#!/bin/bash
# up

# remove non-printable chars first...
tr -dc '[[:print:]]' <<< "$username"
# then do more input validation on the supplied token...
if grep -P '^[\-a-zA-Z0-9]+$' <<<$username; then
 # token contains only allowed chars, good
 if [[ "${#username}" == 128 ]]; then
  # token is the length of a sha512 hash, good
  hash=$username
 fi
 if [[ "${#username}" == 127 ]]; then
  # fix needed for routers that chop off the last char
  hash=$username
 fi
 if [[ "${#username}" == 126 ]]; then
  # same thing as above
  hash=$username
 fi
 if [[ "${#username}" == 23 ]]; then
  # token is 23 chars long, someone forgot to hash their token,
  # so do it for them, then continue
  hash=`echo -n $username|openssl sha -sha512|awk '{print $NF}'`
 fi
 if [ "$hash" == "" ]; then
  # $hash is empty, which means whatever was provided contained valid chars,
  # but wasn't the length of a token or a hash, so don't let them in
  exit 1
 fi
else
 # token contains invalid chars, possible screwup,
 # possible attempt to inject shell/db commands, so reject
 exit 1
fi
# check if the token is valid and not expired and only allow a new session if max sessions isn't reached
result=`timeout 8 wget -T8 -qO- https://[redacted]?token=$hash`
if [ $? != 0 ] || [ "$result" == "good" ]; then
        # increase session counter for token
        result=`timeout 8 wget -T8 -qO- "https://[redacted]?token=${hash}&action=up"`

        # figure out the instance name from $config, which contains the full path to the openvpn .conf,
        # then use the dir /tmp/[instance name]/pool/ as the dir to hold the files that respresent the
        # of IPs in the pool that are in use
        openvpn_dir=`echo $config|awk -F/ '{print "/tmp/"$3}'`
        instance_pool_dir=`echo $openvpn_dir`/pool
        instance=`echo $openvpn_dir|awk -F/ '{print $3}'`
        POOL=`grep ^server $config|awk '{print $2}'|awk -F. '{print $1"."$2}'`

        # create /tmp/[instance name]/pool/ if it's not already there
        if [ ! -d $instance_pool_dir ]; then
         mkdir -p $instance_pool_dir
        fi

        # randomly grab an unused IP from the internal 10.whatever subnet specific to that instance.
        # i.e., for the win udp instance, subnet is 10.44.0.0/16, so assign to the client 10.44.16.58 (for example)
        # instead of the default incremental 10.44.0.5 (if there were 4 people on the instance).
        found_one=0
        while [ "$found_one" -eq "0" ]; do
         # randomly generate the last 2 octets, in the range of 3-254 for each.
         RANDIP=$POOL.`echo $[ 3 + $[ RANDOM % 254 ]]`.`echo $[ 3 + $[ RANDOM % 254 ]]`
         # not taken yet?
         if [ ! -r $instance_pool_dir/$RANDIP ]; then
          # take it
          touch $instance_pool_dir/$RANDIP
          # write out the ifconfig line to $1 which is picked up by openvpn
          echo "ifconfig-push $RANDIP 255.255.0.0" > $1
          found_one=1
         fi
        done

        # found a random IP and pushed it to the client, so exit happily!
        # (or something went horribly wrong, still exit 0 so the client can get in anyways)
        exit 0
else
 exit 1
fi