jinql
/
webssh
mirror of https://github.com/huashengdun/webssh
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
474 Commits
4 Branches
43 Tags
1.8 MiB
Commit Graph

474 Commits (9238c01c3536b7679ea2694cbf4f56f563a2e9c2)

Author SHA1 Message Date
Sheng 9238c01c35 Updated test_failed_weak_ref 2022-11-21 16:39:13 +08:00
Sheng 2a46b52eac Close websocket if there is no corresponding ssh connection 2022-11-21 14:52:38 +08:00
Sheng 9a7cfe767c Use uuid4 to generate id for Python3.5 Python3.4 Python2.7 2022-11-21 14:32:41 +08:00
Shengdun Hua a3cb94b45e
Merge pull request #306 from klarose/handle-closed-worker 
do not process message for closed workers
 2022-11-21 14:01:21 +08:00
Shengdun Hua 7b18eac7a6
Merge pull request #305 from klarose/more-secure-worker-id 
use secrets to generate worker id
 2022-11-21 11:26:38 +08:00
Kyle Larose f0e2ddb821
do not process message for closed workers 
WsockHandler stores a weak reference to the ssh backend worker. The
worker closes itself if the backend connection closes (e.g. the user
exists the ssh session). That happens in parallel to the websocket
handler processing messages, so it is possible for a message to arrive
when the worker no longer has any strong references, leading to an
exception being thrown.

Handle this case by treating the None worker the same way we do invalid
messages: by simply returning.
 2022-11-18 08:55:03 -05:00
Kyle Larose 1b62f379ed
use secrets to generate worker id 
The worker ID right now is typically based off the address of an object
in memory. This could be guessed. While the worker is tied to a
specific IP, there is a chance an off-path attacker could be hosted
behind the same IP as the caller. They could possibly guess the worker
id of an unclaimed session by observing the sequence of IDs presented to
themselves, leading to them gaining access to an already authenticated
SSH session.

Use the python secrets module to generate a cryptographically secure
token to use as the worker ID. This shoud be much harder to guess.
 2022-11-17 15:26:05 -05:00
Sheng ee24eb7f65 Fixed a bug of getting custom font url 2022-10-30 14:37:11 +08:00
Shengdun Hua 4aec063197
Merge pull request #284 from kensonman/alpine 
Change the Docker base image from python:3-slim to python:3-alpine.
 2022-05-29 10:58:57 +08:00
Kenson Man 309d912985 Change the Docker base image from python:3-slim to python:3-alpine. 
The final image will be ~79.6MB instead of 163MB. It has 48% smaller.
 2022-05-27 12:47:19 +01:00
Sheng a9d959ffb7 Bump to version 1.6.0 2022-05-02 20:07:32 +08:00
Sheng 97e6d25556 Support Python 3.9 2022-05-02 19:58:38 +08:00
Shengdun Hua 685e1a7df1
Merge pull request #275 from rlucia/master 
65535/tcp is a valid port number
 2022-03-11 21:40:27 +08:00
Rocco Lucia 3c0b0fb332 65535/tcp is a valid port number 2022-03-09 18:25:09 +01:00
Sheng 86c98dacc4 Use decodeURIComponent instead of decodeURI 2022-02-23 05:14:31 +08:00
Sheng 11bd7fea47 Moved some codes into else block 2022-02-20 21:37:16 +08:00
Shengdun Hua cd3c747747
Merge pull request #270 from Zotil/encoding_timeout 
timeout on exec_command
 2022-02-20 21:18:18 +08:00
Carlos Martínez c89fcc1da9 fix line length 2022-02-13 11:04:13 -03:00
Carlos Martínez 00a4a77243 timeout on exec_command 2022-02-13 10:45:06 -03:00
Shengdun Hua d74196eb00
Merge pull request #237 from fakeyw/dev_set_font_color 
Add url param to change font color
 2021-09-04 06:10:09 +08:00
fakeyw 3192cb006c README add set_font_color example 2021-09-03 17:48:41 +08:00
fakeyw e25751c132 found the way to change font color 2021-09-03 16:31:07 +08:00
Sheng ddbb2c3fb1 Ignore invalid font size 2021-08-25 19:18:28 +08:00
Shengdun Hua de828cbabf
Merge pull request #234 from yc5/patch-1 
update readme images with relative links
 2021-08-24 21:07:45 +08:00
yc5 0d14b8d4ae
update readme images with relative links 2021-08-24 19:54:36 +08:00
Shengdun Hua e63f2674a3
Merge pull request #233 from joshua5201/master 
Add fontsize url parameter
 2021-08-23 20:55:07 +08:00
Tsung-en Hsiao e4657761c9 Add fontsize url parameter 2021-08-23 07:01:03 +00:00
Shengdun Hua 2f0d5809ae
Merge pull request #209 from svengo/patch-1 
Update Dockerfile
 2021-03-11 23:01:31 +08:00
Sven Gottwald 8238a49554
Update Dockerfile 
For security reasons, run the Docker container as an unprivileged user
 2021-03-10 15:11:20 +01:00
Sheng 7b8f473ba6 Changed the type of two options into float 2020-10-07 20:36:43 +08:00
Sheng d54f5b547a Use options.delay instead of DELAY 2020-10-07 20:29:13 +08:00
Sheng 063b0ee5cf Bump version to 1.5.3 2020-10-02 13:55:56 +08:00
Sheng def4c9e653 Updated travis.yml 2020-10-02 11:51:44 +08:00
Sheng 11cc534e48 Use pytest 4.6+ 2020-10-02 11:44:16 +08:00
Sheng 760c74a2f7 Use selector event loop for Python 3.8+ on windows 2020-10-02 11:29:48 +08:00
Sheng 19d816f991 Check if channel is closed first when error occurs on reading or writing 2020-09-16 21:01:53 +08:00
Shengdun Hua 596e12d864
Merge pull request #181 from Pofilo/upgrade_paramiko 
upgrade paramiko to 2.7.2
 2020-09-15 21:46:49 +08:00
pofilo 2f53ee5551 upgrade paramiko to 2.7.2 2020-09-15 14:24:35 +02:00
Sheng 51d527fe75 Fixed typo 2020-04-12 21:25:21 +08:00
Sheng 884ac27d5c Bump version to 1.5.2 2020-03-22 17:24:28 +08:00
Sheng 1fb2fe1e87 Added support for python 3.8 2020-03-22 17:23:29 +08:00
Sheng 396013e14f Added python 3.8 2020-03-22 17:16:31 +08:00
Sheng d291199186 Updated requirements.txt 2020-03-22 17:11:02 +08:00
Sheng 815783d6b0 Use warning instead of warn 2020-03-22 17:02:04 +08:00
Sheng 5f4978a994 Set utf-8 as the default encoding if we cannot detect it 2020-03-22 14:40:49 +08:00
Sheng 795875807b Added two options for user configuration 2020-02-23 11:11:41 +08:00
Sheng 32d7236630 To generate more friendly error message 2020-02-14 07:59:14 +08:00
Shengdun Hua 0afc045f77
Merge pull request #127 from Chunters/help-update 
additional help description
 2020-02-14 07:50:01 +08:00
CHunter 6be01b94b6 additional help description 
For the --encode option
 2020-02-13 22:59:31 +03:00
Sheng f2c9766c65 Bump version to 1.5.1 2020-02-13 20:19:34 +08:00