vpn ready?

App/Mikrotik/mikrotikRoutes.py

@@ -0,0 +1,133 @@
+from fastapi import APIRouter, HTTPException, status
+from typing import List, Optional
+from fastapi import FastAPI, HTTPException, Depends, Body, Path
+from fastapi.responses import JSONResponse
+from .utils.helperfx import get_mikrotik, MikrotikAPI
+from .schema import (
+    UserCreate,
+    RegisterResponse,
+    LogoutResponse,
+    UserStatsResponse,
+    ActiveUsersResponse,
+    UserStatusResponse,
+)
+
+mikrotik_router = APIRouter(tags=["Mikrotik"])
+
+
+# New route to remove a user's active session
+@mikrotik_router.post("/users/{phone}/remove-session")
+async def remove_active_session(
+    phone: str = Path(..., description="User phone number"),
+    mikrotik: MikrotikAPI = Depends(get_mikrotik),
+):
+    """Remove an active session for a hotspot user"""
+    response = mikrotik.remove_active_session(phone)
+    if not response["success"]:
+        return JSONResponse(
+            status_code=400,
+            content=response,
+        )
+    return JSONResponse(content={"message": f"User {phone} session removed"})
+
+
+@mikrotik_router.post("/users/register", response_model=RegisterResponse)
+async def register_user(
+    user: UserCreate = Body(...), mikrotik: MikrotikAPI = Depends(get_mikrotik)
+):
+    """Register a new hotspot user"""
+    response = mikrotik.add_hotspot_user(
+        phone=user.phoneNumber, password=user.password, profile=user.profile
+    )
+    print(response)
+    if not response.code == 200:
+        return JSONResponse(
+            status_code=400,
+            content=response.__dict__,
+        )
+    return response.__dict__
+
+
+@mikrotik_router.post("/users/logout/{phone}", response_model=LogoutResponse)
+async def logout_user(
+    phone: str = Path(..., description="User phone number"),
+    mikrotik: MikrotikAPI = Depends(get_mikrotik),
+):
+    """Logout a hotspot user"""
+    response = mikrotik.logout_hotspot_user(phone)
+    if not response.code == 200:
+        return JSONResponse(
+            status_code=400,
+            content=response.__dict__,
+        )
+    return response.__dict__
+
+
+@mikrotik_router.post("/users/{phone}/disable", response_model=UserStatusResponse)
+async def disable_user(
+    phone: str = Path(..., description="User phone number"),
+    mikrotik: MikrotikAPI = Depends(get_mikrotik),
+):
+    """Disable a hotspot user"""
+    response = mikrotik.set_user_status(phone, disabled=True)
+    print(response)
+    if not response.code == 200:
+        return JSONResponse(
+            status_code=400,
+            content=response,
+        )
+    return response.__dict__
+
+
+@mikrotik_router.post("/users/{phone}/enable", response_model=UserStatusResponse)
+async def enable_user(
+    phone: str = Path(..., description="User phone number"),
+    mikrotik: MikrotikAPI = Depends(get_mikrotik),
+):
+    """Enable a hotspot user"""
+    response = mikrotik.set_user_status(phone, disabled=False)
+    if not response.code == 200:
+        return JSONResponse(
+            status_code=400,
+            content=response.__dict__,
+        )
+    return response.__dict__
+
+
+@mikrotik_router.get("/users/active", response_model=ActiveUsersResponse)
+async def get_active_users(mikrotik: MikrotikAPI = Depends(get_mikrotik)):
+    """Get list of active hotspot users"""
+    response = mikrotik.get_active_users()
+    print(response)
+    if not response.code == 200:
+        return JSONResponse(
+            status_code=400,
+            content=response.__dict__,
+        )
+    return response
+
+
+@mikrotik_router.get("/users/stats", response_model=UserStatsResponse)
+async def get_users_stats(
+    phone: Optional[str] = None, mikrotik: MikrotikAPI = Depends(get_mikrotik)
+):
+    """Get user statistics"""
+    response = mikrotik.get_user_stats(phone)
+    if not response.code == 200:
+        return JSONResponse(
+            status_code=400,
+            content=response.__dict__,
+        )
+    return response.__dict__
+
+
+@mikrotik_router.get("/users")
+async def get_users_list(mikrotik: MikrotikAPI = Depends(get_mikrotik)):
+    """Get list of all hotspot users"""
+    response = mikrotik.get_users_list()
+    if not response.code == 200:
+        return JSONResponse(
+            status_code=400,
+            content=response.__dict__,
+        )
+    return response

