topaLE
/
wetty
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Rebased from main, removed lockfiles from .gitignore

pull/342/head
Christian7573 4 years ago
parent
33995eb287 2a3b724b98
commit
a76e700c5d
14 changed files with 6531 additions and 42 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      .eslintrc.json
  2. 5
      .github/workflows/publish.yml
  3. 26
      .github/workflows/release.yml
  4. 22
      .github/workflows/stale.yml
  5. 2
      .gitignore
  6. 4
      containers/wetty/Dockerfile
  7. 2
      docs/nginx.md
  8. 6
      package.json
  9. 48
      src/client/wetty/download.spec.ts
  10. 3
      src/server.ts
  11. 11
      src/server/command/address.ts
  12. 15
      src/server/shared/shell.spec.ts
  13. 2
      src/server/shared/shell.ts
  14. 6411
      yarn.lock

16
.eslintrc.json
View File

@ -1,6 +1,6 @@
{ {
"parser": "@typescript-eslint/parser", "parser": "@typescript-eslint/parser",
"plugins": ["@typescript-eslint", "prettier", "mocha"], "plugins": ["@typescript-eslint", "prettier"],
"env": { "env": {
"es6": true, "es6": true,
"node": true, "node": true,
@ -67,5 +67,17 @@
"extensions": [".ts", ".js"] "extensions": [".ts", ".js"]
} }
} }
} },
"overrides": [
{
"files": ["*.spec.ts"],
"extends": ["plugin:mocha/recommended"],
"plugins": ["mocha"],
"rules": {
"import/no-extraneous-dependencies": ["off"],
"mocha/no-mocha-arrows": ["off"],
"no-unused-expressions": ["off"]
}
}
]
} }

5
.github/workflows/publish.yml
View File

@ -24,14 +24,11 @@ jobs:
env: env:
CI: true CI: true
- name: Publish if version has been updated - name: Publish if version has been updated
uses: pascalgn/npm-publish-action@1.3.6 uses: pascalgn/npm-publish-action@1.3.8
with: with:
tag_name: "v%s" tag_name: "v%s"
tag_message: "v%s" tag_message: "v%s"
create_tag: "true"
commit_pattern: "^Release (\\S+)" commit_pattern: "^Release (\\S+)"
workspace: "."
publish_command: "yarn"
publish_args: "--non-interactive" publish_args: "--non-interactive"
env: env:
GITHUB_TOKEN: ${{ secrets.node_github_token }} GITHUB_TOKEN: ${{ secrets.node_github_token }}

26
.github/workflows/release.yml
View File

@ -0,0 +1,26 @@
---
name: Create Release
on:
push:
tags:
- 'v*'
jobs:
build:
name: Create Release
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@master
- name: Create Release
- uses: fregante/release-with-changelog@v3
with:
token: ${{ secrets.NODE_GITHUB_TOKEN }}
title: "Release {tag}"
exclude: true
commit-template: '- {title} ← {hash}'
template: |
### Changelog
{commits}
{range}

22
.github/workflows/stale.yml
View File

@ -0,0 +1,22 @@
name: Mark stale issues and pull requests
on:
schedule:
- cron: '39 10 * * *'
jobs:
stale:
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
steps:
- uses: actions/stale@v3
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-issue-message: 'Stale issue message'
stale-pr-message: 'Stale pull request message'
stale-issue-label: 'no-issue-activity'
stale-pr-label: 'no-pr-activity'

2
.gitignore
View File

@ -14,8 +14,6 @@ npm-debug.log*
yarn-debug.log* yarn-debug.log*
yarn-error.log* yarn-error.log*
lerna-debug.log* lerna-debug.log*
/package-lock.json
/yarn.lock
# Diagnostic reports (https://nodejs.org/api/report.html) # Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json

4
containers/wetty/Dockerfile
View File

@ -1,5 +1,5 @@
FROM node:current-alpine as builder FROM node:current-alpine as builder
RUN apk add -U build-base python RUN apk add -U build-base python3
WORKDIR /usr/src/app WORKDIR /usr/src/app
COPY . /usr/src/app COPY . /usr/src/app
RUN yarn && \ RUN yarn && \
@ -14,7 +14,7 @@ EXPOSE 3000
COPY --from=builder /usr/src/app/build /usr/src/app/build COPY --from=builder /usr/src/app/build /usr/src/app/build
COPY --from=builder /usr/src/app/node_modules /usr/src/app/node_modules COPY --from=builder /usr/src/app/node_modules /usr/src/app/node_modules
COPY package.json /usr/src/app COPY package.json /usr/src/app
RUN apk add -U openssh-client sshpass && \ RUN apk add -U coreutils openssh-client sshpass && \
mkdir ~/.ssh mkdir ~/.ssh
ENTRYPOINT [ "yarn" , "docker-entrypoint"] ENTRYPOINT [ "yarn" , "docker-entrypoint"]

2
docs/nginx.md
View File

@ -12,7 +12,7 @@ The following confs assume you want to serve WeTTy on the url
`example.com/wetty` and are running WeTTy with the default base and serving it `example.com/wetty` and are running WeTTy with the default base and serving it
on the same server on the same server
For a more detailed look see the [nginx.conf](../bin/nginx.template) used for For a more detailed look see the [nginx.conf](../conf/nginx.template) used for
testing testing
Put the following configuration in your nginx conf: Put the following configuration in your nginx conf:

6
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "wetty", "name": "wetty",
"version": "2.0.4", "version": "2.1.1",
"description": "WeTTY = Web + TTY. Terminal access in browser over http/https", "description": "WeTTY = Web + TTY. Terminal access in browser over http/https",
"homepage": "https://github.com/butlerx/wetty", "homepage": "https://github.com/butlerx/wetty",
"license": "MIT", "license": "MIT",
@ -17,7 +17,7 @@
"build": "snowpack build", "build": "snowpack build",
"dev": "NODE_ENV=development concurrently --kill-others --success first \"snowpack dev\" \"nodemon .\"", "dev": "NODE_ENV=development concurrently --kill-others --success first \"snowpack dev\" \"nodemon .\"",
"prepublishOnly": "snowpack build", "prepublishOnly": "snowpack build",
"lint": "eslint src/**/*.ts", "lint": "eslint src",
"start": "NODE_ENV=production node .", "start": "NODE_ENV=production node .",
"contributor": "all-contributors", "contributor": "all-contributors",
"test": "env TS_NODE_COMPILER_OPTIONS='{\"module\": \"commonjs\" }' mocha -r ts-node/register src/**/*.spec.ts", "test": "env TS_NODE_COMPILER_OPTIONS='{\"module\": \"commonjs\" }' mocha -r ts-node/register src/**/*.spec.ts",
@ -111,7 +111,7 @@
"helmet": "^4.1.0", "helmet": "^4.1.0",
"json5": "^2.1.3", "json5": "^2.1.3",
"lodash": "^4.17.20", "lodash": "^4.17.20",
"node-pty": "^0.9.0", "node-pty": "^0.10.0",
"parseurl": "^1.3.3", "parseurl": "^1.3.3",
"sass": "^1.26.10", "sass": "^1.26.10",
"socket.io": "^2.3.0", "socket.io": "^2.3.0",

