ustclug / lug-vpn-web Goto Github PK
View Code? Open in Web Editor NEWLUG VPN 申请系统
Home Page: https://getvpn.ustclug.org/
License: GNU Affero General Public License v3.0
lug-vpn-web's People
Stargazers
Watchers
Forkers
iris-fuzzyextractor jinghfut jminging wujcheng smarthypercube-fork lhrkkk volltin liginity taoky ynpython yangzhaofeng americading 16x2lug-vpn-web's Issues
新用户登录时,旧cookie不会失效
问题描述:
- 使用A账号登录网站,不要点击logout
- 重新访问/login,使用B账号登录网站,呈现的信息仍然是A账号的。
修复建议
Method A:
如果在/login页面检测到有效cookie,直接跳转至/
Method B:
新账号登录时,旧cookie标记失效
记录申请历史
希望能够记录所有申请历史。目前新的申请记录会覆盖旧的申请记录,旧记录只能查邮件。
希望能够将申请记录单独创建一张表(第三范式?),将所有申请历史都记录下来。方便管理员审核参考历史被拒原因。
New Applications 页面单独做成一个页面
现在用户量已经很大了,每次通过申请时,需要加载所有用户的列表,比较慢。把 New Applications 单独提出来会快很多
审核完成后向管理员邮箱发送邮件
方便多位管理员同时审核
正文中包含:姓名,邮箱,学号,申请理由,申请结果(通过/不通过),拒绝理由,审核者。
建议在数据库中新增一个字段记录审核者
邮箱未验证通过的用户,登录时添加重发邮件按钮
判断学号位数
建议增加一个判断:
如果Student/Staff No.字段,位数不等于10位(学号)或5位(工资号),则提示用户修改。
Month traffic排序错误
可能是 1d7ef88 引入的bug
改进VPN和light前端
- 在点击申请按钮后变灰
- 改成“中文真实姓名”
- 在快过期时自动发邮件提醒续期
校外连接vpn之后,北邮人pt无法连接?
现在是在校外,这两天连接lug vpn之后,访问北邮人pt出现
Hmm. We’re having trouble finding that site.
We can’t connect to the server at byr.pt.
这个提示,ping的时候显示Destination unreachable: Address unreachable
$ ping byr.pt
PING byr.pt(tracker.byr.pt (2001:da8:215:4078:250:56ff:fe97:654d)) 56 data bytes
From ustc.edu.cn (2001:da8:d800:5f52:7::1) icmp_seq=1 Destination unreachable: Address unreachable
From ustc.edu.cn (2001:da8:d800:5f52:7::1) icmp_seq=2 Destination unreachable: Address unreachable
From ustc.edu.cn (2001:da8:d800:5f52:7::1) icmp_seq=3 Destination unreachable: Address unreachable
From ustc.edu.cn (2001:da8:d800:5f52:7::1) icmp_seq=4 Destination unreachable: Address unreachable
^C
--- byr.pt ping statistics ---
6 packets transmitted, 0 received, +4 errors, 100% packet loss, time 12176ms
而ping youtube, ipv6正常ping通:
$ ping youtube.com
PING youtube.com(nrt13s50-in-x0e.1e100.net (2404:6800:4004:818::200e)) 56 data bytes
64 bytes from nrt13s50-in-x0e.1e100.net (2404:6800:4004:818::200e): icmp_seq=1 ttl=116 time=75.4 ms
64 bytes from nrt13s50-in-x0e.1e100.net (2404:6800:4004:818::200e): icmp_seq=2 ttl=116 time=74.2 ms
64 bytes from nrt13s72-in-x0e.1e100.net (2404:6800:4004:818::200e): icmp_seq=3 ttl=116 time=85.4 ms
64 bytes from nrt13s50-in-x0e.1e100.net (2404:6800:4004:818::200e): icmp_seq=4 ttl=116 time=75.3 ms
^C
--- youtube.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 74.158/77.563/85.432/4.568 ms
这个是哪边的问题?我这里的网络有华数这个狗屁网和移动这个破网,2个都是这样。
docker容器时区不对
在申请已通过的网页中显示VPN服务章程
Rejected Users添加ban状态,阻止用户反复申请
账号的过期
在radcheck里维护一项 attribure为'Expiration'的 value为日期(格式在此)的记录。
通过username来标明某用户会在此时间后过期。
为了方便只写日期不写时间也可以,如 '7 Sep 2016'就使提交此issue的时间无法通过验证。
前端添加申请时限,默认2个月之类的。后端就可以在申请的时候一次insert两条,一条Cleartext-Password,一条Expiration。
变回永久是: delete from radcheck where username='[email protected]' and attribute='Expiration';
续期通过把已有的Expiration的value改变(当前时间+2个月)即可。
参考
import datetime
(datetime.date.today()+datetime.timedelta(days=60)).strftime('%d %b %Y')index页面增加Linux、Android教程
@zhsj 似乎写了一份
新功能:管理界面添加折叠各部分的按钮
建议修改 lug-vpn-web/app/views.py (light 分支)
light分支的文件中对于拒绝的申请,使用的标题是
Your application has been rejected
而我看到,master分支使用的是
Your VPN application has been rejected
强烈建议,从政治正确的角度,为了照顾申请出国的同学,将这个提示语,从
Your application has been rejected
改成
Almost done! Your petition is waiting for minor revision!
