From 29a53c5ef662909157093b4c54a62fe67e664bc2 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Sun, 13 Oct 2019 21:28:11 +0500
Subject: [PATCH 01/39] Initial working server + client for modifying config,
 running commands

---
 app/index.html | 103 +++++++++++++++++++++++++++++++++++++++++++++++++
 app/server.py  |  71 ++++++++++++++++++++++++++++++++++
 2 files changed, 174 insertions(+)
 create mode 100644 app/index.html
 create mode 100644 app/server.py

diff --git a/app/index.html b/app/index.html
new file mode 100644
index 000000000..927a60abe
--- /dev/null
+++ b/app/index.html
@@ -0,0 +1,103 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Algo webapp</title>
+  <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css"
+        integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
+  <script src="https://cdn.jsdelivr.net/npm/vue/dist/vue.js"></script>
+</head>
+<div class="container" id="app">
+  <h1>1. Set up user list</h1>
+  <ul class="list-group">
+    <li class="list-group-item"
+        v-for="(user, index) in config.users"
+        :key="user"
+    >
+      {{ user }}
+      <button type="button" class="btn btn-secondary btn-sm float-right" v-on:click="removeUser(index)">Remove</button>
+    </li>
+  </ul>
+  <div class="my-3 form-group">
+    <label for="id_new_user">Add new user</label>
+      <div class="input-group">
+
+          <input type="text" id="id_new_user" class="form-control" placeholder="username" v-model="newUser">
+          <div class="input-group-append">
+              <button v-on:click="addUser" class="btn btn-outline-primary" type="button" id="button-addon2">Add</button>
+          </div>
+      </div>
+  </div>
+  <button v-on:click="save" v-bind:disabled="loading" class="btn btn-primary" type="button">Save</button>
+  <span v-if="saveConfigMessage" v-bind:class="{ 'text-success': ok, 'text-danged': !ok }">{{saveConfigMessage}}</span>
+  
+</div>
+
+<body>
+<script>
+var ws = new WebSocket("ws://127.0.0.1:8080/ws");
+window.ws = ws;
+ws.onopen = function (event) {
+    init();
+}
+function init() {
+    var app = new Vue({
+        el: '#app',
+        data: {
+          ok: false,
+          config: {},
+          loading: false,
+          newUser: '',
+          saveConfigMessage: ''
+        },
+        methods: {
+            addUser: function () {
+              this.config.users.push(this.newUser);
+              this.newUser = '';
+            },
+            removeUser: function(index) {
+              this.config.users.splice(index, 1);
+            },
+            save: function() {
+              this.loading = true;
+              fetch('/config', {
+                  method: 'POST',
+                  body: JSON.stringify(this.config),
+                  headers: {
+                    'Content-Type': 'application/json'
+                  }
+              }).then(r => r.json()).then(result => {
+                if (result.ok) {
+                  this.ok = true;
+                  this.saveConfigMessage = 'Saved!';
+                  setTimeout(() => {
+                    this.saveConfigMessage = '';
+                  }, 1000);
+                } else {
+                  this.ok = false;
+                  this.saveConfigMessage = 'Not Saved!';
+                  setTimeout(() => {
+                    this.saveConfigMessage = '';
+                  }, 1000);
+                }
+              }).finally(() => {
+                this.loading = false;
+              });
+            },
+            load: function() {
+              this.loading = true;
+              fetch('/config').then(r => r.json()).then(config => {
+                  this.config = config;
+              }).finally(() => {
+                this.loading = false;
+              });
+            }
+        }
+    });
+    app.load();
+    window.app = app;
+}
+
+
+</script>
+</body>
+</html>
diff --git a/app/server.py b/app/server.py
new file mode 100644
index 000000000..f6660478e
--- /dev/null
+++ b/app/server.py
@@ -0,0 +1,71 @@
+import asyncio
+from os.path import join, dirname
+
+import aiohttp
+import yaml
+from aiohttp import web
+
+routes = web.RouteTableDef()
+PROJECT_ROOT = dirname(dirname(__file__))
+
+
+async def handle_index(_):
+    with open(join(PROJECT_ROOT, 'app', 'index.html'), 'r') as f:
+        return web.Response(body=f.read(), content_type='text/html')
+
+
+async def websocket_handler(request):
+    ws = web.WebSocketResponse()
+    await ws.prepare(request)
+
+    async for msg in ws:
+        if msg.type == aiohttp.WSMsgType.TEXT:
+            if msg.data == 'close':
+                await ws.close()
+            else:
+                p = await asyncio.create_subprocess_shell(
+                    msg.data,
+                    stdout=asyncio.subprocess.PIPE,
+                    stderr=asyncio.subprocess.PIPE
+                )
+                while True:
+                    line = await p.stdout.readline()
+                    if not line:
+                        break
+                    else:
+                        await ws.send_str(line.decode('ascii').rstrip())
+
+        elif msg.type == aiohttp.WSMsgType.ERROR:
+            print('ws connection closed with exception %s' % ws.exception())
+
+    print('websocket connection closed')
+    return ws
+
+
+@routes.view("/config")
+class UsersView(web.View):
+    async def get(self):
+        with open(join(PROJECT_ROOT, 'config.cfg'), 'r') as f:
+            config = yaml.safe_load(f.read())
+            return web.json_response(config)
+
+    async def post(self):
+        data = await self.request.json()
+        with open(join(PROJECT_ROOT, 'config.cfg'), 'w') as f:
+            try:
+                config = yaml.safe_dump(data)
+            except Exception as e:
+                return web.json_response({'error': {
+                    'code': type(e).__name__,
+                    'message': e,
+                }}, status=400)
+            else:
+                f.write(config)
+                return web.json_response({'ok': True})
+
+
+app = web.Application()
+app.router.add_get('/ws', websocket_handler)
+app.router.add_get('/', handle_index)
+app.router.add_routes(routes)
+web.run_app(app)

From 7dd4044670b9b4e9f0d831624da223231c640a84 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Tue, 15 Oct 2019 01:35:40 +0500
Subject: [PATCH 02/39] Initial webapp version

---
 app/index.html | 251 +++++++++++++++++++++++++++++++++++++++++++------
 app/server.py  |  74 ++++++++++-----
 2 files changed, 275 insertions(+), 50 deletions(-)

diff --git a/app/index.html b/app/index.html
index 927a60abe..8e57c24e5 100644
--- a/app/index.html
+++ b/app/index.html
@@ -1,38 +1,182 @@
 <!DOCTYPE html>
-<html>
+<html class="h-100">
 <head>
   <title>Algo webapp</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
   <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css"
         integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
-  <script src="https://cdn.jsdelivr.net/npm/vue/dist/vue.js"></script>
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/xterm/3.14.5/xterm.min.css"
+          integrity="sha256-uTIrmf95e6IHlacC0wpDaPS58eWF314UC7OgdrD6AdU=" crossorigin="anonymous"/>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/vue/2.6.10/vue.min.js"
+            integrity="sha256-chlNFSVx3TdcQ2Xlw7SvnbLAavAQLO0Y/LBiWX04viY=" crossorigin="anonymous"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/xterm/3.14.5/xterm.min.js"
+            integrity="sha256-tDeULIXIGkXbz7dkZ0qcQajBIS22qS8jQ6URaeMoVJs=" crossorigin="anonymous"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/js/bootstrap.bundle.js"
+            integrity="sha256-pVreZ67fRaATygHF6T+gQtF1NI700W9kzeAivu6au9U=" crossorigin="anonymous"></script>
 </head>
-<div class="container" id="app">
-  <h1>1. Set up user list</h1>
-  <ul class="list-group">
-    <li class="list-group-item"
-        v-for="(user, index) in config.users"
-        :key="user"
-    >
-      {{ user }}
-      <button type="button" class="btn btn-secondary btn-sm float-right" v-on:click="removeUser(index)">Remove</button>
-    </li>
-  </ul>
-  <div class="my-3 form-group">
-    <label for="id_new_user">Add new user</label>
-      <div class="input-group">
+<body class="h-100">
+<div class="d-flex flex-column h-100" id="app">
+    <div class="flex-shrink-0" v-if="formMode">
+        <div class="container">
+            <h1 class="mb-5 text-center">Algo VPN Setup</h1>
+            <div class="row">
+                <div class="col-md-4 order-md-2 mb-4">
+                    <h2>Users</h2>
+                    <section class="my-3">
+                        <h4>Set up user list</h4>
+                        <ul class="list-group">
+                            <li class="list-group-item"
+                                v-for="(user, index) in config.users"
+                                :key="user"
+                            >
+                                {{ user }}
+                                <button type="button" class="btn btn-secondary btn-sm float-right"
+                                        @click="removeUser(index)">
+                                    Remove
+                                </button>
+                            </li>
+                        </ul>
+                        <div class="my-3 form-group">
+                            <label for="id_new_user">Add new user</label>
+                            <div class="input-group">
 
-          <input type="text" id="id_new_user" class="form-control" placeholder="username" v-model="newUser">
-          <div class="input-group-append">
-              <button v-on:click="addUser" class="btn btn-outline-primary" type="button" id="button-addon2">Add</button>
-          </div>
-      </div>
-  </div>
-  <button v-on:click="save" v-bind:disabled="loading" class="btn btn-primary" type="button">Save</button>
-  <span v-if="saveConfigMessage" v-bind:class="{ 'text-success': ok, 'text-danged': !ok }">{{saveConfigMessage}}</span>
-  
-</div>
+                                <input type="text" id="id_new_user" class="form-control" placeholder="username"
+                                       v-model="newUser">
+                                <div class="input-group-append">
+                                    <button @click="addUser" class="btn btn-outline-primary" type="button"
+                                            id="button-addon2">
+                                        Add
+                                    </button>
+                                </div>
+                            </div>
+                        </div>
+                    </section>
+                    <div>
+                        <button @click="save" v-bind:disabled="loading" class="btn btn-secondary" type="button">Save
+                        </button>
+                        <span v-if="saveConfigMessage"
+                              v-bind:class="{ 'text-success': ok, 'text-danged': !ok }">{{saveConfigMessage}}</span>
+                    </div>
+                </div>
+                <div class="col-md-8 order-md-1">
+                    <h2>VPN Options</h2>
+                    <section class="my-3">
+                        <div class="form-group">
+                            <label>Name the vpn server</label>
+                            <input type="text" class="form-control" placeholder="server name"
+                                   v-model="extra_args.server_name"/>
+                        </div>
+                        <label>MacOS/iOS IPsec clients to enable Connect On Demand:</label>
+                        <div class="form-check">
+                            <label title="MacOS/iOS IPsec clients to enable Connect On Demand when connected to cellular
+                                networks?">
+                                <input class="form-check-input" type="checkbox" name="ondemand_cellular"
+                                       v-model="extra_args.ondemand_cellular">
+                                when connected to cellular networks
+                            </label>
+                        </div>
+                        <div class="form-check">
+                            <label title="MacOS/iOS IPsec clients to enable Connect On Demand when connected to Wi-Fi?">
+                                <input class="form-check-input" type="checkbox" name="ondemand_wifi"
+                                       v-model="extra_args.ondemand_wifi">
+                                when connected to WiFi
+                            </label>
+                        </div>
+
+                        <div class="form-group">
+                            <label for="id_ondemand_wifi_exclude">Trusted Wi-Fi networks</label>
+                            <input type="text" class="form-control" id="id_ondemand_wifi_exclude"
+                                   name="ondemand_wifi_exclude"
+                                   placeholder="HomeNet,OfficeWifi,AlgoWiFi"
+                                   v-model="extra_args.ondemand_wifi_exclude"/>
+                            <small class="form-text text-muted">
+                                List the names of any trusted Wi-Fi networks where
+                                macOS/iOS
+                                IPsec clients should not use "Connect On Demand"
+                                (e.g., your home network. Comma-separated value, e.g.,
+                                HomeNet,OfficeWifi,AlgoWiFi)
+                            </small>
+                        </div>
+                        <label>Retain the PKI</label>
+                        <div class="form-check">
+                            <label>
+                                <input class="form-check-input" type="checkbox" name="store_pki"
+                                       v-model="extra_args.store_pki">
+                                Do you want to retain the keys (PKI)?
+                                <small class="form-text text-muted">required to add users in the future, but less
+                                secure</small>
+                            </label>
 
-<body>
+                        </div>
+                        <label>DNS adblocking</label>
+                        <div class="form-check">
+                            <label>
+                                <input class="form-check-input" type="checkbox" name="dns_adblocking"
+                                       v-model="extra_args.dns_adblocking">
+                                Enable DNS ad blocking on this VPN server
+                            </label>
+                        </div>
+                        <label>SSH tunneling</label>
+                        <div class="form-check">
+                            <label>
+                                <input class="form-check-input" type="checkbox" name="ssh_tunneling"
+                                       v-model="extra_args.ssh_tunneling">
+                                Each user will have their own account for SSH tunneling
+                            </label>
+                        </div>
+                    </section>
+                </div>
+            </div>
+            <hr class="my-3">
+            <section class="my-3">
+                <h2>Select cloud provider</h2>
+                <div class="form-check">
+                    <label>
+                        <input class="form-check-input" type="radio" name="provider" value="digitalocean"
+                               v-model="extra_args.provider">
+                        DigitalOcean
+                    </label>
+                </div>
+                <div class="form-check">
+                    <label>
+                        <input class="form-check-input" type="radio" name="provider" value="lightsail"
+                               v-model="extra_args.provider">
+                        Amazon Lightsail
+                    </label>
+                </div>
+            </section>
+            <section class="my-3" v-if="extra_args.provider === 'digitalocean'">
+                <h4>Digital Ocean Options</h4>
+                <div class="form-group">
+                    <label for="id_do_token">Enter your API token. The token must have read and write permissions
+                        (https://cloud.digitalocean.com/settings/api/tokens):</label>
+                    <input type="text" class="form-control" id="id_do_token" name="do_token"
+                           v-model="extra_args.do_token"
+                           @blur="load_do_regions"/>
+                </div>
+                <div class="form-group">
+                    <label for="id_region">What region should the server be located in?</label>
+                    <select name="region" id="id_region" class="form-control" v-model="extra_args.region">
+                        <option value="" disabled>Select region</option>
+                        <option
+                            v-for="(region, index) in do_regions"
+                            v-bind:value="region.slug">
+                            {{region.name}}
+                        </option>
+                    </select>
+                </div>
+            </section>
+        </div>
+    </div>
+    <div v-if="consoleMode" id="terminal">
+    </div>
+    <footer class="footer mt-auto py-3" v-if="formMode">
+        <div class="container text-center">
+            <button @click="start" v-bind:disabled="loading" class="btn btn-primary btn-lg" type="button">Install
+            </button>
+        </div>
+    </footer>
+</div>
 <script>
 var ws = new WebSocket("ws://127.0.0.1:8080/ws");
 window.ws = ws;
@@ -45,9 +189,21 @@ <h1>1. Set up user list</h1>
         data: {
           ok: false,
           config: {},
+          do_regions: {},
+          extra_args: {
+            server_name: 'algo',
+            ondemand_cellular: false,
+            ondemand_wifi: false,
+            dns_adblocking: false,
+            ssh_tunneling: false,
+            store_pki: false,
+            ondemand_wifi_exclude: ''
+          },
           loading: false,
           newUser: '',
-          saveConfigMessage: ''
+          saveConfigMessage: '',
+          formMode: true,
+          consoleMode: false
         },
         methods: {
             addUser: function () {
@@ -90,11 +246,50 @@ <h1>1. Set up user list</h1>
               }).finally(() => {
                 this.loading = false;
               });
+            },
+            start: function() {
+              var args = '';
+              for (arg in this.extra_args) {
+                args += `${arg}=${this.extra_args[arg]} `;
+              }
+              ws.send(`ansible-playbook main.yml --extra-vars "${args}"`);
+              this.formMode = false;
+              var term = new Terminal();
+              term.open(document.getElementById('terminal'));
+              ws.onmessage = function(event) {
+                term.write(event.data + '\r\n');
+                if (event.data.length > term.cols) {
+                  term.resize(event.data.length, term.rows);
+                }
+              };
+              window.term = term;
+              this.consoleMode = true;
+            },
+            load_do_regions: function() {
+              if (this.extra_args.provider === 'digitalocean' && this.extra_args.do_token) {
+                this.loading = true;
+                fetch('/do/regions', {
+                  method: 'POST',
+                  headers: {
+                    'Content-Type': 'application/json'
+                  },
+                  body: JSON.stringify({token: this.extra_args.do_token})
+                }).then(r => r.json()).then(r => {
+                    this.do_regions = r.regions;
+                }).finally(() => {
+                  this.loading = false;
+                });
+              }
             }
         }
     });
     app.load();
     window.app = app;
+    window.onclose = function() {
+      if (ws.readyState === ws.OPEN) {
+        ws.send('close');
+      }
+    }
 }
 
 
diff --git a/app/server.py b/app/server.py
index f6660478e..291adfcd9 100644
--- a/app/server.py
+++ b/app/server.py
@@ -1,12 +1,14 @@
 import asyncio
-from os.path import join, dirname
-
+import signal
+import sys
 import aiohttp
 import yaml
+from os.path import join, dirname
 from aiohttp import web
 
 routes = web.RouteTableDef()
 PROJECT_ROOT = dirname(dirname(__file__))
+jobs = []
 
 
 async def handle_index(_):
@@ -28,6 +30,7 @@ async def websocket_handler(request):
                     stdout=asyncio.subprocess.PIPE,
                     stderr=asyncio.subprocess.PIPE
                 )
+                jobs.append(p)
                 while True:
                     line = await p.stdout.readline()
                     if not line:
@@ -42,30 +45,57 @@ async def websocket_handler(request):
     return ws
 
 
-@routes.view("/config")
-class UsersView(web.View):
-    async def get(self):
-        with open(join(PROJECT_ROOT, 'config.cfg'), 'r') as f:
-            config = yaml.safe_load(f.read())
-            return web.json_response(config)
-
-    async def post(self):
-        data = await self.request.json()
-        with open(join(PROJECT_ROOT, 'config.cfg'), 'w') as f:
-            try:
-                config = yaml.safe_dump(data)
-            except Exception as e:
-                return web.json_response({'error': {
-                    'code': type(e).__name__,
-                    'message': e,
-                }}, status=400)
-            else:
-                f.write(config)
-                return web.json_response({'ok': True})
+@routes.get('/config')
+async def get_config(_):
+    with open(join(PROJECT_ROOT, 'config.cfg'), 'r') as f:
+        config = yaml.safe_load(f.read())
+        return web.json_response(config)
+
 
+@routes.post('/config')
+async def post_config(request):
+    data = await request.json()
+    with open(join(PROJECT_ROOT, 'config.cfg'), 'w') as f:
+        try:
+            config = yaml.safe_dump(data)
+        except Exception as e:
+            return web.json_response({'error': {
+                'code': type(e).__name__,
+                'message': e,
+            }}, status=400)
+        else:
+            f.write(config)
+            return web.json_response({'ok': True})
+
+
+@routes.post('/do/regions')
+async def get_do_regions(request):
+    data = await request.json()
+    async with aiohttp.ClientSession() as session:
+        url = 'https://api.digitalocean.com/v2/regions'
+        headers = {
+            'Content-Type': 'application/json',
+            'Authorization': 'Bearer {0}'.format(data['token']),
+        }
+        async with session.get(url, headers=headers) as r:
+            json_body = await r.json()
+            return web.json_response(json_body)
 
 app = web.Application()
 app.router.add_get('/ws', websocket_handler)
 app.router.add_get('/', handle_index)
 app.router.add_routes(routes)
 web.run_app(app)
+
+def signal_handler(sig, frame):
+    print('Closing child processes')
+    for p in jobs:
+        try:
+            p.terminate()
+        except:
+            pass
+    sys.exit(0)
+
+signal.signal(signal.SIGINT, signal_handler)
+print('Press Ctrl+C to stop')
+signal.pause()

From b9bffa32aa444a4b7bdc9f0bc0d7f88846b7f6b8 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Tue, 15 Oct 2019 01:38:07 +0500
Subject: [PATCH 03/39] Update requirements.txt

---
 requirements.txt | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/requirements.txt b/requirements.txt
index 3113c3f3f..6e8c9a2af 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,6 @@
 ansible==2.9.20
 jinja2==2.8
 netaddr
+PyYAML==5.1.2
+aiodns==2.0.0
+aiohttp==3.6.2

From 4867a034f8bfab59e7dcab10ca41ada611df14ba Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Fri, 22 Nov 2019 03:03:45 +0500
Subject: [PATCH 04/39] Replaced shell with playbook CLI, structured js app

---
 app/index.html        | 298 ------------------------------------------
 app/requirements.txt  |   1 +
 app/server.py         | 108 ++++++++-------
 app/static/app.js     | 202 ++++++++++++++++++++++++++++
 app/static/index.html | 222 +++++++++++++++++++++++++++++++
 requirements.txt      |   3 -
 6 files changed, 488 insertions(+), 346 deletions(-)
 delete mode 100644 app/index.html
 create mode 100644 app/requirements.txt
 create mode 100644 app/static/app.js
 create mode 100644 app/static/index.html

diff --git a/app/index.html b/app/index.html
deleted file mode 100644
index 8e57c24e5..000000000
--- a/app/index.html
+++ /dev/null
@@ -1,298 +0,0 @@
-<!DOCTYPE html>
-<html class="h-100">
-<head>
-  <title>Algo webapp</title>
-    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
-  <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css"
-        integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/xterm/3.14.5/xterm.min.css"
-          integrity="sha256-uTIrmf95e6IHlacC0wpDaPS58eWF314UC7OgdrD6AdU=" crossorigin="anonymous"/>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/vue/2.6.10/vue.min.js"
-            integrity="sha256-chlNFSVx3TdcQ2Xlw7SvnbLAavAQLO0Y/LBiWX04viY=" crossorigin="anonymous"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/xterm/3.14.5/xterm.min.js"
-            integrity="sha256-tDeULIXIGkXbz7dkZ0qcQajBIS22qS8jQ6URaeMoVJs=" crossorigin="anonymous"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/js/bootstrap.bundle.js"
-            integrity="sha256-pVreZ67fRaATygHF6T+gQtF1NI700W9kzeAivu6au9U=" crossorigin="anonymous"></script>
-</head>
-<body class="h-100">
-<div class="d-flex flex-column h-100" id="app">
-    <div class="flex-shrink-0" v-if="formMode">
-        <div class="container">
-            <h1 class="mb-5 text-center">Algo VPN Setup</h1>
-            <div class="row">
-                <div class="col-md-4 order-md-2 mb-4">
-                    <h2>Users</h2>
-                    <section class="my-3">
-                        <h4>Set up user list</h4>
-                        <ul class="list-group">
-                            <li class="list-group-item"
-                                v-for="(user, index) in config.users"
-                                :key="user"
-                            >
-                                {{ user }}
-                                <button type="button" class="btn btn-secondary btn-sm float-right"
-                                        @click="removeUser(index)">
-                                    Remove
-                                </button>
-                            </li>
-                        </ul>
-                        <div class="my-3 form-group">
-                            <label for="id_new_user">Add new user</label>
-                            <div class="input-group">
-
-                                <input type="text" id="id_new_user" class="form-control" placeholder="username"
-                                       v-model="newUser">
-                                <div class="input-group-append">
-                                    <button @click="addUser" class="btn btn-outline-primary" type="button"
-                                            id="button-addon2">
-                                        Add
-                                    </button>
-                                </div>
-                            </div>
-                        </div>
-                    </section>
-                    <div>
-                        <button @click="save" v-bind:disabled="loading" class="btn btn-secondary" type="button">Save
-                        </button>
-                        <span v-if="saveConfigMessage"
-                              v-bind:class="{ 'text-success': ok, 'text-danged': !ok }">{{saveConfigMessage}}</span>
-                    </div>
-                </div>
-                <div class="col-md-8 order-md-1">
-                    <h2>VPN Options</h2>
-                    <section class="my-3">
-                        <div class="form-group">
-                            <label>Name the vpn server</label>
-                            <input type="text" class="form-control" placeholder="server name"
-                                   v-model="extra_args.server_name"/>
-                        </div>
-                        <label>MacOS/iOS IPsec clients to enable Connect On Demand:</label>
-                        <div class="form-check">
-                            <label title="MacOS/iOS IPsec clients to enable Connect On Demand when connected to cellular
-                                networks?">
-                                <input class="form-check-input" type="checkbox" name="ondemand_cellular"
-                                       v-model="extra_args.ondemand_cellular">
-                                when connected to cellular networks
-                            </label>
-                        </div>
-                        <div class="form-check">
-                            <label title="MacOS/iOS IPsec clients to enable Connect On Demand when connected to Wi-Fi?">
-                                <input class="form-check-input" type="checkbox" name="ondemand_wifi"
-                                       v-model="extra_args.ondemand_wifi">
-                                when connected to WiFi
-                            </label>
-                        </div>
-
-                        <div class="form-group">
-                            <label for="id_ondemand_wifi_exclude">Trusted Wi-Fi networks</label>
-                            <input type="text" class="form-control" id="id_ondemand_wifi_exclude"
-                                   name="ondemand_wifi_exclude"
-                                   placeholder="HomeNet,OfficeWifi,AlgoWiFi"
-                                   v-model="extra_args.ondemand_wifi_exclude"/>
-                            <small class="form-text text-muted">
-                                List the names of any trusted Wi-Fi networks where
-                                macOS/iOS
-                                IPsec clients should not use "Connect On Demand"
-                                (e.g., your home network. Comma-separated value, e.g.,
-                                HomeNet,OfficeWifi,AlgoWiFi)
-                            </small>
-                        </div>
-                        <label>Retain the PKI</label>
-                        <div class="form-check">
-                            <label>
-                                <input class="form-check-input" type="checkbox" name="store_pki"
-                                       v-model="extra_args.store_pki">
-                                Do you want to retain the keys (PKI)?
-                                <small class="form-text text-muted">required to add users in the future, but less
-                                secure</small>
-                            </label>
-
-                        </div>
-                        <label>DNS adblocking</label>
-                        <div class="form-check">
-                            <label>
-                                <input class="form-check-input" type="checkbox" name="dns_adblocking"
-                                       v-model="extra_args.dns_adblocking">
-                                Enable DNS ad blocking on this VPN server
-                            </label>
-                        </div>
-                        <label>SSH tunneling</label>
-                        <div class="form-check">
-                            <label>
-                                <input class="form-check-input" type="checkbox" name="ssh_tunneling"
-                                       v-model="extra_args.ssh_tunneling">
-                                Each user will have their own account for SSH tunneling
-                            </label>
-                        </div>
-                    </section>
-                </div>
-            </div>
-            <hr class="my-3">
-            <section class="my-3">
-                <h2>Select cloud provider</h2>
-                <div class="form-check">
-                    <label>
-                        <input class="form-check-input" type="radio" name="provider" value="digitalocean"
-                               v-model="extra_args.provider">
-                        DigitalOcean
-                    </label>
-                </div>
-                <div class="form-check">
-                    <label>
-                        <input class="form-check-input" type="radio" name="provider" value="lightsail"
-                               v-model="extra_args.provider">
-                        Amazon Lightsail
-                    </label>
-                </div>
-            </section>
-            <section class="my-3" v-if="extra_args.provider === 'digitalocean'">
-                <h4>Digital Ocean Options</h4>
-                <div class="form-group">
-                    <label for="id_do_token">Enter your API token. The token must have read and write permissions
-                        (https://cloud.digitalocean.com/settings/api/tokens):</label>
-                    <input type="text" class="form-control" id="id_do_token" name="do_token"
-                           v-model="extra_args.do_token"
-                           @blur="load_do_regions"/>
-                </div>
-                <div class="form-group">
-                    <label for="id_region">What region should the server be located in?</label>
-                    <select name="region" id="id_region" class="form-control" v-model="extra_args.region">
-                        <option value="" disabled>Select region</option>
-                        <option
-                            v-for="(region, index) in do_regions"
-                            v-bind:value="region.slug">
-                            {{region.name}}
-                        </option>
-                    </select>
-                </div>
-            </section>
-        </div>
-    </div>
-    <div v-if="consoleMode" id="terminal">
-    </div>
-    <footer class="footer mt-auto py-3" v-if="formMode">
-        <div class="container text-center">
-            <button @click="start" v-bind:disabled="loading" class="btn btn-primary btn-lg" type="button">Install
-            </button>
-        </div>
-    </footer>
-</div>
-<script>
-var ws = new WebSocket("ws://127.0.0.1:8080/ws");
-window.ws = ws;
-ws.onopen = function (event) {
-    init();
-}
-function init() {
-    var app = new Vue({
-        el: '#app',
-        data: {
-          ok: false,
-          config: {},
-          do_regions: {},
-          extra_args: {
-            server_name: 'algo',
-            ondemand_cellular: false,
-            ondemand_wifi: false,
-            dns_adblocking: false,
-            ssh_tunneling: false,
-            store_pki: false,
-            ondemand_wifi_exclude: ''
-          },
-          loading: false,
-          newUser: '',
-          saveConfigMessage: '',
-          formMode: true,
-          consoleMode: false
-        },
-        methods: {
-            addUser: function () {
-              this.config.users.push(this.newUser);
-              this.newUser = '';
-            },
-            removeUser: function(index) {
-              this.config.users.splice(index, 1);
-            },
-            save: function() {
-              this.loading = true;
-              fetch('/config', {
-                  method: 'POST',
-                  body: JSON.stringify(this.config),
-                  headers: {
-                    'Content-Type': 'application/json'
-                  }
-              }).then(r => r.json()).then(result => {
-                if (result.ok) {
-                  this.ok = true;
-                  this.saveConfigMessage = 'Saved!';
-                  setTimeout(() => {
-                    this.saveConfigMessage = '';
-                  }, 1000);
-                } else {
-                  this.ok = false;
-                  this.saveConfigMessage = 'Not Saved!';
-                  setTimeout(() => {
-                    this.saveConfigMessage = '';
-                  }, 1000);
-                }
-              }).finally(() => {
-                this.loading = false;
-              });
-            },
-            load: function() {
-              this.loading = true;
-              fetch('/config').then(r => r.json()).then(config => {
-                  this.config = config;
-              }).finally(() => {
-                this.loading = false;
-              });
-            },
-            start: function() {
-              var args = '';
-              for (arg in this.extra_args) {
-                args += `${arg}=${this.extra_args[arg]} `;
-              }
-              ws.send(`ansible-playbook main.yml --extra-vars "${args}"`);
-              this.formMode = false;
-              var term = new Terminal();
-              term.open(document.getElementById('terminal'));
-              ws.onmessage = function(event) {
-                term.write(event.data + '\r\n');
-                if (event.data.length > term.cols) {
-                  term.resize(event.data.length, term.rows);
-                }
-              };
-              window.term = term;
-              this.consoleMode = true;
-            },
-            load_do_regions: function() {
-              if (this.extra_args.provider === 'digitalocean' && this.extra_args.do_token) {
-                this.loading = true;
-                fetch('/do/regions', {
-                  method: 'POST',
-                  headers: {
-                    'Content-Type': 'application/json'
-                  },
-                  body: JSON.stringify({token: this.extra_args.do_token})
-                }).then(r => r.json()).then(r => {
-                    this.do_regions = r.regions;
-                }).finally(() => {
-                  this.loading = false;
-                });
-              }
-            }
-        }
-    });
-    app.load();
-    window.app = app;
-    window.onclose = function() {
-      if (ws.readyState === ws.OPEN) {
-        ws.send('close');
-      }
-    }
-}
-
-
-</script>
-</body>
-</html>
diff --git a/app/requirements.txt b/app/requirements.txt
new file mode 100644
index 000000000..f179af209
--- /dev/null
+++ b/app/requirements.txt
@@ -0,0 +1 @@
+aiohttp==3.6.2
\ No newline at end of file
diff --git a/app/server.py b/app/server.py
index 291adfcd9..ec7be53d2 100644
--- a/app/server.py
+++ b/app/server.py
@@ -1,48 +1,80 @@
 import asyncio
-import signal
-import sys
+import mimetypes
+
 import aiohttp
 import yaml
 from os.path import join, dirname
 from aiohttp import web
+from ansible.cli.playbook import PlaybookCLI
+from time import sleep
+import concurrent.futures
+
 
 routes = web.RouteTableDef()
 PROJECT_ROOT = dirname(dirname(__file__))
-jobs = []
-
-
+pool = None
+task_future = None
+task_program = ''
+
+def run_playbook(data={}):
+    global task_program
+    extra_vars = ' '.join(['{0}={1}'.format(key, data[key]) for key in data.keys()])
+    task_program = ['ansible-playbook', 'main.yml', '--extra-vars', extra_vars]
+    cli = PlaybookCLI(task_program).run()
+    return cli
+
+
+@routes.get('/static/{path}')
+async def handle_static(request):
+    filepath = request.match_info['path']
+    mimetype = mimetypes.guess_type(filepath)
+    try:
+        with open(join(dirname(__file__), 'static', *filepath.split('/')), 'r') as f:
+            return web.Response(body=f.read(), content_type=mimetype[0])
+    except FileNotFoundError:
+        return web.Response(status=404)
+
+@routes.get('/')
 async def handle_index(_):
-    with open(join(PROJECT_ROOT, 'app', 'index.html'), 'r') as f:
+    with open(join(PROJECT_ROOT, 'app', 'static', 'index.html'), 'r') as f:
         return web.Response(body=f.read(), content_type='text/html')
 
 
-async def websocket_handler(request):
-    ws = web.WebSocketResponse()
-    await ws.prepare(request)
+@routes.get('/playbook')
+async def playbook_get_handler(request):
+    if not task_future:
+        return web.json_response({'status': None})
+
+    if task_future.done():
+        return web.json_response({'status': 'done', 'program': task_program, 'result': task_future.result()})
+    elif task_future.cancelled():
+        return web.json_response({'status': 'cancelled', 'program': task_program})
+    else:
+        return web.json_response({'status': 'running', 'program': task_program})
+
+
+@routes.post('/playbook')
+async def playbook_post_handler(request):
+    global task_future
+    global pool
+    data = await request.json()
+    loop = asyncio.get_running_loop()
+
+    pool = concurrent.futures.ThreadPoolExecutor()
+    task_future = loop.run_in_executor(pool, run_playbook, data)
+    return web.json_response({'ok': True})
 
-    async for msg in ws:
-        if msg.type == aiohttp.WSMsgType.TEXT:
-            if msg.data == 'close':
-                await ws.close()
-            else:
-                p = await asyncio.create_subprocess_shell(
-                    msg.data,
-                    stdout=asyncio.subprocess.PIPE,
-                    stderr=asyncio.subprocess.PIPE
-                )
-                jobs.append(p)
-                while True:
-                    line = await p.stdout.readline()
-                    if not line:
-                        break
-                    else:
-                        await ws.send_str(line.decode('ascii').rstrip())
 
-        elif msg.type == aiohttp.WSMsgType.ERROR:
-            print('ws connection closed with exception %s' % ws.exception())
+@routes.delete('/playbook')
+async def playbook_delete_handler(request):
+    global task_future
+    if not task_future:
+        return web.json_response({'ok': False})
 
-    print('websocket connection closed')
-    return ws
+    cancelled = task_future.cancel()
+    pool.shutdown(wait=False)
+    task_future = None
+    return web.json_response({'ok': cancelled})
 
 
 @routes.get('/config')
@@ -81,21 +113,7 @@ async def get_do_regions(request):
             json_body = await r.json()
             return web.json_response(json_body)
 
+
 app = web.Application()
-app.router.add_get('/ws', websocket_handler)
-app.router.add_get('/', handle_index)
 app.router.add_routes(routes)
 web.run_app(app)
-
-def signal_handler(sig, frame):
-    print('Closing child processes')
-    for p in jobs:
-        try:
-            p.terminate()
-        except:
-            pass
-    sys.exit(0)
-
-signal.signal(signal.SIGINT, signal_handler)
-print('Press Ctrl+C to stop')
-signal.pause()
diff --git a/app/static/app.js b/app/static/app.js
new file mode 100644
index 000000000..c488c0570
--- /dev/null
+++ b/app/static/app.js
@@ -0,0 +1,202 @@
+new Vue({
+  el: '#users_app',
+  data: {
+    config: {},
+    loading: false,
+    new_user: '',
+    save_config_message: ''
+  },
+  created: function() {
+    this.load_config();
+  },
+  methods: {
+    add_user: function() {
+      this.config.users.push(this.new_user);
+      this.new_user = '';
+    },
+    remove_user: function(index) {
+      this.config.users.splice(index, 1);
+    },
+    save_config: function() {
+      if (this.loading) return;
+      this.loading = true;
+      fetch('/config', {
+        method: 'POST',
+        body: JSON.stringify(this.config),
+        headers: {
+          'Content-Type': 'application/json'
+        }
+      })
+        .then(r => r.json())
+        .then(result => {
+          if (result.ok) {
+            this.ok = true;
+            this.save_config_message = 'Saved!';
+            setTimeout(() => {
+              this.save_config_message = '';
+            }, 1000);
+          } else {
+            this.ok = false;
+            this.save_config_message = 'Not Saved!';
+            setTimeout(() => {
+              this.save_config_message = '';
+            }, 1000);
+          }
+        })
+        .finally(() => {
+          this.loading = false;
+        });
+    },
+    load_config: function() {
+      this.loading = true;
+      fetch('/config')
+        .then(r => r.json())
+        .then(config => {
+          this.config = config;
+        })
+        .finally(() => {
+          this.loading = false;
+        });
+    }
+  }
+});
+
+var vpn_options_extra_args = {
+  server_name: 'algo',
+  ondemand_cellular: false,
+  ondemand_wifi: false,
+  dns_adblocking: false,
+  ssh_tunneling: false,
+  store_pki: false,
+  ondemand_wifi_exclude: ''
+};
+
+new Vue({
+  el: '#options_app',
+  data: {
+    extra_args: vpn_options_extra_args
+  }
+});
+
+var provider_extra_args = {
+  provider: null
+};
+
+new Vue({
+  el: '#provider_app',
+  data: {
+    loading: false,
+    do_regions: [],
+    extra_args: provider_extra_args,
+    providers_map: [
+      { name: 'DigitalOcean', alias: 'digitalocean' },
+      { name: 'Amazon Lightsail', alias: 'lightsail' },
+      { name: 'Amazon EC2', alias: 'ec2' },
+      { name: 'Microsoft Azure', alias: 'azure' },
+      { name: 'Google Compute Engine', alias: 'gce' },
+      { name: 'Hetzner Cloud', alias: 'hetzner' },
+      { name: 'Vultr', alias: 'vultr' },
+      { name: 'Scaleway', alias: 'scaleway' },
+      { name: 'OpenStack (DreamCompute optimised)', alias: 'openstack' },
+      { name: 'CloudStack (Exoscale optimised)', alias: 'cloudstack' },
+      {
+        name: 'Install to existing Ubuntu 18.04 or 19.04 server (Advanced)',
+        alias: 'local'
+      }
+    ]
+  },
+  methods: {
+    set_provider(provider) {
+      this.extra_args.provider = provider;
+    },
+    load_do_regions: function() {
+      if (
+        this.extra_args.provider === 'digitalocean' &&
+        this.extra_args.do_token
+      ) {
+        this.loading = true;
+        fetch('/do/regions', {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json'
+          },
+          body: JSON.stringify({ token: this.extra_args.do_token })
+        })
+          .then(r => r.json())
+          .then(r => {
+            this.do_regions = r.regions;
+          })
+          .finally(() => {
+            this.loading = false;
+          });
+      }
+    }
+  }
+});
+
+new Vue({
+  el: '#status_app',
+  data: {
+    status: null,
+    program: null,
+    result: null,
+    error: null,
+    // shared data, do not write there
+    vpn_options_extra_args,
+    provider_extra_args,
+  },
+  created() {
+    this.loop = setInterval(this.get_status, 1000);
+  },
+  computed: {
+    extra_args() {
+      return Object.assign({}, this.vpn_options_extra_args, this.provider_extra_args);
+    },
+    cli_preview() {
+      var args = '';
+      for (arg in this.extra_args) {
+        args += `${arg}=${this.extra_args[arg]} `;
+      }
+      return `ansible-playbook main.yml --extra-vars ${args}`;
+    },
+    show_backdrop() {
+      return this.status === 'running';
+    }
+  },
+  watch: {
+    status: function () {
+      if (this.status === 'done') {
+        clearInterval(this.loop);
+      }
+    }
+  },
+  methods: {
+    run() {
+      fetch('/playbook', {
+        method: 'POST',
+        body: JSON.stringify(this.extra_args),
+        headers: {
+          'Content-Type': 'application/json'
+        }
+      });
+    },
+    stop() {
+      fetch('/playbook', {
+        method: 'DELETE'
+      });
+    },
+    get_status() {
+      fetch('/playbook')
+        .then(r => r.json())
+        .then(status => {
+          this.status = status.status;
+          this.program = status.program;
+          this.result = status.result;
+        })
+        .catch(err => {
+          alert('Server error');
+          clearInterval(this.loop);
+        });
+    }
+  }
+});
diff --git a/app/static/index.html b/app/static/index.html
new file mode 100644
index 000000000..3477b2b5f
--- /dev/null
+++ b/app/static/index.html
@@ -0,0 +1,222 @@
+<!DOCTYPE html>
+<html class="h-100">
+<head>
+  <title>Algo VPN</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+  <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css"
+        integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/xterm/3.14.5/xterm.min.css"
+          integrity="sha256-uTIrmf95e6IHlacC0wpDaPS58eWF314UC7OgdrD6AdU=" crossorigin="anonymous"/>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/vue/2.6.10/vue.min.js" 
+        integrity="sha256-chlNFSVx3TdcQ2Xlw7SvnbLAavAQLO0Y/LBiWX04viY=" crossorigin="anonymous"></script>
+    <style>
+    .console {
+        background: black;
+        color: white;
+        padding: 4px;
+        border-radius: 2px;
+        white-space: pre-line;
+        padding-left: 2em;
+        position: relative;
+    }
+    .console::before {
+        content: "$";
+        position: absolute;
+        left: 1em;
+    }
+    .backdrop {
+        position: fixed;
+        background: white;
+        opacity: 0.6;
+        top: 0;
+        bottom: 0;
+        left: 0;
+        right: 0;
+        z-index: 100;
+        pointer-events: none;
+    }
+    .footer .container {
+        position: relative;
+        z-index: 101;
+    }
+    </style>
+</head>
+<body class="d-flex flex-column h-100">
+<div style="overflow: auto">
+    <div class="container">
+        <h1 class="mb-5 text-center">Algo VPN Setup</h1>
+        <div class="row">
+            <div class="col-md-4 order-md-2 mb-4" id="users_app">
+                <h2>Users</h2>
+                <section class="my-3">
+                    <h4>Set up user list</h4>
+                    <ul class="list-group">
+                        <li class="list-group-item"
+                            v-for="(user, index) in config.users"
+                            :key="user"
+                        >
+                            {{ user }}
+                            <button type="button" class="btn btn-secondary btn-sm float-right"
+                                    @click="remove_user(index)">
+                                Remove
+                            </button>
+                        </li>
+                    </ul>
+                    <div class="my-3 form-group">
+                        <label for="id_new_user">Add new user</label>
+                        <div class="input-group">
+
+                            <input type="text" id="id_new_user" class="form-control" placeholder="username"
+                                    v-model="new_user">
+                            <div class="input-group-append">
+                                <button @click="add_user" class="btn btn-outline-primary" type="button"
+                                        id="button-addon2">
+                                    Add
+                                </button>
+                            </div>
+                        </div>
+                    </div>
+                </section>
+                <div>
+                    <button @click="save_config" v-bind:disabled="loading" class="btn btn-secondary" type="button">Save
+                    </button>
+                    <span v-if="save_config_message"
+                            v-bind:class="{ 'text-success': ok, 'text-danged': !ok }">{{save_config_message}}</span>
+                </div>
+            </div>
+            <div class="col-md-8 order-md-1" id="options_app">
+                <h2>VPN Options</h2>
+                <section class="my-3">
+                    <div class="form-group">
+                        <label>Name the vpn server</label>
+                        <input type="text" class="form-control" placeholder="server name"
+                                v-model="extra_args.server_name"/>
+                    </div>
+                    <label>MacOS/iOS IPsec clients to enable Connect On Demand:</label>
+                    <div class="form-check">
+                        <label title="MacOS/iOS IPsec clients to enable Connect On Demand when connected to cellular
+                            networks?">
+                            <input class="form-check-input" type="checkbox" name="ondemand_cellular"
+                                    v-model="extra_args.ondemand_cellular">
+                            when connected to cellular networks
+                        </label>
+                    </div>
+                    <div class="form-check">
+                        <label title="MacOS/iOS IPsec clients to enable Connect On Demand when connected to Wi-Fi?">
+                            <input class="form-check-input" type="checkbox" name="ondemand_wifi"
+                                    v-model="extra_args.ondemand_wifi">
+                            when connected to WiFi
+                        </label>
+                    </div>
+
+                    <div class="form-group">
+                        <label for="id_ondemand_wifi_exclude">Trusted Wi-Fi networks</label>
+                        <input type="text" class="form-control" id="id_ondemand_wifi_exclude"
+                                name="ondemand_wifi_exclude"
+                                placeholder="HomeNet,OfficeWifi,AlgoWiFi"
+                                v-model="extra_args.ondemand_wifi_exclude"/>
+                        <small class="form-text text-muted">
+                            List the names of any trusted Wi-Fi networks where
+                            macOS/iOS
+                            IPsec clients should not use "Connect On Demand"
+                            (e.g., your home network. Comma-separated value, e.g.,
+                            HomeNet,OfficeWifi,AlgoWiFi)
+                        </small>
+                    </div>
+                    <label>Retain the PKI</label>
+                    <div class="form-check">
+                        <label>
+                            <input class="form-check-input" type="checkbox" name="store_pki"
+                                    v-model="extra_args.store_pki">
+                            Do you want to retain the keys (PKI)?
+                            <small class="form-text text-muted">required to add users in the future, but less
+                            secure</small>
+                        </label>
+
+                    </div>
+                    <label>DNS adblocking</label>
+                    <div class="form-check">
+                        <label>
+                            <input class="form-check-input" type="checkbox" name="dns_adblocking"
+                                    v-model="extra_args.dns_adblocking">
+                            Enable DNS ad blocking on this VPN server
+                        </label>
+                    </div>
+                    <label>SSH tunneling</label>
+                    <div class="form-check">
+                        <label>
+                            <input class="form-check-input" type="checkbox" name="ssh_tunneling"
+                                    v-model="extra_args.ssh_tunneling">
+                            Each user will have their own account for SSH tunneling
+                        </label>
+                    </div>
+                </section>
+            </div>
+        </div>
+        <hr class="my-3">
+        <section class="my-3" id="provider_app">
+            <h2>Select cloud provider</h2>
+            <div class="row">
+                <div class="col-4">
+                    <ul class="nav flex-column nav-pills">
+                        <li class="nav-item"
+                            v-for="provider in providers_map">
+                            <a class="nav-link" href="#" 
+                                v-bind:class="{ active: provider.alias === extra_args.provider }"
+                                @click="set_provider(provider.alias)">{{provider.name}}</a>
+                        </li>
+                    </ul>
+                </div>
+                <div class="col-8">
+                    <div class="my-3" v-if="extra_args.provider === 'digitalocean'">
+                        <h4>Digital Ocean Options</h4>
+                        <div class="form-group">
+                            <label for="id_do_token">Enter your API token. The token must have read and write permissions
+                                (https://cloud.digitalocean.com/settings/api/tokens):</label>
+                            <input type="text" class="form-control" id="id_do_token" name="do_token"
+                                v-model="extra_args.do_token"
+                                @blur="load_do_regions"/>
+                        </div>
+                        <div class="form-group">
+                            <label for="id_region">What region should the server be located in?</label>
+                            <select name="region" id="id_region" class="form-control" v-model="extra_args.region">
+                                <option value="" disabled>Select region</option>
+                                <option
+                                    v-for="(region, index) in do_regions"
+                                    v-bind:value="region.slug">
+                                    {{region.name}}
+                                </option>
+                            </select>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </section>
+    </div>
+</div>
+<footer class="footer mt-auto py-3" id="status_app">
+    <div class="backdrop d-flex flex-column align-items-center justify-content-center" v-if="show_backdrop">
+        <span class="spinner-border" role="status" aria-hidden="true"></span>
+    </div>
+    <div class="container">
+        <div v-if="!status || status === 'cancelled'">
+            <pre class="console">{{cli_preview}}</pre>
+            <button @click="run" class="btn btn-primary" type="button">Install</button>
+        </div>
+        <div v-if="status === 'running'">
+            <pre class="console">{{program.join(' ')}}</pre>
+            <button class="btn btn-danger" type="button" @click="stop">Stop</button>
+            <button class="btn btn-primary" type="button" disabled>
+                <span class="spinner-border spinner-border-sm" role="status" aria-hidden="true"></span>
+                Running...
+            </button>
+        </div>
+        <div v-if="status === 'done'">
+            <pre class="console">{{program.join(' ')}}</pre>
+            <div class="text-success">Done!</div>
+        </div>
+    </div>
+</footer>
+<script src="./static/app.js"></script>
+</body>
+</html>
diff --git a/requirements.txt b/requirements.txt
index 6e8c9a2af..3113c3f3f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,3 @@
 ansible==2.9.20
 jinja2==2.8
 netaddr
-PyYAML==5.1.2
-aiodns==2.0.0
-aiohttp==3.6.2

From 28ac1313502784650eeea311487f63e3860d3f95 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Wed, 26 Feb 2020 01:07:03 +0500
Subject: [PATCH 05/39] Added loading indication for DO regions

---
 app/static/app.js     |  6 ++++++
 app/static/index.html | 15 ++++++++++-----
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/app/static/app.js b/app/static/app.js
index c488c0570..3d5f2ac1e 100644
--- a/app/static/app.js
+++ b/app/static/app.js
@@ -86,6 +86,7 @@ new Vue({
   el: '#provider_app',
   data: {
     loading: false,
+    do_region_loading: false,
     do_regions: [],
     extra_args: provider_extra_args,
     providers_map: [
@@ -115,6 +116,7 @@ new Vue({
         this.extra_args.do_token
       ) {
         this.loading = true;
+        this.do_region_loading = true;
         fetch('/do/regions', {
           method: 'POST',
           headers: {
@@ -128,6 +130,7 @@ new Vue({
           })
           .finally(() => {
             this.loading = false;
+            this.do_region_loading = false;
           });
       }
     }
@@ -161,6 +164,9 @@ new Vue({
     },
     show_backdrop() {
       return this.status === 'running';
+    },
+    is_success() {
+      return this.result === 0;
     }
   },
   watch: {
diff --git a/app/static/index.html b/app/static/index.html
index 3477b2b5f..d517902ed 100644
--- a/app/static/index.html
+++ b/app/static/index.html
@@ -5,8 +5,6 @@
     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
   <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css"
         integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/xterm/3.14.5/xterm.min.css"
-          integrity="sha256-uTIrmf95e6IHlacC0wpDaPS58eWF314UC7OgdrD6AdU=" crossorigin="anonymous"/>
     <script src="https://cdnjs.cloudflare.com/ajax/libs/vue/2.6.10/vue.min.js" 
         integrity="sha256-chlNFSVx3TdcQ2Xlw7SvnbLAavAQLO0Y/LBiWX04viY=" crossorigin="anonymous"></script>
     <style>
@@ -178,8 +176,14 @@ <h4>Digital Ocean Options</h4>
                                 @blur="load_do_regions"/>
                         </div>
                         <div class="form-group">
-                            <label for="id_region">What region should the server be located in?</label>
-                            <select name="region" id="id_region" class="form-control" v-model="extra_args.region">
+                            <label v-if="do_regions.length > 0" for="id_region">What region should the server be located in?</label>
+                            <label v-if="do_regions.length === 0" for="id_region">Please enter API key above to select region</label>
+                            <label v-if="do_region_loading" for="id_region">Loading regions...</label>
+                            <select name="region"
+                                id="id_region"
+                                class="form-control"
+                                v-model="extra_args.region"
+                                v-bind:disabled="do_region_loading">
                                 <option value="" disabled>Select region</option>
                                 <option
                                     v-for="(region, index) in do_regions"
@@ -213,7 +217,8 @@ <h4>Digital Ocean Options</h4>
         </div>
         <div v-if="status === 'done'">
             <pre class="console">{{program.join(' ')}}</pre>
-            <div class="text-success">Done!</div>
+            <div v-if="is_success" class="text-success">Done!</div>
+            <div v-else class="text-danger">Failed!</div>
         </div>
     </div>
 </footer>

From 42650e2af75604f1863837f676897b2e07ae1d7b Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Wed, 26 Feb 2020 01:07:41 +0500
Subject: [PATCH 06/39] Copy-pasted playbook CLI, passing host vars as result

---
 app/playbook.py | 195 ++++++++++++++++++++++++++++++++++++++++++++++++
 app/server.py   |  14 ++--
 2 files changed, 202 insertions(+), 7 deletions(-)
 create mode 100644 app/playbook.py

diff --git a/app/playbook.py b/app/playbook.py
new file mode 100644
index 000000000..7fe95fbf7
--- /dev/null
+++ b/app/playbook.py
@@ -0,0 +1,195 @@
+# (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
+# Copyright: (c) 2018, Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import stat
+
+from ansible import context
+from ansible.cli import CLI
+from ansible.cli.arguments import optparse_helpers as opt_help
+from ansible.errors import AnsibleError, AnsibleOptionsError
+from ansible.executor.playbook_executor import PlaybookExecutor
+from ansible.module_utils._text import to_bytes
+from ansible.playbook.block import Block
+from ansible.utils.display import Display
+from ansible.utils.collection_loader import set_collection_playbook_paths
+from ansible.plugins.loader import add_all_plugin_dirs
+
+
+display = Display()
+
+
+class PlaybookCLI(CLI):
+    ''' the tool to run *Ansible playbooks*, which are a configuration and multinode deployment system.
+        See the project home page (https://docs.ansible.com) for more information. '''
+
+    def init_parser(self):
+
+        # create parser for CLI options
+        super(PlaybookCLI, self).init_parser(
+            usage="%prog [options] playbook.yml [playbook2 ...]",
+            desc="Runs Ansible playbooks, executing the defined tasks on the targeted hosts.")
+
+        opt_help.add_connect_options(self.parser)
+        opt_help.add_meta_options(self.parser)
+        opt_help.add_runas_options(self.parser)
+        opt_help.add_subset_options(self.parser)
+        opt_help.add_check_options(self.parser)
+        opt_help.add_inventory_options(self.parser)
+        opt_help.add_runtask_options(self.parser)
+        opt_help.add_vault_options(self.parser)
+        opt_help.add_fork_options(self.parser)
+        opt_help.add_module_options(self.parser)
+
+        # ansible playbook specific opts
+        self.parser.add_option('--list-tasks', dest='listtasks', action='store_true',
+                               help="list all tasks that would be executed")
+        self.parser.add_option('--list-tags', dest='listtags', action='store_true',
+                               help="list all available tags")
+        self.parser.add_option('--step', dest='step', action='store_true',
+                               help="one-step-at-a-time: confirm each task before running")
+        self.parser.add_option('--start-at-task', dest='start_at_task',
+                               help="start the playbook at the task matching this name")
+
+    def post_process_args(self, options, args):
+        options, args = super(PlaybookCLI, self).post_process_args(options, args)
+
+        if len(args) == 0:
+            raise AnsibleOptionsError("You must specify a playbook file to run")
+
+        display.verbosity = options.verbosity
+        self.validate_conflicts(options, runas_opts=True, vault_opts=True, fork_opts=True)
+
+        return options, args
+
+    def run(self):
+
+        super(PlaybookCLI, self).run()
+
+        # Note: slightly wrong, this is written so that implicit localhost
+        # manages passwords
+        sshpass = None
+        becomepass = None
+        passwords = {}
+
+        # initial error check, to make sure all specified playbooks are accessible
+        # before we start running anything through the playbook executor
+
+        b_playbook_dirs = []
+        for playbook in context.CLIARGS['args']:
+            if not os.path.exists(playbook):
+                raise AnsibleError("the playbook: %s could not be found" % playbook)
+            if not (os.path.isfile(playbook) or stat.S_ISFIFO(os.stat(playbook).st_mode)):
+                raise AnsibleError("the playbook: %s does not appear to be a file" % playbook)
+
+            b_playbook_dir = os.path.dirname(os.path.abspath(to_bytes(playbook, errors='surrogate_or_strict')))
+            # load plugins from all playbooks in case they add callbacks/inventory/etc
+            add_all_plugin_dirs(b_playbook_dir)
+
+            b_playbook_dirs.append(b_playbook_dir)
+
+        set_collection_playbook_paths(b_playbook_dirs)
+
+        # don't deal with privilege escalation or passwords when we don't need to
+        if not (context.CLIARGS['listhosts'] or context.CLIARGS['listtasks'] or
+                context.CLIARGS['listtags'] or context.CLIARGS['syntax']):
+            (sshpass, becomepass) = self.ask_passwords()
+            passwords = {'conn_pass': sshpass, 'become_pass': becomepass}
+
+        # create base objects
+        loader, inventory, variable_manager = self._play_prereqs()
+
+        # (which is not returned in list_hosts()) is taken into account for
+        # warning if inventory is empty.  But it can't be taken into account for
+        # checking if limit doesn't match any hosts.  Instead we don't worry about
+        # limit if only implicit localhost was in inventory to start with.
+        #
+        # Fix this when we rewrite inventory by making localhost a real host (and thus show up in list_hosts())
+        CLI.get_host_list(inventory, context.CLIARGS['subset'])
+
+        # flush fact cache if requested
+        if context.CLIARGS['flush_cache']:
+            self._flush_cache(inventory, variable_manager)
+
+        # create the playbook executor, which manages running the plays via a task queue manager
+        pbex = PlaybookExecutor(playbooks=context.CLIARGS['args'], inventory=inventory,
+                                variable_manager=variable_manager, loader=loader,
+                                passwords=passwords)
+
+        results = pbex.run()
+
+        if isinstance(results, list):
+            for p in results:
+
+                display.display('\nplaybook: %s' % p['playbook'])
+                for idx, play in enumerate(p['plays']):
+                    if play._included_path is not None:
+                        loader.set_basedir(play._included_path)
+                    else:
+                        pb_dir = os.path.realpath(os.path.dirname(p['playbook']))
+                        loader.set_basedir(pb_dir)
+
+                    msg = "\n  play #%d (%s): %s" % (idx + 1, ','.join(play.hosts), play.name)
+                    mytags = set(play.tags)
+                    msg += '\tTAGS: [%s]' % (','.join(mytags))
+
+                    if context.CLIARGS['listhosts']:
+                        playhosts = set(inventory.get_hosts(play.hosts))
+                        msg += "\n    pattern: %s\n    hosts (%d):" % (play.hosts, len(playhosts))
+                        for host in playhosts:
+                            msg += "\n      %s" % host
+
+                    display.display(msg)
+
+                    all_tags = set()
+                    if context.CLIARGS['listtags'] or context.CLIARGS['listtasks']:
+                        taskmsg = ''
+                        if context.CLIARGS['listtasks']:
+                            taskmsg = '    tasks:\n'
+
+                        def _process_block(b):
+                            taskmsg = ''
+                            for task in b.block:
+                                if isinstance(task, Block):
+                                    taskmsg += _process_block(task)
+                                else:
+                                    if task.action == 'meta':
+                                        continue
+
+                                    all_tags.update(task.tags)
+                                    if context.CLIARGS['listtasks']:
+                                        cur_tags = list(mytags.union(set(task.tags)))
+                                        cur_tags.sort()
+                                        if task.name:
+                                            taskmsg += "      %s" % task.get_name()
+                                        else:
+                                            taskmsg += "      %s" % task.action
+                                        taskmsg += "\tTAGS: [%s]\n" % ', '.join(cur_tags)
+
+                            return taskmsg
+
+                        all_vars = variable_manager.get_vars(play=play)
+                        for block in play.compile():
+                            block = block.filter_tagged_tasks(all_vars)
+                            if not block.has_tasks():
+                                continue
+                            taskmsg += _process_block(block)
+
+                        if context.CLIARGS['listtags']:
+                            cur_tags = list(mytags.union(all_tags))
+                            cur_tags.sort()
+                            taskmsg += "      TASK TAGS: [%s]\n" % ', '.join(cur_tags)
+
+                        display.display(taskmsg)
+
+        return inventory.groups['vpn-host'].hosts[0].vars
+
+    @staticmethod
+    def _flush_cache(inventory, variable_manager):
+        for host in inventory.list_hosts():
+            hostname = host.get_name()
+            variable_manager.clear_facts(hostname)
diff --git a/app/server.py b/app/server.py
index ec7be53d2..25a4fded9 100644
--- a/app/server.py
+++ b/app/server.py
@@ -5,9 +5,8 @@
 import yaml
 from os.path import join, dirname
 from aiohttp import web
-from ansible.cli.playbook import PlaybookCLI
-from time import sleep
 import concurrent.futures
+from playbook import PlaybookCLI
 
 
 routes = web.RouteTableDef()
@@ -16,13 +15,14 @@
 task_future = None
 task_program = ''
 
-def run_playbook(data={}):
+
+def run_playbook(data):
     global task_program
     extra_vars = ' '.join(['{0}={1}'.format(key, data[key]) for key in data.keys()])
     task_program = ['ansible-playbook', 'main.yml', '--extra-vars', extra_vars]
-    cli = PlaybookCLI(task_program).run()
-    return cli
-
+    vars = PlaybookCLI(task_program).run()
+    # TODO: filter only necessary vars
+    return vars
 
 @routes.get('/static/{path}')
 async def handle_static(request):
@@ -116,4 +116,4 @@ async def get_do_regions(request):
 
 app = web.Application()
 app.router.add_routes(routes)
-web.run_app(app)
+web.run_app(app, port=9000)

From 9ee5238a791da14e756d3aa2e3aba25519547528 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Fri, 13 Mar 2020 00:44:49 +0500
Subject: [PATCH 07/39] WIP splitting into modules

---
 app/static/app.js             | 208 ----------------
 app/static/app.vue            | 433 ++++++++++++++++++++++++++++++++++
 app/static/index.html         | 278 +++++-----------------
 app/static/provider-setup.vue |  57 +++++
 app/static/user-config.vue    | 112 +++++++++
 app/static/vpn-setup.vue      | 111 +++++++++
 6 files changed, 772 insertions(+), 427 deletions(-)
 delete mode 100644 app/static/app.js
 create mode 100644 app/static/app.vue
 create mode 100644 app/static/provider-setup.vue
 create mode 100644 app/static/user-config.vue
 create mode 100644 app/static/vpn-setup.vue

diff --git a/app/static/app.js b/app/static/app.js
deleted file mode 100644
index 3d5f2ac1e..000000000
--- a/app/static/app.js
+++ /dev/null
@@ -1,208 +0,0 @@
-new Vue({
-  el: '#users_app',
-  data: {
-    config: {},
-    loading: false,
-    new_user: '',
-    save_config_message: ''
-  },
-  created: function() {
-    this.load_config();
-  },
-  methods: {
-    add_user: function() {
-      this.config.users.push(this.new_user);
-      this.new_user = '';
-    },
-    remove_user: function(index) {
-      this.config.users.splice(index, 1);
-    },
-    save_config: function() {
-      if (this.loading) return;
-      this.loading = true;
-      fetch('/config', {
-        method: 'POST',
-        body: JSON.stringify(this.config),
-        headers: {
-          'Content-Type': 'application/json'
-        }
-      })
-        .then(r => r.json())
-        .then(result => {
-          if (result.ok) {
-            this.ok = true;
-            this.save_config_message = 'Saved!';
-            setTimeout(() => {
-              this.save_config_message = '';
-            }, 1000);
-          } else {
-            this.ok = false;
-            this.save_config_message = 'Not Saved!';
-            setTimeout(() => {
-              this.save_config_message = '';
-            }, 1000);
-          }
-        })
-        .finally(() => {
-          this.loading = false;
-        });
-    },
-    load_config: function() {
-      this.loading = true;
-      fetch('/config')
-        .then(r => r.json())
-        .then(config => {
-          this.config = config;
-        })
-        .finally(() => {
-          this.loading = false;
-        });
-    }
-  }
-});
-
-var vpn_options_extra_args = {
-  server_name: 'algo',
-  ondemand_cellular: false,
-  ondemand_wifi: false,
-  dns_adblocking: false,
-  ssh_tunneling: false,
-  store_pki: false,
-  ondemand_wifi_exclude: ''
-};
-
-new Vue({
-  el: '#options_app',
-  data: {
-    extra_args: vpn_options_extra_args
-  }
-});
-
-var provider_extra_args = {
-  provider: null
-};
-
-new Vue({
-  el: '#provider_app',
-  data: {
-    loading: false,
-    do_region_loading: false,
-    do_regions: [],
-    extra_args: provider_extra_args,
-    providers_map: [
-      { name: 'DigitalOcean', alias: 'digitalocean' },
-      { name: 'Amazon Lightsail', alias: 'lightsail' },
-      { name: 'Amazon EC2', alias: 'ec2' },
-      { name: 'Microsoft Azure', alias: 'azure' },
-      { name: 'Google Compute Engine', alias: 'gce' },
-      { name: 'Hetzner Cloud', alias: 'hetzner' },
-      { name: 'Vultr', alias: 'vultr' },
-      { name: 'Scaleway', alias: 'scaleway' },
-      { name: 'OpenStack (DreamCompute optimised)', alias: 'openstack' },
-      { name: 'CloudStack (Exoscale optimised)', alias: 'cloudstack' },
-      {
-        name: 'Install to existing Ubuntu 18.04 or 19.04 server (Advanced)',
-        alias: 'local'
-      }
-    ]
-  },
-  methods: {
-    set_provider(provider) {
-      this.extra_args.provider = provider;
-    },
-    load_do_regions: function() {
-      if (
-        this.extra_args.provider === 'digitalocean' &&
-        this.extra_args.do_token
-      ) {
-        this.loading = true;
-        this.do_region_loading = true;
-        fetch('/do/regions', {
-          method: 'POST',
-          headers: {
-            'Content-Type': 'application/json'
-          },
-          body: JSON.stringify({ token: this.extra_args.do_token })
-        })
-          .then(r => r.json())
-          .then(r => {
-            this.do_regions = r.regions;
-          })
-          .finally(() => {
-            this.loading = false;
-            this.do_region_loading = false;
-          });
-      }
-    }
-  }
-});
-
-new Vue({
-  el: '#status_app',
-  data: {
-    status: null,
-    program: null,
-    result: null,
-    error: null,
-    // shared data, do not write there
-    vpn_options_extra_args,
-    provider_extra_args,
-  },
-  created() {
-    this.loop = setInterval(this.get_status, 1000);
-  },
-  computed: {
-    extra_args() {
-      return Object.assign({}, this.vpn_options_extra_args, this.provider_extra_args);
-    },
-    cli_preview() {
-      var args = '';
-      for (arg in this.extra_args) {
-        args += `${arg}=${this.extra_args[arg]} `;
-      }
-      return `ansible-playbook main.yml --extra-vars ${args}`;
-    },
-    show_backdrop() {
-      return this.status === 'running';
-    },
-    is_success() {
-      return this.result === 0;
-    }
-  },
-  watch: {
-    status: function () {
-      if (this.status === 'done') {
-        clearInterval(this.loop);
-      }
-    }
-  },
-  methods: {
-    run() {
-      fetch('/playbook', {
-        method: 'POST',
-        body: JSON.stringify(this.extra_args),
-        headers: {
-          'Content-Type': 'application/json'
-        }
-      });
-    },
-    stop() {
-      fetch('/playbook', {
-        method: 'DELETE'
-      });
-    },
-    get_status() {
-      fetch('/playbook')
-        .then(r => r.json())
-        .then(status => {
-          this.status = status.status;
-          this.program = status.program;
-          this.result = status.result;
-        })
-        .catch(err => {
-          alert('Server error');
-          clearInterval(this.loop);
-        });
-    }
-  }
-});
diff --git a/app/static/app.vue b/app/static/app.vue
new file mode 100644
index 000000000..243d50b4f
--- /dev/null
+++ b/app/static/app.vue
@@ -0,0 +1,433 @@
+<template>
+  <div style="overflow: auto">
+    <div class="container">
+      <h1 class="mb-5 text-center">Algo VPN Setup</h1>
+      <div class="row">
+        <div class="col-md-4 order-md-2 mb-4" id="users_app">
+          <h2>Users</h2>
+          <section class="my-3">
+            <h4>Set up user list</h4>
+            <ul class="list-group">
+              <li class="list-group-item" v-for="(user, index) in config.users" :key="user">
+                {{ user }}
+                <button
+                  type="button"
+                  class="btn btn-secondary btn-sm float-right"
+                  @click="remove_user(index)"
+                >Remove</button>
+              </li>
+            </ul>
+            <div class="my-3 form-group">
+              <label for="id_new_user">Add new user</label>
+              <div class="input-group">
+                <input
+                  type="text"
+                  id="id_new_user"
+                  class="form-control"
+                  placeholder="username"
+                  v-model="new_user"
+                />
+                <div class="input-group-append">
+                  <button
+                    @click="add_user"
+                    class="btn btn-outline-primary"
+                    type="button"
+                    id="button-addon2"
+                  >Add</button>
+                </div>
+              </div>
+            </div>
+          </section>
+          <div>
+            <button
+              @click="save_config"
+              v-bind:disabled="loading"
+              class="btn btn-secondary"
+              type="button"
+            >Save</button>
+            <span
+              v-if="save_config_message"
+              v-bind:class="{ 'text-success': ok, 'text-danged': !ok }"
+            >{{save_config_message}}</span>
+          </div>
+        </div>
+        <div class="col-md-8 order-md-1" id="options_app">
+          <h2>VPN Options</h2>
+          <section class="my-3">
+            <div class="form-group">
+              <label>Name the vpn server</label>
+              <input
+                type="text"
+                class="form-control"
+                placeholder="server name"
+                v-model="extra_args.server_name"
+              />
+            </div>
+            <label>MacOS/iOS IPsec clients to enable Connect On Demand:</label>
+            <div class="form-check">
+              <label
+                title="MacOS/iOS IPsec clients to enable Connect On Demand when connected to cellular
+                            networks?"
+              >
+                <input
+                  class="form-check-input"
+                  type="checkbox"
+                  name="ondemand_cellular"
+                  v-model="extra_args.ondemand_cellular"
+                />
+                when connected to cellular networks
+              </label>
+            </div>
+            <div class="form-check">
+              <label
+                title="MacOS/iOS IPsec clients to enable Connect On Demand when connected to Wi-Fi?"
+              >
+                <input
+                  class="form-check-input"
+                  type="checkbox"
+                  name="ondemand_wifi"
+                  v-model="extra_args.ondemand_wifi"
+                />
+                when connected to WiFi
+              </label>
+            </div>
+
+            <div class="form-group">
+              <label for="id_ondemand_wifi_exclude">Trusted Wi-Fi networks</label>
+              <input
+                type="text"
+                class="form-control"
+                id="id_ondemand_wifi_exclude"
+                name="ondemand_wifi_exclude"
+                placeholder="HomeNet,OfficeWifi,AlgoWiFi"
+                v-model="extra_args.ondemand_wifi_exclude"
+              />
+              <small class="form-text text-muted">
+                List the names of any trusted Wi-Fi networks where
+                macOS/iOS
+                IPsec clients should not use "Connect On Demand"
+                (e.g., your home network. Comma-separated value, e.g.,
+                HomeNet,OfficeWifi,AlgoWiFi)
+              </small>
+            </div>
+            <label>Retain the PKI</label>
+            <div class="form-check">
+              <label>
+                <input
+                  class="form-check-input"
+                  type="checkbox"
+                  name="store_pki"
+                  v-model="extra_args.store_pki"
+                />
+                Do you want to retain the keys (PKI)?
+                <small
+                  class="form-text text-muted"
+                >
+                  required to add users in the future, but less
+                  secure
+                </small>
+              </label>
+            </div>
+            <label>DNS adblocking</label>
+            <div class="form-check">
+              <label>
+                <input
+                  class="form-check-input"
+                  type="checkbox"
+                  name="dns_adblocking"
+                  v-model="extra_args.dns_adblocking"
+                />
+                Enable DNS ad blocking on this VPN server
+              </label>
+            </div>
+            <label>SSH tunneling</label>
+            <div class="form-check">
+              <label>
+                <input
+                  class="form-check-input"
+                  type="checkbox"
+                  name="ssh_tunneling"
+                  v-model="extra_args.ssh_tunneling"
+                />
+                Each user will have their own account for SSH tunneling
+              </label>
+            </div>
+          </section>
+        </div>
+      </div>
+      <hr class="my-3" />
+      <section class="my-3" id="provider_app">
+        <h2>Select cloud provider</h2>
+        <div class="row">
+          <div class="col-4">
+            <ul class="nav flex-column nav-pills">
+              <li class="nav-item" v-for="provider in providers_map">
+                <a
+                  class="nav-link"
+                  href="#"
+                  v-bind:class="{ active: provider.alias === extra_args.provider }"
+                  @click="set_provider(provider.alias)"
+                >{{provider.name}}</a>
+              </li>
+            </ul>
+          </div>
+          <div class="col-8">
+            <div class="my-3" v-if="extra_args.provider === 'digitalocean'">
+              <h4>Digital Ocean Options</h4>
+              <div class="form-group">
+                <label for="id_do_token">
+                  Enter your API token. The token must have read and write permissions
+                  (https://cloud.digitalocean.com/settings/api/tokens):
+                </label>
+                <input
+                  type="text"
+                  class="form-control"
+                  id="id_do_token"
+                  name="do_token"
+                  v-model="extra_args.do_token"
+                  @blur="load_do_regions"
+                />
+              </div>
+              <div class="form-group">
+                <label
+                  v-if="do_regions.length > 0"
+                  for="id_region"
+                >What region should the server be located in?</label>
+                <label
+                  v-if="do_regions.length === 0"
+                  for="id_region"
+                >Please enter API key above to select region</label>
+                <label v-if="do_region_loading" for="id_region">Loading regions...</label>
+                <select
+                  name="region"
+                  id="id_region"
+                  class="form-control"
+                  v-model="extra_args.region"
+                  v-bind:disabled="do_region_loading"
+                >
+                  <option value disabled>Select region</option>
+                  <option
+                    v-for="(region, index) in do_regions"
+                    v-bind:value="region.slug"
+                  >{{region.name}}</option>
+                </select>
+              </div>
+            </div>
+          </div>
+        </div>
+      </section>
+    </div>
+  </div>
+  <footer class="footer mt-auto py-3" id="status_app">
+    <div
+      class="backdrop d-flex flex-column align-items-center justify-content-center"
+      v-if="show_backdrop"
+    >
+      <span class="spinner-border" role="status" aria-hidden="true"></span>
+    </div>
+    <div class="container">
+      <div v-if="!status || status === 'cancelled'">
+        <pre class="console">{{cli_preview}}</pre>
+        <button @click="run" class="btn btn-primary" type="button">Install</button>
+      </div>
+      <div v-if="status === 'running'">
+        <pre class="console">{{program.join(' ')}}</pre>
+        <button class="btn btn-danger" type="button" @click="stop">Stop</button>
+        <button class="btn btn-primary" type="button" disabled>
+          <span class="spinner-border spinner-border-sm" role="status" aria-hidden="true"></span>
+          Running...
+        </button>
+      </div>
+      <div v-if="status === 'done'">
+        <pre class="console">{{program.join(' ')}}</pre>
+        <div v-if="is_success" class="text-success">Done!</div>
+        <div v-else class="text-danger">Failed!</div>
+      </div>
+    </div>
+  </footer>
+</template>
+
+<script>
+
+var vpn_options_extra_args = {
+  server_name: "algo",
+  ondemand_cellular: false,
+  ondemand_wifi: false,
+  dns_adblocking: false,
+  ssh_tunneling: false,
+  store_pki: false,
+  ondemand_wifi_exclude: ""
+};
+
+new Vue({
+  el: "#options_app",
+  data: {
+    extra_args: vpn_options_extra_args
+  }
+});
+
+var provider_extra_args = {
+  provider: null
+};
+
+new Vue({
+  el: "#provider_app",
+  data: {
+    loading: false,
+    do_region_loading: false,
+    do_regions: [],
+    extra_args: provider_extra_args,
+    providers_map: [
+      { name: "DigitalOcean", alias: "digitalocean" },
+      { name: "Amazon Lightsail", alias: "lightsail" },
+      { name: "Amazon EC2", alias: "ec2" },
+      { name: "Microsoft Azure", alias: "azure" },
+      { name: "Google Compute Engine", alias: "gce" },
+      { name: "Hetzner Cloud", alias: "hetzner" },
+      { name: "Vultr", alias: "vultr" },
+      { name: "Scaleway", alias: "scaleway" },
+      { name: "OpenStack (DreamCompute optimised)", alias: "openstack" },
+      { name: "CloudStack (Exoscale optimised)", alias: "cloudstack" },
+      {
+        name: "Install to existing Ubuntu 18.04 or 19.04 server (Advanced)",
+        alias: "local"
+      }
+    ]
+  },
+  methods: {
+    set_provider(provider) {
+      this.extra_args.provider = provider;
+    },
+    load_do_regions: function() {
+      if (
+        this.extra_args.provider === "digitalocean" &&
+        this.extra_args.do_token
+      ) {
+        this.loading = true;
+        this.do_region_loading = true;
+        fetch("/do/regions", {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json"
+          },
+          body: JSON.stringify({ token: this.extra_args.do_token })
+        })
+          .then(r => r.json())
+          .then(r => {
+            this.do_regions = r.regions;
+          })
+          .finally(() => {
+            this.loading = false;
+            this.do_region_loading = false;
+          });
+      }
+    }
+  }
+});
+
+new Vue({
+  el: "#status_app",
+  data: {
+    status: null,
+    program: null,
+    result: null,
+    error: null,
+    // shared data, do not write there
+    vpn_options_extra_args,
+    provider_extra_args
+  },
+  created() {
+    this.loop = setInterval(this.get_status, 1000);
+  },
+  computed: {
+    extra_args() {
+      return Object.assign(
+        {},
+        this.vpn_options_extra_args,
+        this.provider_extra_args
+      );
+    },
+    cli_preview() {
+      var args = "";
+      for (arg in this.extra_args) {
+        args += `${arg}=${this.extra_args[arg]} `;
+      }
+      return `ansible-playbook main.yml --extra-vars ${args}`;
+    },
+    show_backdrop() {
+      return this.status === "running";
+    },
+    is_success() {
+      return this.result === 0;
+    }
+  },
+  watch: {
+    status: function() {
+      if (this.status === "done") {
+        clearInterval(this.loop);
+      }
+    }
+  },
+  methods: {
+    run() {
+      fetch("/playbook", {
+        method: "POST",
+        body: JSON.stringify(this.extra_args),
+        headers: {
+          "Content-Type": "application/json"
+        }
+      });
+    },
+    stop() {
+      fetch("/playbook", {
+        method: "DELETE"
+      });
+    },
+    get_status() {
+      fetch("/playbook")
+        .then(r => r.json())
+        .then(status => {
+          this.status = status.status;
+          this.program = status.program;
+          this.result = status.result;
+        })
+        .catch(err => {
+          alert("Server error");
+          clearInterval(this.loop);
+        });
+    }
+  }
+});
+</script>
+
+<style scoped>
+.console {
+  background: black;
+  color: white;
+  padding: 4px;
+  border-radius: 2px;
+  white-space: pre-line;
+  padding-left: 2em;
+  position: relative;
+}
+.console::before {
+  content: "$";
+  position: absolute;
+  left: 1em;
+}
+.backdrop {
+  position: fixed;
+  background: white;
+  opacity: 0.6;
+  top: 0;
+  bottom: 0;
+  left: 0;
+  right: 0;
+  z-index: 100;
+  pointer-events: none;
+}
+.footer .container {
+  position: relative;
+  z-index: 101;
+}
+</style>
diff --git a/app/static/index.html b/app/static/index.html
index d517902ed..d391bca1b 100644
--- a/app/static/index.html
+++ b/app/static/index.html
@@ -1,227 +1,67 @@
 <!DOCTYPE html>
 <html class="h-100">
+
 <head>
   <title>Algo VPN</title>
-    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
-  <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css"
-        integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/vue/2.6.10/vue.min.js" 
-        integrity="sha256-chlNFSVx3TdcQ2Xlw7SvnbLAavAQLO0Y/LBiWX04viY=" crossorigin="anonymous"></script>
-    <style>
-    .console {
-        background: black;
-        color: white;
-        padding: 4px;
-        border-radius: 2px;
-        white-space: pre-line;
-        padding-left: 2em;
-        position: relative;
-    }
-    .console::before {
-        content: "$";
-        position: absolute;
-        left: 1em;
-    }
-    .backdrop {
-        position: fixed;
-        background: white;
-        opacity: 0.6;
-        top: 0;
-        bottom: 0;
-        left: 0;
-        right: 0;
-        z-index: 100;
-        pointer-events: none;
-    }
-    .footer .container {
-        position: relative;
-        z-index: 101;
-    }
-    </style>
+  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+  <script src="https://cdn.jsdelivr.net/npm/http-vue-loader@1.4.2/src/httpVueLoader.js"
+    integrity="sha256-aOeVxnlZDaiJOHsqNWVOMNsKdiGxgT8kbLp1p1Rv2sc=" crossorigin="anonymous"></script>
+  <script src="https://cdn.jsdelivr.net/npm/vue@2.6.11/dist/vue.js"
+    integrity="sha256-NSuqgY2hCZJUN6hDMFfdxvkexI7+iLxXQbL540RQ/c4=" crossorigin="anonymous"></script>
+  <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/css/bootstrap.min.css"
+    integrity="sha256-L/W5Wfqfa0sdBNIKN9cG6QA5F2qx4qICmU2VgLruv9Y=" crossorigin="anonymous">
 </head>
-<body class="d-flex flex-column h-100">
-<div style="overflow: auto">
-    <div class="container">
-        <h1 class="mb-5 text-center">Algo VPN Setup</h1>
-        <div class="row">
-            <div class="col-md-4 order-md-2 mb-4" id="users_app">
-                <h2>Users</h2>
-                <section class="my-3">
-                    <h4>Set up user list</h4>
-                    <ul class="list-group">
-                        <li class="list-group-item"
-                            v-for="(user, index) in config.users"
-                            :key="user"
-                        >
-                            {{ user }}
-                            <button type="button" class="btn btn-secondary btn-sm float-right"
-                                    @click="remove_user(index)">
-                                Remove
-                            </button>
-                        </li>
-                    </ul>
-                    <div class="my-3 form-group">
-                        <label for="id_new_user">Add new user</label>
-                        <div class="input-group">
-
-                            <input type="text" id="id_new_user" class="form-control" placeholder="username"
-                                    v-model="new_user">
-                            <div class="input-group-append">
-                                <button @click="add_user" class="btn btn-outline-primary" type="button"
-                                        id="button-addon2">
-                                    Add
-                                </button>
-                            </div>
-                        </div>
-                    </div>
-                </section>
-                <div>
-                    <button @click="save_config" v-bind:disabled="loading" class="btn btn-secondary" type="button">Save
-                    </button>
-                    <span v-if="save_config_message"
-                            v-bind:class="{ 'text-success': ok, 'text-danged': !ok }">{{save_config_message}}</span>
-                </div>
-            </div>
-            <div class="col-md-8 order-md-1" id="options_app">
-                <h2>VPN Options</h2>
-                <section class="my-3">
-                    <div class="form-group">
-                        <label>Name the vpn server</label>
-                        <input type="text" class="form-control" placeholder="server name"
-                                v-model="extra_args.server_name"/>
-                    </div>
-                    <label>MacOS/iOS IPsec clients to enable Connect On Demand:</label>
-                    <div class="form-check">
-                        <label title="MacOS/iOS IPsec clients to enable Connect On Demand when connected to cellular
-                            networks?">
-                            <input class="form-check-input" type="checkbox" name="ondemand_cellular"
-                                    v-model="extra_args.ondemand_cellular">
-                            when connected to cellular networks
-                        </label>
-                    </div>
-                    <div class="form-check">
-                        <label title="MacOS/iOS IPsec clients to enable Connect On Demand when connected to Wi-Fi?">
-                            <input class="form-check-input" type="checkbox" name="ondemand_wifi"
-                                    v-model="extra_args.ondemand_wifi">
-                            when connected to WiFi
-                        </label>
-                    </div>
 
-                    <div class="form-group">
-                        <label for="id_ondemand_wifi_exclude">Trusted Wi-Fi networks</label>
-                        <input type="text" class="form-control" id="id_ondemand_wifi_exclude"
-                                name="ondemand_wifi_exclude"
-                                placeholder="HomeNet,OfficeWifi,AlgoWiFi"
-                                v-model="extra_args.ondemand_wifi_exclude"/>
-                        <small class="form-text text-muted">
-                            List the names of any trusted Wi-Fi networks where
-                            macOS/iOS
-                            IPsec clients should not use "Connect On Demand"
-                            (e.g., your home network. Comma-separated value, e.g.,
-                            HomeNet,OfficeWifi,AlgoWiFi)
-                        </small>
-                    </div>
-                    <label>Retain the PKI</label>
-                    <div class="form-check">
-                        <label>
-                            <input class="form-check-input" type="checkbox" name="store_pki"
-                                    v-model="extra_args.store_pki">
-                            Do you want to retain the keys (PKI)?
-                            <small class="form-text text-muted">required to add users in the future, but less
-                            secure</small>
-                        </label>
-
-                    </div>
-                    <label>DNS adblocking</label>
-                    <div class="form-check">
-                        <label>
-                            <input class="form-check-input" type="checkbox" name="dns_adblocking"
-                                    v-model="extra_args.dns_adblocking">
-                            Enable DNS ad blocking on this VPN server
-                        </label>
-                    </div>
-                    <label>SSH tunneling</label>
-                    <div class="form-check">
-                        <label>
-                            <input class="form-check-input" type="checkbox" name="ssh_tunneling"
-                                    v-model="extra_args.ssh_tunneling">
-                            Each user will have their own account for SSH tunneling
-                        </label>
-                    </div>
-                </section>
-            </div>
-        </div>
-        <hr class="my-3">
-        <section class="my-3" id="provider_app">
-            <h2>Select cloud provider</h2>
-            <div class="row">
-                <div class="col-4">
-                    <ul class="nav flex-column nav-pills">
-                        <li class="nav-item"
-                            v-for="provider in providers_map">
-                            <a class="nav-link" href="#" 
-                                v-bind:class="{ active: provider.alias === extra_args.provider }"
-                                @click="set_provider(provider.alias)">{{provider.name}}</a>
-                        </li>
-                    </ul>
-                </div>
-                <div class="col-8">
-                    <div class="my-3" v-if="extra_args.provider === 'digitalocean'">
-                        <h4>Digital Ocean Options</h4>
-                        <div class="form-group">
-                            <label for="id_do_token">Enter your API token. The token must have read and write permissions
-                                (https://cloud.digitalocean.com/settings/api/tokens):</label>
-                            <input type="text" class="form-control" id="id_do_token" name="do_token"
-                                v-model="extra_args.do_token"
-                                @blur="load_do_regions"/>
-                        </div>
-                        <div class="form-group">
-                            <label v-if="do_regions.length > 0" for="id_region">What region should the server be located in?</label>
-                            <label v-if="do_regions.length === 0" for="id_region">Please enter API key above to select region</label>
-                            <label v-if="do_region_loading" for="id_region">Loading regions...</label>
-                            <select name="region"
-                                id="id_region"
-                                class="form-control"
-                                v-model="extra_args.region"
-                                v-bind:disabled="do_region_loading">
-                                <option value="" disabled>Select region</option>
-                                <option
-                                    v-for="(region, index) in do_regions"
-                                    v-bind:value="region.slug">
-                                    {{region.name}}
-                                </option>
-                            </select>
-                        </div>
-                    </div>
-                </div>
-            </div>
-        </section>
-    </div>
-</div>
-<footer class="footer mt-auto py-3" id="status_app">
-    <div class="backdrop d-flex flex-column align-items-center justify-content-center" v-if="show_backdrop">
-        <span class="spinner-border" role="status" aria-hidden="true"></span>
-    </div>
-    <div class="container">
-        <div v-if="!status || status === 'cancelled'">
-            <pre class="console">{{cli_preview}}</pre>
-            <button @click="run" class="btn btn-primary" type="button">Install</button>
-        </div>
-        <div v-if="status === 'running'">
-            <pre class="console">{{program.join(' ')}}</pre>
-            <button class="btn btn-danger" type="button" @click="stop">Stop</button>
-            <button class="btn btn-primary" type="button" disabled>
-                <span class="spinner-border spinner-border-sm" role="status" aria-hidden="true"></span>
-                Running...
-            </button>
-        </div>
-        <div v-if="status === 'done'">
-            <pre class="console">{{program.join(' ')}}</pre>
-            <div v-if="is_success" class="text-success">Done!</div>
-            <div v-else class="text-danger">Failed!</div>
-        </div>
+<body class="d-flex flex-column h-100">
+  <div class="container" id="algo">
+    <h1 class="mb-5 text-center">{{ title }}</h1>
+    <div class="row">
+      <user-config class="col-md-4 order-md-2 mb-4"></user-config>
+      <vpn-setup class="col-md-8 order-md-1"
+        v-bind:extra_args="extra_args"
+        v-on:submit="on_setup_submit"></vpn-setup>
     </div>
-</footer>
-<script src="./static/app.js"></script>
+    <provider-setup v-bind:extra_args="extra_args" v-on:submit="on_provider_submit">
+    </provider-setup>
+  </div>
+
+  <script>
+    new window.Vue({
+      el: '#algo',
+      data: {
+        playbook: {},
+        extra_args: {
+          server_name: "algo",
+          ondemand_cellular: false,
+          ondemand_wifi: false,
+          dns_adblocking: false,
+          ssh_tunneling: false,
+          store_pki: false,
+          ondemand_wifi_exclude: []
+        }
+      },
+      computed: {
+        title() {
+          return 'Algo VPN Setup';
+        }
+      },
+      components: {
+        'user-config': window.httpVueLoader('/static/user-config.vue'),
+        'vpn-setup': window.httpVueLoader('/static/vpn-setup.vue'),
+        'provider-setup': window.httpVueLoader('/static/provider-setup.vue'),
+      },
+      methods: {
+        on_setup_submit: function(extra_args) {
+          Object.assign(this.extra_args, extra_args);
+          debugger;
+        },
+        on_provider_submit: function(extra_args) {
+          Object.assign(this.extra_args, extra_args);
+          debugger;
+        }
+      }
+    })
+  </script>
 </body>
-</html>
+
+</html>
\ No newline at end of file
diff --git a/app/static/provider-setup.vue b/app/static/provider-setup.vue
new file mode 100644
index 000000000..faf5356e0
--- /dev/null
+++ b/app/static/provider-setup.vue
@@ -0,0 +1,57 @@
+<template>
+  <div class="row" id="prodiver_id">
+    <h2 class="col-12">
+      <span v-if="provider">{{ provider.name }} Setup</span>
+      <span v-else>Select cloud provider</span>
+    </h2>
+    <div class="col-4">
+      <ul class="nav flex-column nav-pills">
+        <li class="nav-item"
+          v-for="item in providers_map"
+          v-bind:key="item.alias">
+          <a
+            class="nav-link"
+            href="#prodiver_id"
+            v-bind:class="{ active: item.alias === provider && provider.alias }"
+            @click="set_provider(item)"
+          >{{item.name}}</a>
+        </li>
+      </ul>
+    </div>
+    <div class="col-8">
+      {{ provider && provider.alias }}
+    </div>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  data: function() {
+    return {
+      loading: false,
+      provider: null,
+      providers_map: [
+        { name: "DigitalOcean", alias: "digitalocean" },
+        { name: "Amazon Lightsail", alias: "lightsail" },
+        { name: "Amazon EC2", alias: "ec2" },
+        { name: "Microsoft Azure", alias: "azure" },
+        { name: "Google Compute Engine", alias: "gce" },
+        { name: "Hetzner Cloud", alias: "hetzner" },
+        { name: "Vultr", alias: "vultr" },
+        { name: "Scaleway", alias: "scaleway" },
+        { name: "OpenStack (DreamCompute optimised)", alias: "openstack" },
+        { name: "CloudStack (Exoscale optimised)", alias: "cloudstack" },
+        {
+          name: "Install to existing Ubuntu 18.04 or 19.04 server (Advanced)",
+          alias: "local"
+        }
+      ]
+    }
+  },
+  methods: {
+    set_provider(provider) {
+      this.provider = provider;
+    }
+  }
+};
+</script>
\ No newline at end of file
diff --git a/app/static/user-config.vue b/app/static/user-config.vue
new file mode 100644
index 000000000..4e61f3232
--- /dev/null
+++ b/app/static/user-config.vue
@@ -0,0 +1,112 @@
+<template>
+  <div>
+    <h2>Users</h2>
+    <section class="my-3">
+      <h4>Set up user list</h4>
+      <ul class="list-group">
+        <li class="list-group-item" v-for="(user, index) in config.users" :key="user">
+          {{ user }}
+          <button
+            type="button"
+            class="btn btn-secondary btn-sm float-right"
+            @click="remove_user(index)"
+          >Remove</button>
+        </li>
+      </ul>
+      <div class="my-3 form-group">
+        <label for="id_new_user">Add new user</label>
+        <div class="input-group">
+          <input
+            type="text"
+            id="id_new_user"
+            class="form-control"
+            placeholder="username"
+            v-model="new_user"
+          />
+          <div class="input-group-append">
+            <button
+              @click="add_user"
+              class="btn btn-outline-primary"
+              type="button"
+              id="button-addon2"
+            >Add</button>
+          </div>
+        </div>
+      </div>
+    </section>
+    <div>
+      <span
+        v-if="save_config_message"
+        v-bind:class="{ 'text-success': ok, 'text-danged': !ok }"
+      >{{save_config_message}}</span>
+    </div>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  data: function() {
+    return {
+      config: {},
+      loading: false,
+      new_user: "",
+      save_config_message: ""
+    };
+  },
+  created: function() {
+    this.load_config();
+  },
+  methods: {
+    add_user: function() {
+      this.config.users.push(this.new_user);
+      this.new_user = "";
+      this.save_config();
+    },
+    remove_user: function(index) {
+      this.config.users.splice(index, 1);
+      this.save_config();
+    },
+    save_config: function() {
+      if (this.loading) return;
+      this.loading = true;
+      fetch("/config", {
+        method: "POST",
+        body: JSON.stringify(this.config),
+        headers: {
+          "Content-Type": "application/json"
+        }
+      })
+        .then(r => r.json())
+        .then(result => {
+          if (result.ok) {
+            this.ok = true;
+            this.save_config_message = "Saved!";
+            setTimeout(() => {
+              this.save_config_message = "";
+            }, 1000);
+          } else {
+            this.ok = false;
+            this.save_config_message = "Not Saved!";
+            setTimeout(() => {
+              this.save_config_message = "";
+            }, 1000);
+          }
+        })
+        .finally(() => {
+          this.loading = false;
+        });
+    },
+    load_config: function() {
+      this.loading = true;
+      fetch("/config")
+        .then(r => r.json())
+        .then(config => {
+          this.config = config;
+        })
+        .finally(() => {
+          this.loading = false;
+        });
+    }
+  }
+};
+</script>
\ No newline at end of file
diff --git a/app/static/vpn-setup.vue b/app/static/vpn-setup.vue
new file mode 100644
index 000000000..75a4143ad
--- /dev/null
+++ b/app/static/vpn-setup.vue
@@ -0,0 +1,111 @@
+<template>
+  <div>
+    <h2>VPN Options</h2>
+    <section class="my-3">
+      <div class="form-group">
+        <label>Name the vpn server</label>
+        <input
+          type="text"
+          class="form-control"
+          placeholder="server name"
+          v-model="extra_args.server_name"
+        />
+      </div>
+      <label>MacOS/iOS IPsec clients to enable Connect On Demand:</label>
+      <div class="form-check">
+        <label
+          title="MacOS/iOS IPsec clients to enable Connect On Demand when connected to cellular
+                            networks?"
+        >
+          <input
+            class="form-check-input"
+            type="checkbox"
+            name="ondemand_cellular"
+            v-model="extra_args.ondemand_cellular"
+          />
+          when connected to cellular networks
+        </label>
+      </div>
+      <div class="form-check">
+        <label title="MacOS/iOS IPsec clients to enable Connect On Demand when connected to Wi-Fi?">
+          <input
+            class="form-check-input"
+            type="checkbox"
+            name="ondemand_wifi"
+            v-model="extra_args.ondemand_wifi"
+          />
+          when connected to WiFi
+        </label>
+      </div>
+
+      <div class="form-group">
+        <label for="id_ondemand_wifi_exclude">Trusted Wi-Fi networks</label>
+        <input
+          type="text"
+          class="form-control"
+          id="id_ondemand_wifi_exclude"
+          name="ondemand_wifi_exclude"
+          placeholder="HomeNet,OfficeWifi,AlgoWiFi"
+          v-model="extra_args.ondemand_wifi_exclude"
+        />
+        <small class="form-text text-muted">
+          List the names of any trusted Wi-Fi networks where
+          macOS/iOS
+          IPsec clients should not use "Connect On Demand"
+          (e.g., your home network. Comma-separated value, e.g.,
+          HomeNet,OfficeWifi,AlgoWiFi)
+        </small>
+      </div>
+      <label>Retain the PKI</label>
+      <div class="form-check">
+        <label>
+          <input
+            class="form-check-input"
+            type="checkbox"
+            name="store_pki"
+            v-model="extra_args.store_pki"
+          />
+          Do you want to retain the keys (PKI)?
+          <small class="form-text text-muted">
+            required to add users in the future, but less
+            secure
+          </small>
+        </label>
+      </div>
+      <label>DNS adblocking</label>
+      <div class="form-check">
+        <label>
+          <input
+            class="form-check-input"
+            type="checkbox"
+            name="dns_adblocking"
+            v-model="extra_args.dns_adblocking"
+          />
+          Enable DNS ad blocking on this VPN server
+        </label>
+      </div>
+      <label>SSH tunneling</label>
+      <div class="form-check">
+        <label>
+          <input
+            class="form-check-input"
+            type="checkbox"
+            name="ssh_tunneling"
+            v-model="extra_args.ssh_tunneling"
+          />
+          Each user will have their own account for SSH tunneling
+        </label>
+      </div>
+      <button @click="$emit('submit')" class="btn btn-primary" type="button">Select Cloud Provider</button>
+    </section>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  props: {
+    // Warning: Mutable Object to edit partent props
+    extra_args: Object
+  }
+}
+</script>
\ No newline at end of file

From 34211a0362aa209c635b54c07dad8be81542956d Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Fri, 13 Mar 2020 01:10:29 +0500
Subject: [PATCH 08/39] added DO provider module

---
 app/static/provider-do.vue    | 82 +++++++++++++++++++++++++++++++++++
 app/static/provider-setup.vue | 10 ++++-
 2 files changed, 90 insertions(+), 2 deletions(-)
 create mode 100644 app/static/provider-do.vue

diff --git a/app/static/provider-do.vue b/app/static/provider-do.vue
new file mode 100644
index 000000000..16c5e90fc
--- /dev/null
+++ b/app/static/provider-do.vue
@@ -0,0 +1,82 @@
+<template>
+  <div>
+    <div class="form-group">
+      <label for="id_do_token">
+          Enter your API token. The token must have read and write permissions
+          (<a href="https://cloud.digitalocean.com/settings/api/tokens" target="_blank" rel="noopener noreferrer">https://cloud.digitalocean.com/settings/api/tokens</a>):
+      </label>
+      <input
+          type="text"
+          class="form-control"
+          id="id_do_token"
+          name="do_token"
+          v-model="do_token"
+          @blur="load_do_regions"
+      />
+    </div>
+    <div class="form-group">
+      <label
+          v-if="do_regions.length > 0"
+          for="id_region"
+      >What region should the server be located in?</label>
+      <label
+          v-if="do_regions.length === 0"
+          for="id_region"
+      >Please enter API key above to select region</label>
+      <label v-if="do_region_loading" for="id_region">Loading regions...</label>
+      <select
+          name="region"
+          id="id_region"
+          class="form-control"
+          v-model="do_region"
+          v-bind:disabled="do_region_loading"
+      >
+          <option value disabled>Select region</option>
+          <option
+            v-for="(region, i) in do_regions"
+            v-bind:key="region.slug"
+            v-bind:value="region.slug"
+            >{{region.name}}</option>
+      </select>
+    </div>
+    <button @click="submit" v-bind:disabled="!do_region" class="btn btn-primary" type="button">Next</button>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  data: function() {
+    return {
+      do_token: null,
+      do_region: null,
+      do_regions: [],
+      do_region_loading: false
+    }
+  },
+  methods: {
+    load_do_regions: function () {
+      this.do_region_loading = true;
+        fetch("/do/regions", {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json"
+          },
+          body: JSON.stringify({ token: this.do_token })
+        })
+          .then(r => r.json())
+          .then(r => {
+            this.do_regions = r.regions;
+          })
+          .finally(() => {
+            this.do_region_loading = false;
+          });
+    },
+    submit() {
+      this.$emit('submit', {
+        do_token: this.do_token,
+        region: this.do_region
+      })
+    }
+  }
+};
+</script>
\ No newline at end of file
diff --git a/app/static/provider-setup.vue b/app/static/provider-setup.vue
index faf5356e0..31ac68d20 100644
--- a/app/static/provider-setup.vue
+++ b/app/static/provider-setup.vue
@@ -12,14 +12,14 @@
           <a
             class="nav-link"
             href="#prodiver_id"
-            v-bind:class="{ active: item.alias === provider && provider.alias }"
+            v-bind:class="{ active: item.alias === (provider && provider.alias) }"
             @click="set_provider(item)"
           >{{item.name}}</a>
         </li>
       </ul>
     </div>
     <div class="col-8">
-      {{ provider && provider.alias }}
+      <component v-if="provider" v-bind:is="provider.alias" v-on:submit="on_provider_submit"></component>
     </div>
   </div>
 </template>
@@ -51,7 +51,13 @@ module.exports = {
   methods: {
     set_provider(provider) {
       this.provider = provider;
+    },
+    on_provider_submit(extra_args) {
+      this.$emit('submit', Object.assign({provider: this.provider.alias}, extra_args));
     }
+  },
+  components: {
+    'digitalocean': window.httpVueLoader('/static/provider-do.vue')
   }
 };
 </script>
\ No newline at end of file

From 992b2d60bb24ad05e9382d44dafd7ede1cf125a1 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Thu, 2 Apr 2020 00:17:55 +0500
Subject: [PATCH 09/39] Added full-page steps with transitions

---
 app/static/index.html         | 44 +++++++++++++++++++++++------------
 app/static/provider-setup.vue | 12 ++++++++--
 app/static/vpn-setup.vue      |  4 ++--
 3 files changed, 41 insertions(+), 19 deletions(-)

diff --git a/app/static/index.html b/app/static/index.html
index d391bca1b..2de60d1db 100644
--- a/app/static/index.html
+++ b/app/static/index.html
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html class="h-100">
+<html class="h-100" lang="en">
 
 <head>
   <title>Algo VPN</title>
@@ -10,19 +10,34 @@
     integrity="sha256-NSuqgY2hCZJUN6hDMFfdxvkexI7+iLxXQbL540RQ/c4=" crossorigin="anonymous"></script>
   <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/css/bootstrap.min.css"
     integrity="sha256-L/W5Wfqfa0sdBNIKN9cG6QA5F2qx4qICmU2VgLruv9Y=" crossorigin="anonymous">
+  <style>
+    .fade-enter-active, .fade-leave-active {
+      transition: opacity 300ms ease-in-out;
+    }
+    .fade-enter, .fade-leave-to /* .fade-leave-active below version 2.1.8 */ {
+      opacity: 0;
+    }
+  </style>
 </head>
 
 <body class="d-flex flex-column h-100">
   <div class="container" id="algo">
     <h1 class="mb-5 text-center">{{ title }}</h1>
-    <div class="row">
-      <user-config class="col-md-4 order-md-2 mb-4"></user-config>
-      <vpn-setup class="col-md-8 order-md-1"
-        v-bind:extra_args="extra_args"
-        v-on:submit="on_setup_submit"></vpn-setup>
-    </div>
-    <provider-setup v-bind:extra_args="extra_args" v-on:submit="on_provider_submit">
-    </provider-setup>
+    <transition name="fade">
+      <div class="row" v-if="step == 'setup'">
+        <user-config class="col-md-4 order-md-2 mb-4"></user-config>
+        <vpn-setup class="col-md-8 order-md-1"
+          v-bind:extra_args="extra_args"
+          v-on:submit="set_step('provider'); update_extra_args"></vpn-setup>
+      </div>
+    </transition>
+    <transition name="fade">
+      <provider-setup v-if="step == 'provider'"
+                      v-bind:extra_args="extra_args"
+                      v-on:submit="update_extra_args"
+                      v-on:back="set_step('setup')">
+      </provider-setup>
+    </transition>
   </div>
 
   <script>
@@ -30,6 +45,7 @@ <h1 class="mb-5 text-center">{{ title }}</h1>
       el: '#algo',
       data: {
         playbook: {},
+        step: 'setup',
         extra_args: {
           server_name: "algo",
           ondemand_cellular: false,
@@ -51,17 +67,15 @@ <h1 class="mb-5 text-center">{{ title }}</h1>
         'provider-setup': window.httpVueLoader('/static/provider-setup.vue'),
       },
       methods: {
-        on_setup_submit: function(extra_args) {
-          Object.assign(this.extra_args, extra_args);
-          debugger;
+        set_step: function(step) {
+          this.step = step;
         },
-        on_provider_submit: function(extra_args) {
+        update_extra_args: function(extra_args) {
           Object.assign(this.extra_args, extra_args);
-          debugger;
         }
       }
     })
   </script>
 </body>
 
-</html>
\ No newline at end of file
+</html>
diff --git a/app/static/provider-setup.vue b/app/static/provider-setup.vue
index 31ac68d20..22f685679 100644
--- a/app/static/provider-setup.vue
+++ b/app/static/provider-setup.vue
@@ -1,6 +1,7 @@
 <template>
   <div class="row" id="prodiver_id">
     <h2 class="col-12">
+      <button type="button" class="btn btn-secondary back-button" v-on:click="$emit('back')"><</button>
       <span v-if="provider">{{ provider.name }} Setup</span>
       <span v-else>Select cloud provider</span>
     </h2>
@@ -13,7 +14,7 @@
             class="nav-link"
             href="#prodiver_id"
             v-bind:class="{ active: item.alias === (provider && provider.alias) }"
-            @click="set_provider(item)"
+            v-on:click="set_provider(item)"
           >{{item.name}}</a>
         </li>
       </ul>
@@ -60,4 +61,11 @@ module.exports = {
     'digitalocean': window.httpVueLoader('/static/provider-do.vue')
   }
 };
-</script>
\ No newline at end of file
+</script>
+<style scoped>
+.back-button {
+  position: absolute;
+  border-radius: 50%;
+  left: -2em;
+}
+</style>
diff --git a/app/static/vpn-setup.vue b/app/static/vpn-setup.vue
index 75a4143ad..70c3d37d6 100644
--- a/app/static/vpn-setup.vue
+++ b/app/static/vpn-setup.vue
@@ -96,7 +96,7 @@
           Each user will have their own account for SSH tunneling
         </label>
       </div>
-      <button @click="$emit('submit')" class="btn btn-primary" type="button">Select Cloud Provider</button>
+      <button v-on:click="$emit('submit')" class="btn btn-primary" type="button">Select Cloud Provider</button>
     </section>
   </div>
 </template>
@@ -108,4 +108,4 @@ module.exports = {
     extra_args: Object
   }
 }
-</script>
\ No newline at end of file
+</script>

From 32a8b08c3ab41873273ecbbb909985177da01f64 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Thu, 2 Apr 2020 01:47:18 +0500
Subject: [PATCH 10/39] Removed do regions request, re-added run and status

---
 app/server.py                  | 14 --------
 app/static/command-preview.vue | 42 ++++++++++++++++++++++++
 app/static/index.html          | 47 ++++++++++++++++++++++-----
 app/static/provider-do.vue     | 11 +++----
 app/static/provider-setup.vue  | 10 ++++--
 app/static/status-running.vue  | 59 ++++++++++++++++++++++++++++++++++
 app/static/vpn-setup.vue       |  6 ++--
 7 files changed, 154 insertions(+), 35 deletions(-)
 create mode 100644 app/static/command-preview.vue
 create mode 100644 app/static/status-running.vue

diff --git a/app/server.py b/app/server.py
index 25a4fded9..76b0651ac 100644
--- a/app/server.py
+++ b/app/server.py
@@ -100,20 +100,6 @@ async def post_config(request):
             return web.json_response({'ok': True})
 
 
-@routes.post('/do/regions')
-async def get_do_regions(request):
-    data = await request.json()
-    async with aiohttp.ClientSession() as session:
-        url = 'https://api.digitalocean.com/v2/regions'
-        headers = {
-            'Content-Type': 'application/json',
-            'Authorization': 'Bearer {0}'.format(data['token']),
-        }
-        async with session.get(url, headers=headers) as r:
-            json_body = await r.json()
-            return web.json_response(json_body)
-
-
 app = web.Application()
 app.router.add_routes(routes)
 web.run_app(app, port=9000)
diff --git a/app/static/command-preview.vue b/app/static/command-preview.vue
new file mode 100644
index 000000000..2177bbdb6
--- /dev/null
+++ b/app/static/command-preview.vue
@@ -0,0 +1,42 @@
+<template>
+  <div class="row">
+    <h2 class="col-12">
+      <button type="button" class="btn btn-secondary back-button" v-on:click="$emit('back')"><</button>
+      🧐 Review and Start!
+    </h2>
+    <section class="my-3">
+      <pre class="code"><code>
+        {{cli_preview}}
+      </code></pre>
+      <button v-on:click="$emit('submit')" class="btn btn-primary" type="button">Run!</button>
+    </section>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  props: ['extra_args'],
+  computed: {
+    cli_preview: function() {
+      let args = "";
+      for (arg in this.extra_args) {
+        args += `${arg}=${this.extra_args[arg]} `;
+      }
+      return `ansible-playbook main.yml --extra-vars ${args}`;
+    }
+  }
+}
+</script>
+<style scoped>
+  .back-button {
+    position: absolute;
+    border-radius: 50%;
+    left: -2em;
+  }
+  .code {
+    white-space: normal;
+    background: black;
+    color: lightgrey;
+    padding: 1em;
+  }
+</style>
diff --git a/app/static/index.html b/app/static/index.html
index 2de60d1db..fbd2e54d7 100644
--- a/app/static/index.html
+++ b/app/static/index.html
@@ -28,16 +28,28 @@ <h1 class="mb-5 text-center">{{ title }}</h1>
         <user-config class="col-md-4 order-md-2 mb-4"></user-config>
         <vpn-setup class="col-md-8 order-md-1"
           v-bind:extra_args="extra_args"
-          v-on:submit="set_step('provider'); update_extra_args"></vpn-setup>
+          v-on:submit="step = 'provider'"></vpn-setup>
       </div>
     </transition>
     <transition name="fade">
       <provider-setup v-if="step == 'provider'"
                       v-bind:extra_args="extra_args"
-                      v-on:submit="update_extra_args"
-                      v-on:back="set_step('setup')">
+                      v-on:submit="step = 'command'"
+                      v-on:back="step = 'setup'">
       </provider-setup>
     </transition>
+    <transition name="fade">
+      <command-preview v-if="step == 'command'"
+                      v-bind:extra_args="extra_args"
+                      v-on:submit="start(); step = 'running';"
+                      v-on:back="step = 'provider'">
+      </command-preview>
+    </transition>
+    <transition name="fade">
+      <status-running v-if="step == 'running'"
+                       v-on:submit="stop(); step = 'setup';">
+      </status-running>
+    </transition>
   </div>
 
   <script>
@@ -47,7 +59,7 @@ <h1 class="mb-5 text-center">{{ title }}</h1>
         playbook: {},
         step: 'setup',
         extra_args: {
-          server_name: "algo",
+          server_name: 'algo2',
           ondemand_cellular: false,
           ondemand_wifi: false,
           dns_adblocking: false,
@@ -65,13 +77,32 @@ <h1 class="mb-5 text-center">{{ title }}</h1>
         'user-config': window.httpVueLoader('/static/user-config.vue'),
         'vpn-setup': window.httpVueLoader('/static/vpn-setup.vue'),
         'provider-setup': window.httpVueLoader('/static/provider-setup.vue'),
+        'command-preview': window.httpVueLoader('/static/command-preview.vue'),
+        'status-running': window.httpVueLoader('/static/status-running.vue'),
+      },
+      created() {
+        fetch("/playbook")
+          .then(r => r.json())
+          .then(data => {
+            if (data.status === 'running') {
+              this.step = 'running';
+            }
+          });
       },
       methods: {
-        set_step: function(step) {
-          this.step = step;
+        start: function() {
+          fetch("/playbook", {
+            method: "POST",
+            body: JSON.stringify(this.extra_args),
+            headers: {
+              "Content-Type": "application/json"
+            }
+          });
         },
-        update_extra_args: function(extra_args) {
-          Object.assign(this.extra_args, extra_args);
+        stop() {
+          fetch("/playbook", {
+            method: "DELETE"
+          });
         }
       }
     })
diff --git a/app/static/provider-do.vue b/app/static/provider-do.vue
index 16c5e90fc..df007fa36 100644
--- a/app/static/provider-do.vue
+++ b/app/static/provider-do.vue
@@ -56,12 +56,11 @@ module.exports = {
   methods: {
     load_do_regions: function () {
       this.do_region_loading = true;
-        fetch("/do/regions", {
-          method: "POST",
+        fetch('https://api.digitalocean.com/v2/regions', {
           headers: {
-            "Content-Type": "application/json"
-          },
-          body: JSON.stringify({ token: this.do_token })
+            'Content-Type': 'application/json',
+            'Authorization': `Bearer ${this.do_token}`
+          }
         })
           .then(r => r.json())
           .then(r => {
@@ -79,4 +78,4 @@ module.exports = {
     }
   }
 };
-</script>
\ No newline at end of file
+</script>
diff --git a/app/static/provider-setup.vue b/app/static/provider-setup.vue
index 22f685679..cde04509e 100644
--- a/app/static/provider-setup.vue
+++ b/app/static/provider-setup.vue
@@ -1,5 +1,5 @@
 <template>
-  <div class="row" id="prodiver_id">
+  <div class="row">
     <h2 class="col-12">
       <button type="button" class="btn btn-secondary back-button" v-on:click="$emit('back')"><</button>
       <span v-if="provider">{{ provider.name }} Setup</span>
@@ -12,7 +12,7 @@
           v-bind:key="item.alias">
           <a
             class="nav-link"
-            href="#prodiver_id"
+            href="#"
             v-bind:class="{ active: item.alias === (provider && provider.alias) }"
             v-on:click="set_provider(item)"
           >{{item.name}}</a>
@@ -49,12 +49,16 @@ module.exports = {
       ]
     }
   },
+  // Warning: Mutable Object to edit parent props
+  props: ['extra_args'],
   methods: {
     set_provider(provider) {
       this.provider = provider;
+      this.extra_args.provider = provider.alias;
     },
     on_provider_submit(extra_args) {
-      this.$emit('submit', Object.assign({provider: this.provider.alias}, extra_args));
+      Object.assign(this.extra_args, extra_args);
+      this.$emit('submit');
     }
   },
   components: {
diff --git a/app/static/status-running.vue b/app/static/status-running.vue
new file mode 100644
index 000000000..2c90599cc
--- /dev/null
+++ b/app/static/status-running.vue
@@ -0,0 +1,59 @@
+<template>
+  <div class="row status-container">
+    <h2 class="col-12"><span class="spin">🙃</span>Please be patient</h2>
+    <section class="status-text">
+      <p>VPN set up usually takes 5-15 minutes</p>
+      <p>You can close tab and open it again</p>
+      <p>You can try to <button type="button" class="btn btn-link back-button" v-on:click="$emit('submit')">STOP</button> setup and run it again</p>
+      <p>Don’t close terminal!</p>
+    </section>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  props: function() {
+    // Warning: Mutable Object to edit partent props
+    extra_args: Object
+  },
+  computed: {
+    cli_preview() {
+      return 'ansible-playbook main.yml --extra-vars "server_name=algo ondemand_cellular=true ondemand_wifi=true dns_adblocking=false ssh_tunneling=false store_pki=false ondemand_wifi_exclude=[] provider=digitalocean do_token=ad6b4405df208053e7b41e1c9e74b97364af1d6b902f6b6bb1d5575c52eca0c3 region=blr1"';
+    }
+  }
+}
+</script>
+<style scoped>
+  .back-button {
+    color: red;
+  }
+  .status-container {
+    display: flex;
+    flex-direction: column;
+  }
+  .status-text {
+    flex: 1;
+    display: flex;
+    flex-direction: column;
+    justify-content: center;
+  }
+  .spin {
+    animation-name: spin;
+    animation-duration: 5000ms;
+    animation-iteration-count: infinite;
+    animation-timing-function: linear;
+
+    display: block;
+    animation-delay: 5s;
+    width: 1em;
+    height: 100%;
+  }
+  @keyframes spin {
+    from {
+      transform:rotate(0deg);
+    }
+    to {
+      transform:rotate(360deg);
+    }
+  }
+</style>
diff --git a/app/static/vpn-setup.vue b/app/static/vpn-setup.vue
index 70c3d37d6..d8b27cbf1 100644
--- a/app/static/vpn-setup.vue
+++ b/app/static/vpn-setup.vue
@@ -103,9 +103,7 @@
 
 <script>
 module.exports = {
-  props: {
-    // Warning: Mutable Object to edit partent props
-    extra_args: Object
-  }
+  // Warning: Mutable Object to edit partent props
+  props: ['extra_args']
 }
 </script>

From 2a22234a67e698a81d000252bc37a4f3592af224 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Sat, 4 Apr 2020 23:50:37 +0500
Subject: [PATCH 11/39] Improved secret gathering

---
 app/playbook.py | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/app/playbook.py b/app/playbook.py
index 7fe95fbf7..06eb9cf88 100644
--- a/app/playbook.py
+++ b/app/playbook.py
@@ -186,10 +186,13 @@ def _process_block(b):
 
                         display.display(taskmsg)
 
-        return inventory.groups['vpn-host'].hosts[0].vars
-
-    @staticmethod
-    def _flush_cache(inventory, variable_manager):
-        for host in inventory.list_hosts():
-            hostname = host.get_name()
-            variable_manager.clear_facts(hostname)
+        host = inventory.groups['vpn-host'].hosts[0].name
+        fact_cache = pbex._variable_manager._nonpersistent_fact_cache[host]
+        return {
+            'CA_password': fact_cache['CA_password'],
+            'p12_export_password': fact_cache['p12_export_password'],
+            'algo_server_name': variable_manager.extra_vars['server_name'],
+            'ipv6_support': fact_cache['ipv6_support'],
+            'local_service_ip': variable_manager.get_vars()['hostvars'][host]['ansible_lo']['ipv4_secondaries'][0]['address'],
+            'ansible_ssh_host': host,
+        }

From 89c2330b8070d19040b60271964fd54b895bcef7 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Sun, 5 Apr 2020 01:49:17 +0500
Subject: [PATCH 12/39] App cleanup

---
 app/server.py                  |  20 +-
 app/static/app.vue             | 433 ---------------------------------
 app/static/command-preview.vue |   9 -
 app/static/index.html          |  79 ++++--
 app/static/provider-do.vue     |   2 +-
 app/static/provider-setup.vue  |  12 -
 app/static/status-done.vue     |  63 +++++
 app/static/status-running.vue  |  78 +++---
 app/static/user-config.vue     |   6 +-
 app/static/vpn-setup.vue       |   1 -
 10 files changed, 169 insertions(+), 534 deletions(-)
 delete mode 100644 app/static/app.vue
 create mode 100644 app/static/status-done.vue

diff --git a/app/server.py b/app/server.py
index 76b0651ac..2c2c1a84d 100644
--- a/app/server.py
+++ b/app/server.py
@@ -1,7 +1,4 @@
 import asyncio
-import mimetypes
-
-import aiohttp
 import yaml
 from os.path import join, dirname
 from aiohttp import web
@@ -20,19 +17,8 @@ def run_playbook(data):
     global task_program
     extra_vars = ' '.join(['{0}={1}'.format(key, data[key]) for key in data.keys()])
     task_program = ['ansible-playbook', 'main.yml', '--extra-vars', extra_vars]
-    vars = PlaybookCLI(task_program).run()
-    # TODO: filter only necessary vars
-    return vars
-
-@routes.get('/static/{path}')
-async def handle_static(request):
-    filepath = request.match_info['path']
-    mimetype = mimetypes.guess_type(filepath)
-    try:
-        with open(join(dirname(__file__), 'static', *filepath.split('/')), 'r') as f:
-            return web.Response(body=f.read(), content_type=mimetype[0])
-    except FileNotFoundError:
-        return web.Response(status=404)
+    return PlaybookCLI(task_program).run()
+
 