App/Mikrotik/schema.py

@@ -0,0 +1,246 @@
+from pydantic import BaseModel, Field, constr
+from typing import Optional, List
+from datetime import datetime
+from pydantic import BaseModel, Field, validator
+from typing import Optional, List, Any, Dict
+from .utils.helperfx import PhoneValidator
+
+# Extend the existing schema
+
+# Constants for phone and MAC address patterns
+PHONE_PATTERN = r"^(?:\+255|0)\d{9}$"
+MAC_PATTERN = r"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$"
+
+
+# Register User Request
+class RegisterUserRequest(BaseModel):
+    name: str = Field(..., max_length=100)
+    password: str = Field(..., max_length=100)
+    phoneNumber: str = Field(
+        ...,
+        pattern=PHONE_PATTERN,
+        description="Tanzanian phone number starting with +255 or 0 followed by 9 digits",
+    )
+    mac_address: str = Field(
+        ..., pattern=MAC_PATTERN, description="MAC address in standard format"
+    )
+
+    def hash_password(self):
+        self.password = pwd_context.hash(self.password)
+
+    class Config:
+        schema_extra = {
+            "example": {
+                "name": "John Doe",
+                "password": "StrongPassword1!",
+                "phoneNumber": "+255123456789",
+                "mac_address": "00:1A:2B:3C:4D:5E",
+            }
+        }
+
+
+# Login User Request
+class LoginUserRequest(BaseModel):
+    phoneNumber: str = Field(..., pattern=PHONE_PATTERN)
+    password: str
+    mac_address: str = Field(..., pattern=MAC_PATTERN)
+
+
+# User Response with session data and additional information
+class UserSessionData(BaseModel):
+    phone: str
+    mac_address: str
+    ip_address: Optional[str] = None
+    uptime: Optional[str] = None
+    bytes_in: int = 0
+    bytes_out: int = 0
+    status: str  # Active, Inactive, Disabled, etc.
+    profile: str
+    login_time: Optional[datetime] = None
+    logout_time: Optional[datetime] = None
+
+
+# Extended response for listing active users and all users with detailed session data
+class ActiveUsersResponse(BaseModel):
+    code: int
+    message: str
+    active_users: List[UserSessionData]
+
+
+class UsersListResponse(BaseModel):
+    code: int
+    message: str
+    data: list
+
+
+# Add User Status Response to manage user enabling/disabling status
+class UserStatusResponse(BaseModel):
+    code: int
+    message: str
+    user_status: str  # Indicates whether the user is enabled or disabled
+
+
+# Base Response Schema for standardized responses
+class BaseResponse(BaseModel):
+    code: int
+    message: str
+    payload: Optional[dict] = None
+
+
+# Login and Logout Responses with tracking for login/logout times
+class LoginResponse(BaseResponse):
+    login_time: Optional[datetime] = None
+
+
+class LogoutResponse(BaseResponse):
+    logout_time: Optional[datetime] = None
+
+
+# Forgot Password and Reset Password Requests for account management
+class ForgotPasswordRequest(BaseModel):
+    phoneNumber: str = Field(..., pattern=PHONE_PATTERN)
+
+
+class ResetPasswordRequest(BaseModel):
+    phoneNumber: str = Field(..., pattern=PHONE_PATTERN)
+    new_password: str = Field(..., max_length=100)
+
+
+# User Statistics Response to get detailed statistics for specific or all users
+class UserStats(BaseModel):
+    phone: str
+    profile: str
+    status: str
+    uptime: str
+    bytes_in: int
+    bytes_out: int
+
+
+class UserListData(BaseModel):
+    phoneNumber: str = Field(..., description="User phone number")
+    profile: str = Field(..., description="User profile, e.g., bandwidth limit profile")
+    status: str = Field(..., description="User status, either 'active' or 'inactive'")
+    disabled: bool = Field(..., description="Whether the user is disabled")
+    comment: Optional[str] = Field(
+        None, description="Additional comments or notes for the user"
+    )
+    data_limit: Optional[int] = Field(
+        None, description="Total data limit for the user in bytes"
+    )
+
+
+class UserStatsResponse(BaseResponse):
+    user_stats: List[UserStats]
+
+
+# Example of a response builder for structured success and error responses
+class ResponseBuilder:
+    @staticmethod
+    def success(response_type: BaseModel, message: str, data: dict = None):
+        return response_type(code=200, message=message, payload=data)
+
+    @staticmethod
+    def error(response_type: BaseModel, message: str, error_details: str):
+        return response_type(
+            code=400, message=message, payload={"error": error_details}
+        )
+
+
+# Shared Phone Number Validator
+class UserBase(BaseModel):
+    phoneNumber: str = Field(..., description="User phone number")
+
+    @validator("phoneNumber")
+    def validate_phone(cls, phoneNumber):
+        is_valid, formatted_phone = PhoneValidator.validate_and_format(phoneNumber)
+        if not is_valid:
+            raise ValueError("Invalid phone number format")
+        return formatted_phone
+
+
+# Request Models
+class UserCreate(UserBase):
+    password: str = Field(..., min_length=4, description="User password")
+    profile: str = Field(default="2mbps_profile", description="User profile")
+
+
+class UserLogin(UserBase):
+    password: str = Field(..., description="User password")
+    mac_address: str = Field(..., description="Device MAC address")
+    ip_address: str = Field(..., description="User's IP address")
+
+
+# Base API Response Model
+class ApiResponse(BaseModel):
+    success: bool = True
+    message: Optional[str] = Field("success", description="Response message")
+    error: Optional[str] = None
+    data: Optional[Dict[str, Any]] = None
+
+
+# Detailed User Models
+class UserParams(BaseModel):
+    name: str
+    password: str
+    profile: str
+    disabled: bool
+
+
+class ActiveUserData(BaseModel):
+    phone: str
+    uptime: str
+    mac_address: str
+    ip_address: str
+    usage: UserStats
+
+
+class UserStatsData(BaseModel):
+    phoneNumber: str
+    profile: str
+    status: str  # Enabled or Disabled
+    uptime: str
+    usage: UserStats
+
+
+class UserListData(BaseModel):
+    phoneNumber: str
+    profile: str
+    status: str  # Active or Inactive
+    disabled: bool
+    comment: Optional[str] = ""
+    data_limit: Optional[int] = None
+
+
+# Specific Response Models
+class RegisterResponse(ApiResponse):
+    data: Optional[Dict[str, Any]] = Field(None, description="Registration details")
+
+
+class LoginResponse(ApiResponse):
+    data: Optional[Dict[str, Any]] = Field(None, description="Login details")
+
+
+class LogoutResponse(ApiResponse):
+    data: Optional[Dict[str, Any]] = Field(None, description="Logout details")
+
+
+class UserStatusResponse(ApiResponse):
+    data: Optional[Dict[str, Any]] = Field(
+        None, description="User status change details"
+    )
+
+
+class ActiveUsersResponse(ApiResponse):
+    active_users: List[UserSessionData]
+
+
+class UserStatsResponse(ApiResponse):
+    data: Optional[Dict[str, List[UserStatsData]]] = Field(
+        None, description="Statistics for users"
+    )
+
+
+class UsersListResponse(ApiResponse):
+    data: Optional[Dict[str, List[UserListData]]] = Field(
+        None, description="List of all users with details"
+    )

