vpn and webhost redirect

openwrt/common/etc/config/dyndns

@@ -0,0 +1,4 @@
+
+config dyndns 'superglue'
+  option enable 0
+

openwrt/common/etc/config/openvpn

@@ -0,0 +1,6 @@
+package openvpn
+
+config openvpn superglue
+	option enabled 0
+	option config /etc/openvpn/sgvpn-client.conf
+

openwrt/common/etc/config/uhttpd

@@ -11,6 +11,7 @@ config uhttpd main
 
 	# Server document root
 	option home		/opt/lib
+#	option home		/opt/lib/admin
 
 	# Reject requests from RFC1918 IP addresses
 	# directed to the servers public IP(s).
@@ -42,6 +43,10 @@ config uhttpd main
   list index_page "admin2.cgi"
   option error_page "/admin/admin2.cgi"
 
+#  list index_page "uhttpd-dispatch.cgi"
+#  option error_page "/admin/uhttpd-dispatch.cgi"
+
+
 	# List of extension->interpreter mappings.
 	# Files with an associated interpreter can
 	# be called outside of the CGI prefix and do

openwrt/common/etc/crontabs/root

@@ -1,5 +1,5 @@
 ## logrotation
-1 6 * * *	  /sbin/logrotate /www/log/*.log; /etc/init.d/lighttpd reload
+1 6 * * *     /sbin/logrotate /www/log/*.log; /etc/init.d/lighttpd reload
 
 ## dyndns
 */5 * * * *   /opt/lib/scripts/dyndns-update.sh

openwrt/common/etc/lighttpd/lighttpd.conf

@@ -14,7 +14,7 @@ server.modules = (
 server.document-root =  "/www/htdocs"
 server.upload-dirs =  ( "/www/tmp" )
 server.errorlog =       "/www/log/error.log"
-accesslog.filename =    "/www/log/access.log"
+#accesslog.filename =    "/www/log/access.log"
 server.pid-file =       "/var/run/lighttpd.pid"
 server.username =       "httpd"
 server.groupname =      "nogroup"
@@ -33,6 +33,10 @@ dir-listing.hide-dotfiles = "enable"
 
 #setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
 
+$HTTP["host"] != "superglue.local" {
+  accesslog.filename = "/www/log/access.log"
+}
+
 index-file.names = (
     "index.html",
     "default.html"

openwrt/common/etc/openvpn/sgvpn-client.conf

@@ -0,0 +1,92 @@
+## config for _one way_ Superglue VPN service
+## this VPN is /useless/ for any other application
+
+remote usr.superglue.it 443
+
+resolv-retry infinite
+proto tcp
+dev tun
+client
+ns-cert-type server
+txqueuelen 1000
+keepalive 10 60
+comp-lzo
+script-security 2
+cipher BF-CBC
+log  /www/log/openvpn.log
+verb 0
+mute 10
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDqzCCAxSgAwIBAgIJANZswVtgZDDFMA0GCSqGSIb3DQEBBQUAMIGWMQswCQYD
+VQQGEwJOTDELMAkGA1UECBMCWkgxEjAQBgNVBAcTCVJvdHRlcmRhbTESMBAGA1UE
+ChMJU3VwZXJnbHVlMRAwDgYDVQQLEwdzZ3Byb3h5MRkwFwYDVQQDExB1c3Iuc3Vw
+ZXJnbHVlLml0MSUwIwYJKoZIhvcNAQkBFhZzdXBlcmhlbHBAc3VwZXJnbHVlLml0
+MB4XDTE0MTAxNTE0MTYyNFoXDTI0MTAxMjE0MTYyNFowgZYxCzAJBgNVBAYTAk5M
+MQswCQYDVQQIEwJaSDESMBAGA1UEBxMJUm90dGVyZGFtMRIwEAYDVQQKEwlTdXBl
+cmdsdWUxEDAOBgNVBAsTB3NncHJveHkxGTAXBgNVBAMTEHVzci5zdXBlcmdsdWUu
+aXQxJTAjBgkqhkiG9w0BCQEWFnN1cGVyaGVscEBzdXBlcmdsdWUuaXQwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBALT6ZFxWcji/5mzq55RYd7kTeeFjZ+dNpp4S
+4JUDdWXcmzrVGb/8zEttluz83SjWV/+WJQHuhDYflZX8FXkrR82TtaULTTCvYhOk
+sWcsglBEOhZgmLwppRuOhpf4+ZMq3yGJoFnoQPlyA3KQDeCMBBofRUpvYFXilbRH
+iGBQDfrXAgMBAAGjgf4wgfswHQYDVR0OBBYEFNimITC7Be8TKCc2Mk5byE7/Lddh
+MIHLBgNVHSMEgcMwgcCAFNimITC7Be8TKCc2Mk5byE7/LddhoYGcpIGZMIGWMQsw
+CQYDVQQGEwJOTDELMAkGA1UECBMCWkgxEjAQBgNVBAcTCVJvdHRlcmRhbTESMBAG
+A1UEChMJU3VwZXJnbHVlMRAwDgYDVQQLEwdzZ3Byb3h5MRkwFwYDVQQDExB1c3Iu
+c3VwZXJnbHVlLml0MSUwIwYJKoZIhvcNAQkBFhZzdXBlcmhlbHBAc3VwZXJnbHVl
+Lml0ggkA1mzBW2BkMMUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCJ
+HZWa8zphvS46R317Mt7Itsp9GwokZfsR3u0g0GUb8jO682+cBrRux61WMwbpZQ0P
+jn6QAWaDseF7iTqdB4vVm3xZFHefkSKfLh9wImlaty3uGJP4/FU+v/HxcjYXZ3L9
+LwQjF4JIn9U38Fklty1UTi26WmNwdSlhgcHvZGfsMw==
+-----END CERTIFICATE-----
+</ca>
+<cert>
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAySgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCTkwx
+CzAJBgNVBAgTAlpIMRIwEAYDVQQHEwlSb3R0ZXJkYW0xEjAQBgNVBAoTCVN1cGVy
+Z2x1ZTEQMA4GA1UECxMHc2dwcm94eTEZMBcGA1UEAxMQdXNyLnN1cGVyZ2x1ZS5p
+dDElMCMGCSqGSIb3DQEJARYWc3VwZXJoZWxwQHN1cGVyZ2x1ZS5pdDAeFw0xNDEw
+MTUxNDIwNThaFw0yNDEwMTIxNDIwNThaMIGBMQswCQYDVQQGEwJOTDELMAkGA1UE
+CBMCWkgxEjAQBgNVBAoTCVN1cGVyZ2x1ZTEXMBUGA1UECxMOc2dwcm94eS1jbGll
+bnQxETAPBgNVBAMTCHNnY2xpZW50MSUwIwYJKoZIhvcNAQkBFhZzdXBlcmhlbHBA
+c3VwZXJnbHVlLml0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5PesEhFeg
+wTPwkv6ffIwOHTInlZe6cIfOcWQHxCskiRghGFOKA+cad8ziiRXzTxTp/68er9h+
+kDi53ZUpdxez67hy88m8kRVBLWnvai0FDgQaYEfmnw1iVHfWZ/9QNjFubI/XT0uE
++00kKUjZ0EU+5Dr2Lx9rhWbu8dnmTu3u4QIDAQABo4IBKjCCASYwCQYDVR0TBAIw
+ADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw
+HQYDVR0OBBYEFBvqxRhU+S6xsA91TZpozZoQ9ZWhMIHLBgNVHSMEgcMwgcCAFNim
+ITC7Be8TKCc2Mk5byE7/LddhoYGcpIGZMIGWMQswCQYDVQQGEwJOTDELMAkGA1UE
+CBMCWkgxEjAQBgNVBAcTCVJvdHRlcmRhbTESMBAGA1UEChMJU3VwZXJnbHVlMRAw
+DgYDVQQLEwdzZ3Byb3h5MRkwFwYDVQQDExB1c3Iuc3VwZXJnbHVlLml0MSUwIwYJ
+KoZIhvcNAQkBFhZzdXBlcmhlbHBAc3VwZXJnbHVlLml0ggkA1mzBW2BkMMUwDQYJ
+KoZIhvcNAQEEBQADgYEAHZbEM8HVzAn4/PVyDlLF80iUFFsAGz0FF1afzbyZ/nal
+gx7KPx+UOE2tudXlrkIYtryraEHVik7r9Yqa5w5lMSoIHQmG2XFqOIDrZh7MXLHK
+R3JeJlUKAmS+BB2SJNsk2YwUpbziibfd21dx4hfXhN/0fuMooGA9NAo0oomimYs=
+-----END CERTIFICATE-----
+</cert>
+<key>
+-----BEGIN PRIVATE KEY-----
+MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBALk96wSEV6DBM/CS
+/p98jA4dMieVl7pwh85xZAfEKySJGCEYU4oD5xp3zOKJFfNPFOn/rx6v2H6QOLnd
+lSl3F7PruHLzybyRFUEtae9qLQUOBBpgR+afDWJUd9Zn/1A2MW5sj9dPS4T7TSQp
+SNnQRT7kOvYvH2uFZu7x2eZO7e7hAgMBAAECgYEAoozv/322e20ui8whvYgISpZa
+HZxKkaMPuRuNgLcmeKAI2XnETNcR5Ar+ckeDSIe7vX7Nh+sc2irqbEdCDingVFYE
+eP5FgO9Af8mI4/qPdB/DUBOGBG1V6EQsAtT011rA1eVOuxC+/ShhyoB20TvW+6HE
+7XgdkCtfeMXVjOsakeUCQQDnNxgtDIAKiOZrCjRxdQ2W+fjOLSnCs1K300FAZ0Zm
+TIxdWbFmpiUCpfzpQ/AwRuCkvYYn6mKK/qC0CdF3oUN7AkEAzRk+T22yTuzUyrsV
+8ucvVH+lekVUZpvWeO1uWMnjl/ArSj+owyRd92uMblb/ylgRWY9PKacNzuws8Eeu
+K1LKUwJBAKUitVKfZeegRSlX/YK2/kDBQhFHMldLqh1+dVEhMaeormuRvuE4cqCE
+mrCjhC2GwbUHY4Sooz7wgyhzBrbxZ3cCQQDINqRFFWjC8x6m6Qr8HAJwEkuPmK5T
+nD05v03BDxRF9gXMbWhpVs8EANENxY/eDyqgqu00VAd+v77+sHqtgBxRAkEArg6T
+amifF41sBd2Xq0uzbng5undANX2YeBxCoX0VpoPoZH4rcBoth/UkAxcA6Oa8FXMD
+/7T3NmMSe4eyAgVSsA==
+-----END PRIVATE KEY-----
+</key>
+<dh>
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAOpPRBjQqUiI9qLFABEaxlb3/d49yADS6Q3aRp0AI45+534rsM3RdpGb
+/oQp+9860wR8zMzKklssXBkqQ5DwDosvJzRQt6ToOUoM5o2TyogOSEOdjzMXBvzW
+UvhGfV+efXIraVwtUMrS59xHvNH3M5ULgyJTFW+J0wuxAgGNCnojAgEC
+-----END DH PARAMETERS-----
+</dh>

