootstrap-editable.css" type="text/css" />
-    <link rel="stylesheet" href="vendor/bootstrap-table/dist/bootstrap-table.min.css" type="text/css" />
+    <link rel="stylesheet" href="/css/bootstrap-table.min.css" type="text/css" />
-    <link rel="stylesheet" href="vendor/bootstrap-datepicker/dist/css/bootstrap-datepicker3.css" type="text/css" />
+    <link rel="stylesheet" href="/css/bootstrap-datepicker3.css" type="text/css" />
-    <link rel="stylesheet" href="css/index.css" type="text/css" />
+    <link rel="stylesheet" href="/css/index.css" type="text/css" />
 
-    <link rel="icon" type="image/png" href="css/icon.png">
+    <link rel="icon" type="image/png" href="/img/icon.png">
   </head>
   <body class='container-fluid'>
   <?php
@@ -129,7 +133,7 @@
         // Create the initial tables
         $migrations = getMigrationSchemas();
         foreach ($migrations as $migration_value) {
-          $sql_file = dirname(__FILE__) . "/sql/schema-$migration_value.sql";
+          $sql_file = dirname(__FILE__) . "/../scripts/sql/schema-$migration_value.sql";
           try {
             $sql = file_get_contents($sql_file);
             $bdd->exec($sql);
@@ -158,8 +162,8 @@
       }
       // Print the installation form
       else {
-        require(dirname(__FILE__) . '/include/html/menu.php');
+        require(dirname(__FILE__) . '/../include/html/menu.php');
-        require(dirname(__FILE__) . '/include/html/form/installation.php');
+        require(dirname(__FILE__) . '/../include/html/form/installation.php');
       }
 
       exit(-1);
@@ -170,8 +174,8 @@
       if(isset($error) && $error == true)
         printError('Login error');
 
-      require(dirname(__FILE__) . '/include/html/menu.php');
+      require(dirname(__FILE__) . '/../include/html/menu.php');
-      require(dirname(__FILE__) . '/include/html/form/configuration.php');
+      require(dirname(__FILE__) . '/../include/html/form/configuration.php');
     }
 
 
@@ -180,8 +184,8 @@
       if(isset($error) && $error == true)
         printError('Login error');
 
-      require(dirname(__FILE__) . '/include/html/menu.php');
+      require(dirname(__FILE__) . '/../include/html/menu.php');
-      require(dirname(__FILE__) . '/include/html/form/login.php');
+      require(dirname(__FILE__) . '/../include/html/form/login.php');
     }
 
     // --------------- GRIDS ---------------
@@ -200,9 +204,17 @@
         </div>
       </nav>
 
-  <?php
+      <?php
-      require(dirname(__FILE__) . '/include/html/grids.php');
+          require(dirname(__FILE__) . '/../include/html/grids.php');
-    }
+        }
-  ?>
+      ?>
+
+      <script src="/js/jquery.min.js"></script>
+      <script src="/js/bootstrap.min.js"></script>
+      <script src="/js/bootstrap-table.min.js"></script>
+      <script src="/js/bootstrap-datepicker.js"></script>
+      <script src="/js/bootstrap-table-editable.min.js"></script>
+      <script src="/js/bootstrap-editable.js"></script>
+      <script src="/js/grids.js"></script>
   </body>
 </html>

resources/js/grids.js

@@ -2,7 +2,7 @@ $(function () {
   "use strict";
 
   // ------------------------- GLOBAL definitions -------------------------
-  var gridsUrl = 'include/grids.php';
+  var gridsUrl = 'grids.php';
 
   function deleteFormatter() {
     return "<span class='glyphicon glyphicon-remove action'></span";

