* Add "Install non-free firmwares" option

* Add Enable/Disable Service feature
* Add Secure/Unsecure Wifi feature

conf/hostapd.conf.tpl

@@ -27,8 +27,8 @@ macaddr_acl=0
 auth_algs=1
 ignore_broadcast_ssid=0
 
-wpa=2
-wpa_passphrase=<TPL:WIFI_PASSPHRASE>
-wpa_key_mgmt=WPA-PSK
-wpa_pairwise=TKIP
-rsn_pairwise=CCMP
+<TPL:SEC_COMMENT>wpa=2
+<TPL:SEC_COMMENT>wpa_passphrase=<TPL:WIFI_PASSPHRASE>
+<TPL:SEC_COMMENT>wpa_key_mgmt=WPA-PSK
+<TPL:SEC_COMMENT>wpa_pairwise=TKIP
+<TPL:SEC_COMMENT>rsn_pairwise=CCMP

conf/init_ynh-hotspot

@@ -150,6 +150,12 @@ start_hostapd() {
     sed "s|<TPL:N_COMMENT>|#|g" -i /etc/hostapd/hostapd.conf
   fi
 
+  if [ "${ynh_wifi_secure}" -eq 1 ]; then
+    sed "s|<TPL:SEC_COMMENT>||g" -i /etc/hostapd/hostapd.conf
+  else
+    sed "s|<TPL:SEC_COMMENT>|#|g" -i /etc/hostapd/hostapd.conf
+  fi
+
   service hostapd start
 }
 
@@ -235,8 +241,10 @@ if [ "$1" != restart ]; then
   
   echo -n "Retrieving Yunohost settings... "
   
+  ynh_service_enabled=$(moulinette_get service_enabled)
   ynh_wifi_device=$(moulinette_get wifi_device)
   ynh_wifi_ssid=$(moulinette_get wifi_ssid)
+  ynh_wifi_secure=$(moulinette_get wifi_secure)
   ynh_wifi_passphrase=$(moulinette_get wifi_passphrase)
   ynh_wifi_channel=$(moulinette_get wifi_channel)
   ynh_wifi_n=$(moulinette_get wifi_n)
@@ -284,6 +292,8 @@ case "$1" in
   start)
     if is_running; then
       echo "Already started"
+    elif [ "${ynh_service_enabled}" -eq 0 ]; then
+      echo "Disabled service"
     else
       echo "[hotspot] Starting..."
       touch /tmp/.ynh-hotspot-started
@@ -386,6 +396,11 @@ case "$1" in
   status)
     exitcode=0
 
+    if [ "${ynh_service_enabled}" -eq 0 ]; then
+      echo "[ERR] Hotspot Service disabled"
+      exitcode=1
+    fi
+
     echo "[INFO] Autodetected internet interface: ${new_internet_device} (last start: ${old_internet_device})"
 
     if has_ip6delegatedprefix; then

manifest.json

@@ -47,6 +47,15 @@
             "fr": "Choisissez un mot de passe wifi (au minimum 8 caractères pour le WPA2)"
         },
         "example": "VhegT8oev0jZI"
+      },
+      {
+        "name": "firmware_nonfree",
+        "ask": {
+            "en": "Install non-free firmwares for the wifi dongle (yes/no)",
+            "fr": "Installer des firmwares non-libres pour la clé USB wifi (yes/no)"
+        },
+        "example": "yes",
+        "default": "yes"
       }
     ]
   }

manifest.json.options

@@ -49,6 +49,15 @@
         "example": "VhegT8oev0jZI"
       },
       {
+        "name": "firmware_nonfree",
+        "ask": {
+            "en": "Install non-free firmwares for the wifi dongle (yes/no)",
+            "fr": "Installer des firmwares non-libres pour la clé USB wifi (yes/no)"
+        },
+        "example": "yes",
+        "default": "yes"
+      },
+      {
         "name": "ip6_net",
         "ask": {
             "en": "Select your IPv6 delegated prefix (leave empty if your Internet Service Provider does not give you a delegated prefix, but you will not have IPv6)",

scripts/install

@@ -22,13 +22,14 @@ domain=${1}
 url_path=${2}
 wifi_ssid=${3}
 wifi_passphrase=${4}
+firmware_nonfree=${5}
 
