Beispiel #1
0
func apiCreate(userId int, label string, restrictAction string, restrictIp string) (*ApiKey, error) {
	// validate restrictAction
	if len(restrictAction) > MAX_API_RESTRICTION {
		return nil, fmt.Errorf("action restriction JSON content cannot exceed %d characters", MAX_API_RESTRICTION)
	} else if restrictAction != "" {
		var actionRestrictions []*ApiActionRestriction
		err := json.Unmarshal([]byte(restrictAction), &actionRestrictions)
		if err != nil {
			return nil, err
		}
	}

	// validate restrictIp
	if len(restrictIp) > MAX_API_RESTRICTION {
		return nil, fmt.Errorf("IP restriction JSON content cannot exceed %d characters", MAX_API_RESTRICTION)
	} else if restrictIp != "" {
		_, err := ipaddr.ParseNetworks(restrictIp)
		if err != nil {
			return nil, err
		}
	}

	apiId := utils.Uid(16)
	apiKey := utils.Uid(128)
	result := db.Exec(
		"INSERT INTO api_keys (label, user_id, api_id, api_key, restrict_action, restrict_ip) "+
			"VALUES (?, ?, ?, ?, ?, ?)",
		label, userId, apiId, apiKey, restrictAction, restrictIp,
	)
	key := apiGet(userId, result.LastInsertId())
	key.ApiKey = apiKey
	return key, nil
}
Beispiel #2
0
func (this *WHMCS) handleConnector(w http.ResponseWriter, r *http.Request) {
	r.ParseForm()
	if lobster.ExtractIP(r.RemoteAddr) != this.ip || r.PostForm.Get("secret") != this.secret {
		w.WriteHeader(403)
		return
	}

	switch r.PostForm.Get("action") {
	case "register":
		email := r.PostForm.Get("email")
		userId, err := lobster.UserCreate(email, utils.Uid(16), email)
		if err != nil {
			log.Printf("Failed to register account via WHMCS: %s (email=%s)", err.Error(), email)
			http.Error(w, err.Error(), 400)
		} else {
			log.Printf("Registered account via WHMCS (email=%s)", email)
			w.Write([]byte(fmt.Sprintf("%d", userId)))
		}
	case "credit":
		userId, err := strconv.Atoi(r.PostForm.Get("user_id"))
		if err != nil {
			http.Error(w, err.Error(), 400)
			return
		}
		amount, err := strconv.ParseFloat(r.PostForm.Get("amount"), 64)
		if err != nil {
			http.Error(w, err.Error(), 400)
			return
		}
		userDetails := lobster.UserDetails(int(userId))
		if userDetails == nil {
			http.Error(w, "no such user", 400)
			return
		}
		lobster.UserApplyCredit(userId, int64(amount*lobster.BILLING_PRECISION), "Credit via WHMCS")
		w.Write([]byte("ok"))
	case "token":
		userId, err := strconv.Atoi(r.PostForm.Get("user_id"))
		if err != nil {
			http.Error(w, err.Error(), 400)
			return
		}

		token := utils.Uid(TOKEN_LENGTH)
		db := lobster.GetDatabase()
		db.Exec("DELETE FROM whmcs_tokens WHERE time < DATE_SUB(NOW(), INTERVAL 1 MINUTE)")
		db.Exec("INSERT INTO whmcs_tokens (user_id, token) VALUES (?, ?)", userId, token)
		w.Write([]byte(token))
	default:
		http.Error(w, "unknown action", 400)
	}
}
Beispiel #3
0
func authPwresetRequest(ip string, username string, email string) error {
	if email == "" {
		return L.Error("pwreset_email_required")
	} else if !AntifloodCheck(ip, "pwresetRequest", 10) {
		return L.Error("try_again_later")
	}
	AntifloodAction(ip, "pwresetRequest") // mark antiflood regardless of whether success/failure

	rows := db.Query("SELECT id FROM users WHERE username = ? AND email = ?", username, email)
	if !rows.Next() {
		return L.Error("incorrect_username_email")
	}
	var userId int
	rows.Scan(&userId)
	rows.Close()