 @routes.get('/')
 async def handle_index(_):
@@ -102,4 +88,6 @@ async def post_config(request):
 
 app = web.Application()
 app.router.add_routes(routes)
+app.add_routes([web.static('/static', join(PROJECT_ROOT, 'app', 'static'))])
+app.add_routes([web.static('/results', join(PROJECT_ROOT, 'configs'))])
 web.run_app(app, port=9000)
diff --git a/app/static/app.vue b/app/static/app.vue
deleted file mode 100644
index 243d50b4f..000000000
--- a/app/static/app.vue
+++ /dev/null
@@ -1,433 +0,0 @@
-<template>
-  <div style="overflow: auto">
-    <div class="container">
-      <h1 class="mb-5 text-center">Algo VPN Setup</h1>
-      <div class="row">
-        <div class="col-md-4 order-md-2 mb-4" id="users_app">
-          <h2>Users</h2>
-          <section class="my-3">
-            <h4>Set up user list</h4>
-            <ul class="list-group">
-              <li class="list-group-item" v-for="(user, index) in config.users" :key="user">
-                {{ user }}
-                <button
-                  type="button"
-                  class="btn btn-secondary btn-sm float-right"
-                  @click="remove_user(index)"
-                >Remove</button>
-              </li>
-            </ul>
-            <div class="my-3 form-group">
-              <label for="id_new_user">Add new user</label>
-              <div class="input-group">
-                <input
-                  type="text"
-                  id="id_new_user"
-                  class="form-control"
-                  placeholder="username"
-                  v-model="new_user"
-                />
-                <div class="input-group-append">
-                  <button
-                    @click="add_user"
-                    class="btn btn-outline-primary"
-                    type="button"
-                    id="button-addon2"
-                  >Add</button>
-                </div>
-              </div>
-            </div>
-          </section>
-          <div>
-            <button
-              @click="save_config"
-              v-bind:disabled="loading"
-              class="btn btn-secondary"
-              type="button"
-            >Save</button>
-            <span
-              v-if="save_config_message"
-              v-bind:class="{ 'text-success': ok, 'text-danged': !ok }"
-            >{{save_config_message}}</span>
-          </div>
-        </div>
-        <div class="col-md-8 order-md-1" id="options_app">
-          <h2>VPN Options</h2>
-          <section class="my-3">
-            <div class="form-group">
-              <label>Name the vpn server</label>
-              <input
-                type="text"
-                class="form-control"
-                placeholder="server name"
-                v-model="extra_args.server_name"
-              />
-            </div>
-            <label>MacOS/iOS IPsec clients to enable Connect On Demand:</label>
-            <div class="form-check">
-              <label
-                title="MacOS/iOS IPsec clients to enable Connect On Demand when connected to cellular
-                            networks?"
-              >
-                <input
-                  class="form-check-input"
-                  type="checkbox"
-                  name="ondemand_cellular"
-                  v-model="extra_args.ondemand_cellular"
-                />
-                when connected to cellular networks
-              </label>
-            </div>
-            <div class="form-check">
-              <label
-                title="MacOS/iOS IPsec clients to enable Connect On Demand when connected to Wi-Fi?"
-              >
-                <input
-                  class="form-check-input"
-                  type="checkbox"
-                  name="ondemand_wifi"
-                  v-model="extra_args.ondemand_wifi"
-                />
-                when connected to WiFi
-              </label>
-            </div>
-
-            <div class="form-group">
-              <label for="id_ondemand_wifi_exclude">Trusted Wi-Fi networks</label>
-              <input
-                type="text"
-                class="form-control"
-                id="id_ondemand_wifi_exclude"
-                name="ondemand_wifi_exclude"
-                placeholder="HomeNet,OfficeWifi,AlgoWiFi"
-                v-model="extra_args.ondemand_wifi_exclude"
-              />
-              <small class="form-text text-muted">
-                List the names of any trusted Wi-Fi networks where
-                macOS/iOS
-                IPsec clients should not use "Connect On Demand"
-                (e.g., your home network. Comma-separated value, e.g.,
-                HomeNet,OfficeWifi,AlgoWiFi)
-              </small>
-            </div>
-            <label>Retain the PKI</label>
-            <div class="form-check">
-              <label>
-                <input
-                  class="form-check-input"
-                  type="checkbox"
-                  name="store_pki"
-                  v-model="extra_args.store_pki"
-                />
-                Do you want to retain the keys (PKI)?
-                <small
-                  class="form-text text-muted"
-                >
-                  required to add users in the future, but less
-                  secure
-                </small>
-              </label>
-            </div>
-            <label>DNS adblocking</label>
-            <div class="form-check">
-              <label>
-                <input
-                  class="form-check-input"
-                  type="checkbox"
-                  name="dns_adblocking"
-                  v-model="extra_args.dns_adblocking"
-                />
-                Enable DNS ad blocking on this VPN server
-              </label>
-            </div>
-            <label>SSH tunneling</label>
-            <div class="form-check">
-              <label>
-                <input
-                  class="form-check-input"
-                  type="checkbox"
-                  name="ssh_tunneling"
-                  v-model="extra_args.ssh_tunneling"
-                />
-                Each user will have their own account for SSH tunneling
-              </label>
-            </div>
-          </section>
-        </div>
-      </div>
-      <hr class="my-3" />
-      <section class="my-3" id="provider_app">
-        <h2>Select cloud provider</h2>
-        <div class="row">
-          <div class="col-4">
-            <ul class="nav flex-column nav-pills">
-              <li class="nav-item" v-for="provider in providers_map">
-                <a
-                  class="nav-link"
-                  href="#"
-                  v-bind:class="{ active: provider.alias === extra_args.provider }"
-                  @click="set_provider(provider.alias)"
-                >{{provider.name}}</a>
-              </li>
-            </ul>
-          </div>
-          <div class="col-8">
-            <div class="my-3" v-if="extra_args.provider === 'digitalocean'">
-              <h4>Digital Ocean Options</h4>
-              <div class="form-group">
-                <label for="id_do_token">
-                  Enter your API token. The token must have read and write permissions
-                  (https://cloud.digitalocean.com/settings/api/tokens):
-                </label>
-                <input
-                  type="text"
-                  class="form-control"
-                  id="id_do_token"
-                  name="do_token"
-                  v-model="extra_args.do_token"
-                  @blur="load_do_regions"
-                />
-              </div>
-              <div class="form-group">
-                <label
-                  v-if="do_regions.length > 0"
-                  for="id_region"
-                >What region should the server be located in?</label>
-                <label
-                  v-if="do_regions.length === 0"
-                  for="id_region"
-                >Please enter API key above to select region</label>
-                <label v-if="do_region_loading" for="id_region">Loading regions...</label>
-                <select
-                  name="region"
-                  id="id_region"
-                  class="form-control"
-                  v-model="extra_args.region"
-                  v-bind:disabled="do_region_loading"
-                >
-                  <option value disabled>Select region</option>
-                  <option
-                    v-for="(region, index) in do_regions"
-                    v-bind:value="region.slug"
-                  >{{region.name}}</option>
-                </select>
-              </div>
-            </div>
-          </div>
-        </div>
-      </section>
-    </div>
-  </div>
-  <footer class="footer mt-auto py-3" id="status_app">
-    <div
-      class="backdrop d-flex flex-column align-items-center justify-content-center"
-      v-if="show_backdrop"
-    >
-      <span class="spinner-border" role="status" aria-hidden="true"></span>
-    </div>
-    <div class="container">
-      <div v-if="!status || status === 'cancelled'">
-        <pre class="console">{{cli_preview}}</pre>
-        <button @click="run" class="btn btn-primary" type="button">Install</button>
-      </div>
-      <div v-if="status === 'running'">
-        <pre class="console">{{program.join(' ')}}</pre>
-        <button class="btn btn-danger" type="button" @click="stop">Stop</button>
-        <button class="btn btn-primary" type="button" disabled>
-          <span class="spinner-border spinner-border-sm" role="status" aria-hidden="true"></span>
-          Running...
-        </button>
-      </div>
-      <div v-if="status === 'done'">
-        <pre class="console">{{program.join(' ')}}</pre>
-        <div v-if="is_success" class="text-success">Done!</div>
-        <div v-else class="text-danger">Failed!</div>
-      </div>
-    </div>
-  </footer>
-</template>
-
-<script>
-
-var vpn_options_extra_args = {
-  server_name: "algo",
-  ondemand_cellular: false,
-  ondemand_wifi: false,
-  dns_adblocking: false,
-  ssh_tunneling: false,
-  store_pki: false,
-  ondemand_wifi_exclude: ""
-};
-
-new Vue({
-  el: "#options_app",
-  data: {
-    extra_args: vpn_options_extra_args
-  }
-});
-
-var provider_extra_args = {
-  provider: null
-};
-
-new Vue({
-  el: "#provider_app",
-  data: {
-    loading: false,
-    do_region_loading: false,
-    do_regions: [],
-    extra_args: provider_extra_args,
-    providers_map: [
-      { name: "DigitalOcean", alias: "digitalocean" },
-      { name: "Amazon Lightsail", alias: "lightsail" },
-      { name: "Amazon EC2", alias: "ec2" },
-      { name: "Microsoft Azure", alias: "azure" },
-      { name: "Google Compute Engine", alias: "gce" },
-      { name: "Hetzner Cloud", alias: "hetzner" },
-      { name: "Vultr", alias: "vultr" },
-      { name: "Scaleway", alias: "scaleway" },
-      { name: "OpenStack (DreamCompute optimised)", alias: "openstack" },
-      { name: "CloudStack (Exoscale optimised)", alias: "cloudstack" },
-      {
-        name: "Install to existing Ubuntu 18.04 or 19.04 server (Advanced)",
-        alias: "local"
-      }
-    ]
-  },
-  methods: {
-    set_provider(provider) {
-      this.extra_args.provider = provider;
-    },
-    load_do_regions: function() {
-      if (
-        this.extra_args.provider === "digitalocean" &&
-        this.extra_args.do_token
-      ) {
-        this.loading = true;
-        this.do_region_loading = true;
-        fetch("/do/regions", {
-          method: "POST",
-          headers: {
-            "Content-Type": "application/json"
-          },
-          body: JSON.stringify({ token: this.extra_args.do_token })
-        })
-          .then(r => r.json())
-          .then(r => {
-            this.do_regions = r.regions;
-          })
-          .finally(() => {
-            this.loading = false;
-            this.do_region_loading = false;
-          });
-      }
-    }
-  }
-});
-
-new Vue({
-  el: "#status_app",
-  data: {
-    status: null,
-    program: null,
-    result: null,
-    error: null,
-    // shared data, do not write there
-    vpn_options_extra_args,
-    provider_extra_args
-  },
-  created() {
-    this.loop = setInterval(this.get_status, 1000);
-  },
-  computed: {
-    extra_args() {
-      return Object.assign(
-        {},
-        this.vpn_options_extra_args,
-        this.provider_extra_args
-      );
-    },
-    cli_preview() {
-      var args = "";
-      for (arg in this.extra_args) {
-        args += `${arg}=${this.extra_args[arg]} `;
-      }
-      return `ansible-playbook main.yml --extra-vars ${args}`;
-    },
-    show_backdrop() {
-      return this.status === "running";
-    },
-    is_success() {
-      return this.result === 0;
-    }
-  },
-  watch: {
-    status: function() {
-      if (this.status === "done") {
-        clearInterval(this.loop);
-      }
-    }
-  },
-  methods: {
-    run() {
-      fetch("/playbook", {
-        method: "POST",
-        body: JSON.stringify(this.extra_args),
-        headers: {
-          "Content-Type": "application/json"
-        }
-      });
-    },
-    stop() {
-      fetch("/playbook", {
-        method: "DELETE"
-      });
-    },
-    get_status() {
-      fetch("/playbook")
-        .then(r => r.json())
-        .then(status => {
-          this.status = status.status;
-          this.program = status.program;
-          this.result = status.result;
-        })
-        .catch(err => {
-          alert("Server error");
-          clearInterval(this.loop);
-        });
-    }
-  }
-});
-</script>
-
-<style scoped>
-.console {
-  background: black;
-  color: white;
-  padding: 4px;
-  border-radius: 2px;
-  white-space: pre-line;
-  padding-left: 2em;
-  position: relative;
-}
-.console::before {
-  content: "$";
-  position: absolute;
-  left: 1em;
-}
-.backdrop {
-  position: fixed;
-  background: white;
-  opacity: 0.6;
-  top: 0;
-  bottom: 0;
-  left: 0;
-  right: 0;
-  z-index: 100;
-  pointer-events: none;
-}
-.footer .container {
-  position: relative;
-  z-index: 101;
-}
-</style>
diff --git a/app/static/command-preview.vue b/app/static/command-preview.vue
index 2177bbdb6..c3a2a0c98 100644
--- a/app/static/command-preview.vue
+++ b/app/static/command-preview.vue
@@ -1,9 +1,5 @@
 <template>
   <div class="row">
-    <h2 class="col-12">
-      <button type="button" class="btn btn-secondary back-button" v-on:click="$emit('back')"><</button>
-      🧐 Review and Start!
-    </h2>
     <section class="my-3">
       <pre class="code"><code>
         {{cli_preview}}
@@ -28,11 +24,6 @@ module.exports = {
 }
 </script>
 <style scoped>
-  .back-button {
-    position: absolute;
-    border-radius: 50%;
-    left: -2em;
-  }
   .code {
     white-space: normal;
     background: black;
diff --git a/app/static/index.html b/app/static/index.html
index fbd2e54d7..5e7c03c86 100644
--- a/app/static/index.html
+++ b/app/static/index.html
@@ -4,6 +4,7 @@
 <head>
   <title>Algo VPN</title>
   <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
   <script src="https://cdn.jsdelivr.net/npm/http-vue-loader@1.4.2/src/httpVueLoader.js"
     integrity="sha256-aOeVxnlZDaiJOHsqNWVOMNsKdiGxgT8kbLp1p1Rv2sc=" crossorigin="anonymous"></script>
   <script src="https://cdn.jsdelivr.net/npm/vue@2.6.11/dist/vue.js"
@@ -17,12 +18,52 @@
     .fade-enter, .fade-leave-to /* .fade-leave-active below version 2.1.8 */ {
       opacity: 0;
     }
+    .back-button {
+      position: absolute;
+      border-radius: 50%;
+      left: 1em;
+      top: 0.5em;
+    }
+    .spin {
+      animation-name: spin;
+      animation-duration: 5000ms;
+      animation-iteration-count: infinite;
+      animation-delay: 5s;
+      animation-timing-function: linear;
+      display: inline-block;
+    }
+    @keyframes spin {
+      from {
+        transform:rotate(0deg);
+      }
+      to {
+        transform:rotate(360deg);
+      }
+    }
   </style>
 </head>
 
 <body class="d-flex flex-column h-100">
   <div class="container" id="algo">
-    <h1 class="mb-5 text-center">{{ title }}</h1>
+      <h1 class="mb-5 text-center" v-if="step === 'setup'">Algo VPN Setup</h1>
+      <h1 class="mb-5 text-center" v-if="step === 'provider'">
+        <button type="button" class="btn btn-secondary back-button" v-on:click="step = 'setup'">←</button>
+        <span>☁ Cloud Provider Setup</span>
+      </h1>
+      <h1 class="mb-5 text-center" v-if="step === 'command'">
+        <button type="button" class="btn btn-secondary back-button" v-on:click="step = 'provider'">←</button>
+        🧐 Review and Start!
+      </h1>
+      <h1 class="mb-5 text-center" v-if="step === 'status-running'">
+        <span class="spin">🙂</span> Please be patient
+      </h1>
+      <h1 class="mb-5 text-center" v-if="step === 'status-error'">
+        😢 Set up failed
+      </h1>
+      <h1 class="mb-5 text-center" v-if="step === 'status-done'">
+         🥳 Congratulations! Your Algo server is running.
+      </h1>
+    </h1>
     <transition name="fade">
       <div class="row" v-if="step == 'setup'">
         <user-config class="col-md-4 order-md-2 mb-4"></user-config>
@@ -34,22 +75,33 @@ <h1 class="mb-5 text-center">{{ title }}</h1>
     <transition name="fade">
       <provider-setup v-if="step == 'provider'"
                       v-bind:extra_args="extra_args"
-                      v-on:submit="step = 'command'"
-                      v-on:back="step = 'setup'">
+                      v-on:submit="step = 'command'">
       </provider-setup>
     </transition>
     <transition name="fade">
       <command-preview v-if="step == 'command'"
                       v-bind:extra_args="extra_args"
-                      v-on:submit="start(); step = 'running';"
-                      v-on:back="step = 'provider'">
+                      v-on:submit="start(); step = 'status-running';">
       </command-preview>
     </transition>
     <transition name="fade">
-      <status-running v-if="step == 'running'"
-                       v-on:submit="stop(); step = 'setup';">
+      <status-running v-if="step == 'status-running'"
+                      v-on:submit="stop(); step = 'setup';"
+                      v-on:done="step = 'status-done'"
+                      v-on:error="step = 'status-error'"
+                      v-on:cancelled="step = 'setup'">
       </status-running>
     </transition>
+    <transition name="fade">
+      <section v-if="step == 'status-error'" class="text-center">
+        <p>Now it’s time to inspect console output</p>
+        <p>Restart console process to try again</p>
+      </section>
+    </transition>
+    <transition name="fade">
+      <status-done v-if="step == 'status-done'">
+      </status-done>
+    </transition>
   </div>
 
   <script>
@@ -68,24 +120,23 @@ <h1 class="mb-5 text-center">{{ title }}</h1>
           ondemand_wifi_exclude: []
         }
       },
-      computed: {
-        title() {
-          return 'Algo VPN Setup';
-        }
-      },
       components: {
         'user-config': window.httpVueLoader('/static/user-config.vue'),
         'vpn-setup': window.httpVueLoader('/static/vpn-setup.vue'),
         'provider-setup': window.httpVueLoader('/static/provider-setup.vue'),
         'command-preview': window.httpVueLoader('/static/command-preview.vue'),
         'status-running': window.httpVueLoader('/static/status-running.vue'),
+        'status-done': window.httpVueLoader('/static/status-done.vue'),
       },
       created() {
         fetch("/playbook")
           .then(r => r.json())
+          .catch(() => {
+            this.step = 'status-error';
+          })
           .then(data => {
-            if (data.status === 'running') {
-              this.step = 'running';
+            if (data.status && data.status !== 'cancelled'){
+              this.step = `status-${data.status}`;
             }
           });
       },
diff --git a/app/static/provider-do.vue b/app/static/provider-do.vue
index df007fa36..90c00dd62 100644
--- a/app/static/provider-do.vue
+++ b/app/static/provider-do.vue
@@ -39,7 +39,7 @@
             >{{region.name}}</option>
       </select>
     </div>
-    <button @click="submit" v-bind:disabled="!do_region" class="btn btn-primary" type="button">Next</button>
+    <button v-on:click="submit" v-bind:disabled="!do_region" class="btn btn-primary" type="button">Next</button>
   </div>
 </template>
 
diff --git a/app/static/provider-setup.vue b/app/static/provider-setup.vue
index cde04509e..6a2394fb3 100644
--- a/app/static/provider-setup.vue
+++ b/app/static/provider-setup.vue
@@ -1,10 +1,5 @@
 <template>
   <div class="row">
-    <h2 class="col-12">
-      <button type="button" class="btn btn-secondary back-button" v-on:click="$emit('back')"><</button>
-      <span v-if="provider">{{ provider.name }} Setup</span>
-      <span v-else>Select cloud provider</span>
-    </h2>
     <div class="col-4">
       <ul class="nav flex-column nav-pills">
         <li class="nav-item"
@@ -66,10 +61,3 @@ module.exports = {
   }
 };
 </script>
-<style scoped>
-.back-button {
-  position: absolute;
-  border-radius: 50%;
-  left: -2em;
-}
-</style>
diff --git a/app/static/status-done.vue b/app/static/status-done.vue
new file mode 100644
index 000000000..3a51e5a0e
--- /dev/null
+++ b/app/static/status-done.vue
@@ -0,0 +1,63 @@
+<template>
+  <div>
+    <section>
+      <p>Config files and certificates are in the ./configs/ directory.</p>
+      <p>Go to <a href="https://whoer.net/" target="_blank" rel="noopener noopener">https://whoer.net/</a>
+        after connecting and ensure that all your traffic passes through the VPN.</p>
+      <p>Local DNS resolver {{result.local_service_ip}}</p>
+      <p v-if="result.p12_export_password">The p12 and SSH keys password for new users is <code>{{result.p12_export_password}}</code></p>
+      <p v-if="result.CA_password">The CA key password is <code>{{result.CA_password}}</code></p>
+      <p v-if="result.ssh_access">Shell access: <code>ssh -F configs/{{result.ansible_ssh_host}}/ssh_config {{config.server_name}}</code></p>
+      <p>Read more on how to set up clients at the <a href="https://github.com/trailofbits/algo" target="_blank" rel="noopener noopener">Algo home page</a></p>
+    </section>
+    <section>
+      <h2 class="text-center">Client configuration files</h2>
+      <div v-for="user in config.users" :key="user">
+        <h3>&#128100; {{user}}</h3>
+        <div class="d-flex justify-content-between">
+          <div v-if="config.wireguard_enabled">
+            <p><strong>WireGuard</strong></p>
+            <p>
+              <img v-bind:src="`/results/${result.ansible_ssh_host}/wireguard/${user}.png`" alt="QR Code">
+            </p>
+            <p><a v-bind:href="`/results/${result.ansible_ssh_host}/wireguard/${user}.conf`">{{user}}.conf</a></p>
+            <p>iOS <a v-bind:href="`/results/${result.ansible_ssh_host}/wireguard/apple/ios/${user}.mobileconfig`"> .mobileconfig</a>,
+            Mac OS <a v-bind:href="`/results/${result.ansible_ssh_host}/wireguard/apple/macos/${user}.mobileconfig`"> .mobileconfig</a></p>
+          </div>
+          <div v-if="config.ipsec_enabled">
+            <p><strong>IPSec</strong></p>
+            <p>Apple's <a v-bind:href="`/results/${result.ansible_ssh_host}/ipsec/apple/${user}.mobileconfig`"> .mobileconfig</a></p>
+            <p>Manual configuration:
+              <a v-bind:href="`/results/${result.ansible_ssh_host}/ipsec/manual/${user}.conf`">{{user}}.conf</a>,
+              <a v-bind:href="`/results/${result.ansible_ssh_host}/ipsec/manual/${user}.p12`">{{user}}.p12</a>,
+              <a v-bind:href="`/results/${result.ansible_ssh_host}/ipsec/manual/${user}.secrets`">{{user}}.secrets</a>
+            </p>
+          </div>
+        </div>
+      </div>
+    </section>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  data: function() {
+    return {
+      result: {},
+      config: { users: [] }
+    };
+  },
+  created() {
+    fetch("/playbook")
+      .then(r => r.json())
+      .then(data => {
+        this.result = data.result;
+      });
+    fetch("/config")
+      .then(r => r.json())
+      .then(data => {
+        this.config = data;
+      });
+  }
+}
+</script>
diff --git a/app/static/status-running.vue b/app/static/status-running.vue
index 2c90599cc..2daa05c02 100644
--- a/app/static/status-running.vue
+++ b/app/static/status-running.vue
@@ -1,59 +1,47 @@
 <template>
-  <div class="row status-container">
-    <h2 class="col-12"><span class="spin">🙃</span>Please be patient</h2>
-    <section class="status-text">
-      <p>VPN set up usually takes 5-15 minutes</p>
-      <p>You can close tab and open it again</p>
-      <p>You can try to <button type="button" class="btn btn-link back-button" v-on:click="$emit('submit')">STOP</button> setup and run it again</p>
-      <p>Don’t close terminal!</p>
-    </section>
-  </div>
+  <section class="text-center">
+    <p>Set up usually takes 5-15 minutes</p>
+    <p>You can close tab and open it again</p>
+    <p>You can try to <button type="button" class="btn btn-link stop-button" v-on:click="$emit('submit')">STOP</button> setup and run it again</p>
+    <p>Don’t close terminal!</p>
+  </section>
 </template>
 
 <script>
 module.exports = {
-  props: function() {
-    // Warning: Mutable Object to edit partent props
-    extra_args: Object
+  created() {
+    const loop = () => {
+      this.check()
+      .then(() => {
+        setTimeout(loop, 5000);
+      });
+    };
+    setTimeout(loop, 5000);
   },
-  computed: {
-    cli_preview() {
-      return 'ansible-playbook main.yml --extra-vars "server_name=algo ondemand_cellular=true ondemand_wifi=true dns_adblocking=false ssh_tunneling=false store_pki=false ondemand_wifi_exclude=[] provider=digitalocean do_token=ad6b4405df208053e7b41e1c9e74b97364af1d6b902f6b6bb1d5575c52eca0c3 region=blr1"';
+  methods: {
+    check: function() {
+      return fetch("/playbook")
+        .then(r => r.json())
+        .catch(() => {
+          this.$emit('error');
+        })
+        .then(data => {
+          if (data.status && data.status === 'done') {
+            this.$emit('done');
+            throw new Error();
+          }
+          if (!data.status || data.status === 'cancelled') {
+            this.$emit('cancelled');
+            throw new Error();
+          }
+        });
     }
   }
 }
 </script>
 <style scoped>
-  .back-button {
+  .stop-button {
     color: red;
-  }
-  .status-container {
-    display: flex;
-    flex-direction: column;
-  }
-  .status-text {
-    flex: 1;
-    display: flex;
-    flex-direction: column;
-    justify-content: center;
-  }
-  .spin {
-    animation-name: spin;
-    animation-duration: 5000ms;
-    animation-iteration-count: infinite;
-    animation-timing-function: linear;
-
-    display: block;
-    animation-delay: 5s;
-    width: 1em;
-    height: 100%;
-  }
-  @keyframes spin {
-    from {
-      transform:rotate(0deg);
-    }
-    to {
-      transform:rotate(360deg);
-    }
+    text-decoration: underline;
   }
 </style>
diff --git a/app/static/user-config.vue b/app/static/user-config.vue
index 4e61f3232..c0a7a918c 100644
--- a/app/static/user-config.vue
+++ b/app/static/user-config.vue
@@ -9,7 +9,7 @@
           <button
             type="button"
             class="btn btn-secondary btn-sm float-right"
-            @click="remove_user(index)"
+            v-on:click="remove_user(index)"
           >Remove</button>
         </li>
       </ul>
@@ -25,7 +25,7 @@
           />
           <div class="input-group-append">
             <button
-              @click="add_user"
+              v-on:click="add_user"
               class="btn btn-outline-primary"
               type="button"
               id="button-addon2"
@@ -109,4 +109,4 @@ module.exports = {
     }
   }
 };
-</script>
\ No newline at end of file
+</script>
diff --git a/app/static/vpn-setup.vue b/app/static/vpn-setup.vue
index d8b27cbf1..78e0dd813 100644
--- a/app/static/vpn-setup.vue
+++ b/app/static/vpn-setup.vue
@@ -100,7 +100,6 @@
     </section>
   </div>
 </template>
-
 <script>
 module.exports = {
   // Warning: Mutable Object to edit partent props

From dd2a05a96c368bf05863347557b4da96cfbf7762 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Sat, 16 May 2020 02:16:18 +0500
Subject: [PATCH 13/39] Docker env, added save&exit step

---
 app/.dockerignore          |  6 ++++++
 app/Dockerfile             | 10 ++++++++++
 app/run.sh                 | 25 +++++++++++++++++++++++++
 app/server.py              |  7 +++++++
 app/static/index.html      | 15 ++++++++++++---
 app/static/status-done.vue |  6 ++++++
 6 files changed, 66 insertions(+), 3 deletions(-)
 create mode 100644 app/.dockerignore
 create mode 100644 app/Dockerfile
 create mode 100644 app/run.sh

diff --git a/app/.dockerignore b/app/.dockerignore
new file mode 100644
index 000000000..d34f8d444
--- /dev/null
+++ b/app/.dockerignore
@@ -0,0 +1,6 @@
+*
+!requirements.txt
+!playbook.py
+!server.py
+!run.sh
+!static
diff --git a/app/Dockerfile b/app/Dockerfile
new file mode 100644
index 000000000..f4b783063
--- /dev/null
+++ b/app/Dockerfile
@@ -0,0 +1,10 @@
+FROM algo
+ARG BUILD_PACKAGES="gcc libffi-dev linux-headers make musl-dev openssl-dev"
+COPY requirements.txt /app/requirements.txt
+RUN apk --no-cache add ${BUILD_PACKAGES} && \
+    source .env/bin/activate && \
+    python3 -m pip --no-cache-dir install -r app/requirements.txt && \
+    apk del ${BUILD_PACKAGES}
+COPY . app
+RUN chmod 0755 /algo/app/run.sh
+CMD [ "/algo/app/run.sh" ]
diff --git a/app/run.sh b/app/run.sh
new file mode 100644
index 000000000..c9c736be7
--- /dev/null
+++ b/app/run.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+set -e
+
+ALGO_DIR="/algo"
+DATA_DIR="/data"
+
+if [ -z ${VIRTUAL_ENV+x} ]
+then
+  ACTIVATE_SCRIPT="/algo/.env/bin/activate"
+  if [ -f "$ACTIVATE_SCRIPT" ]
+  then
+    # shellcheck source=/dev/null
+    source "$ACTIVATE_SCRIPT"
+  else
+    echo "$ACTIVATE_SCRIPT not found.  Did you follow documentation to install dependencies?"
+    exit 1
+  fi
+fi
+
+tr -d '\r' < "${DATA_DIR}"/config.cfg > "${ALGO_DIR}"/config.cfg
+test -d "${DATA_DIR}"/configs && rsync -qLktr --delete "${DATA_DIR}"/configs "${ALGO_DIR}"/
+python app/server.py
+rsync -qLktr --delete "${ALGO_DIR}"/configs "${DATA_DIR}"/
+exit ${retcode}
diff --git a/app/server.py b/app/server.py
index 2c2c1a84d..ad153390a 100644
--- a/app/server.py
+++ b/app/server.py
@@ -3,6 +3,7 @@
 from os.path import join, dirname
 from aiohttp import web
 import concurrent.futures
+import sys
 from playbook import PlaybookCLI
 
 
@@ -85,6 +86,12 @@ async def post_config(request):
             f.write(config)
             return web.json_response({'ok': True})
 
+@routes.post('/exit')
+async def post_exit(_):
+    if task_future and task_future.done():
+        sys.exit(0)
+    else:
+        sys.exit(1)
 
 app = web.Application()
 app.router.add_routes(routes)
diff --git a/app/static/index.html b/app/static/index.html
index 5e7c03c86..4d0d3b326 100644
--- a/app/static/index.html
+++ b/app/static/index.html
@@ -61,7 +61,10 @@ <h1 class="mb-5 text-center" v-if="step === 'status-error'">
         😢 Set up failed
       </h1>
       <h1 class="mb-5 text-center" v-if="step === 'status-done'">
-         🥳 Congratulations! Your Algo server is running.
+         🥳 Congratulations, your Algo server is running!
+      </h1>
+      <h1 class="mb-5 text-center" v-if="step === 'status-exit'">
+        Config files are saved, bye!
       </h1>
     </h1>
     <transition name="fade">
@@ -99,7 +102,8 @@ <h1 class="mb-5 text-center" v-if="step === 'status-done'">
       </section>
     </transition>
     <transition name="fade">
-      <status-done v-if="step == 'status-done'">
+      <status-done v-if="step == 'status-done'"
+                   v-on:submit="exit(); step = 'status-exit'" >
       </status-done>
     </transition>
   </div>
@@ -126,7 +130,7 @@ <h1 class="mb-5 text-center" v-if="step === 'status-done'">
         'provider-setup': window.httpVueLoader('/static/provider-setup.vue'),
         'command-preview': window.httpVueLoader('/static/command-preview.vue'),
         'status-running': window.httpVueLoader('/static/status-running.vue'),
-        'status-done': window.httpVueLoader('/static/status-done.vue'),
+        'status-done': window.httpVueLoader('/static/status-done.vue')
       },
       created() {
         fetch("/playbook")
@@ -154,6 +158,11 @@ <h1 class="mb-5 text-center" v-if="step === 'status-done'">
           fetch("/playbook", {
             method: "DELETE"
           });
+        },
+        exit() {
+            fetch("/exit", {
+              method: "POST"
+            });
         }
       }
     })
diff --git a/app/static/status-done.vue b/app/static/status-done.vue
index 3a51e5a0e..5391163e9 100644
--- a/app/static/status-done.vue
+++ b/app/static/status-done.vue
@@ -36,6 +36,12 @@
         </div>
       </div>
     </section>
+    <section>
+      <h2 class="text-center">Finish setup and save configs</h2>
+      <p class="text-center">
+        <button v-on:click="$emit('submit')" class="btn btn-primary btn-lg" type="button">Save &amp; Exit</button>
+      </p>
+    </section>
   </div>
 </template>
 

From 8156687c209f046af1e84b10bfcc552a7d612096 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Tue, 19 May 2020 01:08:17 +0500
Subject: [PATCH 14/39] Better variable gathering, fixed empty DNS IP

---
 app/playbook.py | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/app/playbook.py b/app/playbook.py
index 06eb9cf88..a361cdb4f 100644
--- a/app/playbook.py
+++ b/app/playbook.py
@@ -3,6 +3,7 @@
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
 from __future__ import (absolute_import, division, print_function)
+
 __metaclass__ = type
 
 import os
@@ -19,7 +20,6 @@
 from ansible.utils.collection_loader import set_collection_playbook_paths
 from ansible.plugins.loader import add_all_plugin_dirs
 
-
 display = Display()
 
 
@@ -187,12 +187,14 @@ def _process_block(b):
                         display.display(taskmsg)
 
         host = inventory.groups['vpn-host'].hosts[0].name
-        fact_cache = pbex._variable_manager._nonpersistent_fact_cache[host]
+        host_vars = variable_manager.get_vars()['hostvars'][host]
         return {
-            'CA_password': fact_cache['CA_password'],
-            'p12_export_password': fact_cache['p12_export_password'],
-            'algo_server_name': variable_manager.extra_vars['server_name'],
-            'ipv6_support': fact_cache['ipv6_support'],
-            'local_service_ip': variable_manager.get_vars()['hostvars'][host]['ansible_lo']['ipv4_secondaries'][0]['address'],
+            'CA_password': host_vars.get('CA_password'),
+            'p12_export_password': host_vars.get('p12_export_password'),
+            'algo_server_name': host_vars.get('server_name'),
+            'ipv6_support': host_vars.get('ipv6_support'),
+            'local_service_ip': host_vars.get('ansible_lo') and
+                                host_vars.get('ansible_lo').get('ipv4_secondaries') and
+                                host_vars.get('ansible_lo').get('ipv4_secondaries')[0]['address'],
             'ansible_ssh_host': host,
         }

From 2f9fa4ddcaacf8a29e407be5c5db1c4b392cb708 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Tue, 19 May 2020 01:31:49 +0500
Subject: [PATCH 15/39] Draft amazon lightsail provider

---
 app/static/provider-lightsail.vue | 57 +++++++++++++++++++++++++++++++
 app/static/provider-setup.vue     |  3 +-
 app/static/status-done.vue        |  2 +-
 3 files changed, 60 insertions(+), 2 deletions(-)
 create mode 100644 app/static/provider-lightsail.vue

diff --git a/app/static/provider-lightsail.vue b/app/static/provider-lightsail.vue
new file mode 100644
index 000000000..b0fd906d7
--- /dev/null
+++ b/app/static/provider-lightsail.vue
@@ -0,0 +1,57 @@
+<template>
+  <div>
+    <div class="form-group">
+      <label>
+          Enter your AWS Access Key <a href="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html" title="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html" target="_blank" rel="noreferrer noopener" class="badge bagde-pill badge-primary">?</a>
+        <br>
+          Note: Make sure to use an IAM user with an acceptable policy attached (see <a
+              href="https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md" target="_blank" rel="noreferrer noopener" >docs</a>)
+      </label>
+      <input
+          type="text"
+          class="form-control"
+          name="aws_access_key"
+          v-model="aws_access_key"
+      />
+    </div>
+    <div class="form-group">
+      <label>Enter your AWS Secret Key <a
+              href="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html" title="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html" target="_blank" rel="noreferrer noopener" class="badge bagde-pill badge-primary">?</a></label>
+      <input
+              type="password"
+              class="form-control"
+              name="aws_secret_key"
+              v-model="aws_secret_key">
+    </div>
+    <button class="btn btn-primary"
+            type="button"
+            v-on:click="submit"
+            v-bind:disabled="!is_valid">
+      Next
+    </button>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  data: function() {
+    return {
+      aws_access_key: null,
+      aws_secret_key: null
+    };
+  },
+  computed: {
+    is_valid() {
+      return this.aws_access_key && this.aws_secret_key;
+    }
+  },
+  methods: {
+    submit() {
+      this.$emit('submit', {
+        aws_access_key: this.aws_access_key,
+        aws_secret_key: this.aws_secret_key
+      });
+    }
+  }
+};
+</script>
diff --git a/app/static/provider-setup.vue b/app/static/provider-setup.vue
index 6a2394fb3..3a28cb6e9 100644
--- a/app/static/provider-setup.vue
+++ b/app/static/provider-setup.vue
@@ -57,7 +57,8 @@ module.exports = {
     }
   },
   components: {
-    'digitalocean': window.httpVueLoader('/static/provider-do.vue')
+    'digitalocean': window.httpVueLoader('/static/provider-do.vue'),
+    'lightsail': window.httpVueLoader('/static/provider-lightsail.vue')
   }
 };
 </script>
diff --git a/app/static/status-done.vue b/app/static/status-done.vue
index 5391163e9..fba4f9cbf 100644
--- a/app/static/status-done.vue
+++ b/app/static/status-done.vue
@@ -4,7 +4,7 @@
       <p>Config files and certificates are in the ./configs/ directory.</p>
       <p>Go to <a href="https://whoer.net/" target="_blank" rel="noopener noopener">https://whoer.net/</a>
         after connecting and ensure that all your traffic passes through the VPN.</p>
-      <p>Local DNS resolver {{result.local_service_ip}}</p>
+      <p v-if="result.local_service_ip">Local DNS resolver {{result.local_service_ip}}</p>
       <p v-if="result.p12_export_password">The p12 and SSH keys password for new users is <code>{{result.p12_export_password}}</code></p>
       <p v-if="result.CA_password">The CA key password is <code>{{result.CA_password}}</code></p>
       <p v-if="result.ssh_access">Shell access: <code>ssh -F configs/{{result.ansible_ssh_host}}/ssh_config {{config.server_name}}</code></p>

From dfa2990e5a5aae3aaea71317fa6b2eb5a1cee7fc Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Sat, 23 May 2020 02:20:55 +0500
Subject: [PATCH 16/39] Lightsail provided added

---
 app/server.py                     | 15 +++++++++
 app/static/provider-lightsail.vue | 54 +++++++++++++++++++++++++++++--
 2 files changed, 66 insertions(+), 3 deletions(-)

diff --git a/app/server.py b/app/server.py
index ad153390a..d4c9afeab 100644
--- a/app/server.py
+++ b/app/server.py
@@ -1,5 +1,6 @@
 import asyncio
 import yaml
+import boto3
 from os.path import join, dirname
 from aiohttp import web
 import concurrent.futures
@@ -93,6 +94,20 @@ async def post_exit(_):
     else:
         sys.exit(1)
 
+@routes.post('/lightsail_regions')
+async def post_exit(request):
+    data = await request.json()
+    client = boto3.client(
+        'lightsail',
+        aws_access_key_id=data.get('aws_access_key'),
+        aws_secret_access_key=data.get('aws_secret_key')
+    )
+    response = client.get_regions(
+        includeAvailabilityZones=False
+    )
+    return web.json_response(response)
+
+
 app = web.Application()
 app.router.add_routes(routes)
 app.add_routes([web.static('/static', join(PROJECT_ROOT, 'app', 'static'))])
diff --git a/app/static/provider-lightsail.vue b/app/static/provider-lightsail.vue
index b0fd906d7..8df377b7a 100644
--- a/app/static/provider-lightsail.vue
+++ b/app/static/provider-lightsail.vue
@@ -11,6 +11,7 @@
           type="text"
           class="form-control"
           name="aws_access_key"
+          v-on:blur="load_regions"
           v-model="aws_access_key"
       />
     </div>
@@ -21,8 +22,26 @@
               type="password"
               class="form-control"
               name="aws_secret_key"
+              v-on:blur="load_regions"
               v-model="aws_secret_key">
     </div>
+    <div class="form-group">
+      <label v-if="lightsail_regions.length === 0">Please enter Access key and Secret key to select region</label>
+      <label v-if="is_loading">Loading regions...</label>
+      <label v-if="lightsail_regions.length > 0">What region should the server be located in?</label>
+      <select name="region"
+              class="form-control"
+              v-model="region"
+              v-bind:disabled="is_region_disabled">
+          <option value disabled>Select region</option>
+          <option
+            v-for="(region, i) in lightsail_regions"
+            v-bind:key="region.displayName"
+            v-bind:value="region.name"
+            >{{region.displayName}}</option>
+      </select>
+
+    </div>
     <button class="btn btn-primary"
             type="button"
             v-on:click="submit"
@@ -37,19 +56,48 @@ module.exports = {
   data: function() {
     return {
       aws_access_key: null,
-      aws_secret_key: null
+      aws_secret_key: null,
+      region: null,
+      lightsail_regions: [],
+      is_loading: false
     };
   },
   computed: {
     is_valid() {
-      return this.aws_access_key && this.aws_secret_key;
+      return this.aws_access_key && this.aws_secret_key && this.region;
+    },
+    is_region_disabled() {
+      return !(this.aws_access_key && this.aws_secret_key) || this.is_loading;
     }
   },
   methods: {
+    load_regions() {
+      if (this.aws_access_key && this.aws_secret_key && this.lightsail_regions.length === 0) {
+        this.is_loading = true;
+        fetch('/lightsail_regions', {
+          method: 'post',
+          headers: {
+            'Content-Type': 'application/json'
+          },
+          body: JSON.stringify({
+            aws_access_key: this.aws_access_key,
+            aws_secret_key: this.aws_secret_key
+          })
+        })
+        .then(r => r.json())
+        .then(data => {
+          this.lightsail_regions = data.regions;
+        })
+        .finally(() => {
+          this.is_loading = false;
+        });
+      }
+    },
     submit() {
       this.$emit('submit', {
         aws_access_key: this.aws_access_key,
-        aws_secret_key: this.aws_secret_key
+        aws_secret_key: this.aws_secret_key,
+        region: this.region
       });
     }
   }