App/Mikrotik/utils/Config.py

@@ -0,0 +1,10 @@
+from dataclasses import dataclass
+
+
+@dataclass
+class RouterConfig:
+    """Class to store router configuration settings"""
+
+    host: str = "10.8.0.6"
+    username: str = "admin"
+    password: str = "G4TZ7QFJTW"

App/Mikrotik/utils/api.py

@@ -0,0 +1,426 @@
+from librouteros import connect
+from librouteros.query import Key
+import logging
+from typing import Optional
+from datetime import datetime
+from ..schema import *
+from ..schema import UserListData
+from .helperfx import PhoneValidator
+from .Config import RouterConfig
+from time import sleep
+
+
+class MikrotikAPI:
+    """Class to handle MikroTik router API operations, inherits VPNManager."""
+
+    def __init__(
+        self,
+        config: RouterConfig,
+    ):
+        """Initialize with router configuration and VPN configuration."""
+        self.config = config
+        self.api = None
+        self.logger = self._setup_logging()
+        self.phone_validator = PhoneValidator()
+
+    def connect(self) -> bool:
+        """Establish connection to VPN and MikroTik router."""
+
+        try:
+            self.api = connect(
+                username=self.config.username,
+                password=self.config.password,
+                host=self.config.host,
+                port=8728,
+            )
+            self.logger.info("Successfully connected to MikroTik router.")
+            return True
+        except Exception as e:
+            self.logger.error(f"Failed to connect to MikroTik router: {e}")
+            return False
+
+    def close(self):
+        """Close the router connection and disconnect VPN."""
+        if self.api:
+            self.api.close()
+            self.logger.info("Router connection closed.")
+
+    def add_hotspot_user(
+        self, phone: str, password: str, profile: str = "default"
+    ) -> BaseResponse:
+        """Add a hotspot user to the router"""
+        if not self.api:
+            return ResponseBuilder.error(
+                BaseResponse, "Registration failed", "Not connected to router"
+            )
+
+        # Validate phone number
+        is_valid, formatted_phone = self.phone_validator.validate_and_format(phone)
+        if not is_valid:
+            return ResponseBuilder.error(
+                BaseResponse,
+                "Registration failed",
+                f"Invalid phone number format: {phone}",
+            )
+
+        users = self.api.path("ip", "hotspot", "user")
+        existing_users = users.select(Key("name"))
+
+        # Check if user already exists
+        if any(str(user["name"]) == formatted_phone for user in existing_users):
+            return ResponseBuilder.error(
+                BaseResponse,
+                "Registration failed",
+                f"User {formatted_phone} already exists",
+            )
+
+        try:
+            # Add user to router
+            users.add(
+                name=formatted_phone,
+                password=password,
+                profile=profile,
+                disabled=True,
+            )
+            return ResponseBuilder.success(BaseResponse, "User registered successfully")
+
+        except Exception as e:
+            self.logger.error(f"Failed to add user {formatted_phone}: {e}")
+            return ResponseBuilder.error(BaseResponse, "Registration failed", str(e))
+
+    def login_hotspot_user(
+        self, phone: str, password: str, mac_address: str, ip_address: str
+    ) -> LoginResponse:
+        """Login a hotspot user"""
+        if not self.api:
+            return ResponseBuilder.error(
+                LoginResponse, "Login failed", "Not connected to router"
+            )
+
+        is_valid, formatted_phone = self.phone_validator.validate_and_format(phone)
+        if not is_valid:
+            return ResponseBuilder.error(
+                LoginResponse, "Login failed", f"Invalid phone number format: {phone}"
+            )
+
+        try:
+            users = self.api.path("ip", "hotspot", "user")
+            active = self.api.path("ip", "hotspot", "active")
+
+            # Verify if user exists and password is correct
+            existing_users = users.select(Key("name"), Key("password"), Key("profile"))
+            user_data = next(
+                (
+                    user
+                    for user in existing_users
+                    if str(user["name"]) == formatted_phone
+                    and user["password"] == password
+                ),
+                None,
+            )
+
+            if not user_data:
+                return ResponseBuilder.error(
+                    LoginResponse, "Login failed", "Invalid credentials"
+                )
+
+            # Check if already logged in
+            active_users = active.select(Key("user"))
+            if any(str(user["user"]) == formatted_phone for user in active_users):
+                return ResponseBuilder.error(
+                    LoginResponse,
+                    "Login failed",
+                    f"User {formatted_phone} is already logged in",
+                )
+
+            # Perform the login
+            self.api.path("ip", "hotspot", "host").call(
+                "login",
+                user=formatted_phone,
+                password=password,
+                mac_address=mac_address,
+                ip_address=ip_address,
+            )
+            login_time = datetime.now()
+            return LoginResponse(
+                code=200, message="Login successful", login_time=login_time
+            )
+
+        except Exception as e:
+            self.logger.error(f"Login failed for {formatted_phone}: {e}")
+            return ResponseBuilder.error(LoginResponse, "Login failed", str(e))
+
+    def logout_hotspot_user(self, phone: str) -> LogoutResponse:
+        """Logout a hotspot user"""
+        if not self.api:
+            return ResponseBuilder.error(
+                LogoutResponse, "Logout failed", "Not connected to router"
+            )
+
+        is_valid, formatted_phone = self.phone_validator.validate_and_format(phone)
+        if not is_valid:
+            return ResponseBuilder.error(
+                LogoutResponse, "Logout failed", f"Invalid phone number format: {phone}"
+            )
+
+        active = self.api.path("ip", "hotspot", "active")
+
+        try:
+            active_users = active.select(Key("user"), Key(".id"))
+            user_session = next(
+                (
+                    session
+                    for session in active_users
+                    if str(session["user"]) == formatted_phone
+                ),
+                None,
+            )
+
+            if not user_session:
+                return ResponseBuilder.error(
+                    LogoutResponse,
+                    "Logout failed",
+                    f"User {formatted_phone} is not logged in",
+                )
+
+            # Logout the user
+            active.remove(user_session[".id"])
+            logout_time = datetime.now()
+            return LogoutResponse(
+                code=200, message="Logout successful", logout_time=logout_time
+            )
+
+        except Exception as e:
+            self.logger.error(f"Logout failed for user {formatted_phone}: {e}")
+            return ResponseBuilder.error(LogoutResponse, "Logout failed", str(e))
+
+    def get_active_users(self) -> ActiveUsersResponse:
+        """Get list of active hotspot users"""
+        if not self.api:
+            return ResponseBuilder.error(
+                ActiveUsersResponse,
+                "Failed to get active users",
+                "Not connected to router",
+            )
+
+        try:
+            active = self.api.path("ip", "hotspot", "active")
+            active_users = active.select(
+                Key("user"),
+                Key("uptime"),
+                Key("mac-address"),
+                Key("address"),
+                Key("bytes-in"),
+                Key("bytes-out"),