	// make sure not already active pwreset for this user
	var count int
	db.QueryRow("SELECT COUNT(*) FROM pwreset_tokens WHERE user_id = ?", userId).Scan(&count)
	if count > 0 {
		return L.Error("pwreset_outstanding")
	}

	token := utils.Uid(32)
	db.Exec("INSERT INTO pwreset_tokens (user_id, token) VALUES (?, ?)", userId, token)
	MailWrap(userId, "pwresetRequest", token, false)
	return nil
}
Beispiel #4
0
func (this *DigitalOcean) VmCreate(vm *lobster.VirtualMachine, options *lobster.VMIVmCreateOptions) (string, error) {
	password := utils.Uid(16)
	image, err := this.findImage(options.ImageIdentification)
	if err != nil {
		return "", err
	}

	plan := vm.Plan.Identification
	if plan == "" {
		plan = this.getPlanName(vm.Plan.Ram)
	}

	createRequest := &godo.DropletCreateRequest{
		Name:   vm.Name,
		Region: this.region,
		Size:   plan,
		Image: godo.DropletCreateImage{
			ID: image.ID,
		},
		IPv6:              true,
		PrivateNetworking: true,
		UserData:          fmt.Sprintf("#cloud-config\nchpasswd:\n list: |\n  root:%s\n expire: False\n", password),
	}
	droplet, _, err := this.client.Droplets.Create(createRequest)
	if err != nil {
		return "", err
	} else {
		vm.SetMetadata("password", password)
		return fmt.Sprintf("%d", droplet.ID), nil
	}
}
Beispiel #5
0
func (this *Vultr) VmSnapshot(vm *lobster.VirtualMachine) (string, error) {
	snapshot, err := this.client.CreateSnapshot(vm.Identification, utils.Uid(16))
	if err != nil {
		return "", err
	} else {
		return "snapshot:" + snapshot.ID, nil
	}
}
Beispiel #6
0
func (this *Lobster) ImageFetch(url string, format string) (string, error) {
	// backend name doesn't matter, so we create with random string
	imageIdentification, err := this.client.ImageFetch(this.region, utils.Uid(16), url, format)
	if err != nil {
		return "", err
	} else {
		return fmt.Sprintf("%d", imageIdentification), nil
	}
}
Beispiel #7
0
func (this *DigitalOcean) VmSnapshot(vm *lobster.VirtualMachine) (string, error) {
	vmIdentification, _ := strconv.Atoi(vm.Identification)
	snapshotName := fmt.Sprintf("%d.%s", vm.Id, utils.Uid(16))
	action, _, err := this.client.DropletActions.Snapshot(vmIdentification, snapshotName)
	if err != nil {
		return "", err
	}
	err = this.processAction(vm.Id, action.ID)
	if err != nil {
		return "", err
	} else {
		return "snapshot:" + snapshotName, nil
	}
}
Beispiel #8
0
func (this *OpenStack) VmCreate(vm *lobster.VirtualMachine, options *lobster.VMIVmCreateOptions) (string, error) {
	flavorID := vm.Plan.Identification
	if flavorID == "" {
		flavorOpts := flavors.ListOpts{
			MinDisk: vm.Plan.Storage,
			MinRAM:  vm.Plan.Ram,
		}
		flavorPager := flavors.ListDetail(this.ComputeClient, flavorOpts)
		var matchFlavor *flavors.Flavor
		err := flavorPager.EachPage(func(page pagination.Page) (bool, error) {
			flavorList, err := flavors.ExtractFlavors(page)
			if err != nil {
				return false, err
			}

			for _, flavor := range flavorList {
				if flavor.Disk == vm.Plan.Storage && flavor.RAM == vm.Plan.Ram && flavor.VCPUs == vm.Plan.Cpu {
					matchFlavor = &flavor
					return false, nil
				}
			}
			return true, nil
		})
		if err != nil {
			return "", err
		} else if matchFlavor == nil {
			return "", errors.New("plan not available in this region")
		}
		flavorID = matchFlavor.ID
	}

	password := utils.Uid(16)
	opts := servers.CreateOpts{
		Name:      vm.Name,
		ImageRef:  options.ImageIdentification,
		FlavorRef: flavorID,
		Networks:  []servers.Network{{UUID: this.networkId}},
		AdminPass: password,
		UserData:  []byte("#cloud-config\npassword: "******"\nchpasswd: { expire: False }\nssh_pwauth: True\n"),
	}
	createResult := servers.Create(this.ComputeClient, opts)
	server, err := createResult.Extract()
	if err != nil {
		return "", err
	}

	// try to associate floating IP with this VM
	// do asynchronously since it might fail until network port is created
	go func() {
		for try := 0; try < 6; try++ {
			time.Sleep(4 * time.Second)

			// find a free floating IP
			var freeFloatingIp *floatingip.FloatingIP
			err := floatingip.List(this.ComputeClient).EachPage(func(page pagination.Page) (bool, error) {
				floatingIps, err := floatingip.ExtractFloatingIPs(page)
				if err != nil {
					return false, err
				}

				for _, floatingIp := range floatingIps {
					if floatingIp.InstanceID == "" {
						freeFloatingIp = &floatingIp
						return false, nil
					}
				}
				return true, nil
			})
			if err != nil {
				log.Printf("OpenStack: error while looking for free floating IP: %s", err.Error())
				continue
			} else if freeFloatingIp == nil {
				log.Printf("OpenStack: Did not find free floating IP!")
				continue
			}

