From 5c01597490d992377ef2c41fd6bed69aa7b6975d Mon Sep 17 00:00:00 2001
From: ljf <ljf+git@grimaud.me>
Date: Mon, 13 Mar 2023 02:58:30 +0100
Subject: [PATCH 01/16] [wip] Captive portal

---
 conf/captiveportal_fakedns.service | 13 ++++++
 config_panel.toml                  | 42 ++++++++++++++++++
 hooks/post_iptables_rules          | 68 ++++++++++++++++++++++++++++++
 scripts/backup                     |  3 ++
 scripts/config                     |  9 ++++
 scripts/install                    |  9 ++++
 scripts/remove                     | 10 +++++
 sources/captiveportal_allow        | 11 +++++
 sources/captiveportal_fakedns      | 35 +++++++++++++++
 sources/index.php                  |  2 +
 10 files changed, 202 insertions(+)
 create mode 100644 conf/captiveportal_fakedns.service
 create mode 100644 hooks/post_iptables_rules
 create mode 100644 sources/captiveportal_allow
 create mode 100644 sources/captiveportal_fakedns
 create mode 100644 sources/index.php

diff --git a/conf/captiveportal_fakedns.service b/conf/captiveportal_fakedns.service
new file mode 100644
index 0000000..aeb7647
--- /dev/null
+++ b/conf/captiveportal_fakedns.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=YunoHost Wifi Captive Portal
+Requires=network.target
+After=network.target
+
+[Service]
+Type=oneshot
+User=root
+ExecStart=/usr/local/bin/captiveportal_fakedns 
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/config_panel.toml b/config_panel.toml
index 7b11364..d303bcf 100644
--- a/config_panel.toml
+++ b/config_panel.toml
@@ -123,6 +123,20 @@ name = "Configuration"
         pattern.regexp = '^([0-9.]{7,15}|[0-9a-fA-F:]+)$'
         pattern.error = "Not an ip"
 
+        [main.hotspot1.captive_portal__1]
+        ask = "Captive portal"
+        type = "boolean"
+        bind = "array_settings()"
+        visible = "advanced__1"
+	help = "Activate the captive portal mode"
+
+        [main.hotspot1.captive_portal_url__1]
+        ask = "Local captive portal URL"
+        type = "string"
+        bind = "array_settings()"
+        visible = "advanced__1 && captive_portal__1"
+	help = "Local URL on which redirect onto when the user mac address is not yet allowed"
+
     [main.hotspot2]
     name = "Hotspot 2"
     visible = "! no_antenna && multissid >= 2"
@@ -183,6 +197,20 @@ name = "Configuration"
         pattern.regexp = '^([0-9.]{7,15}|[0-9a-fA-F:]+)$'
         pattern.error = "Not an ip"
 
+        [main.hotspot1.captive_portal__2]
+        ask = "Captive portal"
+        type = "boolean"
+        bind = "array_settings()"
+        visible = "advanced__2"
+	help = "Activate the captive portal mode"
+
+        [main.hotspot1.captive_portal_url__2]
+        ask = "Local captive portal URL"
+        type = "string"
+        bind = "array_settings()"
+        visible = "advanced__2 && captive_portal__2"
+	help = "Local URL on which redirect onto when the user mac address is not yet allowed"
+
     [main.hotspot3]
     name = "Hotspot 3"
     visible = "! no_antenna && multissid >= 3"
@@ -243,3 +271,17 @@ name = "Configuration"
         pattern.regexp = '^([0-9.]{7,15}|[0-9a-fA-F:]+)$'
         pattern.error = "Not an ip"
 
+        [main.hotspot1.captive_portal__3]
+        ask = "Captive portal"
+        type = "boolean"
+        bind = "array_settings()"
+        visible = "advanced__3"
+	help = "Activate the captive portal mode"
+
+        [main.hotspot1.captive_portal_url__3]
+        ask = "Local captive portal URL"
+        type = "string"
+        bind = "array_settings()"
+        visible = "advanced__3 && captive_portal__3"
+	help = "Local URL on which redirect onto when the user mac address is not yet allowed"
+
diff --git a/hooks/post_iptables_rules b/hooks/post_iptables_rules
new file mode 100644
index 0000000..903c649
--- /dev/null
+++ b/hooks/post_iptables_rules
@@ -0,0 +1,68 @@
+#!/bin/bash
+
+multissid=$(grep multissid /etc/yunohost/apps/hotspot/settings.yml | cut -d: -f2 | sed "s/[ ']//g")
+interface=$(grep wifi_device /etc/yunohost/apps/hotspot/settings.yml | cut -d: -f2 | sed "s/[ ']//g")
+IFS='|' read -a captive_portal <<< "$(grep captive_portal /etc/yunohost/apps/hotspot/settings.yml | grep -v captive_portal_url | cut -d: -f2 | sed "s/[ ']//g")"
+IFS='|' read -a ipv4 <<< "$(grep ip4_nat_prefix /etc/yunohost/apps/hotspot/settings.yml | cut -d: -f2 | sed "s/[ ']//g")"
+IFS='|' read -a ipv6 <<< "$(grep ip6_net /etc/yunohost/apps/hotspot/settings.yml | cut -d: -f2 | sed "s/[ ']//g")"
+
+iptables -w -N hotspot_fwd
+ip6tables -w -N hotspot_fwd
+for (( j=0; j<multissid; j++ ));
+do
+    if [[ "${captive_portal[$j]}" != "1" ]]
+    then
+        continue
+    fi
+
+    for iptables_cmd in iptables ip6tables;
+    do
+        if [[ "${iptables_cmd}" == "iptables" ]]; then
+            ipv4=${ipv4[$j]}
+            if [[ "${ipv4}" == "" ]]
+            then
+                continue
+            fi
+            ip=$ipv4.1
+            subnet=$ipv4.0/24
+            mac_adresses=$(grep "$ipv4" /etc/hotspot/allowed.csv | cut -d, -f3)
+        else
+            ipv6=${ipv6[$j]}
+            if [[ "${ipv6}" == "" ]]
+            then
+                continue
+            fi
+            ip=$ipv6::1
+            subnet=$ipv6::1
+            mac_adresses=$(grep "$ipv6" /etc/hotspot/allowed.csv | cut -d, -f3)
+        fi
+
+        # Allow to request 4253 port
+        $iptables_cmd -w -A INPUT -i $interface -m udp -p udp --dport 4253 -j ACCEPT
+
+        # Drop all packets going on external internet
+        $iptables_cmd -w -A hotspot_fwd -s $subnet -j DROP
+
+        # Force to use the fakeDNS
+        $iptables_cmd -w -A PREROUTING -i $interface -s $subnet -p udp --dport 53 -j DNAT --to-destination $ip:4253
+
+        # Make things working with DoH 
+        # Warning: this rules to ssupport DoH let info in nginx logs on which website the user try to access...
+        # Only activating 80 and not 443 reduces a bit the issues.
+        # A better approach could be to list all ips used by domains dedicated to captive portal detection.
+        $iptables_cmd -w -A PREROUTING -i $interface -s $subnet -p tcp --dport 80 -j DNAT --to-destination $ip:80
+        #$iptables_cmd -w -A PREROUTING -i $interface -s $subnet -p tcp --dport 443 -j DNAT --to-destination $ip:443
+
+        # Maybe needed, maybe not (i din't need this when vpn is activated)
+        #$iptables_cmd -t nat -A POSTROUTING -o $interface -j MASQUERADE
+
+        # Allow specific mac adress to use external internet
+        for mac in ${mac_adresses}; do
+          $iptables_cmd -w -I hotspot_fwd 1 -s $subnet -m mac --mac-source $mac -j ACCEPT
+          $iptables_cmd -t nat -w -I PREROUTING 1 -i $interface -s $subnet -m mac --mac-source $mac -j ACCEPT
+        done
+
+        $iptables_cmd -w -I FORWARD 1 -i $interface -j hotspot_fwd
+    done
+done
+exit 0
diff --git a/scripts/backup b/scripts/backup
index 8284b04..7251006 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -49,6 +49,8 @@ ynh_backup --src_path="/etc/dnsmasq.dhcpd/dhcpdv6.conf.tpl"
 ynh_backup --src_path="/etc/dnsmasq.dhcpd/dhcpdv4.conf.tpl"
 
 ynh_backup --src_path="/usr/local/bin/$service_name"
+ynh_backup --src_path="/usr/local/bin/captiveportal_fakedns"
+ynh_backup --src_path="/usr/local/bin/captiveportal_allow"
 
 ynh_backup --src_path="/etc/init.d/hostapd"
 