openwrt/common/etc/rc.local

@@ -1,5 +1,9 @@
 ## 
 
+## fix missing /dev/fd
+[ -h /dev/fd ] || ln -s /proc/self/fd /dev/fd
+
+## check SG specific dirs and mounts
 /opt/lib/scripts/sg-data-mount.sh &
 /opt/lib/scripts/sg-data-dirs.sh &
 

openwrt/common/etc/uci-defaults/20-set-ssid

@@ -1,5 +1,13 @@
-_MAC=$(iw wlan0 info | awk 'BEGIN { FS=":" } /addr/ { print $5$6 }')                 
-_MAC="Superglue-"$_MAC                                                               
+
+if [ $(cat /tmp/sysinfo/board_name) == 'tl-wr710n' ]; then
+  ## tl-wr710n has three last pairs as MAC
+  _MAC=$(iw wlan0 info | awk 'BEGIN { FS=":" } /addr/ { print substr(toupper($4$5$6),1) }') 
+else
+  ## others have only two
+  _MAC=$(iw wlan0 info | awk 'BEGIN { FS=":" } /addr/ { print substr(toupper($5$6),1) }') 
+fi
+
+_MAC="Superglue-"$_MAC
 
 [ $(uci get wireless.@wifi-iface[0].ssid) != $_MAC ] && (
   uci set wireless.@wifi-iface[0].ssid=$_MAC

openwrt/common/etc/uci-defaults/21-gen-psk

@@ -0,0 +1 @@
+/usr/sbin/openvpn --genkey --secret /opt/lib/host.psk 

openwrt/common/opt/lib/admin/admin2.cgi

@@ -15,6 +15,7 @@
 
 readonly _WWW='/www'
 readonly _PWDFILE="/opt/lib/htpasswd"
+readonly _HOSTPSK='/opt/lib/host.psk'
 readonly _TMP='/tmp'
 readonly _LOG="${_WWW}/log/admin.log"
 readonly _SCRIPTS='/opt/lib/scripts'
@@ -31,18 +32,18 @@ err() {
 
 logThis() {
   [[ "$_DEBUG" -gt 0 ]] || return 0
-  local _TYPE='I:'
-  [[ "$_ERR" -gt 0 ]] && _TYPE='E:'
-  local _TIME; printf -v _TIME '%(%d.%m.%Y %H:%M:%S)T' -1
-  printf '%b\n' "$_TIME  $_TYPE ${@} " >> "$_LOG"
-  [[ "$_DEBUG" -gt 1 ]] && printf '%b\n' "[verbose] $_TYPE ${1}"
+  local _TYPE='I'
+  [[ "$_ERR" -eq 0 ]] || _TYPE='E'
+  local _TIME; printf -v _TIME '%(%Y-%m-%d %H:%M:%S)T' -1
+  printf '%b\n' "$_TIME: [$_TYPE] ${@} " >> "$_LOG"
+  [[ "$_DEBUG" -le 1 ]] || printf '%b\n' "[verbose] $_TYPE ${1}"
   return $_ERR
 }
 
 headerPrint() {
   case "$1" in
     200|'') printf '%b' 'Status: 200 OK\r\n';;
-    301) printf '%b' "Status: 301 Moved Permanently\r\nLocation: $HTTP_REFERER\r\n";;
+    301) printf '%b' "Status: 301 Moved Permanently\r\nLocation: ${HTTP_REFERER:=$2}\r\n";;
     403) printf '%b' 'Status: 403 Forbidden\r\n';;
     405) printf '%b' 'Status: 405 Method Not Allowed\r\n';;
     406) printf '%b' 'Status: 406 Not Acceptable\r\n';;
@@ -63,24 +64,18 @@ urlDec() {
   done
 }
 
+## only useful for debugging (remove?)
 setQueryVars() {
-  _VARS=( ${!POST_*} )
-#  local v
-#  for v in ${_VARS[@]}; do
-  #  echo $v
-#    v=$(urlDec "${v}")
-#    eval "_${v//POST_/}=${!v}"; 
-#  done
-  local v
-  for v in ${_VARS[@]}; do
-    logThis "$v=${!v}"
-  done
-  #echo $POST_lanssid
-  #env
+  if [[ "$_DEBUG" -gt 0 ]]; then
+    _VARS=( ${!POST_*} )
+    local v
+    for v in ${_VARS[@]}; do
+      logThis "$v=${!v}"
+    done
+  fi
 }
 
 getQueryFile() {
-#  setQueryVars
   local _UPLD="${HASERL_fwupload_path##*/}"
   logThis "'multipart': decoding stream"
   mv "$_TMP/$_UPLD" "$_TMP/fwupload.bin" 2>/dev/null || _ERR=$?
@@ -285,7 +280,8 @@ usbInit() {
 
 rebootNow() {
   logThis "reboot: now!"
-  reboot
+#  reboot
+  reboot -d 3 || reboot -f
   showMesg 'Rebooting..' '60'
 }
 
