diff --git a/README.md b/README.md index 8915134..e230d9e 100644 --- a/README.md +++ b/README.md @@ -24,11 +24,11 @@ $ yarn build To install it globally from npm use yarn or npm: -- yarn, `yarn -g add wetty.js` +- yarn, `yarn global add wetty.js` - npm, `npm i -g wetty.js` -For auto-login feature you'll need sshpass installed(NOT required for rest of -the program". +For auto-login feature you'll need sshpass installed (NOT required for rest of +the program). - `apt-get install sshpass` (debian eg. Ubuntu) - `yum install sshpass` (red hat flavours eg. CentOs) diff --git a/bin/nginx.template b/bin/nginx.template index e89cb69..20c6199 100644 --- a/bin/nginx.template +++ b/bin/nginx.template @@ -46,6 +46,25 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; + + # Authenticate user via other services (e.g., oauth2 end-points) + # + # Configuration : + # - Configure a 'auth_request' directive for this server block + # - Capture the authenticated username using 'auth_request_set' + # - Set the 'remote-user' request header accordingly + # + # Example (using lasso as authentication middleware): + # + # Add to server block: + # auth_request /lasso-validate + # auth_request_set $auth_user $upstream_http_x_lasso_user; + # + # Add to /wetty location block + # proxy_set_header remote-user $auth_user; + # + # And configure a '/lasso-validate' location. See this blog for further + # guidance: https://developer.okta.com/blog/2018/08/28/nginx-auth-request } # gzip diff --git a/docker-compose.yml b/docker-compose.yml index bfaf519..28b21eb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,7 +6,7 @@ services: image: butlerx/wetty container_name: wetty tty: true - working_dir: /app + working_dir: /usr/src/app ports: - "3000:3000" environment: diff --git a/docs/README.md b/docs/README.md index c15adf1..ea15386 100644 --- a/docs/README.md +++ b/docs/README.md @@ -21,4 +21,4 @@ wetty.start(/* server settings, see Options */).then(() => { ## API -For WeTTy options and event details please refer to the [api docs](./api.md) +For WeTTy options and event details please refer to the [api docs](./API.md) diff --git a/index.js b/index.js index 73489a1..3caa5f9 100755 --- a/index.js +++ b/index.js @@ -41,6 +41,12 @@ if (require.main === module) { type: 'string', default: process.env.SSHUSER || '', }, + title: { + demand: false, + description: 'window title', + type: 'string', + default: process.env.TITLE || 'WeTTy - The Web Terminal Emulator', + }, sshauth: { demand: false, description: @@ -88,6 +94,12 @@ if (require.main === module) { type: 'string', default: process.env.COMMAND || 'login', }, + bypasshelmet: { + demand: false, + description: 'disable helmet from placing security restrictions', + type: 'boolean', + default: false, + }, help: { demand: false, alias: 'h', diff --git a/package.json b/package.json index 4ec2b22..bf7ce9d 100644 --- a/package.json +++ b/package.json @@ -94,7 +94,7 @@ "eslint-plugin-typescript": "^1.0.0-rc.1", "file-loader": "^3.0.1", "husky": "^1.3.1", - "lint-staged": "^6.1.1", + "lint-staged": "~8.2.0", "mini-css-extract-plugin": "^0.5.0", "node-sass": "^4.11.0", "nodemon": "^1.14.10", diff --git a/src/client/index.ts b/src/client/index.ts index ed454ef..81f8cf4 100644 --- a/src/client/index.ts +++ b/src/client/index.ts @@ -15,8 +15,46 @@ const socket = io(window.location.origin, { socket.on('connect', () => { const term = new Terminal(); term.open(document.getElementById('terminal')); - term.setOption('fontSize', 14); + const defaultOptions = { fontSize: 14 }; + let options: any; + try { + if (localStorage.options === undefined) { + options = defaultOptions; + } else { + options = JSON.parse(localStorage.options); + } + } catch { + options = defaultOptions; + } + Object.keys(options).forEach(key => { + const value = options[key]; + term.setOption(key, value); + }); + const code = JSON.stringify(options, null, 2); + const editor = document.querySelector('#options .editor'); + editor.value = code; + editor.addEventListener('keyup', e => { + try { + const updated = JSON.parse(editor.value); + const updatedCode = JSON.stringify(updated, null, 2); + editor.value = updatedCode; + editor.classList.remove('error'); + localStorage.options = updatedCode; + Object.keys(updated).forEach(key => { + const value = updated[key]; + term.setOption(key, value); + }); + resize(); + } catch { + // skip + editor.classList.add('error'); + } + }); document.getElementById('overlay').style.display = 'none'; + document.querySelector('#options .toggler').addEventListener('click', e => { + document.getElementById('options').classList.toggle('opened'); + e.preventDefault(); + }); window.addEventListener('beforeunload', handler, false); /* term.scrollPort_.screen_.setAttribute('contenteditable', 'false'); diff --git a/src/client/wetty.scss b/src/client/wetty.scss index 2a5c131..c8ae18c 100644 --- a/src/client/wetty.scss +++ b/src/client/wetty.scss @@ -3,6 +3,7 @@ $black: #000; $grey: rgba(0, 0, 0, 0.75); $white: #fff; +$lgrey: #ccc; html, body { @@ -44,4 +45,53 @@ body { position: relative; width: 100%; } + + #options { + position: absolute; + top: 1em; + right: 1em; + z-index: 20; + height: 16px; + width: 16px; + + a.toggler { + display: inline-block; + position: absolute; + right: 1em; + top: 0em; + font-size: 16px; + color: $lgrey; + z-index: 20; + + :hover { + color: $white; + } + } + + .editor { + background-color: rgba(0, 0, 0, 0.85); + padding: 0.5em; + border-radius: 0.3em; + border-color: rgba(255, 255, 255, 0.25); + display: none; + position: relative; + height: 100%; + width: 100%; + top: 1em; + right: 2em; + color: #eee; + font-size: 24px; + } + .editor.error { + color: red; + } + } + + #options.opened { + height: 50%; + width: 50%; + .editor { + display: flex; + } + } } diff --git a/src/server/index.ts b/src/server/index.ts index 4dfbe69..408fe4c 100644 --- a/src/server/index.ts +++ b/src/server/index.ts @@ -15,7 +15,9 @@ export interface Options { base: string; host: string; port: number; + title: string; command?: string; + bypasshelmet?: boolean; } interface CLI extends Options { @@ -33,9 +35,11 @@ export default class Server { base, host, port, + title, command, sslkey, sslcert, + bypasshelmet, }: Options): Promise { wetty .on('exit', ({ code, msg }: { code: number; msg: string }) => { @@ -54,10 +58,11 @@ export default class Server { host: sshhost, auth: sshauth, port: sshport, + title, pass: sshpass, key: sshkey, }, - { base, host, port }, + { base, host, port, title, bypasshelmet }, command, { key: sslkey, cert: sslcert } ); diff --git a/src/server/interfaces.ts b/src/server/interfaces.ts index 4674ecf..05b391c 100644 --- a/src/server/interfaces.ts +++ b/src/server/interfaces.ts @@ -21,4 +21,5 @@ export interface Server { port: number; host: string; base: string; + bypasshelmet: boolean; } diff --git a/src/server/server.ts b/src/server/server.ts index 8f64434..3e55d84 100644 --- a/src/server/server.ts +++ b/src/server/server.ts @@ -17,27 +17,29 @@ const distDir = path.join(__dirname, 'client'); const trim = (str: string): string => str.replace(/\/*$/, ''); export default function createServer( - { base, port, host }: Server, + { base, port, host, title, bypasshelmet }: Server, { key, cert }: SSLBuffer ): SocketIO.Server { const basePath = trim(base); events.emit( 'debug', - `key: ${key}, cert: ${cert}, port: ${port}, base: ${base}` + `key: ${key}, cert: ${cert}, port: ${port}, base: ${base}, title: ${title}` ); const html = ( req: express.Request, res: express.Response - ): express.Response => + ): express.Response => { + const resourcePath = /^\/ssh\//.test(req.url) ? '../' : ''; res.send(` - WeTTy - The Web Terminal Emulator - + ${title} + +
@@ -46,29 +48,29 @@ export default function createServer(
+
+ + +
- + `); + } const app = express(); app .use(morgan('combined', { stream: logger.stream })) - .use(helmet({ frameguard: false })) + .use(helmet({ frameguard: !bypasshelmet })) .use(compression()) .use(favicon(path.join(distDir, 'favicon.ico'))) .use(`${basePath}/public`, express.static(distDir)) .use((req, res, next) => { - if ( - req.url.substr(-1) === '/' && - req.url.length > 1 && - !/\?[^]*\//.test(req.url) - ) - res.redirect(301, req.url.slice(0, -1)); + if (req.url === basePath) res.redirect(301, req.url + '/'); else next(); - }) - .get(basePath, html) - .get(`${basePath}/ssh/:user`, html); + }).get(basePath, html).get(`${basePath}/ssh/:user`, html); return socket( !isUndefined(key) && !isUndefined(cert) diff --git a/src/server/term.ts b/src/server/term.ts index 8b8fd22..af5ba89 100644 --- a/src/server/term.ts +++ b/src/server/term.ts @@ -42,6 +42,17 @@ export default class Term { } public static login(socket: SocketIO.Socket): Promise { + + // Check request-header for username + let remoteUser = socket.request.headers['remote-user']; + if (remoteUser) { + return new Promise((resolve,reject) => { + resolve(remoteUser); + }); + } + + // Request carries no username information + // Create terminal and ask user for username const term = spawn( '/usr/bin/env', ['node', `${__dirname}/buffer.js`],