2020-04-07 17:45:16 +00:00
|
|
|
import uuid
|
2020-04-11 19:37:36 +00:00
|
|
|
import ipaddress
|
2020-04-07 17:45:16 +00:00
|
|
|
|
2020-03-02 06:17:04 +00:00
|
|
|
from django.db import models
|
2020-04-03 17:27:49 +00:00
|
|
|
from django.contrib.auth import get_user_model
|
|
|
|
from django.core.validators import MinValueValidator, MaxValueValidator
|
2020-10-11 20:32:08 +00:00
|
|
|
from django.core.exceptions import FieldError
|
2020-04-03 17:27:49 +00:00
|
|
|
|
2020-10-11 20:32:08 +00:00
|
|
|
class UncloudNetwork(models.Model):
|
|
|
|
"""
|
|
|
|
Storing IP networks
|
|
|
|
"""
|
|
|
|
|
|
|
|
network_address = models.GenericIPAddressField(null=False, unique=True)
|
|
|
|
network_mask = models.IntegerField(null=False,
|
|
|
|
validators=[MinValueValidator(0),
|
|
|
|
MaxValueValidator(128)]
|
|
|
|
)
|
|
|
|
|
|
|
|
description = models.CharField(max_length=256)
|
|
|
|
|
|
|
|
@classmethod
|
|
|
|
def populate_db_defaults(cls):
|
|
|
|
for net, desc in [
|
|
|
|
( "2a0a:e5c0:11::", "uncloud Billing" ),
|
2020-10-25 12:52:36 +00:00
|
|
|
( "2a0a:e5c0:11:1::", "uncloud Referral" ),
|
|
|
|
( "2a0a:e5c0:11:2::", "uncloud Coupon" )
|
2020-10-11 20:32:08 +00:00
|
|
|
]:
|
|
|
|
obj, created = cls.objects.get_or_create(network_address=net,
|
|
|
|
defaults= {
|
|
|
|
'network_mask': 64,
|
|
|
|
'description': desc
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
def save(self, *args, **kwargs):
|
|
|
|
if not ':' in self.network_address and self.network_mask > 32:
|
|
|
|
raise FieldError("Mask cannot exceed 32 for IPv4")
|
|
|
|
|
|
|
|
super().save(*args, **kwargs)
|
2020-04-03 17:27:49 +00:00
|
|
|
|
|
|
|
|
2020-10-11 20:32:08 +00:00
|
|
|
def __str__(self):
|
|
|
|
return f"{self.network_address}/{self.network_mask} {self.description}"
|
2020-04-06 20:30:01 +00:00
|
|
|
|
|
|
|
class MACAdress(models.Model):
|
|
|
|
default_prefix = 0x420000000000
|
|
|
|
|
2020-10-11 20:32:08 +00:00
|
|
|
class VPNPool(models.Model):
|
2020-04-03 17:27:49 +00:00
|
|
|
"""
|
|
|
|
Network address pools from which VPNs can be created
|
|
|
|
"""
|
|
|
|
|
2020-04-07 17:45:16 +00:00
|
|
|
uuid = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
|
2020-04-03 17:27:49 +00:00
|
|
|
|
2020-04-07 17:45:16 +00:00
|
|
|
network = models.GenericIPAddressField(unique=True)
|
2020-04-03 17:27:49 +00:00
|
|
|
network_size = models.IntegerField(validators=[MinValueValidator(0),
|
|
|
|
MaxValueValidator(128)])
|
|
|
|
|
2020-04-08 14:24:39 +00:00
|
|
|
subnetwork_size = models.IntegerField(validators=[
|
|
|
|
MinValueValidator(0),
|
|
|
|
MaxValueValidator(128)
|
|
|
|
])
|
2020-04-07 17:45:16 +00:00
|
|
|
|
2020-04-06 20:30:01 +00:00
|
|
|
vpn_hostname = models.CharField(max_length=256)
|
|
|
|
|
|
|
|
wireguard_private_key = models.CharField(max_length=48)
|
|
|
|
|
2020-04-08 14:24:39 +00:00
|
|
|
@property
|
|
|
|
def num_maximum_networks(self):
|
|
|
|
"""
|
|
|
|
sample:
|
|
|
|
network_size = 40
|
|
|
|
subnetwork_size = 48
|
|
|
|
maximum_networks = 2^(48-40)
|
|
|
|
|
|
|
|
2nd sample:
|
|
|
|
network_size = 8
|
|
|
|
subnetwork_size = 24
|
|
|
|
maximum_networks = 2^(24-8)
|
|
|
|
"""
|
|
|
|
|
[vpn] make a vpn creat-able!
