Require access to Still via method
This commit adds a safeguard to accessing the still from a specific component by requiring access via the component.GetStill method.
This commit is contained in:
Tom Wiesing
parent
81fa84c244
commit
8235ea9105
63 changed files with 288 additions and 197 deletions
|
|
@ -26,7 +26,7 @@ func (ssh2 *SSH2) HandleRoute(ctx context.Context, path string) (http.Handler, e
|
|||
}
|
||||
|
||||
// find the host
|
||||
slug, ok := ssh2.Config.HTTP.SlugFromHost(r.Host)
|
||||
slug, ok := component.GetStill(ssh2).Config.HTTP.SlugFromHost(r.Host)
|
||||
if slug == "" || !ok {
|
||||
httpx.TextInterceptor.Intercept(w, r, httpx.ErrNotFound)
|
||||
return
|
||||
|
|
|
|||
|
|
@ -58,10 +58,11 @@ func (i Intercept) Intercept(req component.HostPort) (intercepted bool, ok bool,
|
|||
}
|
||||
|
||||
func (ssh2 *SSH2) Intercepts() []Intercept {
|
||||
upstream := component.GetStill(ssh2).Upstream
|
||||
return ssh2.interceptsC.Get(func() []Intercept {
|
||||
return []Intercept{
|
||||
{Description: "Triplestore", Match: component.HostPort{Host: "triplestore", Port: 7200}, Dest: ssh2.Upstream.Triplestore},
|
||||
{Description: "SQL", Match: component.HostPort{Host: "sql", Port: 3306}, Dest: ssh2.Upstream.SQL},
|
||||
{Description: "Triplestore", Match: component.HostPort{Host: "triplestore", Port: 7200}, Dest: upstream.Triplestore},
|
||||
{Description: "SQL", Match: component.HostPort{Host: "sql", Port: 3306}, Dest: upstream.SQL},
|
||||
{Description: "PHPMyAdmin", Match: component.HostPort{Host: "phpmyadmin", Port: 80}, Dest: component.HostPort{Host: "phpmyadmin", Port: 80}},
|
||||
}
|
||||
})
|
||||
|
|
@ -77,13 +78,15 @@ func (ssh2 *SSH2) getForwardDest(req component.HostPort, ctx ssh.Context) (ok bo
|
|||
return ok, dest, rejectReason
|
||||
}
|
||||
|
||||
config := component.GetStill(ssh2).Config
|
||||
|
||||
// then check the instances
|
||||
slug, ok := ssh2.Config.HTTP.SlugFromHost(req.Host)
|
||||
slug, ok := config.HTTP.SlugFromHost(req.Host)
|
||||
if !ok || req.Port != 22 || !hasPermission(ctx, slug) {
|
||||
return false, dest, "permission denied"
|
||||
}
|
||||
|
||||
return true, component.HostPort{Host: slug + "." + ssh2.Config.HTTP.PrimaryDomain + ".wisski", Port: 22}, ""
|
||||
return true, component.HostPort{Host: slug + "." + config.HTTP.PrimaryDomain + ".wisski", Port: 22}, ""
|
||||
}
|
||||
|
||||
// handleDirectTCP handles a direct tcp connection for the server
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ import (
|
|||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/FAU-CDI/wisski-distillery/internal/dis/component"
|
||||
"github.com/gliderlabs/ssh"
|
||||
)
|
||||
|
||||
|
|
@ -38,17 +39,18 @@ Press CTRL-C to close this connection.
|
|||
`
|
||||
|
||||
func (ssh2 *SSH2) handleConnection(session ssh.Session) {
|
||||
config := component.GetStill(ssh2).Config
|
||||
slug, _ := getAnyPermission(session.Context())
|
||||
|
||||
banner := welcomeMessage
|
||||
for _, oldnew := range [][2]string{
|
||||
{"${SLUG}", slug},
|
||||
{"${HOSTNAME}", slug + "." + ssh2.Config.HTTP.PrimaryDomain},
|
||||
{"${HOSTNAME}", slug + "." + config.HTTP.PrimaryDomain},
|
||||
|
||||
{"${DOMAIN}", ssh2.Config.HTTP.PanelDomain()},
|
||||
{"${PORT}", strconv.FormatUint(uint64(ssh2.Config.Listen.SSHPort), 10)},
|
||||
{"${DOMAIN}", config.HTTP.PanelDomain()},
|
||||
{"${PORT}", strconv.FormatUint(uint64(config.Listen.SSHPort), 10)},
|
||||
|
||||
{"${HELP_URL}", ssh2.Config.HTTP.JoinPath("user", "ssh").String()},
|
||||
{"${HELP_URL}", config.HTTP.JoinPath("user", "ssh").String()},
|
||||
} {
|
||||
banner = strings.ReplaceAll(banner, oldnew[0], oldnew[1])
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,25 +9,26 @@ import (
|
|||
)
|
||||
|
||||
func (ssh *SSH2) Path() string {
|
||||
return filepath.Join(ssh.Still.Config.Paths.Root, "core", "ssh2")
|
||||
return filepath.Join(component.GetStill(ssh).Config.Paths.Root, "core", "ssh2")
|
||||
}
|
||||
|
||||
//go:embed all:ssh2
|
||||
var resources embed.FS
|
||||
|
||||
func (ssh *SSH2) Stack() component.StackWithResources {
|
||||
config := component.GetStill(ssh).Config
|
||||
return component.MakeStack(ssh, component.StackWithResources{
|
||||
Resources: resources,
|
||||
ContextPath: "ssh2",
|
||||
|
||||
EnvContext: map[string]string{
|
||||
"DOCKER_NETWORK_NAME": ssh.Config.Docker.Network(),
|
||||
"DOCKER_NETWORK_NAME": config.Docker.Network(),
|
||||
|
||||
"CONFIG_PATH": ssh.Config.ConfigPath,
|
||||
"DEPLOY_ROOT": ssh.Config.Paths.Root,
|
||||
"CONFIG_PATH": config.ConfigPath,
|
||||
"DEPLOY_ROOT": config.Paths.Root,
|
||||
|
||||
"SELF_OVERRIDES_FILE": ssh.Config.Paths.OverridesJSON,
|
||||
"SELF_RESOLVER_BLOCK_FILE": ssh.Config.Paths.ResolverBlocks,
|
||||
"SELF_OVERRIDES_FILE": config.Paths.OverridesJSON,
|
||||
"SELF_RESOLVER_BLOCK_FILE": config.Paths.ResolverBlocks,
|
||||
},
|
||||
|
||||
CopyContextFiles: []string{bootstrap.Executable},
|
||||
|
|
@ -36,6 +37,6 @@ func (ssh *SSH2) Stack() component.StackWithResources {
|
|||
|
||||
func (ssh *SSH2) Context(parent component.InstallationContext) component.InstallationContext {
|
||||
return component.InstallationContext{
|
||||
bootstrap.Executable: ssh.Config.Paths.CurrentExecutable(), // TODO: Does this make sense?
|
||||
bootstrap.Executable: component.GetStill(ssh).Config.Paths.CurrentExecutable(), // TODO: Does this make sense?
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue