mirror of https://github.com/portainer/portainer
Kevan Ahlquist
parent
5bf922325a
commit
15d133324d
10
app/app.js
10
app/app.js
|
|
@ -25,6 +25,10 @@ angular.module('dockerui', [
|
||||||
'volumes'])
|
'volumes'])
|
||||||
.config(['$routeProvider', '$httpProvider', function ($routeProvider, $httpProvider) {
|
.config(['$routeProvider', '$httpProvider', function ($routeProvider, $httpProvider) {
|
||||||
'use strict';
|
'use strict';
|
||||||
|
|
||||||
|
$httpProvider.defaults.xsrfCookieName = '_gorilla_csrf';
|
||||||
|
$httpProvider.defaults.xsrfHeaderName = 'X-CSRF-Token';
|
||||||
|
|
||||||
$routeProvider.when('/', {
|
$routeProvider.when('/', {
|
||||||
templateUrl: 'app/components/dashboard/dashboard.html',
|
templateUrl: 'app/components/dashboard/dashboard.html',
|
||||||
controller: 'DashboardController'
|
controller: 'DashboardController'
|
||||||
|
|
@ -79,7 +83,13 @@ angular.module('dockerui', [
|
||||||
time: 10000
|
time: 10000
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
console.log('response', response);
|
||||||
return response;
|
return response;
|
||||||
|
},
|
||||||
|
request: function(config) {
|
||||||
|
console.log(document.cookie);
|
||||||
|
console.log('request', config);
|
||||||
|
return config;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|
|
||||||
25
dockerui.go
25
dockerui.go
|
|
@ -10,12 +10,19 @@ import (
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
|
"github.com/gorilla/csrf"
|
||||||
|
"github.com/gorilla/securecookie"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
endpoint = flag.String("e", "/var/run/docker.sock", "Dockerd endpoint")
|
endpoint = flag.String("e", "/var/run/docker.sock", "Dockerd endpoint")
|
||||||
addr = flag.String("p", ":9000", "Address and port to serve dockerui")
|
addr = flag.String("p", ":9000", "Address and port to serve dockerui")
|
||||||
assets = flag.String("a", ".", "Path to the assets")
|
assets = flag.String("a", ".", "Path to the assets")
|
||||||
|
CSRF = csrf.Protect(
|
||||||
|
[]byte(securecookie.GenerateRandomKey(32)),
|
||||||
|
csrf.HttpOnly(false),
|
||||||
|
csrf.Secure(false),
|
||||||
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
type UnixHandler struct {
|
type UnixHandler struct {
|
||||||
|
|
@ -87,7 +94,23 @@ func createHandler(dir string, e string) http.Handler {
|
||||||
|
|
||||||
mux.Handle("/dockerapi/", http.StripPrefix("/dockerapi", h))
|
mux.Handle("/dockerapi/", http.StripPrefix("/dockerapi", h))
|
||||||
mux.Handle("/", fileHandler)
|
mux.Handle("/", fileHandler)
|
||||||
return mux
|
return logWrapper(CSRF(mux))
|
||||||
|
}
|
||||||
|
|
||||||
|
func logWrapper(h http.Handler) http.Handler {
|
||||||
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
log.Println("Request starting: " + r.URL.Path)
|
||||||
|
c, err := r.Cookie ("_gorilla_csrf")
|
||||||
|
if err != nil {
|
||||||
|
log.Println("Unable to find session cookie _gorilla_csrf")
|
||||||
|
h.ServeHTTP(w, r)
|
||||||
|
} else {
|
||||||
|
log.Println("Cookie:" + c.Value)
|
||||||
|
log.Println("Header:" + r.Header.Get("X-CSRF-Token"))
|
||||||
|
h.ServeHTTP(w, r)
|
||||||
|
log.Println("Request ending")
|
||||||
|
}
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue