mirror of https://github.com/huashengdun/webssh
Added a setting/parameter for an access key. If set, key must be present as a url parameter when requesting index, otherwise access is decied
mentate
parent
1cf19c7186
commit
d0b4c7d4d8
|
|
@ -186,7 +186,7 @@ class PrivateKey(object):
|
||||||
class MixinHandler(object):
|
class MixinHandler(object):
|
||||||
|
|
||||||
custom_headers = {
|
custom_headers = {
|
||||||
'Server': 'TornadoServer'
|
'You Should': 'Stay Out'
|
||||||
}
|
}
|
||||||
|
|
||||||
html = ('<html><head><title>{code} {reason}</title></head><body>{code} '
|
html = ('<html><head><title>{code} {reason}</title></head><body>{code} '
|
||||||
|
|
@ -316,10 +316,11 @@ class IndexHandler(MixinHandler, tornado.web.RequestHandler):
|
||||||
|
|
||||||
executor = ThreadPoolExecutor(max_workers=cpu_count()*5)
|
executor = ThreadPoolExecutor(max_workers=cpu_count()*5)
|
||||||
|
|
||||||
def initialize(self, loop, policy, host_keys_settings):
|
def initialize(self, loop, policy, host_keys_settings, access_key):
|
||||||
super(IndexHandler, self).initialize(loop)
|
super(IndexHandler, self).initialize(loop)
|
||||||
self.policy = policy
|
self.policy = policy
|
||||||
self.host_keys_settings = host_keys_settings
|
self.host_keys_settings = host_keys_settings
|
||||||
|
self.access_key = access_key
|
||||||
self.ssh_client = self.get_ssh_client()
|
self.ssh_client = self.get_ssh_client()
|
||||||
self.debug = self.settings.get('debug', False)
|
self.debug = self.settings.get('debug', False)
|
||||||
self.font = self.settings.get('font', '')
|
self.font = self.settings.get('font', '')
|
||||||
|
|
@ -395,6 +396,10 @@ class IndexHandler(MixinHandler, tornado.web.RequestHandler):
|
||||||
privatekey, filename = self.get_privatekey()
|
privatekey, filename = self.get_privatekey()
|
||||||
passphrase = self.get_argument('passphrase', u'')
|
passphrase = self.get_argument('passphrase', u'')
|
||||||
totp = self.get_argument('totp', u'')
|
totp = self.get_argument('totp', u'')
|
||||||
|
supplied_access_key = self.get_argument('access_key', u'')
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if isinstance(self.policy, paramiko.RejectPolicy):
|
if isinstance(self.policy, paramiko.RejectPolicy):
|
||||||
self.lookup_hostname(hostname, port)
|
self.lookup_hostname(hostname, port)
|
||||||
|
|
@ -405,7 +410,7 @@ class IndexHandler(MixinHandler, tornado.web.RequestHandler):
|
||||||
pkey = None
|
pkey = None
|
||||||
|
|
||||||
self.ssh_client.totp = totp
|
self.ssh_client.totp = totp
|
||||||
args = (hostname, port, username, password, pkey)
|
args = (hostname, port, username, password, pkey, supplied_access_key)
|
||||||
logging.debug(args)
|
logging.debug(args)
|
||||||
|
|
||||||
return args
|
return args
|
||||||
|
|
@ -488,7 +493,17 @@ class IndexHandler(MixinHandler, tornado.web.RequestHandler):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
def get(self):
|
def get(self):
|
||||||
self.render('index.html', debug=self.debug, font=self.font)
|
# if path matches options.path
|
||||||
|
supplied_access_key = self.get_argument('accesskey', u'')
|
||||||
|
|
||||||
|
if self.debug:
|
||||||
|
logging.debug(f"Provided access key: {supplied_access_key}")
|
||||||
|
logging.debug(f"actual access key: {self.access_key}")
|
||||||
|
|
||||||
|
if supplied_access_key != self.access_key:
|
||||||
|
self.render('access_denied.html')
|
||||||
|
else:
|
||||||
|
self.render('index.html', debug=self.debug, font=self.font)
|
||||||
|
|
||||||
@tornado.gen.coroutine
|
@tornado.gen.coroutine
|
||||||
def post(self):
|
def post(self):
|
||||||
|
|
|
||||||
|
|