 ##
 ## These arguments are optional but YunoHost is not yet able to handle them with the web installer
 ## See manifest.json.options
 ##
 #
-#ip6_net=${5}
+#ip6_net=${6}
 
 # Check arguments
 if [ -z "${wifi_ssid}" -o -z "${wifi_passphrase}" ]; then
@@ -59,7 +60,11 @@ packages='php5-fpm sipcalc hostapd iptables wireless-tools dnsmasq'
 
 # Packaged USB Wireless Device firmwares
 # Based on https://wiki.debian.org/WiFi#USB_Devices
-packages="$packages firmware-atheros atmel-firmware firmware-linux-free firmware-linux-nonfree firmware-realtek firmware-ralink firmware-libertas zd1211-firmware"
+if [ "${firmware_nonfree}" == yes ]; then
+  packages="$packages firmware-atheros atmel-firmware firmware-linux-free firmware-linux-nonfree firmware-realtek firmware-ralink firmware-libertas zd1211-firmware"
+else
+  packages="$packages firmware-linux-free"
+fi
 
 sudo apt-get --assume-yes --force-yes install ${packages}
 
@@ -109,7 +114,9 @@ if [ $? -eq 0 ]; then
 fi
 
 # Save arguments
+sudo yunohost app setting hotspot service_enabled -v 1
 sudo yunohost app setting hotspot wifi_ssid -v "${wifi_ssid}"
+sudo yunohost app setting hotspot wifi_secure -v 1
 sudo yunohost app setting hotspot wifi_passphrase -v "${wifi_passphrase}"
 sudo yunohost app setting hotspot wifi_device -v "${wifi_device}"
 sudo yunohost app setting hotspot wifi_channel -v 6

sources/controller.php

@@ -87,7 +87,9 @@ dispatch('/', function() {
   $ip6_net = ($ip6_net == 'none') ? '' : $ip6_net;
   $ip4_nat_prefix = moulinette_get('ip4_nat_prefix');
 
+  set('service_enabled', moulinette_get('service_enabled'));
   set('wifi_ssid', moulinette_get('wifi_ssid'));
+  set('wifi_secure', moulinette_get('wifi_secure'));
   set('wifi_passphrase', moulinette_get('wifi_passphrase'));
   set('wifi_channel', moulinette_get('wifi_channel'));
   set('wifi_n', moulinette_get('wifi_n'));
@@ -111,95 +113,111 @@ dispatch_put('/settings', function() {
 
   $ip6_net = empty($_POST['ip6_net']) ? 'none' : $_POST['ip6_net'];
   $ip6_addr = 'none';
+  $service_enabled = isset($_POST['service_enabled']) ? 1 : 0;
+  $wifi_secure = isset($_POST['wifi_secure']) ? 1 : 0;
 
-  try {
-    if(empty($_POST['wifi_ssid']) || empty($_POST['wifi_passphrase']) || empty($_POST['wifi_channel'])) {
-      throw new Exception(T_('Your Wifi Hotspot needs a name, a password and a channel'));
-    }
-
-    if(strlen($_POST['wifi_passphrase']) < 8 || strlen($_POST['wifi_passphrase']) > 63) {
-      throw new Exception(T_('Your password must from 8 to 63 characters (WPA2 passphrase)'));
-    }
-
-    if(preg_match('/[^[:print:]]/', $_POST['wifi_passphrase'])) {
-      throw new Exception(T_('Only printable ASCII characters are permitted in your password'));
-    }
-
-    if(!$wifi_device_exists) {
-      throw new Exception(T_('The wifi antenna interface seems not exist on the system'));
-    }
-
-    if($ip6_net != 'none') {
-      $ip6_net = ipv6_expanded($ip6_net);
+  if($service_enabled == 1) {
+    try {
+      if(empty($_POST['wifi_ssid']) || empty($_POST['wifi_passphrase']) || empty($_POST['wifi_channel'])) {
+        throw new Exception(T_('Your Wifi Hotspot needs a name, a password and a channel'));
+      }
   