48
src/client/wetty/download.spec.ts
View File

@ -1,5 +1,3 @@
/* eslint-disable */
import { expect } from 'chai'; import { expect } from 'chai';
import 'mocha'; import 'mocha';
import * as sinon from 'sinon'; import * as sinon from 'sinon';
@ -7,15 +5,17 @@ import * as sinon from 'sinon';
import { JSDOM } from 'jsdom'; import { JSDOM } from 'jsdom';
import { FileDownloader } from './download'; import { FileDownloader } from './download';
const noop = (): void => {}; // eslint-disable-line @typescript-eslint/no-empty-function
describe('FileDownloader', () => { describe('FileDownloader', () => {
const FILE_BEGIN = 'BEGIN'; const FILE_BEGIN = 'BEGIN';
const FILE_END = 'END'; const FILE_END = 'END';
let fileDownloader: any; let fileDownloader: FileDownloader;
beforeEach(() => { beforeEach(() => {
const { window } = new JSDOM(`...`); const { window } = new JSDOM(`...`);
global.document = window.document; global.document = window.document;
fileDownloader = new FileDownloader(() => {}, FILE_BEGIN, FILE_END); fileDownloader = new FileDownloader(noop, FILE_BEGIN, FILE_END);
}); });
afterEach(() => { afterEach(() => {
@ -81,7 +81,7 @@ describe('FileDownloader', () => {
}); });
it('should buffer across incomplete file begin marker sequence on two calls', () => { it('should buffer across incomplete file begin marker sequence on two calls', () => {
fileDownloader = new FileDownloader(() => {}, 'BEGIN', 'END'); fileDownloader = new FileDownloader(noop, 'BEGIN', 'END');
const onCompleteFileCallbackStub = sinon.stub( const onCompleteFileCallbackStub = sinon.stub(
fileDownloader, fileDownloader,
'onCompleteFileCallback', 'onCompleteFileCallback',
@ -94,7 +94,7 @@ describe('FileDownloader', () => {
}); });
it('should buffer across incomplete file begin marker sequence on n calls', () => { it('should buffer across incomplete file begin marker sequence on n calls', () => {
fileDownloader = new FileDownloader(() => {}, 'BEGIN', 'END'); fileDownloader = new FileDownloader(noop, 'BEGIN', 'END');
const onCompleteFileCallbackStub = sinon.stub( const onCompleteFileCallbackStub = sinon.stub(
fileDownloader, fileDownloader,
'onCompleteFileCallback', 'onCompleteFileCallback',
@ -104,25 +104,25 @@ describe('FileDownloader', () => {
expect(fileDownloader.buffer('E')).to.equal(''); expect(fileDownloader.buffer('E')).to.equal('');
expect(fileDownloader.buffer('G')).to.equal(''); expect(fileDownloader.buffer('G')).to.equal('');
expect(fileDownloader.buffer('I')).to.equal(''); expect(fileDownloader.buffer('I')).to.equal('');
expect(fileDownloader.buffer('NFILE' + 'END')).to.equal(''); expect(fileDownloader.buffer('NFILEEND')).to.equal('');
expect(onCompleteFileCallbackStub.calledOnce).to.be.true; expect(onCompleteFileCallbackStub.calledOnce).to.be.true;
expect(onCompleteFileCallbackStub.getCall(0).args[0]).to.equal('FILE'); expect(onCompleteFileCallbackStub.getCall(0).args[0]).to.equal('FILE');
}); });
it('should buffer across incomplete file begin marker sequence with data on the left and right on multiple calls', () => { it('should buffer across incomplete file begin marker sequence with data on the left and right on multiple calls', () => {
fileDownloader = new FileDownloader(() => {}, 'BEGIN', 'END'); fileDownloader = new FileDownloader(noop, 'BEGIN', 'END');
const onCompleteFileCallbackStub = sinon.stub( const onCompleteFileCallbackStub = sinon.stub(
fileDownloader, fileDownloader,
'onCompleteFileCallback', 'onCompleteFileCallback',
); );
expect(fileDownloader.buffer('DATA AT THE LEFT' + 'B')).to.equal( expect(fileDownloader.buffer('DATA AT THE LEFTB')).to.equal(
'DATA AT THE LEFT', 'DATA AT THE LEFT',
); );
expect(fileDownloader.buffer('E')).to.equal(''); expect(fileDownloader.buffer('E')).to.equal('');
expect(fileDownloader.buffer('G')).to.equal(''); expect(fileDownloader.buffer('G')).to.equal('');
expect(fileDownloader.buffer('I')).to.equal(''); expect(fileDownloader.buffer('I')).to.equal('');
expect(fileDownloader.buffer('NFILE' + 'ENDDATA AT THE RIGHT')).to.equal( expect(fileDownloader.buffer('NFILEENDDATA AT THE RIGHT')).to.equal(
'DATA AT THE RIGHT', 'DATA AT THE RIGHT',
); );
expect(onCompleteFileCallbackStub.calledOnce).to.be.true; expect(onCompleteFileCallbackStub.calledOnce).to.be.true;
@ -130,13 +130,13 @@ describe('FileDownloader', () => {
}); });
it('should buffer across incomplete file begin marker sequence then handle false positive', () => { it('should buffer across incomplete file begin marker sequence then handle false positive', () => {