@ -7,17 +7,21 @@ from webssh import handler
|
||||||
from webssh.handler import IndexHandler, WsockHandler, NotFoundHandler
|
from webssh.handler import IndexHandler, WsockHandler, NotFoundHandler
|
||||||
from webssh.settings import (
|
from webssh.settings import (
|
||||||
get_app_settings, get_host_keys_settings, get_policy_setting,
|
get_app_settings, get_host_keys_settings, get_policy_setting,
|
||||||
get_ssl_context, get_server_settings, check_encoding_setting
|
get_ssl_context, get_server_settings, check_encoding_setting,
|
||||||
|
get_access_key
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def make_handlers(loop, options):
|
def make_handlers(loop, options):
|
||||||
|
logging.info(options)
|
||||||
host_keys_settings = get_host_keys_settings(options)
|
host_keys_settings = get_host_keys_settings(options)
|
||||||
policy = get_policy_setting(options, host_keys_settings)
|
policy = get_policy_setting(options, host_keys_settings)
|
||||||
|
access_key = get_access_key(options)
|
||||||
|
|
||||||
handlers = [
|
handlers = [
|
||||||
(r'/', IndexHandler, dict(loop=loop, policy=policy,
|
(r'/', IndexHandler, dict(loop=loop, policy=policy,
|
||||||
host_keys_settings=host_keys_settings)),
|
host_keys_settings=host_keys_settings,
|
||||||
|
access_key=access_key)),
|
||||||
(r'/ws', WsockHandler, dict(loop=loop))
|
(r'/ws', WsockHandler, dict(loop=loop))
|
||||||
]
|
]
|
||||||
return handlers
|
return handlers
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,7 @@ def print_version(flag):
|
||||||
|
|
||||||
|
|
||||||
define('address', default='', help='Listen address')
|
define('address', default='', help='Listen address')
|
||||||
|
define('accesskey', default='', help='If provided, requests must have a matching url parameter')
|
||||||
define('port', type=int, default=8888, help='Listen port')
|
define('port', type=int, default=8888, help='Listen port')
|
||||||
define('ssladdress', default='', help='SSL listen address')
|
define('ssladdress', default='', help='SSL listen address')
|
||||||
define('sslport', type=int, default=4433, help='SSL listen port')
|
define('sslport', type=int, default=4433, help='SSL listen port')
|
||||||
|
|
@ -76,7 +77,7 @@ class Font(object):
|
||||||
def get_app_settings(options):
|
def get_app_settings(options):
|
||||||
settings = dict(
|
settings = dict(
|
||||||
template_path=os.path.join(base_dir, 'webssh', 'templates'),
|
template_path=os.path.join(base_dir, 'webssh', 'templates'),
|
||||||
static_path=os.path.join(base_dir, 'webssh', 'static'),
|
static_path=os.path.join(base_dir,'webssh', 'static'),
|
||||||
websocket_ping_interval=options.wpintvl,
|
websocket_ping_interval=options.wpintvl,
|
||||||
debug=options.debug,
|
debug=options.debug,
|
||||||
xsrf_cookies=options.xsrf,
|
xsrf_cookies=options.xsrf,
|
||||||
|
|
@ -126,6 +127,8 @@ def get_policy_setting(options, host_keys_settings):
|
||||||
check_policy_setting(policy_class, host_keys_settings)
|
check_policy_setting(policy_class, host_keys_settings)
|
||||||
return policy_class()
|
return policy_class()
|
||||||
|
|
||||||
|
def get_access_key(options):
|
||||||
|
return options.accesskey
|
||||||
|
|
||||||
def get_ssl_context(options):
|
def get_ssl_context(options):
|
||||||
if not options.certfile and not options.keyfile:
|
if not options.certfile and not options.keyfile:
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,8 @@
|
||||||
|
<html>
|
||||||
|
<head> </head>
|
||||||
|
<body>
|
||||||
|
<h1>Access Denied</h1>
|
||||||
|
<p>Access key is not present or is invalid</p>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
Loading…
Reference in New Issue