			// associate it
			err = floatingip.Associate(this.ComputeClient, server.ID, freeFloatingIp.IP).ExtractErr()
			if err == nil {
				break
			} else {
				log.Printf("OpenStack: error while associating floating IP: %s", err.Error())
			}
		}
	}()

	vm.SetMetadata("password", password)
	return server.ID, nil
}
Beispiel #9
0
func (this *OpenStack) VmSnapshot(vm *lobster.VirtualMachine) (string, error) {
	opts := servers.CreateImageOpts{
		Name: utils.Uid(16),
	}
	return servers.CreateImage(this.ComputeClient, vm.Identification, opts).ExtractImageID()
}
Beispiel #10
0
func (this *Lobster) VmSnapshot(vm *lobster.VirtualMachine) (string, error) {
	vmIdentification, _ := strconv.Atoi(vm.Identification)
	imageId, err := this.client.VmSnapshot(vmIdentification, utils.Uid(16))
	return fmt.Sprintf("%d", imageId), err
}
Beispiel #11
0
func (this *FakePayment) Payment(w http.ResponseWriter, r *http.Request, frameParams lobster.FrameParams, userId int, username string, amount float64) {
	lobster.TransactionAdd(userId, "fake", utils.Uid(16), "Fake credit", int64(amount*100)*lobster.BILLING_PRECISION/100, 0)
	lobster.RedirectMessage(w, r, "/panel/billing", lobster.LA("payment_fake").Success("credit_added"))
}
Beispiel #12
0
func (this *Linode) VmCreate(vm *lobster.VirtualMachine, imageIdentification string) (string, error) {
	var planID int
	if vm.Plan.Identification != "" {
		planID, _ = strconv.Atoi(vm.Plan.Identification)
	} else {
		var err error
		planID, err = this.findMatchingPlan(vm.Plan)
		if err != nil {
			return "", err
		}
	}
	kernelID, err := this.findKernel()
	if err != nil {
		return "", err
	}
	password := utils.Uid(16)

	// create linode
	linodeID, err := this.client.CreateLinode(this.datacenterID, planID)
	if err != nil {
		return "", err
	}

	// create disks
	totalDiskMB := vm.Plan.Storage * 1024
	swapSize := vm.Plan.Ram / 2
	diskSize := totalDiskMB - swapSize

	var diskID int
	imageParts := strings.SplitN(imageIdentification, ":", 2)
	if len(imageParts) != 2 {
		return "", errors.New("malformed image identification: missing colon")
	}
	if imageParts[0] == "distribution" {
		distributionID, _ := strconv.Atoi(imageParts[1])
		diskID, _, err = this.client.CreateDiskFromDistribution(linodeID, "lobster", distributionID, diskSize, password, "")
		if err != nil {
			this.client.DeleteLinode(linodeID, false)
			return "", err
		}
	} else if imageParts[0] == "image" {
		imageID, _ := strconv.Atoi(imageParts[1])
		diskID, _, err = this.client.CreateDiskFromImage(linodeID, "lobster", imageID, diskSize, password, "")
		if err != nil {
			this.client.DeleteLinode(linodeID, false)
			return "", err
		}
	} else {
		return "", errors.New("invalid image type " + imageParts[0])
	}

	vm.SetMetadata("diskid", fmt.Sprintf("%d", diskID))
	vm.SetMetadata("password", password)

	swapID, _, err := this.client.CreateDisk(linodeID, "lobster-swap", "swap", swapSize, linode.CreateDiskOptions{})
	if err != nil {
		this.client.DeleteLinode(linodeID, false)
		return "", err
	}

	configID, err := this.client.CreateConfig(linodeID, kernelID, fmt.Sprintf("lobster-%d", vm.Id), []int{diskID, swapID}, linode.CreateConfigOptions{})
	if err != nil {
		this.client.DeleteLinode(linodeID, false)
		return "", err
	} else {
		vm.SetMetadata("configid", fmt.Sprintf("%d", configID))
		this.client.BootLinode(linodeID)
		return fmt.Sprintf("%d", linodeID), nil
	}
}
Beispiel #13
0
// Creates user and returns user id.
func TestUser() int {
	result := db.Exec("INSERT INTO users (username, password, credit) VALUES (?, '', 1000000)", utils.Uid(8))
	return result.LastInsertId()
}
Beispiel #14
0
// Creates user and returns user id.
func TestUser(db *Database) int {
	result := db.Exec("INSERT INTO users (username, password, credit) VALUES (?, '', 1000000)", utils.Uid(8))
	userId, _ := result.LastInsertId()
	return int(userId)
}