feat: Switch User or reauth feature for Basic Auth sessions
This commit is contained in:
Bill Church
parent
96ee27fe2b
commit
a530f59704
5 changed files with 37 additions and 10 deletions
16
app/app.js
16
app/app.js
|
|
@ -45,6 +45,22 @@ function createApp() {
|
|||
app.use(bodyParser.urlencoded({ extended: true }))
|
||||
app.use(bodyParser.json())
|
||||
|
||||
// Add cookie-setting middleware
|
||||
app.use((req, res, next) => {
|
||||
if (req.session.sshCredentials) {
|
||||
const cookieData = {
|
||||
host: req.session.sshCredentials.host,
|
||||
port: req.session.sshCredentials.port
|
||||
}
|
||||
res.cookie("basicauth", JSON.stringify(cookieData), {
|
||||
httpOnly: false,
|
||||
path: '/ssh/host/',
|
||||
sameSite: 'Strict'
|
||||
}) // ensure httOnly is false for the client to read the cookie
|
||||
}
|
||||
next()
|
||||
})
|
||||
|
||||
// Serve static files from the webssh2_client module with a custom prefix
|
||||
app.use("/ssh/assets", express.static(clientPath))
|
||||
|
||||
|
|
|
|||
|
|
@ -282,22 +282,28 @@ function loadConfig() {
|
|||
providedConfig
|
||||
)
|
||||
|
||||
// Override the port with the PORT environment variable if it's set
|
||||
if (process.env.PORT) {
|
||||
mergedConfig.listen.port = parseInt(process.env.PORT, 10)
|
||||
console.log(`Using PORT from environment: ${mergedConfig.listen.port}`)
|
||||
}
|
||||
|
||||
const validatedConfig = validateConfig(mergedConfig)
|
||||
console.log("Merged and validated configuration")
|
||||
console.log('Merged and validated configuration')
|
||||
return validatedConfig
|
||||
} else {
|
||||
logError(
|
||||
"\n\nERROR: Missing config.json for webssh. Using default config: " +
|
||||
'\n\nERROR: Missing config.json for webssh. Using default config: ' +
|
||||
JSON.stringify(defaultConfig) +
|
||||
"\n\n See config.json.sample for details\n\n"
|
||||
'\n\n See config.json.sample for details\n\n'
|
||||
)
|
||||
return defaultConfig
|
||||
}
|
||||
} catch (err) {
|
||||
logError(
|
||||
"\n\nERROR: Problem loading config.json for webssh. Using default config: " +
|
||||
'\n\nERROR: Problem loading config.json for webssh. Using default config: ' +
|
||||
JSON.stringify(defaultConfig) +
|
||||
"\n\n See config.json.sample for details\n\n",
|
||||
'\n\n See config.json.sample for details\n\n',
|
||||
err
|
||||
)
|
||||
return defaultConfig
|
||||
|
|
|
|||
|
|
@ -28,7 +28,8 @@ function handleConnection(req, res, urlParams) {
|
|||
}
|
||||
|
||||
// Check if the current route is /host/:host
|
||||
if (req.path.startsWith('/ssh/host/')) {
|
||||
debug('handleConnection req.path:', req.path)
|
||||
if (req.path.startsWith('/host/')) {
|
||||
tempConfig.autoConnect = true
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ const { sanitizeObject, validateSshTerm } = require("./utils")
|
|||
const validator = require("validator")
|
||||
|
||||
function auth(req, res, next) {
|
||||
debug("Authenticating user with HTTP Basic Auth")
|
||||
debug("auth: Basic Auth")
|
||||
var credentials = basicAuth(req)
|
||||
if (!credentials) {
|
||||
res.setHeader("WWW-Authenticate", 'Basic realm="WebSSH2"')
|
||||
|
|
@ -21,6 +21,7 @@ function auth(req, res, next) {
|
|||
username: validator.escape(credentials.name),
|
||||
password: credentials.pass // We don't sanitize the password as it might contain special characters
|
||||
}
|
||||
req.session.usedBasicAuth = true // Set this flag when Basic Auth is used
|
||||
next()
|
||||
}
|
||||
|
||||
|
|
@ -59,6 +60,7 @@ router.get("/host/:host", auth, function (req, res) {
|
|||
if (req.query.sshTerm) {
|
||||
req.session.sshCredentials.term = sshTerm
|
||||
}
|
||||
req.session.usedBasicAuth = true
|
||||
|
||||
// Sanitize and log the sshCredentials object
|
||||
const sanitizedCredentials = sanitizeObject(
|
||||
|
|
@ -70,12 +72,12 @@ router.get("/host/:host", auth, function (req, res) {
|
|||
})
|
||||
|
||||
// Clear credentials route
|
||||
router.post("/clear-credentials", function (req, res) {
|
||||
router.get("/clear-credentials", function (req, res) {
|
||||
req.session.sshCredentials = null
|
||||
res.status(200).send("Credentials cleared.")
|
||||
})
|
||||
|
||||
router.post("/force-reconnect", function (req, res) {
|
||||
router.get("/force-reconnect", function (req, res) {
|
||||
req.session.sshCredentials = null
|
||||
res.status(401).send("Authentication required.")
|
||||
})
|
||||
|
|
|
|||
|
|
@ -371,6 +371,7 @@ module.exports = function (io, config) {
|
|||
socket.handshake.session.sshCredentials.username = null
|
||||
socket.handshake.session.sshCredentials.password = null
|
||||
}
|
||||
socket.handshake.session.usedBasicAuth = false
|
||||
sessionState.authenticated = false
|
||||
sessionState.username = null
|
||||
sessionState.password = null
|
||||
|
|
@ -382,7 +383,8 @@ module.exports = function (io, config) {
|
|||
}
|
||||
|
||||
// Check for HTTP Basic Auth credentials
|
||||
if (socket.handshake.session.sshCredentials) {
|
||||
if (socket.handshake.session.usedBasicAuth && socket.handshake.session.sshCredentials) {
|
||||
// if (socket.handshake.session.sshCredentials) {
|
||||
var creds = socket.handshake.session.sshCredentials
|
||||
debug(
|
||||
"handleConnection: " +
|
||||
|
|
|
|||
Loading…
Reference in a new issue