From 2da62f48777b48c79bd70a7b01c5c6be1fe8520f Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Mon, 25 May 2020 00:32:49 +0500
Subject: [PATCH 17/39] Added EC2 provider

---
 app/server.py                 |  11 +++
 app/static/provider-ec2.vue   | 139 ++++++++++++++++++++++++++++++++++
 app/static/provider-setup.vue |   3 +-
 3 files changed, 152 insertions(+), 1 deletion(-)
 create mode 100644 app/static/provider-ec2.vue

diff --git a/app/server.py b/app/server.py
index d4c9afeab..b2d68d9f5 100644
--- a/app/server.py
+++ b/app/server.py
@@ -107,6 +107,17 @@ async def post_exit(request):
     )
     return web.json_response(response)
 
+@routes.post('/ec2_regions')
+async def post_exit(request):
+    data = await request.json()
+    client = boto3.client(
+        'ec2',
+        aws_access_key_id=data.get('aws_access_key'),
+        aws_secret_access_key=data.get('aws_secret_key')
+    )
+    response = client.describe_regions()['Regions']
+    return web.json_response(response)
+
 
 app = web.Application()
 app.router.add_routes(routes)
diff --git a/app/static/provider-ec2.vue b/app/static/provider-ec2.vue
new file mode 100644
index 000000000..7c0d1ed49
--- /dev/null
+++ b/app/static/provider-ec2.vue
@@ -0,0 +1,139 @@
+<template>
+  <div>
+    <div class="form-group">
+      <label>
+        Enter your AWS Access Key
+        <a
+          href="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html"
+          title="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html"
+          target="_blank"
+          rel="noreferrer noopener"
+          class="badge bagde-pill badge-primary"
+          >?</a
+        >
+        <br />
+        Note: Make sure to use an IAM user with an acceptable policy attached
+        (see
+        <a
+          href="https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md"
+          target="_blank"
+          rel="noreferrer noopener"
+          >docs</a
+        >)
+      </label>
+      <input
+        type="text"
+        class="form-control"
+        name="aws_access_key"
+        v-on:blur="load_regions"
+        v-model="aws_access_key"
+      />
+    </div>
+    <div class="form-group">
+      <label
+        >Enter your AWS Secret Key
+        <a
+          href="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html"
+          title="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html"
+          target="_blank"
+          rel="noreferrer noopener"
+          class="badge bagde-pill badge-primary"
+          >?</a
+        ></label
+      >
+      <input
+        type="password"
+        class="form-control"
+        name="aws_secret_key"
+        v-on:blur="load_regions"
+        v-model="aws_secret_key"
+      />
+    </div>
+    <div class="form-group">
+      <label v-if="region_options.length === 0"
+        >Please enter Access key and Secret key to select region</label
+      >
+      <label v-if="is_loading">Loading regions...</label>
+      <label v-if="region_options.length > 0"
+        >What region should the server be located in?</label
+      >
+      <select
+        name="region"
+        class="form-control"
+        v-model="region"
+        v-bind:disabled="is_region_disabled"
+      >
+        <option value disabled>Select region</option>
+        <option
+          v-for="(region, i) in region_options"
+          v-bind:key="i"
+          v-bind:value="region.RegionName"
+          >{{ region.RegionName }}</option
+        >
+      </select>
+    </div>
+    <button
+      class="btn btn-primary"
+      type="button"
+      v-on:click="submit"
+      v-bind:disabled="!is_valid"
+    >
+      Next
+    </button>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  data: function() {
+    return {
+      // options for
+      aws_access_key: null,
+      aws_secret_key: null,
+      region: null,
+      // helper variables
+      region_options: [],
+      is_loading: false
+    };
+  },
+  computed: {
+    is_valid() {
+      return this.aws_access_key && this.aws_secret_key && this.region;
+    },
+    is_region_disabled() {
+      return !(this.aws_access_key && this.aws_secret_key) || this.is_loading;
+    }
+  },
+  methods: {
+    load_regions() {
+      if (this.aws_access_key && this.aws_secret_key && this.region_options.length === 0) {
+        this.is_loading = true;
+        fetch('/ec2_regions', {
+          method: 'post',
+          headers: {
+            'Content-Type': 'application/json'
+          },
+          body: JSON.stringify({
+            aws_access_key: this.aws_access_key,
+            aws_secret_key: this.aws_secret_key
+          })
+        })
+        .then(r => r.json())
+        .then(data => {
+          this.region_options = data;
+        })
+        .finally(() => {
+          this.is_loading = false;
+        });
+      }
+    },
+    submit() {
+      this.$emit('submit', {
+        aws_access_key: this.aws_access_key,
+        aws_secret_key: this.aws_secret_key,
+        region: this.region
+      });
+    }
+  }
+};
+</script>
diff --git a/app/static/provider-setup.vue b/app/static/provider-setup.vue
index 3a28cb6e9..a324dad77 100644
--- a/app/static/provider-setup.vue
+++ b/app/static/provider-setup.vue
@@ -58,7 +58,8 @@ module.exports = {
   },
   components: {
     'digitalocean': window.httpVueLoader('/static/provider-do.vue'),
-    'lightsail': window.httpVueLoader('/static/provider-lightsail.vue')
+    'lightsail': window.httpVueLoader('/static/provider-lightsail.vue'),
+    'ec2': window.httpVueLoader('/static/provider-ec2.vue')
   }
 };
 </script>

From 149e7dd0192e89a7784b2bbf58f9a0ee0f243fb6 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Mon, 13 Jul 2020 01:22:28 +0500
Subject: [PATCH 18/39] Draft for GCE

---
 app/server.py               | 23 +++++++++++++-
 app/static/provider-gce.vue | 63 +++++++++++++++++++++++++++++++++++++
 2 files changed, 85 insertions(+), 1 deletion(-)
 create mode 100644 app/static/provider-gce.vue

diff --git a/app/server.py b/app/server.py
index b2d68d9f5..6dba79ca7 100644
--- a/app/server.py
+++ b/app/server.py
@@ -1,12 +1,16 @@
 import asyncio
+import json
+
 import yaml
 import boto3
 from os.path import join, dirname
 from aiohttp import web
 import concurrent.futures
 import sys
-from playbook import PlaybookCLI
 
+from google.auth.transport.requests import AuthorizedSession
+from google.oauth2 import service_account
+from playbook import PlaybookCLI
 
 routes = web.RouteTableDef()
 PROJECT_ROOT = dirname(dirname(__file__))
@@ -87,6 +91,7 @@ async def post_config(request):
             f.write(config)
             return web.json_response({'ok': True})
 
+
 @routes.post('/exit')
 async def post_exit(_):
     if task_future and task_future.done():
@@ -94,6 +99,7 @@ async def post_exit(_):
     else:
         sys.exit(1)
 
+
 @routes.post('/lightsail_regions')
 async def post_exit(request):
     data = await request.json()
@@ -107,6 +113,7 @@ async def post_exit(request):
     )
     return web.json_response(response)
 
+
 @routes.post('/ec2_regions')
 async def post_exit(request):
     data = await request.json()
@@ -119,6 +126,20 @@ async def post_exit(request):
     return web.json_response(response)
 
 
+@routes.post('/gce_regions')
+async def post_exit(request):
+    #data = await request.json()
+    gce_config_file = 'configs/gce.json'  # 'data.get('gce_config_file')
+    project_id = json.loads(open(gce_config_file, 'r').read())['project_id']
+
+    response = AuthorizedSession(
+        service_account.Credentials.from_service_account_file(gce_config_file).with_scopes(
+            ['https://www.googleapis.com/auth/compute'])).get(
+        'https://www.googleapis.com/compute/v1/projects/{project_id}/regions'.format(project_id=project_id))
+
+    return web.json_response(json.loads(response.content))
+
+
 app = web.Application()
 app.router.add_routes(routes)
 app.add_routes([web.static('/static', join(PROJECT_ROOT, 'app', 'static'))])
diff --git a/app/static/provider-gce.vue b/app/static/provider-gce.vue
new file mode 100644
index 000000000..e20214211
--- /dev/null
+++ b/app/static/provider-gce.vue
@@ -0,0 +1,63 @@
+<template>
+  <div>
+    <button
+      class="btn btn-primary"
+      type="button"
+      v-on:click="submit"
+      v-bind:disabled="!is_valid"
+    >
+      Next
+    </button>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  data: function() {
+    return {
+      gce_credentials_file: null,
+      region: null,
+      // helper variables
+      region_options: [],
+      is_loading: false
+    };
+  },
+  computed: {
+    is_valid() {
+      return this.gce_credentials_file && this.region;
+    },
+    is_region_disabled() {
+      return !(this.gce_credentials_file) || this.is_loading;
+    }
+  },
+  methods: {
+    load_regions() {
+      if (this.gce_credentials_file && this.region_options.length === 0) {
+        this.is_loading = true;
+        fetch('/gce_regions', {
+          method: 'post',
+          headers: {
+            'Content-Type': 'application/json'
+          },
+          body: JSON.stringify({
+            gce_credentials_file: this.gce_credentials_file
+          })
+        })
+        .then(r => r.json())
+        .then(data => {
+          this.region_options = data;
+        })
+        .finally(() => {
+          this.is_loading = false;
+        });
+      }
+    },
+    submit() {
+      this.$emit('submit', {
+        gce_credentials_file: this.gce_credentials_file,
+        region: this.region
+      });
+    }
+  }
+};
+</script>

From 97d3fabde2aa95e5fa96518d3dfa025343ca502d Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Mon, 20 Jul 2020 03:10:21 +0500
Subject: [PATCH 19/39] Added GCE provider

---
 app/server.py                 |  45 ++++++--
 app/static/provider-gce.vue   | 196 +++++++++++++++++++++++++++++-----
 app/static/provider-setup.vue |   3 +-
 app/static/region-select.vue  |  44 ++++++++
 4 files changed, 252 insertions(+), 36 deletions(-)
 create mode 100644 app/static/region-select.vue

diff --git a/app/server.py b/app/server.py
index 6dba79ca7..f2673018d 100644
--- a/app/server.py
+++ b/app/server.py
@@ -21,7 +21,8 @@
 
 def run_playbook(data):
     global task_program
-    extra_vars = ' '.join(['{0}={1}'.format(key, data[key]) for key in data.keys()])
+    extra_vars = ' '.join(['{0}={1}'.format(key, data[key])
+                           for key in data.keys()])
     task_program = ['ansible-playbook', 'main.yml', '--extra-vars', extra_vars]
     return PlaybookCLI(task_program).run()
 
@@ -101,7 +102,7 @@ async def post_exit(_):
 
 
 @routes.post('/lightsail_regions')
-async def post_exit(request):
+async def lightsail_regions(request):
     data = await request.json()
     client = boto3.client(
         'lightsail',
@@ -115,7 +116,7 @@ async def post_exit(request):
 
 
 @routes.post('/ec2_regions')
-async def post_exit(request):
+async def ec2_regions(request):
     data = await request.json()
     client = boto3.client(
         'ec2',
@@ -126,16 +127,40 @@ async def post_exit(request):
     return web.json_response(response)
 
 
+@routes.get('/gce_config')
+async def check_gce_config(request):
+    gce_file = join(PROJECT_ROOT, 'configs', 'gce.json')
+    response = {}
+    try:
+        json.loads(open(gce_file, 'r').read())['project_id']
+        response['status'] = 'ok'
+    except IOError:
+        response['status'] = 'not_available'
+    except ValueError:
+        response['status'] = 'wrong_format'
+
+    return web.json_response(response)
+
+
 @routes.post('/gce_regions')
-async def post_exit(request):
-    #data = await request.json()
-    gce_config_file = 'configs/gce.json'  # 'data.get('gce_config_file')
-    project_id = json.loads(open(gce_config_file, 'r').read())['project_id']
+async def gce_regions(request):
+    data = await request.json()
+    gce_file_name = join(PROJECT_ROOT, 'configs', 'gce.json')
+    if data.get('project_id'):
+        # File is missing, save it. We can't get file path from browser :(
+        with open(gce_file_name, 'w') as f:
+            f.write(json.dumps(data))
+    else:
+        with open(gce_file_name, 'r') as f:
+            data = json.loads(f.read())
 
     response = AuthorizedSession(
-        service_account.Credentials.from_service_account_file(gce_config_file).with_scopes(
-            ['https://www.googleapis.com/auth/compute'])).get(
-        'https://www.googleapis.com/compute/v1/projects/{project_id}/regions'.format(project_id=project_id))
+        service_account.Credentials.from_service_account_info(
+            data).with_scopes(
+                ['https://www.googleapis.com/auth/compute'])).get(
+                'https://www.googleapis.com/compute/v1/projects/{project_id}/regions'.format(
+                    project_id=data['project_id'])
+    )
 
     return web.json_response(json.loads(response.content))
 
diff --git a/app/static/provider-gce.vue b/app/static/provider-gce.vue
index e20214211..16f9c3703 100644
--- a/app/static/provider-gce.vue
+++ b/app/static/provider-gce.vue
@@ -1,5 +1,44 @@
 <template>
   <div>
+    <div
+      class="form-group dropzone"
+      v-if="ui_needs_upload"
+      v-on:dragover.prevent="dragover_handler"
+      v-on:dragleave.prevent="dragleave_handler"
+      v-on:drop.prevent="drop_handler"
+      v-on:click="show_file_select"
+      v-bind:class="{
+        'dropzone--can-drop': ui_can_drop,
+        'dropzone--error': ui_drop_error,
+        'dropzone--success': ui_drop_success,
+      }"
+    >
+      <strong>Drag your GCE config file or click here</strong>
+      <p>
+        File <code>configs/gce.json</code> was not found. Please create it (<a
+          href="https://github.com/trailofbits/algo/blob/master/docs/cloud-gce.md"
+          target="_blank"
+          rel="noopener noreferrer"
+          >how?</a
+        >) or upload.
+      </p>
+      <p>After upload it <strong>will be saved</strong> in the configs folder.</p>
+      <div v-if="ui_drop_error" class="alert alert-warning" role="alert">
+        <strong>Error:</strong> {{ ui_drop_error }}.
+      </div>
+
+      <div v-if="ui_drop_success" class="alert alert-success" role="alert">
+        <strong>{{ ui_drop_filename }} loaded successfully</strong>
+      </div>
+    </div>
+    <input type="file" accept=".json,applciation/json" v-on:change="filechange_handler" />
+
+    <div class="form-group">
+      <region-select v-model="region" v-bind:options="ui_region_options" v-bind:loading="ui_loading_check || ui_loading_regions">
+        <label>Please specify <code>gce.json</code> credentials file to select region</label>
+      </region-select>
+    </div>
+
     <button
       class="btn btn-primary"
       type="button"
@@ -13,51 +52,158 @@
 
 <script>
 module.exports = {
-  data: function() {
+  data: function () {
     return {
+      drop_error: null,
       gce_credentials_file: null,
       region: null,
       // helper variables
-      region_options: [],
-      is_loading: false
+      ui_can_drop: false,
+      ui_drop_error: null,
+      ui_drop_success: null,
+      ui_drop_filename: null,
+      ui_needs_upload: null,
+      ui_loading_regions: false,
+      ui_loading_check: false,
+      ui_region_options: []
     };
   },
+  created: function() {
+    this.check_config();
+  },
   computed: {
     is_valid() {
       return this.gce_credentials_file && this.region;
-    },
-    is_region_disabled() {
-      return !(this.gce_credentials_file) || this.is_loading;
     }
   },
   methods: {
-    load_regions() {
-      if (this.gce_credentials_file && this.region_options.length === 0) {
-        this.is_loading = true;
-        fetch('/gce_regions', {
-          method: 'post',
-          headers: {
-            'Content-Type': 'application/json'
-          },
-          body: JSON.stringify({
-            gce_credentials_file: this.gce_credentials_file
-          })
-        })
+    show_file_select(e) {
+      if (e.target.tagName === 'A') {
+        return;
+      }
+      const input = this.$el.querySelector(['input[type=file]']);
+      const event = new MouseEvent('click', {
+        'view': window,
+        'bubbles': true,
+        'cancelable': true
+      });
+      input.dispatchEvent(event);
+    },
+    dragover_handler(e) {
+      this.ui_can_drop = true;
+      this.ui_drop_success = false;
+      this.ui_drop_error = false;
+      this.ui_drop_filename = null;
+    },
+    dragleave_handler() {
+      this.ui_can_drop = false;
+    },
+    drop_handler(e) {
+      try {
+        const droppedFiles = e.dataTransfer.files;
+        if (droppedFiles.length !== 1) {
+          this.ui_drop_error = 'Please upload GCE config as single file';
+        }
+        this.read_file(droppedFiles[0]);
+      } catch (e) {
+        this.ui_drop_error = 'Unhandled error while trying to read GCE config';
+      }
+    },
+    filechange_handler(e) {
+      if (e.target.files.length) {
+        this.read_file(e.target.files[0]);
+      }
+    },
+    read_file(file) {
+        if (file.type !== 'application/json') {
+          this.ui_drop_error = 'Incorrect file type';
+        }
+        const reader = new FileReader();
+        reader.onload =  e => {
+          let gce_config_content = null;
+          try {
+            gce_config_content = JSON.parse(e.target.result);
+            this.ui_drop_success = true;
+            this.ui_drop_filename = file.name;
+            this.gce_credentials_file = 'configs/gce.json';
+          } catch (e) {
+            this.ui_drop_error = 'JSON format error';
+          }
+          gce_config_content && this.load_regions(gce_config_content);
+        }
+        reader.onerror =  e => {
+          this.ui_drop_error = 'Error while reading file';
+        }
+        reader.readAsText(file);
+      
+    },
+    check_config() {
+      this.ui_loading_check = true;
+      fetch("/gce_config")
         .then(r => r.json())
-        .then(data => {
-          this.region_options = data;
+        .then(response => {
+          if (response.status === 'ok') {
+            this.gce_credentials_file = 'configs/gce.json';
+            this.load_regions();
+            this.ui_needs_upload = false;
+          } else {
+            this.ui_needs_upload = true;
+          }
         })
         .finally(() => {
-          this.is_loading = false;
+          this.ui_loading_check = false;
         });
+    },
+    load_regions(gce_config_content) {
+      if (this.gce_credentials_file && this.ui_region_options.length === 0) {
+        this.ui_loading_regions = true;
+        fetch("/gce_regions", {
+          method: "post",
+          headers: {
+            "Content-Type": "application/json",
+          },
+          body: gce_config_content ? JSON.stringify(gce_config_content) : '{}',
+        })
+          .then((r) => r.json())
+          .then((data) => {
+            this.ui_region_options = data.items.map(i => ({
+              value: i.name,
+              key: i.name
+            }));
+          })
+          .finally(() => {
+            this.ui_loading_regions = false;
+          });
       }
     },
     submit() {
-      this.$emit('submit', {
+      this.$emit("submit", {
         gce_credentials_file: this.gce_credentials_file,
-        region: this.region
+        region: this.region,
       });
-    }
-  }
+    },
+  },
+  components: {
+    "region-select": window.httpVueLoader("/static/region-select.vue"),
+  },
 };
 </script>
+<style scoped>
+.dropzone {
+  padding: 2em;
+  border: 5px dotted #ccc;
+  cursor: pointer;
+}
+input[type=file] {
+  visibility: hidden;
+}
+.dropzone--can-drop {
+  border-color: var(--blue);
+}
+.dropzone--error {
+  border-color: var(--red);
+}
+.dropzone--success {
+  border-color: var(--green);
+}
+</style>
diff --git a/app/static/provider-setup.vue b/app/static/provider-setup.vue
index a324dad77..643a61cdf 100644
--- a/app/static/provider-setup.vue
+++ b/app/static/provider-setup.vue
@@ -59,7 +59,8 @@ module.exports = {
   components: {
     'digitalocean': window.httpVueLoader('/static/provider-do.vue'),
     'lightsail': window.httpVueLoader('/static/provider-lightsail.vue'),
-    'ec2': window.httpVueLoader('/static/provider-ec2.vue')
+    'ec2': window.httpVueLoader('/static/provider-ec2.vue'),
+    'gce': window.httpVueLoader('/static/provider-gce.vue')
   }
 };
 </script>
diff --git a/app/static/region-select.vue b/app/static/region-select.vue
new file mode 100644
index 000000000..ce2ea8247
--- /dev/null
+++ b/app/static/region-select.vue
@@ -0,0 +1,44 @@
+<template>
+  <div class="form-group">
+    <label v-if="ui_show_slot"><slot></slot></label>
+    <label v-if="ui_show_loading">Loading regions...</label>
+    <label v-if="ui_show_select_prompt"
+      >What region should the server be located in?</label
+    >
+    <select
+      name="region"
+      class="form-control"
+      v-bind:value="value"
+      v-bind:disabled="ui_disabled"
+      v-on:input="$emit('input', $event.target.value)"
+    >
+      <option value disabled>Select region</option>
+      <option
+        v-for="(region, i) in options"
+        v-bind:key="i"
+        v-bind:value="region.key"
+        >{{ region.value }}</option
+      >
+    </select>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  props: ["value", "options", "loading"],
+  computed: {
+      ui_disabled: function() {
+          return !this.options.length || this.loading;
+      },
+      ui_show_slot: function() {
+          return !this.loading && !this.options.length
+      },
+      ui_show_loading: function() {
+          return this.loading;
+      },
+      ui_show_select_prompt: function() {
+          return this.options.length > 0;
+      }
+  }
+};
+</script>

From 97a931d3d84ae0b65831be3126173410b7abaa2a Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Sat, 8 Aug 2020 01:38:12 +0500
Subject: [PATCH 20/39] Added Vultr provider

---
 app/server.py                 |  31 +++++++++-
 app/static/provider-setup.vue |   3 +-
 app/static/provider-vultr.vue | 103 ++++++++++++++++++++++++++++++++++
 3 files changed, 134 insertions(+), 3 deletions(-)
 create mode 100644 app/static/provider-vultr.vue

diff --git a/app/server.py b/app/server.py
index f2673018d..b4c1eb5dd 100644
--- a/app/server.py
+++ b/app/server.py
@@ -3,10 +3,11 @@
 
 import yaml
 import boto3
-from os.path import join, dirname
-from aiohttp import web
+from os.path import join, dirname, expanduser
+from aiohttp import web, ClientSession
 import concurrent.futures
 import sys
+import os
 
 from google.auth.transport.requests import AuthorizedSession
 from google.oauth2 import service_account
@@ -165,6 +166,32 @@ async def gce_regions(request):
     return web.json_response(json.loads(response.content))
 
 
+@routes.get('/vultr_config')
+async def check_vultr_config(request):
+    default_path = expanduser(join('~', '.vultr.ini'))
+    response = {'path': None}
+    try:
+        open(default_path, 'r').read()
+        response['path'] = default_path
+    except IOError:
+        pass
+
+    if 'VULTR_API_CONFIG' in os.environ:
+        try:
+            open(os.environ['VULTR_API_CONFIG'], 'r').read()
+            response['path'] = os.environ['VULTR_API_CONFIG']
+        except IOError:
+            pass
+    return web.json_response(response)
+
+
+@routes.get('/vultr_regions')
+async def vultr_regions(request):
+    async with ClientSession() as session:
+        async with session.get('https://api.vultr.com/v1/regions/list') as r:
+            json_body = await r.json()
+            return web.json_response(json_body)
+
 app = web.Application()
 app.router.add_routes(routes)
 app.add_routes([web.static('/static', join(PROJECT_ROOT, 'app', 'static'))])
diff --git a/app/static/provider-setup.vue b/app/static/provider-setup.vue
index 643a61cdf..e7fb41cae 100644
--- a/app/static/provider-setup.vue
+++ b/app/static/provider-setup.vue
@@ -60,7 +60,8 @@ module.exports = {
     'digitalocean': window.httpVueLoader('/static/provider-do.vue'),
     'lightsail': window.httpVueLoader('/static/provider-lightsail.vue'),
     'ec2': window.httpVueLoader('/static/provider-ec2.vue'),
-    'gce': window.httpVueLoader('/static/provider-gce.vue')
+    'gce': window.httpVueLoader('/static/provider-gce.vue'),
+    'vultr': window.httpVueLoader('/static/provider-vultr.vue')
   }
 };
 </script>
diff --git a/app/static/provider-vultr.vue b/app/static/provider-vultr.vue
new file mode 100644
index 000000000..cb062c752
--- /dev/null
+++ b/app/static/provider-vultr.vue
@@ -0,0 +1,103 @@
+<template>
+  <div>
+
+    <div class="form-group">
+      <label
+        >Enter the local path to your configuration INI file
+        <a
+          href="https://trailofbits.github.io/algo/cloud-vultr.html"
+          title="https://trailofbits.github.io/algo/cloud-vultr.html"
+          target="_blank"
+          rel="noreferrer noopener"
+          class="badge bagde-pill badge-primary"
+          >?</a
+        ></label
+      >
+      <input
+        type="text"
+        class="form-control"
+        name="vultr_config"
+        v-bind:disabled="ui_loading_check"
+        v-model="vultr_config"
+      />
+    </div>
+
+    <div class="form-group">
+      <region-select v-model="region"
+        v-bind:options="ui_region_options"
+        v-bind:loading="ui_loading_check || ui_loading_regions">
+      </region-select>
+    </div>
+
+    <button
+      class="btn btn-primary"
+      type="button"
+      v-on:click="submit"
+      v-bind:disabled="!is_valid"
+    >
+      Next
+    </button>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  data: function () {
+    return {
+      vultr_config: null,
+      region: null,
+      // helper variables
+      ui_loading_check: false,
+      ui_loading_regions: false,
+      ui_region_options: []
+    };
+  },
+  created: function() {
+    this.check_config();
+    this.load_regions();
+  },
+  computed: {
+    is_valid() {
+      return this.vultr_config && this.region;
+    }
+  },
+  methods: {
+    check_config() {
+      this.ui_loading_check = true;
+      fetch("/vultr_config")
+        .then(r => r.json())
+        .then(response => {
+          if (response.path) {
+            this.vultr_config = response.path;
+          }
+        })
+        .finally(() => {
+          this.ui_loading_check = false;
+        });
+    },
+    load_regions() {
+      this.ui_loading_regions = true;
+      fetch("/vultr_regions")
+        .then((r) => r.json())
+        .then((data) => {
+          this.ui_region_options = Object.keys(data).map(k => ({
+            value: data[k].name,
+            key: data[k].name
+          }));
+        })
+        .finally(() => {
+          this.ui_loading_regions = false;
+        });
+    },
+    submit() {
+      this.$emit("submit", {
+        vultr_config: this.vultr_config,
+        region: this.region
+      });
+    },
+  },
+  components: {
+    "region-select": window.httpVueLoader("/static/region-select.vue"),
+  },
+};
+</script>
\ No newline at end of file

From 12e75333d65f9eb744007a1ef4ec947174cbb15a Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Sat, 8 Aug 2020 02:06:15 +0500
Subject: [PATCH 21/39] Added scaleway provider

---
 app/server.py                    |  6 ++
 app/static/provider-scaleway.vue | 96 ++++++++++++++++++++++++++++++++
 app/static/provider-setup.vue    |  3 +-
 3 files changed, 104 insertions(+), 1 deletion(-)
 create mode 100644 app/static/provider-scaleway.vue

diff --git a/app/server.py b/app/server.py
index b4c1eb5dd..fe6c1044e 100644
--- a/app/server.py
+++ b/app/server.py
@@ -192,6 +192,12 @@ async def vultr_regions(request):
             json_body = await r.json()
             return web.json_response(json_body)
 
+
+@routes.get('/scaleway_config')
+async def check_scaleway_config(request):
+    return web.json_response({"ok": 'SCW_TOKEN' in os.environ})
+
+
 app = web.Application()
 app.router.add_routes(routes)
 app.add_routes([web.static('/static', join(PROJECT_ROOT, 'app', 'static'))])
diff --git a/app/static/provider-scaleway.vue b/app/static/provider-scaleway.vue
new file mode 100644
index 000000000..d8fcf7360
--- /dev/null
+++ b/app/static/provider-scaleway.vue
@@ -0,0 +1,96 @@
+<template>
+  <div>
+
+    <div class="form-group">
+      <label
+        >Enter your auth token
+        <a
+          href="https://trailofbits.github.io/algo/cloud-scaleway.html"
+          title="https://trailofbits.github.io/algo/cloud-scaleway.html"
+          target="_blank"
+          rel="noreferrer noopener"
+          class="badge bagde-pill badge-primary"
+          >?</a
+        ></label
+      >
+      <input
+        type="text"
+        class="form-control"
+        name="scaleway_token"
+        v-bind:disabled="ui_loading_check || ui_token_from_env"
+        v-model="scaleway_token"
+      />
+      <p v-if="ui_token_from_env">Token was read from the environment</p>
+    </div>
+
+    <div class="form-group">
+      <region-select v-model="region" v-bind:options="ui_region_options">
+      </region-select>
+    </div>
+
+    <button
+      class="btn btn-primary"
+      type="button"
+      v-on:click="submit"
+      v-bind:disabled="!is_valid"
+    >
+      Next
+    </button>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  data: function () {
+    return {
+      scaleway_token: null,
+      region: null,
+      // helper variables
+      ui_token_from_env: false,
+      ui_loading_check: false,
+      ui_region_options: [
+        {value: 'Paris 1', key: 'par1'},
+        {value: 'Amsterdam 1', key: 'ams1'}
+      ]
+    };
+  },
+  created: function() {
+    this.check_config();
+  },
+  computed: {
+    is_valid() {
+      return this.region && (this.scaleway_token || this.ui_token_from_env);
+    }
+  },
+  methods: {
+    check_config() {
+      this.ui_loading_check = true;
+      fetch("/scaleway_config")
+        .then(r => r.json())
+        .then(response => {
+          if (response.ok) {
+            this.ui_token_from_env = true;
+          }
+        })
+        .finally(() => {
+          this.ui_loading_check = false;
+        });
+    },
+    submit() {
+      if (this.ui_token_from_env) {
+        this.$emit("submit", {
+          region: this.region
+        });
+      } else {
+        this.$emit("submit", {
+          scaleway_token: this.scaleway_token,
+          region: this.region
+        });
+      }
+    },
+  },
+  components: {
+    "region-select": window.httpVueLoader("/static/region-select.vue")
+  },
+};
+</script>
\ No newline at end of file
diff --git a/app/static/provider-setup.vue b/app/static/provider-setup.vue
index e7fb41cae..89bcf44c6 100644
--- a/app/static/provider-setup.vue
+++ b/app/static/provider-setup.vue
@@ -61,7 +61,8 @@ module.exports = {
     'lightsail': window.httpVueLoader('/static/provider-lightsail.vue'),
     'ec2': window.httpVueLoader('/static/provider-ec2.vue'),
     'gce': window.httpVueLoader('/static/provider-gce.vue'),
-    'vultr': window.httpVueLoader('/static/provider-vultr.vue')
+    'vultr': window.httpVueLoader('/static/provider-vultr.vue'),
+    'scaleway': window.httpVueLoader('/static/provider-scaleway.vue')
   }
 };
 </script>

From ca3230c0de76e7f97eb7433e0081dd998ac3e41b Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Sun, 9 Aug 2020 00:55:21 +0500
Subject: [PATCH 22/39] Improved error handling when vpn host not created

---
 app/playbook.py                  | 27 +++++++++++++++------------
 app/server.py                    |  5 ++++-
 app/static/provider-scaleway.vue |  4 +++-
 app/static/provider-vultr.vue    |  5 +++++
 4 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/app/playbook.py b/app/playbook.py
index a361cdb4f..2d4d3d02d 100644
--- a/app/playbook.py
+++ b/app/playbook.py
@@ -186,15 +186,18 @@ def _process_block(b):
 
                         display.display(taskmsg)
 
-        host = inventory.groups['vpn-host'].hosts[0].name
-        host_vars = variable_manager.get_vars()['hostvars'][host]
-        return {
-            'CA_password': host_vars.get('CA_password'),
-            'p12_export_password': host_vars.get('p12_export_password'),
-            'algo_server_name': host_vars.get('server_name'),
-            'ipv6_support': host_vars.get('ipv6_support'),
-            'local_service_ip': host_vars.get('ansible_lo') and
-                                host_vars.get('ansible_lo').get('ipv4_secondaries') and
-                                host_vars.get('ansible_lo').get('ipv4_secondaries')[0]['address'],
-            'ansible_ssh_host': host,
-        }
+        if 'vpn-host' not in inventory.groups:
+            raise ValueError('no_vpn_host')
+        else:
+            host = inventory.groups['vpn-host'].hosts[0].name
+            host_vars = variable_manager.get_vars()['hostvars'][host]
+            return {
+                'CA_password': host_vars.get('CA_password'),
+                'p12_export_password': host_vars.get('p12_export_password'),
+                'algo_server_name': host_vars.get('server_name'),
+                'ipv6_support': host_vars.get('ipv6_support'),
+                'local_service_ip': host_vars.get('ansible_lo') and
+                                    host_vars.get('ansible_lo').get('ipv4_secondaries') and
+                                    host_vars.get('ansible_lo').get('ipv4_secondaries')[0]['address'],
+                'ansible_ssh_host': host,
+            }
diff --git a/app/server.py b/app/server.py
index fe6c1044e..5eb134dbf 100644
--- a/app/server.py
+++ b/app/server.py
@@ -40,7 +40,10 @@ async def playbook_get_handler(request):
         return web.json_response({'status': None})
 
     if task_future.done():
-        return web.json_response({'status': 'done', 'program': task_program, 'result': task_future.result()})
+        try:
+            return web.json_response({'status': 'done', 'program': task_program, 'result': task_future.result()})
+        except ValueError as e:
+            return web.json_response({'status': 'error', 'program': task_program, 'result': str(e)})
     elif task_future.cancelled():
         return web.json_response({'status': 'cancelled', 'program': task_program})
     else:
diff --git a/app/static/provider-scaleway.vue b/app/static/provider-scaleway.vue
index d8fcf7360..d53f65df2 100644
--- a/app/static/provider-scaleway.vue
+++ b/app/static/provider-scaleway.vue
@@ -20,7 +20,9 @@
         v-bind:disabled="ui_loading_check || ui_token_from_env"
         v-model="scaleway_token"
       />
-      <p v-if="ui_token_from_env">Token was read from the environment</p>
+      <div v-if="ui_token_from_env" class="form-text alert alert-success" role="alert">
+        Token was read from the environment variable
+      </div>
     </div>
 
     <div class="form-group">
diff --git a/app/static/provider-vultr.vue b/app/static/provider-vultr.vue
index cb062c752..2d156db0f 100644
--- a/app/static/provider-vultr.vue
+++ b/app/static/provider-vultr.vue
@@ -20,6 +20,9 @@
         v-bind:disabled="ui_loading_check"
         v-model="vultr_config"
       />
+      <div v-if="ui_token_from_env" class="form-text alert alert-success" role="alert">
+        Configuration file was found in your system. You still can change the path to it
+      </div>
     </div>
 
     <div class="form-group">
@@ -47,6 +50,7 @@ module.exports = {
       vultr_config: null,
       region: null,
       // helper variables
+      ui_token_from_env: false,
       ui_loading_check: false,
       ui_loading_regions: false,
       ui_region_options: []
@@ -69,6 +73,7 @@ module.exports = {
         .then(response => {
           if (response.path) {
             this.vultr_config = response.path;
+            this.ui_token_from_env = true;
           }
         })
         .finally(() => {

From 80f04de3ec69fc980d6446991d78b81db3758a7d Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Wed, 28 Oct 2020 00:54:45 +0500
Subject: [PATCH 23/39] Updated DigitalOcean UX, proxied requests to it

---
 app/server.py                 |  56 ++++++++++++---
 app/static/provider-do.vue    | 130 ++++++++++++++++++++++------------
 app/static/provider-vultr.vue |   2 +-
 app/static/region-select.vue  |  18 +++--
 4 files changed, 144 insertions(+), 62 deletions(-)

diff --git a/app/server.py b/app/server.py
index 5eb134dbf..be1a5d40b 100644
--- a/app/server.py
+++ b/app/server.py
@@ -1,18 +1,28 @@
 import asyncio
+import concurrent.futures
 import json
+import os
+import sys
+from os.path import join, dirname, expanduser
 
 import yaml
-import boto3
-from os.path import join, dirname, expanduser
 from aiohttp import web, ClientSession
-import concurrent.futures
-import sys
-import os
 
-from google.auth.transport.requests import AuthorizedSession
-from google.oauth2 import service_account
 from playbook import PlaybookCLI
 
+try:
+    import boto3
+    HAS_BOTO3 = True
+except ImportError:
+    HAS_BOTO3 = False
+
+try:
+    from google.auth.transport.requests import AuthorizedSession
+    from google.oauth2 import service_account
+    HAS_GOOGLE_LIBRARIES = True
+except ImportError:
+    HAS_GOOGLE_LIBRARIES = False
+
 routes = web.RouteTableDef()
 PROJECT_ROOT = dirname(dirname(__file__))
 pool = None
@@ -63,7 +73,7 @@ async def playbook_post_handler(request):
 
 
 @routes.delete('/playbook')
-async def playbook_delete_handler(request):
+async def playbook_delete_handler(_):
     global task_future
     if not task_future:
         return web.json_response({'ok': False})
@@ -105,6 +115,30 @@ async def post_exit(_):
         sys.exit(1)
 
 
+@routes.get('/do_config')
+async def check_do_config(_):
+    return web.json_response({"ok": 'DO_API_TOKEN' in os.environ})
+
+
+@routes.get('/do_regions')
+async def do_regions(request):
+    if 'token' in request.query:
+        token = request.query['token']
+    elif 'DO_API_TOKEN' in os.environ:
+        token = os.environ['DO_API_TOKEN']
+    else:
+        return web.json_response({'error': 'no token provided'}, status=400)
+
+    headers = {
+        'Content-Type': 'application/json',
+        'Authorization': 'Bearer {0}'.format(token),
+    }
+    async with ClientSession(headers=headers) as session:
+        async with session.get('https://api.digitalocean.com/v2/regions') as r:
+            json_body = await r.json()
+            return web.json_response(json_body, status=r.status)
+
+
 @routes.post('/lightsail_regions')
 async def lightsail_regions(request):
     data = await request.json()
@@ -132,7 +166,7 @@ async def ec2_regions(request):
 
 
 @routes.get('/gce_config')
-async def check_gce_config(request):
+async def check_gce_config(_):
     gce_file = join(PROJECT_ROOT, 'configs', 'gce.json')
     response = {}
     try:
@@ -189,7 +223,7 @@ async def check_vultr_config(request):
 
 
 @routes.get('/vultr_regions')
-async def vultr_regions(request):
+async def vultr_regions(_):
     async with ClientSession() as session:
         async with session.get('https://api.vultr.com/v1/regions/list') as r:
             json_body = await r.json()
@@ -197,7 +231,7 @@ async def vultr_regions(request):
 