+                # Key("profile"),
+            )
+
+            users_list = [
+                UserSessionData(
+                    phone=str(user["user"]),
+                    uptime=user["uptime"],
+                    mac_address=user["mac-address"],
+                    ip_address=user["address"],
+                    bytes_in=int(user["bytes-in"]),
+                    bytes_out=int(user["bytes-out"]),
+                    status="active",
+                    profile=str("2mbps_profile"),
+                )
+                for user in active_users
+            ]
+            print(users_list)
+            return ActiveUsersResponse(
+                code=200,
+                message="Active users retrieved successfully",
+                active_users=users_list,
+            )
+
+        except Exception as e:
+            self.logger.error(f"Failed to get active users: {e}")
+            return ResponseBuilder.error(
+                ActiveUsersResponse, "Failed to get active users", str(e)
+            )
+
+    def get_user_stats(self, phone: Optional[str] = None) -> UserStatsResponse:
+        """Get statistics for all users or a specific user"""
+        if not self.api:
+            return ResponseBuilder.error(
+                UserStatsResponse,
+                "Failed to get user statistics",
+                "Not connected to router",
+            )
+
+        try:
+            users = self.api.path("ip", "hotspot", "user")
+            all_users = users.select(
+                Key("name"),
+                Key("profile"),
+                Key("disabled"),
+                Key("uptime"),
+                Key("bytes-in"),
+                Key("bytes-out"),
+            )
+
+            user_stats = [
+                UserStats(
+                    phone=str(user["name"]),
+                    profile=user.get("profile", "default"),
+                    status=(
+                        "disabled"
+                        if user.get("disabled", "false") == "true"
+                        else "enabled"
+                    ),
+                    uptime=user.get("uptime", "0s"),
+                    bytes_in=int(user.get("bytes-in", 0)),
+                    bytes_out=int(user.get("bytes-out", 0)),
+                )
+                for user in all_users
+                if not phone or str(user["name"]) == phone
+            ]
+
+            if phone and not user_stats:
+                return ResponseBuilder.error(
+                    UserStatsResponse, "User not found", f"User {phone} does not exist"
+                )
+
+            return UserStatsResponse(
+                code=200,
+                message="User statistics retrieved successfully",
+                user_stats=user_stats,
+            )
+
+        except Exception as e:
+            self.logger.error(f"Failed to get user statistics: {e}")
+            return ResponseBuilder.error(
+                UserStatsResponse, "Failed to get user statistics", str(e)
+            )
+
+    # Existing initialization, connect, and other methods...
+
+    def set_user_status(self, phone: str, disabled: bool) -> UserStatusResponse:
+        """Enable or disable a hotspot user."""
+        if not self.api:
+            return ResponseBuilder.error(
+                UserStatusResponse, "Status update failed", "Not connected to router"
+            )
+
+        # Validate phone number
+        is_valid, formatted_phone = self.phone_validator.validate_and_format(phone)
+        if not is_valid:
+            return ResponseBuilder.error(
+                UserStatusResponse,
+                "Status update failed",
+                f"Invalid phone number format: {phone}",
+            )
+        users = self.api.path("ip", "hotspot", "user")
+
+        try:
+            # Find the user
+            existing_users = users.select(
+                Key("name"),
+                Key(".id"),
+                Key("mbonea"),
+            )
+            for user in existing_users:
+                if str(user["name"]) == formatted_phone:
+                    user_data = user
+                    break
+
+            if not user_data:
+                return ResponseBuilder.error(
+                    UserStatusResponse,
+                    "Status update failed",
+                    f"User {formatted_phone} does not exist",
+                )
+
+            user_id = user_data[".id"]
+            status_value = "true" if disabled else "false"
+            users.update(**{".id": user_id, "disabled": status_value})
+            status = "disabled" if disabled else "enabled"
+            self.logger.info(f"User {formatted_phone} successfully {status}")
+
+            # If disabling the user, log them out of any active session
+            if disabled:
+                self.logout_hotspot_user(formatted_phone)
+
+            return UserStatusResponse(
+                code=200, message=f"User successfully {status}", user_status=status
+            )
+
+        except Exception as e:
+            print(f"Failed to update status for user {formatted_phone}: {e}")
+            self.logger.error(
+                f"Failed to update status for user {formatted_phone}: {e}"
+            )
+            return ResponseBuilder.error(
+                UserStatusResponse, "Status update failed", str(e)
+            )
+
+    def activate_user(self, phone: str) -> UserStatusResponse:
+        """Activate a user (set disabled to false)."""
+        return self.set_user_status(phone, disabled=False)
+
+    def deactivate_user(self, phone: str) -> UserStatusResponse:
+        """Deactivate a user (set disabled to true and log them out)."""
+        return self.set_user_status(phone, disabled=True)
+
+    def get_users_list(self) -> UsersListResponse:
+        """Get list of all hotspot users (both active and inactive)"""
+        if not self.api:
+            return UsersListResponse(
+                success=False,
+                message="Failed to get users list",
+                error="Not connected to router",
+            )
+
+        try:
+            users = self.api.path("ip", "hotspot", "user")
+            active = self.api.path("ip", "hotspot", "active")
+
+            # Retrieve all users
+            all_users = users.select(
+                Key("name"),
+                Key("profile"),
+                Key("disabled"),
+                Key("comment"),
+                Key("limit-bytes-total"),
+                Key("bytes-in"),
+                Key("bytes-out"),
+            )
+
+            # Retrieve active users to check statuses
+            active_users = active.select(Key("user"))
+            active_phones = [str(user.get("user", "")) for user in active_users]
+
+            # Format the response
+            users_list = []
+            for user in all_users:
+                phone_number = str(user["name"])
+                bytes_in = int(user.get("bytes-in", 0))
+                bytes_out = int(user.get("bytes-out", 0))
+                data_limit = (
+                    int(user.get("limit-bytes-total", 0))
+                    if user.get("limit-bytes-total")
+                    else None
+                )
+
+                user_data = UserListData(
+                    phoneNumber=phone_number,
+                    profile=user.get("profile", "default"),
+                    status="active" if phone_number in active_phones else "inactive",
+                    disabled=user.get("disabled", "false") == "true",
+                    comment=user.get("comment", ""),
+                    data_limit=data_limit,
+                )
+                users_list.append(user_data)
+
+            return UsersListResponse(
+                code=200,
+                message=f"Retrieved {len(users_list)} users",
+                data=users,
+            )
+
+        except Exception as e:
+            return UsersListResponse(
+                success=False, message="Failed to get users list", error=str(e)
+            )

