mirror of
https://github.com/gravitational/teleport
synced 2024-10-20 17:23:22 +00:00
The web UI is not using the CLI client
TODO: - Configure the CLI client to NOT use a keystore - Configure the CLI client to NOT use ssh-agent - Fix tests - Comments
This commit is contained in:
parent
2e59ee51cc
commit
2150cb31de
|
@ -726,6 +726,8 @@ func (process *TeleportProcess) initProxyEndpoint(conn *Connector) error {
|
|||
DomainName: cfg.Hostname,
|
||||
ProxyClient: conn.Client,
|
||||
DisableUI: cfg.Proxy.DisableWebUI,
|
||||
ProxySSHAddr: cfg.Proxy.SSHAddr,
|
||||
ProxyWebAddr: cfg.Proxy.WebAddr,
|
||||
})
|
||||
if err != nil {
|
||||
utils.Consolef(cfg.Console, "[PROXY] starting the web server: %v", err)
|
||||
|
|
|
@ -26,6 +26,7 @@ import (
|
|||
"html/template"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"strconv"
|
||||
|
@ -35,6 +36,7 @@ import (
|
|||
|
||||
"github.com/gravitational/teleport/lib/auth"
|
||||
"github.com/gravitational/teleport/lib/client"
|
||||
"github.com/gravitational/teleport/lib/defaults"
|
||||
"github.com/gravitational/teleport/lib/events"
|
||||
"github.com/gravitational/teleport/lib/httplib"
|
||||
"github.com/gravitational/teleport/lib/reversetunnel"
|
||||
|
@ -90,6 +92,9 @@ type Config struct {
|
|||
ProxyClient auth.ClientI
|
||||
// DisableUI allows to turn off serving web based UI
|
||||
DisableUI bool
|
||||
// TODO
|
||||
ProxySSHAddr utils.NetAddr
|
||||
ProxyWebAddr utils.NetAddr
|
||||
}
|
||||
|
||||
type RewritingHandler struct {
|
||||
|
@ -950,6 +955,8 @@ func (m *Handler) siteNodeConnect(
|
|||
req.Namespace, req.ServerID, req.Login)
|
||||
|
||||
req.Namespace = p.ByName("namespace")
|
||||
req.ProxyHostPort = m.ProxyHostPort()
|
||||
|
||||
term, err := newTerminal(*req, ctx, site)
|
||||
if err != nil {
|
||||
return nil, trace.Wrap(err)
|
||||
|
@ -1442,6 +1449,20 @@ func (h *Handler) AuthenticateRequest(w http.ResponseWriter, r *http.Request, ch
|
|||
return ctx, nil
|
||||
}
|
||||
|
||||
// ProxyHostPort returns the address of the proxy server using --proxy
|
||||
// notation, i.e. "localhost:8030,8023"
|
||||
func (h *Handler) ProxyHostPort() string {
|
||||
// addr equals to "localhost:8030" at this point
|
||||
addr := h.cfg.ProxyWebAddr.String()
|
||||
// add the SSH port number and return
|
||||
_, sshPort, err := net.SplitHostPort(h.cfg.ProxySSHAddr.String())
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
sshPort = strconv.Itoa(defaults.SSHProxyListenPort)
|
||||
}
|
||||
return fmt.Sprintf("%s,%s", addr, sshPort)
|
||||
}
|
||||
|
||||
func message(msg string) interface{} {
|
||||
return map[string]interface{}{"message": msg}
|
||||
}
|
||||
|
|
|
@ -17,8 +17,13 @@ limitations under the License.
|
|||
package web
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
|
||||
"github.com/gravitational/teleport/lib/client"
|
||||
"github.com/gravitational/teleport/lib/reversetunnel"
|
||||
"github.com/gravitational/teleport/lib/services"
|
||||
"github.com/gravitational/teleport/lib/session"
|
||||
|
@ -44,6 +49,8 @@ type terminalRequest struct {
|
|||
SessionID session.ID `json:"sid"`
|
||||
// Namespace is node namespace
|
||||
Namespace string `json:"namespace"`
|
||||
// Proxy server address
|
||||
ProxyHostPort string `json:"-"`
|
||||
}
|
||||
|
||||
// newTerminal creates a web-based terminal based on WebSockets and returns a new
|
||||
|
@ -177,10 +184,15 @@ func (t *terminalHandler) connectUpstream() (*sshutils.Upstream, error) {
|
|||
// the "loop" piping the input/output of the SSH session into the
|
||||
// js-based terminal.
|
||||
func (t *terminalHandler) Run(w http.ResponseWriter, r *http.Request) {
|
||||
errToTerm := func(err error, w io.Writer) {
|
||||
fmt.Fprintf(w, "%s\n\r", err.Error())
|
||||
log.Error(err)
|
||||
}
|
||||
|
||||
webSocketLoop := func(ws *websocket.Conn) {
|
||||
up, err := t.connectUpstream()
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
errToTerm(err, ws)
|
||||
return
|
||||
}
|
||||
t.up = up
|
||||
|
@ -193,10 +205,52 @@ func (t *terminalHandler) Run(w http.ResponseWriter, r *http.Request) {
|
|||
W: uint32(t.params.Term.W),
|
||||
H: uint32(t.params.Term.H),
|
||||
})
|
||||
|
||||
log.Infof("pipe shell finished with: %v", err)
|
||||
}
|
||||
|
||||
// second version
|
||||
v2 := func(ws *websocket.Conn) {
|
||||
agent, err := t.ctx.GetAgent()
|
||||
if err != nil {
|
||||
errToTerm(err, ws)
|
||||
return
|
||||
}
|
||||
defer agent.Close()
|
||||
signers, err := agent.Signers()
|
||||
if err != nil {
|
||||
errToTerm(err, ws)
|
||||
return
|
||||
}
|
||||
host, _, err := net.SplitHostPort(t.server.GetAddr())
|
||||
if err != nil {
|
||||
errToTerm(err, ws)
|
||||
return
|
||||
}
|
||||
output := utils.NewWebSockWrapper(ws, utils.WebSocketTextMode)
|
||||
tc, err := client.NewClient(&client.Config{
|
||||
AuthMethods: []ssh.AuthMethod{ssh.PublicKeys(signers...)},
|
||||
HostLogin: t.params.Login,
|
||||
Namespace: t.params.Namespace,
|
||||
Stdout: output,
|
||||
Stderr: output,
|
||||
Stdin: ws,
|
||||
ProxyHostPort: t.params.ProxyHostPort,
|
||||
Host: host,
|
||||
})
|
||||
if err != nil {
|
||||
errToTerm(err, ws)
|
||||
return
|
||||
}
|
||||
if err = tc.SSH(context.TODO(), nil, false); err != nil {
|
||||
errToTerm(err, ws)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
if true {
|
||||
webSocketLoop = v2
|
||||
}
|
||||
|
||||
// TODO(klizhentas)
|
||||
// we instantiate a server explicitly here instead of using
|
||||
// websocket.HandlerFunc to set empty origin checker
|
||||
|
|
Loading…
Reference in a new issue