 
 @routes.get('/scaleway_config')
-async def check_scaleway_config(request):
+async def check_scaleway_config(_):
     return web.json_response({"ok": 'SCW_TOKEN' in os.environ})
 
 
diff --git a/app/static/provider-do.vue b/app/static/provider-do.vue
index 90c00dd62..58de4ad47 100644
--- a/app/static/provider-do.vue
+++ b/app/static/provider-do.vue
@@ -5,41 +5,37 @@
           Enter your API token. The token must have read and write permissions
           (<a href="https://cloud.digitalocean.com/settings/api/tokens" target="_blank" rel="noopener noreferrer">https://cloud.digitalocean.com/settings/api/tokens</a>):
       </label>
-      <input
+      <div v-if="ui_token_from_env">
+        <input
+          type="password"
+          class="form-control"
+          v-bind:disabled="ui_loading_check"
+          v-bind:value="'1234567890abcdef'"
+        />
+        <div v-if="ui_token_from_env" class="form-text alert alert-success" role="alert">
+          The token was read from the environment variable
+        </div>
+      </div>
+      <div v-else>
+        <input
           type="text"
           class="form-control"
           id="id_do_token"
           name="do_token"
+          v-bind:disabled="ui_loading_check"
           v-model="do_token"
-          @blur="load_do_regions"
-      />
-    </div>
-    <div class="form-group">
-      <label
-          v-if="do_regions.length > 0"
-          for="id_region"
-      >What region should the server be located in?</label>
-      <label
-          v-if="do_regions.length === 0"
-          for="id_region"
-      >Please enter API key above to select region</label>
-      <label v-if="do_region_loading" for="id_region">Loading regions...</label>
-      <select
-          name="region"
-          id="id_region"
-          class="form-control"
-          v-model="do_region"
-          v-bind:disabled="do_region_loading"
-      >
-          <option value disabled>Select region</option>
-          <option
-            v-for="(region, i) in do_regions"
-            v-bind:key="region.slug"
-            v-bind:value="region.slug"
-            >{{region.name}}</option>
-      </select>
+          @blur="load_regions"
+        />
+      </div>
+      
     </div>
-    <button v-on:click="submit" v-bind:disabled="!do_region" class="btn btn-primary" type="button">Next</button>
+    <region-select v-model="region"
+      v-bind:options="ui_region_options"
+      v-bind:loading="ui_loading_check || ui_loading_regions"
+      v-bind:error="ui_region_error">
+    </region-select>
+    <button v-on:click="submit"
+      v-bind:disabled="!is_valid" class="btn btn-primary" type="button">Next</button>
   </div>
 </template>
 
@@ -48,34 +44,76 @@ module.exports = {
   data: function() {
     return {
       do_token: null,
-      do_region: null,
-      do_regions: [],
-      do_region_loading: false
+      region: null,
+      // helper variables
+      ui_loading_check: false,
+      ui_loading_regions: false,
+      ui_region_error: null,
+      ui_token_from_env: false,
+      ui_region_options: []
+    }
+  },
+  computed: {
+    is_valid() {
+      return (this.do_config || this.ui_token_from_env) && this.region;
     }
   },
+  created: function() {
+    this.check_config();
+  },
   methods: {
-    load_do_regions: function () {
-      this.do_region_loading = true;
-        fetch('https://api.digitalocean.com/v2/regions', {
-          headers: {
-            'Content-Type': 'application/json',
-            'Authorization': `Bearer ${this.do_token}`
+    check_config() {
+      this.ui_loading_check = true;
+      return fetch("/do_config")
+        .then(r => r.json())
+        .then(response => {
+          if (response.ok) {
+            this.ui_token_from_env = true;
+            this.load_regions();
           }
         })
-          .then(r => r.json())
-          .then(r => {
-            this.do_regions = r.regions;
+        .finally(() => {
+          this.ui_loading_check = false;
+        });
+    },
+    load_regions() {
+      if (this.ui_token_from_env || this.do_token) {
+        this.ui_loading_regions = true;
+        this.ui_region_error = null;
+        const url = this.ui_token_from_env ? "/do_regions" : "/do_regions?token=" + this.do_token;
+        fetch(url)
+          .then((r) => {
+            if (r.status === 200) {
+              return r.json();
+            }
+            throw new Error(r.status);
+          })
+          .then((data) => {
+            this.ui_region_options = data.regions.map(i => ({key: i.slug, value: i.name}));
+          })
+          .catch((err) => {
+            this.ui_region_error = err;
           })
           .finally(() => {
-            this.do_region_loading = false;
+            this.ui_loading_regions = false;
           });
+      }
     },
     submit() {
-      this.$emit('submit', {
-        do_token: this.do_token,
-        region: this.do_region
-      })
+      if (this.ui_token_from_env) {
+        this.$emit("submit", {
+          region: this.region
+        });
+      } else {
+        this.$emit("submit", {
+          do_token: this.do_token,
+          region: this.region
+        });
+      }
     }
+  },
+  components: {
+    "region-select": window.httpVueLoader("/static/region-select.vue"),
   }
 };
 </script>
diff --git a/app/static/provider-vultr.vue b/app/static/provider-vultr.vue
index 2d156db0f..8c1329b35 100644
--- a/app/static/provider-vultr.vue
+++ b/app/static/provider-vultr.vue
@@ -103,6 +103,6 @@ module.exports = {
   },
   components: {
     "region-select": window.httpVueLoader("/static/region-select.vue"),
-  },
+  }
 };
 </script>
\ No newline at end of file
diff --git a/app/static/region-select.vue b/app/static/region-select.vue
index ce2ea8247..e6e74dfc8 100644
--- a/app/static/region-select.vue
+++ b/app/static/region-select.vue
@@ -8,6 +8,7 @@
     <select
       name="region"
       class="form-control"
+      v-bind:class="{ 'is-invalid': has_error }"
       v-bind:value="value"
       v-bind:disabled="ui_disabled"
       v-on:input="$emit('input', $event.target.value)"
@@ -20,24 +21,33 @@
         >{{ region.value }}</option
       >
     </select>
+    <div v-if="has_error" class="invalid-feedback">
+      There was an error during fetching regions
+    </div>
   </div>
 </template>
 
 <script>
 module.exports = {
-  props: ["value", "options", "loading"],
+  props: ["value", "options", "loading", "error"],
   computed: {
+      has_options: function() {
+        return this.options && this.options.length;
+      },
       ui_disabled: function() {
-          return !this.options.length || this.loading;
+          return !this.has_options || this.loading;
       },
       ui_show_slot: function() {
-          return !this.loading && !this.options.length
+          return !this.loading && !this.has_options
       },
       ui_show_loading: function() {
           return this.loading;
       },
       ui_show_select_prompt: function() {
-          return this.options.length > 0;
+          return this.has_options;
+      },
+      has_error: function() {
+          return !!this.error;
       }
   }
 };

From bfd0895159b14eaadaad46ddaa4d7567a392db7f Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Wed, 28 Oct 2020 00:58:50 +0500
Subject: [PATCH 24/39] Updated playbook.py from recent ansible version

---
 app/playbook.py | 50 +++++++++++++++++++++++++++++--------------------
 1 file changed, 30 insertions(+), 20 deletions(-)

diff --git a/app/playbook.py b/app/playbook.py
index 2d4d3d02d..f99e5c0d9 100644
--- a/app/playbook.py
+++ b/app/playbook.py
@@ -3,7 +3,6 @@
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
 from __future__ import (absolute_import, division, print_function)
-
 __metaclass__ = type
 
 import os
@@ -11,15 +10,16 @@
 
 from ansible import context
 from ansible.cli import CLI
-from ansible.cli.arguments import optparse_helpers as opt_help
-from ansible.errors import AnsibleError, AnsibleOptionsError
+from ansible.cli.arguments import option_helpers as opt_help
+from ansible.errors import AnsibleError
 from ansible.executor.playbook_executor import PlaybookExecutor
 from ansible.module_utils._text import to_bytes
 from ansible.playbook.block import Block
 from ansible.utils.display import Display
-from ansible.utils.collection_loader import set_collection_playbook_paths
+from ansible.utils.collection_loader import AnsibleCollectionLoader, get_collection_name_from_path, set_collection_playbook_paths
 from ansible.plugins.loader import add_all_plugin_dirs
 
+
 display = Display()
 
 
@@ -46,25 +46,23 @@ def init_parser(self):
         opt_help.add_module_options(self.parser)
 
         # ansible playbook specific opts
-        self.parser.add_option('--list-tasks', dest='listtasks', action='store_true',
-                               help="list all tasks that would be executed")
-        self.parser.add_option('--list-tags', dest='listtags', action='store_true',
-                               help="list all available tags")
-        self.parser.add_option('--step', dest='step', action='store_true',
-                               help="one-step-at-a-time: confirm each task before running")
-        self.parser.add_option('--start-at-task', dest='start_at_task',
-                               help="start the playbook at the task matching this name")
-
-    def post_process_args(self, options, args):
-        options, args = super(PlaybookCLI, self).post_process_args(options, args)
-
-        if len(args) == 0:
-            raise AnsibleOptionsError("You must specify a playbook file to run")
+        self.parser.add_argument('--list-tasks', dest='listtasks', action='store_true',
+                                 help="list all tasks that would be executed")
+        self.parser.add_argument('--list-tags', dest='listtags', action='store_true',
+                                 help="list all available tags")
+        self.parser.add_argument('--step', dest='step', action='store_true',
+                                 help="one-step-at-a-time: confirm each task before running")
+        self.parser.add_argument('--start-at-task', dest='start_at_task',
+                                 help="start the playbook at the task matching this name")
+        self.parser.add_argument('args', help='Playbook(s)', metavar='playbook', nargs='+')
+
+    def post_process_args(self, options):
+        options = super(PlaybookCLI, self).post_process_args(options)
 
         display.verbosity = options.verbosity
-        self.validate_conflicts(options, runas_opts=True, vault_opts=True, fork_opts=True)
+        self.validate_conflicts(options, runas_opts=True, fork_opts=True)
 
-        return options, args
+        return options
 
     def run(self):
 
@@ -94,6 +92,12 @@ def run(self):
 
         set_collection_playbook_paths(b_playbook_dirs)
 
+        playbook_collection = get_collection_name_from_path(b_playbook_dirs[0])
+
+        if playbook_collection:
+            display.warning("running playbook inside collection {0}".format(playbook_collection))
+            AnsibleCollectionLoader().set_default_collection(playbook_collection)
+
         # don't deal with privilege escalation or passwords when we don't need to
         if not (context.CLIARGS['listhosts'] or context.CLIARGS['listtasks'] or
                 context.CLIARGS['listtags'] or context.CLIARGS['syntax']):
@@ -201,3 +205,9 @@ def _process_block(b):
                                     host_vars.get('ansible_lo').get('ipv4_secondaries')[0]['address'],
                 'ansible_ssh_host': host,
             }
+
+    @staticmethod
+    def _flush_cache(inventory, variable_manager):
+        for host in inventory.list_hosts():
+            hostname = host.get_name()
+            variable_manager.clear_facts(hostname)

From 16b5e55c84ecee1d787c1034d86c3ab6f82a5125 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Thu, 29 Oct 2020 22:50:44 +0500
Subject: [PATCH 25/39] Added region-select and env secrets to lightsail

---
 app/server.py                     |  27 +++--
 app/static/provider-do.vue        |  16 ++-
 app/static/provider-lightsail.vue | 157 +++++++++++++++++++-----------
 3 files changed, 128 insertions(+), 72 deletions(-)

diff --git a/app/server.py b/app/server.py
index be1a5d40b..f44e727fd 100644
--- a/app/server.py
+++ b/app/server.py
@@ -12,6 +12,7 @@
 
 try:
     import boto3
+
     HAS_BOTO3 = True
 except ImportError:
     HAS_BOTO3 = False
@@ -19,6 +20,7 @@
 try:
     from google.auth.transport.requests import AuthorizedSession
     from google.oauth2 import service_account
+
     HAS_GOOGLE_LIBRARIES = True
 except ImportError:
     HAS_GOOGLE_LIBRARIES = False
@@ -117,16 +119,14 @@ async def post_exit(_):
 
 @routes.get('/do_config')
 async def check_do_config(_):
-    return web.json_response({"ok": 'DO_API_TOKEN' in os.environ})
+    return web.json_response({'has_secret': 'DO_API_TOKEN' in os.environ})
 
 
-@routes.get('/do_regions')
+@routes.post('/do_regions')
 async def do_regions(request):
-    if 'token' in request.query:
-        token = request.query['token']
-    elif 'DO_API_TOKEN' in os.environ:
-        token = os.environ['DO_API_TOKEN']
-    else:
+    data = await request.json()
+    token = data.get('token', os.environ.get('DO_API_TOKEN'))
+    if not token:
         return web.json_response({'error': 'no token provided'}, status=400)
 
     headers = {
@@ -139,6 +139,13 @@ async def do_regions(request):
             return web.json_response(json_body, status=r.status)
 
 
+@routes.get('/aws_config')
+async def aws_config(_):
+    if not HAS_BOTO3:
+        return web.json_response({'error': 'missing_boto'}, status=400)
+    return web.json_response({'has_secret': 'AWS_ACCESS_KEY_ID' in os.environ and 'AWS_SECRET_ACCESS_KEY' in os.environ})
+
+
 @routes.post('/lightsail_regions')
 async def lightsail_regions(request):
     data = await request.json()
@@ -195,9 +202,9 @@ async def gce_regions(request):
     response = AuthorizedSession(
         service_account.Credentials.from_service_account_info(
             data).with_scopes(
-                ['https://www.googleapis.com/auth/compute'])).get(
-                'https://www.googleapis.com/compute/v1/projects/{project_id}/regions'.format(
-                    project_id=data['project_id'])
+            ['https://www.googleapis.com/auth/compute'])).get(
+        'https://www.googleapis.com/compute/v1/projects/{project_id}/regions'.format(
+            project_id=data['project_id'])
     )
 
     return web.json_response(json.loads(response.content))
diff --git a/app/static/provider-do.vue b/app/static/provider-do.vue
index 58de4ad47..ef71bd5f1 100644
--- a/app/static/provider-do.vue
+++ b/app/static/provider-do.vue
@@ -3,7 +3,7 @@
     <div class="form-group">
       <label for="id_do_token">
           Enter your API token. The token must have read and write permissions
-          (<a href="https://cloud.digitalocean.com/settings/api/tokens" target="_blank" rel="noopener noreferrer">https://cloud.digitalocean.com/settings/api/tokens</a>):
+          <a href="https://cloud.digitalocean.com/settings/api/tokens" title="https://cloud.digitalocean.com/settings/api/tokens" class="badge bagde-pill badge-primary" target="_blank" rel="noopener noreferrer">?</a>
       </label>
       <div v-if="ui_token_from_env">
         <input
@@ -67,7 +67,7 @@ module.exports = {
       return fetch("/do_config")
         .then(r => r.json())
         .then(response => {
-          if (response.ok) {
+          if (response.has_secret) {
             this.ui_token_from_env = true;
             this.load_regions();
           }
@@ -80,8 +80,16 @@ module.exports = {
       if (this.ui_token_from_env || this.do_token) {
         this.ui_loading_regions = true;
         this.ui_region_error = null;
-        const url = this.ui_token_from_env ? "/do_regions" : "/do_regions?token=" + this.do_token;
-        fetch(url)
+        const payload = this.ui_token_from_env ? {} : {
+          token: this.do_token
+        };
+        fetch("/do_regions", {
+          method: 'post',
+          headers: {
+            'Content-Type': 'application/json'
+          },
+          body: JSON.stringify(payload)
+        })
           .then((r) => {
             if (r.status === 200) {
               return r.json();
diff --git a/app/static/provider-lightsail.vue b/app/static/provider-lightsail.vue
index 8df377b7a..4ea90dcfd 100644
--- a/app/static/provider-lightsail.vue
+++ b/app/static/provider-lightsail.vue
@@ -1,47 +1,43 @@
 <template>
   <div>
-    <div class="form-group">
-      <label>
-          Enter your AWS Access Key <a href="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html" title="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html" target="_blank" rel="noreferrer noopener" class="badge bagde-pill badge-primary">?</a>
-        <br>
-          Note: Make sure to use an IAM user with an acceptable policy attached (see <a
-              href="https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md" target="_blank" rel="noreferrer noopener" >docs</a>)
-      </label>
-      <input
-          type="text"
-          class="form-control"
-          name="aws_access_key"
-          v-on:blur="load_regions"
-          v-model="aws_access_key"
-      />
+    <div v-if="ui_config_error && ui_config_error === 'missing_boto'" class="form-text alert alert-danger" role="alert">
+      Python module "boto3" is missing, please install it to proceed
     </div>
-    <div class="form-group">
-      <label>Enter your AWS Secret Key <a
-              href="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html" title="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html" target="_blank" rel="noreferrer noopener" class="badge bagde-pill badge-primary">?</a></label>
-      <input
-              type="password"
-              class="form-control"
-              name="aws_secret_key"
-              v-on:blur="load_regions"
-              v-model="aws_secret_key">
+    <div v-if="ui_env_secrets" class="form-text alert alert-success" role="alert">
+      AWS credentials were read from the environment variables
     </div>
-    <div class="form-group">
-      <label v-if="lightsail_regions.length === 0">Please enter Access key and Secret key to select region</label>
-      <label v-if="is_loading">Loading regions...</label>
-      <label v-if="lightsail_regions.length > 0">What region should the server be located in?</label>
-      <select name="region"
-              class="form-control"
-              v-model="region"
-              v-bind:disabled="is_region_disabled">
-          <option value disabled>Select region</option>
-          <option
-            v-for="(region, i) in lightsail_regions"
-            v-bind:key="region.displayName"
-            v-bind:value="region.name"
-            >{{region.displayName}}</option>
-      </select>
-
+    <div v-else>
+      <div class="form-group">  
+        <label>
+            Enter your AWS Access Key <a href="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html" title="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html" target="_blank" rel="noreferrer noopener" class="badge bagde-pill badge-primary">?</a>
+          <br>
+            Note: Make sure to use an IAM user with an acceptable policy attached (see <a
+                href="https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md" target="_blank" rel="noreferrer noopener" >docs</a>)
+        </label>
+        <input
+            type="text"
+            class="form-control"
+            name="aws_access_key"
+            v-on:blur="load_regions"
+            v-model="aws_access_key"
+        />
+      </div>
+      <div class="form-group">
+        <label>Enter your AWS Secret Key <a
+                href="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html" title="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html" target="_blank" rel="noreferrer noopener" class="badge bagde-pill badge-primary">?</a></label>
+        <input
+                type="password"
+                class="form-control"
+                name="aws_secret_key"
+                v-on:blur="load_regions"
+                v-model="aws_secret_key">
+      </div>
     </div>
+    <region-select v-model="region"
+      v-bind:options="ui_region_options"
+      v-bind:loading="ui_loading_check || ui_loading_regions"
+      v-bind:error="ui_region_error">
+    </region-select>
     <button class="btn btn-primary"
             type="button"
             v-on:click="submit"
@@ -58,48 +54,93 @@ module.exports = {
       aws_access_key: null,
       aws_secret_key: null,
       region: null,
-      lightsail_regions: [],
-      is_loading: false
+      // ui helpoer variables
+      ui_region_options: [],
+      ui_env_secrets: null,
+      ui_loading_check: false,
+      ui_loading_regions: false,
+      ui_config_error: null,
+      ui_region_error: null
     };
   },
   computed: {
-    is_valid() {
-      return this.aws_access_key && this.aws_secret_key && this.region;
+    has_secrets() {
+      return this.ui_env_secrets || (this.aws_access_key && this.aws_secret_key);
     },
-    is_region_disabled() {
-      return !(this.aws_access_key && this.aws_secret_key) || this.is_loading;
+    is_valid() {
+      return this.has_secrets && this.region;
     }
   },
+  created: function() {
+    this.check_config();
+  },
   methods: {
+    check_config() {
+      this.ui_loading_check = true;
+      fetch("/aws_config")
+        .then(r => {
+          if (r.status === 200 || r.status === 400) {
+            return r.json();
+          }
+          throw new Error(r.status);
+        })
+        .then(response => {
+          if (response.has_secret) {
+            this.ui_env_secrets = true;
+            this.load_regions();
+          } else if (response.error) {
+            this.ui_config_error = response.error;
+          }
+        })
+        .finally(() => {
+          this.ui_loading_check = false;
+        });
+    },
     load_regions() {
-      if (this.aws_access_key && this.aws_secret_key && this.lightsail_regions.length === 0) {
-        this.is_loading = true;
+      if (this.has_secrets && this.ui_region_options.length === 0) {
+        this.ui_loading_regions = true;
+        this.ui_region_error = false;
+        const payload = this.ui_env_secrets ? {} : {
+          aws_access_key: this.aws_access_key,
+          aws_secret_key: this.aws_secret_key
+        }
         fetch('/lightsail_regions', {
           method: 'post',
           headers: {
             'Content-Type': 'application/json'
           },
-          body: JSON.stringify({
-            aws_access_key: this.aws_access_key,
-            aws_secret_key: this.aws_secret_key
-          })
+          body: JSON.stringify(payload)
+        })
+        .then((r) => {
+          if (r.status === 200) {
+            return r.json();
+          }
+          throw new Error(r.status);
         })
-        .then(r => r.json())
         .then(data => {
-          this.lightsail_regions = data.regions;
+          this.ui_region_options = data.regions.map(i => ({key: i.name, value: i.displayName}));
+        })
+        .catch((err) => {
+          this.ui_region_error = err;
         })
         .finally(() => {
-          this.is_loading = false;
+          this.ui_loading_regions = false;
         });
       }
     },
     submit() {
-      this.$emit('submit', {
-        aws_access_key: this.aws_access_key,
-        aws_secret_key: this.aws_secret_key,
+      let submit_value = {
         region: this.region
-      });
+      }
+      if (!this.ui_env_secrets) {
+        submit_value['aws_access_key'] = this.aws_access_key;
+        submit_value['aws_secret_key'] = this.aws_secret_key;
+      }
+      this.$emit('submit', submit_value);
     }
+  },
+  components: {
+    "region-select": window.httpVueLoader("/static/region-select.vue"),
   }
 };
 </script>

From a8ccad9ed4a9eb295ad08af2cf9765acf0e8bc77 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Thu, 29 Oct 2020 23:00:46 +0500
Subject: [PATCH 26/39] Secrets from env for EC2 provider

---
 app/static/provider-do.vue  |  39 +++----
 app/static/provider-ec2.vue | 211 +++++++++++++++++++++---------------
 2 files changed, 137 insertions(+), 113 deletions(-)

diff --git a/app/static/provider-do.vue b/app/static/provider-do.vue
index ef71bd5f1..f34bdbd66 100644
--- a/app/static/provider-do.vue
+++ b/app/static/provider-do.vue
@@ -1,33 +1,24 @@
 <template>
   <div>
-    <div class="form-group">
+    <div v-if="ui_token_from_env">
+      <div v-if="ui_token_from_env" class="form-text alert alert-success" role="alert">
+        The token was read from the environment variable
+      </div>
+    </div>
+    <div class="form-group" v-else>
       <label for="id_do_token">
           Enter your API token. The token must have read and write permissions
           <a href="https://cloud.digitalocean.com/settings/api/tokens" title="https://cloud.digitalocean.com/settings/api/tokens" class="badge bagde-pill badge-primary" target="_blank" rel="noopener noreferrer">?</a>
       </label>
-      <div v-if="ui_token_from_env">
-        <input
-          type="password"
-          class="form-control"
-          v-bind:disabled="ui_loading_check"
-          v-bind:value="'1234567890abcdef'"
-        />
-        <div v-if="ui_token_from_env" class="form-text alert alert-success" role="alert">
-          The token was read from the environment variable
-        </div>
-      </div>
-      <div v-else>
-        <input
-          type="text"
-          class="form-control"
-          id="id_do_token"
-          name="do_token"
-          v-bind:disabled="ui_loading_check"
-          v-model="do_token"
-          @blur="load_regions"
-        />
-      </div>
-      
+      <input
+        type="text"
+        class="form-control"
+        id="id_do_token"
+        name="do_token"
+        v-bind:disabled="ui_loading_check"
+        v-model="do_token"
+        @blur="load_regions"
+      />
     </div>
     <region-select v-model="region"
       v-bind:options="ui_region_options"
diff --git a/app/static/provider-ec2.vue b/app/static/provider-ec2.vue
index 7c0d1ed49..143a61bb4 100644
--- a/app/static/provider-ec2.vue
+++ b/app/static/provider-ec2.vue
@@ -1,77 +1,67 @@
 <template>
   <div>
-    <div class="form-group">
-      <label>
-        Enter your AWS Access Key
-        <a
-          href="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html"
-          title="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html"
-          target="_blank"
-          rel="noreferrer noopener"
-          class="badge bagde-pill badge-primary"
-          >?</a
-        >
-        <br />
-        Note: Make sure to use an IAM user with an acceptable policy attached
-        (see
-        <a
-          href="https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md"
-          target="_blank"
-          rel="noreferrer noopener"
-          >docs</a
-        >)
-      </label>
-      <input
-        type="text"
-        class="form-control"
-        name="aws_access_key"
-        v-on:blur="load_regions"
-        v-model="aws_access_key"
-      />
+    <div v-if="ui_config_error && ui_config_error === 'missing_boto'" class="form-text alert alert-danger" role="alert">
+      Python module "boto3" is missing, please install it to proceed
     </div>
-    <div class="form-group">
-      <label
-        >Enter your AWS Secret Key
-        <a
-          href="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html"
-          title="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html"
-          target="_blank"
-          rel="noreferrer noopener"
-          class="badge bagde-pill badge-primary"
-          >?</a
-        ></label
-      >
-      <input
-        type="password"
-        class="form-control"
-        name="aws_secret_key"
-        v-on:blur="load_regions"
-        v-model="aws_secret_key"
-      />
+    <div v-if="ui_env_secrets" class="form-text alert alert-success" role="alert">
+      AWS credentials were read from the environment variables
     </div>
-    <div class="form-group">
-      <label v-if="region_options.length === 0"
-        >Please enter Access key and Secret key to select region</label
-      >
-      <label v-if="is_loading">Loading regions...</label>
-      <label v-if="region_options.length > 0"
-        >What region should the server be located in?</label
-      >
-      <select
-        name="region"
-        class="form-control"
-        v-model="region"
-        v-bind:disabled="is_region_disabled"
-      >
-        <option value disabled>Select region</option>
-        <option
-          v-for="(region, i) in region_options"
-          v-bind:key="i"
-          v-bind:value="region.RegionName"
-          >{{ region.RegionName }}</option
+    <div v-else>
+      <div class="form-group">
+        <label>
+          Enter your AWS Access Key
+          <a
+            href="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html"
+            title="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html"
+            target="_blank"
+            rel="noreferrer noopener"
+            class="badge bagde-pill badge-primary"
+            >?</a
+          >
+          <br />
+          Note: Make sure to use an IAM user with an acceptable policy attached
+          (see
+          <a
+            href="https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md"
+            target="_blank"
+            rel="noreferrer noopener"
+            >docs</a
+          >)
+        </label>
+        <input
+          type="text"
+          class="form-control"
+          name="aws_access_key"
+          v-on:blur="load_regions"
+          v-model="aws_access_key"
+        />
+      </div>
+      <div class="form-group">
+        <label
+          >Enter your AWS Secret Key
+          <a
+            href="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html"
+            title="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html"
+            target="_blank"
+            rel="noreferrer noopener"
+            class="badge bagde-pill badge-primary"
+            >?</a
+          ></label
         >
-      </select>
+        <input
+          type="password"
+          class="form-control"
+          name="aws_secret_key"
+          v-on:blur="load_regions"
+          v-model="aws_secret_key"
+        />
+      </div>
     </div>
+    <region-select v-model="region"
+      v-bind:options="ui_region_options"
+      v-bind:loading="ui_loading_check || ui_loading_regions"
+      v-bind:error="ui_region_error">
+    </region-select>
     <button
       class="btn btn-primary"
       type="button"
@@ -87,53 +77,96 @@
 module.exports = {
   data: function() {
     return {
-      // options for
       aws_access_key: null,
       aws_secret_key: null,
       region: null,
-      // helper variables
-      region_options: [],
-      is_loading: false
+      // ui helper variables
+      ui_region_options: [],
+      ui_env_secrets: null,
+      ui_loading_check: false,
+      ui_loading_regions: false,
+      ui_config_error: null,
+      ui_region_error: null
     };
   },
   computed: {
     is_valid() {
-      return this.aws_access_key && this.aws_secret_key && this.region;
+      return this.has_secrets && this.region;
     },
-    is_region_disabled() {
-      return !(this.aws_access_key && this.aws_secret_key) || this.is_loading;
-    }
+    has_secrets() {
+      return this.ui_env_secrets || (this.aws_access_key && this.aws_secret_key);
+    },
+  },
+  created: function() {
+    this.check_config();
   },
   methods: {
+    check_config() {
+      this.ui_loading_check = true;
+      fetch("/aws_config")
+        .then(r => {
+          if (r.status === 200 || r.status === 400) {
+            return r.json();
+          }
+          throw new Error(r.status);
+        })
+        .then(response => {
+          if (response.has_secret) {
+            this.ui_env_secrets = true;
+            this.load_regions();
+          } else if (response.error) {
+            this.ui_config_error = response.error;
+          }
+        })
+        .finally(() => {
+          this.ui_loading_check = false;
+        });
+    },
     load_regions() {
-      if (this.aws_access_key && this.aws_secret_key && this.region_options.length === 0) {
-        this.is_loading = true;
+      if (this.has_secrets && this.ui_region_options.length === 0) {
+        this.ui_loading_regions = true;
+        this.ui_region_error = false;
+        const payload = this.ui_env_secrets ? {} : {
+          aws_access_key: this.aws_access_key,
+          aws_secret_key: this.aws_secret_key
+        }
         fetch('/ec2_regions', {
           method: 'post',
           headers: {
             'Content-Type': 'application/json'
           },
-          body: JSON.stringify({
-            aws_access_key: this.aws_access_key,
-            aws_secret_key: this.aws_secret_key
-          })
+          body: JSON.stringify(payload)
+        })
+        .then((r) => {
+          if (r.status === 200) {
+            return r.json();
+          }
+          throw new Error(r.status);
         })
-        .then(r => r.json())
         .then(data => {
-          this.region_options = data;
+          this.ui_region_options = data.map(i => ({key: i.RegionName, value: i.RegionName}));
+        })
+        .catch((err) => {
+          this.ui_region_error = err;
         })
         .finally(() => {
-          this.is_loading = false;
+          this.ui_loading_regions = false;
         });
       }
     },
     submit() {
-      this.$emit('submit', {
-        aws_access_key: this.aws_access_key,
-        aws_secret_key: this.aws_secret_key,
+      let submit_value = {
         region: this.region
-      });
+      }
+      if (!this.ui_env_secrets) {
+        submit_value['aws_access_key'] = this.aws_access_key;
+        submit_value['aws_secret_key'] = this.aws_secret_key;
+      }
+      this.$emit('submit', submit_value);
     }
+  },
+  components: {
+    "region-select": window.httpVueLoader("/static/region-select.vue"),
   }
 };
 </script>

From 2aeb292be53a6c5664f33f9ad66ab201dff43326 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Tue, 3 Nov 2020 02:12:43 +0500
Subject: [PATCH 27/39] Unified UX for Vultr & Scaleway

---
 app/server.py                    | 19 ++++++++++++----
 app/static/provider-gce.vue      | 30 +++++++++++++++++-------
 app/static/provider-scaleway.vue | 30 ++++++++++++++----------
 app/static/provider-vultr.vue    | 39 ++++++++++++++++++++++----------
 4 files changed, 82 insertions(+), 36 deletions(-)

diff --git a/app/server.py b/app/server.py
index f44e727fd..46d5b7787 100644
--- a/app/server.py
+++ b/app/server.py
@@ -17,6 +17,13 @@
 except ImportError:
     HAS_BOTO3 = False
 
+try:
+    import requests
+
+    HAS_REQUESTS = True
+except ImportError:
+    HAS_REQUESTS = False
+
 try:
     from google.auth.transport.requests import AuthorizedSession
     from google.oauth2 import service_account
@@ -174,6 +181,10 @@ async def ec2_regions(request):
 
 @routes.get('/gce_config')
 async def check_gce_config(_):
+    if not HAS_REQUESTS:
+        return web.json_response({'error': 'missing_requests'}, status=400)
+    if not HAS_GOOGLE_LIBRARIES:
+        return web.json_response({'error': 'missing_google'}, status=400)
     gce_file = join(PROJECT_ROOT, 'configs', 'gce.json')
     response = {}
     try:
@@ -213,17 +224,17 @@ async def gce_regions(request):
 @routes.get('/vultr_config')
 async def check_vultr_config(request):
     default_path = expanduser(join('~', '.vultr.ini'))
-    response = {'path': None}
+    response = {'has_secret': False}
     try:
         open(default_path, 'r').read()
-        response['path'] = default_path
+        response['has_secret'] = True
     except IOError:
         pass
 
     if 'VULTR_API_CONFIG' in os.environ:
         try:
             open(os.environ['VULTR_API_CONFIG'], 'r').read()
-            response['path'] = os.environ['VULTR_API_CONFIG']
+            response['has_secret'] = True
         except IOError:
             pass
     return web.json_response(response)
@@ -239,7 +250,7 @@ async def vultr_regions(_):
 
 @routes.get('/scaleway_config')
 async def check_scaleway_config(_):
-    return web.json_response({"ok": 'SCW_TOKEN' in os.environ})
+    return web.json_response({"has_secret": 'SCW_TOKEN' in os.environ})
 
 
 app = web.Application()
diff --git a/app/static/provider-gce.vue b/app/static/provider-gce.vue
index 16f9c3703..b542cdca4 100644
--- a/app/static/provider-gce.vue
+++ b/app/static/provider-gce.vue
@@ -1,5 +1,11 @@
 <template>
   <div>
+    <div v-if="ui_config_error && ui_config_error === 'missing_google'" class="form-text alert alert-danger" role="alert">
+      Python module "google-auth" is missing, please install it to proceed
+    </div>
+    <div v-if="ui_config_error && ui_config_error === 'missing_requests'" class="form-text alert alert-danger" role="alert">
+      Python module "requests" is missing, please install it to proceed
+    </div>
     <div
       class="form-group dropzone"
       v-if="ui_needs_upload"
@@ -31,14 +37,14 @@
         <strong>{{ ui_drop_filename }} loaded successfully</strong>
       </div>
     </div>
-    <input type="file" accept=".json,applciation/json" v-on:change="filechange_handler" />
-
-    <div class="form-group">
-      <region-select v-model="region" v-bind:options="ui_region_options" v-bind:loading="ui_loading_check || ui_loading_regions">
-        <label>Please specify <code>gce.json</code> credentials file to select region</label>
-      </region-select>
+    <div v-else class="form-text alert alert-success" role="alert">
+      Google Compute Engine credentials were found in the project
     </div>
-
+    <input type="file" accept=".json,applciation/json" v-on:change="filechange_handler" />
+    <region-select v-model="region" v-bind:options="ui_region_options" v-bind:loading="ui_loading_check || ui_loading_regions">
+      <label v-if="ui_needs_upload">Please select region</label>
+      <label v-else>Please specify <code>gce.json</code> credentials file to select region</label>
+    </region-select>
     <button
       class="btn btn-primary"
       type="button"
@@ -62,6 +68,7 @@ module.exports = {
       ui_drop_error: null,
       ui_drop_success: null,
       ui_drop_filename: null,
+      ui_config_error: null,
       ui_needs_upload: null,
       ui_loading_regions: false,
       ui_loading_check: false,
@@ -140,12 +147,19 @@ module.exports = {
     check_config() {
       this.ui_loading_check = true;
       fetch("/gce_config")
-        .then(r => r.json())
+        .then(r => {
+          if (r.status === 200 || r.status === 400) {
+            return r.json();
+          }
+          throw new Error(r.status);
+        })
         .then(response => {
           if (response.status === 'ok') {
             this.gce_credentials_file = 'configs/gce.json';
             this.load_regions();
             this.ui_needs_upload = false;
+          }  else if (response.error) {
+            this.ui_config_error = response.error;
           } else {
             this.ui_needs_upload = true;
           }
diff --git a/app/static/provider-scaleway.vue b/app/static/provider-scaleway.vue
index d53f65df2..bd586b126 100644
--- a/app/static/provider-scaleway.vue
+++ b/app/static/provider-scaleway.vue
@@ -1,7 +1,10 @@
 <template>
   <div>
 
-    <div class="form-group">
+    <div v-if="ui_env_secrets" class="form-text alert alert-success" role="alert">
+      Token was read from the environment variable
+    </div>
+    <div v-else class="form-group">
       <label
         >Enter your auth token
         <a
@@ -17,14 +20,10 @@
         type="text"
         class="form-control"
         name="scaleway_token"
-        v-bind:disabled="ui_loading_check || ui_token_from_env"
+        v-bind:disabled="ui_loading_check"
         v-model="scaleway_token"
       />
-      <div v-if="ui_token_from_env" class="form-text alert alert-success" role="alert">
-        Token was read from the environment variable
-      </div>
     </div>
-
     <div class="form-group">
       <region-select v-model="region" v-bind:options="ui_region_options">
       </region-select>
@@ -48,7 +47,7 @@ module.exports = {
       scaleway_token: null,
       region: null,
       // helper variables
-      ui_token_from_env: false,
+      ui_env_secrets: false,
       ui_loading_check: false,
       ui_region_options: [
         {value: 'Paris 1', key: 'par1'},
@@ -61,17 +60,24 @@ module.exports = {
   },
   computed: {
     is_valid() {
-      return this.region && (this.scaleway_token || this.ui_token_from_env);
+      return this.region && (this.scaleway_token || this.ui_env_secrets);
     }
   },
   methods: {
     check_config() {
       this.ui_loading_check = true;
       fetch("/scaleway_config")
-        .then(r => r.json())
+        .then(r => {
+          if (r.status === 200 || r.status === 400) {
+            return r.json();
+          }
+          throw new Error(r.status);
+        })
         .then(response => {
-          if (response.ok) {
-            this.ui_token_from_env = true;
+          if (response.has_secret) {
+            this.ui_env_secrets = true;
+          } else if (response.error) {
+            this.ui_config_error = response.error;
           }
         })
         .finally(() => {
@@ -79,7 +85,7 @@ module.exports = {
         });
     },
     submit() {
-      if (this.ui_token_from_env) {
+      if (this.ui_env_secrets) {
         this.$emit("submit", {
           region: this.region
         });
diff --git a/app/static/provider-vultr.vue b/app/static/provider-vultr.vue
index 8c1329b35..52a760400 100644
--- a/app/static/provider-vultr.vue
+++ b/app/static/provider-vultr.vue
@@ -1,7 +1,9 @@
 <template>
   <div>
-
-    <div class="form-group">
+    <div v-if="ui_env_secrets" class="form-text alert alert-success" role="alert">
+      Vultr config file was found in your system
+    </div>
+    <div v-else class="form-group">
       <label
         >Enter the local path to your configuration INI file
         <a
@@ -20,7 +22,7 @@
         v-bind:disabled="ui_loading_check"
         v-model="vultr_config"
       />
-      <div v-if="ui_token_from_env" class="form-text alert alert-success" role="alert">
+      <div v-if="ui_env_secrets" class="form-text alert alert-success" role="alert">
         Configuration file was found in your system. You still can change the path to it
       </div>
     </div>
@@ -50,7 +52,7 @@ module.exports = {
       vultr_config: null,
       region: null,
       // helper variables
-      ui_token_from_env: false,
+      ui_env_secrets: false,
       ui_loading_check: false,
       ui_loading_regions: false,
       ui_region_options: []
@@ -61,19 +63,29 @@ module.exports = {
     this.load_regions();
   },
   computed: {
+    has_secrets() {
+      return this.ui_env_secrets || this.vultr_config;
+    },
     is_valid() {
-      return this.vultr_config && this.region;
+      return this.has_secrets && this.region;
     }
   },
   methods: {
     check_config() {
       this.ui_loading_check = true;
       fetch("/vultr_config")
-        .then(r => r.json())
+        .then(r => {
+          if (r.status === 200 || r.status === 400) {
+            return r.json();
+          }
+          throw new Error(r.status);
+        })
         .then(response => {
-          if (response.path) {
-            this.vultr_config = response.path;
-            this.ui_token_from_env = true;
+          if (response.has_secret) {
+            this.ui_env_secrets = true;
+            this.load_regions();
+          } else if (response.error) {
+            this.ui_config_error = response.error;
           }
         })
         .finally(() => {
@@ -95,10 +107,13 @@ module.exports = {
         });
     },
     submit() {
-      this.$emit("submit", {
-        vultr_config: this.vultr_config,
+      let submit_value = {
         region: this.region
-      });
+      }
+      if (!this.ui_env_secrets) {
+        submit_value['vultr_config'] = this.vultr_config;
+      }
+      this.$emit("submit", submit_value);
     },
   },
   components: {

From e8873870ebcb3945c5b2ac06ae6b6fe477ba708c Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Thu, 21 Jan 2021 01:48:58 +0500
Subject: [PATCH 28/39] Added Hetzner provider