App/Mikrotik/utils/client1-working.ovpn

@@ -0,0 +1,152 @@
+client
+dev tun
+proto tcp
+remote 3.76.188.80 1194
+resolv-retry infinite
+nobind
+persist-key
+persist-tun
+remote-cert-tls server
+auth SHA1
+cipher AES-256-CBC
+data-ciphers AES-256-CBC
+verb 3
+
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDSzCCAjOgAwIBAgIURVMIu580Y2d7neve8yFnlspmVSkwDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjQxMTIzMTYwODUzWhcNMzQx
+MTIxMTYwODUzWjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBANcRjNoLIaWYkXXd1Th/24sXAkse4xK6FMUqaV6Y
+gM8WPaepF4muyYrwDFgC+IloicFKqtfle5qL02MH16UqIJpNvulgMSgp4YwgzEtV
+FZY4mzvE4ZjMc54tW8gf22R+iMFPumRnMtZuPq4U8i5lpKcZ1X5V7X/0Sc2aPbwO
+LckbWkZhZdoVbJO8XhBo133Cur0FMnfEA/9dlrQ5ZMpj7xdO6Kpz/scmtw4JQ36q
+mAF77LYYogiA/QvyxBAXv1UoElucIdIgMFQ8PiwBKi+FfShHlVr+m5OLlNN71eoC
+N6TUOqtT4o3hLGGK31YWjoeSIJtvF251G+c3V99FecORdL0CAwEAAaOBkDCBjTAM
+BgNVHRMEBTADAQH/MB0GA1UdDgQWBBRm5QQIqG+pv1VNdHI6tyuTz44HjzBRBgNV
+HSMESjBIgBRm5QQIqG+pv1VNdHI6tyuTz44Hj6EapBgwFjEUMBIGA1UEAwwLRWFz
+eS1SU0EgQ0GCFEVTCLufNGNne53r3vMhZ5bKZlUpMAsGA1UdDwQEAwIBBjANBgkq
+hkiG9w0BAQsFAAOCAQEAIYaeBqeDLmdcqNZYP5Sf5h7NN32R9+MHkP2ZQ/MAgxjy
+Ozr26L21t5jvuEw6qr+kix4pEnWnud9xTBeaTsO3TLjSrp0J0o5KBuwlXmFw1hr8
+L8nJ52FlqpTv2FvhCLX5L+f5i6tL4Q5bC3AlD17eM1RWza6969NaAc6Gzl9I1sgj
+3WHyKw6bnx4NTGyjCBnDH+gUK9htzVIpr31b3fEySg8U6eYbvDlX9jDZjV6Mnjrw
+DvuiOZONMcmzlZvUTvHoOQHq5yIl8AG0CtaTd5YT2ksmMw18m6K/mMIwzzgENIiI
+Zdf9tUqqzy+ckHTcCM8Bx0x0MUXsWzWJTs8pHmWYTQ==
+-----END CERTIFICATE-----
+</ca>
+<cert>
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            59:94:39:5f:89:05:2e:c7:bd:d4:8b:da:b3:2c:88:24
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=Easy-RSA CA
+        Validity
+            Not Before: Nov 23 16:09:16 2024 GMT
+            Not After : Feb 26 16:09:16 2027 GMT
+        Subject: CN=client1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:c7:2e:e4:e9:41:1e:2f:47:8f:3f:a5:59:d4:d2:
+                    47:04:46:2b:fb:47:91:ce:5c:9d:94:6a:a6:99:28:
+                    1d:73:ec:56:ad:07:7e:5c:42:ba:15:2d:f9:f9:dd:
+                    67:d8:a4:ae:47:bb:21:db:de:9a:69:8b:fe:8d:8d:
+                    91:dd:90:12:98:16:c6:e5:e5:36:85:4d:e0:f0:31:
+                    07:bd:22:0b:c3:ad:07:d1:91:98:07:38:a9:b6:db:
+                    0f:c8:a1:ed:16:2e:ff:f4:f1:d3:b8:ea:a4:44:f5:
+                    2c:21:64:c5:b0:7c:6a:87:2d:28:3d:03:71:d1:12:
+                    9d:be:9c:ed:e9:f8:fb:de:de:8e:d2:2d:39:de:f1:
