From: Sergey Ponomarev <stokito@gmail.com>
Date: Mon, 4 Dec 2023 19:09:55 +0000 (+0200)
Subject: luci-app-tor: Manage tor-hs onion services (#6476)
X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=3283cb2ebdb3dbd8ae744125ecd577a0025d14ad;p=project%2Fluci.git

luci-app-tor: Manage tor-hs onion services (#6476)

* luci-app-tor: Manage Onion services (tor-hs)

The tor-hs packages provides Tor Onion (Hidden) Services.
This is a good option to bypass NAT and have stable access to a router.

Later once the main Tor package gains a support of a Proxy/Bridge configuration.
We can add this to the same luci app as a different view.

Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
---

diff --git a/applications/luci-app-tor/Makefile b/applications/luci-app-tor/Makefile
new file mode 100644
index 0000000000..caecd80534
--- /dev/null
+++ b/applications/luci-app-tor/Makefile
@@ -0,0 +1,14 @@
+# See /LICENSE for more information.
+# This is free software, licensed under the Apache License, Version 2.0 .
+#
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=LuCI app to configure Tor
+LUCI_DEPENDS:=+luci-base +tor +tor-hs
+PKG_VERSION:=1.0.0
+PKG_RELEASE:=1
+PKG_MAINTAINER:=Sergey Ponomarev <stokito@gmail.com>
+
+include ../../luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature
diff --git a/applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js b/applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js
new file mode 100644
index 0000000000..ef8368ec1c
--- /dev/null
+++ b/applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js
@@ -0,0 +1,108 @@
+'use strict';
+'require view';
+'require form';
+'require rpc';
+'require uci';
+
+var callTorHsList = rpc.declare({
+	object: 'tor-hs-rpc',
+	method: 'list-hs',
+});
+
+
+return view.extend({
+	load: function () {
+		return Promise.all([
+			L.resolveDefault(callTorHsList(), {}),
+		]);
+	},
+
+	render: function (data) {
+		var hsList = [];
+		if (data[0]['hs-list']) {
+			hsList = data[0]['hs-list'];
+		}
+		var hsMap = new Map();
+		hsList.forEach(function (hs) {
+			hsMap.set(hs.name, hs.hostname);
+		});
+
+		var m, s, o;
+
+		m = new form.Map('tor-hs', _('Tor Onion Services'),
+			_('Tor Onion (Hidden) Services are proxy tunnels to your local website, SSH and other services.') + '<br />' +
+			_('For further information <a %s>check the documentation</a>')
+				.format('href="https://openwrt.org/docs/guide-user/services/tor/hs" target="_blank" rel="noreferrer"')
+		);
+
+		s = m.section(form.GridSection, 'hidden-service', _('Tor Onion Services'));
+		s.addremove = true;
+		s.nodescriptions = true;
+		s.sectiontitle = function (section_id) {
+			let tor = uci.get('tor-hs', section_id);
+			let sectionName = section_id;
+			if (tor['.anonymous']) {
+				sectionName = tor['Name'];
+			}
+			return sectionName;
+		};
+
+		o = s.option(form.Flag, 'Enabled', _('Enabled'));
+		o.default = '1';
+		o.rmempty = false;
+		// We also need to set Name field with the same name as section
+		// The only option to do that is to override write() for some other field i.e. Enabled
+		o.write = function (section_id, formvalue) {
+			// first save the Enabled
+			uci.set('tor-hs', section_id, 'Enabled', formvalue);
+			// set Name field
+			var name = this.map.data.get(this.map.config, section_id, 'Name') || '';
+			if (!name) {
+				// Typically the empty Name happens for new unsaved sections
+				name = section_id;
+				// manually set Name to trigger change
+				uci.set('tor-hs', section_id, 'Name', name);
+			}
+			return name;
+		};
+
+		o = s.option(form.DummyValue, '_Domain', _('Onion domain'));
+		o.modalonly = false;
+		o.rawhtml = true;
+		o.textvalue = function (section_id) {
+			var name = uci.get('tor-hs', section_id, 'Name');
+			if (!name)
+				return '';
+			var hostname = hsMap.get(name);
+			if (!hostname)
+				return '';
+			return '<a href="http://' + hostname + '" target="_blank" rel="noreferrer">' + _('Link') + '</a>';
+		};
+
+		o = s.option(form.Value, 'Description', _('Description'));
+		o.modalonly = true;
+
+		o = s.option(form.Value, 'IPv4', _('Destination address'),
+			_('Traffic will be forwarded to the target hostname')
+		);
+		o.datatype = 'host';
+		o.default = '127.0.0.1';
+
+		o = s.option(form.DynamicList, 'PublicLocalPort', _('Public ports to local'),
+			_('A single <code>Port</code> when the public port is the same as local e.g. <code>80</code>.') + '<br />' +
+			_('A pair <code>PublicPort;LocalPort</code> e.g. <code>80;8080</code>.') + '<br />' +
+			_('A pair <code>PublicPort;unix:Socket</code> e.g. <code>80;unix:/var/run/nginx.sock</code>.')
