#!/bin/bash
# session_up.sh
username=$(echo "$username" | tr -dc 'a-zA-Z0-9-' )
case "${#username}" in
    128|127|126) hash=$username ;; # is a hash already (some routers cut off the last one or two bytes, so accounting for that)
    23) hash=$(echo -n "$username" | openssl sha512 | awk '{print $NF}') ;; # they didn't hash the token, so do it for them
    *) exit 1 ;; # not the length of a token or a token hash, so reject
esac
# check if the token is valid and not expired and only allow a new session if max sessions isn't reached
result=`timeout 8 wget -4 -T8 -qO- https://[redacted]?token=$hash`
if [ $? != 0 ] || [ "$result" == "good" ]; then

        # increase session counter for token
        result=`timeout 8 wget -4 -T8 -qO- "https://[redacted]?token=${hash}&action=up"`
        if [ "$result" == "max" ]; then
          exit 1;
        fi

        # use /tmp/pool/ to hold the files that respresent the IPs in the pool that are in use
        instance_pool_dir=/tmp/pool
        if [ ! -d $instance_pool_dir ]; then
         mkdir -p $instance_pool_dir
        fi

        # Generate a random IPv6 address for the client
        if [[ -n $ifconfig_pool_remote_ip6 ]]; then
         found_one=0
         while [ "$found_one" -eq "0" ]; do
          rand=$(od -An -N8 -tu8 < /dev/urandom | awk '{print $1}')
          hex=$(printf "%016x\n" $rand)
          RANDIP="${ifconfig_pool_remote_ip6%%::*}:${hex:0:4}:${hex:4:4}:${hex:8:4}:${hex:12:4}"
          if [ ! -r $instance_pool_dir/$RANDIP ]; then
           touch $instance_pool_dir/$RANDIP
           echo "ifconfig-ipv6-push ${RANDIP} fe80::1" >> $1
           # And tell the client to use the IPv6 DNS server hosted on the VPN server they're connected to
           echo 'push "dhcp-option DNS 2001:db8::8"' >> $1
           found_one=1
          fi
         done
        fi


        # Generate a random IPv4 address for the client
        # (even for the IPv6 instances since they're dual-stack)
        if [[ -n $ifconfig_pool_remote_ip ]]; then
         POOL=`echo $ifconfig_pool_remote_ip|awk -F. '{print $1"."$2"."$3}'`
         found_one=0
         while [ "$found_one" -eq "0" ]; do
          RANDIP=$POOL.`echo $[ 3 + $[ RANDOM % 251 ]]`
          if [ ! -r $instance_pool_dir/$RANDIP ]; then
           touch $instance_pool_dir/$RANDIP
           echo "ifconfig-push $RANDIP 255.255.255.0" >> $1
           # And tell the client to use the IPv4 DNS server hosted on the VPN server they're connected to
           echo 'push "dhcp-option DNS 10.31.33.8"' >> $1
           found_one=1
          fi
         done
        fi

        # Minor tweaks for Windows users
        if [[ $IV_PLAT == "win" ]]; then
                echo 'push "redirect-gateway bypass-dhcp"' >> $1
                echo 'push "register-dns"' >> $1
                if [[ $IV_VER =~ ^2\.3.* ]]; then
                        # Prevent DNS leaks on Windows, if their OpenVPN is > 2.3.8
                        # since that's when --block-outside-dns support was added
                        test_ver=`echo $IV_VER|awk -F. '{print $NF}'`
                        if [ $test_ver -gt 8 ]; then
                                echo 'push "block-outside-dns"' >> $1
                        fi
                else
                        echo 'push "block-outside-dns"' >> $1
                fi
        fi
        # Found a random IP and pushed it to the client, so exit with success
        # (or something went horribly wrong, so still exit 0 so the client can get in anyways)
        exit 0
else
 exit 1
fi