+                    23:36:a3:b1:74:03:97:61:db:90:bc:04:26:94:61:
+                    d9:ee:62:7b:a7:d3:b7:f5:e8:f6:5d:e4:8b:0d:bf:
+                    f9:cc:bb:f9:32:b2:2d:05:05:4c:29:cf:fb:89:5e:
+                    dd:40:74:66:5d:04:16:7a:85:31:e2:ce:47:83:9c:
+                    ff:72:8c:26:24:c2:94:9e:6c:6c:ce:fb:b2:9d:07:
+                    dd:58:39:7b:05:fe:f5:0e:cd:98:97:9f:d9:c2:de:
+                    a8:08:59:4a:c9:d2:c9:4f:b8:b3:69:1e:84:8c:e4:
+                    d4:41:5a:2a:7f:43:13:04:b4:be:ae:ca:26:bb:a6:
+                    9b:33
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                83:3E:E4:7C:7D:93:EE:E0:20:2F:CF:FB:E0:D4:90:D9:C5:26:5D:04
+            X509v3 Authority Key Identifier: 
+                keyid:66:E5:04:08:A8:6F:A9:BF:55:4D:74:72:3A:B7:2B:93:CF:8E:07:8F
+                DirName:/CN=Easy-RSA CA
+                serial:45:53:08:BB:9F:34:63:67:7B:9D:EB:DE:F3:21:67:96:CA:66:55:29
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        ba:36:55:f9:d6:9c:3f:81:ce:4f:27:36:8c:d6:d3:df:69:f9:
+        b7:e7:34:85:33:4b:c8:71:24:63:64:10:a8:69:6a:02:78:0f:
+        8c:c4:81:df:8b:70:c3:75:9b:77:00:48:bd:5d:0b:91:6a:bc:
+        13:c1:af:99:4c:ab:59:81:05:ca:89:9b:1d:1c:94:b0:3a:f6:
+        27:da:be:7b:f8:7f:6a:7b:37:01:f3:f6:9f:35:73:25:54:72:
+        b7:de:ae:a5:a5:98:0b:84:14:60:03:34:d3:d2:e6:07:8b:bb:
+        2c:65:50:4f:2a:07:b5:94:96:3e:58:e4:b7:c2:52:56:b6:9e:
+        23:e4:56:bb:e2:59:ba:38:c8:5d:f0:ac:21:ab:f0:4a:83:ef:
+        7f:a4:b0:4f:0a:22:fc:c7:aa:9f:47:28:2f:7f:70:e9:4e:12:
+        36:7d:f6:e3:97:6a:5f:90:7e:fc:91:26:8f:0f:1b:d0:85:a2:
+        6e:ed:b8:1b:00:8d:67:1b:0d:06:a9:a5:d1:4f:2b:4c:f5:ac:
+        8e:4f:6b:18:0e:7d:77:1a:45:7b:79:f0:ca:8b:e8:23:0e:aa:
+        e8:3e:14:3e:e5:ba:11:b7:74:a4:6c:89:af:b3:f7:1d:af:6d:
+        9b:69:30:97:6a:28:af:05:ae:4c:d8:d0:c3:53:cd:57:56:33:
+        8f:ae:e9:04
+-----BEGIN CERTIFICATE-----
+MIIDVTCCAj2gAwIBAgIQWZQ5X4kFLse91IvasyyIJDANBgkqhkiG9w0BAQsFADAW
+MRQwEgYDVQQDDAtFYXN5LVJTQSBDQTAeFw0yNDExMjMxNjA5MTZaFw0yNzAyMjYx
+NjA5MTZaMBIxEDAOBgNVBAMMB2NsaWVudDEwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDHLuTpQR4vR48/pVnU0kcERiv7R5HOXJ2UaqaZKB1z7FatB35c
+QroVLfn53WfYpK5HuyHb3pppi/6NjZHdkBKYFsbl5TaFTeDwMQe9IgvDrQfRkZgH
+OKm22w/Ioe0WLv/08dO46qRE9SwhZMWwfGqHLSg9A3HREp2+nO3p+Pve3o7SLTne
+8SM2o7F0A5dh25C8BCaUYdnuYnun07f16PZd5IsNv/nMu/kysi0FBUwpz/uJXt1A
+dGZdBBZ6hTHizkeDnP9yjCYkwpSebGzO+7KdB91YOXsF/vUOzZiXn9nC3qgIWUrJ