@@ -59,6 +61,7 @@ ynh_backup --src_path="/etc/init.d/hostapd"
 #=================================================
 
 ynh_backup --src_path="/etc/systemd/system/$service_name.service"
+ynh_backup --src_path="/etc/systemd/system/captiveportal_fakedns.service"
 
 #=================================================
 # END OF SCRIPT
diff --git a/scripts/config b/scripts/config
index 2ab89f4..71748af 100644
--- a/scripts/config
+++ b/scripts/config
@@ -210,6 +210,15 @@ ynh_app_config_apply() {
 
     _ynh_app_config_apply
     
+    # Activate captive portal or not
+    captive_portal=$(ynh_app_setting_get --app=$app --key=captive_portal)
+    if [[ "$captive_portal" =~ 1 ]]
+    then
+	    ynh_systemd_action --service_name=captiveportal_fakedns --action="start" --log_path=systemd
+    else
+	    ynh_systemd_action --service_name=captiveportal_fakedns --action="stop" --log_path=systemd
+    fi
+
     # Start vpn client
     ynh_print_info --message="Starting hotspot service if needed"
     /usr/local/bin/ynh-hotspot start
diff --git a/scripts/install b/scripts/install
index 8032f2a..9e7798a 100644
--- a/scripts/install
+++ b/scripts/install
@@ -143,6 +143,8 @@ ynh_app_setting_set --app=$app --key=ip6_firewall --value=1
 ynh_app_setting_set --app=$app --key=ip6_net --value="${ip6_net}"
 ynh_app_setting_set --app=$app --key=dns --value="10.0.242.1"
 ynh_app_setting_set --app=$app --key=ip4_nat_prefix --value=10.0.242
+ynh_app_setting_set --app=$app --key=captive_portal --value=0
+ynh_app_setting_set --app=$app --key=captive_portal_url --value=""
 
 if [[ -z $wifi_device ]]; then
 	ynh_app_setting_set --app=$app --key=service_enabled --value=0
@@ -157,6 +159,9 @@ ynh_script_progression --message="Copying configuration files..."
 
 mkdir -pm 0755 /etc/dnsmasq.dhcpd/
 chown root: /etc/dnsmasq.dhcpd/
+mkdir -pm 0755 /etc/hotspot/
+touch /etc/hotspot/allowed.csv
+chown -R root: /etc/hotspot/
 
 install -b -o root -g root -m 0644 ../conf/hostapd.*.conf /etc/hostapd/
 install -b -o root -g root -m 0644 ../conf/dnsmasq_dhcpdv6.conf.tpl /etc/dnsmasq.dhcpd/dhcpdv6.conf.tpl
@@ -164,6 +169,8 @@ install -b -o root -g root -m 0644 ../conf/dnsmasq_dhcpdv4.conf.tpl /etc/dnsmasq
 
 # Copy init script
 install -o root -g root -m 0755 ../conf/$service_name /usr/local/bin/
+install -o root -g root -m 0755 ../conf/captiveportal_fakedns /usr/local/bin/
+install -o root -g root -m 0755 ../conf/captiveportal_allow /usr/local/bin/
 
 #=================================================
 # CONFIGURE HOSTAPD
@@ -193,6 +200,7 @@ ynh_script_progression --message="Configuring a systemd service..."
 
 # Create a dedicated systemd config
 ynh_add_systemd_config --service=$service_name
+ynh_add_systemd_config --service=captiveportal_fakedns --template=captiveportal_fakedns
 
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
@@ -200,6 +208,7 @@ ynh_add_systemd_config --service=$service_name
 ynh_script_progression --message="Integrating service in YunoHost..."
 
 yunohost service add $service_name --description "Creates a Wi-Fi access point" --test_status "systemctl is-active hostapd"
+yunohost service add captiveportal_fakedns --description "Captive portal dns service" --test_status "systemctl is-active captiveportal_fakedns"
 
 #=================================================
 # START SYSTEMD SERVICE
diff --git a/scripts/remove b/scripts/remove
index 4ccfd27..f62daa1 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -32,6 +32,12 @@ then
 	yunohost service stop $service_name
 	yunohost service remove $service_name
 fi
+if yunohost service status captiveportal_fakedns >/dev/null 2>&1
+then
+	ynh_script_progression --message="Removing $app captiveportal_fakedns service"
+	yunohost service stop captiveportal_fakedns
+	yunohost service remove captiveportal_fakedns
+fi
 
 #=================================================
 # STOP AND REMOVE SERVICE
@@ -40,6 +46,7 @@ ynh_script_progression --message="Stopping and removing the systemd service..."
 
 # Remove the dedicated systemd config
 ynh_remove_systemd_config --service=$service_name
+ynh_remove_systemd_config --service=captiveportal_fakedns
 
 #=================================================
 # REMOVE DEPENDENCIES
@@ -56,6 +63,9 @@ ynh_script_progression --message="Removing app main directory..."
 
 # Remove the app directory securely
 ynh_secure_remove --file="/usr/local/bin/$service_name"
+ynh_secure_remove --file="/usr/local/bin/captiveportal_fakedns"
+ynh_secure_remove --file="/usr/local/bin/captiveportal_allow"
+ynh_secure_remove --file="/etc/hotspot"
 
 for FILE in $(ls /tmp/.ynh-hotspot-* 2>/dev/null)
 do
diff --git a/sources/captiveportal_allow b/sources/captiveportal_allow
new file mode 100644
index 0000000..03c671d
--- /dev/null
+++ b/sources/captiveportal_allow
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+date=$(date +"%Y-%m-%d %T")
+ip=$1
+mac=$(arp -a $ip | cut -d" " -f4 | head -n1)
+interface=$(grep wifi_device /etc/yunohost/apps/hotspot/settings.yml | cut -d: -f2 | sed "s/[ ']//g")
+if ! grep $mac /etc/hotspot/allowed.csv ; then
+    echo "$date,$ip,$mac" >> /etc/hotspot/allowed.csv
+    iptables -w -I hotspot_fwd 1 -s $ip -m mac --mac-source $mac -j ACCEPT
+    iptables -t nat -w -I PREROUTING 1 -i $interface -s $ip -m mac --mac-source $mac -j ACCEPT
+fi
diff --git a/sources/captiveportal_fakedns b/sources/captiveportal_fakedns
new file mode 100644
index 0000000..c634bfd
--- /dev/null
+++ b/sources/captiveportal_fakedns
@@ -0,0 +1,35 @@
+#!/usr/bin/perl
+ 
+use strict;
+use warnings;
+use Net::DNS::Nameserver;
+
+my $ip4_addr = shift @ARGV;
+ 
+sub reply_handler {
+  my ($qname, $qclass, $qtype, $peerhost,$query,$conn) = @_;
+  my ($rcode, @ans, @auth, @add);
+ 
+  if($qtype eq "A") {
+      my ($ttl, $rdata) = (1, $ip4_addr);
+      my $rr = new Net::DNS::RR("$qname $ttl $qclass $qtype $rdata");
+      push @ans, $rr;
+      $rcode = "NOERROR";
+
+  } else {
+      $rcode = "NXDOMAIN";
+  }
+ 
+  return ($rcode, \@ans, \@auth, \@add, { aa => 1 });
+}
+ 
+my $ns = new Net::DNS::Nameserver(
+  LocalPort    => 4253,
+  LocalAddr    => $ip4_addr,
+  ReplyHandler => \&reply_handler,
+  Verbose      => 0
+  ) || die "Couldn't create fake nameserver object.\n";
+ 
+$ns->main_loop;
+
+exit 0;
diff --git a/sources/index.php b/sources/index.php
new file mode 100644
index 0000000..c5f05db
--- /dev/null
+++ b/sources/index.php
@@ -0,0 +1,2 @@
+<?php
+`/usr/local/bin/captiveportal_allow $_SERVER['REMOTE_ADDR']`;