---
 app/static/provider-do.vue      |   2 +-
 app/static/provider-hetzner.vue | 118 ++++++++++++++++++++++++++++++++
 app/static/provider-setup.vue   |   3 +-
 3 files changed, 121 insertions(+), 2 deletions(-)
 create mode 100644 app/static/provider-hetzner.vue

diff --git a/app/static/provider-do.vue b/app/static/provider-do.vue
index f34bdbd66..c0682224c 100644
--- a/app/static/provider-do.vue
+++ b/app/static/provider-do.vue
@@ -46,7 +46,7 @@ module.exports = {
   },
   computed: {
     is_valid() {
-      return (this.do_config || this.ui_token_from_env) && this.region;
+      return (this.do_token || this.ui_token_from_env) && this.region;
     }
   },
   created: function() {
diff --git a/app/static/provider-hetzner.vue b/app/static/provider-hetzner.vue
new file mode 100644
index 000000000..46bc20538
--- /dev/null
+++ b/app/static/provider-hetzner.vue
@@ -0,0 +1,118 @@
+<template>
+  <div>
+    <div v-if="ui_token_from_env">
+      <div v-if="ui_token_from_env" class="form-text alert alert-success" role="alert">
+        The token was read from the environment variable
+      </div>
+    </div>
+    <div class="form-group" v-else>
+      <label for="id_hcloud_token">
+          Enter your API token. The token must have read and write permissions
+          <a href="https://github.com/trailofbits/algo/blob/master/docs/cloud-hetzner.md" title="https://github.com/trailofbits/algo/blob/master/docs/cloud-hetzner.md" class="badge bagde-pill badge-primary" target="_blank" rel="noopener noreferrer">?</a>
+      </label>
+      <input
+        type="text"
+        class="form-control"
+        id="id_hcloud_token"
+        name="hcloud_token"
+        v-bind:disabled="ui_loading_check"
+        v-model="hcloud_token"
+        @blur="load_regions"
+      />
+    </div>
+    <region-select v-model="region"
+      v-bind:options="ui_region_options"
+      v-bind:loading="ui_loading_check || ui_loading_regions"
+      v-bind:error="ui_region_error">
+    </region-select>
+    <button v-on:click="submit"
+      v-bind:disabled="!is_valid" class="btn btn-primary" type="button">Next</button>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  data: function() {
+    return {
+      hcloud_token: null,
+      region: null,
+      // helper variables
+      ui_loading_check: false,
+      ui_loading_regions: false,
+      ui_region_error: null,
+      ui_token_from_env: false,
+      ui_region_options: []
+    }
+  },
+  computed: {
+    is_valid() {
+      return (this.hcloud_config || this.ui_token_from_env) && this.region;
+    }
+  },
+  created: function() {
+    this.check_config();
+  },
+  methods: {
+    check_config() {
+      this.ui_loading_check = true;
+      return fetch("/hetzner_config")
+        .then(r => r.json())
+        .then(response => {
+          if (response.has_secret) {
+            this.ui_token_from_env = true;
+            this.load_regions();
+          }
+        })
+        .finally(() => {
+          this.ui_loading_check = false;
+        });
+    },
+    load_regions() {
+      if (this.ui_token_from_env || this.hcloud_token) {
+        this.ui_loading_regions = true;
+        this.ui_region_error = null;
+        const payload = this.ui_token_from_env ? {} : {
+          token: this.hcloud_token
+        };
+        fetch("/hetzner_regions", {
+          method: 'post',
+          headers: {
+            'Content-Type': 'application/json'
+          },
+          body: JSON.stringify(payload)
+        })
+          .then((r) => {
+            if (r.status === 200) {
+              return r.json();
+            }
+            throw new Error(r.status);
+          })
+          .then((data) => {
+            this.ui_region_options = data.datacenters.map(i => ({key: i.location.name, value: i.location.city}));
+          })
+          .catch((err) => {
+            this.ui_region_error = err;
+          })
+          .finally(() => {
+            this.ui_loading_regions = false;
+          });
+      }
+    },
+    submit() {
+      if (this.ui_token_from_env) {
+        this.$emit("submit", {
+          region: this.region
+        });
+      } else {
+        this.$emit("submit", {
+          hcloud_token: this.hcloud_token,
+          region: this.region
+        });
+      }
+    }
+  },
+  components: {
+    "region-select": window.httpVueLoader("/static/region-select.vue"),
+  }
+};
+</script>
diff --git a/app/static/provider-setup.vue b/app/static/provider-setup.vue
index 89bcf44c6..5ef2464a9 100644
--- a/app/static/provider-setup.vue
+++ b/app/static/provider-setup.vue
@@ -62,7 +62,8 @@ module.exports = {
     'ec2': window.httpVueLoader('/static/provider-ec2.vue'),
     'gce': window.httpVueLoader('/static/provider-gce.vue'),
     'vultr': window.httpVueLoader('/static/provider-vultr.vue'),
-    'scaleway': window.httpVueLoader('/static/provider-scaleway.vue')
+    'scaleway': window.httpVueLoader('/static/provider-scaleway.vue'),
+    'hetzner': window.httpVueLoader('/static/provider-hetzner.vue')
   }
 };
 </script>

From 00271f27a58447cb426fbb0c05267673bb52b635 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Wed, 27 Jan 2021 00:50:09 +0500
Subject: [PATCH 29/39] Added Azure provider

---
 app/server.py                 | 48 ++++++++++++++++++
 app/static/provider-azure.vue | 96 +++++++++++++++++++++++++++++++++++
 app/static/provider-setup.vue |  3 +-
 3 files changed, 146 insertions(+), 1 deletion(-)
 create mode 100644 app/static/provider-azure.vue

diff --git a/app/server.py b/app/server.py
index 46d5b7787..34c5c5401 100644
--- a/app/server.py
+++ b/app/server.py
@@ -32,6 +32,14 @@
 except ImportError:
     HAS_GOOGLE_LIBRARIES = False
 
+try:
+    from azure.mgmt.automation import AutomationClient
+    import azure.mgmt.automation.models as AutomationModel
+
+    HAS_AZURE_LIBRARIES = True
+except ImportError:
+    HAS_AZURE_LIBRARIES = False
+
 routes = web.RouteTableDef()
 PROJECT_ROOT = dirname(dirname(__file__))
 pool = None
@@ -253,6 +261,46 @@ async def check_scaleway_config(_):
     return web.json_response({"has_secret": 'SCW_TOKEN' in os.environ})
 
 
+@routes.get('/hetzner_config')
+async def check_hetzner_config(_):
+    return web.json_response({"has_secret": 'HCLOUD_TOKEN' in os.environ})
+
+
+@routes.post('/hetzner_regions')
+async def hetzner_regions(request):
+    data = await request.json()
+    token = data.get('token', os.environ.get('HCLOUD_TOKEN'))
+    if not token:
+        return web.json_response({'error': 'no token provided'}, status=400)
+
+    headers = {
+        'Content-Type': 'application/json',
+        'Authorization': 'Bearer {0}'.format(token),
+    }
+    async with ClientSession(headers=headers) as session:
+        async with session.get('https://api.hetzner.cloud/v1/datacenters') as r:
+            json_body = await r.json()
+            return web.json_response(json_body)
+
+
+@routes.get('/azure_config')
+async def azure_config(_):
+    if not HAS_REQUESTS:
+        return web.json_response({'error': 'missing_requests'}, status=400)
+    if not HAS_AZURE_LIBRARIES:
+        return web.json_response({'error': 'missing_azure'}, status=400)
+    response = {'status': 'ok'}
+    return web.json_response(response)
+
+
+@routes.get('/azure_regions')
+async def azure_regions(_):
+    with open(join(PROJECT_ROOT, 'roles', 'cloud-azure', 'defaults', 'main.yml'), 'r') as f:
+        regions_json = yaml.safe_load(f.read())
+        regions = json.loads(regions_json['_azure_regions'])
+        return web.json_response(regions)
+
+
 app = web.Application()
 app.router.add_routes(routes)
 app.add_routes([web.static('/static', join(PROJECT_ROOT, 'app', 'static'))])
diff --git a/app/static/provider-azure.vue b/app/static/provider-azure.vue
new file mode 100644
index 000000000..afd2c7bfc
--- /dev/null
+++ b/app/static/provider-azure.vue
@@ -0,0 +1,96 @@
+<template>
+  <div>
+    <div v-if="ui_config_error && ui_config_error === 'missing_requests'" class="form-text alert alert-danger" role="alert">
+      Python module "requests" is missing, please install it to proceed
+    </div>
+    <div v-if="ui_config_error && ui_config_error === 'missing_azure'" class="form-text alert alert-danger" role="alert">
+      Python Azure SDK libraries are missing, please install it to proceed
+    </div>
+    <div class="form-text alert alert-info" role="alert">
+      <strong>Prerequisites:</strong> <a href="https://github.com/trailofbits/algo/blob/master/docs/cloud-azure.md"
+                                         target="_blank" rel="noopener noreferrer">Install azure-cli</a>
+    </div>
+    <region-select v-model="region"
+                   v-bind:options="ui_region_options"
+                   v-bind:loading="ui_loading_check || ui_loading_regions"
+                   v-bind:error="ui_region_error">
+    </region-select>
+    <button v-on:click="submit"
+            v-bind:disabled="!is_valid" class="btn btn-primary" type="button">Next
+    </button>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  data: function () {
+    return {
+      region: null,
+      // helper variables
+      ui_loading_check: false,
+      ui_config_error: false,
+      ui_loading_regions: false,
+      ui_region_error: null,
+      ui_region_options: []
+    }
+  },
+  computed: {
+    is_valid() {
+      return !!this.region;
+    }
+  },
+  created: function () {
+    this.check_config();
+  },
+  methods: {
+    check_config() {
+      this.ui_loading_check = true;
+      fetch("/azure_config")
+          .then(r => {
+            if (r.status === 200 || r.status === 400) {
+              return r.json();
+            }
+            throw new Error(r.status);
+          })
+          .then(response => {
+            if (response.status === 'ok') {
+              this.load_regions();
+            } else if (response.error) {
+              this.ui_config_error = response.error;
+            }
+          })
+          .finally(() => {
+            this.ui_loading_check = false;
+          });
+    },
+    load_regions() {
+      this.ui_loading_regions = true;
+      this.ui_region_error = null;
+      fetch("/azure_regions")
+          .then((r) => {
+            if (r.status === 200) {
+              return r.json();
+            }
+            throw new Error(r.status);
+          })
+          .then((data) => {
+            this.ui_region_options = data.map(i => ({key: i.name, value: i.displayName}));
+          })
+          .catch((err) => {
+            this.ui_region_error = err;
+          })
+          .finally(() => {
+            this.ui_loading_regions = false;
+          });
+    },
+    submit() {
+      this.$emit("submit", {
+        region: this.region
+      });
+    }
+  },
+  components: {
+    "region-select": window.httpVueLoader("/static/region-select.vue"),
+  }
+};
+</script>
diff --git a/app/static/provider-setup.vue b/app/static/provider-setup.vue
index 5ef2464a9..bf5a1601f 100644
--- a/app/static/provider-setup.vue
+++ b/app/static/provider-setup.vue
@@ -63,7 +63,8 @@ module.exports = {
     'gce': window.httpVueLoader('/static/provider-gce.vue'),
     'vultr': window.httpVueLoader('/static/provider-vultr.vue'),
     'scaleway': window.httpVueLoader('/static/provider-scaleway.vue'),
-    'hetzner': window.httpVueLoader('/static/provider-hetzner.vue')
+    'hetzner': window.httpVueLoader('/static/provider-hetzner.vue'),
+    'azure': window.httpVueLoader('/static/provider-azure.vue')
   }
 };
 </script>

From 01bd17d3618cb0edfadf3dc93a80943acd501751 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Thu, 28 Jan 2021 00:34:21 +0500
Subject: [PATCH 30/39] Added Linode support

---
 app/server.py                  |  13 ++++
 app/static/provider-linode.vue | 109 +++++++++++++++++++++++++++++++++
 app/static/provider-setup.vue  |   4 +-
 3 files changed, 125 insertions(+), 1 deletion(-)
 create mode 100644 app/static/provider-linode.vue

diff --git a/app/server.py b/app/server.py
index 34c5c5401..af7721ca9 100644
--- a/app/server.py
+++ b/app/server.py
@@ -301,6 +301,19 @@ async def azure_regions(_):
         return web.json_response(regions)
 
 
+@routes.get('/linode_config')
+async def linode_config(_):
+    return web.json_response({"has_secret": 'LINODE_API_TOKEN' in os.environ})
+
+
+@routes.get('/linode_regions')
+async def linode_config(_):
+    async with ClientSession() as session:
+        async with session.get('https://api.linode.com/v4/regions') as r:
+            json_body = await r.json()
+            return web.json_response(json_body)
+
+
 app = web.Application()
 app.router.add_routes(routes)
 app.add_routes([web.static('/static', join(PROJECT_ROOT, 'app', 'static'))])
diff --git a/app/static/provider-linode.vue b/app/static/provider-linode.vue
new file mode 100644
index 000000000..85be0efcc
--- /dev/null
+++ b/app/static/provider-linode.vue
@@ -0,0 +1,109 @@
+<template>
+  <div>
+    <div v-if="ui_token_from_env">
+      <div v-if="ui_token_from_env" class="form-text alert alert-success" role="alert">
+        The token was read from the environment variable
+      </div>
+    </div>
+    <div class="form-group" v-else>
+      <label for="id_token">
+          Enter your API token. The token must have read and write permissions
+          <a href="https://github.com/trailofbits/algo/blob/master/docs/cloud-linode.md" title="https://github.com/trailofbits/algo/blob/master/docs/cloud-linode.md" class="badge bagde-pill badge-primary" target="_blank" rel="noopener noreferrer">?</a>
+      </label>
+      <input
+        type="text"
+        class="form-control"
+        id="id_token"
+        name="linode_token"
+        v-bind:disabled="ui_loading_check"
+        v-model="linode_token"
+      />
+    </div>
+    <region-select v-model="region"
+      v-bind:options="ui_region_options"
+      v-bind:loading="ui_loading_check || ui_loading_regions"
+      v-bind:error="ui_region_error">
+    </region-select>
+    <button v-on:click="submit"
+      v-bind:disabled="!is_valid" class="btn btn-primary" type="button">Next</button>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  data: function() {
+    return {
+      linode_token: null,
+      region: null,
+      // helper variables
+      ui_loading_check: false,
+      ui_loading_regions: false,
+      ui_region_error: null,
+      ui_token_from_env: false,
+      ui_region_options: []
+    }
+  },
+  computed: {
+    is_valid() {
+      return (this.linode_token || this.ui_token_from_env) && this.region;
+    }
+  },
+  created: function() {
+    this.check_config();
+    this.load_regions();
+  },
+  methods: {
+    check_config() {
+      this.ui_loading_check = true;
+      return fetch("/linode_config")
+        .then(r => r.json())
+        .then(response => {
+          if (response.has_secret) {
+            this.ui_token_from_env = true;
+          }
+        })
+        .finally(() => {
+          this.ui_loading_check = false;
+        });
+    },
+    load_regions() {
+      this.ui_loading_regions = true;
+      this.ui_region_error = null;
+      const payload = this.ui_token_from_env ? {} : {
+        token: this.hcloud_token
+      };
+      fetch("/linode_regions")
+        .then((r) => {
+          if (r.status === 200) {
+            return r.json();
+          }
+          throw new Error(r.status);
+        })
+        .then((data) => {
+          this.ui_region_options = data.data.map(i => ({key: i.id, value: i.id}));
+        })
+        .catch((err) => {
+          this.ui_region_error = err;
+        })
+        .finally(() => {
+          this.ui_loading_regions = false;
+        });
+    },
+    submit() {
+      if (this.ui_token_from_env) {
+        this.$emit("submit", {
+          region: this.region
+        });
+      } else {
+        this.$emit("submit", {
+          linode_token: this.linode_token,
+          region: this.region
+        });
+      }
+    }
+  },
+  components: {
+    "region-select": window.httpVueLoader("/static/region-select.vue"),
+  }
+};
+</script>
diff --git a/app/static/provider-setup.vue b/app/static/provider-setup.vue
index bf5a1601f..0d198e062 100644
--- a/app/static/provider-setup.vue
+++ b/app/static/provider-setup.vue
@@ -34,6 +34,7 @@ module.exports = {
         { name: "Google Compute Engine", alias: "gce" },
         { name: "Hetzner Cloud", alias: "hetzner" },
         { name: "Vultr", alias: "vultr" },
+        { name: "Linode", alias: "linode" },
         { name: "Scaleway", alias: "scaleway" },
         { name: "OpenStack (DreamCompute optimised)", alias: "openstack" },
         { name: "CloudStack (Exoscale optimised)", alias: "cloudstack" },
@@ -64,7 +65,8 @@ module.exports = {
     'vultr': window.httpVueLoader('/static/provider-vultr.vue'),
     'scaleway': window.httpVueLoader('/static/provider-scaleway.vue'),
     'hetzner': window.httpVueLoader('/static/provider-hetzner.vue'),
-    'azure': window.httpVueLoader('/static/provider-azure.vue')
+    'azure': window.httpVueLoader('/static/provider-azure.vue'),
+    'linode': window.httpVueLoader('/static/provider-linode.vue')
   }
 };
 </script>

From 465b8e6e5c2219f5b2e526bfa3e2eca57ba4fc30 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Sat, 30 Jan 2021 01:49:06 +0500
Subject: [PATCH 31/39] WIP: CLoudStack provider

---
 app/server.py                      | 105 ++++++++++++++++++++++++-
 app/static/provider-blank.vue      | 118 +++++++++++++++++++++++++++++
 app/static/provider-cloudstack.vue | 106 ++++++++++++++++++++++++++
 3 files changed, 327 insertions(+), 2 deletions(-)
 create mode 100644 app/static/provider-blank.vue
 create mode 100644 app/static/provider-cloudstack.vue

diff --git a/app/server.py b/app/server.py
index af7721ca9..62bb0ae2c 100644
--- a/app/server.py
+++ b/app/server.py
@@ -1,9 +1,14 @@
 import asyncio
+import base64
 import concurrent.futures
+import configparser
+import hashlib
+import hmac
 import json
 import os
 import sys
 from os.path import join, dirname, expanduser
+from urllib.parse import quote, urlencode
 
 import yaml
 from aiohttp import web, ClientSession
@@ -158,7 +163,8 @@ async def do_regions(request):
 async def aws_config(_):
     if not HAS_BOTO3:
         return web.json_response({'error': 'missing_boto'}, status=400)
-    return web.json_response({'has_secret': 'AWS_ACCESS_KEY_ID' in os.environ and 'AWS_SECRET_ACCESS_KEY' in os.environ})
+    return web.json_response(
+        {'has_secret': 'AWS_ACCESS_KEY_ID' in os.environ and 'AWS_SECRET_ACCESS_KEY' in os.environ})
 
 
 @routes.post('/lightsail_regions')
@@ -307,13 +313,108 @@ async def linode_config(_):
 
 
 @routes.get('/linode_regions')
-async def linode_config(_):
+async def linode_regions(_):
     async with ClientSession() as session:
         async with session.get('https://api.linode.com/v4/regions') as r:
             json_body = await r.json()
             return web.json_response(json_body)
 
 
+@routes.get('/cloudstack_config')
+async def get_cloudstack_config(_):
+    response = {'has_secret': False}
+    if 'CLOUDSTACK_CONFIG' in os.environ:
+        try:
+            open(os.environ['CLOUDSTACK_CONFIG'], 'r').read()
+            response['has_secret'] = True
+        except IOError:
+            pass
+    # check default path
+    default_path = expanduser(join('~', '.cloudstack.ini'))
+    try:
+        open(default_path, 'r').read()
+        response['has_secret'] = True
+    except IOError:
+        pass
+    return web.json_response(response)
+
+
+@routes.post('/cloudstack_config')
+async def post_cloudstack_config(request):
+    data = await request.json()
+    with open(join(PROJECT_ROOT, 'cloudstack.ini'), 'w') as f:
+        try:
+            config = data.config_text
+        except Exception as e:
+            return web.json_response({'error': {
+                'code': type(e).__name__,
+                'message': e,
+            }}, status=400)
+        else:
+            f.write(config)
+            return web.json_response({'ok': True})
+
+
+def _get_cloudstack_config(path=None):
+    if path:
+        try:
+            return open(os.environ['CLOUDSTACK_CONFIG'], 'r').read()
+        except IOError:
+            pass
+
+    if 'CLOUDSTACK_CONFIG' in os.environ:
+        try:
+            return open(os.environ['CLOUDSTACK_CONFIG'], 'r').read()
+        except IOError:
+            pass
+
+    default_path = expanduser(join('~', '.cloudstack.ini'))
+    return open(default_path, 'r').read()
+
+
+def _sign(command, secret):
+    """Adds the signature bit to a command expressed as a dict"""
+    # order matters
+    arguments = sorted(command.items())
+
+    # urllib.parse.urlencode is not good enough here.
+    # key contains should only contain safe content already.
+    # safe="*" is required when producing the signature.
+    query_string = "&".join("=".join((key, quote(value, safe="*")))
+                            for key, value in arguments)
+
+    # Signing using HMAC-SHA1
+    digest = hmac.new(
+        secret.encode("utf-8"),
+        msg=query_string.lower().encode("utf-8"),
+        digestmod=hashlib.sha1).digest()
+
+    signature = base64.b64encode(digest).decode("utf-8")
+
+    return dict(command, signature=signature)
+
+
+@routes.get('/cloudstack_regions')
+async def cloudstack_regions(request):
+    data = {} #await request.json()
+    config = configparser.ConfigParser()
+    config.read_string(_get_cloudstack_config(data.get('cs_config')))
+    section = config[config.sections()[0]]
+
+    compute_endpoint = section.get('endpoint', '')
+    api_key = section.get('key', '')
+    api_secret = section.get('secret', '')
+    params = _sign({
+        "command": "listZones",
+        "apikey": api_key}, api_secret)
+    query_string = urlencode(params)
+
+    async with ClientSession() as session:
+        async with session.get(f'{compute_endpoint}?{query_string}') as r:
+            json_body = await r.json()
+            return web.json_response(json_body)
+
+
 app = web.Application()
 app.router.add_routes(routes)
 app.add_routes([web.static('/static', join(PROJECT_ROOT, 'app', 'static'))])
diff --git a/app/static/provider-blank.vue b/app/static/provider-blank.vue
new file mode 100644
index 000000000..c0682224c
--- /dev/null
+++ b/app/static/provider-blank.vue
@@ -0,0 +1,118 @@
+<template>
+  <div>
+    <div v-if="ui_token_from_env">
+      <div v-if="ui_token_from_env" class="form-text alert alert-success" role="alert">
+        The token was read from the environment variable
+      </div>
+    </div>
+    <div class="form-group" v-else>
+      <label for="id_do_token">
+          Enter your API token. The token must have read and write permissions
+          <a href="https://cloud.digitalocean.com/settings/api/tokens" title="https://cloud.digitalocean.com/settings/api/tokens" class="badge bagde-pill badge-primary" target="_blank" rel="noopener noreferrer">?</a>
+      </label>
+      <input
+        type="text"
+        class="form-control"
+        id="id_do_token"
+        name="do_token"
+        v-bind:disabled="ui_loading_check"
+        v-model="do_token"
+        @blur="load_regions"
+      />
+    </div>
+    <region-select v-model="region"
+      v-bind:options="ui_region_options"
+      v-bind:loading="ui_loading_check || ui_loading_regions"
+      v-bind:error="ui_region_error">
+    </region-select>
+    <button v-on:click="submit"
+      v-bind:disabled="!is_valid" class="btn btn-primary" type="button">Next</button>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  data: function() {
+    return {
+      do_token: null,
+      region: null,
+      // helper variables
+      ui_loading_check: false,
+      ui_loading_regions: false,
+      ui_region_error: null,
+      ui_token_from_env: false,
+      ui_region_options: []
+    }
+  },
+  computed: {
+    is_valid() {
+      return (this.do_token || this.ui_token_from_env) && this.region;
+    }
+  },
+  created: function() {
+    this.check_config();
+  },
+  methods: {
+    check_config() {
+      this.ui_loading_check = true;
+      return fetch("/do_config")
+        .then(r => r.json())
+        .then(response => {
+          if (response.has_secret) {
+            this.ui_token_from_env = true;
+            this.load_regions();
+          }
+        })
+        .finally(() => {
+          this.ui_loading_check = false;
+        });
+    },
+    load_regions() {
+      if (this.ui_token_from_env || this.do_token) {
+        this.ui_loading_regions = true;
+        this.ui_region_error = null;
+        const payload = this.ui_token_from_env ? {} : {
+          token: this.do_token
+        };
+        fetch("/do_regions", {
+          method: 'post',
+          headers: {
+            'Content-Type': 'application/json'
+          },
+          body: JSON.stringify(payload)
+        })
+          .then((r) => {
+            if (r.status === 200) {
+              return r.json();
+            }
+            throw new Error(r.status);
+          })
+          .then((data) => {
+            this.ui_region_options = data.regions.map(i => ({key: i.slug, value: i.name}));
+          })
+          .catch((err) => {
+            this.ui_region_error = err;
+          })
+          .finally(() => {
+            this.ui_loading_regions = false;
+          });
+      }
+    },
+    submit() {
+      if (this.ui_token_from_env) {
+        this.$emit("submit", {
+          region: this.region
+        });
+      } else {
+        this.$emit("submit", {
+          do_token: this.do_token,
+          region: this.region
+        });
+      }
+    }
+  },
+  components: {
+    "region-select": window.httpVueLoader("/static/region-select.vue"),
+  }
+};
+</script>
diff --git a/app/static/provider-cloudstack.vue b/app/static/provider-cloudstack.vue
new file mode 100644
index 000000000..7555594ea
--- /dev/null
+++ b/app/static/provider-cloudstack.vue
@@ -0,0 +1,106 @@
+<template>
+  <div>
+    <div v-if="ui_token_from_env">
+      <div v-if="ui_token_from_env" class="form-text alert alert-success" role="alert">
+        The config file was found on your system
+      </div>
+    </div>
+    <div class="form-group" v-else>
+      
+    </div>
+    <region-select v-model="region"
+      v-bind:options="ui_region_options"
+      v-bind:loading="ui_loading_check || ui_loading_regions"
+      v-bind:error="ui_region_error">
+    </region-select>
+    <button v-on:click="submit"
+      v-bind:disabled="!is_valid" class="btn btn-primary" type="button">Next</button>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  data: function() {
+    return {
+      cs_config: null,
+      region: null,
+      // helper variables
+      ui_loading_check: false,
+      ui_loading_regions: false,
+      ui_region_error: null,
+      ui_token_from_env: false,
+      ui_region_options: []
+    }
+  },
+  computed: {
+    is_valid() {
+      return (this.ui_config_uploaded || this.ui_token_from_env) && this.region;
+    }
+  },
+  created: function() {
+    this.check_config();
+  },
+  methods: {
+    check_config() {
+      this.ui_loading_check = true;
+      return fetch("/cloudstack_config")
+        .then(r => r.json())
+        .then(response => {
+          if (response.has_secret) {
+            this.ui_token_from_env = true;
+            this.load_regions();
+          }
+        })
+        .finally(() => {
+          this.ui_loading_check = false;
+        });
+    },
+    load_regions() {
+      if (this.ui_token_from_env || this.cs_config) {
+        this.ui_loading_regions = true;
+        this.ui_region_error = null;
+        const payload = this.ui_token_from_env ? {} : {
+          token: this.cs_config
+        };
+        fetch("/cloudstack_regions", {
+          method: 'post',
+          headers: {
+            'Content-Type': 'application/json'
+          },
+          body: JSON.stringify(payload)
+        })
+          .then((r) => {
+            if (r.status === 200) {
+              return r.json();
+            }
+            throw new Error(r.status);
+          })
+          .then((data) => {
+            this.ui_region_options = data.regions.map(i => ({key: i.slug, value: i.name}));
+          })
+          .catch((err) => {
+            this.ui_region_error = err;
+          })
+          .finally(() => {
+            this.ui_loading_regions = false;
+          });
+      }
+    },
+    submit() {
+      if (this.ui_token_from_env) {
+        this.$emit("submit", {
+          region: this.region
+        });
+      } else {
+        this.$emit("submit", {
+          cs_config: this.cs_config,
+          region: this.region
+        });
+      }
+    }
+  },
+  components: {
+    "region-select": window.httpVueLoader("/static/region-select.vue"),
+  }
+};
+</script>

From 27d21db3c990816bbb7b49792485d0246f9da288 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Sun, 30 May 2021 00:34:01 +0500
Subject: [PATCH 32/39] Added CloudStack (exoscale) provider setup

---
 app/server.py                      | 116 ++++++++++-------------------
 app/static/provider-cloudstack.vue |  38 ++++++++--
 app/static/provider-setup.vue      |   3 +-
 3 files changed, 71 insertions(+), 86 deletions(-)

diff --git a/app/server.py b/app/server.py
index 62bb0ae2c..7a2936664 100644
--- a/app/server.py
+++ b/app/server.py
@@ -45,6 +45,12 @@
 except ImportError:
     HAS_AZURE_LIBRARIES = False
 
+try:
+    from cs import AIOCloudStack, CloudStackApiException
+    HAS_CS_LIBRARIES = True
+except ImportError:
+    HAS_CS_LIBRARIES = False
+
 routes = web.RouteTableDef()
 PROJECT_ROOT = dirname(dirname(__file__))
 pool = None
@@ -322,97 +328,53 @@ async def linode_regions(_):
 
 @routes.get('/cloudstack_config')
 async def get_cloudstack_config(_):
-    response = {'has_secret': False}
-    if 'CLOUDSTACK_CONFIG' in os.environ:
-        try:
-            open(os.environ['CLOUDSTACK_CONFIG'], 'r').read()
-            response['has_secret'] = True
-        except IOError:
-            pass
-    # check default path
-    default_path = expanduser(join('~', '.cloudstack.ini'))
-    try:
-        open(default_path, 'r').read()
-        response['has_secret'] = True
-    except IOError:
-        pass
+    if not HAS_REQUESTS:
+        return web.json_response({'error': 'missing_requests'}, status=400)
+    if not HAS_CS_LIBRARIES:
+        return web.json_response({'error': 'missing_cloudstack'}, status=400)
+    response = {'has_secret': _read_cloudstack_config() is not None}
     return web.json_response(response)
 
 
-@routes.post('/cloudstack_config')
-async def post_cloudstack_config(request):
-    data = await request.json()
-    with open(join(PROJECT_ROOT, 'cloudstack.ini'), 'w') as f:
-        try:
-            config = data.config_text
-        except Exception as e:
-            return web.json_response({'error': {
-                'code': type(e).__name__,
-                'message': e,
-            }}, status=400)
-        else:
-            f.write(config)
-            return web.json_response({'ok': True})
-
-
-def _get_cloudstack_config(path=None):
-    if path:
-        try:
-            return open(os.environ['CLOUDSTACK_CONFIG'], 'r').read()
-        except IOError:
-            pass
-
+def _read_cloudstack_config():
     if 'CLOUDSTACK_CONFIG' in os.environ:
         try:
             return open(os.environ['CLOUDSTACK_CONFIG'], 'r').read()
         except IOError:
             pass
-
+    # check default path
     default_path = expanduser(join('~', '.cloudstack.ini'))
-    return open(default_path, 'r').read()
-
-
-def _sign(command, secret):
-    """Adds the signature bit to a command expressed as a dict"""
-    # order matters
-    arguments = sorted(command.items())
-
-    # urllib.parse.urlencode is not good enough here.
-    # key contains should only contain safe content already.
-    # safe="*" is required when producing the signature.
-    query_string = "&".join("=".join((key, quote(value, safe="*")))
-                            for key, value in arguments)
-
-    # Signing using HMAC-SHA1
-    digest = hmac.new(
-        secret.encode("utf-8"),
-        msg=query_string.lower().encode("utf-8"),
-        digestmod=hashlib.sha1).digest()
-
-    signature = base64.b64encode(digest).decode("utf-8")
-
-    return dict(command, signature=signature)
+    try:
+        return open(default_path, 'r').read()
+    except IOError:
+        pass
+    return None
 
 
-@routes.get('/cloudstack_regions')
+@routes.post('/cloudstack_regions')
 async def cloudstack_regions(request):
-    data = {} #await request.json()
+    data = await request.json()
+    client_config = data.get('token')
     config = configparser.ConfigParser()
-    config.read_string(_get_cloudstack_config(data.get('cs_config')))
+    config.read_string(_read_cloudstack_config() or client_config)
     section = config[config.sections()[0]]
-
-    compute_endpoint = section.get('endpoint', '')
-    api_key = section.get('key', '')
-    api_secret = section.get('secret', '')
-    params = _sign({
-        "command": "listZones",
-        "apikey": api_key}, api_secret)
-    query_string = urlencode(params)
-
-    async with ClientSession() as session:
-        async with session.get(f'{compute_endpoint}?{query_string}') as r:
-            json_body = await r.json()
-            return web.json_response(json_body)
+    client = AIOCloudStack(**section)
+    try:
+        zones = await client.listZones(fetch_list=True)
+    except CloudStackApiException as resp:
+        return web.json_response({
+            'cloud_stack_error': resp.error
+        }, status=400)
+    # if config was passed from client, save it after successful zone retrieval
+    if _read_cloudstack_config() is None:
+        path = os.environ['CLOUDSTACK_CONFIG'] or expanduser(join('~', '.cloudstack.ini'))
+        with open(path, 'w') as f:
+            try:
+                f.write(client_config)
+            except IOError as e:
+                return web.json_response({'error': 'can not save config file'}, status=400)
+
+    return web.json_response(zones)
 
 
 app = web.Application()
diff --git a/app/static/provider-cloudstack.vue b/app/static/provider-cloudstack.vue
index 7555594ea..4630cc51c 100644
--- a/app/static/provider-cloudstack.vue
+++ b/app/static/provider-cloudstack.vue
@@ -1,18 +1,29 @@
 <template>
   <div>
-    <div v-if="ui_token_from_env">
-      <div v-if="ui_token_from_env" class="form-text alert alert-success" role="alert">
-        The config file was found on your system
-      </div>
+    <div v-if="ui_token_from_env" class="form-text alert alert-success" role="alert">
+      The config file was found on your system
     </div>
-    <div class="form-group" v-else>
-      
+    <div v-else class="form-group">
+      <label>
+        Enter your cloudstack.ini file contents below, it will be saved to your system.
+      </label>
+      <p>Example config file format (clickable):</p>
+      <pre class="example" v-on:click="cs_config = ui_example_cfg">{{ ui_example_cfg }}</pre>
+      <textarea v-model="cs_config"
+                v-bind:disabled="ui_loading_check"
+                v-on:blur="load_regions"
+                class="form-control"
+                rows="5"></textarea>
+      <div v-if="ui_region_options.length > 0 && !ui_token_from_env" class="form-text alert alert-success" role="alert">
+        The config file was saved on your system
+      </div>
     </div>
     <region-select v-model="region"
       v-bind:options="ui_region_options"
       v-bind:loading="ui_loading_check || ui_loading_regions"
       v-bind:error="ui_region_error">
     </region-select>
+
     <button v-on:click="submit"
       v-bind:disabled="!is_valid" class="btn btn-primary" type="button">Next</button>
   </div>
@@ -25,6 +36,11 @@ module.exports = {
       cs_config: null,
       region: null,
       // helper variables
+      ui_example_cfg: '[exoscale]\n' +
+          'endpoint = https://api.exoscale.com/compute\n' +
+          'key = API Key here\n' +
+          'secret = Secret key here\n' +
+          'timeout = 30',
       ui_loading_check: false,
       ui_loading_regions: false,
       ui_region_error: null,
@@ -34,7 +50,7 @@ module.exports = {
   },
   computed: {
     is_valid() {
-      return (this.ui_config_uploaded || this.ui_token_from_env) && this.region;
+      return (this.cs_config || this.ui_token_from_env) && this.region;
     }
   },
   created: function() {
@@ -76,7 +92,7 @@ module.exports = {
             throw new Error(r.status);
           })
           .then((data) => {
-            this.ui_region_options = data.regions.map(i => ({key: i.slug, value: i.name}));
+            this.ui_region_options = data.map(i => ({key: i.name, value: i.name}));
           })
           .catch((err) => {
             this.ui_region_error = err;
@@ -104,3 +120,9 @@ module.exports = {
   }
 };
 </script>
+
+<style scoped>
+.example {
+  cursor: pointer;
+}
+</style>
\ No newline at end of file
diff --git a/app/static/provider-setup.vue b/app/static/provider-setup.vue
index 0d198e062..93242c3ea 100644
--- a/app/static/provider-setup.vue
+++ b/app/static/provider-setup.vue
@@ -66,7 +66,8 @@ module.exports = {
     'scaleway': window.httpVueLoader('/static/provider-scaleway.vue'),
     'hetzner': window.httpVueLoader('/static/provider-hetzner.vue'),
     'azure': window.httpVueLoader('/static/provider-azure.vue'),
-    'linode': window.httpVueLoader('/static/provider-linode.vue')
+    'linode': window.httpVueLoader('/static/provider-linode.vue'),
+    'cloudstack': window.httpVueLoader('/static/provider-cloudstack.vue')
   }
 };
 </script>

From 7d2ddffcd7e4301c4407c97d55a4b0b115225fa9 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Sun, 30 May 2021 01:09:00 +0500
Subject: [PATCH 33/39] Updated Vultr provider UX

---
 app/server.py                 | 28 +++++++++++++------
 app/static/provider-vultr.vue | 52 +++++++++++++++++++++++++++--------
 2 files changed, 61 insertions(+), 19 deletions(-)

diff --git a/app/server.py b/app/server.py
index 7a2936664..b481ae0d6 100644
--- a/app/server.py
+++ b/app/server.py
@@ -243,21 +243,33 @@ async def gce_regions(request):
 
 @routes.get('/vultr_config')
 async def check_vultr_config(request):
-    default_path = expanduser(join('~', '.vultr.ini'))
     response = {'has_secret': False}
+    if 'VULTR_API_CONFIG' in os.environ:
+        try:
+            open(os.environ['VULTR_API_CONFIG'], 'r').read()
+            response['has_secret'] = True
+        except IOError:
+            pass
     try:
+        default_path = expanduser(join('~', '.vultr.ini'))
         open(default_path, 'r').read()
         response['has_secret'] = True
     except IOError:
         pass
+    return web.json_response(response)
 
-    if 'VULTR_API_CONFIG' in os.environ:
+
+@routes.post('/vultr_config')
+async def save_vultr_config(request):
+    data = await request.json()
+    token = data.get('token')
+    path = os.environ.get('VULTR_API_CONFIG') or expanduser(join('~', '.vultr.ini'))
+    with open(path, 'w') as f:
         try:
-            open(os.environ['VULTR_API_CONFIG'], 'r').read()
-            response['has_secret'] = True
+            f.write('[default]\nkey = {0}'.format(token))
         except IOError:
-            pass
-    return web.json_response(response)
+            return web.json_response({'error': 'can not save config file'}, status=400)
+    return web.json_response({'saved_to': path})
 
 
 @routes.get('/vultr_regions')
@@ -327,7 +339,7 @@ async def linode_regions(_):
 
 
 @routes.get('/cloudstack_config')
-async def get_cloudstack_config(_):
+async def check_cloudstack_config(_):
     if not HAS_REQUESTS:
         return web.json_response({'error': 'missing_requests'}, status=400)
     if not HAS_CS_LIBRARIES:
@@ -367,7 +379,7 @@ async def cloudstack_regions(request):
         }, status=400)
     # if config was passed from client, save it after successful zone retrieval
     if _read_cloudstack_config() is None:
-        path = os.environ['CLOUDSTACK_CONFIG'] or expanduser(join('~', '.cloudstack.ini'))
+        path = os.environ.get('CLOUDSTACK_CONFIG') or expanduser(join('~', '.cloudstack.ini'))
         with open(path, 'w') as f:
             try:
                 f.write(client_config)
diff --git a/app/static/provider-vultr.vue b/app/static/provider-vultr.vue
index 52a760400..dbec2455a 100644
--- a/app/static/provider-vultr.vue
+++ b/app/static/provider-vultr.vue
@@ -1,11 +1,11 @@
 <template>
   <div>
-    <div v-if="ui_env_secrets" class="form-text alert alert-success" role="alert">
+     <div v-if="ui_token_from_env" class="form-text alert alert-success" role="alert">
       Vultr config file was found in your system
     </div>
     <div v-else class="form-group">
       <label
-        >Enter the local path to your configuration INI file
+        >Enter Vultr API Token, it will be saved in your system
         <a
           href="https://trailofbits.github.io/algo/cloud-vultr.html"
           title="https://trailofbits.github.io/algo/cloud-vultr.html"
@@ -18,12 +18,13 @@
       <input
         type="text"
         class="form-control"
-        name="vultr_config"
+        name="vultr_token"
         v-bind:disabled="ui_loading_check"
-        v-model="vultr_config"
+        v-model="ui_token"
+        v-on:blur="save_config"
       />
-      <div v-if="ui_env_secrets" class="form-text alert alert-success" role="alert">
-        Configuration file was found in your system. You still can change the path to it
+      <div v-if="vultr_config" class="form-text alert alert-success" role="alert">
+        The config file was saved on your system
       </div>
     </div>
 