创建RADIUS用户时,将用户添加到用户组
(Moved From GitLab)
改进:创建RADIUS用户时,将用户添加到用户组
SQL语句举例: INSERT INTO radusergroup (UserName, GroupName, priority) VALUES ('zzh1996', 'groupname', 1);
这样就可以利用用户组来批量为用户添加流量限制和连接数限制
如何申请增加代理网址?
记得以前有个地址提交,现在忘了
管理界面点击edit按钮,页面会刷新,但无实质功能
TODO: su 功能
允许 admin 通过 /su/username 来切换到其他用户的登录态,以方便操作
server无响应,可能是收发验证码的环节
log显示如下:
101.226.66.181 - - [23/Jun/2016 23:55:06] code 400, message Bad request syntax ('GET /?nsukey=yBzUd1rlOdBQqns%2FP0uvX2gFkU2Zm9Bm8NPmmHG8wsO4mQVKCrKEicpgr%2B2TxOdREkaqiE4w5GCXv%2BN0SDJxHw%3D%3D&version=10000&doview=1&ua=Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_2 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13F69 MicroMessenger/6.3.16 NetType/WIFI Language/zh_CN&keeplink=0&reformat=0 HTTP/1.1')
101.226.66.181 - - [23/Jun/2016 23:55:06] "GET /?nsukey=yBzUd1rlOdBQqns%2FP0uvX2gFkU2Zm9Bm8NPmmHG8wsO4mQVKCrKEicpgr%2B2TxOdREkaqiE4w5GCXv%2BN0SDJxHw%3D%3D&version=10000&doview=1&ua=Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_2 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13F69 MicroMessenger/6.3.16 NetType/WIFI Language/zh_CN&keeplink=0&reformat=0 HTTP/1.1" HTTPStatus.BAD_REQUEST -
是否需要打开Debug模式?