From 2bfee6653a5aa8ec038f8d873607823ddc087342 Mon Sep 17 00:00:00 2001
From: ljf <ljf+git@grimaud.me>
Date: Mon, 13 Mar 2023 03:02:36 +0100
Subject: [PATCH 02/16] [fix] Fakedns doesn't need ip in args

---
 sources/captiveportal_fakedns | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/sources/captiveportal_fakedns b/sources/captiveportal_fakedns
index c634bfd..e6304b5 100644
--- a/sources/captiveportal_fakedns
+++ b/sources/captiveportal_fakedns
@@ -3,8 +3,24 @@
 use strict;
 use warnings;
 use Net::DNS::Nameserver;
+use IO::Socket::INET;
 
-my $ip4_addr = shift @ARGV;
+# This idea was stolen from Net::Address::IP::Local::connected_to()
+sub get_local_ip_address {
+    my $socket = IO::Socket::INET->new(
+        Proto       => 'udp',
+        PeerAddr    => '198.41.0.4', # a.root-servers.net
+        PeerPort    => '53', # DNS
+    );
+
+    # A side-effect of making a socket connection is that our IP address
+    # is available from the 'sockhost' method
+    my $local_ip_address = $socket->sockhost;
+
+    return $local_ip_address;
+}
+
+my $ip4_addr      = get_local_ip_address();
  
 sub reply_handler {
   my ($qname, $qclass, $qtype, $peerhost,$query,$conn) = @_;
@@ -25,7 +41,7 @@ sub reply_handler {
  
 my $ns = new Net::DNS::Nameserver(
   LocalPort    => 4253,
-  LocalAddr    => $ip4_addr,
+  LocalAddr    => '0.0.0.0',
   ReplyHandler => \&reply_handler,
   Verbose      => 0
   ) || die "Couldn't create fake nameserver object.\n";

From fd91c45396703191ab99680a39195b811698038c Mon Sep 17 00:00:00 2001
From: ljf <ljf+git@grimaud.me>
Date: Mon, 13 Mar 2023 04:00:28 +0100
Subject: [PATCH 03/16] [fix] redirection missing

---
 scripts/config | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/scripts/config b/scripts/config
index 71748af..3b92c68 100644
--- a/scripts/config
+++ b/scripts/config
@@ -214,6 +214,34 @@ ynh_app_config_apply() {
     captive_portal=$(ynh_app_setting_get --app=$app --key=captive_portal)
     if [[ "$captive_portal" =~ 1 ]]
     then
+        echo "location / {" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+        if [[ "$captive_portal__1" == "1" ]]
+        then
+            echo "    if (\$remote_addr ~ "^$ip4_nat_prefix__1.\d+$") {" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+
+            echo "      return 302 $captive_portal_url__1;" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+
+            echo "    }" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+        fi
+        if [[ "$captive_portal__2" == "1" ]]
+        then
+            echo "    if (\$remote_addr ~ "^$ip4_nat_prefix__2.\d+$") {" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+
+            echo "      return 302 $captive_portal_url__2;" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+
+            echo "    }" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+        fi
+        if [[ "$captive_portal__3" == "1" ]]
+        then
+            echo "    if (\$remote_addr ~ "^$ip4_nat_prefix__3.\d+$") {" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+
+            echo "      return 302 $captive_portal_url__3;" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+
+            echo "    }" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+        fi
+        echo "    return 302 https://\$http_host/yunohost/admin;" >> /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+        echo "}" >> /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+
 	    ynh_systemd_action --service_name=captiveportal_fakedns --action="start" --log_path=systemd
     else
 	    ynh_systemd_action --service_name=captiveportal_fakedns --action="stop" --log_path=systemd

From 1f12ee41f3749b3f1d628e0b122770b2243c052b Mon Sep 17 00:00:00 2001
From: ljf <ljf+git@grimaud.me>
Date: Mon, 13 Mar 2023 04:01:29 +0100
Subject: [PATCH 04/16] [fix] redirection missing

---
 scripts/config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/config b/scripts/config
index 3b92c68..f447928 100644
--- a/scripts/config
+++ b/scripts/config
@@ -241,7 +241,7 @@ ynh_app_config_apply() {
         fi
         echo "    return 302 https://\$http_host/yunohost/admin;" >> /etc/nginx/conf.d/default.d/redirect_to_admin.conf
         echo "}" >> /etc/nginx/conf.d/default.d/redirect_to_admin.conf
-
+        systemctl reload nginx
 	    ynh_systemd_action --service_name=captiveportal_fakedns --action="start" --log_path=systemd
     else
 	    ynh_systemd_action --service_name=captiveportal_fakedns --action="stop" --log_path=systemd

From 9d1c338ccf9494014544ab2e91a6b30c67630517 Mon Sep 17 00:00:00 2001
From: ljf <ljf+git@grimaud.me>
Date: Mon, 13 Mar 2023 04:02:33 +0100
Subject: [PATCH 05/16] [fix] Error in nginx conf

---
 scripts/config | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/scripts/config b/scripts/config
index f447928..190f4bd 100644
--- a/scripts/config
+++ b/scripts/config
@@ -217,27 +217,27 @@ ynh_app_config_apply() {
         echo "location / {" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
         if [[ "$captive_portal__1" == "1" ]]
         then
-            echo "    if (\$remote_addr ~ "^$ip4_nat_prefix__1.\d+$") {" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+            echo "    if (\$remote_addr ~ "^$ip4_nat_prefix__1.\d+$") {" >> /etc/nginx/conf.d/default.d/redirect_to_admin.conf
 
-            echo "      return 302 $captive_portal_url__1;" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+            echo "      return 302 $captive_portal_url__1;" >> /etc/nginx/conf.d/default.d/redirect_to_admin.conf
 
             echo "    }" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
         fi
         if [[ "$captive_portal__2" == "1" ]]
         then
-            echo "    if (\$remote_addr ~ "^$ip4_nat_prefix__2.\d+$") {" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+            echo "    if (\$remote_addr ~ "^$ip4_nat_prefix__2.\d+$") {" >> /etc/nginx/conf.d/default.d/redirect_to_admin.conf
 
-            echo "      return 302 $captive_portal_url__2;" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+            echo "      return 302 $captive_portal_url__2;" >> /etc/nginx/conf.d/default.d/redirect_to_admin.conf
 
-            echo "    }" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+            echo "    }" >> /etc/nginx/conf.d/default.d/redirect_to_admin.conf
         fi
         if [[ "$captive_portal__3" == "1" ]]
         then
-            echo "    if (\$remote_addr ~ "^$ip4_nat_prefix__3.\d+$") {" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+            echo "    if (\$remote_addr ~ "^$ip4_nat_prefix__3.\d+$") {" >> /etc/nginx/conf.d/default.d/redirect_to_admin.conf
 
-            echo "      return 302 $captive_portal_url__3;" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+            echo "      return 302 $captive_portal_url__3;" >> /etc/nginx/conf.d/default.d/redirect_to_admin.conf
 
-            echo "    }" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
+            echo "    }" >> /etc/nginx/conf.d/default.d/redirect_to_admin.conf
         fi
         echo "    return 302 https://\$http_host/yunohost/admin;" >> /etc/nginx/conf.d/default.d/redirect_to_admin.conf
         echo "}" >> /etc/nginx/conf.d/default.d/redirect_to_admin.conf

From eb505c7ad29418c1e4c6955c3cb56df33659b062 Mon Sep 17 00:00:00 2001
From: "ljf (zamentur)" <zamentur@users.noreply.github.com>
Date: Mon, 13 Mar 2023 13:19:18 +0100
Subject: [PATCH 06/16] [fix] Bad sections in config panel

---
 config_panel.toml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/config_panel.toml b/config_panel.toml
index d303bcf..54eb774 100644
--- a/config_panel.toml
+++ b/config_panel.toml
@@ -197,14 +197,14 @@ name = "Configuration"
         pattern.regexp = '^([0-9.]{7,15}|[0-9a-fA-F:]+)$'
         pattern.error = "Not an ip"
 
-        [main.hotspot1.captive_portal__2]
+        [main.hotspot2.captive_portal__2]
         ask = "Captive portal"
         type = "boolean"
         bind = "array_settings()"
         visible = "advanced__2"
 	help = "Activate the captive portal mode"
 
-        [main.hotspot1.captive_portal_url__2]
+        [main.hotspot2.captive_portal_url__2]
         ask = "Local captive portal URL"
         type = "string"
         bind = "array_settings()"
@@ -271,14 +271,14 @@ name = "Configuration"
         pattern.regexp = '^([0-9.]{7,15}|[0-9a-fA-F:]+)$'
         pattern.error = "Not an ip"
 
-        [main.hotspot1.captive_portal__3]
+        [main.hotspot3.captive_portal__3]
         ask = "Captive portal"
         type = "boolean"
         bind = "array_settings()"
         visible = "advanced__3"
 	help = "Activate the captive portal mode"
 
-        [main.hotspot1.captive_portal_url__3]
+        [main.hotspot3.captive_portal_url__3]
         ask = "Local captive portal URL"
         type = "string"
         bind = "array_settings()"

From c88ff623f30c7c2c7b8683043398f3c01aa03a68 Mon Sep 17 00:00:00 2001
From: yunohost-bot <yunohost@yunohost.org>
Date: Thu, 15 Aug 2024 22:00:06 +0000
Subject: [PATCH 07/16] Auto-update READMEs

---
 ALL_README.md     |  2 ++
 README.md         |  2 +-
 README_es.md      |  2 +-
 README_eu.md      |  2 +-
 README_fr.md      |  2 +-
 README_gl.md      |  2 +-
 README_id.md      | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 README_ru.md      | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 README_zh_Hans.md |  2 +-
 9 files changed, 102 insertions(+), 6 deletions(-)
 create mode 100644 README_id.md
 create mode 100644 README_ru.md

diff --git a/ALL_README.md b/ALL_README.md
index 152f2e7..e3c80d2 100644
--- a/ALL_README.md
+++ b/ALL_README.md
@@ -5,4 +5,6 @@
 - [Irakurri README euskaraz](README_eu.md)
 - [Lire le README en français](README_fr.md)
 - [Le o README en galego](README_gl.md)
+- [Baca README dalam bahasa bahasa Indonesia](README_id.md)
+- [Прочитать README на русский](README_ru.md)
 - [阅读中文（简体）的 README](README_zh_Hans.md)
diff --git a/README.md b/README.md
index 9b1e364..4ad5759 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ It shall NOT be edited by hand.
 
 # Wifi Hotspot for YunoHost
 
-[![Integration level](https://dash.yunohost.org/integration/hotspot.svg)](https://dash.yunohost.org/appci/app/hotspot) ![Working status](https://ci-apps.yunohost.org/ci/badges/hotspot.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/hotspot.maintain.svg)
+[![Integration level](https://dash.yunohost.org/integration/hotspot.svg)](https://ci-apps.yunohost.org/ci/apps/hotspot/) ![Working status](https://ci-apps.yunohost.org/ci/badges/hotspot.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/hotspot.maintain.svg)
 
 [![Install Wifi Hotspot with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=hotspot)
 
diff --git a/README_es.md b/README_es.md
index f4260a6..c64cda5 100644
--- a/README_es.md
+++ b/README_es.md
@@ -5,7 +5,7 @@ No se debe editar a mano.
 
 # Wifi Hotspot para Yunohost
 
-[![Nivel de integración](https://dash.yunohost.org/integration/hotspot.svg)](https://dash.yunohost.org/appci/app/hotspot) ![Estado funcional](https://ci-apps.yunohost.org/ci/badges/hotspot.status.svg) ![Estado En Mantención](https://ci-apps.yunohost.org/ci/badges/hotspot.maintain.svg)
+[![Nivel de integración](https://dash.yunohost.org/integration/hotspot.svg)](https://ci-apps.yunohost.org/ci/apps/hotspot/) ![Estado funcional](https://ci-apps.yunohost.org/ci/badges/hotspot.status.svg) ![Estado En Mantención](https://ci-apps.yunohost.org/ci/badges/hotspot.maintain.svg)
 
 [![Instalar Wifi Hotspot con Yunhost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=hotspot)
 
diff --git a/README_eu.md b/README_eu.md
index 107765e..1b8c91c 100644
--- a/README_eu.md
+++ b/README_eu.md
@@ -5,7 +5,7 @@ EZ editatu eskuz.
 
 # Wifi Hotspot YunoHost-erako
 
-[![Integrazio maila](https://dash.yunohost.org/integration/hotspot.svg)](https://dash.yunohost.org/appci/app/hotspot) ![Funtzionamendu egoera](https://ci-apps.yunohost.org/ci/badges/hotspot.status.svg) ![Mantentze egoera](https://ci-apps.yunohost.org/ci/badges/hotspot.maintain.svg)
+[![Integrazio maila](https://dash.yunohost.org/integration/hotspot.svg)](https://ci-apps.yunohost.org/ci/apps/hotspot/) ![Funtzionamendu egoera](https://ci-apps.yunohost.org/ci/badges/hotspot.status.svg) ![Mantentze egoera](https://ci-apps.yunohost.org/ci/badges/hotspot.maintain.svg)
 
 [![Instalatu Wifi Hotspot YunoHost-ekin](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=hotspot)
 
diff --git a/README_fr.md b/README_fr.md
index b7b7eae..ded2b7b 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -5,7 +5,7 @@ Il NE doit PAS être modifié à la main.
 
 # Wifi Hotspot pour YunoHost
 
-[![Niveau d’intégration](https://dash.yunohost.org/integration/hotspot.svg)](https://dash.yunohost.org/appci/app/hotspot) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/hotspot.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/hotspot.maintain.svg)
+[![Niveau d’intégration](https://dash.yunohost.org/integration/hotspot.svg)](https://ci-apps.yunohost.org/ci/apps/hotspot/) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/hotspot.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/hotspot.maintain.svg)
 
 [![Installer Wifi Hotspot avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=hotspot)
 
diff --git a/README_gl.md b/README_gl.md
index 8689b94..ebb0229 100644
--- a/README_gl.md
+++ b/README_gl.md
@@ -5,7 +5,7 @@ NON debe editarse manualmente.
 
