Fabio/webssh2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Credentials-In-GET

Browse source
This commit is contained in:
ohad Butnaro 2022-04-23 03:48:16 +03:00
parent f457a4a520
commit 43ecda66b2
2 changed files with 11 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/server/app.js
View file

@ -65,7 +65,7 @@ module.exports = { server, config };
// express // express
app.use(safeShutdownGuard); app.use(safeShutdownGuard);
app.use(session); app.use(session);
app.use(myutil.basicAuth); // app.use(myutil.basicAuth);
if (config.accesslog) app.use(logger('common')); if (config.accesslog) app.use(logger('common'));
app.disable('x-powered-by'); app.disable('x-powered-by');
@ -85,7 +85,7 @@ app.get('/ssh/reauth', (req, res) => {
}); });
// eslint-disable-next-line complexity // eslint-disable-next-line complexity
app.get('/ssh/host/:host?', (req, res) => { app.get('/ssh/host/:host?', myutil.basicAuth, (req, res) => {
res.sendFile(path.join(path.join(publicPath, 'client.htm'))); res.sendFile(path.join(path.join(publicPath, 'client.htm')));
// capture, assign, and validate variables // capture, assign, and validate variables
req.session.ssh = { req.session.ssh = {

10
app/server/util.js
View file

@ -38,7 +38,15 @@ exports.basicAuth = function basicAuth(req, res, next) {
req.session.userpassword = defaultCredentials.password; req.session.userpassword = defaultCredentials.password;
req.session.privatekey = defaultCredentials.privatekey; req.session.privatekey = defaultCredentials.privatekey;
} }
if (!req.session.userpassword && !req.session.privatekey) { if (
(req.query.username !== '' || req.query.username !== undefined) &&
(req.query.password !== '' || req.query.password !== undefined)
) {
// eslint-disable-next-line
// console.log(`username: ${req.query.username} and password: ${req.query.password}`);
req.session.username = req.query.username;
req.session.userpassword = req.query.password;
} else {
res.statusCode = 401; res.statusCode = 401;
debug('basicAuth credential request (401)'); debug('basicAuth credential request (401)');
res.setHeader('WWW-Authenticate', 'Basic realm="WebSSH"'); res.setHeader('WWW-Authenticate', 'Basic realm="WebSSH"');