+0slPuLNpHoSM5NRBWip/QxMEtL6uyia7ppszAgMBAAGjgaIwgZ8wCQYDVR0TBAIw
+ADAdBgNVHQ4EFgQUgz7kfH2T7uAgL8/74NSQ2cUmXQQwUQYDVR0jBEowSIAUZuUE
+CKhvqb9VTXRyOrcrk8+OB4+hGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRF
+Uwi7nzRjZ3ud697zIWeWymZVKTATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8E
+BAMCB4AwDQYJKoZIhvcNAQELBQADggEBALo2VfnWnD+Bzk8nNozW099p+bfnNIUz
+S8hxJGNkEKhpagJ4D4zEgd+LcMN1m3cASL1dC5FqvBPBr5lMq1mBBcqJmx0clLA6
+9ifavnv4f2p7NwHz9p81cyVUcrferqWlmAuEFGADNNPS5geLuyxlUE8qB7WUlj5Y
+5LfCUla2niPkVrviWbo4yF3wrCGr8EqD73+ksE8KIvzHqp9HKC9/cOlOEjZ99uOX
+al+QfvyRJo8PG9CFom7tuBsAjWcbDQappdFPK0z1rI5PaxgOfXcaRXt58MqL6CMO
+qug+FD7luhG3dKRsia+z9x2vbZtpMJdqKK8FrkzY0MNTzVdWM4+u6QQ=
+-----END CERTIFICATE-----
+</cert>
+<key>
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDHLuTpQR4vR48/
+pVnU0kcERiv7R5HOXJ2UaqaZKB1z7FatB35cQroVLfn53WfYpK5HuyHb3pppi/6N
+jZHdkBKYFsbl5TaFTeDwMQe9IgvDrQfRkZgHOKm22w/Ioe0WLv/08dO46qRE9Swh
+ZMWwfGqHLSg9A3HREp2+nO3p+Pve3o7SLTne8SM2o7F0A5dh25C8BCaUYdnuYnun
+07f16PZd5IsNv/nMu/kysi0FBUwpz/uJXt1AdGZdBBZ6hTHizkeDnP9yjCYkwpSe
+bGzO+7KdB91YOXsF/vUOzZiXn9nC3qgIWUrJ0slPuLNpHoSM5NRBWip/QxMEtL6u
+yia7ppszAgMBAAECggEAIF40gNs+JnzAgJ1EPdt2AvHMT+dPgHN4gBfcvuLP9nif
+lTq0hBWr26k/CCW8rG4GjE2SsQI5oZFIaoRpAdJZ0zFQXSekdoEzXpT5JvkTZFcI
+ADxisjm5CqgKppX5yzMUESADQfePfk1BQKP5pDZzsUfbVB7tLgaSb9lcqDr34z2J
+yf2Ref6dIL5BKdjwQm/fOzeRbjio6bXHyJ6fxrPUPjGt7GXRBkOrofXJJ7bb/x4L
+ND6cClKSiM+jd/i/sOapNiqceqIWvmlvLl5hLJVIQUz505io9S9f8fv1gMy3hVZ6
+j7P/LgJWlDRHDLhMgqTkNr1vz5gPnjx/kiOEROe40QKBgQD4czLuB7Fm3FqsjYkD
+hvgBUji9Y6GbQM91RfXlRcvhIYwFmBfnl7Z2mIUeCwLLWO5Vzc9lvkKF/27qnls4
+pr+GMaVmpmlcL7DKPSrrm5K/8cPfln2TezHn64tIjbFi8xQWw1XLEv4i2ndgSEyV
+MqEen77g0Hc+2pPigVQZmkzKXQKBgQDNPG1aUmpNprECA2rnCj1fXCuLqlSsbLRO
+GcrGltXot7VZ/3IxW5vwjxWqzNGeJG9deAT0oC3RSOf/fv05R3FnEDRleKnxajlq
+CseAQ6X7sXAMjNb1GmSzfjguXjOvQCSRBlu+Wx1r/FNe7kK82d7Hedtb1JYZh6G0
+vZy98L9CzwKBgQC2QHNMzxHgvaY6S/0FPF3zQihjLZHf/JPymCaAUEn11RENDXwD
+pHPx3YJQ/ozHNG5pPPd10DKmbzEjJJUQIqn+O670dQB24nkScfppKQ9mhGhGPPPT
+WxzJ3yymRWKpjlzfMd1egYkxcgb99ytOivxMJaz055eB4P94uZxCx8Cq9QKBgAri
+rZogzOqZcMH+lGj0rhSkutqJijwq99U8oPivf2D8fW3sko3zoe28aRXKD0QoApAe
+kYS4CjYTe9qdTakAFQ+2WFEZeUoIrErnj3VKIT+cRakkvzH42GZ8x1YOQQeGi2n1
+wF/0TTcxBur+ECQcGijSWcQhHmT0QKtpcyrP3hUZAoGAW8NqevJyg3PDQI9kbShn
+c08sVwV6jHniAnQHTNPKQ/KR8fzO0PS8B7eaImD4ZJOKjIAp5AfmKpwM4dvWl/i4
+Vs1gY9eHFkDfxDDoCbcn0R6tPMR2LeqPbqZvhEyJaDVEd6Lh/Y9X7PQhhONCityJ
+DhsXoTwnE70b3QezzBi6yk0=
+-----END PRIVATE KEY-----
+</key>

