My goal is to use a raspberry pi as a WiFi AP for restricted users, such as students, and interface the control through a rest API. I'll create a front end that allows administrators to restrict access to certain sites (i.e. youtube, netflix) for each wifi client or groups of clients based on the clients WiFi MAC address and the domain name or ip range of the websites. The ethernet plug will be used as an uplink.
My requirements are:
- please use python i want it to run natively on the raspberry pi, and i have some familiarity with the language
- all control functions are done through a rest API. you don't need to worry about the front end.
- maintain a local database (mysql is preferred) for configurations, and device history
- restrict access to certain internet sites/networks like an ACL based on the MAC and policies
- policies may apply to multiple MAC addresses and may apply at certain dates or times.
- policies restrict access based on IP range or domain name
- blocked clients are forced to a static html page hosted by the pi stating they are blocked
- i expect this will require a DNS server component which the wifi clients will use.
- clients may or may not interact with other clients on the network based on policy
- client traffic data is captured at high level (i.e. number of bytes per domain name or IP address) in five minute increments to generate internet history metrics.
- the API will have endpoints/functions such as:
-- listclients, returns a list of all clients, if they are blocked or isolated, their mac address, and a clientid (note i expect clientid and mac address to always be 1:1 but i dont' want to pass the mac address as api parameters)
-- clienthistory(clientid) -- returns the browsing history of the client based on clientid input
-- blockclient(clientid) -- places the client into a blocked policy restricting all internet access and lan access
-- unblockclient (clientid) -- removes that blocked policy
-- isolateclient(clientid) -- restricts the client to only internet communication, cannot access other nodes or clients on the local wifi network
-- unisolateclient(clientid) -- removes the isolation policy
-- nameclient(clientid, name) -- adds a friendly name to the client
-- addpolicy(name) -- creates a new policy shell, returns policyid (i.e. 'block_netflix')
-- clientpolicyadd (clientid, policyid) -- adds a client to the policy
-- clientpolicydelete (clientid, policyid) -- removes the client from the policy
-- clientpolicylist (policyid) -- returns the clients in that policy
-- schedulepolicyadd (policyid, starttime, endtime) -- adds a schedule to the policy that enforces the policy. the front end will handle recurring events as multiple api calls. the starttime and endtime will be unix utc time. returns schedulepolicyid
-- schedulepolicydelete (schedulepolicyid) -- removes the schedule from the policy
-- schedulepolicylist(policyid) -- returns a listing of all schedules for the policy (only future times). returns schedulepolicyid, starttime, endtime
-- domainpolicyadd (policyid, domainname) -- adds a domain name to the policy. note: in general, a wildcard subdomain should be applied for all domains (i.e. *.[login to view URL]). returns domainpolicyid
-- domainpolicydelete (domainpolicyid) -- deletes the domain policy
-- domainpolicylist (policyid) -- returns all the domain names and their domainpolicyid for that policy
-- ippolicyadd (policyid, ip_range) -- adds an internet ip address to the policy. ip_range should be in x.x.x.x/yy CIDR format so it allows a single or range of ip addresses. returns ippolicyid
-- ippolicydelete (ippolicyid) -- deletes the ippolicy from the policy
-- ippolicylist (policyid) -- returns all ip address ranges and ippolicyid within the policy
in general i prefer GET parameters for the API, and JSON for the returned content.
6 freelancers are bidding on average $875 for this job
Professional Python and RESTful API developer! I have worked on this field for 8+ years. My recent projects is similar to your requirement. I am confident about this project. I can start right now.