@@ -344,41 +340,70 @@ trimSpaces() {
   return "$v"
 }
 
-dynDns() {
-  ## curently only http://freedns.afraid.org is supported
-  [[ $POST_dyndnsname && $POST_dyndnsuser && $POST_dyndnspass ]] || showMesg 'All values must be set!'
-  
-  doUci set dyndnsname "$POST_dyndnsname" &&
-  doUci set dyndnsuser "$POST_dyndnsuser" &&
-  doUci set dyndnspass "$POST_dyndnspass" || showMesg 'DynDNS settings failed..'
-
-  ## create sha1 string per http://freedns.afraid.org/api
-  local _DURL
-  local _AFRAID='http://freedns.afraid.org/api/?action=getdyndns&sha='
-  _DURL=$(_echo "$POST_dyndnsuser|$POST_dyndnspass" | sha1sum)
-  _DURL="$_AFRAID${_DURL/ -/}"
-  _DURL="$(wget -q $_DURL -O -)"
-  local _L
-  local _RES
-  for _L in $_DURL
-    do case $_L in 
-      "${POST_dyndnsname}|"*) IFS='|' _RES=( $_L ); break;; 
-      'ERROR'*) _RES=0; break;;
-      *) unset _RES;;
-    esac;
-  done
-  [[ $_RES ]] || showMesg 'Domain name is not found' '10' 'Make sure you entered correct domain name -'
-  [[ $_RES -eq 0 ]] || showMesg 'Authentication failed' '10' 'Check your username and password and try again -'
-
-  logThis "${_RES[@]}"
-
-  doUci set dyndnsurl "${_RES[2]}" &&
-  doUci set dyndnsdis '' &&
-
-  doUci commit  
+sgDdns() {
+  [[ $POST_sgddnsdomain && $POST_sgddnssubdomain ]] || showMesg 'All values must be set!'
+  [[ ! "$POST_sgddnssubdomain" =~ [^a-zA-Z0-9$] ]] || showMesg 'Invalid domain name'
+  [[ ! "$POST_sgddnsupdateurl" == '' ]] || showMesg 'Invalid update URL'
+
+  local _CLIENT _DOMAIN _JSON _UPDATEURL _MSG _HTTPCODE _x
+
+  [[ -r $_HOSTPSK ]] || showMesg 'Local PSK is not available'
+
+  ## produce md5 hash from client PSK
+  hashClient() {
+    local _L
+    while read -r _L; do
+      printf "%s" ${_L%%[\#\-]*}
+    done < $_HOSTPSK | md5sum
+  }
+
+  read -r _CLIENT _x < <(hashClient)
+  logThis "sgvpn client hash: $_CLIENT"
+
+  _UPDATEURL="$POST_sgddnsupdateurl"
+
+  doUci set sgddnssubdomain "${POST_sgddnssubdomain,,}" &&
+  doUci set sgddnsdomain "${POST_sgddnsdomain,,}" &&
+  doUci set sgddnsclient "$_CLIENT" &&
+  doUci set sgddnsurl "$_UPDATEURL" &&
+  doUci set sgddnsenable '1' || showMesg 'Error setting DDNS configuration'
+  doUci commit dyndns
+
+  ## attempt first update to check if domain is available and everything checks out
+  IFS=$'\t'; read -r _MSG _HTTPCODE < <($_SCRIPTS/dyndns-update.sh); IFS=$_IFS
+  $_MSG="${_MSG:='Unknown error'}"
+
+  logThis "sgvpn check: $_MSG"
+
+  if [[ ! $_HTTPCODE == 200 ]]; then
+    _ERR=1
+    logThis 'error in dns update, disabling configuration'
+    doUci set sgddnsdomain ''
+    doUci set sgddnssubdomain ''
+    doUci set sgddnsclient ''
+    doUci set sgddnsurl ''
+    doUci set sgddnsenable '0'
+    doUci commit dyndns
+    showMesg "$_MSG" '10'
+  fi
 
-  showMesg 'DynDNS configuration is in progress..' '10' 'After completion, your URL will become available with in 10-15 minutes'
+   showMesg 'Domain configuration is in progress..' '10' 'Your address will become available right away'
+}
 
+sgOpenvpn() {
+  logThis "enabling SG openvpn"
+  if [[ $(doUci get sgopenvpnenable) == '0' ]]; then
+    doUci set sgopenvpnenable '1' &&
+    /etc/init.d/openvpn start &&
+    showMesg 'VPN service enabled' '5'
+  else
+    doUci set sgopenvpnenable '0' &&
+    /etc/init.d/openvpn stop &&
+    showMesg 'VPN service disabled' '5'
+  fi
+  
+  showMesg 'VPN configuration failed' '5' 'make sure your device is online'
+  
 }
 
 doUci() {
@@ -393,6 +418,10 @@ doUci() {
     lanssid) _ARG='wireless.@wifi-iface[0].ssid';;
     lanenc) _ARG='wireless.@wifi-iface[0].encryption';;
     lankey) _ARG='wireless.@wifi-iface[0].key';;
+    wanwifacedis) _ARG='wireless.@wifi-iface[1].disabled';;
+    wanssid) _ARG='wireless.@wifi-iface[1].ssid';;
+    wanenc) _ARG='wireless.@wifi-iface[1].encryption';;
+    wankey) _ARG='wireless.@wifi-iface[1].key';;
     lanipaddr) _ARG='network.lan.ipaddr';;
     wanifname) _ARG='network.wan.ifname';;
     wanproto) _ARG='network.wan.proto';;
@@ -400,15 +429,12 @@ doUci() {
     wanmask) _ARG='network.wan.netmask';;
     wangw) _ARG='network.wan.gateway';;
     wandns) _ARG='network.wan.dns';;
-    wanwifacedis) _ARG='wireless.@wifi-iface[1].disabled';;
-    wanssid) _ARG='wireless.@wifi-iface[1].ssid';;
-    wanenc) _ARG='wireless.@wifi-iface[1].encryption';;
-    wankey) _ARG='wireless.@wifi-iface[1].key';;
-    dyndnsdis) _ARG='superglue.dyndns.disabled';;
-    dyndnsurl) _ARG='superglue.dyndns.updateurl';;
-    dyndnsname) _ARG='superglue.dyndns.domainname';;
-    dyndnsuser) _ARG='superglue.dyndns.username';;
-    dyndnspass) _ARG='superglue.dyndns.password';;
+    sgddnsenable) _ARG='dyndns.superglue.enable';;
+    sgddnsurl) _ARG='dyndns.superglue.updateurl';;
+    sgddnsclient) _ARG='dyndns.superglue.client';;
+    sgddnssubdomain) _ARG='dyndns.superglue.subdomain';;
+    sgddnsdomain) _ARG='dyndns.superglue.domain';;
+    sgopenvpnenable) _ARG='openvpn.superglue.enable';;
     *) if [[ $_CMD == 'commit' ]]; then
         _ARG=$2
        else 
@@ -486,12 +512,20 @@ if [[ "${REQUEST_METHOD^^}" == "POST" ]]; then
                       *wan) wanSet;;
                    *uptime) upTime;;
                    *iwscan) iwScan;;
-                   *dyndns) dynDns;;
+                   *sgddns) sgDdns;;
+                    *sgvpn) sgOpenvpn;;
                          *) logThis 'bad action'; headerPrint 405; 
                             echo 'no such thing'; exit 1;;
   esac
 fi
 
+## if URL is not (just) /admin
+#if [[ "${REQUEST_METHOD^^}" == "GET" ]]; then
+  if [[ "${REQUEST_URI/\/admin\//}" ]]; then
+   headerPrint '301' '/admin/' 
+  fi
+#fi
+
 headerPrint '200'
 htmlHead
 
@@ -502,10 +536,13 @@ read openwrt < /etc/openwrt_version
 . /opt/lib/scripts/jshn-helper.sh
 
 ## this does not work when iface isn't configured
-IFS=","
+IFS=','
 wan=( $(ifaceStat wan) )
-IFS=$OFS
+IFS=$_IFS
 
+sgvpn=$(doUci get sgopenvpnenable)
+ddomain=$(doUci get sgddnsdomain)
+dsubdomain=$(doUci get sgddnssubdomain)
 wanifname=${wan[3]}
 wanproto=$(doUci get wanproto)
 wanipaddr=${wan[0]}
@@ -514,7 +551,6 @@ wandns=${wan[5]}
 wanuptime=${wan[4]}
 wanssid=$(doUci get wanssid)
 wankey=$(doUci get wankey)
-
 %>
 
 <body>
@@ -527,7 +563,7 @@ wankey=$(doUci get wankey)
 </section>
 
 <section>
-  <h2>Internet connection:</h2>
+  <h2>Internet connection</h2>
   <form method='post' action='/admin/wan' name='wan' class='elem' id='wanconf'>
   <div style='display:inline-flex'>
   <div style='display:inline-block;'>
@@ -553,8 +589,8 @@ wankey=$(doUci get wankey)
 
   <div style='display:inline-block;'>
   <select name='wanproto' id='wanproto' style='display:block'>
-  <option value='dhcp' name='dhcp' id='dhcp' <% ([[ $wanproto == 'dhcp' ]] && _echo 'selected') %>>Automatic (DHCP)</option>
-  <option value='static' name='stat' id='stat' <% ([[ $wanproto == 'static' ]] && _echo 'selected') %>>Manual (Static IP)</option>
+  <option value='dhcp' name='dhcp' id='dhcp' <% ([[ "$wanproto" == 'dhcp' ]] && _echo 'selected') %>>Automatic (DHCP)</option>
+  <option value='static' name='stat' id='stat' <% ([[ "$wanproto" == 'static' ]] && _echo 'selected') %>>Manual (Static IP)</option>
   </select>
   <fieldset id='wanaddr' class='elem'>
   <input type='text' name='wanipaddr' id='wanipaddr' value='<% _echo $wanipaddr %>' <% ( [[ $wanproto =~ ('dhcp') ]] && _echo "readonly" ) %> placeholder='ip address'>
@@ -563,52 +599,41 @@ wankey=$(doUci get wankey)
   </fieldset>
   </div>
   </div>
+  <div>
   <input type='hidden' name='iface' value='wan' class='inline'>
-  <input type='submit' id='wansubmit' value='Apply'>
+  <input type='submit' id='wansubmit' value='Apply' class='inline'>
   </form>
-  <span class='help'>help</span>
+  <form method='post' action='/admin/sgvpn' class='inline'>
+  <input type='hidden' name='sgvpn' value='toggle' class='inline'>
+  <input type='submit' value='<% [[ "$sgvpn" == '1' ]] && _echo 'Disable Superglue VPN service' || _echo 'Enable Superglue VPN service' %>' class='inline'>
+  </form>
+  </div>
+<span class='help'>help</span>
 </section>
 