如何正确使用
如何正确使用这个系统?想魔改一下它用在别的地方
数据库所在的域名偶尔解析失败
一般都是很久没有访问申请系统,突然访问的时候报错,刷新一下网页就好了
应对安全漏洞
流量超限通知
当用户流量到达上限时,发送提醒邮件
Rejected Users列表反序
能否将Rejected Users的排序反过来,让最新的申请出现在上方,较旧的申请放在后面。
增加有效时间功能、到期暂停账户功能、续期申请功能
- 在index页面显示账号的到期时间
- 管理员页面添加清理到期账号按钮(也可以由crontab自动触发,但可能会麻烦一些)
- 进入有效时间的最后一个学期时,用户界面显示续期按钮(需要再次提交申请理由),同时通知用户。
issue优先级:低
studentid字段只允许填写数字和大写字母
收到重复的申请邮件(Light)
一部分申请信息会被 noreply 重复发送 2 次。邮件内容看起来是相同的。
IKEv2连接无记录显示
设备:iPhone 5s (A1453)
操作系统:iOS 9.3.2 (13F69)
网络环境:电信PPPoE、路由器NAT
相同环境下PPTP连接有记录显示。
申请页面阻止用户多次提交
由于发邮件会卡住一小会儿,如果这段时间用户再次点击提交按钮,则会再次触发提交。这样,就会发送多封邮件。
建议在用户点击提交按钮后,用js锁住按钮一段时间。或者改变按钮颜色,以“提醒”用户正在处理。避免用户重复提交。
用户界面显示自己当月消耗的总流量
(Moved From GitLab)
申请理由改成选项式&&投票功能
- 当前学期内参加3次小聚活动
提示用户填写参加的小聚名称 - 当前学期内主讲1次小聚或Linux User Party
无需输入框 - 当前学期内撰写2篇新闻稿,并被审核通过
提示用户输入新闻稿地址 - 经考核的服务器维护小组成员
无需输入框 - 在社团中担任或曾经担任任意职务
无需输入框 - 由三位(含)以上社团负责人认定的突出贡献
提示用户,后台将发起管理员投票,三票通过
提供一个输入框,让用户输入自己的事迹😂 - 在职教师
无需输入框
判断用户是否是@ustc.edu.cn邮箱,如果是,则无需输入框。反之,提示用户换邮箱。
flask执行异常(light分支)
在后台点击pass按钮时报调用栈:
10.254.0.252 - - [19/Mar/2017 21:10:32] "POST /pass/199 HTTP/1.1" 500 -
Traceback (most recent call last):
File "/usr/lib/python3.5/site-packages/flask/app.py", line 2000, in __call__
return self.wsgi_app(environ, start_response)
File "/usr/lib/python3.5/site-packages/flask/app.py", line 1991, in wsgi_app
response = self.make_response(self.handle_exception(e))
File "/usr/lib/python3.5/site-packages/flask/app.py", line 1567, in handle_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python3.5/site-packages/flask/_compat.py", line 33, in reraise
raise value
File "/usr/lib/python3.5/site-packages/flask/app.py", line 1988, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python3.5/site-packages/flask/app.py", line 1641, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python3.5/site-packages/flask/app.py", line 1544, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python3.5/site-packages/flask/_compat.py", line 33, in reraise
raise value
File "/usr/lib/python3.5/site-packages/flask/app.py", line 1639, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python3.5/site-packages/flask/app.py", line 1625, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/lib/python3.5/site-packages/flask_login.py", line 792, in decorated_view
return func(*args, **kwargs)
File "/srv/lugvpn-web/app/views.py", line 163, in pass_
send_mail('Your application has passed', html, user.email)
File "/srv/lugvpn-web/app/mail.py", line 11, in send_mail
mail.send(msg)
File "/usr/lib/python3.5/site-packages/flask_mail.py", line 491, in send
with self.connect() as connection:
File "/usr/lib/python3.5/site-packages/flask_mail.py", line 144, in __enter__
self.host = self.configure_host()
File "/usr/lib/python3.5/site-packages/flask_mail.py", line 158, in configure_host
host = smtplib.SMTP(self.mail.server, self.mail.port)
File "/usr/lib/python3.5/smtplib.py", line 251, in __init__
(code, msg) = self.connect(host, port)
File "/usr/lib/python3.5/smtplib.py", line 335, in connect
self.sock = self._get_socket(host, port, self.timeout)
File "/usr/lib/python3.5/smtplib.py", line 306, in _get_socket
self.source_address)
File "/usr/lib/python3.5/socket.py", line 693, in create_connection
for res in getaddrinfo(host, port, 0, SOCK_STREAM):
File "/usr/lib/python3.5/socket.py", line 732, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno -3] Try again
有时间看一下吗? @zzh1996
bug: 新申请发邮件内容没有申请人邮箱
Rejected Users增加列:申请时间/申请被拒绝时间 方便排序查看
显示用户被分配的 VPN 内网 ip
多个设备在同一个 NAT 后面同时登录时,仅根据外网 ip 不好区分设备。Radius 有记录分配的内网 ip 这个数据吗?
新功能:管理员手工添加/编辑账号、管理员重置用户密码
(Moved From GitLab)
TODO:更漂亮的邮件内容、群发邮件
(Moved From GitLab)
新功能:彻底删除用户
(Moved From GitLab)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.