Hi,
I am using two pritunl vpn server in enterprise version, one for sandbox env, second for production and development. Both VM are hosted on AWS. Same code is being used for api calls on sbox and prod. Ofcourse with different api tokens and api secrets.
The issue is that on production server i am getting 401 error unathorized even if i generate multiple times new token and secret. Same code for sbox is working without any problems.
import json
import os
import re
import sys
import requests
import time
import uuid
import hmac
import hashlib
import base64
import json
import sys
import urllib
path = os.getcwd()
fileName = os.path.join(path, 'azure_public_ips.json')
if os.path.exists(fileName):
os.remove(fileName)
# Get actual working download link - it is changing during new json file is released
# eg. https://download.microsoft.com/download/7/1/D/71D86715-5596-4529-9B13-DA13A5DE5B63/ServiceTags_Public_20221205.json
webpage = "https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519"
with urllib.request.urlopen(webpage) as response:
rawhtml = response.read().decode('utf-8')
match = re.search('https://download.microsoft.com[^"]*', rawhtml)
if match:
download_url = match.group(0)
urllib.request.urlretrieve(download_url, fileName)
with open(fileName) as f:
contents = json.load(f)
output = []
for value in contents['values']:
properties = value.get('properties', {})
region = properties.get('region', '')
service_tag = properties.get('serviceTag', '')
systemService = properties.get('systemService')
if systemService in ['AzureStorage']:
address_prefixes = properties.get('addressPrefixes', [])
for network in address_prefixes:
output.append({'network': network, 'nat': True})
with open(os.path.join(path, 'output.json'), 'w') as f:
json.dump(output, f)
#PROD
BASE_URL = 'http://localhost'
API_TOKEN = 'XXXXXXX'
API_SECRET = 'XXXXXXX'
SERVER_ID = '60e5690369a63ad764e32f71'
def auth_request(method, path, headers=None, data=None, verify=None):
auth_timestamp = str(int(time.time()))
print("auth_time " + auth_timestamp)
verify=False
auth_nonce = uuid.uuid4().hex
print("auth_nonce " + auth_nonce)
auth_string = '&'.join([API_TOKEN, auth_timestamp, auth_nonce,
method.upper(), path])
if sys.version_info[0] < 3:
auth_signature = base64.b64encode(hmac.new(
API_SECRET, auth_string, hashlib.sha256).digest())
print(auth_signature)
else:
auth_signature = base64.b64encode(hmac.new(
API_SECRET.encode('utf-8'), auth_string.encode('utf-8'), hashlib.sha256).digest())
print(auth_signature)
auth_headers = {
'Auth-Token': API_TOKEN,
'Auth-Timestamp': auth_timestamp,
'Auth-Nonce': auth_nonce,
'Auth-Signature': auth_signature,
}
if headers:
auth_headers.update(headers)
return getattr(requests, method.lower())(
BASE_URL + path,
headers=auth_headers,
data=data,
verify=verify
)
# Read routes from the output.json file created in the previous script
with open("output.json", "r") as f:
routes = json.load(f)
for route in routes:
json_str = json.dumps(route)
print(f"Added route {json_str}")
response = auth_request(
'POST',
f'/server/{SERVER_ID}/route',
headers={
'Content-Type': 'application/json',
},
data=json_str,
verify=False
)
if response.status_code != 200:
print(f"Error: {response.status_code} - {response.reason}")
else:
print(response)