Simple webapp for config#1616
Conversation
|
|
| await ws.close() | ||
| else: | ||
| p = await asyncio.create_subprocess_shell( | ||
| msg.data, |
There was a problem hiding this comment.
This spawns a process based on data received from an unauthenticated websocket.
Which basically means... assuming a victim launched this server an attacker can prepare a website that would connect to localhost websocket (new WebSocket("ws://127.0.0.1:8080/ws");) and then send proper payload to execute arbitrary code on victim's machine.
It would be much better not to spawn any processes at all and if it is really needed, the connection must be authenticated.
There was a problem hiding this comment.
@disconnect3d does Ansible provides API for launching playbooks other than from the command line?
Also, implementation depends highly on how this script will be used (see my questions in PR description) - if you consider host it as "cloud VPN solution", as dosxvpn or tinfoilsecurity.com does - it would need auth middleware to support multiple tenants. If it supposed to be run only on the local machine - probably Ansible python API (if applicable) would work better.
The current implementation doesn't assume any of the above - it works like web UI for collecting ansible CLI arguments, reflect its progress and be shut down after VPN is set up.
There was a problem hiding this comment.
@summerisgone Yes, take a look at this https://docs.ansible.com/ansible/latest/dev_guide/developing_api.html
There was a problem hiding this comment.
Thanks, I probably missed that API from the first time. Will check it out!
There was a problem hiding this comment.
@jackivanov I'm not good at ansible, could you help me or give an advice?
I'm able to run playbook from this snippet:
PlaybookCLI(['ansible-playbook', 'main.yml']).run()But in that case I can't display feedback, which is valuable, since installation process takes a long time and may exit with error. I'm looking for snippet which allows to set up custom stdout_callback and play scenario from yaml file, like above.
There was a problem hiding this comment.
@summerisgone You don't seem to be running ansible via the API. You can find a working example by the link I sent above
There was a problem hiding this comment.
@jackivanov example you provided doesn't allow to load playbooks
There was a problem hiding this comment.
@jackivanov or @disconnect3d could you please take another look on current approach of executing playbooks from web?
|
|
||
| display.display(taskmsg) | ||
|
|
||
| return inventory.groups['vpn-host'].hosts[0].vars |
There was a problem hiding this comment.
Here are original lines, the only I changed:
https://github.com/ansible/ansible/blob/devel/lib/ansible/cli/playbook.py#L193-L195
I made assumption that playbook will provision only one host
summerisgone
force-pushed
the
196-simple-webapp-config
branch
from
4d0037c to
76c88d2
Compare
|
Updated description with fresh demo |
|
Guys, I need help with MS Azure provider, it doesn't allow to create account from my country! 🤯 |
|
Have issues with Hetzner as well: they disabled my account without description. Reaching out their support |
summerisgone
force-pushed
the
196-simple-webapp-config
branch
from
52c5e1f to
3c6d0da
Compare
|
Rebased on recent master |
summerisgone
force-pushed
the
196-simple-webapp-config
branch
from
24378d5 to
15b0d1f
Compare
|
Would the web interface also work on windows? I am interesting in progressing Algo VPN both as a project for school and to gain more insight into the programming world. |
As long as Windows has modern browser (Edge, Chrome, Firefox) - web would work |
|
Would it make sense to have this UI in a separate repository? |
This branch haven't been updated for a long time, so it would require the rebase. Algo is focused on CLI interface and supposed to ask those questions on its side, see #196. I don't have resources atm to support the codebase as a separate project, feel free to take it over ) |
|
I'm going to pick this up myself some time soon. I still have a lot of other support requests to get through first though. I'm making slow progress, thanks to Claude Code. |
|
Ok welp, it's been 6 years but I finally got around to building this feature! Thank you @summerisgone. I'm going to work off my branch here and close this PR: #14916 |
|
If you need any help or review, don't mind to tag me! |
7 participants
Simple webapp for #196
Description
Web server introduces two new requirements: pyyaml + aiohttp.
To launch it run
python app/server.pyand open http://localhost:9000/. Server will show interactive forms for users configuration and will allow to proceed with digitalocean (only yet) setup.Demo:
Motivation and Context
Your project helped me out when I had issues with ISP country-wide. I want to give back.
How Has This Been Tested?
Tests will be added by the time of scaling app to all providers.
Types of changes
Checklist:
✅ I have read the CONTRIBUTING document.
🤷♂ My code follows the code style of this
My change requires a change to the documentation.
I have updated the documentation accordingly.
I have added tests to cover my changes.
All new and existing tests passed.
Add all supported cloud providers
Make installation process persistent per-connection and controllable (now user can't terminate it)
Success screen 😅