-      if(empty($ip6_net)) {
-        throw new Exception(T_('The IPv6 Delegated Prefix format looks bad'));
+      if(strlen($_POST['wifi_passphrase']) < 8 || strlen($_POST['wifi_passphrase']) > 63) {
+        throw new Exception(T_('Your password must from 8 to 63 characters (WPA2 passphrase)'));
       }
   
-      $ip6_blocs = explode(':', $ip6_net);
-      $ip6_addr = "${ip6_blocs[0]}:${ip6_blocs[1]}:${ip6_blocs[2]}:${ip6_blocs[3]}:${ip6_blocs[4]}:${ip6_blocs[5]}:${ip6_blocs[6]}:42";
+      if(preg_match('/[^[:print:]]/', $_POST['wifi_passphrase'])) {
+        throw new Exception(T_('Only printable ASCII characters are permitted in your password'));
+      }
   
-      $ip6_net = ipv6_compressed($ip6_net);
-      $ip6_addr = ipv6_compressed($ip6_addr);
-    }
-
-    $ip6_dns0 = ipv6_expanded($ip6_dns0);
-
-    if(empty($_POST['ip6_dns0'])) {
-      throw new Exception(T_('The format of the first IPv6 DNS Resolver looks bad'));
-    }
-
-    $ip6_dns0 = ipv6_compressed($ip6_dns0);
-    $ip6_dns1 = ipv6_expanded($ip6_dns1);
-
-    if(empty($_POST['ip6_dns1'])) {
-      throw new Exception(T_('The format of the second IPv6 DNS Resolver looks bad'));
+      if(!$wifi_device_exists) {
+        throw new Exception(T_('The wifi antenna interface seems not exist on the system'));
+      }
+  
+      if($ip6_net != 'none') {
+        $ip6_net = ipv6_expanded($ip6_net);
+    
+        if(empty($ip6_net)) {
+          throw new Exception(T_('The IPv6 Delegated Prefix format looks bad'));
+        }
+    
+        $ip6_blocs = explode(':', $ip6_net);
+        $ip6_addr = "${ip6_blocs[0]}:${ip6_blocs[1]}:${ip6_blocs[2]}:${ip6_blocs[3]}:${ip6_blocs[4]}:${ip6_blocs[5]}:${ip6_blocs[6]}:42";
+    
+        $ip6_net = ipv6_compressed($ip6_net);
+        $ip6_addr = ipv6_compressed($ip6_addr);
+      }
+  
+      $ip6_dns0 = ipv6_expanded($ip6_dns0);
+  
+      if(empty($_POST['ip6_dns0'])) {
+        throw new Exception(T_('The format of the first IPv6 DNS Resolver looks bad'));
+      }
+  
+      $ip6_dns0 = ipv6_compressed($ip6_dns0);
+      $ip6_dns1 = ipv6_expanded($ip6_dns1);
+  
+      if(empty($_POST['ip6_dns1'])) {
+        throw new Exception(T_('The format of the second IPv6 DNS Resolver looks bad'));
+      }
+  
+      $ip6_dns1 = ipv6_compressed($ip6_dns1);
+  
+      if(inet_pton($_POST['ip4_dns0']) === false) {
+        throw new Exception(T_('The format of the first IPv4 DNS Resolver looks bad'));
+      }
+  
+      if(inet_pton($_POST['ip4_dns1']) === false) {
+        throw new Exception(T_('The format of the second IPv4 DNS Resolver looks bad'));
+      }
+  
+      if(inet_pton("${_POST['ip4_nat_prefix']}.0") === false) {
+        throw new Exception(T_('The format of the IPv4 NAT Prefix (/24) looks bad : x.x.x expected)'));
+      }
+  
+      if(filter_var("${_POST['ip4_nat_prefix']}.0", FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE) !== false) {
+        throw new Exception(T_('The IPv4 NAT Prefix must be from a private range'));
+      }
+  
+    } catch(Exception $e) {
+      flash('error', $e->getMessage().' ('.T_('configuration not updated').').');
+      goto redirect;
     }
+  }
 
-    $ip6_dns1 = ipv6_compressed($ip6_dns1);
+  stop_service();
 
