First beta, without arguments checking (install and web admin)

conf/init_ynh-vpnclient

@@ -31,8 +31,7 @@ is_serverip6route_set() {
 }
 
 is_openvpn_running() {
-  # service openvpn status seems to be a joke
-  ip link show dev tun0 &> /dev/null
+  service openvpn status client &> /dev/null
 }
 
 is_running() {
@@ -65,7 +64,7 @@ start_openvpn() {
   else
     proto=udp
     [ "${ynh_server_proto}" == tcp ] && proto=tcp-client
-  else
+  fi
 
   cp /etc/openvpn/client.conf{.tpl,}
 
@@ -73,7 +72,7 @@ start_openvpn() {
   sed "s|<TPL:SERVER_PORT>|${ynh_server_port}|g" -i /etc/openvpn/client.conf
   sed "s|<TPL:PROTO>|${proto}|g" -i /etc/openvpn/client.conf
 
-  if [ "${proto}" =~ udp ]
+  if [[ "${proto}" =~ udp ]]; then
     sed 's|^<TPL:UDP_COMMENT>||' -i /etc/openvpn/client.conf
   else
     sed 's|^<TPL:UDP_COMMENT>|;|' -i /etc/openvpn/client.conf
@@ -165,6 +164,10 @@ case "$1" in
 
         start_openvpn "${new_ip6_gw}" "${new_server_ip6}"
 
+        if [ ! $? -eq 0 ]; then
+          exit 1
+        fi
+
         i=0
         false || while [ $? -ne 0 ]; do
           (( i++ ))
@@ -220,10 +223,6 @@ case "$1" in
       stop_openvpn
     fi
   ;;
-  restart)
-    $0 stop
-    $0 start
-  ;;
   status)
     exitcode=0
 
@@ -259,7 +258,7 @@ case "$1" in
     exit ${exitcode}
   ;;
   *)
-    echo "Usage: $0 {start|stop|restart|status}"
+    echo "Usage: $0 {start|stop|status}"
     exit 1
   ;;
 esac

conf/nginx_vpnadmin.conf

@@ -11,6 +11,7 @@ location <TPL:NGINX_LOCATION> {
            fastcgi_pass unix:/var/run/php5-fpm-<TPL:PHP_NAME>.sock;
            fastcgi_index index.php;
            include fastcgi_params;
+           fastcgi_read_timeout 600;
            fastcgi_param   REMOTE_USER   $remote_user;
            fastcgi_param  PATH_INFO $fastcgi_path_info;
        }

conf/phpfpm_vpnadmin.conf

@@ -159,7 +159,7 @@ ping.path = /ping
 ; does not stop script execution for some reason. A value of '0' means 'off'.
 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
 ; Default Value: 0
-request_terminate_timeout = 120s
+request_terminate_timeout = 600s
 
 ; The timeout for serving a single request after which a PHP backtrace will be
 ; dumped to the 'slowlog' file. A value of '0s' means 'off'.

scripts/install

@@ -52,12 +52,12 @@ sudo chmod -R 0644 /var/www/vpnadmin/*
 sudo find /var/www/vpnadmin/ -type d -exec chmod +x {} \;
 
 # Copy certificates
-sudo mkdir -pm 0700 /etc/openvpn/keys/
-sudo chown root: /etc/openvpn/keys/
+sudo mkdir -pm 0770 /etc/openvpn/keys/
+sudo chown root:admins /etc/openvpn/keys/
 
-sudo install -b -o root -g root -m 0600 "${crt_client_path}" /etc/openvpn/keys/user.crt
-sudo install -b -o root -g root -m 0600 "${crt_client_key_path}" /etc/openvpn/keys/user.key
-sudo install -b -o root -g root -m 0600 "${crt_server_ca_path}" /etc/openvpn/keys/ca-server.crt
+sudo install -b -o root -g admins -m 0660 "${crt_client_path}" /etc/openvpn/keys/user.crt
+sudo install -b -o root -g admins -m 0660 "${crt_client_key_path}" /etc/openvpn/keys/user.key
+sudo install -b -o root -g admins -m 0660 "${crt_server_ca_path}" /etc/openvpn/keys/ca-server.crt
 
 sudo rm -f "${crt_client_path}" "${crt_client_key_path}" "${crt_server_ca_path}"
 