 # Wifi Hotspot para YunoHost
 
-[![Nivel de integración](https://dash.yunohost.org/integration/hotspot.svg)](https://dash.yunohost.org/appci/app/hotspot) ![Estado de funcionamento](https://ci-apps.yunohost.org/ci/badges/hotspot.status.svg) ![Estado de mantemento](https://ci-apps.yunohost.org/ci/badges/hotspot.maintain.svg)
+[![Nivel de integración](https://dash.yunohost.org/integration/hotspot.svg)](https://ci-apps.yunohost.org/ci/apps/hotspot/) ![Estado de funcionamento](https://ci-apps.yunohost.org/ci/badges/hotspot.status.svg) ![Estado de mantemento](https://ci-apps.yunohost.org/ci/badges/hotspot.maintain.svg)
 
 [![Instalar Wifi Hotspot con YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=hotspot)
 
diff --git a/README_id.md b/README_id.md
new file mode 100644
index 0000000..b66023b
--- /dev/null
+++ b/README_id.md
@@ -0,0 +1,47 @@
+<!--
+N.B.: README ini dibuat secara otomatis oleh <https://github.com/YunoHost/apps/tree/master/tools/readme_generator>
+Ini TIDAK boleh diedit dengan tangan.
+-->
+
+# Wifi Hotspot untuk YunoHost
+
+[![Tingkat integrasi](https://dash.yunohost.org/integration/hotspot.svg)](https://ci-apps.yunohost.org/ci/apps/hotspot/) ![Status kerja](https://ci-apps.yunohost.org/ci/badges/hotspot.status.svg) ![Status pemeliharaan](https://ci-apps.yunohost.org/ci/badges/hotspot.maintain.svg)
+
+[![Pasang Wifi Hotspot dengan YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=hotspot)
+
+*[Baca README ini dengan bahasa yang lain.](./ALL_README.md)*
+
+> *Paket ini memperbolehkan Anda untuk memasang Wifi Hotspot secara cepat dan mudah pada server YunoHost.*  
+> *Bila Anda tidak mempunyai YunoHost, silakan berkonsultasi dengan [panduan](https://yunohost.org/install) untuk mempelajari bagaimana untuk memasangnya.*
+
+## Ringkasan
+
+* Broadcast a Wi-Fi access point from your self-hosted server
+* Combine with the [VPN Client app](https://github.com/labriqueinternet/vpnclient_ynh) to obtain a VPN-protected WiFi
+
+
+**Versi terkirim:** 2.3.1~ynh1
+
+## Tangkapan Layar
+
+![Tangkapan Layar pada Wifi Hotspot](./doc/screenshots/hotspot.png)
+
+## Dokumentasi dan sumber daya
+
+- Website aplikasi resmi: <https://internetcu.be/>
+- Gudang YunoHost: <https://apps.yunohost.org/app/hotspot>
+- Laporkan bug: <https://github.com/YunoHost-Apps/hotspot_ynh/issues>
+
+## Info developer
+
+Silakan kirim pull request ke [`testing` branch](https://github.com/YunoHost-Apps/hotspot_ynh/tree/testing).
+
+Untuk mencoba branch `testing`, silakan dilanjutkan seperti:
+
+```bash
+sudo yunohost app install https://github.com/YunoHost-Apps/hotspot_ynh/tree/testing --debug
+atau
+sudo yunohost app upgrade hotspot -u https://github.com/YunoHost-Apps/hotspot_ynh/tree/testing --debug
+```
+
+**Info lebih lanjut mengenai pemaketan aplikasi:** <https://yunohost.org/packaging_apps>
diff --git a/README_ru.md b/README_ru.md
new file mode 100644
index 0000000..99995c7
--- /dev/null
+++ b/README_ru.md
@@ -0,0 +1,47 @@
+<!--
+Важно: этот README был автоматически сгенерирован <https://github.com/YunoHost/apps/tree/master/tools/readme_generator>
+Он НЕ ДОЛЖЕН редактироваться вручную.
+-->
+
+# Wifi Hotspot для YunoHost
+
+[![Уровень интеграции](https://dash.yunohost.org/integration/hotspot.svg)](https://ci-apps.yunohost.org/ci/apps/hotspot/) ![Состояние работы](https://ci-apps.yunohost.org/ci/badges/hotspot.status.svg) ![Состояние сопровождения](https://ci-apps.yunohost.org/ci/badges/hotspot.maintain.svg)
+
+[![Установите Wifi Hotspot с YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=hotspot)
+
+*[Прочтите этот README на других языках.](./ALL_README.md)*
+
+> *Этот пакет позволяет Вам установить Wifi Hotspot быстро и просто на YunoHost-сервер.*  
+> *Если у Вас нет YunoHost, пожалуйста, посмотрите [инструкцию](https://yunohost.org/install), чтобы узнать, как установить его.*
+
+## Обзор
+
+* Broadcast a Wi-Fi access point from your self-hosted server
+* Combine with the [VPN Client app](https://github.com/labriqueinternet/vpnclient_ynh) to obtain a VPN-protected WiFi
+
+
+**Поставляемая версия:** 2.3.1~ynh1
+
+## Снимки экрана
+
+![Снимок экрана Wifi Hotspot](./doc/screenshots/hotspot.png)
+
+## Документация и ресурсы
+
+- Официальный веб-сайт приложения: <https://internetcu.be/>
+- Магазин YunoHost: <https://apps.yunohost.org/app/hotspot>
+- Сообщите об ошибке: <https://github.com/YunoHost-Apps/hotspot_ynh/issues>
+
+## Информация для разработчиков
+
+Пришлите Ваш запрос на слияние в [ветку `testing`](https://github.com/YunoHost-Apps/hotspot_ynh/tree/testing).
+
+Чтобы попробовать ветку `testing`, пожалуйста, сделайте что-то вроде этого:
+
+```bash
+sudo yunohost app install https://github.com/YunoHost-Apps/hotspot_ynh/tree/testing --debug
+или
+sudo yunohost app upgrade hotspot -u https://github.com/YunoHost-Apps/hotspot_ynh/tree/testing --debug
+```
+
+**Больше информации о пакетировании приложений:** <https://yunohost.org/packaging_apps>
diff --git a/README_zh_Hans.md b/README_zh_Hans.md
index 2c93b7d..50a09ed 100644
--- a/README_zh_Hans.md
+++ b/README_zh_Hans.md
@@ -5,7 +5,7 @@
 
 # YunoHost 上的 Wifi Hotspot
 
-[![集成程度](https://dash.yunohost.org/integration/hotspot.svg)](https://dash.yunohost.org/appci/app/hotspot) ![工作状态](https://ci-apps.yunohost.org/ci/badges/hotspot.status.svg) ![维护状态](https://ci-apps.yunohost.org/ci/badges/hotspot.maintain.svg)
+[![集成程度](https://dash.yunohost.org/integration/hotspot.svg)](https://ci-apps.yunohost.org/ci/apps/hotspot/) ![工作状态](https://ci-apps.yunohost.org/ci/badges/hotspot.status.svg) ![维护状态](https://ci-apps.yunohost.org/ci/badges/hotspot.maintain.svg)
 
 [![使用 YunoHost 安装 Wifi Hotspot](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=hotspot)
 

From f1eddbac9e9c3f522b5c5fb49f198c7eced20e1a Mon Sep 17 00:00:00 2001
From: HgO <hgo@batato.be>
Date: Fri, 16 Aug 2024 00:02:01 +0200
Subject: [PATCH 08/16] remove multissid artifacts