fileDownloader = new FileDownloader(() => {}, 'BEGIN', 'END'); fileDownloader = new FileDownloader(noop, 'BEGIN', 'END');
const onCompleteFileCallbackStub = sinon.stub( const onCompleteFileCallbackStub = sinon.stub(
fileDownloader, fileDownloader,
'onCompleteFileCallback', 'onCompleteFileCallback',
); );
expect(fileDownloader.buffer('DATA AT THE LEFT' + 'B')).to.equal( expect(fileDownloader.buffer('DATA AT THE LEFTB')).to.equal(
'DATA AT THE LEFT', 'DATA AT THE LEFT',
); );
expect(fileDownloader.buffer('E')).to.equal(''); expect(fileDownloader.buffer('E')).to.equal('');
@ -150,7 +150,7 @@ describe('FileDownloader', () => {
}); });
it('should buffer across incomplete file end marker sequence on two calls', () => { it('should buffer across incomplete file end marker sequence on two calls', () => {
fileDownloader = new FileDownloader(() => {}, 'BEGIN', 'END'); fileDownloader = new FileDownloader(noop, 'BEGIN', 'END');
const mockFilePart1 = 'DATA AT THE LEFTBEGINFILEE'; const mockFilePart1 = 'DATA AT THE LEFTBEGINFILEE';
const mockFilePart2 = 'NDDATA AT THE RIGHT'; const mockFilePart2 = 'NDDATA AT THE RIGHT';
@ -166,13 +166,13 @@ describe('FileDownloader', () => {
}); });
it('should buffer across incomplete file end and file begin marker sequence with data on the left and right on multiple calls', () => { it('should buffer across incomplete file end and file begin marker sequence with data on the left and right on multiple calls', () => {
fileDownloader = new FileDownloader(() => {}, 'BEGIN', 'END'); fileDownloader = new FileDownloader(noop, 'BEGIN', 'END');
const onCompleteFileCallbackStub = sinon.stub( const onCompleteFileCallbackStub = sinon.stub(
fileDownloader, fileDownloader,
'onCompleteFileCallback', 'onCompleteFileCallback',
); );
expect(fileDownloader.buffer('DATA AT THE LEFT' + 'BE')).to.equal( expect(fileDownloader.buffer('DATA AT THE LEFTBE')).to.equal(
'DATA AT THE LEFT', 'DATA AT THE LEFT',
); );
expect(fileDownloader.buffer('G')).to.equal(''); expect(fileDownloader.buffer('G')).to.equal('');
@ -187,7 +187,7 @@ describe('FileDownloader', () => {
}); });
it('should be able to handle multiple files', () => { it('should be able to handle multiple files', () => {
fileDownloader = new FileDownloader(() => {}, 'BEGIN', 'END'); fileDownloader = new FileDownloader(noop, 'BEGIN', 'END');
const onCompleteFileCallbackStub = sinon.stub( const onCompleteFileCallbackStub = sinon.stub(
fileDownloader, fileDownloader,
'onCompleteFileCallback', 'onCompleteFileCallback',
@ -202,7 +202,7 @@ describe('FileDownloader', () => {
'SECOND DATA' + 'SECOND DATA' +
'BEGIN', 'BEGIN',
), ),
).to.equal('DATA AT THE LEFT' + 'SECOND DATA'); ).to.equal('DATA AT THE LEFTSECOND DATA');
expect(onCompleteFileCallbackStub.calledOnce).to.be.true; expect(onCompleteFileCallbackStub.calledOnce).to.be.true;
expect(onCompleteFileCallbackStub.getCall(0).args[0]).to.equal('FILE1'); expect(onCompleteFileCallbackStub.getCall(0).args[0]).to.equal('FILE1');
@ -214,19 +214,19 @@ describe('FileDownloader', () => {
}); });
it('should be able to handle multiple files with an ending marker', () => { it('should be able to handle multiple files with an ending marker', () => {
fileDownloader = new FileDownloader(() => {}, 'BEGIN', 'END'); fileDownloader = new FileDownloader(noop, 'BEGIN', 'END');
const onCompleteFileCallbackStub = sinon.stub( const onCompleteFileCallbackStub = sinon.stub(
fileDownloader, fileDownloader,
'onCompleteFileCallback', 'onCompleteFileCallback',
); );
expect( expect(fileDownloader.buffer('DATA AT THE LEFTBEGINFILE1EN')).to.equal(
fileDownloader.buffer('DATA AT THE LEFT' + 'BEGIN' + 'FILE1' + 'EN'), 'DATA AT THE LEFT',
).to.equal('DATA AT THE LEFT'); );
expect(onCompleteFileCallbackStub.calledOnce).to.be.false; expect(onCompleteFileCallbackStub.calledOnce).to.be.false;
expect( expect(fileDownloader.buffer('DSECOND DATABEGINFILE2EN')).to.equal(
fileDownloader.buffer('D' + 'SECOND DATA' + 'BEGIN' + 'FILE2' + 'EN'), 'SECOND DATA',
).to.equal('SECOND DATA'); );
expect(onCompleteFileCallbackStub.calledOnce).to.be.true; expect(onCompleteFileCallbackStub.calledOnce).to.be.true;
expect(onCompleteFileCallbackStub.getCall(0).args[0]).to.equal('FILE1'); expect(onCompleteFileCallbackStub.getCall(0).args[0]).to.equal('FILE1');
expect(fileDownloader.buffer('D')).to.equal(''); expect(fileDownloader.buffer('D')).to.equal('');