-<section>
-  <h2>Domain name:</h2>
-  <form method='post' action='/admin/dyndns' name='dyndns' id='afraid'>
-  <div style='display:inline-flex'>
-    <div style='display:inline-block;'>
-      <input type='text' name='dyndnsname' id='dyndnsname' value='<% _echo $dyndnsname %>' placeholder='domain name' class='block'>
-    </div>
-    <div style='display:inline-block;'>
-    <input type='text' name='dyndnsuser' id='dyndnsuser' value='<% _echo $dyndnsuser %>' placeholder='dyndns username' class='block'>
-    <input type='password' name='dyndnspass' id='dyndnspass' value='<% _echo $dyndnspass %>' placeholder='dyndns password' class='block'>
-    </div>
-  </div>
-  <input type='hidden' name='dns' value='apply' class='inline'>
-  <input type='submit' value='Apply'>
-  </form>
 
-  <h2>Dynamic DNS:</h2>
-    Register your free domain name (external <a target='_new' href='http://freedns.afraid.org/'>Free DNS</a> service, will open in a new tab)
-    <form target='_new' action='http://freedns.afraid.org/subdomain/edit.php'>
-    <div style='display:inline-flex'>
+<section>
+  <h2>Domain name</h2>
+   <form method='post' action='/admin/sgddns' name='sgddns' id='sgddns'>
+     <div style='display:inline-flex'>
       <div style='display:inline-block;'>
-        <input type='text' name='subdomain' placeholder='yourname' class='inline'>
+        <input type='text' name='sgddnssubdomain' placeholder='domain name' value='<% _echo $dsubdomain %>' class='inline'>
       </div>
       <div style='display:inline-block;'>
-        <select name='edit_domain_id' class='inline'>
-        <option value='1035903'>spgl.cc</option>
-        <option value='1035903'>spgl.it</option>
-        </select>
+        <select name='sgddnsdomain' class='inline'>
+          <option value='spgl.it' <% [[ "$ddomain" == 'spgl.it' ]] && _echo 'selected' %>>.spgl.it</option>
+          <option value='spgl.cc' <% [[ "$ddomain" == 'spgl.cc' ]] && _echo 'selected' %>>.spgl.cc</option>
+          <option value='superglue.it' <% [[ "$ddomain" == 'superglue.it' ]] && _echo 'selected' %>>.superglue.it</option>
+      </select>
       </div>
     </div>
-    <input type='submit' name='submit' value="next &gt;&gt;">
-    <input type='hidden' name='web_panel' value='1'>
-    <input type='hidden' name='ref' value='750930'>
-    </form>
-   
- <span class='help'>help</span>
+    <input type='submit' name='submit' value="Apply">
+    <input type='hidden' name='sgddnsupdateurl' value='https://superglue.it/ddns/update'>
+  </form>
 </section>
 
 <section>
-<h2>Local wireless network:</h2>
+<h2>Local wireless network</h2>
 <form method='post' action='/admin/ssidchange'>
   <div style='display:inline-flex'>
   <div style='display:inline-block;'>
@@ -626,7 +651,7 @@ wankey=$(doUci get wankey)
 </section>
 
 <section>
-<h2>Storage:</h2>
+<h2>USB storage</h2>
 <% if findUsbstor; then %>
 
   <% if storageInfo; then %>
@@ -650,7 +675,7 @@ wankey=$(doUci get wankey)
 </section>
 
 <section>
-<h2>Change password:</h2>
+<h2>Change password</h2>
 <form method='post' action='/admin/pwdchange'>
   <div style='display:inline-flex'>
   <div style='display:inline-block;'>
@@ -668,7 +693,7 @@ wankey=$(doUci get wankey)
 
 
 <section>
-  <h2>Firmware upgrade:</h2>
+  <h2>Update firmware</h2>
   <form method='post' action='/admin/updatefw' enctype='multipart/form-data'>
   <div id='uploadbox'>
     <input id='uploadfile' placeholder='Select a file..' class='elem' disabled='disabled'>
@@ -690,22 +715,28 @@ wankey=$(doUci get wankey)
     <input type='submit' value='Reboot' class='inline'>
   </form>
 
-  <form action='http://logout@<% _echo ${HTTP_HOST} %>/admin' method='get' class='inline'>
+  <form method='post' action='http://logout@<% _echo ${HTTP_HOST} %>/admin' class='inline'>
     <input type='submit' value='Logout' class='inline'>
   </form>
 </section>
 
-<div style='height:200px'></div>
-<hr>
-Memory:
-<pre><% free %></pre>
-<hr>
-Storage:
-<pre><% df -h %></pre>
-<hr>
-Environment:
-<pre><% env %></pre>
-<hr>
+<div style='height:200px' name='big-spacer'></div>
+
+<section>
+  <h2>Under the hood</h2>
+  <h4>Memory</h4>
+  <pre><% free %></pre>
+  <hr>
+  <h4>Storage</h4>
+  <pre><% df -h %></pre>
+  <hr>
+  <h4>Recent log entries</h4>
+  <pre><% tail -n10 /www/log/*.log %></pre>
+  <hr>
+  <h4>Environment</h4>
+  <pre><% env %></pre>
+  <hr>
+</section>
 