scripts/install-openvpn.sh

@@ -0,0 +1,158 @@
+#!/bin/bash
+
+print_error() {
+    echo "$1"
+    exit
+}
+
+read_env() {
+    source "$1"
+#    grep -vE '^#|^$' "$1" | sed -r 's/\ /\\\ /g; s/\=/\t/g' | \
+#    while read env val
+#        do
+#            env - $env="$val"
+#    done
+}
+
+# Ensure to be root
+if [ "$EUID" -ne 0 ]; then
+  echo "Please run as root"
+  exit
+fi
+
+base_path=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+
+# Read dotEnv file
+read_env "$base_path/../.env"
+
+printf "\n################## Server informations ##################\n"
+
+[ ! -z "$VPN_ADDR" ] && echo "VPN_ADDR=$VPN_ADDR"
+[ -z "$VPN_ADDR" ]  && read -p "Server Hostname/IP: " VPN_ADDR
+[ -z "$VPN_ADDR" ]  && print_error "Server address is required!"
+
+[ ! -z "$VPN_PROTO" ] && echo "VPN_PROTO=$VPN_PROTO"
+[ -z "$VPN_PROTO" ] && read -p "OpenVPN protocol (tcp or udp) [tcp]: " VPN_PROTO
+[ -z "$VPN_PROTO" ] && VPN_PROTO="tcp"
+
+[ ! -z "$VPN_PORT" ] && echo "VPN_PORT=$VPN_PORT"
+[ -z "$VPN_PORT" ]  && read -p "OpenVPN port [443]: " VPN_PORT
+[ -z "$VPN_PORT" ]  && VPN_PORT="443"
+
+[ ! -z "$VPN_GROUP" ] && echo "VPN_GROUP=$VPN_GROUP"
+[ -z "$VPN_GROUP" ] && read -p "OpenVPN group [nogroup]: " VPN_GROUP
+[ -z "$VPN_GROUP" ] && VPN_GROUP="nogroup"
+
+[ ! -z "$VPN_INIF" ] && echo "VPN_INIF=$VPN_INIF"
+[ -z "$VPN_INIF" ]  && read -p "OpenVPN input interface [tun0]: " VPN_INIF
+[ -z "$VPN_INIF" ]  && VPN_INIF="tun0"
+
+[ ! -z "VPN_OUTIF" ] && echo "VPN_OUTIF=$VPN_OUTIF"
+[ -z "$VPN_OUTIF" ] && read -p "OpenVPN output interface [eth0]: " VPN_OUTIF
+[ -z "$VPN_OUTIF" ] && VPN_OUTIF="eth0"
+
+[ ! -z "$VPN_NET" ] && echo "VPN_NET=$VPN_NET"
+[ -z "$VPN_NET" ]   && read -p "OpenVPN clients subnet [10.8.0.0/24]: " VPN_NET
+[ -z "$VPN_NET" ]   && VPN_NET="10.8.0.0/24"
+
+
+printf "\n################## Certificates informations ##################\n"
+
+[ -z "$EASYRSA_KEY_SIZE" ]      && read -p "Key size (1024, 2048 or 4096) [2048]: " EASYRSA_KEY_SIZE
+[ -z "$EASYRSA_CA_EXPIRE" ]     && read -p "Root certificate expiration (in days) [3650]: " EASYRSA_CA_EXPIRE
+[ -z "$EASYRSA_CERT_EXPIRE" ]   && read -p "Certificate expiration (in days) [3650]: " EASYRSA_CERT_EXPIRE
+[ -z "$EASYRSA_REQ_COUNTRY" ]   && read -p "Country Name (2 letter code) [US]: " EASYRSA_REQ_COUNTRY
+[ -z "$EASYRSA_REQ_PROVINCE" ]  && read -p "State or Province Name (full name) [California]: " EASYRSA_REQ_PROVINCE
+[ -z "$EASYRSA_REQ_CITY" ]      && read -p "Locality Name (eg, city) [San Francisco]: " EASYRSA_REQ_CITY
+[ -z "$EASYRSA_REQ_ORG" ]       && read -p "Organization Name (eg, company) [Copyleft Certificate Co]: " EASYRSA_REQ_ORG
+[ -z "$EASYRSA_REQ_OU" ]        && read -p "Organizational Unit Name (eg, section) [My Organizational Unit]: " EASYRSA_REQ_OU
+[ -z "$EASYRSA_REQ_EMAIL" ]     && read -p "Email Address [me@example.net]: " EASYRSA_REQ_EMAIL
+[ -z "$EASYRSA_REQ_CN" ]        && read -p "Common Name (eg, your name or your server's hostname) [ChangeMe]: " EASYRSA_REQ_CN
+
+
+printf "\n################## Creating the certificates ##################\n"
+
+EASYRSA_RELEASES=( $(
+  curl -s https://api.github.com/repos/OpenVPN/easy-rsa/releases | \
+  grep 'tag_name' | \
+  grep -E '3(\.[0-9]+)+' | \
+  awk '{ print $2 }' | \
+  sed 's/[,|"|v]//g'
+) )
+EASYRSA_LATEST=${EASYRSA_RELEASES[0]}
+
+# Get the rsa keys