@@ -72,9 +72,10 @@ sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i "/etc/nginx/conf.d/${domain}.d/vpnadmi
 
 ## php-fpm
 sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
-sudo sed 's|<TPL:PHP_USER>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
-sudo sed 's|<TPL:PHP_GROUP>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
+sudo sed 's|<TPL:PHP_USER>|admin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
+sudo sed 's|<TPL:PHP_GROUP>|admins|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
 sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
+sudo sed 's|^;\?\s*max_execution_time.\+|max_execution_time = 600|' -i /etc/php5/fpm/php.ini
 
 # Fix sources
 sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /var/www/vpnadmin/config.php
@@ -82,10 +83,6 @@ sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /var/www/vpnadmin/config.php
 # Copy init script
 sudo install -b -o root -g root -m 0755 ../conf/init_ynh-vpnclient /etc/init.d/ynh-vpnclient
 
-# Allow vpnadmin web interface to manage rights
-sudo chmod 0470 /etc/yunohost/apps/vpnclient/settings.yml
-sudo chown root:vpnadmin /etc/yunohost/apps/vpnclient/settings.yml
-
 # Set default inits
 # The openvpn configuration is modified before the start, so the service is disabled by default
 # and the ynh-vpnclient service handles it.
@@ -101,7 +98,6 @@ sudo yunohost service start php5-fpm
 
 sudo yunohost service add ynh-vpnclient
 sudo yunohost service enable ynh-vpnclient
-#sudo yunohost service start ynh-vpnclient
 sudo service ynh-vpnclient start
 
 sudo service nginx reload

sources/controller.php

@@ -1,32 +1,71 @@
 <?php
 
+function moulinette_get($var) {
+  return htmlspecialchars(exec("sudo yunohost app setting vpnclient ".escapeshellarg($var)));
+}
+
+function moulinette_set($var, $value) {
+  return exec("sudo yunohost app setting vpnclient ".escapeshellarg($var)." -v ".escapeshellarg($value));
+}
+
+function restart_service() {
+  exec('sudo service ynh-vpnclient stop');
+  exec('sudo service ynh-vpnclient start', $output, $retcode);
+
+  return $retcode;
+}
 
 dispatch('/', function() {
-    set('title', T_('Configure your VPN client'));
-    return render('settings.html.php');
+  set('title', T_('VPN client'));
+
+  set('server_name', moulinette_get('server_name'));
+  set('server_port', moulinette_get('server_port'));
+  set('server_proto', moulinette_get('server_proto'));
+
+  return render('settings.html.php');
 });
 
 dispatch_put('/settings', function() {
-    $success_message = "";
-    foreach ($_POST as $key => $value) {
-        $success_message = $success_message.T_("Parameter ").$key.": ".$value."<br>";
-    }
-    flash('success', $success_message);
-    redirect_to('/');
+  moulinette_set('server_name', $_POST['server_name']);
+  moulinette_set('server_port', $_POST['server_port']);
+  moulinette_set('server_proto', $_POST['server_proto']);
+
+  if($_FILES['crt_client']['error'] == UPLOAD_ERR_OK) {
+    move_uploaded_file($_FILES['crt_client']['tmp_name'], '/etc/openvpn/keys/user.crt');
+  }
+
+  if($_FILES['crt_client_key']['error'] == UPLOAD_ERR_OK) {
+    move_uploaded_file($_FILES['crt_client_key']['tmp_name'], '/etc/openvpn/keys/user.key');
+  }
+
+  if($_FILES['crt_server_ca']['error'] == UPLOAD_ERR_OK) {
+    move_uploaded_file($_FILES['crt_server_ca']['tmp_name'], '/etc/openvpn/keys/ca-server.crt');
+  }
+
+  $retcode = restart_service();
+
+  if($retcode == 0) {
+    flash('success', T_('Configuration updated and service successfully reloaded'));
+  } else {
+    flash('error', T_('Configuration updated but service reload failed'));
+  }
+
+  redirect_to('/');
 });
 
 dispatch('/lang/:locale', function($locale = 'en') {
-    switch ($locale) {
-        case 'fr':
-            $_SESSION['locale'] = 'fr';
-            break;
-        default:
-            $_SESSION['locale'] = 'en';
-            break;
-    }
-    if(!empty($_GET['redirect_to']))
-        redirect_to($_GET['redirect_to']);
-    else
-        redirect_to('/');
-});
+  switch ($locale) {
+    case 'fr':
+      $_SESSION['locale'] = 'fr';
+      break;
+
+    default:
+      $_SESSION['locale'] = 'en';
+  }
 