 <%
 footerBody

openwrt/common/opt/lib/admin/admin3.cgi

@@ -0,0 +1,791 @@
+#!/usr/bin/haserl --shell=/bin/bash  --upload-limit=32768 --upload-dir=/tmp
+<%# upload limit: 32Mb %>
+<%
+
+## SuperGlue project | http://superglue.it | 2014-2015 | GPLv3
+## http://git.superglue.it/superglue/serverfiles
+##
+## admin2.cgi - control panel for Superglue personal server
+## 
+## example POST request:
+## curl --data-urlencode 'key=value' http://host/uri
+##
+## returns: 200 (+ output of operation) on success
+##          406 (+ error message in debug mode) on error
+
+readonly _WWW='/www'
+readonly _PWDFILE="/opt/lib/htpasswd"
+readonly _HOSTPSK='/opt/lib/host.psk'
+readonly _TMP='/tmp'
+readonly _LOG="${_WWW}/log/admin.log"
+readonly _SCRIPTS='/opt/lib/scripts'
+readonly _DEBUG=1
+readonly _IFS=$IFS
+
+err() {
+  _ERR="$?"
+  [[ "$_ERR" -gt 0 ]] || return 0
+  logThis "$1"
+  headerPrint "${2:='400'}"
+  exit "$_ERR"
+} 
+
+logThis() {
+  [[ "$_DEBUG" -gt 0 ]] || return 0
+  local _TYPE='I'
+  [[ "$_ERR" -eq 0 ]] || _TYPE='E'
+  local _TIME; printf -v _TIME '%(%Y-%m-%d %H:%M:%S)T' -1
+  printf '%b\n' "$_TIME: [$_TYPE] ${@} " >> "$_LOG"
+  [[ "$_DEBUG" -le 1 ]] || printf '%b\n' "[verbose] $_TYPE ${1}"
+  return $_ERR
+}
+
+headerPrint() {
+  case "$1" in
+    200|'') printf '%s\r\n' 'Status: 200 OK';;
+    301) printf '%b' "Status: 301 Moved Permanently\r\nLocation: ${HTTP_REFERER:=$2}\r\n";;
+    302) printf '%s\r\n' 'Status: 302 Found' "Location: $2";;
+    403) printf '%b' 'Status: 403 Forbidden\r\n';;
+    405) printf '%b' 'Status: 405 Method Not Allowed\r\n';;
+    406) printf '%b' 'Status: 406 Not Acceptable\r\n';;
+      *) printf '%b' 'Status: 400 Bad Request\r\n';;
+  esac
+  printf '%b' 'Content-Type: text/html\r\n\r\n';
+}
+
+## faster echo
+_echo() {
+  printf "%s\r\n" "${*}"
+}
+
+urlDec() {
+  local value=${*//+/%20}
+  for part in ${value//%/ \\x}; do
+    printf "%b%s" "${part:0:4}" "${part:4}"
+  done
+}
+
+## only useful for debugging (remove?)
+setQueryVars() {
+  if [[ "$_DEBUG" -gt 0 ]]; then
+    _VARS=( ${!POST_*} )
+    local v
+    for v in ${_VARS[@]}; do
+      logThis "$v=${!v}"
+    done
+  fi
+}
+
+getQueryFile() {
+  local _UPLD="${HASERL_fwupload_path##*/}"
+  logThis "'multipart': decoding stream"
+  mv "$_TMP/$_UPLD" "$_TMP/fwupload.bin" 2>/dev/null || _ERR=$?
+  if [[ $_ERR -gt 0 ]]; then
+    showMesg 'Firmware upload has failed' '60' 'Reboot your Superglue server and try again'
+  fi
+}
+
+validIp() {
+  local _IP=$1
+  local _RET=1
+  if [[ $_IP =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+    OIFS=$IFS
+    IFS='.'
+    _IP=($_IP)
+    IFS=$OIFS
+    [[ ${_IP[0]} -le 255 && ${_IP[1]} -le 255 && ${_IP[2]} -le 255 && ${_IP[3]} -le 255 ]]
+    _RET=$?
+  fi
+  return $_RET
+}
+
+pwdChange() {
+  local _USER='admin'
+  local _REALM='superglue'
+  [[ -e $_PWDFILE ]] || showMesg 'Password file not found'
+  [[ -z "${POST_pwd##$POST_pwdd}" ]] || showMesg 'Passwords did not match'
+  [[ ${#POST_pwd} -ge 6 ]] || showMesg 'Password must be at least 6 characters long'
+  local _HASH=$(printf '%s' "$_USER:$_REALM:${POST_pwd}" | md5sum | cut -b -32) &&
+  printf '%b' "${POST_pwd}\n${POST_pwd}\n" | passwd root &&
+  printf '%b' "$_USER:$_REALM:$_HASH\n" > $_PWDFILE &&
+  showMesg 'Password is changed' '2' ||
+  showMesg 'Password change failed!' '5'
+}
+
+lanAddr() {
+  logThis "new LAN addr is: $POST_lanipaddr"
+  validIp $POST_lanipaddr || showMesg 'Not valid network address'
+  doUci set lanipaddr $POST_lanipaddr &&
+  doUci commit network &&
+  dtach -n -zE $_SCRIPTS/net-restart.sh &>/dev/null &&
+  showMesg 'New network address is set' '30' "Your server is now accessible under <a href='http://superglue.local/admin'>http://superglue.local/admin</a>" ||
+  showMesg 'Setting network address failed'
+}
+
+wanSet() {
+  if [[ ! -z $POST_wanifname ]]; then
+    ## eth and wlan wan cases are different!
+    ## eth wan requires:
+    ##   config interface 'wan'
+    ##     option proto 'dhcp'
+    ##     option ifname 'eth0'
+    ##
+    ## wlan wan requires:
+    ##   config interface 'wan'
+    ##     option proto 'dhcp' (and no 'option ifname' specified!)
+
+    logThis "wan.ifname=$POST_wanifname"
+    if [[ $POST_wanifname == 'eth0' ]]; then
+      doUci set wanifname $POST_wanifname
+      doUci set wanwifacedis '1'
+    elif [[ $POST_wanifname == 'wlan1' ]]; then
+      doUci set wanifname ''
+      doUci set wanwifacedis ''
+    fi
+    if [[ $POST_wanproto == 'dhcp' ]]; then
+      doUci set wanproto dhcp
+      doUci set wanipaddr ''
+      doUci set wanmask ''
+      doUci set wangw ''
+      doUci set wandns ''
+    elif [[ $POST_wanproto == 'static' ]]; then
+      logThis "wan.ipaddr=$POST_wanipaddr"
+      validIp $POST_wanipaddr || showMesg 'Our IP address is not valid' '3' 'make sure to use correct address notation'
+      validIp $POST_wangw || showMesg 'Gateway is not a valid IP address' '3' 'make sure to use correct address notation'
+      validIp $POST_wandns || showMesg 'DNS is not a valid IP address' '3' 'make sure to use correct address notation'
+      doUci set wanproto static
+      doUci set wanipaddr $POST_wanipaddr
+      doUci set wanmask '255.255.255.0' ## fix me
+      doUci set wangw $POST_wangw
+      doUci set wandns $POST_wandns
+    fi
+
+    if [[ $POST_wanifname == 'wlan1' ]]; then
+      ssidChange || showMesg 'wanSet: Wireless configuration failed'
+    else
+      doUci commit network &&
+      doUci commit wireless &&
+      dtach -n -zE $_SCRIPTS/net-restart.sh &>/dev/null
+    fi
+    _ERR=$?
+    [[ $_ERR -eq 0 ]] &&
+    showMesg 'Internet connection is being configured' '25' 'check your Internet connection on completion' ||
+    showMesg 'Configuring Internet connection failed' '5'
+  fi
+}
+
+ssidChange() {
+  ## check for iface
+  [[ $POST_iface =~ ^('wan'|'lan')$ ]] || showMesg 'Error changing wireless settings' '5' 'unknown or unconfigured interface'
+  logThis "$POST_iface is being set"
+
+  _p=$POST_iface
+
+  ## default enc for now
+  local _enc='psk2'
+  if [[ $POST_iface == 'wan' ]]; then
+    local _mode='sta'
+    local _ssid="${POST_wanssid}"
+    local _key="${POST_wankey}"
+  else 
+    local _mode='ap'
+    local _ssid="${POST_lanssid}"
+    local _key="${POST_lankey}"
+  fi
+
+  #logThis "ssid: $_ssid [$_mode], key: $_key [$_enc]"
+  #logThis $POST_wanssid
+
+  [[ ${#_ssid} -ge 3 ]] || showMesg 'SSID must be at least 3 characters long'
+
+  doUci set $_p'ssid' "${_ssid}"
+
+  if [[ -z $_key ]]; then
+    ## if key is empty set encryption to none and remove key
+    doUci set $_p'key' && doUci set $_p'enc' 'none'
+    _ERR=$?
+  else
+    [[ ${#_key} -ge 8 ]] || showMesg 'Passphrase must be at least 8 characters long'
+    doUci set $_p'key' "${_key}" && doUci set $_p'enc' "${_enc}"
+  fi
+  [[ $_ERR -eq 0 ]] || showMesg 'ssidChange: Wireless configuration failed'
+  if [[ $POST_iface == 'lan' ]]; then
+    if [[ "$(doUci get lanipaddr)" !=  "${POST_lanipaddr}" ]]; then
+      logThis 'local IP was changed'
+      lanAddr
+    fi
+  fi
+
+  doUci commit wireless
+  _ERR=$?
+
+  [[ $_ERR -eq 0 ]] &&
+  dtach -n -zE $_SCRIPTS/net-restart.sh &>/dev/null ||
+  showMesg 'Wireless configuration failed' '5'
+
+  [[ $POST_iface == 'lan' ]] && 
+  showMesg 'Local network configuration is progress' '30' 'check your connection on completion' || return 0
+  ## in this case wanSet() handles success message
+}
+
+showMesg() {
+  local _RET=$?
+  local _MSG=$1
+  local _TIMEOUT=$2
+  local _SUBMSG=$3
+  ## if set, global _ERR value prevails 
+  [[ $_ERR -gt $_RET ]] && _RET=$_ERR
+  _MSG=${_MSG:='Configuration'}
+  _TIMEOUT=${_TIMEOUT:='5'}
+  _SUBMSG="${_SUBMSG} <span id='timeout'>${_TIMEOUT}</span> seconds to get ready.."
+  if [[ $_RET -gt 0 ]]; then
+    local _TYPE='ERROR: '
+    headerPrint 406
+  else
+    local _TYPE='OK: '
+    headerPrint 200
+  fi
+  htmlHead "<meta http-equiv='refresh' content='${_TIMEOUT};url=http://${HTTP_HOST}/admin'>"
+  _echo "<body>
+  <h1>Superglue control panel</h1>
+  <img src='http://${HTTP_HOST}/resources/img/superglueLogo.png' class='logo'>
+  <hr>
+  <h2 style='display:inline'>$_TYPE $_MSG</h2>
+  <span style='display:block'>$_SUBMSG</span>
+  <hr>
+  </body>
+  <script type='text/javascript'>(function(e){var t=document.getElementById(e);var n=t.innerHTML;var r=setInterval(function(){if(n==0){t.innerHTML='0';clearInterval(r);return}t.innerHTML=n;n--},1e3)})('timeout')
+  </script>
+  </html>"
+  exit $_RET
+}
+
+updateFw() {
+  local _FWFILE="${_TMP}/fwupload.bin"
+  _OUT="$(sysupgrade -T $_FWFILE 2>&1)" ||
