Simple webapp for config

[summerisgone]

Simple webapp for #196

Description

Web server introduces two new requirements: pyyaml + aiohttp.
To launch it run python app/server.py and open http://localhost:9000/. Server will show interactive forms for users configuration and will allow to proceed with digitalocean (only yet) setup.

Demo:

Motivation and Context

Your project helped me out when I had issues with ISP country-wide. I want to give back.

How Has This Been Tested?

Tests will be added by the time of scaling app to all providers.

Types of changes

• New feature (non-breaking change which adds functionality)

Checklist:

• ✅ I have read the CONTRIBUTING document.

• 🤷‍♂ My code follows the code style of this

• My change requires a change to the documentation.

• I have updated the documentation accordingly.

• I have added tests to cover my changes.

• All new and existing tests passed.

• Add all supported cloud providers

  • DigitalOcean
  • Amazon Lightsail
  • Amazon EC2
  • Microsoft Azure
  • Google Compute Engine
  • Hetzner Cloud
  • Vultr
  • Scaleway
  • Linode
  • OpenStack (DreamCompute optimised)
  • CloudStack (Exoscale optimised)
  • Existing Ubuntu

• Make installation process persistent per-connection and controllable (now user can't terminate it)

• Success screen 😅

[CLAassistant]

All committers have signed the CLA.

[disconnect3d]

This spawns a process based on data received from an unauthenticated websocket.

Which basically means... assuming a victim launched this server an attacker can prepare a website that would connect to localhost websocket (new WebSocket("ws://127.0.0.1:8080/ws");) and then send proper payload to execute arbitrary code on victim's machine.

It would be much better not to spawn any processes at all and if it is really needed, the connection must be authenticated.

[disconnect3d]

See also:

• https://medium.com/@sharan.panegav/account-takeover-using-cross-site-websocket-hijacking-cswh-99cf9cea6c50
• https://security.stackexchange.com/questions/76816/preventing-csrf-attacks-against-websocket-communications

[summerisgone]

@disconnect3d does Ansible provides API for launching playbooks other than from the command line?
Also, implementation depends highly on how this script will be used (see my questions in PR description) - if you consider host it as "cloud VPN solution", as dosxvpn or tinfoilsecurity.com does - it would need auth middleware to support multiple tenants. If it supposed to be run only on the local machine - probably Ansible python API (if applicable) would work better.
The current implementation doesn't assume any of the above - it works like web UI for collecting ansible CLI arguments, reflect its progress and be shut down after VPN is set up.

[jackivanov]

@summerisgone Yes, take a look at this https://docs.ansible.com/ansible/latest/dev_guide/developing_api.html

[summerisgone]

Thanks, I probably missed that API from the first time. Will check it out!

[summerisgone]

@jackivanov I'm not good at ansible, could you help me or give an advice?
I'm able to run playbook from this snippet:

PlaybookCLI(['ansible-playbook', 'main.yml']).run()

But in that case I can't display feedback, which is valuable, since installation process takes a long time and may exit with error. I'm looking for snippet which allows to set up custom stdout_callback and play scenario from yaml file, like above.

[jackivanov]

@summerisgone You don't seem to be running ansible via the API. You can find a working example by the link I sent above

[summerisgone]

@jackivanov example you provided doesn't allow to load playbooks

[jackivanov]

I'm not well familiar with Ansible API, but as far I recall, there is a class called PlaybookExecutor that can be used. See here and here

[summerisgone]

@jackivanov or @disconnect3d could you please take another look on current approach of executing playbooks from web?

[summerisgone]

Here are original lines, the only I changed:
https://github.com/ansible/ansible/blob/devel/lib/ansible/cli/playbook.py#L193-L195

I made assumption that playbook will provision only one host

[summerisgone]

Updated description with fresh demo

[summerisgone]

Guys, I need help with MS Azure provider, it doesn't allow to create account from my country! 🤯

[summerisgone]

Have issues with Hetzner as well: they disabled my account without description. Reaching out their support

[summerisgone]

Rebased on recent master

[thy-dye]

Would the web interface also work on windows? I am interesting in progressing Algo VPN both as a project for school and to gain more insight into the programming world.

[summerisgone]

Would the web interface also work on windows? I am interesting in progressing Algo VPN both as a project for school and to gain more insight into the programming world.

As long as Windows has modern browser (Edge, Chrome, Firefox) - web would work