3
src/server.ts
View File

@ -15,6 +15,7 @@ import {
forceSSHDefault, forceSSHDefault,
defaultCommand, defaultCommand,
} from './shared/defaults.js'; } from './shared/defaults.js';
import { escapeShell } from './server/shared/shell.js';
/** /**
* Starts WeTTy Server * Starts WeTTy Server
@ -58,7 +59,7 @@ export async function start(
} else { } else {
try { try {
const username = await login(socket); const username = await login(socket);
args[1] = `${username.trim()}@${args[1]}`; args[1] = `${escapeShell(username.trim())}@${args[1]}`;
logger.debug('Spawning term', { logger.debug('Spawning term', {
username: username.trim(), username: username.trim(),
cmd: args.join(' '), cmd: args.join(' '),

11
src/server/command/address.ts
View File

@ -1,3 +1,5 @@
import { escapeShell } from '../shared/shell.js';
export function address( export function address(
headers: Record<string, string>, headers: Record<string, string>,
user: string, user: string,
@ -6,9 +8,12 @@ export function address(
// Check request-header for username // Check request-header for username
const remoteUser = headers['remote-user']; const remoteUser = headers['remote-user'];
if (remoteUser) { if (remoteUser) {
return `${remoteUser}@${host}`; return `${escapeShell(remoteUser)}@${host}`;
} }
const match = headers.referer.match('.+/ssh/([^/]+)$'); const match = headers.referer.match('.+/ssh/([^/]+)$');
const fallback = user ? `${user}@${host}` : host; if (match) {
return match ? `${match[1].split('?')[0]}@${host}` : fallback; const username = escapeShell(match[1].split('?')[0]);
return `${username}@${host}`;
}
return user ? `${escapeShell(user)}@${host}` : host;
} }

15
src/server/shared/shell.spec.ts
View File

@ -0,0 +1,15 @@
import 'mocha';
import { expect } from 'chai';
import { escapeShell } from './shell';
describe('Values passed to escapeShell should be safe to pass woth sub processes', () => {
it('should escape remove subcommands', () => {
const cmd = escapeShell('test`echo hello`');
expect(cmd).to.equal('testechohello');
});
it('should ensure args cant be flags', () => {
const cmd = escapeShell("-oProxyCommand='bash' -c `wget localhost:2222`");
expect(cmd).to.equal('oProxyCommandbash-cwgetlocalhost2222');
});
});

2
src/server/shared/shell.ts
View File

@ -0,0 +1,2 @@
export const escapeShell = (username: string): string =>
username.replace(/^-|[^a-zA-Z0-9_-]/g, '');

6411
yarn.lock
View File

File diff suppressed because it is too large
Write Preview
Loading…
Cancel
Save