[15:40] line:~% http -a nicoschottelius:$(pass ungleich.ch/nico.schottelius@ungleich.ch) http://localhost:8000/net/vpn/ network_size=48 wireguard_public_key=$(wg genkey | wg pubkey)
HTTP/1.1 201 Created
Allow: GET, POST, HEAD, OPTIONS
Content-Length: 206
Content-Type: application/json
Date: Sun, 12 Apr 2020 13:40:26 GMT
Server: WSGIServer/0.2 CPython/3.7.3
Vary: Accept
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
{
"extra_data": null,
"network": "2a0a:e5c1:203::",
"order": null,
"owner": 30,
"status": "PENDING",
"uuid": "8f977a8f-e06a-4346-94ae-8f525df58b7b",
"wireguard_public_key": "JvCuUTZHm9unasJkGsLKN0Bf/hu6ZSIv7dnIGPyJ6xA="
}
2020-04-12 13:40:39 +00:00
|
|
|
return 2**(self.subnetwork_size - self.network_size)
|
2020-04-08 14:24:39 +00:00
|
|
|
|
|
|
|
@property
|
|
|
|
def used_networks(self):
|
[vpn] make a vpn creat-able!
[15:40] line:~% http -a nicoschottelius:$(pass ungleich.ch/nico.schottelius@ungleich.ch) http://localhost:8000/net/vpn/ network_size=48 wireguard_public_key=$(wg genkey | wg pubkey)
HTTP/1.1 201 Created
Allow: GET, POST, HEAD, OPTIONS
Content-Length: 206
Content-Type: application/json
Date: Sun, 12 Apr 2020 13:40:26 GMT
Server: WSGIServer/0.2 CPython/3.7.3
Vary: Accept
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
{
"extra_data": null,
"network": "2a0a:e5c1:203::",
"order": null,
"owner": 30,
"status": "PENDING",
"uuid": "8f977a8f-e06a-4346-94ae-8f525df58b7b",
"wireguard_public_key": "JvCuUTZHm9unasJkGsLKN0Bf/hu6ZSIv7dnIGPyJ6xA="
}
2020-04-12 13:40:39 +00:00
|
|
|
return self.vpnnetworkreservation_set.filter(vpnpool=self, status='used')
|
|
|
|
|
|
|
|
@property
|
|
|
|
def free_networks(self):
|
|
|
|
return self.vpnnetworkreservation_set.filter(vpnpool=self, status='free')
|
2020-04-08 14:24:39 +00:00
|
|
|
|
|
|
|
@property
|
|
|
|
def num_used_networks(self):
|
|
|
|
return len(self.used_networks)
|
|
|
|
|
|
|
|
@property
|
|
|
|
def num_free_networks(self):
|
[vpn] make a vpn creat-able!