---
 config_panel.toml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/config_panel.toml b/config_panel.toml
index 1326b1c..798a963 100644
--- a/config_panel.toml
+++ b/config_panel.toml
@@ -111,14 +111,12 @@ name = "Configuration"
         [main.hotspot.captive_portal]
         ask = "Captive portal"
         type = "boolean"
-        bind = "array_settings()"
-        visible = "advanced__3"
+        visible = "advanced"
 	help = "Activate the captive portal mode"
 
         [main.hotspot.captive_portal_url]
         ask = "Local captive portal URL"
         type = "string"
-        bind = "array_settings()"
         visible = "advanced && captive_portal"
 	help = "Local URL on which redirect onto when the user mac address is not yet allowed"
 

From ad18f8dc688e14c1f4a8ec3971817f7dcd03f6c9 Mon Sep 17 00:00:00 2001
From: HgO <hgo@batato.be>
Date: Fri, 16 Aug 2024 15:43:24 +0200
Subject: [PATCH 09/16] remove multissid stuff

---
 hooks/post_iptables_rules | 91 +++++++++++++++++----------------------
 1 file changed, 40 insertions(+), 51 deletions(-)

diff --git a/hooks/post_iptables_rules b/hooks/post_iptables_rules
index 903c649..cb99f53 100644
--- a/hooks/post_iptables_rules
+++ b/hooks/post_iptables_rules
@@ -1,68 +1,57 @@
 #!/bin/bash
 
-multissid=$(grep multissid /etc/yunohost/apps/hotspot/settings.yml | cut -d: -f2 | sed "s/[ ']//g")
-interface=$(grep wifi_device /etc/yunohost/apps/hotspot/settings.yml | cut -d: -f2 | sed "s/[ ']//g")
-IFS='|' read -a captive_portal <<< "$(grep captive_portal /etc/yunohost/apps/hotspot/settings.yml | grep -v captive_portal_url | cut -d: -f2 | sed "s/[ ']//g")"
-IFS='|' read -a ipv4 <<< "$(grep ip4_nat_prefix /etc/yunohost/apps/hotspot/settings.yml | cut -d: -f2 | sed "s/[ ']//g")"
-IFS='|' read -a ipv6 <<< "$(grep ip6_net /etc/yunohost/apps/hotspot/settings.yml | cut -d: -f2 | sed "s/[ ']//g")"
+wifi_device=$(ynh_app_setting_get --app=$app --key=wifi_device)
+captive_portal=$(ynh_app_setting_get --app=$app --key=captive_portal)
+ip4_prefix=$(ynh_app_setting_get --app=$app --key=ip4_nat_prefix)
+ip6_prefix=$(ynh_app_setting_get --app=$app --key=ip6_net)
 
 iptables -w -N hotspot_fwd
 ip6tables -w -N hotspot_fwd
-for (( j=0; j<multissid; j++ ));
+
+if [[ "${captive_portal}" != "1" ]]
+then
+    exit 0
+fi
+
+for iptables_cmd in iptables ip6tables;
 do
-    if [[ "${captive_portal[$j]}" != "1" ]]
-    then
-        continue
+    if [[ "${iptables_cmd}" == "iptables" ]]; then
+        prefix="${ip4_prefix}"
+        ip="${ip4_prefix}.1"
+        subnet="${ip4_prefix}.0/24"
+    else
+        prefix="${ip6_prefix}"
+        ip="${ip6_prefix}1"
+        subnet="${ip6_prefix}1/64"
     fi
 
-    for iptables_cmd in iptables ip6tables;
-    do
-        if [[ "${iptables_cmd}" == "iptables" ]]; then
-            ipv4=${ipv4[$j]}
-            if [[ "${ipv4}" == "" ]]
-            then
-                continue
-            fi
-            ip=$ipv4.1
-            subnet=$ipv4.0/24
-            mac_adresses=$(grep "$ipv4" /etc/hotspot/allowed.csv | cut -d, -f3)
-        else
-            ipv6=${ipv6[$j]}
-            if [[ "${ipv6}" == "" ]]
-            then
-                continue
-            fi
-            ip=$ipv6::1
-            subnet=$ipv6::1
-            mac_adresses=$(grep "$ipv6" /etc/hotspot/allowed.csv | cut -d, -f3)
-        fi
+    mac_addresses=$(grep "${prefix}" /etc/hotspot/allowed.csv | cut -d, -f3)
 
-        # Allow to request 4253 port
-        $iptables_cmd -w -A INPUT -i $interface -m udp -p udp --dport 4253 -j ACCEPT
+    # Allow to request 4253 port
+    $iptables_cmd -w -A INPUT -i "${wifi_device}" -m udp -p udp --dport 4253 -j ACCEPT
 
-        # Drop all packets going on external internet
-        $iptables_cmd -w -A hotspot_fwd -s $subnet -j DROP
+    # Drop all packets going on external internet
+    $iptables_cmd -w -A hotspot_fwd -s "${subnet}" -j DROP
 
-        # Force to use the fakeDNS
-        $iptables_cmd -w -A PREROUTING -i $interface -s $subnet -p udp --dport 53 -j DNAT --to-destination $ip:4253
+    # Force to use the fakeDNS
+    $iptables_cmd -w -A PREROUTING -i "${wifi_device}" -s "${subnet}" -p udp --dport 53 -j DNAT --to-destination "${ip}:4253"
 
-        # Make things working with DoH 
-        # Warning: this rules to ssupport DoH let info in nginx logs on which website the user try to access...
-        # Only activating 80 and not 443 reduces a bit the issues.
-        # A better approach could be to list all ips used by domains dedicated to captive portal detection.
-        $iptables_cmd -w -A PREROUTING -i $interface -s $subnet -p tcp --dport 80 -j DNAT --to-destination $ip:80
-        #$iptables_cmd -w -A PREROUTING -i $interface -s $subnet -p tcp --dport 443 -j DNAT --to-destination $ip:443
+    # Make things working with DoH 
+    # Warning: this rules to ssupport DoH let info in nginx logs on which website the user try to access...
+    # Only activating 80 and not 443 reduces a bit the issues.
+    # A better approach could be to list all ips used by domains dedicated to captive portal detection.
+    $iptables_cmd -w -A PREROUTING -i "${wifi_device}" -s "${subnet}" -p tcp --dport 80 -j DNAT --to-destination "${ip}:80"
+    #$iptables_cmd -w -A PREROUTING -i "${wifi_device}" -s "${subnet}" -p tcp --dport 443 -j DNAT --to-destination "${ip}:443"
 
-        # Maybe needed, maybe not (i din't need this when vpn is activated)
-        #$iptables_cmd -t nat -A POSTROUTING -o $interface -j MASQUERADE
+    # Maybe needed, maybe not (i din't need this when vpn is activated)
+    #$iptables_cmd -t nat -A POSTROUTING -o "${wifi_device}" -j MASQUERADE
 
-        # Allow specific mac adress to use external internet
-        for mac in ${mac_adresses}; do
-          $iptables_cmd -w -I hotspot_fwd 1 -s $subnet -m mac --mac-source $mac -j ACCEPT
-          $iptables_cmd -t nat -w -I PREROUTING 1 -i $interface -s $subnet -m mac --mac-source $mac -j ACCEPT
-        done
-
-        $iptables_cmd -w -I FORWARD 1 -i $interface -j hotspot_fwd
+    # Allow specific mac adress to use external internet
+    for mac in ${mac_addresses}; do
+        $iptables_cmd -w -I hotspot_fwd 1 -s "${subnet}" -m mac --mac-source "${mac}" -j ACCEPT
+        $iptables_cmd -t nat -w -I PREROUTING 1 -i "${wifi_device}" -s "${subnet}" -m mac --mac-source "${mac}" -j ACCEPT
     done
+
+    $iptables_cmd -w -I FORWARD 1 -i "${wifi_device}" -j hotspot_fwd
 done
 exit 0