+wget -q https://github.com/OpenVPN/easy-rsa/releases/download/v${EASYRSA_LATEST}/EasyRSA-${EASYRSA_LATEST}.tgz -O /tmp/EasyRSA-${EASYRSA_LATEST}.tgz
+mkdir -p /etc/openvpn/easy-rsa
+tar -xaf /tmp/EasyRSA-${EASYRSA_LATEST}.tgz -C /etc/openvpn/easy-rsa --strip-components=1
+rm -r /tmp/EasyRSA-${EASYRSA_LATEST}.tgz
+cd /etc/openvpn/easy-rsa
+
+# Init PKI dirs and build CA certs
+./easyrsa --batch init-pki
+./easyrsa --batch build-ca nopass
+# Generate Diffie-Hellman parameters
+./easyrsa --batch gen-dh
+# Generate server keypair
+./easyrsa --batch build-server-full server nopass
+
+# Generate shared-secret for TLS Authentication
+openvpn --genkey --secret pki/ta.key
+
+
+printf "\n################## Setup OpenVPN ##################\n"
+
+# Copy certificates and the server configuration in the openvpn directory
+cp /etc/openvpn/easy-rsa/pki/{ca.crt,ta.key,issued/server.crt,private/server.key,dh.pem} "/etc/openvpn/"
+cp "$base_path/installation/server.conf" "/etc/openvpn/"
+mkdir "/etc/openvpn/ccd"
+sed -i "s/port 443/port $VPN_PORT/" "/etc/openvpn/server.conf"
+sed -i "s/proto tcp/proto $VPN_PROTO/" "/etc/openvpn/server.conf"
+sed -i "s/group nogroup/group $VPN_GROUP/" "/etc/openvpn/server.conf"
+
+
+printf "\n################## Setup firewall ##################\n"
+
+# Make ip forwading and make it persistent
+echo 1 > "/proc/sys/net/ipv4/ip_forward"
+echo "net.ipv4.ip_forward = 1" >> "/etc/sysctl.conf"
+
+# Iptable rules
+iptables -I FORWARD -i $VPN_INIF -j ACCEPT
+iptables -I FORWARD -o $VPN_INIF -j ACCEPT
+iptables -I OUTPUT -o $VPN_INIF -j ACCEPT
+
+iptables -A FORWARD -i $VPN_INIF -o $VPN_OUTIF -j ACCEPT
+iptables -t nat -A POSTROUTING -o $VPN_OUTIF -j MASQUERADE
+iptables -t nat -A POSTROUTING -s $VPN_NET -o eth0 -j MASQUERADE
+
+
+printf "\n################## Setup web application ##################\n"
+
+# Copy bash scripts (which will insert row in MySQL)
+cp -r "$base_path/installation/scripts" "/etc/openvpn/"
+chmod +x "/etc/openvpn/scripts/"*
+
+# Configure MySQL in openvpn scripts
+sed -i "s/USER=''/USER='$DB_USER'/" "/etc/openvpn/scripts/config.sh"
+sed -i "s/PASS=''/PASS='$DB_PASS'/" "/etc/openvpn/scripts/config.sh"
+
+cp -r "$base_path/installation/client-conf" "$base_path/../public"
+# New workspace
+cd "$base_path/../public"
+
+# Replace in the client configurations with the ip of the server and openvpn protocol
+for file in "./client-conf/gnu-linux/client.conf" "./client-conf/osx-viscosity/client.conf" "./client-conf/windows/client.ovpn"; do
+  sed -i "s/remote xxx\.xxx\.xxx\.xxx 443/remote $VPN_ADDR $VPN_PORT/" $file
+
+  if [ $VPN_PROTO = "udp" ]; then
+    sed -i "s/proto tcp-client/proto udp/" $file
+  fi
+done
+
+# Copy ta.key inside the client-conf directory
+for directory in "./client-conf/gnu-linux/" "./client-conf/osx-viscosity/" "./client-conf/windows/"; do
+  cp "/etc/openvpn/"{ca.crt,ta.key} $directory
+done
+
+printf "\033[1m\n#################################### Finish ####################################\n"

scripts/installation/server.conf

@@ -66,9 +66,9 @@ verb 3
 # Max 20 messages of the same category
 mute 20
 # Log gile where we put the clients status
-status openvpn-status.log
+status /var/log/openvpn/status.log
 # Log file
-log-append /var/log/openvpn.log
+log-append /var/log/openvpn/openvpn.log
 # Configuration directory of the clients
 client-config-dir ccd