[15:40] line:~% http -a nicoschottelius:$(pass ungleich.ch/nico.schottelius@ungleich.ch) http://localhost:8000/net/vpn/ network_size=48 wireguard_public_key=$(wg genkey | wg pubkey)
HTTP/1.1 201 Created
Allow: GET, POST, HEAD, OPTIONS
Content-Length: 206
Content-Type: application/json
Date: Sun, 12 Apr 2020 13:40:26 GMT
Server: WSGIServer/0.2 CPython/3.7.3
Vary: Accept
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
{
"extra_data": null,
"network": "2a0a:e5c1:203::",
"order": null,
"owner": 30,
"status": "PENDING",
"uuid": "8f977a8f-e06a-4346-94ae-8f525df58b7b",
"wireguard_public_key": "JvCuUTZHm9unasJkGsLKN0Bf/hu6ZSIv7dnIGPyJ6xA="
}
2020-04-12 13:40:39 +00:00
|
|
|
return self.num_maximum_networks - self.num_used_networks + len(self.free_networks)
|
2020-04-08 14:24:39 +00:00
|
|
|
|
|
|
|
@property
|
|
|
|
def next_free_network(self):
|
[vpn] make a vpn creat-able!
[15:40] line:~% http -a nicoschottelius:$(pass ungleich.ch/nico.schottelius@ungleich.ch) http://localhost:8000/net/vpn/ network_size=48 wireguard_public_key=$(wg genkey | wg pubkey)
HTTP/1.1 201 Created
Allow: GET, POST, HEAD, OPTIONS
Content-Length: 206
Content-Type: application/json
Date: Sun, 12 Apr 2020 13:40:26 GMT
Server: WSGIServer/0.2 CPython/3.7.3
Vary: Accept
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
{
"extra_data": null,
"network": "2a0a:e5c1:203::",
"order": null,
"owner": 30,
"status": "PENDING",
"uuid": "8f977a8f-e06a-4346-94ae-8f525df58b7b",
"wireguard_public_key": "JvCuUTZHm9unasJkGsLKN0Bf/hu6ZSIv7dnIGPyJ6xA="
}
2020-04-12 13:40:39 +00:00
|
|
|
if self.num_free_networks == 0:
|
|
|
|
# FIXME: use right exception
|
2020-04-08 14:24:39 +00:00
|
|
|
raise Exception("No free networks")
|
|
|
|
|
[vpn] make a vpn creat-able!
[15:40] line:~% http -a nicoschottelius:$(pass ungleich.ch/nico.schottelius@ungleich.ch) http://localhost:8000/net/vpn/ network_size=48 wireguard_public_key=$(wg genkey | wg pubkey)
HTTP/1.1 201 Created
Allow: GET, POST, HEAD, OPTIONS
Content-Length: 206
Content-Type: application/json
Date: Sun, 12 Apr 2020 13:40:26 GMT
Server: WSGIServer/0.2 CPython/3.7.3
Vary: Accept
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
{
"extra_data": null,
"network": "2a0a:e5c1:203::",
"order": null,
"owner": 30,
"status": "PENDING",
"uuid": "8f977a8f-e06a-4346-94ae-8f525df58b7b",
"wireguard_public_key": "JvCuUTZHm9unasJkGsLKN0Bf/hu6ZSIv7dnIGPyJ6xA="
}
2020-04-12 13:40:39 +00:00
|
|
|
if len(self.free_networks) > 0:
|
|
|
|
return self.free_networks[0].address
|
2020-04-08 14:24:39 +00:00
|
|
|
|
[vpn] make a vpn creat-able!
[15:40] line:~% http -a nicoschottelius:$(pass ungleich.ch/nico.schottelius@ungleich.ch) http://localhost:8000/net/vpn/ network_size=48 wireguard_public_key=$(wg genkey | wg pubkey)
HTTP/1.1 201 Created
Allow: GET, POST, HEAD, OPTIONS
Content-Length: 206
Content-Type: application/json
Date: Sun, 12 Apr 2020 13:40:26 GMT
Server: WSGIServer/0.2 CPython/3.7.3
Vary: Accept
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
{
"extra_data": null,
"network": "2a0a:e5c1:203::",
"order": null,
"owner": 30,
"status": "PENDING",
"uuid": "8f977a8f-e06a-4346-94ae-8f525df58b7b",
"wireguard_public_key": "JvCuUTZHm9unasJkGsLKN0Bf/hu6ZSIv7dnIGPyJ6xA="
}
2020-04-12 13:40:39 +00:00
|
|
|
if len(self.used_networks) > 0:
|
2020-04-08 14:24:39 +00:00
|
|
|
"""
|
|
|
|
sample:
|
|
|
|
|
|
|
|
pool = 2a0a:e5c1:200::/40
|
|
|
|
last_used = 2a0a:e5c1:204::/48
|
|
|
|
|
|
|
|
next:
|
|
|
|
"""
|
|
|
|
|
[vpn] make a vpn creat-able!