+  { _ERR=$?; rm -rf $_FWFILE; showMesg 'This is not a firmware!' '3' "$_OUT"; }
+  [[ $POST_fwreset == 'on' ]] && { _FWRESET='-n'; logThis 'fw reset requested'; }
+  ## using dtach to prevent sysupgrade getting killed
+  dtach -n -zE sysupgrade $_FWRESET $_FWFILE 2>&1 &&
+  showMesg 'Firmware update is in progress..' '120' 'DO NOT INTERRUPT!' ||
+  { _ERR=$?; rm -rf $_FWFILE; showMesg 'Firmware update failed..' '3'; }
+}
+
+usbInit() {
+  . $_SCRIPTS/usb-part.sh
+  _OUT="$(usbPart)" && 
+  showMesg 'USB storage initialization is completed' '30' ||
+  showMesg "USB init failed!\n$_OUT"
+#  logThis 'usb init..'
+}
+
+rebootNow() {
+  logThis "reboot: now!"
+#  reboot
+  reboot -d 3 || reboot -f
+  showMesg 'Rebooting..' '60'
+}
+
+upTime() {
+  local _T="$(uptime)" &&
+  { headerPrint 200; printf '%b' "$_T\n"; exit 0; } ||
+  headerPrint 406
+}
+
+iwScan() {
+  . $_SCRIPTS/iw-scan.sh
+  headerPrint 200
+  iwScan
+  exit 0
+}
+
+findUsbstor() {
+  local _P='/sys/block/'
+  local _D _DEV
+  for _D in ${_P}sd*; do
+    _DEV=$(readlink -f ${_D}/device)
+    if [[ ${_DEV/usb} != $_DEV ]]; then
+      _USBDEV="/dev/${_D/$_P}"
+    fi
+  done
+  [[ $_USBDEV ]] || return 1
+}
+
+storageInfo() {
+  if mountpoint -q $_WWW; then
+    IFS=$'\n' _STOR=( $(df -h $_WWW) ) IFS=$_IFS
+    _STOR=( ${_STOR[1]} )
+  else
+    return 1
+  fi
+}
+
+swapInfo() {
+  IFS=$'\n' _SWAP=( $(swapon -s) ) IFS=$_IFS
+  if [[ ${_SWAP[1]} ]]; then
+    IFS=$'\t' _SWAP=( ${_SWAP[1]} ) IFS=$_IFS
+    ## for the lack of floats add trailing 0
+    ## divide by 1023 and split last digit by a period
+    _SWAP[1]="$((${_SWAP[1]}0/1023))"
+    _SWAP[1]="${_SWAP[1]%?}.${_SWAP[1]/??}M"
+  else
+    unset _SWAP
+    return 1
+  fi
+}
+
+trimSpaces() {
+  local v="$*"
+  v="${v#"${v%%[![:space:]]*}"}"
+  v="${v%"${v##*[![:space:]]}"}"
+  return "$v"
+}
+
+sgDdns() {
+  [[ $POST_sgddnsdomain && $POST_sgddnssubdomain ]] || showMesg 'All values must be set!'
+  [[ ! "$POST_sgddnssubdomain" =~ [^a-zA-Z0-9$] ]] || showMesg 'Invalid domain name'
+  [[ ! "$POST_sgddnsupdateurl" == '' ]] || showMesg 'Invalid update URL'
+
+  local _CLIENT _DOMAIN _JSON _UPDATEURL _MSG _HTTPCODE _x
+
+  [[ -r $_HOSTPSK ]] || showMesg 'Local PSK is not available'
+
+  ## produce md5 hash from client PSK
+  hashClient() {
+    local _L
+    while read -r _L; do
+      printf "%s" ${_L%%[\#\-]*}
+    done < $_HOSTPSK | md5sum
+  }
+
+  read -r _CLIENT _x < <(hashClient)
+  logThis "sgvpn client hash: $_CLIENT"
+
+  _UPDATEURL="$POST_sgddnsupdateurl"
+
+  doUci set sgddnssubdomain "${POST_sgddnssubdomain,,}" &&
+  doUci set sgddnsdomain "${POST_sgddnsdomain,,}" &&
+  doUci set sgddnsclient "$_CLIENT" &&
+  doUci set sgddnsurl "$_UPDATEURL" &&
+  doUci set sgddnsenable '1' || showMesg 'Error setting DDNS configuration'
+  doUci commit dyndns
+
+  ## attempt first update to check if domain is available and everything checks out
+  IFS=$'\t'; read -r _MSG _HTTPCODE < <($_SCRIPTS/dyndns-update.sh); IFS=$_IFS
+  $_MSG="${_MSG:='Unknown error'}"
+
+  logThis "sgvpn check: $_MSG"
+
+  if [[ ! $_HTTPCODE == 200 ]]; then
+    _ERR=1
+    logThis 'error in dns update, disabling configuration'
+    doUci set sgddnsdomain ''
+    doUci set sgddnssubdomain ''
+    doUci set sgddnsclient ''
+    doUci set sgddnsurl ''
+    doUci set sgddnsenable '0'
+    doUci commit dyndns
+    showMesg "$_MSG" '10'
+  fi
+
+   showMesg 'Domain configuration is in progress..' '10' 'Your address will become available right away'
+}
+
+sgOpenvpn() {
+  logThis "enabling SG openvpn"
+  if [[ $(doUci get sgopenvpnenable) == '0' ]]; then
+    doUci set sgopenvpnenable '1' &&
+    /etc/init.d/openvpn start &&
+    showMesg 'VPN service enabled' '5'
+  else
+    doUci set sgopenvpnenable '0' &&
+    /etc/init.d/openvpn stop &&
+    showMesg 'VPN service disabled' '5'
+  fi
+  
+  showMesg 'VPN configuration failed' '5' 'make sure your device is online'
+  
+}
+
+showMesg2() {
+  local _MSG=$1
+  local _TIMEOUT=$2
+  local _SUBMSG=$3
+  _MSG=${_MSG:='Configuration'}
+  _TIMEOUT=${_TIMEOUT:='5'}
+  _SUBMSG="${_SUBMSG} <span id='timeout'>${_TIMEOUT}</span> seconds to get ready.."
+  headerPrint 200
+  htmlHead 
+#  htmlHead "<meta http-equiv='refresh' content='${_TIMEOUT};url=http://${HTTP_HOST}/admin'>"
+  _echo "<body>
+  <h1>Superglue control panel</h1>
+  <img src='http://${HTTP_HOST}/resources/img/superglueLogo.png' class='logo'>
+  <hr>
+  <h2 style='display:inline'>$_MSG</h2>
+  <span style='display:block'>$_SUBMSG</span>
+  <hr>
+  </body>
+  <script type='text/javascript'>(function(e){var t=document.getElementById(e);var n=t.innerHTML;var r=setInterval(function(){if(n==0){t.innerHTML='0';clearInterval(r);return}t.innerHTML=n;n--},1e3)})('timeout')
+  </script>
+  </html>"
+  
+}
+
+
+testRun() {
+  logThis 'starting test '
+  showMesg2 'Running test'
+  sleep 2; logThis 'running test'; sleep 5
+#  printf '%s' "Location: /admin/error/\r\n"
+#  printf '%b' "Status: 301 Moved Permanently\r\nLocation: http://${HTTP_HOST}/admin/error\r\n"
+#  exit
+  headerPrint '302' "http://${HTTP_HOST}/admin/error"
+#  exit  
+#  showMesg 'Test run' 
+}
+
+doUci() {
+  local _CMD=''
+  local _ARG=''
+  case $1 in
+    get|set|commit) _CMD=$1;;
+          *) logThis 'bad UCI command'; headerPrint 405; echo 'bad UCI command'; exit 1 ;;
+  esac
+
+  case $2 in
+    lanssid) _ARG='wireless.@wifi-iface[0].ssid';;
+    lanenc) _ARG='wireless.@wifi-iface[0].encryption';;
+    lankey) _ARG='wireless.@wifi-iface[0].key';;
+    wanwifacedis) _ARG='wireless.@wifi-iface[1].disabled';;
+    wanssid) _ARG='wireless.@wifi-iface[1].ssid';;
+    wanenc) _ARG='wireless.@wifi-iface[1].encryption';;
+    wankey) _ARG='wireless.@wifi-iface[1].key';;
+    lanipaddr) _ARG='network.lan.ipaddr';;
+    wanifname) _ARG='network.wan.ifname';;
+    wanproto) _ARG='network.wan.proto';;
+    wanipaddr) _ARG='network.wan.ipaddr';;
+    wanmask) _ARG='network.wan.netmask';;
+    wangw) _ARG='network.wan.gateway';;
+    wandns) _ARG='network.wan.dns';;
+    sgddnsenable) _ARG='dyndns.superglue.enable';;
+    sgddnsurl) _ARG='dyndns.superglue.updateurl';;
+    sgddnsclient) _ARG='dyndns.superglue.client';;
+    sgddnssubdomain) _ARG='dyndns.superglue.subdomain';;
+    sgddnsdomain) _ARG='dyndns.superglue.domain';;
+    sgopenvpnenable) _ARG='openvpn.superglue.enable';;
+    *) if [[ $_CMD == 'commit' ]]; then
+        _ARG=$2
+       else 
+        logThis "bad UCI entry: $2"
+        _ERR=1
+        showMesg 'bad UCI entry'
+       fi ;;
+  esac
+
+  if [[ $_CMD == 'get' ]]; then
+    if [ ! -z $_ARG ]; then
+      /sbin/uci -q get $_ARG || return $?
+    fi
+  fi
+
+  if [[ $_CMD == 'set' ]]; then
+    local _VAL=$3
+    if [ -z $_VAL ]; then
+      logThis "empty $_ARG value, removing record"
+      /sbin/uci delete $_ARG || ( echo "uci delete $_ARG: error"; exit 1; )
+    fi
+
+    if [ ! -z $_ARG ]; then
+      logThis "setting $_ARG value"
+      /sbin/uci set $_ARG=$_VAL || ( echo "uci set $_ARG: error"; exit 1; )
+    fi
+  fi
+
+  if [[ $_CMD == 'commit' ]]; then
+    /sbin/uci commit $_ARG || echo "uci commit $_ARG: error"
+  fi
+}
+
+
+## call with argument to inject additional lines
+## ie: htmlhead "<meta http-equiv='refresh' content='2;URL=http://${HTTP_REFERER}'>"
+
+htmlHead() {
+_echo "<!-- obnoxious code below, keep your ports tight -->
+<!doctype html>
+<html>
+<head>
+<meta http-equiv='Content-Type' content='text/html; charset=UTF-8' />
+<meta http-equiv='Cache-Control' content='no-cache, no-store, must-revalidate' />
+<meta http-equiv='Pragma' content='no-cache' />
+<meta http-equiv='Expires' content='0' />
+<link rel='icon' href='http://${HTTP_HOST}/resources/img/favicon.ico' type='image/x-icon' />
+<title>Superglue | Control panel</title>
+<link rel='stylesheet' type='text/css' href='http://${HTTP_HOST}/resources/admin/admin.css' />
+$@
+</head>"
+}
+
+footerBody() {
+_echo "</body>
+<script type='text/javascript' src='http://${HTTP_HOST}/resources/admin/admin.js'></script>
+</html>"
+}
+
+if [[ "${REQUEST_METHOD^^}" == "POST" ]]; then
+  [[ $CONTENT_LENGTH -gt 0 ]] || err 'content length is zero, 301 back to referer' '301'
+  case "${CONTENT_TYPE^^}" in 
+    APPLICATION/X-WWW-FORM-URLENCODED*) setQueryVars;;
+                  MULTIPART/FORM-DATA*) getQueryFile;;
+                                     *) _ERR=1; _OUT='this is not a post';;
+  esac
+
+  case $REQUEST_URI in
+                *pwdchange) pwdChange;;
+               *ssidchange) ssidChange;;
+                  *lanaddr) lanAddr;;
+                 *updatefw) updateFw;;
+                  *usbinit) usbInit;;
