luci-app-tor: Manage Onion services (tor-hs)

The tor-hs packages provides Tor Onion (Hidden) Services.
This is a good option to bypass NAT and have stable access to a router.

Later once the main Tor package gains a support of a Proxy/Bridge configuration.
We can add this to the same luci app as a different view.

Signed-off-by: Sergey Ponomarev <[email protected]>

applications/luci-app-tor/Makefile

@@ -0,0 +1,11 @@
+# See /LICENSE for more information.
+# This is free software, licensed under the GNU General Public License v2.
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=LuCI app to configure Tor
+LUCI_DEPENDS:=+luci-base
+
+include ../../luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature

applications/luci-app-tor/htdocs/luci-static/resources/view/tor/tor-hs.js

@@ -0,0 +1,85 @@
+'use strict';
+'require view';
+'require form';
+'require rpc';
+'require uci';
+
+var callTorHsList = rpc.declare({
+	object: 'tor_rpcd.sh',
+	method: 'list-hs',
+});
+
+
+return view.extend({
+	load: function () {
+		return Promise.all([
+			L.resolveDefault(callTorHsList(), {}),
+		]);
+	},
+
+	render: function (data) {
+		var hsList = data[0]['hs-list']
+		var hsMap = new Map()
+		hsList.forEach(function (hs) {
+			hsMap.set(hs.name, hs.hostname);
+		});
+
+		var m, s, o;
+
+		m = new form.Map('tor-hs', _('Tor Onion Services'),
+			_('<a href="https://openwrt.org/docs/guide-user/services/tor/hs" target="_blank">Tor Onion (Hidden) Services</a> are proxy tunnels to your local website, SSH and other services'));
+
+		s = m.section(form.GridSection, 'hidden-service', _('Tor Onion Services'));
+		s.addremove = true;
+		s.nodescriptions = true;
+
+		o = s.option(form.Flag, 'Enabled', _('Enabled'), '');
+		o.default = '1';
+		o.rmempty = false;
+
+		o = s.option(form.Value, 'Name', _('Name'), '');
+		o.datatype = 'uciname';
+		o.rmempty = false;
+		o.cfgvalue = function(section_id) {
+			var name = uci.get('tor-hs', section_id, 'Name');
+			if (!name)
+				return section_id;
+			return name;
+		};
+
+		o = s.option(form.DummyValue, '_Domain', _('Onion domain'), '');
+		o.modalonly = false;
+		o.rawhtml = true;
+		o.textvalue = function (section_id) {
+			var name = uci.get('tor-hs', section_id, 'Name');
+			if (!name)
+				return '';
+			var hostname = hsMap.get(name);
+			if (!hostname)
+				return '';
+			return '<a href="http://' + hostname + '" target="_blank" rel="noreferrer">' + _('Link') + '</a>';
+		};
+
+		o = s.option(form.Value, 'Description', _('Description'), '');
+		o.modalonly = true;
+
+		o = s.option(form.Value, 'IPv4', _('Destination IP Address'),
+			_('Traffic will be forwarded to the IP address')
+		);
+		o.datatype = 'ip';
+		o.default = '127.0.0.1';
+
+		o = s.option(form.DynamicList, 'PublicLocalPort', _('Public to Local Ports'),
+			_('PublicPort;Local Port or PublicPort;LocalUnixSocket'));
+		o.default = ['80', '443'];
+		o.datatype = 'list(string)';
+		o.rmempty = false;
+
+		o = s.option(form.Value, 'HookScript', _('Hook Script'),
+			_('Path to script which is executed after starting Tor. ' +
+				'The Onion domain is passes into the script with parameters `--update-onion HOSTNAME`'));
+		o.modalonly = true;
+
+		return m.render();
+	},
+});

applications/luci-app-tor/root/usr/share/luci/menu.d/luci-app-tor.json

@@ -0,0 +1,15 @@
+{
+	"admin/services/tor": {
+		"title": "Tor Onion Services",
+		"order": 60,
+		"action": {
+			"type": "view",
+			"path": "tor/tor-hs"
+		},
+		"depends": {
+			"acl": [
+				"luci-app-tor"
+			]
+		}
+	}
+}

applications/luci-app-tor/root/usr/share/rpcd/acl.d/luci-app-tor.json

@@ -0,0 +1,31 @@
+{
+	"luci-app-tor": {
+		"description": "Grant UCI access to LuCI app Tor",
+		"read": {
+			"ubus": {
+				"uci": [
+					"get"
+				],
+				"tor_rpcd.sh": [
+					"list-hs"
+				]
+			},
+			"uci": [
+				"tor",
+				"tor-hs"
+			]
+		},
+		"write": {
+			"ubus": {
+				"uci": [
+					"set",
+					"commit"
+				]
+			},
+			"uci": [
+				"tor",
+				"tor-hs"
+			]
+		}
+	}
+}