[15:40] line:~% http -a nicoschottelius:$(pass ungleich.ch/nico.schottelius@ungleich.ch) http://localhost:8000/net/vpn/ network_size=48 wireguard_public_key=$(wg genkey | wg pubkey)
HTTP/1.1 201 Created
Allow: GET, POST, HEAD, OPTIONS
Content-Length: 206
Content-Type: application/json
Date: Sun, 12 Apr 2020 13:40:26 GMT
Server: WSGIServer/0.2 CPython/3.7.3
Vary: Accept
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
{
"extra_data": null,
"network": "2a0a:e5c1:203::",
"order": null,
"owner": 30,
"status": "PENDING",
"uuid": "8f977a8f-e06a-4346-94ae-8f525df58b7b",
"wireguard_public_key": "JvCuUTZHm9unasJkGsLKN0Bf/hu6ZSIv7dnIGPyJ6xA="
}
2020-04-12 13:40:39 +00:00
|
|
|
last_net = ipaddress.ip_network(self.used_networks.last().address)
|
2020-04-11 19:37:36 +00:00
|
|
|
last_net_ip = last_net[0]
|
|
|
|
|
|
|
|
if last_net_ip.version == 6:
|
|
|
|
offset_to_next = 2**(128 - self.subnetwork_size)
|
|
|
|
elif last_net_ip.version == 4:
|
|
|
|
offset_to_next = 2**(32 - self.subnetwork_size)
|
2020-04-08 14:24:39 +00:00
|
|
|
|
2020-04-11 19:37:36 +00:00
|
|
|
next_net_ip = last_net_ip + offset_to_next
|
2020-04-08 14:24:39 +00:00
|
|
|
|
[vpn] make a vpn creat-able!
[15:40] line:~% http -a nicoschottelius:$(pass ungleich.ch/nico.schottelius@ungleich.ch) http://localhost:8000/net/vpn/ network_size=48 wireguard_public_key=$(wg genkey | wg pubkey)
HTTP/1.1 201 Created
Allow: GET, POST, HEAD, OPTIONS
Content-Length: 206
Content-Type: application/json
Date: Sun, 12 Apr 2020 13:40:26 GMT
Server: WSGIServer/0.2 CPython/3.7.3
Vary: Accept
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
{
"extra_data": null,
"network": "2a0a:e5c1:203::",
"order": null,
"owner": 30,
"status": "PENDING",
"uuid": "8f977a8f-e06a-4346-94ae-8f525df58b7b",
"wireguard_public_key": "JvCuUTZHm9unasJkGsLKN0Bf/hu6ZSIv7dnIGPyJ6xA="
}
2020-04-12 13:40:39 +00:00
|
|
|
return str(next_net_ip)
|
|
|
|
else:
|
|
|
|
# first network to be created
|
|
|
|
return self.network
|
|
|
|
|
|
|
|
@property
|
|
|
|
def wireguard_config_filename(self):
|
|
|
|
return '/etc/wireguard/{}.conf'.format(self.network)
|
|
|
|
|
|
|
|
@property
|
|
|
|
def wireguard_config(self):
|
|
|
|
wireguard_config = [
|
|
|
|
"""
|
|
|
|
[Interface]
|
|
|
|
ListenPort = 51820
|
|
|
|
PrivateKey = {privatekey}
|
|
|
|
""".format(privatekey=self.wireguard_private_key) ]
|
|
|
|
|
|
|
|
peers = []
|
|
|
|
|
2020-04-12 20:55:22 +00:00
|
|
|
for reservation in self.vpnnetworkreservation_set.filter(status='used'):
|
|
|
|
public_key = reservation.vpnnetwork_set.first().wireguard_public_key
|
|
|
|
peer_network = "{}/{}".format(reservation.address, self.subnetwork_size)
|
|
|
|
owner = reservation.vpnnetwork_set.first().owner
|
[vpn] make a vpn creat-able!