+		);
+		o.datatype = 'list(string)';
+		o.default = ['80', '443']; // by default expose http and https ports
+		o.rmempty = false;
+
+		o = s.option(form.Value, 'HookScript', _('Hook Script'),
+			_('Path to script which is executed after starting Tor.') + '<br />' +
+			_('The .onion domain is passed into the script via parameter <code>--update-onion HOSTNAME</code>.')
+		);
+		o.modalonly = true;
+
+		return m.render();
+	},
+});
diff --git a/applications/luci-app-tor/po/ru/tor.po b/applications/luci-app-tor/po/ru/tor.po
new file mode 100644
index 0000000000..106e852c83
--- /dev/null
+++ b/applications/luci-app-tor/po/ru/tor.po
@@ -0,0 +1,93 @@
+msgid ""
+msgstr "Content-Type: text/plain; charset=UTF-8\n"
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:93
+msgid "A pair <code>PublicPort;LocalPort</code> e.g. <code>80;8080</code>."
+msgstr "ÐÐ°ÑÐ° <code>ÐÑÐ±Ð»Ð¸ÑÐ½ÑÐ¹ÐÐ¾ÑÑ;ÐÐ¾ÐºÐ°Ð»ÑÐ½ÑÐ¹ÐÐ¾ÑÑ</code> Ð½.Ð¿. <code>80;8080</code>"
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:94
+msgid ""
+"A pair <code>PublicPort;unix:Socket</code> e.g. <code>80;unix:/var/run/nginx."
+"sock</code>."
+msgstr ""
+"ÐÐ°ÑÐ° <code>ÐÑÐ±Ð»Ð¸ÑÐ½ÑÐ¹ÐÐ¾ÑÑ;unix:Ð¡Ð¾ÐºÐµÑ</code> Ð½.Ð¿. <code>80;unix:/var/run/nginx."
+"sock</code>."
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:92
+msgid ""
+"A single <code>Port</code> when the public port is the same as local e.g. "
+"<code>80</code>."
+msgstr ""
+"ÐÐ´Ð¸Ð½ <code>ÐÐ¾ÑÑ</code> ÐºÐ¾Ð³Ð´Ð° Ð¿ÑÐ±Ð»Ð¸ÑÐ½ÑÐ¹ Ð¿Ð¾ÑÑ ÑÐ°ÐºÐ¾Ð¹ Ð¶Ðµ ÐºÐ°Ðº Ð¸ Ð»Ð¾ÐºÐ°Ð»ÑÐ½ÑÐ¹ Ð½.Ð¿. "
+"<code>80</code>."