-    if(inet_pton($_POST['ip4_dns0']) === false) {
-      throw new Exception(T_('The format of the first IPv4 DNS Resolver looks bad'));
-    }
+  moulinette_set('service_enabled', $service_enabled);
 
-    if(inet_pton($_POST['ip4_dns1']) === false) {
-      throw new Exception(T_('The format of the second IPv4 DNS Resolver looks bad'));
-    }
+  if($service_enabled == 1) {
+    moulinette_set('wifi_ssid', $_POST['wifi_ssid']);
+    moulinette_set('wifi_secure', $wifi_secure);
 
-    if(inet_pton("${_POST['ip4_nat_prefix']}.0") === false) {
-      throw new Exception(T_('The format of the IPv4 NAT Prefix (/24) looks bad : x.x.x expected)'));
+    if($wifi_secure == 1) {
+      moulinette_set('wifi_passphrase', $_POST['wifi_passphrase']);
     }
 
-    if(filter_var("${_POST['ip4_nat_prefix']}.0", FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE) !== false) {
-      throw new Exception(T_('The IPv4 NAT Prefix must be from a private range'));
+    moulinette_set('wifi_channel', $_POST['wifi_channel']);
+    moulinette_set('wifi_n', isset($_POST['wifi_n']) ? 1 : 0);
+    moulinette_set('wifi_device', $_POST['wifi_device']);
+    moulinette_set('ip6_net', $ip6_net);
+    moulinette_set('ip6_addr', $ip6_addr);
+    moulinette_set('ip6_dns0', $_POST['ip6_dns0']);
+    moulinette_set('ip6_dns1', $_POST['ip6_dns1']);
+    moulinette_set('ip4_nat_prefix', $_POST['ip4_nat_prefix']);
+    moulinette_set('ip4_dns0', $_POST['ip4_dns0']);
+    moulinette_set('ip4_dns1', $_POST['ip4_dns1']);
+
+    $retcode = start_service();
+
+    if($retcode == 0) {
+      flash('success', T_('Configuration updated and service successfully reloaded'));
+    } else {
+      flash('error', T_('Configuration updated but service reload failed'));
     }
 
-  } catch(Exception $e) {
-    flash('error', $e->getMessage().' ('.T_('configuration not updated').').');
-    goto redirect;
-  }
-
-  stop_service();
-
-  moulinette_set('wifi_ssid', $_POST['wifi_ssid']);
-  moulinette_set('wifi_passphrase', $_POST['wifi_passphrase']);
-  moulinette_set('wifi_channel', $_POST['wifi_channel']);
-  moulinette_set('wifi_n', isset($_POST['wifi_n']) ? 1 : 0);
-  moulinette_set('wifi_device', $_POST['wifi_device']);
-  moulinette_set('ip6_net', $ip6_net);
-  moulinette_set('ip6_addr', $ip6_addr);
-  moulinette_set('ip6_dns0', $_POST['ip6_dns0']);
-  moulinette_set('ip6_dns1', $_POST['ip6_dns1']);
-  moulinette_set('ip4_nat_prefix', $_POST['ip4_nat_prefix']);
-  moulinette_set('ip4_dns0', $_POST['ip4_dns0']);
-  moulinette_set('ip4_dns1', $_POST['ip4_dns1']);
-
-  $retcode = start_service();
-
-  if($retcode == 0) {
-    flash('success', T_('Configuration updated and service successfully reloaded'));
   } else {
-    flash('error', T_('Configuration updated but service reload failed'));
+      flash('success', T_('Service successfully disabled'));
   }
 
   redirect:

sources/public/js/custom.js

@@ -101,6 +101,22 @@ $(document).ready(function() {
   $('#wifiparty_close').click(function() {
     $('#wifiparty_screen').hide();
   });
+
+  $('#wifi_secure').change(function() {
+    if($('#wifi_secure').parent().hasClass('off')) {
+      $('.secure').hide('slow');
+    } else {
+      $('.secure').show('slow');
+    }
+  });
+
+  $('#service_enabled').change(function() {
+    if($('#service_enabled').parent().hasClass('off')) {
+      $('.enabled').hide('slow');
+    } else {
+      $('.enabled').show('slow');
+    }
+  });
 });
 