From 6f2275a93a0ffc3b634a955574f76d85b2cb3334 Mon Sep 17 00:00:00 2001
From: HgO <hgo@batato.be>
Date: Fri, 16 Aug 2024 15:53:27 +0200
Subject: [PATCH 10/16] nginx template for redirect to admin

---
 conf/nginx.conf |  6 ++++++
 scripts/config  | 17 +++--------------
 2 files changed, 9 insertions(+), 14 deletions(-)
 create mode 100644 conf/nginx.conf

diff --git a/conf/nginx.conf b/conf/nginx.conf
new file mode 100644
index 0000000..534161e
--- /dev/null
+++ b/conf/nginx.conf
@@ -0,0 +1,6 @@
+location / {
+    if ($remote_addr ~ "^__IP4_NAT_PREFIX__.\d+$") {
+        return 302 __CAPTIVE_PORTAL_URL__;
+    }
+    return 302 https://$http_host/yunohost/admin;
+}
diff --git a/scripts/config b/scripts/config
index b62af3e..dacc90c 100644
--- a/scripts/config
+++ b/scripts/config
@@ -199,22 +199,11 @@ ynh_app_config_apply() {
     
     # Activate captive portal or not
     captive_portal=$(ynh_app_setting_get --app=$app --key=captive_portal)
-    if [[ "$captive_portal" == '1' ]]
-    then
-        echo "location / {" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
-        
-        echo "    if (\$remote_addr ~ "^$ip4_nat_prefix.\d+$") {" >> /etc/nginx/conf.d/default.d/redirect_to_admin.conf
-
-        echo "      return 302 $captive_portal_url;" >> /etc/nginx/conf.d/default.d/redirect_to_admin.conf
-
-        echo "    }" > /etc/nginx/conf.d/default.d/redirect_to_admin.conf
-        
-        echo "    return 302 https://\$http_host/yunohost/admin;" >> /etc/nginx/conf.d/default.d/redirect_to_admin.conf
-        
-        echo "}" >> /etc/nginx/conf.d/default.d/redirect_to_admin.conf
-        systemctl reload nginx
+    if [[ "${captive_portal}" -eq 1 ]]; then
+        ynh_config_add_nginx
 	    ynh_systemd_action --service_name=captiveportal_fakedns --action="start" --log_path=systemd
     else
+        ynh_config_remove_nginx
 	    ynh_systemd_action --service_name=captiveportal_fakedns --action="stop" --log_path=systemd
     fi
 

From db054499c3b78edc665fc80ff81318b637cbe2e1 Mon Sep 17 00:00:00 2001
From: HgO <hgo@batato.be>
Date: Sat, 17 Aug 2024 00:34:38 +0200
Subject: [PATCH 11/16] fix undefined captive_portal var after upgrade

---
 scripts/upgrade | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/scripts/upgrade b/scripts/upgrade
index fb92cc1..5651869 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -45,6 +45,15 @@ if [ -z ${service_name:-} ]; then
 	ynh_app_setting_set --app=$app --key=service_name --value=$service_name
 fi
 
+if [ -z ${captive_portal:-} ]; then
+	captive_portal=0
+	ynh_app_setting_set --app=$app --key=captive_portal --value=$captive_portal
+fi
+if [ -z ${captive_portal_url:-} ]; then
+	captive_portal_url=""
+	ynh_app_setting_set --app=$app --key=captive_portal_url --value=$captive_portal_url
+fi
+
 if [[ -n "${multissid:-}" ]] && [[ "${multissid}" -gt 1 ]]; then
 	wifi_ssid=$(cut -d'|' -f 1 <<< ${wifi_ssid})
 	wifi_secure=$(cut -d'|' -f 1 <<< ${wifi_secure})

From 4eb8febe543ba36007c5a501f5564b46a16ec8f2 Mon Sep 17 00:00:00 2001
From: HgO <hgo@batato.be>
Date: Sat, 17 Aug 2024 00:39:24 +0200
Subject: [PATCH 12/16] fix upgrade

---
 scripts/upgrade | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/scripts/upgrade b/scripts/upgrade
index 5651869..096bd4d 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -166,6 +166,8 @@ chown root: /etc/hostapd/$app/
 mkdir -pm 0755 /etc/dnsmasq.$app/
 chown root: /etc/dnsmasq.$app/
 
+touch /etc/hotspot/allowed.csv
+
 if [[ -n "${wifi_device:-}" ]]; then 
     configure_hostapd
     configure_dhcp
@@ -179,6 +181,11 @@ fi
 ynh_add_config --template="../conf/ynh-hotspot" --destination="/usr/local/bin/$service_name"
 chmod 0755 "/usr/local/bin/$service_name"
 
+ynh_add_config --template="../conf/captiveportal_fakedns" --destination="/usr/local/bin/captiveportal_fakedns"
+chmod 0755 "/usr/local/bin/captiveportal_fakedns"
+ynh_add_config --template="../conf/captiveportal_allow" --destination="/usr/local/bin/captiveportal_allow"
+chmod 0755 "/usr/local/bin/captiveportal_allow"
+
 # Copy openvpn scripts
 mkdir -pm 0755 /etc/openvpn/scripts
 mkdir -pm 0755 /etc/openvpn/scripts/route-up.d
@@ -200,6 +207,9 @@ ynh_add_systemd_config --service="hostapd@$app" --template="../conf/systemd_host
 
 yunohost service add $service_name --description "Creates a Wi-Fi access point" --test_status "systemctl is-active hostapd@$app" --need_lock
 
+ynh_add_systemd_config --service="captiveportal_fakedns" --template="captiveportal_fakedns"
+yunohost service add captiveportal_fakedns --description "Captive portal dns service" --test_status "systemctl is-active captiveportal_fakedns"
+
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================

From 359b6fb9d439e73a9b76ae38d2537da8af6d65f0 Mon Sep 17 00:00:00 2001
From: HgO <hgo@batato.be>
Date: Sat, 17 Aug 2024 00:51:49 +0200
Subject: [PATCH 13/16] fix path for allowed.csv

---
 hooks/post_iptables_rules   | 2 +-
 scripts/install             | 2 +-
 scripts/upgrade             | 2 +-
 sources/captiveportal_allow | 4 ++--
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/hooks/post_iptables_rules b/hooks/post_iptables_rules
index cb99f53..01e3966 100644
--- a/hooks/post_iptables_rules
+++ b/hooks/post_iptables_rules
@@ -25,7 +25,7 @@ do
         subnet="${ip6_prefix}1/64"
     fi
 
-    mac_addresses=$(grep "${prefix}" /etc/hotspot/allowed.csv | cut -d, -f3)
+    mac_addresses=$(grep "${prefix}" /etc/hostapd/$app/allowed.csv | cut -d, -f3)
 
     # Allow to request 4253 port
     $iptables_cmd -w -A INPUT -i "${wifi_device}" -m udp -p udp --dport 4253 -j ACCEPT
diff --git a/scripts/install b/scripts/install
index 957fc61..57b9110 100644
--- a/scripts/install
+++ b/scripts/install
@@ -107,7 +107,7 @@ chown root: /etc/hostapd/$app/
 mkdir -pm 0755 /etc/dnsmasq.$app/
 chown root: /etc/dnsmasq.$app/
 
-touch /etc/hotspot/allowed.csv
+touch /etc/hostapd/$app/allowed.csv
 
 # Copy init script
 ynh_add_config --template="../conf/ynh-hotspot" --destination="/usr/local/bin/$service_name"
diff --git a/scripts/upgrade b/scripts/upgrade
index 096bd4d..a6a2e61 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -166,7 +166,7 @@ chown root: /etc/hostapd/$app/
 mkdir -pm 0755 /etc/dnsmasq.$app/
 chown root: /etc/dnsmasq.$app/
 
-touch /etc/hotspot/allowed.csv
+touch /etc/hostapd/$app/allowed.csv
 
 if [[ -n "${wifi_device:-}" ]]; then 
     configure_hostapd
diff --git a/sources/captiveportal_allow b/sources/captiveportal_allow
index 03c671d..321869a 100644
--- a/sources/captiveportal_allow
+++ b/sources/captiveportal_allow
@@ -4,8 +4,8 @@ date=$(date +"%Y-%m-%d %T")
 ip=$1
 mac=$(arp -a $ip | cut -d" " -f4 | head -n1)
 interface=$(grep wifi_device /etc/yunohost/apps/hotspot/settings.yml | cut -d: -f2 | sed "s/[ ']//g")
-if ! grep $mac /etc/hotspot/allowed.csv ; then
-    echo "$date,$ip,$mac" >> /etc/hotspot/allowed.csv
+if ! grep $mac /etc/hostapd/$app/allowed.csv ; then
+    echo "$date,$ip,$mac" >> /etc/hostapd/$app/allowed.csv
     iptables -w -I hotspot_fwd 1 -s $ip -m mac --mac-source $mac -j ACCEPT
     iptables -t nat -w -I PREROUTING 1 -i $interface -s $ip -m mac --mac-source $mac -j ACCEPT
 fi

From 8015e9a8da59f839a33e8520ff35ebfce5e5277b Mon Sep 17 00:00:00 2001
From: HgO <hgo@batato.be>
Date: Sat, 17 Aug 2024 09:44:46 +0200
Subject: [PATCH 14/16] fix template paths

---
 scripts/install | 6 +++---
 scripts/restore | 1 +
 scripts/upgrade | 6 +++---
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/scripts/install b/scripts/install
index 57b9110..24ab84f 100644
--- a/scripts/install
+++ b/scripts/install
@@ -113,9 +113,9 @@ touch /etc/hostapd/$app/allowed.csv
 ynh_add_config --template="../conf/ynh-hotspot" --destination="/usr/local/bin/$service_name"
 chmod 0755 "/usr/local/bin/$service_name"
 
-ynh_add_config --template="../conf/captiveportal_fakedns" --destination="/usr/local/bin/captiveportal_fakedns"
+ynh_add_config --template="../sources/captiveportal_fakedns" --destination="/usr/local/bin/captiveportal_fakedns"
 chmod 0755 "/usr/local/bin/captiveportal_fakedns"
-ynh_add_config --template="../conf/captiveportal_allow" --destination="/usr/local/bin/captiveportal_allow"
+ynh_add_config --template="../sources/captiveportal_allow" --destination="/usr/local/bin/captiveportal_allow"
 chmod 0755 "/usr/local/bin/captiveportal_allow"
 
 # Copy openvpn scripts
@@ -154,7 +154,7 @@ ynh_add_systemd_config --service=$service_name
 ynh_add_systemd_config --service="hostapd@$app" --template="../conf/systemd_hostapd.service"
 yunohost service add $service_name --description "Creates a Wi-Fi access point" --test_status "systemctl is-active hostapd@$app" --need_lock
 
-ynh_add_systemd_config --service="captiveportal_fakedns" --template="captiveportal_fakedns"
+ynh_add_systemd_config --service="captiveportal_fakedns" --template="../conf/captiveportal_fakedns.service"
 yunohost service add captiveportal_fakedns --description "Captive portal dns service" --test_status "systemctl is-active captiveportal_fakedns"
 
 #=================================================
diff --git a/scripts/restore b/scripts/restore
index 6a60840..d3a612d 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -43,6 +43,7 @@ ynh_script_progression --message="Restoring configurations ..."
 ynh_restore
 
 yunohost service add "$service_name" --description "Creates a Wi-Fi access point" --test_status "systemctl is-active hostapd@$app" --need_lock
+yunohost service add captiveportal_fakedns --description "Captive portal dns service" --test_status "systemctl is-active captiveportal_fakedns"
 
 #=================================================
 # START SYSTEMD SERVICE
diff --git a/scripts/upgrade b/scripts/upgrade
index a6a2e61..d41a8f7 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -181,9 +181,9 @@ fi
 ynh_add_config --template="../conf/ynh-hotspot" --destination="/usr/local/bin/$service_name"
 chmod 0755 "/usr/local/bin/$service_name"
 
-ynh_add_config --template="../conf/captiveportal_fakedns" --destination="/usr/local/bin/captiveportal_fakedns"
+ynh_add_config --template="../sources/captiveportal_fakedns" --destination="/usr/local/bin/captiveportal_fakedns"
 chmod 0755 "/usr/local/bin/captiveportal_fakedns"
-ynh_add_config --template="../conf/captiveportal_allow" --destination="/usr/local/bin/captiveportal_allow"
+ynh_add_config --template="../sources/captiveportal_allow" --destination="/usr/local/bin/captiveportal_allow"
 chmod 0755 "/usr/local/bin/captiveportal_allow"
 
 # Copy openvpn scripts
@@ -207,7 +207,7 @@ ynh_add_systemd_config --service="hostapd@$app" --template="../conf/systemd_host
 
 yunohost service add $service_name --description "Creates a Wi-Fi access point" --test_status "systemctl is-active hostapd@$app" --need_lock
 
-ynh_add_systemd_config --service="captiveportal_fakedns" --template="captiveportal_fakedns"
+ynh_add_systemd_config --service="captiveportal_fakedns" --template="../conf/captiveportal_fakedns.service"
 yunohost service add captiveportal_fakedns --description "Captive portal dns service" --test_status "systemctl is-active captiveportal_fakedns"
 
 #=================================================

From 5a9277c653dbcab12679691757f1655e5189b770 Mon Sep 17 00:00:00 2001
From: HgO <hgo@batato.be>
Date: Mon, 19 Aug 2024 18:07:30 +0200
Subject: [PATCH 15/16] rename ynh add / remove nginx config

---
 scripts/config | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/config b/scripts/config
index dacc90c..14e1c87 100644
--- a/scripts/config
+++ b/scripts/config
@@ -200,10 +200,10 @@ ynh_app_config_apply() {
     # Activate captive portal or not
     captive_portal=$(ynh_app_setting_get --app=$app --key=captive_portal)
     if [[ "${captive_portal}" -eq 1 ]]; then
-        ynh_config_add_nginx
+        ynh_add_nginx_config
 	    ynh_systemd_action --service_name=captiveportal_fakedns --action="start" --log_path=systemd
     else
-        ynh_config_remove_nginx
+        ynh_remove_nginx_config
 	    ynh_systemd_action --service_name=captiveportal_fakedns --action="stop" --log_path=systemd
     fi
 

From 42072cbd92f183c7f69a9b3bd8deb3968146c91f Mon Sep 17 00:00:00 2001
From: HgO <hgo@batato.be>
Date: Mon, 19 Aug 2024 18:40:45 +0200
Subject: [PATCH 16/16] define domain var from captive portal url

---
 scripts/config | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scripts/config b/scripts/config
index 14e1c87..4ca4533 100644
--- a/scripts/config
+++ b/scripts/config
@@ -199,6 +199,8 @@ ynh_app_config_apply() {
     
     # Activate captive portal or not
     captive_portal=$(ynh_app_setting_get --app=$app --key=captive_portal)
+    captive_portal_url=$(ynh_app_setting_get --app=$app --key=captive_portal_url)
+    domain=$(cut -d'/' -f 3 <<< "${captive_portal_url}")
     if [[ "${captive_portal}" -eq 1 ]]; then
         ynh_add_nginx_config
 	    ynh_systemd_action --service_name=captiveportal_fakedns --action="start" --log_path=systemd