From 65496cbce9c52ee497116c297e8674d3814c4f79 Mon Sep 17 00:00:00 2001
From: Xavier Henner <xavier.henner@dailymotion.com>
Date: Tue, 30 Jul 2019 16:34:12 +0200
Subject: [PATCH] save wip

---
 httpd.go     | 41 ++++++++++++++++--------------
 main.go      |  2 ++
 vpnlist.go   | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 vpnserver.go |  5 +++-
 4 files changed, 99 insertions(+), 20 deletions(-)
 create mode 100644 vpnlist.go

diff --git a/httpd.go b/httpd.go
index a6f7685..231dbcd 100644
--- a/httpd.go
+++ b/httpd.go
@@ -12,7 +12,6 @@ import (
 	"log"
 	"net/http"
 	"os"
-	"strings"
 )
 
 type jsonInput struct {
@@ -79,16 +78,17 @@ func (h *HttpServer) helpHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func (h *HttpServer) ajaxHandler(w http.ResponseWriter, r *http.Request) {
-	var sslUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageAny}
+	//var sslUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageAny}
 
 	w.Header().Set("Content-type", "application/json")
 
 	// deactivate if there is no https auth
-	if h.key == "" || h.cert == "" || h.certPool == nil {
-		http.Error(w, "No security, deactivated", 403)
-		return
-	}
-
+	/*
+		if h.key == "" || h.cert == "" || h.certPool == nil {
+			http.Error(w, "No security, deactivated", 403)
+			return
+		}
+	*/
 	// add CORS headers
 	w.Header().Set("Access-Control-Allow-Origin", r.Header.Get("Origin"))
 	w.Header().Set("Access-Control-Allow-Methods", "POST")
@@ -107,21 +107,24 @@ func (h *HttpServer) ajaxHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// ssl auth
-	if len(r.TLS.PeerCertificates) == 0 {
-		log.Println(len(r.TLS.PeerCertificates))
-		http.Error(w, "Need certificate", 403)
-		return
-	}
-	opts := x509.VerifyOptions{Roots: h.certPool, KeyUsages: sslUsage}
-	if _, err := r.TLS.PeerCertificates[0].Verify(opts); err != nil {
-		http.Error(w, "Bad certificate", 403)
-		return
-	}
-
-	webuser := strings.Replace(r.TLS.PeerCertificates[0].Subject.CommonName, " ", "", -1)
+	/*
+		if len(r.TLS.PeerCertificates) == 0 {
+			log.Println(len(r.TLS.PeerCertificates))
+			http.Error(w, "Need certificate", 403)
+			return
+		}
+		opts := x509.VerifyOptions{Roots: h.certPool, KeyUsages: sslUsage}
+		if _, err := r.TLS.PeerCertificates[0].Verify(opts); err != nil {
+			http.Error(w, "Bad certificate", 403)
+			return
+		}
 
+		webuser := strings.Replace(r.TLS.PeerCertificates[0].Subject.CommonName, " ", "", -1)
+	*/
 	//TODO security
 
+	webuser := "xavier"
+
 	log.Printf("%s is connected via the web interfaces\n", webuser)
 
 	req, err := parseJsonQuery(r)
diff --git a/main.go b/main.go
index 3519941..47f606f 100644
--- a/main.go
+++ b/main.go
@@ -47,6 +47,8 @@ func main() {
 		server.debug = true
 	}
 
+	log.Println(getServerList("https://www.expressvpn.com/vpn-server"))
+
 	// time to start the listeners
 	go server.Run()
 	NewHTTPServer(
diff --git a/vpnlist.go b/vpnlist.go
new file mode 100644
index 0000000..3223168
--- /dev/null
+++ b/vpnlist.go
@@ -0,0 +1,71 @@
+package main
+
+// get https://www.expressvpn.com/vpn-server
+// remove everyting starting with >
+// remove until "Not supported" and after What the green checks mean
+
+import (
+	"bufio"
+	"fmt"
+	"net"
+	"net/http"
+	"strings"
+	"time"
+)
+
+func getServerList(url string) []string {
+	ret := []string{}
+	// Create HTTP client with timeout
+	client := &http.Client{
+		Timeout: 30 * time.Second,
+	}
+
+	// Make request
+	response, err := client.Get(url)
+	if err != nil {
+		fmt.Println(err)
+		return nil
+	}
+	defer response.Body.Close()
+
+	buf := bufio.NewReader(bufio.NewReader(response.Body))
+	start := false
+	for {
+		line, err := buf.ReadString('\n')
+		if err != nil {
+			break
+		}
+		line = strings.Trim(line, "\n\r ")
+		if strings.HasPrefix(line, "<") {
+			continue
+		}
+		if line == "Not supported" {
+			start = true
+			continue
+		}
+		if line == "What the green checks mean" {
+			start = false
+		}
+		if !start {
+			continue
+		}
+
+		if line == "" {
+			continue
+		}
+
+		// france-paris-1-ca-version-2.expressnetw.com
+		line = strings.ToLower(line)
+		line = strings.ReplaceAll(line, " &amp; ", "")
+		line = strings.ReplaceAll(line, " ", "")
+
+		name := fmt.Sprintf("%s-ca-version-2.expressnetw.com", line)
+		fmt.Println(name)
+
+		if _, err := net.ResolveIPAddr("ip4", name); err == nil {
+			ret = append(ret, name)
+		}
+	}
+
+	return ret
+}
diff --git a/vpnserver.go b/vpnserver.go
index 1c0d3d9..b976588 100644
--- a/vpnserver.go
+++ b/vpnserver.go
@@ -186,7 +186,10 @@ func (s *OpenVpnMgt) handleConn(conn net.Conn) {
 		switch {
 		// command successfull, we can ignore
 		case strings.HasPrefix(line, ">SUCCESS: client-deny command succeeded"):
-
+		case strings.HasPrefix(line, ">HOLD"):
+			s.sendCommand([]string{"hold release"}, remote)
+		case strings.HasPrefix(line, ">REMOTE"):
+			s.sendCommand([]string{"remote ACCEPT"}, remote)
 		default:
 			response = append(response, line)
 		}