+  if(!empty($_GET['redirect_to'])) {
+    redirect_to($_GET['redirect_to']);
+  } else {
+    redirect_to('/');
+  }
+});

sources/public/js/custom.js

@@ -1,5 +1,14 @@
 $(document).ready(function() {
   $('.btn-group').button();
   $('[data-toggle="tooltip"]').tooltip();
-});
 
+  $('.fileinput').click(function() {
+    var realinputid = '#' + $(this).attr('id').replace(/_chooser.*/, '');
+    $(realinputid).click();
+  });
+
+  $('input[type="file"]').change(function() {
+    var choosertxtid = '#' + $(this).attr('id') + '_choosertxt';
+    $(choosertxtid).val($(this).val());
+  });
+});

sources/views/layout.html.php

@@ -4,37 +4,36 @@
 <!--[if IE 8]> <html class="no-js lt-ie9" lang="en"> <![endif]-->
 <!--[if gt IE 8]><!--> <html class="no-js" lang="<?= $locale ?>"> <!--<![endif]-->
 <head>
-    <meta charset="utf-8">
-    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
-    <title>VPN Client <? echo (isset($title)) ? "| ".$title : "" ?></title>
-    <meta name="viewport" content="width=device-width">
-    <link media="all" type="text/css" href="<?= PUBLIC_DIR ?>/bootstrap/css/bootstrap.min.css" rel="stylesheet">
-    <link media="all" type="text/css" href="<?= PUBLIC_DIR ?>/bootstrap/css/bootstrap-theme.min.css" rel="stylesheet">
-    <link media="all" type="text/css" href="<?= PUBLIC_DIR ?>/css/style.css" rel="stylesheet">
-    <script src="<?= PUBLIC_DIR ?>/jquery/jquery-2.1.1.min.js"></script>
-    <script src="<?= PUBLIC_DIR ?>/bootstrap/js/bootstrap.min.js"></script>
-    <script src="<?= PUBLIC_DIR ?>/js/custom.js"></script>
+  <meta charset="utf-8">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+  <title>VPN Client <? echo (isset($title)) ? "| ".$title : "" ?></title>
+  <meta name="viewport" content="width=device-width">
+  <link media="all" type="text/css" href="<?= PUBLIC_DIR ?>/bootstrap/css/bootstrap.min.css" rel="stylesheet">
+  <link media="all" type="text/css" href="<?= PUBLIC_DIR ?>/bootstrap/css/bootstrap-theme.min.css" rel="stylesheet">
+  <link media="all" type="text/css" href="<?= PUBLIC_DIR ?>/css/style.css" rel="stylesheet">
+  <script src="<?= PUBLIC_DIR ?>/jquery/jquery-2.1.1.min.js"></script>
+  <script src="<?= PUBLIC_DIR ?>/bootstrap/js/bootstrap.min.js"></script>
+  <script src="<?= PUBLIC_DIR ?>/js/custom.js"></script>
 </head>
 <body>
-    <div class="container">
-        <? if (isset($flash['error'])) { ?>
-            <div class="alert alert-dismissible alert-error fade in" role="alert">
-                <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
-                <strong><?= T_('Error') ?>:</strong> <?= $flash['error'] ?>
-            </div>
-        <? } elseif (isset($flash['notice'])) { ?>
-            <div class="alert alert-dismissible alert-info fade in" role="alert">
-                <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
-                <strong><?= T_('Notice') ?>:</strong> <?= $flash['notice'] ?>
-            </div>
-        <? } elseif (isset($flash['success'])) { ?>
-            <div class="alert alert-dismissible alert-success fade in" role="alert">
-                <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
-                <?= $flash['success'] ?>
-            </div>
-        <? } ?>
-
-        <?= $content?>
+  <div class="container">
+    <? if (isset($flash['error'])) { ?>
+      <div class="alert alert-dismissible alert-danger fade in" style="margin-top: 20px" role="alert">
+        <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
+        <strong><?= T_('Error') ?>:</strong> <?= $flash['error'] ?>
+      </div>
+    <? } elseif (isset($flash['notice'])) { ?>
+      <div class="alert alert-dismissible alert-info fade in" style="margin-top: 20px" role="alert">
+        <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
+        <strong><?= T_('Notice') ?>:</strong> <?= $flash['notice'] ?>
+      </div>
+    <? } elseif (isset($flash['success'])) { ?>
+      <div class="alert alert-dismissible alert-success fade in" style="margin-top: 20px" role="alert">
+        <button type="button" class="close" data-dismiss="alert"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
+        <?= $flash['success'] ?>
+      </div>
+    <? } ?>
 
+    <?= $content?>
 </body>
 </html>

sources/views/settings.html.php

@@ -1,57 +1,71 @@
 <h2><?= T_("VPN Client Configuration") ?></h2>
-<hr>
+
+<hr />
+
 <div class="row">
-    <div class="col-sm-offset-2 col-sm-8">
-        <form method="post" action="settings" class="form-horizontal" role="form">
-            <input type="hidden" name="_method" value="put" />
-            <div class="form-group">
-                <label for="server_name" class="col-sm-3 control-label"><?= T_('Server Address') ?></label>
-                <div class="col-sm-9">
-                    <input type="text" class="form-control" name="server_name" id="server_name" placeholder="access.ldn-fai.net">
-                </div>
-            </div>
-            <div class="form-group">
-                <label for="server_port" class="col-sm-3 control-label"><?= T_('Server Port') ?></label>
-                <div class="col-sm-9">
-                    <input type="text" data-toggle="tooltip" data-title="<?= T_('With restricted access, you should use 443 (TCP) or 53 (UDP)') ?>" class="form-control" name="server_port" id="server_port" placeholder="1194">
-                </div>
-            </div>
-            <div class="form-group">
-                <label for="server_port" class="col-sm-3 control-label"><?= T_('Protocol') ?></label>
-		<div class="btn-group col-sm-9" data-toggle="buttons">
-		    <label class="btn btn-default active">
-		        <input type="radio" name="server_proto" value="udp"> <?= T_('UDP') ?>
-		    </label>
-
-		    <label class="btn btn-default" data-toggle="tooltip" data-title="<?= T_('UDP is more efficient than TCP (but more filtered in case of restrictive access)') ?>">
-		        <input type="radio" name="server_proto" value="tcp"> <?= T_('TCP') ?>
-		    </label>
-		</div>
-            </div>
-            <div class="form-group">
-                <label for="crt_client" class="col-sm-3 control-label"><?= T_('Client Certificate') ?></label>
-		<div class="btn-group col-sm-9">
-		    <textarea class="form-control" name="crt_client" id="crt_client" placeholder="-----BEGIN CERTIFICATE-----"></textarea>
-		</div>
-            </div>
-            <div class="form-group">
-                <label for="crt_client_key" class="col-sm-3 control-label"><?= T_('Client Certificate Key') ?></label>
-		<div class="btn-group col-sm-9">
-		    <textarea class="form-control" name="crt_client_key" id="crt_client_key" placeholder="-----BEGIN PRIVATE KEY-----"></textarea>
-		</div>
-            </div>
-            <div class="form-group">
-                <label for="crt_server_ca" class="col-sm-3 control-label"><?= T_('Server Certificate Authority') ?></label>
-		<div class="btn-group col-sm-9">
-		    <textarea class="form-control" name="crt_server_ca" id="crt_server_ca" placeholder="-----BEGIN CERTIFICATE-----"></textarea>
-		</div>
-            </div>
-
-            <div class="form-group">
-                <div class="col-xs-offset-3 col-sm-9">
-                    <button type="submit" class="btn btn-default"><?= T_('Save and reload') ?></button>
-                </div>
-            </div>
-        </form>
-    </div>
+  <div class="col-sm-offset-2 col-sm-8">
+    <form method="post" enctype="multipart/form-data" action="?/settings" class="form-horizontal" role="form">
+      <input type="hidden" name="_method" value="put" />
+
+      <div class="form-group">
+        <label for="server_name" class="col-sm-3 control-label"><?= T_('Server Address') ?></label>
+        <div class="col-sm-9">