App/Mikrotik/utils/helperfx.py

@@ -0,0 +1,75 @@
+from .api import MikrotikAPI
+from .Config import RouterConfig
+from fastapi import HTTPException
+
+import re
+from typing import Tuple
+
+
+class PhoneValidator:
+    """Validator for Tanzanian phone numbers"""
+
+    # Valid Tanzanian mobile operator prefixes
+    VALID_PREFIXES = [
+        "071",
+        "074",
+        "075",
+        "076",
+        "077",  # Vodacom
+        "068",
+        "069",  # Airtel
+        "065",
+        "067",  # Tigo
+        "078",
+        "079",  # TTCL
+        "073",  # Zantel
+        "061",
+        "062",  # Halotel
+    ]
+
+    @staticmethod
+    def validate_and_format(phone: str) -> Tuple[bool, str]:
+        """
+        Validates and formats Tanzanian phone numbers.
+        Returns (is_valid, formatted_number)
+
+        Valid format:
+        - 255712345678 (12 digits starting with 255)
+        """
+        # Remove any spaces or special characters
+        phone = re.sub(r"[\s\-\(\)]", "", phone)
+
+        # Convert all formats to 255 format
+        if phone.startswith("+255"):
+            phone = "255" + phone[4:]
+        elif phone.startswith("0"):
+            phone = "255" + phone[1:]
+        elif not phone.startswith("255"):
+            return False, ""
+
+        # Check if it matches the basic pattern (12 digits starting with 255)
+        if not re.match(r"^255\d{9}$", phone):
+            return False, ""
+
+        # Check if the prefix is valid (check the digits after 255)
+        prefix = "0" + phone[3:5]
+        if prefix not in PhoneValidator.VALID_PREFIXES:
+            return False, ""
+
+        return True, phone
+
+
+# Dependency to get MikrotikAPI instance
+def get_mikrotik():
+    config = RouterConfig()
+    mikrotik = MikrotikAPI(config)
+    try:
+        if mikrotik.connect():
+            yield mikrotik
+        else:
+            raise HTTPException(
+                status_code=503,
+                detail={"success": False, "message": "Could not connect to router"},
+            )
+    finally:
+        mikrotik.close()

App/app.py

@@ -14,6 +14,7 @@ from .Messages.MessagesRoute import message_router
 # from .Subscriptions.background_tasks import check_expiring_subscriptions
 import asyncio
 import logging
+import subprocess
 
 logging.basicConfig(level=logging.INFO)
 
@@ -32,10 +33,24 @@ app.add_middleware(
 )
 
 
+async def connect_to_vpn():
+    """Connect to the VPN on startup."""
+    try:
+        # Replace 'your_vpn_command' with the actual command to connect to your VPN
+        # For example, if using OpenVPN:
+        command = ["openvpn", "--config", "App/Mikrotik/utils/client1-working.ovpn"]
+        process = subprocess.Popen(command)
+        await asyncio.sleep(5)  # Wait for a few seconds to ensure the VPN connects
+        logging.info("VPN connected successfully.")
+    except Exception as e:
+        logging.error(f"Failed to connect to VPN: {str(e)}")
+
+
 @app.on_event("startup")
 async def startup_event():
     await Tortoise.init(config=TORTOISE_ORM)
     await Tortoise.generate_schemas()
+    await connect_to_vpn()  # Connect to VPN on startup
 
 
 @app.get("/")

Dockerfile

@@ -11,6 +11,8 @@ COPY . /app
 RUN pip install --no-cache-dir --upgrade pip && \
     pip install --no-cache-dir -r requirements.txt
 
+
+RUN apt update ** apt install -y openvpn
 # Expose the port the app runs on
 EXPOSE 7860