[15:40] line:~% http -a nicoschottelius:$(pass ungleich.ch/nico.schottelius@ungleich.ch) http://localhost:8000/net/vpn/ network_size=48 wireguard_public_key=$(wg genkey | wg pubkey)
HTTP/1.1 201 Created
Allow: GET, POST, HEAD, OPTIONS
Content-Length: 206
Content-Type: application/json
Date: Sun, 12 Apr 2020 13:40:26 GMT
Server: WSGIServer/0.2 CPython/3.7.3
Vary: Accept
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
{
"extra_data": null,
"network": "2a0a:e5c1:203::",
"order": null,
"owner": 30,
"status": "PENDING",
"uuid": "8f977a8f-e06a-4346-94ae-8f525df58b7b",
"wireguard_public_key": "JvCuUTZHm9unasJkGsLKN0Bf/hu6ZSIv7dnIGPyJ6xA="
}
2020-04-12 13:40:39 +00:00
|
|
|
|
|
|
|
peers.append("""
|
2020-04-12 20:55:22 +00:00
|
|
|
# Owner: {owner}
|
[vpn] make a vpn creat-able!
[15:40] line:~% http -a nicoschottelius:$(pass ungleich.ch/nico.schottelius@ungleich.ch) http://localhost:8000/net/vpn/ network_size=48 wireguard_public_key=$(wg genkey | wg pubkey)
HTTP/1.1 201 Created
Allow: GET, POST, HEAD, OPTIONS
Content-Length: 206
Content-Type: application/json
Date: Sun, 12 Apr 2020 13:40:26 GMT
Server: WSGIServer/0.2 CPython/3.7.3
Vary: Accept
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
{
"extra_data": null,
"network": "2a0a:e5c1:203::",
"order": null,
"owner": 30,
"status": "PENDING",
"uuid": "8f977a8f-e06a-4346-94ae-8f525df58b7b",
"wireguard_public_key": "JvCuUTZHm9unasJkGsLKN0Bf/hu6ZSIv7dnIGPyJ6xA="
}
2020-04-12 13:40:39 +00:00
|
|
|
[Peer]
|
|
|
|
PublicKey = {public_key}
|
|
|
|
AllowedIPs = {peer_network}
|
2020-04-12 20:55:22 +00:00
|
|
|
""".format(
|
|
|
|
owner=owner,
|
|
|
|
public_key=public_key,
|
|
|
|
peer_network=peer_network))
|
[vpn] make a vpn creat-able!
[15:40] line:~% http -a nicoschottelius:$(pass ungleich.ch/nico.schottelius@ungleich.ch) http://localhost:8000/net/vpn/ network_size=48 wireguard_public_key=$(wg genkey | wg pubkey)
HTTP/1.1 201 Created
Allow: GET, POST, HEAD, OPTIONS
Content-Length: 206
Content-Type: application/json
Date: Sun, 12 Apr 2020 13:40:26 GMT
Server: WSGIServer/0.2 CPython/3.7.3
Vary: Accept
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
{
"extra_data": null,
"network": "2a0a:e5c1:203::",
"order": null,
"owner": 30,
"status": "PENDING",
"uuid": "8f977a8f-e06a-4346-94ae-8f525df58b7b",
"wireguard_public_key": "JvCuUTZHm9unasJkGsLKN0Bf/hu6ZSIv7dnIGPyJ6xA="
}
2020-04-12 13:40:39 +00:00
|
|
|
|
|
|
|
wireguard_config.extend(peers)
|
|
|
|
|
|
|
|
return "\n".join(wireguard_config)
|
|
|
|
|
|
|
|
|
|
|
|
def configure_wireguard_vpnserver(self):
|
|
|
|
"""
|
|
|
|
This method is designed to run as a celery task and should
|
|
|
|
not be called directly from the web
|
|
|
|
"""
|
|
|
|
|
|
|
|
# subprocess, ssh
|
|
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
2020-10-11 20:32:08 +00:00
|
|
|
class VPNNetworkReservation(models.Model):
|
2020-04-03 17:27:49 +00:00
|
|
|
"""
|
2020-04-08 14:24:39 +00:00
|
|
|
This class tracks the used VPN networks. It will be deleted, when the product is cancelled.