+          <input type="text" class="form-control" name="server_name" id="server_name" placeholder="access.ldn-fai.net" value="<?= $server_name ?>" />
+        </div>
+      </div>
+
+      <div class="form-group">
+        <label for="server_port" class="col-sm-3 control-label"><?= T_('Server Port') ?></label>
+        <div class="col-sm-9">
+          <input type="text" data-toggle="tooltip" data-title="<?= T_('With restricted access, you should use 443 (TCP) or 53 (UDP)') ?>" class="form-control" name="server_port" id="server_port" placeholder="1194" value="<?= $server_port ?>" />
+        </div>
+      </div>
+
+      <div class="form-group">
+        <label for="server_port" class="col-sm-3 control-label"><?= T_('Protocol') ?></label>
+        <div class="btn-group col-sm-9" data-toggle="buttons">
+          <label class="btn btn-default <?= $server_proto == 'udp' ? 'active' : '' ?>">
+            <input type="radio" name="server_proto" value="udp" <?= $server_proto == 'udp' ? 'checked="cheked"' : '' ?> /> <?= T_('UDP') ?>
+          </label>
+
+          <label class="btn btn-default <?= $server_proto == 'tcp' ? 'active' : '' ?>" data-toggle="tooltip" data-title="<?= T_('UDP is more efficient than TCP (but more filtered in case of restrictive access)') ?>">
+            <input type="radio" name="server_proto" value="tcp" <?= $server_proto == 'tcp' ? 'checked="cheked"' : '' ?> /> <?= T_('TCP') ?>
+          </label>
+        </div>
+      </div>
+
+      <div class="form-group">
+        <label for="crt_client" class="col-sm-3 control-label"><?= T_('Update Client Cert.') ?></label>
+        <div class="input-group col-sm-9" style="padding: 0 15px">
+          <input id="crt_client" name="crt_client" type="file" style="display: none" />
+          <input type="text" class="form-control fileinput" id="crt_client_choosertxt" placeholder="-----BEGIN CERTIFICATE-----" readonly="readonly" />
+          <a class="btn input-group-addon fileinput" id="crt_client_chooserbtn"><?= T_('Browse') ?></a>
+        </div>
+      </div>
+
+      <div class="form-group">
+        <label for="crt_client_key" class="col-sm-3 control-label"><?= T_('Update Client Cert. Key') ?></label>
+        <div class="input-group col-sm-9" style="padding: 0 15px">
+          <input id="crt_client_key" name="crt_client_key" type="file" style="display: none" />
+          <input type="text" class="form-control fileinput" id="crt_client_key_choosertxt" placeholder="-----BEGIN PRIVATE KEY-----" readonly="readonly" />
+          <a class="btn input-group-addon fileinput" id="crt_client_key_chooserbtn"><?= T_('Browse') ?></a>
+        </div>
+      </div>
+
+      <div class="form-group">
+        <label for="crt_server_ca" class="col-sm-3 control-label"><?= T_('Update Server CA') ?></label>
+        <div class="input-group col-sm-9" style="padding: 0 15px">
+          <input id="crt_server_ca" name="crt_server_ca" type="file" style="display: none" />
+          <input type="text" class="form-control fileinput" id="crt_server_ca_choosertxt" placeholder="-----BEGIN CERTIFICATE-----" readonly="readonly" />
+          <a class="btn input-group-addon fileinput" id="crt_server_ca_chooserbtn"><?= T_('Browse') ?></a>
+        </div>
+      </div>
+
+      <div class="form-group">
+        <div class="col-xs-offset-3 col-sm-9">
+          <button type="submit" class="btn btn-default" data-toggle="tooltip" data-title="<?= T_('Reloading may take a few minutes. Be patient.') ?>"><?= T_('Save and reload') ?></button>
+        </div>
+      </div>
+    </form>
+  </div>
 </div>