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:82
+msgid "Description"
+msgstr "ÐÐ¿Ð¸ÑÐ°Ð½Ð¸Ðµ"
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:85
+msgid "Destination address"
+msgstr "AÐ´ÑÐµÑ Ð½Ð°Ð·Ð½Ð°ÑÐµÐ½Ð¸Ñ"
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:50
+msgid "Enabled"
+msgstr "ÐÐºÐ»ÑÑÐµÐ½"
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:34
+msgid "For further information <a %s>check the documentation</a>"
+msgstr ""
+"ÐÐ»Ñ Ð¿Ð¾Ð»ÑÑÐµÐ½Ð¸Ñ Ð´Ð¾Ð¿Ð¾Ð»Ð½Ð¸ÑÐµÐ»ÑÐ½Ð¾Ð¹ Ð¸Ð½ÑÐ¾ÑÐ¼Ð°ÑÐ¸Ð¸ <a %s>ÑÐ¼Ð¾ÑÑÐ¸ÑÐµ Ð´Ð¾ÐºÑÐ¼ÐµÐ½ÑÐ°ÑÐ¸Ñ</a>"
+
+#: applications/luci-app-tor/root/usr/share/rpcd/acl.d/luci-app-tor.json:3
+msgid "Grant UCI access for luci-app-tor"
+msgstr "ÐÑÐµÐ´Ð¾ÑÑÐ°Ð²Ð¸ÑÑ UCI Ð´Ð¾ÑÑÑÐ¿ Ð´Ð»Ñ LuCI Ð¿ÑÐ¸Ð»Ð¾Ð¶ÐµÐ½Ð¸Ñ Tor"
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:100
+msgid "Hook Script"
+msgstr "Ð¡ÐºÑÐ¸Ð¿Ñ ÑÑÐºÐ°"
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:79
+msgid "Link"
+msgstr "Ð¡ÑÑÐ»ÐºÐ°"
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:69
+msgid "Onion domain"
+msgstr "ÐÐ¾Ð¼ÐµÐ½ Onion"
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:101
+msgid "Path to script which is executed after starting Tor."
+msgstr "ÐÑÑÑ Ðº ÑÐºÑÐ¸Ð¿ÑÑ ÐºÐ¾ÑÐ¾ÑÑÐ¹ Ð±ÑÐ´ÐµÑ Ð²ÑÐ¿Ð¾Ð»Ð½ÐµÐ½ Ð¿Ð¾ÑÐ»Ðµ Ð·Ð°Ð¿ÑÑÐºÐ° Tor."
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:91
+msgid "Public ports to local"
+msgstr "ÐÑÐ±Ð»Ð¸ÑÐ½ÑÐµ Ð¿Ð¾ÑÑÑ Ðº ÐÐ¾ÐºÐ°Ð»ÑÐ½ÑÐ¼"
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:102
+msgid ""
+"The .onion domain is passed into the script via parameter <code>--update-"
+"onion HOSTNAME</code>."
+msgstr ""
+"ÐÐ¾Ð¼ÐµÐ½ .onion Ð¿ÐµÑÐµÐ´Ð°ÑÑÑÑ Ð² ÑÐºÑÐ¸Ð¿Ñ ÑÐµÑÐµÐ· Ð¿Ð°ÑÐ°Ð¼ÐµÑÑ <code>--update-onion "
+"HOSTNAME</code>."
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:33
+msgid ""
+"Tor Onion (Hidden) Services are proxy tunnels to your local website, SSH and "
+"other services."
+msgstr ""
+"Tor Onion (Hidden) Services (Ð»ÑÐºÐ¾Ð²Ð¸ÑÐ½ÑÐµ/ÑÐºÑÑÑÑÐµ ÑÐµÑÐ²Ð¸ÑÑ Tor) ÑÑÐ¾ Ð¿ÑÐ¾ÐºÑÐ¸ "
+"ÑÑÐ½ÐµÐ»Ð¸ Ðº Ð²Ð°ÑÐµÐ¼Ñ Ð»Ð¾ÐºÐ°Ð»ÑÐ½Ð¾Ð¼Ñ Ð²ÐµÐ±ÑÐ°Ð¹ÑÑ, SSH Ð¸ Ð´ÑÑÐ³Ð¸Ð¼ ÑÐµÑÐ²Ð¸ÑÐ°Ð¼."
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:32
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:38
+#: applications/luci-app-tor/root/usr/share/luci/menu.d/luci-app-tor.json:16
+msgid "Tor Onion Services"
+msgstr "Tor Onion Ð¡ÐµÑÐ²Ð¸ÑÑ"
+
+#: applications/luci-app-tor/root/usr/share/luci/menu.d/luci-app-tor.json:3
+msgid "Tor onion router"
+msgstr "Tor Ð»ÑÐºÐ¾Ð²Ð¸ÑÐ½ÑÐ¹ ÑÐ¾ÑÑÐµÑ"
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:86
+msgid "Traffic will be forwarded to the target hostname"
+msgstr "Ð¢ÑÐ°ÑÐ¸Ðº Ð±ÑÐ´ÐµÑ Ð¿ÐµÑÐµÐ¿ÑÐ°Ð²Ð»ÐµÐ½ Ð¿Ð¾ ÑÑÐ¾Ð¼Ñ Ð¸Ð¼ÐµÐ½Ð¸ ÑÐ¾ÑÑÐ°"
diff --git a/applications/luci-app-tor/po/templates/tor.pot b/applications/luci-app-tor/po/templates/tor.pot
new file mode 100644
index 0000000000..b2c0cadbf0
--- /dev/null
+++ b/applications/luci-app-tor/po/templates/tor.pot
@@ -0,0 +1,84 @@
+msgid ""
+msgstr "Content-Type: text/plain; charset=UTF-8"
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:93
+msgid "A pair <code>PublicPort;LocalPort</code> e.g. <code>80;8080</code>."