|
|
|
|
"""
|
2020-04-03 17:27:49 +00:00
|
|
|
vpnpool = models.ForeignKey(VPNPool,
|
2020-04-08 14:24:39 +00:00
|
|
|
on_delete=models.CASCADE)
|
[vpn] make a vpn creat-able!
[15:40] line:~% http -a nicoschottelius:$(pass ungleich.ch/nico.schottelius@ungleich.ch) http://localhost:8000/net/vpn/ network_size=48 wireguard_public_key=$(wg genkey | wg pubkey)
HTTP/1.1 201 Created
Allow: GET, POST, HEAD, OPTIONS
Content-Length: 206
Content-Type: application/json
Date: Sun, 12 Apr 2020 13:40:26 GMT
Server: WSGIServer/0.2 CPython/3.7.3
Vary: Accept
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
{
"extra_data": null,
"network": "2a0a:e5c1:203::",
"order": null,
"owner": 30,
"status": "PENDING",
"uuid": "8f977a8f-e06a-4346-94ae-8f525df58b7b",
"wireguard_public_key": "JvCuUTZHm9unasJkGsLKN0Bf/hu6ZSIv7dnIGPyJ6xA="
}
2020-04-12 13:40:39 +00:00
|
|
|
|
2020-04-07 17:45:16 +00:00
|
|
|
address = models.GenericIPAddressField(primary_key=True)
|
|
|
|
|
2020-04-08 14:24:39 +00:00
|
|
|
status = models.CharField(max_length=256,
|
2020-04-09 12:28:46 +00:00
|
|
|
default='used',
|
2020-04-08 14:24:39 +00:00
|
|
|
choices = (
|
|
|
|
('used', 'used'),
|
|
|
|
('free', 'free')
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
2020-04-07 17:45:16 +00:00
|
|
|
|
2020-09-28 18:59:08 +00:00
|
|
|
class VPNNetwork(models.Model):
|
2020-04-07 17:45:16 +00:00
|
|
|
"""
|
|
|
|
A selected network. Used for tracking reservations / used networks
|
|
|
|
"""
|
|
|
|
network = models.ForeignKey(VPNNetworkReservation,
|
2020-04-08 14:24:39 +00:00
|
|
|
on_delete=models.CASCADE,
|
|
|
|
editable=False)
|
2020-03-02 06:17:04 +00:00
|
|
|
|
2020-04-06 20:30:01 +00:00
|
|
|
wireguard_public_key = models.CharField(max_length=48)
|
2020-04-12 20:55:22 +00:00
|
|
|
|
2020-10-06 13:46:22 +00:00
|
|
|
# default_recurring_period = RecurringPeriod.PER_365D
|
2020-05-07 18:22:42 +00:00
|
|
|
|
|
|
|
@property
|
|
|
|
def recurring_price(self):
|
|
|
|
return 120
|
|
|
|
|
|
|
|
|
2020-04-12 20:55:22 +00:00
|
|
|
def delete(self, *args, **kwargs):
|
|
|
|
self.network.status = 'free'
|
|
|
|
self.network.save()
|
|
|
|
super().save(*args, **kwargs)
|
|
|
|
print("deleted {}".format(self))
|