+                *rebootnow) rebootNow;;
+                      *wan) wanSet;;
+                   *uptime) upTime;;
+                   *iwscan) iwScan;;
+                   *sgddns) sgDdns;;
+                    *sgvpn) sgOpenvpn;;
+                  *testrun) testRun;;
+                         *) logThis 'bad action'; headerPrint 405; 
+                            echo 'no such thing'; exit 1;;
+  esac
+fi
+
+## if URL is not (just) /admin
+#if [[ "${REQUEST_METHOD^^}" == "GET" ]]; then
+  if [[ "${REQUEST_URI/\/admin\//}" ]]; then
+   headerPrint '301' '/admin/' 
+  fi
+#fi
+
+headerPrint '200'
+htmlHead
+
+read sgver < /etc/superglue_version
+read devmod < /etc/superglue_model
+read openwrt < /etc/openwrt_version
+
+. /opt/lib/scripts/jshn-helper.sh
+
+## this does not work when iface isn't configured
+IFS=','
+wan=( $(ifaceStat wan) )
+IFS=$_IFS
+
+sgvpn=$(doUci get sgopenvpnenable)
+ddomain=$(doUci get sgddnsdomain)
+dsubdomain=$(doUci get sgddnssubdomain)
+wanifname=${wan[3]}
+wanproto=$(doUci get wanproto)
+wanipaddr=${wan[0]}
+wangw=${wan[2]}
+wandns=${wan[5]}
+wanuptime=${wan[4]}
+wanssid=$(doUci get wanssid)
+wankey=$(doUci get wankey)
+%>
+
+<body>
+  <h1>Superglue control panel</h1>
+  <img src='http://<% _echo "${HTTP_HOST}" %>/resources/img/superglueLogo.png' class='logo'>
+
+<section class='inert'>
+  <span style='display:block;'><% printf "System version: %s | Device: %s | OpenWRT: %s" "$sgver" "$devmod" "$openwrt" %></span>
+  <span style='display:block;' id='uptime'><% uptime %></span>
+</section>
+
+<section>
+  <h2>Test run</h2>
+  <form method='post' action='/admin/testrun' name='test' class='elem' id='wanconf'>
+  <input type='hidden' name='testrun' value='go' class='inline'>
+  <input type='submit' value='Run' class='inline'>
+  </form>
+</section>
+
+<section>
+  <h2>Internet connection</h2>
+  <form method='post' action='/admin/wan' name='wan' class='elem' id='wanconf'>
+  <div style='display:inline-flex'>
+  <div style='display:inline-block;'>
+  <select name='wanifname' id='wanifname' style='display:block'>
+  <option value='eth0' id='eth' <% ( [[ $wanifname =~ ('eth') ]] && _echo 'selected' ) %> >Wired (WAN port)</option>
+  <option value='wlan1' id='wlan' <% ( [[ $wanifname =~ ('wlan') ]] && _echo 'selected' ) %> >Wireless (WiFi)</option>
+  </select>
+  <fieldset id='wanwifi' <% ( [[ $wanifname =~ ('wlan') ]] && _echo "class='show elem'" || _echo "class='hide elem'" ) %>>
+    
+  <select name='wanssid' id='wanssid' class='elem' style='display:block'>
+  <% if [[ -z $wanssid ]]; then
+    _echo "<option id='scan' disabled>select a network..</option>"
+  else
+    _echo "<option id=$wanssid selected>$wanssid</option>"
+  fi %>
+  </select>
+  <input type='password' name='wankey' placeholder='passphrase' value='<% _echo $wankey %>'>
+
+  </fieldset>
+
+  <span class='help'>help</span>
+  </div>
+
+  <div style='display:inline-block;'>
+  <select name='wanproto' id='wanproto' style='display:block'>
+  <option value='dhcp' name='dhcp' id='dhcp' <% ([[ "$wanproto" == 'dhcp' ]] && _echo 'selected') %>>Automatic (DHCP)</option>
+  <option value='static' name='stat' id='stat' <% ([[ "$wanproto" == 'static' ]] && _echo 'selected') %>>Manual (Static IP)</option>
+  </select>
+  <fieldset id='wanaddr' class='elem'>
+  <input type='text' name='wanipaddr' id='wanipaddr' value='<% _echo $wanipaddr %>' <% ( [[ $wanproto =~ ('dhcp') ]] && _echo "readonly" ) %> placeholder='ip address'>
+  <input type='text' name='wangw' id='wangw' value='<% _echo $wangw %>' <% ( [[ $wanproto =~ ('dhcp') ]] && _echo "readonly" ) %> placeholder='gateway/router'>
+  <input type='text' name='wandns' id='wandns' value='<% _echo $wandns %>' <% ( [[ $wanproto =~ ('dhcp') ]] && _echo "readonly" ) %> placeholder='dns server'>
+  </fieldset>
+  </div>
+  </div>
+  <div>
+  <input type='hidden' name='iface' value='wan' class='inline'>
+  <input type='submit' id='wansubmit' value='Apply' class='inline'>
+  </form>
+  <form method='post' action='/admin/sgvpn' class='inline'>
+  <input type='hidden' name='sgvpn' value='toggle' class='inline'>
+  <input type='submit' value='<% [[ "$sgvpn" == '1' ]] && _echo 'Disable Superglue VPN service' || _echo 'Enable Superglue VPN service' %>' class='inline'>
+  </form>
+  </div>
+<span class='help'>help</span>
+</section>
+
+
+<section>
+  <h2>Domain name</h2>
+   <form method='post' action='/admin/sgddns' name='sgddns' id='sgddns'>
+     <div style='display:inline-flex'>
+      <div style='display:inline-block;'>
+        <input type='text' name='sgddnssubdomain' placeholder='domain name' value='<% _echo $dsubdomain %>' class='inline'>
+      </div>
+      <div style='display:inline-block;'>
+        <select name='sgddnsdomain' class='inline'>
+          <option value='spgl.it' <% [[ "$ddomain" == 'spgl.it' ]] && _echo 'selected' %>>.spgl.it</option>
+          <option value='spgl.cc' <% [[ "$ddomain" == 'spgl.cc' ]] && _echo 'selected' %>>.spgl.cc</option>
+          <option value='superglue.it' <% [[ "$ddomain" == 'superglue.it' ]] && _echo 'selected' %>>.superglue.it</option>
+      </select>
+      </div>
+    </div>
+    <input type='submit' name='submit' value="Apply">
+    <input type='hidden' name='sgddnsupdateurl' value='https://superglue.it/ddns/update'>
+  </form>
+</section>
+
+<section>
+<h2>Local wireless network</h2>
+<form method='post' action='/admin/ssidchange'>
+  <div style='display:inline-flex'>
+  <div style='display:inline-block;'>
+    <input type='text' name='lanssid' value='<% doUci get lanssid %>'>
+    <input type='password' name='lankey' value='<% doUci get lankey %>'>
+  </div>
+  <div style='display:inline-block;'>
+    <input type='text' name='lanipaddr' value='<% doUci get lanipaddr %>'>
+    <input type='hidden' name='iface' value='lan'>
+  </div>
+  </div>
+    <input type='submit' value='Apply' data-wait='Configuring..'>  
+</form>
+  <span class='help'>help</span>
+</section>
+
+<section>
+<h2>USB storage</h2>
+<% if findUsbstor; then %>
+
+  <% if storageInfo; then %>
+    <div>File storage: <% _echo "${_STOR[2]} used, ${_STOR[3]} available" %></div>
+    <div>Swap: <% swapInfo && _echo "${_SWAP[1]}" || _echo '<b>n/a</b>' %></div>
+  <% else %>
+    <div>USB storage device must be initialized</div>
+    <form method='post' action='/admin/usbinit'>
+    <input type='hidden' name='dev' value='<% _echo $_USBDEV %>'>
+    <input type='submit' value='Initialize'>
+    </form>
+  <% fi %>
+
+<% else %>
+
+  <div><h3>USB storage device not found!</h3>Please check and try again</div>
+
+<% fi %>
+
+<span class='help'>help</span>
+</section>
+
+<section>
+<h2>Change password</h2>
+<form method='post' action='/admin/pwdchange'>
+  <div style='display:inline-flex'>
+  <div style='display:inline-block;'>
+    <input type='text' name='usr' value='admin' readonly>
+  </div>
+  <div style='display:inline-block;'>
+    <input type='password' name='pwd' placeholder='password' value=''>
+    <input type='password' name='pwdd' placeholder='password again' value=''>
+  </div>
+  </div>
+    <input type='submit' value='Apply'>
+</form>
+<span class='help'>help</span>
+</section>
+
+
+<section>
+  <h2>Update firmware</h2>
+  <form method='post' action='/admin/updatefw' enctype='multipart/form-data'>
+  <div id='uploadbox'>
+    <input id='uploadfile' placeholder='Select a file..' class='elem' disabled='disabled'>
+    <input id='uploadbtn' class='elem' name='fwupload' type='file'>
+  </div>
+  <div style='display:inline-block;'>
+    <input type='checkbox' name='fwreset' id='fw-resetbox' />
+    <label for='fw-resetbox'>Reset all settings</label>
+  </div>
+  <input type='submit' value='Upload' data-wait='Uploading, do NOT interrupt!'>
+  </form>
+  <span class='help'>help</span>
+</section>
+
+<section>
+  <h2></h2>
+  <form action='/admin/rebootnow' method='post' class='inline'>
+    <input type='hidden' name='reboot' value='now' class='inline'>
+    <input type='submit' value='Reboot' class='inline'>
+  </form>
+
+  <form method='post' action='http://logout@<% _echo ${HTTP_HOST} %>/admin' class='inline'>
+    <input type='submit' value='Logout' class='inline'>
+  </form>
+</section>
+
+<div style='height:200px' name='big-spacer'></div>
+
+<section>
+  <h2>Under the hood</h2>
+  <h4>Memory</h4>
+  <pre><% free %></pre>
+  <hr>
+  <h4>Storage</h4>
+  <pre><% df -h %></pre>
+  <hr>
+  <h4>Recent log entries</h4>
+  <pre><% tail -n10 /www/log/*.log %></pre>
+  <hr>
+  <h4>Environment</h4>
+  <pre><% env %></pre>
+  <hr>
+</section>
+
+<%
+footerBody
+exit 0
+%>