+msgstr ""
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:94
+msgid ""
+"A pair <code>PublicPort;unix:Socket</code> e.g. <code>80;unix:/var/run/nginx."
+"sock</code>."
+msgstr ""
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:92
+msgid ""
+"A single <code>Port</code> when the public port is the same as local e.g. "
+"<code>80</code>."
+msgstr ""
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:82
+msgid "Description"
+msgstr ""
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:85
+msgid "Destination address"
+msgstr ""
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:50
+msgid "Enabled"
+msgstr ""
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:34
+msgid "For further information <a %s>check the documentation</a>"
+msgstr ""
+
+#: applications/luci-app-tor/root/usr/share/rpcd/acl.d/luci-app-tor.json:3
+msgid "Grant UCI access for luci-app-tor"
+msgstr ""
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:100
+msgid "Hook Script"
+msgstr ""
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:79
+msgid "Link"
+msgstr ""
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:69
+msgid "Onion domain"
+msgstr ""
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:101
+msgid "Path to script which is executed after starting Tor."
+msgstr ""
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:91
+msgid "Public ports to local"
+msgstr ""
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:102
+msgid ""
+"The .onion domain is passed into the script via parameter <code>--update-"
+"onion HOSTNAME</code>."
+msgstr ""
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:33
+msgid ""
+"Tor Onion (Hidden) Services are proxy tunnels to your local website, SSH and "
+"other services."
+msgstr ""
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:32
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:38
+#: applications/luci-app-tor/root/usr/share/luci/menu.d/luci-app-tor.json:16
+msgid "Tor Onion Services"
+msgstr ""
+
+#: applications/luci-app-tor/root/usr/share/luci/menu.d/luci-app-tor.json:3
+msgid "Tor onion router"
+msgstr ""
+
+#: applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js:86
+msgid "Traffic will be forwarded to the target hostname"
+msgstr ""
diff --git a/applications/luci-app-tor/root/usr/share/luci/menu.d/luci-app-tor.json b/applications/luci-app-tor/root/usr/share/luci/menu.d/luci-app-tor.json
new file mode 100644
index 0000000000..19777f6bd0
--- /dev/null
+++ b/applications/luci-app-tor/root/usr/share/luci/menu.d/luci-app-tor.json
@@ -0,0 +1,23 @@
+{
+	"admin/services/tor": {
+		"title": "Tor onion router",
+		"order": 60,
+		"action": {
+			"type": "alias",
+			"path": "admin/services/tor/tor-hs"
+		},
+		"depends": {
+			"acl": [
+				"luci-app-tor"
+			]
+		}
+	},
+	"admin/services/tor/tor-hs": {
+		"title": "Tor Onion Services",
+		"order": 20,
+		"action": {
+			"type": "view",
+			"path": "tor/tor-hs"
+		}
+	}
+}
diff --git a/applications/luci-app-tor/root/usr/share/rpcd/acl.d/luci-app-tor.json b/applications/luci-app-tor/root/usr/share/rpcd/acl.d/luci-app-tor.json
new file mode 100644
index 0000000000..81bb9272bd
--- /dev/null
+++ b/applications/luci-app-tor/root/usr/share/rpcd/acl.d/luci-app-tor.json
@@ -0,0 +1,22 @@
+{
+	"luci-app-tor": {
+		"description": "Grant UCI access for luci-app-tor",
+		"read": {
+			"ubus": {
+				"tor_rpcd.sh": [
+					"list-hs"
+				]
+			},
+			"uci": [
+				"tor",
+				"tor-hs"
+			]
+		},
+		"write": {
+			"uci": [
+				"tor",
+				"tor-hs"
+			]
+		}
+	}
+}