@@ -52,7 +53,8 @@ module.exports = {
       vultr_config: null,
       region: null,
       // helper variables
-      ui_env_secrets: false,
+      ui_token: null,
+      ui_token_from_env: false,
       ui_loading_check: false,
       ui_loading_regions: false,
       ui_region_options: []
@@ -64,7 +66,7 @@ module.exports = {
   },
   computed: {
     has_secrets() {
-      return this.ui_env_secrets || this.vultr_config;
+      return this.ui_token_from_env || this.vultr_config;
     },
     is_valid() {
       return this.has_secrets && this.region;
@@ -82,7 +84,7 @@ module.exports = {
         })
         .then(response => {
           if (response.has_secret) {
-            this.ui_env_secrets = true;
+            this.ui_token_from_env = true;
             this.load_regions();
           } else if (response.error) {
             this.ui_config_error = response.error;
@@ -92,6 +94,34 @@ module.exports = {
           this.ui_loading_check = false;
         });
     },
+    save_config() {
+      this.ui_loading_check = true;
+      fetch("/vultr_config", {
+        method: 'post',
+        headers: {
+          'Content-Type': 'application/json'
+        },
+        body: JSON.stringify({
+          token: this.ui_token
+        })
+      })
+      .then(r => {
+          if (r.status === 200 || r.status === 400) {
+            return r.json();
+          }
+          throw new Error(r.status);
+        })
+        .then(response => {
+          if ('saved_to' in response) {
+            this.vultr_config = response.saved_to;
+          } else if (response.error) {
+            this.ui_config_error = response.error;
+          }
+        })
+        .finally(() => {
+          this.ui_loading_check = false;
+        });
+    },
     load_regions() {
       this.ui_loading_regions = true;
       fetch("/vultr_regions")
@@ -99,7 +129,7 @@ module.exports = {
         .then((data) => {
           this.ui_region_options = Object.keys(data).map(k => ({
             value: data[k].name,
-            key: data[k].name
+            key: data[k].DCID
           }));
         })
         .finally(() => {
@@ -110,7 +140,7 @@ module.exports = {
       let submit_value = {
         region: this.region
       }
-      if (!this.ui_env_secrets) {
+      if (!this.ui_token_from_env) {
         submit_value['vultr_config'] = this.vultr_config;
       }
       this.$emit("submit", submit_value);

From 6a72539305e72f4c1f1ff0d3921ef3e537ceefbe Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Sun, 30 May 2021 01:09:24 +0500
Subject: [PATCH 34/39] Minor updates

---
 app/static/index.html       | 2 +-
 app/static/provider-do.vue  | 2 +-
 app/static/provider-ec2.vue | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/static/index.html b/app/static/index.html
index 4d0d3b326..74c4822c0 100644
--- a/app/static/index.html
+++ b/app/static/index.html
@@ -115,7 +115,7 @@ <h1 class="mb-5 text-center" v-if="step === 'status-exit'">
         playbook: {},
         step: 'setup',
         extra_args: {
-          server_name: 'algo2',
+          server_name: 'algo',
           ondemand_cellular: false,
           ondemand_wifi: false,
           dns_adblocking: false,
diff --git a/app/static/provider-do.vue b/app/static/provider-do.vue
index c0682224c..05b61fb31 100644
--- a/app/static/provider-do.vue
+++ b/app/static/provider-do.vue
@@ -17,7 +17,7 @@
         name="do_token"
         v-bind:disabled="ui_loading_check"
         v-model="do_token"
-        @blur="load_regions"
+        v-on:blur="load_regions"
       />
     </div>
     <region-select v-model="region"
diff --git a/app/static/provider-ec2.vue b/app/static/provider-ec2.vue
index 143a61bb4..2384b277d 100644
--- a/app/static/provider-ec2.vue
+++ b/app/static/provider-ec2.vue
@@ -15,7 +15,7 @@
             title="http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html"
             target="_blank"
             rel="noreferrer noopener"
-            class="badge bagde-pill badge-primary"
+            class="badge badge-pill badge-primary"
             >?</a
           >
           <br />

From 15b0d1f0946f6731a2a7e473e98d04451740d495 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Sun, 30 May 2021 01:33:05 +0500
Subject: [PATCH 35/39] Added local and openstack providers

---
 app/static/provider-local.vue     | 68 +++++++++++++++++++++++++++++++
 app/static/provider-openstack.vue | 19 +++++++++
 app/static/provider-setup.vue     |  4 +-
 3 files changed, 90 insertions(+), 1 deletion(-)
 create mode 100644 app/static/provider-local.vue
 create mode 100644 app/static/provider-openstack.vue

diff --git a/app/static/provider-local.vue b/app/static/provider-local.vue
new file mode 100644
index 000000000..552c9749f
--- /dev/null
+++ b/app/static/provider-local.vue
@@ -0,0 +1,68 @@
+<template>
+  <div>
+    <div class="form-group">
+      <label for="id_server">
+          Enter the IP address of your server: (or use localhost for local installation):
+      </label>
+      <input
+        type="text"
+        class="form-control"
+        id="id_server"
+        name="server"
+        v-model="server"
+      />
+    </div>
+    <div class="form-group">
+      <label for="id_ssh_user">
+          What user should we use to login on the server? (note: passwordless login required, or ignore if you're deploying to localhost)
+      </label>
+      <input
+        type="text"
+        class="form-control"
+        id="id_ssh_user"
+        name="ssh_user"
+        v-model="ssh_user"
+      />
+    </div>
+    <div class="form-group">
+      <label for="id_endpoint">
+          Enter the public IP address or domain name of your server: (IMPORTANT! This is used to verify the certificate)
+      </label>
+      <input
+        type="text"
+        class="form-control"
+        id="id_endpoint"
+        name="endpoint"
+        v-model="endpoint"
+      />
+    </div>
+    <button v-on:click="submit"
+      v-bind:disabled="!is_valid" class="btn btn-primary" type="button">Next</button>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  data: function() {
+    return {
+      server: null,
+      ssh_user: null,
+      endpoint: null
+    }
+  },
+  computed: {
+    is_valid() {
+      return this.server && this.ssh_user && this.endpoint;
+    }
+  },
+  methods: {
+    submit() {
+      this.$emit("submit", {
+        server: this.server,
+        ssh_user: this.ssh_user,
+        endpoint: this.endpoint
+      });
+    }
+  }
+};
+</script>
diff --git a/app/static/provider-openstack.vue b/app/static/provider-openstack.vue
new file mode 100644
index 000000000..1d46992c6
--- /dev/null
+++ b/app/static/provider-openstack.vue
@@ -0,0 +1,19 @@
+<template>
+  <div>
+    <p>
+      Download OpenStack credentials from the OpenStack dashboard->Compute->API Access and source it in the shell (eg:
+      source /tmp/dhc-openrc.sh)
+    </p>
+    <button v-on:click="submit" class="btn btn-primary" type="button">Next</button>
+  </div>
+</template>
+
+<script>
+module.exports = {
+  methods: {
+    submit() {
+      this.$emit("submit");
+    }
+  }
+};
+</script>
diff --git a/app/static/provider-setup.vue b/app/static/provider-setup.vue
index 93242c3ea..238ebb52c 100644
--- a/app/static/provider-setup.vue
+++ b/app/static/provider-setup.vue
@@ -67,7 +67,9 @@ module.exports = {
     'hetzner': window.httpVueLoader('/static/provider-hetzner.vue'),
     'azure': window.httpVueLoader('/static/provider-azure.vue'),
     'linode': window.httpVueLoader('/static/provider-linode.vue'),
-    'cloudstack': window.httpVueLoader('/static/provider-cloudstack.vue')
+    'cloudstack': window.httpVueLoader('/static/provider-cloudstack.vue'),
+    'openstack': window.httpVueLoader('/static/provider-openstack.vue'),
+    'local': window.httpVueLoader('/static/provider-local.vue')
   }
 };
 </script>

From 76cb02b7207fe73251a10283948f361202bf419d Mon Sep 17 00:00:00 2001
From: Ivan Gromov <ivan@MacBook-Pro-Ivan.local>
Date: Wed, 31 Aug 2022 00:23:04 +0500
Subject: [PATCH 36/39] Added README file

---
 app/README.md        | 39 +++++++++++++++++++++++++++++++++++++++
 app/requirements.txt |  3 ++-
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 app/README.md

diff --git a/app/README.md b/app/README.md
new file mode 100644
index 000000000..ebf438dcf
--- /dev/null
+++ b/app/README.md
@@ -0,0 +1,39 @@
+# Algo web app UI
+
+## Abstract
+
+[A short description of what project does]
+
+## Background
+
+VUE docs,
+asyncio docs
+
+## Rationale
+
+Why A not B
+(vue is modern and doesn't require build system and depoendency)
+asyncio - same
+PBEX is patched because shell access considered insecure
+
+## Implementation
+
+app/server.py management, threading
+config yaml writer
+generic approach to provider UI (set required fields, validation, inherit ENV, try to detect)
+how progress displayed
+
+## testing
+testing js: vue-test-library + loader
+testing python: pytests
+testing pbex compatibility: demo yaml
+
+## Compatibility (if applicable)
+
+[A discussion of the change with regard to the compatibility.]
+Due to ansible doesn't have API, have to manually check if custom PBEX would still work
+
+## Open issues (if applicable)
+
+Still requires pip install, consider py2exe, pyinstaller
+No task progress displayed, require callback module
diff --git a/app/requirements.txt b/app/requirements.txt
index f179af209..eb1a59682 100644
--- a/app/requirements.txt
+++ b/app/requirements.txt
@@ -1 +1,2 @@
-aiohttp==3.6.2
\ No newline at end of file
+aiohttp==3.6.2
+boto3
\ No newline at end of file

From 23f83323192f4d738b6b77cb5ab6fa2a1463d001 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Wed, 31 Aug 2022 02:20:19 +0500
Subject: [PATCH 37/39] Switched to ansible_runner API

---
 app/requirements.txt |  3 +-
 app/server.py        | 88 ++++++++++++++++++++++++++------------------
 2 files changed, 55 insertions(+), 36 deletions(-)

diff --git a/app/requirements.txt b/app/requirements.txt
index eb1a59682..6e8ba5d0b 100644
--- a/app/requirements.txt
+++ b/app/requirements.txt
@@ -1,2 +1,3 @@
-aiohttp==3.6.2
+aiohttp==3.8.1
+ansible-runner==2.2.1
 boto3
\ No newline at end of file
diff --git a/app/server.py b/app/server.py
index b481ae0d6..ab4f4050c 100644
--- a/app/server.py
+++ b/app/server.py
@@ -10,11 +10,10 @@
 from os.path import join, dirname, expanduser
 from urllib.parse import quote, urlencode
 
+import ansible_runner
 import yaml
 from aiohttp import web, ClientSession
 
-from playbook import PlaybookCLI
-
 try:
     import boto3
 
@@ -47,6 +46,7 @@
 
 try:
     from cs import AIOCloudStack, CloudStackApiException
+
     HAS_CS_LIBRARIES = True
 except ImportError:
     HAS_CS_LIBRARIES = False
@@ -58,12 +58,49 @@
 task_program = ''
 
 
-def run_playbook(data):
-    global task_program
-    extra_vars = ' '.join(['{0}={1}'.format(key, data[key])
-                           for key in data.keys()])
-    task_program = ['ansible-playbook', 'main.yml', '--extra-vars', extra_vars]
-    return PlaybookCLI(task_program).run()
+class Status:
+    RUNNING = 'run'
+    ERROR = 'error'
+    CANCELLED = 'cancelled'
+    DONE = 'done'
+    NEW = None
+
+
+class Playbook:
+
+    def __init__(self):
+        self.status = Status.NEW
+        self.want_cancel = False
+        self.events = []
+        self._runner = None
+
+    def event_handler(self, data: dict) -> None:
+        self.events.append(data)
+
+    def cancel_handler(self) -> bool:
+        if self.want_cancel:
+            self.status = Status.CANCELLED
+        return self.want_cancel
+
+    def cancel(self) -> None:
+        self.want_cancel = True
+
+    def run(self, extra_vars: dict) -> None:
+        self.want_cancel = False
+        self.status = Status.RUNNING
+        _, runner = ansible_runner.run_async(private_data_dir='.',
+                                             playbook='main.yml',
+                                             extravars=extra_vars,
+                                             cancel_callback=self.cancel_handler,
+                                             event_handler=self.event_handler)
+        self._runner = runner
+
+
+playbook = Playbook()
+
+
+def run_playbook(data: dict):
+    return playbook.run(data)
 
 
 @routes.get('/')
@@ -73,43 +110,24 @@ async def handle_index(_):
 
 
 @routes.get('/playbook')
-async def playbook_get_handler(request):
-    if not task_future:
-        return web.json_response({'status': None})
-
-    if task_future.done():
-        try:
-            return web.json_response({'status': 'done', 'program': task_program, 'result': task_future.result()})
-        except ValueError as e:
-            return web.json_response({'status': 'error', 'program': task_program, 'result': str(e)})
-    elif task_future.cancelled():
-        return web.json_response({'status': 'cancelled', 'program': task_program})
-    else:
-        return web.json_response({'status': 'running', 'program': task_program})
+async def playbook_get_handler(_):
+    return web.json_response({
+        'status': playbook.status,
+        'events': playbook.events,
+    })
 
 
 @routes.post('/playbook')
 async def playbook_post_handler(request):
-    global task_future
-    global pool
     data = await request.json()
-    loop = asyncio.get_running_loop()
-
-    pool = concurrent.futures.ThreadPoolExecutor()
-    task_future = loop.run_in_executor(pool, run_playbook, data)
+    run_playbook(data)
     return web.json_response({'ok': True})
 
 
 @routes.delete('/playbook')
 async def playbook_delete_handler(_):
-    global task_future
-    if not task_future:
-        return web.json_response({'ok': False})
-
-    cancelled = task_future.cancel()
-    pool.shutdown(wait=False)
-    task_future = None
-    return web.json_response({'ok': cancelled})
+    playbook.cancel()
+    return web.json_response({'ok': True})
 
 
 @routes.get('/config')

From 547711d83e3d7d0d2ba33854c0d3530f72421355 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Fri, 9 Sep 2022 01:16:51 +0500
Subject: [PATCH 38/39] Show variables from event logs

---
 app/playbook.py               | 213 ----------------------------------
 app/server.py                 |  32 +++--
 app/static/index.html         |  14 +++
 app/static/status-running.vue |  67 +++++++----
 4 files changed, 82 insertions(+), 244 deletions(-)
 delete mode 100644 app/playbook.py

diff --git a/app/playbook.py b/app/playbook.py
deleted file mode 100644
index f99e5c0d9..000000000
--- a/app/playbook.py
+++ /dev/null
@@ -1,213 +0,0 @@
-# (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
-# Copyright: (c) 2018, Ansible Project
-# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
-
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
-
-import os
-import stat
-
-from ansible import context
-from ansible.cli import CLI
-from ansible.cli.arguments import option_helpers as opt_help
-from ansible.errors import AnsibleError
-from ansible.executor.playbook_executor import PlaybookExecutor
-from ansible.module_utils._text import to_bytes
-from ansible.playbook.block import Block
-from ansible.utils.display import Display
-from ansible.utils.collection_loader import AnsibleCollectionLoader, get_collection_name_from_path, set_collection_playbook_paths
-from ansible.plugins.loader import add_all_plugin_dirs
-
-
-display = Display()
-
-
-class PlaybookCLI(CLI):
-    ''' the tool to run *Ansible playbooks*, which are a configuration and multinode deployment system.
-        See the project home page (https://docs.ansible.com) for more information. '''
-
-    def init_parser(self):
-
-        # create parser for CLI options
-        super(PlaybookCLI, self).init_parser(
-            usage="%prog [options] playbook.yml [playbook2 ...]",
-            desc="Runs Ansible playbooks, executing the defined tasks on the targeted hosts.")
-
-        opt_help.add_connect_options(self.parser)
-        opt_help.add_meta_options(self.parser)
-        opt_help.add_runas_options(self.parser)
-        opt_help.add_subset_options(self.parser)
-        opt_help.add_check_options(self.parser)
-        opt_help.add_inventory_options(self.parser)
-        opt_help.add_runtask_options(self.parser)
-        opt_help.add_vault_options(self.parser)
-        opt_help.add_fork_options(self.parser)
-        opt_help.add_module_options(self.parser)
-
-        # ansible playbook specific opts
-        self.parser.add_argument('--list-tasks', dest='listtasks', action='store_true',
-                                 help="list all tasks that would be executed")
-        self.parser.add_argument('--list-tags', dest='listtags', action='store_true',
-                                 help="list all available tags")
-        self.parser.add_argument('--step', dest='step', action='store_true',
-                                 help="one-step-at-a-time: confirm each task before running")
-        self.parser.add_argument('--start-at-task', dest='start_at_task',
-                                 help="start the playbook at the task matching this name")
-        self.parser.add_argument('args', help='Playbook(s)', metavar='playbook', nargs='+')
-
-    def post_process_args(self, options):
-        options = super(PlaybookCLI, self).post_process_args(options)
-
-        display.verbosity = options.verbosity
-        self.validate_conflicts(options, runas_opts=True, fork_opts=True)
-
-        return options
-
-    def run(self):
-
-        super(PlaybookCLI, self).run()
-
-        # Note: slightly wrong, this is written so that implicit localhost
-        # manages passwords
-        sshpass = None
-        becomepass = None
-        passwords = {}
-
-        # initial error check, to make sure all specified playbooks are accessible
-        # before we start running anything through the playbook executor
-
-        b_playbook_dirs = []
-        for playbook in context.CLIARGS['args']:
-            if not os.path.exists(playbook):
-                raise AnsibleError("the playbook: %s could not be found" % playbook)
-            if not (os.path.isfile(playbook) or stat.S_ISFIFO(os.stat(playbook).st_mode)):
-                raise AnsibleError("the playbook: %s does not appear to be a file" % playbook)
-
-            b_playbook_dir = os.path.dirname(os.path.abspath(to_bytes(playbook, errors='surrogate_or_strict')))
-            # load plugins from all playbooks in case they add callbacks/inventory/etc
-            add_all_plugin_dirs(b_playbook_dir)
-
-            b_playbook_dirs.append(b_playbook_dir)
-
-        set_collection_playbook_paths(b_playbook_dirs)
-
-        playbook_collection = get_collection_name_from_path(b_playbook_dirs[0])
-
-        if playbook_collection:
-            display.warning("running playbook inside collection {0}".format(playbook_collection))
-            AnsibleCollectionLoader().set_default_collection(playbook_collection)
-
-        # don't deal with privilege escalation or passwords when we don't need to
-        if not (context.CLIARGS['listhosts'] or context.CLIARGS['listtasks'] or
-                context.CLIARGS['listtags'] or context.CLIARGS['syntax']):
-            (sshpass, becomepass) = self.ask_passwords()
-            passwords = {'conn_pass': sshpass, 'become_pass': becomepass}
-
-        # create base objects
-        loader, inventory, variable_manager = self._play_prereqs()
-
-        # (which is not returned in list_hosts()) is taken into account for
-        # warning if inventory is empty.  But it can't be taken into account for
-        # checking if limit doesn't match any hosts.  Instead we don't worry about
-        # limit if only implicit localhost was in inventory to start with.
-        #
-        # Fix this when we rewrite inventory by making localhost a real host (and thus show up in list_hosts())
-        CLI.get_host_list(inventory, context.CLIARGS['subset'])
-
-        # flush fact cache if requested
-        if context.CLIARGS['flush_cache']:
-            self._flush_cache(inventory, variable_manager)
-
-        # create the playbook executor, which manages running the plays via a task queue manager
-        pbex = PlaybookExecutor(playbooks=context.CLIARGS['args'], inventory=inventory,
-                                variable_manager=variable_manager, loader=loader,
-                                passwords=passwords)
-
-        results = pbex.run()
-
-        if isinstance(results, list):
-            for p in results:
-
-                display.display('\nplaybook: %s' % p['playbook'])
-                for idx, play in enumerate(p['plays']):
-                    if play._included_path is not None:
-                        loader.set_basedir(play._included_path)
-                    else:
-                        pb_dir = os.path.realpath(os.path.dirname(p['playbook']))
-                        loader.set_basedir(pb_dir)
-
-                    msg = "\n  play #%d (%s): %s" % (idx + 1, ','.join(play.hosts), play.name)
-                    mytags = set(play.tags)
-                    msg += '\tTAGS: [%s]' % (','.join(mytags))
-
-                    if context.CLIARGS['listhosts']:
-                        playhosts = set(inventory.get_hosts(play.hosts))
-                        msg += "\n    pattern: %s\n    hosts (%d):" % (play.hosts, len(playhosts))
-                        for host in playhosts:
-                            msg += "\n      %s" % host
-
-                    display.display(msg)
-
-                    all_tags = set()
-                    if context.CLIARGS['listtags'] or context.CLIARGS['listtasks']:
-                        taskmsg = ''
-                        if context.CLIARGS['listtasks']:
-                            taskmsg = '    tasks:\n'
-
-                        def _process_block(b):
-                            taskmsg = ''
-                            for task in b.block:
-                                if isinstance(task, Block):
-                                    taskmsg += _process_block(task)
-                                else:
-                                    if task.action == 'meta':
-                                        continue
-
-                                    all_tags.update(task.tags)
-                                    if context.CLIARGS['listtasks']:
-                                        cur_tags = list(mytags.union(set(task.tags)))
-                                        cur_tags.sort()
-                                        if task.name:
-                                            taskmsg += "      %s" % task.get_name()
-                                        else:
-                                            taskmsg += "      %s" % task.action
-                                        taskmsg += "\tTAGS: [%s]\n" % ', '.join(cur_tags)
-
-                            return taskmsg
-
-                        all_vars = variable_manager.get_vars(play=play)
-                        for block in play.compile():
-                            block = block.filter_tagged_tasks(all_vars)
-                            if not block.has_tasks():
-                                continue
-                            taskmsg += _process_block(block)
-
-                        if context.CLIARGS['listtags']:
-                            cur_tags = list(mytags.union(all_tags))
-                            cur_tags.sort()
-                            taskmsg += "      TASK TAGS: [%s]\n" % ', '.join(cur_tags)
-
-                        display.display(taskmsg)
-
-        if 'vpn-host' not in inventory.groups:
-            raise ValueError('no_vpn_host')
-        else:
-            host = inventory.groups['vpn-host'].hosts[0].name
-            host_vars = variable_manager.get_vars()['hostvars'][host]
-            return {
-                'CA_password': host_vars.get('CA_password'),
-                'p12_export_password': host_vars.get('p12_export_password'),
-                'algo_server_name': host_vars.get('server_name'),
-                'ipv6_support': host_vars.get('ipv6_support'),
-                'local_service_ip': host_vars.get('ansible_lo') and
-                                    host_vars.get('ansible_lo').get('ipv4_secondaries') and
-                                    host_vars.get('ansible_lo').get('ipv4_secondaries')[0]['address'],
-                'ansible_ssh_host': host,
-            }
-
-    @staticmethod
-    def _flush_cache(inventory, variable_manager):
-        for host in inventory.list_hosts():
-            hostname = host.get_name()
-            variable_manager.clear_facts(hostname)
diff --git a/app/server.py b/app/server.py
index ab4f4050c..060b144f7 100644
--- a/app/server.py
+++ b/app/server.py
@@ -1,14 +1,9 @@
-import asyncio
-import base64
-import concurrent.futures
 import configparser
-import hashlib
-import hmac
 import json
 import os
+import re
 import sys
 from os.path import join, dirname, expanduser
-from urllib.parse import quote, urlencode
 
 import ansible_runner
 import yaml
@@ -59,7 +54,7 @@
 
 
 class Status:
-    RUNNING = 'run'
+    RUNNING = 'running'
     ERROR = 'error'
     CANCELLED = 'cancelled'
     DONE = 'done'
@@ -72,10 +67,30 @@ def __init__(self):
         self.status = Status.NEW
         self.want_cancel = False
         self.events = []
+        self.config_vars = {}
         self._runner = None
 
     def event_handler(self, data: dict) -> None:
-        self.events.append(data)
+        if data['event'] == 'runner_on_ok':
+            # Looking for '-passout pass:"{{ CA_password }}"'
+            if 'Build the CA pair' in data['event_data']['task']:
+                m = re.match(r'-passout pass:\"(?P<password>.*)\"', data['event_data']['cmd'])
+                if m:
+                    self.config_vars['CA_password'] = m.group('password')
+
+            # Looking for '-passout pass:"{{ p12_export_password }}"'
+            if "Build the client's p12" in data['event_data']['task']:
+                m = re.match(r'-passout pass:\"(?P<password>.*)\"', data['event_data']['cmd'])
+                if m:
+                    self.config_vars['p12_export_password'] = m.group('password')
+
+            # Looking for 'DNS = {{ wireguard_dns_servers }}'
+            if "Generate QR codes" in data['event_data']['task']:
+                self.config_vars['host'] = data['event_data']['host']
+                m = re.match(r'DNS = (?P<dns>.*)\n\n', data['event_data']['cmd'])
+                if m:
+                    self.config_vars['local_service_ip'] = m.group('dns')
+            self.events.append(data)
 
     def cancel_handler(self) -> bool:
         if self.want_cancel:
@@ -113,6 +128,7 @@ async def handle_index(_):
 async def playbook_get_handler(_):
     return web.json_response({
         'status': playbook.status,
+        'result': playbook.config_vars if playbook.status == Status.DONE else {},
         'events': playbook.events,
     })
 
diff --git a/app/static/index.html b/app/static/index.html
index 74c4822c0..ee73afddb 100644
--- a/app/static/index.html
+++ b/app/static/index.html
@@ -18,6 +18,20 @@
     .fade-enter, .fade-leave-to /* .fade-leave-active below version 2.1.8 */ {
       opacity: 0;
     }
+    .console-item {
+        display: block;
+        max-height: 10em;
+    }
+    .console-enter-active, .console-leave-active {
+        transition: all 500ms;
+    }
+    .console-leave-to {
+        opacity: 0;
+        max-height: 0;
+    }
+    .console-enter {
+        opacity: 0;
+    }
     .back-button {
       position: absolute;
       border-radius: 50%;
diff --git a/app/static/status-running.vue b/app/static/status-running.vue
index 2daa05c02..c25ec19b2 100644
--- a/app/static/status-running.vue
+++ b/app/static/status-running.vue
@@ -2,46 +2,67 @@
   <section class="text-center">
     <p>Set up usually takes 5-15 minutes</p>
     <p>You can close tab and open it again</p>
-    <p>You can try to <button type="button" class="btn btn-link stop-button" v-on:click="$emit('submit')">STOP</button> setup and run it again</p>
+    <p>You can try to
+      <button type="button" class="btn btn-link stop-button" v-on:click="$emit('submit')">STOP</button>
+      setup and run it again
+    </p>
     <p>Don’t close terminal!</p>
+    <transition-group name="console" tag="div">
+      <code class="console-item" v-for="(event, i) in last_n_events" v-bind:key="event.counter">[{{ event.counter }}]: {{ event.stdout }}</code>
+    </transition-group>
   </section>
 </template>
 
 <script>
 module.exports = {
+  data: function () {
+    return {
+      events: []
+    }
+  },
+  computed: {
+    last_n_events() {
+      return this.events.filter(ev => (ev.stdout)).slice(-6);
+    }
+  },
   created() {
     const loop = () => {
       this.check()
-      .then(() => {
-        setTimeout(loop, 5000);
-      });
+          .then(() => {
+            setTimeout(loop, 5000);
+          });
     };
     setTimeout(loop, 5000);
   },
   methods: {
-    check: function() {
+    check: function () {
       return fetch("/playbook")
-        .then(r => r.json())
-        .catch(() => {
-          this.$emit('error');
-        })
-        .then(data => {
-          if (data.status && data.status === 'done') {
-            this.$emit('done');
-            throw new Error();
-          }
-          if (!data.status || data.status === 'cancelled') {
-            this.$emit('cancelled');
-            throw new Error();
-          }
-        });
+          .then(r => r.json())
+          .catch(() => {
+            this.$emit('error');
+          })
+          .then(data => {
+            this.events = data.events;
+            if (data.status && data.status === 'done') {
+              this.$emit('done');
+              throw new Error();
+            }
+            if (!data.status || data.status === 'cancelled') {
+              this.$emit('cancelled');
+              throw new Error();
+            }
+          });
     }
   }
 }
 </script>
 <style scoped>
-  .stop-button {
-    color: red;
-    text-decoration: underline;
-  }
+code {
+  display: block;
+  text-align: left;
+}
+.stop-button {
+  color: red;
+  text-decoration: underline;
+}
 </style>

From aa0fff068e4ff058765ffb6866e0c883c9fa49e6 Mon Sep 17 00:00:00 2001
From: Ivan Gromov <summer.is.gone@gmail.com>
Date: Fri, 16 Sep 2022 02:09:44 +0500
Subject: [PATCH 39/39] More careful variable extraction, without regexp

---
 app/server.py                 | 90 ++++++++++++++++++++++++-----------
 app/static/index.html         | 26 +++++-----
 app/static/provider-vultr.vue |  9 ++--
 app/static/status-done.vue    |  2 +-
 app/static/status-running.vue | 10 ++--
 5 files changed, 86 insertions(+), 51 deletions(-)

diff --git a/app/server.py b/app/server.py
index 060b144f7..90775a2ff 100644
--- a/app/server.py
+++ b/app/server.py
@@ -1,9 +1,9 @@
 import configparser
 import json
 import os
-import re
 import sys
 from os.path import join, dirname, expanduser
+from functools import reduce
 
 import ansible_runner
 import yaml
@@ -55,12 +55,27 @@
 
 class Status:
     RUNNING = 'running'
-    ERROR = 'error'
-    CANCELLED = 'cancelled'
-    DONE = 'done'
+    ERROR = 'failed'
+    TIMEOUT = 'timeout'
+    CANCELLED = 'canceled'
+    DONE = 'successful'
     NEW = None
 
 
+def by_path(data: dict, path: str):
+    def get(obj, attr):
+        if type(obj) is dict:
+            return obj.get(attr, None)
+        elif type(obj) is list:
+            try:
+                return obj[int(attr)]
+            except ValueError:
+                return None
+        else:
+            return None
+
+    return reduce(get, path.split('.'), data)
+
 class Playbook:
 
     def __init__(self):
@@ -69,28 +84,40 @@ def __init__(self):
         self.events = []
         self.config_vars = {}
         self._runner = None
+    
+    def parse(self, event: dict):
+        data = {}
+        if by_path(event, 'event_data.task') == 'Set subjectAltName as a fact':
+            ansible_ssh_host = by_path(event, 'event_data.res.ansible_facts.IP_subject_alt_name')
+            if ansible_ssh_host:
+                data['ansible_ssh_host'] = ansible_ssh_host
+
+        if by_path(event, 'event_data.play') == 'Configure the server and install required software':
+            local_service_ip = by_path(event, 'event_data.res.ansible_facts.ansible_lo.ipv4_secondaries.0.address')
+            ipv6 = by_path(event, 'event_data.res.ansible_facts.ansible_lo.ipv6.0.address')
+            p12_export_password = by_path(event, 'event_data.res.ansible_facts.p12_export_password')
+            if local_service_ip:
+                data['local_service_ip'] = local_service_ip
+            if ipv6:
+                data['ipv6'] = ipv6
+            if p12_export_password:
+                data['p12_export_password'] = p12_export_password
+
+        if by_path(event, 'event_data.play') == 'Provision the server':
+            host_name = by_path(event, 'event_data.res.add_host.host_name')
+            if host_name:
+                data['host_name'] = host_name
+        
+        return data if data else None
 
     def event_handler(self, data: dict) -> None:
-        if data['event'] == 'runner_on_ok':
-            # Looking for '-passout pass:"{{ CA_password }}"'
-            if 'Build the CA pair' in data['event_data']['task']:
-                m = re.match(r'-passout pass:\"(?P<password>.*)\"', data['event_data']['cmd'])
-                if m:
-                    self.config_vars['CA_password'] = m.group('password')
-
-            # Looking for '-passout pass:"{{ p12_export_password }}"'
-            if "Build the client's p12" in data['event_data']['task']:
-                m = re.match(r'-passout pass:\"(?P<password>.*)\"', data['event_data']['cmd'])
-                if m:
-                    self.config_vars['p12_export_password'] = m.group('password')
-
-            # Looking for 'DNS = {{ wireguard_dns_servers }}'
-            if "Generate QR codes" in data['event_data']['task']:
-                self.config_vars['host'] = data['event_data']['host']
-                m = re.match(r'DNS = (?P<dns>.*)\n\n', data['event_data']['cmd'])
-                if m:
-                    self.config_vars['local_service_ip'] = m.group('dns')
-            self.events.append(data)
+        if self.parse(data):
+            self.config_vars.update(self.parse(data))
+
+        self.events.append(data)
+
+    def status_handler(self, status_data: dict, *args, **kwargs) -> None:
+        self.status = status_data.get('status')
 
     def cancel_handler(self) -> bool:
         if self.want_cancel:
@@ -103,11 +130,14 @@ def cancel(self) -> None:
     def run(self, extra_vars: dict) -> None:
         self.want_cancel = False
         self.status = Status.RUNNING
-        _, runner = ansible_runner.run_async(private_data_dir='.',
-                                             playbook='main.yml',
-                                             extravars=extra_vars,
-                                             cancel_callback=self.cancel_handler,
-                                             event_handler=self.event_handler)
+        _, runner = ansible_runner.run_async(
+            private_data_dir='.',
+            playbook='main.yml',
+            extravars=extra_vars,
+            status_handler=self.status_handler,
+            cancel_callback=self.cancel_handler,
+            event_handler=self.event_handler
+        )
         self._runner = runner
 
 
@@ -282,12 +312,14 @@ async def check_vultr_config(request):
         try:
             open(os.environ['VULTR_API_CONFIG'], 'r').read()
             response['has_secret'] = True
+            response['saved_to'] = os.environ.get('VULTR_API_CONFIG')
         except IOError:
             pass
     try:
         default_path = expanduser(join('~', '.vultr.ini'))
         open(default_path, 'r').read()
         response['has_secret'] = True
+        response['saved_to'] = default_path
     except IOError:
         pass
     return web.json_response(response)
diff --git a/app/static/index.html b/app/static/index.html
index ee73afddb..2ca9e61a6 100644
--- a/app/static/index.html
+++ b/app/static/index.html
@@ -71,10 +71,10 @@ <h1 class="mb-5 text-center" v-if="step === 'command'">
       <h1 class="mb-5 text-center" v-if="step === 'status-running'">
         <span class="spin">🙂</span> Please be patient
       </h1>
-      <h1 class="mb-5 text-center" v-if="step === 'status-error'">
+      <h1 class="mb-5 text-center" v-if="step === 'status-failed'">
         😢 Set up failed
       </h1>
-      <h1 class="mb-5 text-center" v-if="step === 'status-done'">
+      <h1 class="mb-5 text-center" v-if="step === 'status-successful'">
          🥳 Congratulations, your Algo server is running!
       </h1>
       <h1 class="mb-5 text-center" v-if="step === 'status-exit'">
@@ -82,7 +82,7 @@ <h1 class="mb-5 text-center" v-if="step === 'status-exit'">
       </h1>
     </h1>
     <transition name="fade">
-      <div class="row" v-if="step == 'setup'">
+      <div class="row" v-if="step === 'setup'">
         <user-config class="col-md-4 order-md-2 mb-4"></user-config>
         <vpn-setup class="col-md-8 order-md-1"
           v-bind:extra_args="extra_args"
@@ -90,35 +90,35 @@ <h1 class="mb-5 text-center" v-if="step === 'status-exit'">
       </div>
     </transition>
     <transition name="fade">
-      <provider-setup v-if="step == 'provider'"
+      <provider-setup v-if="step === 'provider'"
                       v-bind:extra_args="extra_args"
                       v-on:submit="step = 'command'">
       </provider-setup>
     </transition>
     <transition name="fade">
-      <command-preview v-if="step == 'command'"
+      <command-preview v-if="step === 'command'"
                       v-bind:extra_args="extra_args"
                       v-on:submit="start(); step = 'status-running';">
       </command-preview>
     </transition>
     <transition name="fade">
-      <status-running v-if="step == 'status-running'"
+      <status-running v-if="step === 'status-running'"
                       v-on:submit="stop(); step = 'setup';"
-                      v-on:done="step = 'status-done'"
-                      v-on:error="step = 'status-error'"
+                      v-on:successful="step = 'status-successful'"
+                      v-on:error="step = 'status-failed'"
                       v-on:cancelled="step = 'setup'">
       </status-running>
     </transition>
     <transition name="fade">
-      <section v-if="step == 'status-error'" class="text-center">
+      <section v-if="step === 'status-failed'" class="text-center">
         <p>Now it’s time to inspect console output</p>
         <p>Restart console process to try again</p>
       </section>
     </transition>
     <transition name="fade">
-      <status-done v-if="step == 'status-done'"
+      <status-successful v-if="step === 'status-successful'"
                    v-on:submit="exit(); step = 'status-exit'" >
-      </status-done>
+      </status-successful>
     </transition>
   </div>
 
@@ -144,13 +144,13 @@ <h1 class="mb-5 text-center" v-if="step === 'status-exit'">
         'provider-setup': window.httpVueLoader('/static/provider-setup.vue'),
         'command-preview': window.httpVueLoader('/static/command-preview.vue'),
         'status-running': window.httpVueLoader('/static/status-running.vue'),
-        'status-done': window.httpVueLoader('/static/status-done.vue')
+        'status-successful': window.httpVueLoader('/static/status-done.vue')
       },
       created() {
         fetch("/playbook")
           .then(r => r.json())
           .catch(() => {
-            this.step = 'status-error';
+            this.step = 'status-failed';
           })
           .then(data => {
             if (data.status && data.status !== 'cancelled'){
diff --git a/app/static/provider-vultr.vue b/app/static/provider-vultr.vue
index dbec2455a..594659b8a 100644
--- a/app/static/provider-vultr.vue
+++ b/app/static/provider-vultr.vue
@@ -85,6 +85,7 @@ module.exports = {
         .then(response => {
           if (response.has_secret) {
             this.ui_token_from_env = true;
+            this.vultr_config = response.saved_to;
             this.load_regions();
           } else if (response.error) {
             this.ui_config_error = response.error;
@@ -138,10 +139,8 @@ module.exports = {
     },
     submit() {
       let submit_value = {
-        region: this.region
-      }
-      if (!this.ui_token_from_env) {
-        submit_value['vultr_config'] = this.vultr_config;
+        region: this.region,
+        vultr_config: this.vultr_config
       }
       this.$emit("submit", submit_value);
     },
@@ -150,4 +149,4 @@ module.exports = {
     "region-select": window.httpVueLoader("/static/region-select.vue"),
   }
 };
-</script>
\ No newline at end of file
+</script>
diff --git a/app/static/status-done.vue b/app/static/status-done.vue
index fba4f9cbf..e0ea7b08d 100644
--- a/app/static/status-done.vue
+++ b/app/static/status-done.vue
@@ -7,7 +7,7 @@
       <p v-if="result.local_service_ip">Local DNS resolver {{result.local_service_ip}}</p>
       <p v-if="result.p12_export_password">The p12 and SSH keys password for new users is <code>{{result.p12_export_password}}</code></p>
       <p v-if="result.CA_password">The CA key password is <code>{{result.CA_password}}</code></p>
-      <p v-if="result.ssh_access">Shell access: <code>ssh -F configs/{{result.ansible_ssh_host}}/ssh_config {{config.server_name}}</code></p>
+      <p v-if="result.ansible_ssh_host">Shell access: <code>ssh -F configs/{{result.ansible_ssh_host}}/ssh_config {{config.server_name}}</code></p>
       <p>Read more on how to set up clients at the <a href="https://github.com/trailofbits/algo" target="_blank" rel="noopener noopener">Algo home page</a></p>
     </section>
     <section>
diff --git a/app/static/status-running.vue b/app/static/status-running.vue
index c25ec19b2..eb8a83032 100644
--- a/app/static/status-running.vue
+++ b/app/static/status-running.vue
@@ -8,7 +8,7 @@
     </p>
     <p>Don’t close terminal!</p>
     <transition-group name="console" tag="div">
-      <code class="console-item" v-for="(event, i) in last_n_events" v-bind:key="event.counter">[{{ event.counter }}]: {{ event.stdout }}</code>
+      <code class="console-item" v-for="(event, i) in last_n_events" v-bind:key="event.counter">{{ event.stdout }}</code>
     </transition-group>
   </section>
 </template>
@@ -43,8 +43,12 @@ module.exports = {
           })
           .then(data => {
             this.events = data.events;
-            if (data.status && data.status === 'done') {
-              this.$emit('done');
+            if (data.status && data.status === 'successful') {
+              this.$emit('successful');
+              throw new Error();
+            }
+            if (data.status && data.status === 'failed') {
+              this.$emit('error');
               throw new Error();
             }
             if (!data.status || data.status === 'cancelled') {