 $(document).keydown(function(e) {

sources/views/settings.html.php

@@ -65,6 +65,23 @@
 
       <div class="panel panel-default">
         <div class="panel-heading">
+          <h3 class="panel-title"><?= T_("Service") ?></h3>
+        </div>
+
+        <div style="padding: 14px 14px 0 10px">
+          <div class="form-group">
+            <label for="wifi_secure" class="col-sm-3 control-label"><?= T_('Hotspot Enabled') ?></label>
+            <div class="col-sm-9 input-group-btn" data-toggle="tooltip" ?>">
+              <div class="input-group">
+                <input type="checkbox" class="form-control switch" name="service_enabled" id="service_enabled" value="1" <?= $service_enabled == 1 ? 'checked="checked"' : '' ?> />
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+
+      <div class="panel panel-default enabled" <?= $service_enabled == 0 ? 'style="display: none"' : '' ?>>
+        <div class="panel-heading">
           <h3 class="panel-title"><?= T_("Wifi") ?></h3>
         </div>
 
@@ -75,8 +92,17 @@
               <input type="text" class="form-control" name="wifi_ssid" id="wifi_ssid" placeholder="myNeutralNetwork" value="<?= $wifi_ssid ?>" />
             </div>
           </div>
-  
+
           <div class="form-group">
+            <label for="wifi_secure" class="col-sm-3 control-label"><?= T_('Secure') ?></label>
+            <div class="col-sm-9 input-group-btn" data-toggle="tooltip" data-title="<?= T_('Disabling the Secure Wifi allows everyone to join the hotspot and spy the traffic (but it\'s perfect for a PirateBox)') ?>">
+              <div class="input-group">
+                <input type="checkbox" class="form-control switch" name="wifi_secure" id="wifi_secure" value="1" <?= $wifi_secure == 1 ? 'checked="checked"' : '' ?> />
+              </div>
+            </div>
+          </div>
+  
+          <div class="form-group secure" <?= $wifi_secure == 0 ? 'style="display: none"' : '' ?>>
             <label for="wifi_passphrase" class="col-sm-3 control-label"><?= T_('Password (WPA2)') ?></label>
             <div class="input-group col-sm-9" style="padding: 0 15px">
               <input type="text" data-toggle="tooltip" data-title="<?= T_('At least 8 characters') ?>" class="form-control" name="wifi_passphrase" id="wifi_passphrase" placeholder="VhegT8oev0jZI" value="<?= $wifi_passphrase ?>" />
@@ -107,8 +133,8 @@
             </div>
           </div>
 
-          <div class="form-group">
-            <label for="wifi_passphrase" class="col-sm-3 control-label"><?= T_('Wifi N') ?></label>
+          <div class="form-group" style="display: none">
+            <label for="wifi_n" class="col-sm-3 control-label"><?= T_('Wifi N') ?></label>
             <div class="col-sm-9 input-group-btn" data-toggle="tooltip" data-title="<?= T_('Only if your antenna is 802.11n compliant') ?>">
               <div class="input-group">
                 <input type="checkbox" class="form-control switch" name="wifi_n" id="wifi_n" value="1" <?= $wifi_n == 1 ? 'checked="checked"' : '' ?> />
@@ -131,7 +157,7 @@
         </div>
       </div>
 
-      <div class="panel panel-success">
+      <div class="panel panel-success enabled" <?= $service_enabled == 0 ? 'style="display: none"' : '' ?>>
         <div class="panel-heading">
           <h3 class="panel-title" data-toggle="tooltip" data-title="<?= T_('Real Internet') ?>"><?= T_("IPv6") ?></h3>
         </div>
@@ -168,7 +194,7 @@
         </div>
       </div>
 
-      <div class="panel panel-danger">
+      <div class="panel panel-danger enabled" <?= $service_enabled == 0 ? 'style="display: none"' : '' ?>>
         <div class="panel-heading">
           <h3 class="panel-title" data-toggle="tooltip" data-title="<?= T_('Old Internet') ?>"><?= T_("IPv4") ?></h3>
         </div>