openwrt/common/opt/lib/resources/admin/admin.css

@@ -53,6 +53,7 @@ input {
 
 input[type='submit'] {
   padding-right: 8px;
+  margin: 10px 2px 0 0;
   width: inherit;
   font-size: 100%;
   cursor: pointer;
@@ -147,6 +148,11 @@ h2 {
   margin: 0;
   padding: 0.2em 0 0.1em;
 }
+h4 {
+  margin: 0;
+  padding: 0.2em 0 0.1em;
+}
+
 
 section {
   border-bottom: solid 1px #999;

openwrt/common/opt/lib/scripts/dyndns-update.sh

@@ -1,10 +1,28 @@
 #!/bin/bash
 
-set -e
-uci -q get superglue.dyndns.disabled && exit 1
-uci -q get superglue.dyndns.domainname || exit 1
+[[ $(uci get dyndns.superglue.enable) == '1' ]] || exit 1
 
-_UPDATEURL=$(uci get superglue.dyndns.updateurl)
-/usr/bin/wget -q "${_UPDATEURL}" -O - >> /www/log/dyndns.log
+_DOMAIN=$(uci get dyndns.superglue.domain) &&
+_SUB=$(uci get dyndns.superglue.subdomain) &&
+_UPDATEURL=$(uci get dyndns.superglue.updateurl) &&
+_CLIENT=$(uci get dyndns.superglue.client)
 
-exit 0
+## if we are on Superglue VPN talk to the VPN gateway
+if grep -q '0A040000' /proc/net/route; then 
+  _UPDATEURL='http://10.4.0.1/ddns/update'
+fi
+
+_JSON='{"jsonrpc": "2.0", "client": "'$_CLIENT'", "sub": "'$_SUB'", "domain": "'$_DOMAIN'"}'
+
+_OUT=$(/usr/bin/curl -s -w '\t%{http_code}' -k -d "data=$_JSON" "$_UPDATEURL" 2>&1)
+_ERR=$?
+
+if [[ $_ERR -gt 0 ]]; then
+  printf -v _TIME '%(%Y-%m-%d %H:%M:%S)T' -1
+  printf '%b\n' "$_TIME: $_OUT" >> "/www/log/dyndns.log"
+  printf '%s' "$_ERR,Updater error"
+else
+  printf '%s' "$_OUT"
+fi
+
+exit $_ERR

openwrt/common/opt/lib/scripts/sg-ddns-update.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+_DOMAIN=$1
+_PSK=$(<../host.psk)
+_DATE=$(date +%s)
+
+_SGVPN='10.0.4.2'
+#_SGVPN=''
+
+trim() {
+  while read line; do
+    if [[ "$line" == "${line//#}" && "$line" == "${line//-----}" ]]; then
+      echo -n $line
+    fi
+  done <<< "$_PSK"
+}
+
+_MD5=$(trim | md5sum) 
+_MD5=${_MD5// *}
+
+_DOMAIN=$(printf '%s' $_DOMAIN | base64)
+
+_JSON='{"jsonrpc": "2.0", "client": "'$_MD5'", "domain": "'$_DOMAIN'", "sgvpn": "'$_SGVPN'"}'
+
+#wget -q --post-data "data=$_JSON" https://superglue.it/ddns/update -O -
+curl -k -d "data=$_JSON" https://superglue.it/ddns/update

openwrt/common/opt/lib/scripts/sg-vpn-check.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+## check if SG openvpn connection is established:
+##   have 10.4.0.0 network
+##   can ping 10.4.0.1 host
+## timeout after 60 seconds
+
+while ! grep -q '0A040000' /proc/net/route; do
+  [[ $COUNT -le 10 ]] || exit 1
+  sleep 1
+  let COUNT++
+done
+
+ping -q -c1 -w5 10.4.0.1 &>/dev/null || exit 2
+

openwrt/tools/auto_scp.sh

@@ -10,7 +10,7 @@ pwd
 CMD='FILE=%f; DEST_FILE=${FILE#*/*/};
 scp $FILE superglue:/$DEST_FILE; 
 if [ $? -eq 0 ]; then 
-  play -q -n synth 0.1 tri 5000.0 gain -15;
+  play -q -n synth 0.1 tri 5000.0 gain -35;
 else
   play -q -n synth 0.5 tri 500.0 gain -10;
 fi'