Fabio/webssh2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
webssh2/app/routes.js
Bill Church 5a65b6e91d
chore: implement constants
2024-08-21 17:42:22 +00:00

87 lines
2.7 KiB
JavaScript
Raw Blame History

// server
// app/routes.js
const express = require("express")
const basicAuth = require("basic-auth")
const maskObject = require("jsmasker")
const validator = require("validator")
const {
getValidatedHost,
getValidatedPort,
validateSshTerm
} = require("./utils")
const handleConnection = require("./connectionHandler")
const { createNamespacedDebug } = require("./logger")
const { ConfigError, handleError } = require("./errors")
const { HTTP } = require("./constants")
const debug = createNamespacedDebug("routes")
const router = express.Router()
// eslint-disable-next-line consistent-return
function auth(req, res, next) {
debug("auth: Basic Auth")
const credentials = basicAuth(req)
if (!credentials) {
res.setHeader(HTTP.AUTHENTICATE, HTTP.REALM)
return res.status(HTTP.UNAUTHORIZED).send(HTTP.AUTH_REQUIRED)
}
// Validate and sanitize credentials
req.session.sshCredentials = {
username: validator.escape(credentials.name),
password: credentials.pass // We don't sanitize the password as it might contain special characters
}
req.session.usedBasicAuth = true // Set this flag when Basic Auth is used
next()
}
// Scenario 1: No auth required, uses websocket authentication instead
router.get("/", function(req, res) {
debug("router.get./: Accessed / route")
handleConnection(req, res)
})
// Scenario 2: Auth required, uses HTTP Basic Auth
router.get("/host/:host", auth, function(req, res) {
debug(`router.get.host: /ssh/host/${req.params.host} route`)
try {
const host = getValidatedHost(req.params.host)
const port = getValidatedPort(req.query.port)
// Validate and sanitize sshterm parameter if it exists
const sshterm = validateSshTerm(req.query.sshterm)
req.session.sshCredentials = req.session.sshCredentials || {}
req.session.sshCredentials.host = host
req.session.sshCredentials.port = port
if (req.query.sshterm) {
req.session.sshCredentials.term = sshterm
}
req.session.usedBasicAuth = true
// Sanitize and log the sshCredentials object
const sanitizedCredentials = maskObject(
JSON.parse(JSON.stringify(req.session.sshCredentials))
)
debug("/ssh/host/ Credentials: ", sanitizedCredentials)
handleConnection(req, res, { host: host })
} catch (err) {
const error = new ConfigError(`Invalid configuration: ${err.message}`)
handleError(error, res)
}
})
// Clear credentials route
router.get("/clear-credentials", function(req, res) {
req.session.sshCredentials = null
res.status(HTTP.OK).send(HTTP.CREDENTIALS_CLEARED)
})
router.get("/force-reconnect", function(req, res) {
req.session.sshCredentials = null
res.status(HTTP.UNAUTHORIZED).send(HTTP.AUTH_REQUIRED)
})
module.exports = router
Reference in a new issue View git blame Copy permalink