rnsrk/wisski-cloud-distillery
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wisski-cloud-distillery/internal/dis/component/auth/panel/ssh.go
Tom Wiesing bcd1805001
Add SSH Key Management
2023-01-15 19:41:00 +01:00

193 lines
5.6 KiB
Go
Raw Blame History

package panel
import (
"context"
"errors"
"net/http"
"github.com/FAU-CDI/wisski-distillery/internal/dis/component"
"github.com/FAU-CDI/wisski-distillery/internal/dis/component/auth"
"github.com/FAU-CDI/wisski-distillery/internal/dis/component/control/static"
"github.com/FAU-CDI/wisski-distillery/internal/dis/component/control/static/custom"
"github.com/FAU-CDI/wisski-distillery/internal/models"
"github.com/FAU-CDI/wisski-distillery/pkg/httpx"
"github.com/FAU-CDI/wisski-distillery/pkg/httpx/field"
"github.com/gliderlabs/ssh"
"github.com/rs/zerolog"
gossh "golang.org/x/crypto/ssh"
_ "embed"
)
//go:embed "templates/ssh.html"
var sshTemplateStr string
var sshTemplate = static.AssetsUser.MustParseShared("ssh.html", sshTemplateStr)
type SSHTemplateContext struct {
custom.BaseContext
Keys []models.Keys
Domain string // domain name of the distillery
Port uint16 // public port of the distillery ssh servers
Slug string // slug of the wisski
Hostname string // hostname of an example wisski
}
func (panel *UserPanel) sshRoute(ctx context.Context) http.Handler {
sshTemplate := panel.Dependencies.Custom.Template(sshTemplate)
gaps := custom.BaseContextGaps{
Crumbs: []component.MenuItem{
{Title: "User", Path: "/user/"},
{Title: "SSH Keys", Path: "/user/ssh/"},
},
Actions: []component.MenuItem{
{Title: "Add New Key", Path: "/user/ssh/add/"},
},
}
return httpx.HTMLHandler[SSHTemplateContext]{
Handler: func(r *http.Request) (sc SSHTemplateContext, err error) {
panel.Dependencies.Custom.Update(&sc, r, gaps)
user, err := panel.Dependencies.Auth.UserOf(r)
if err != nil {
return sc, err
}
sc.Domain = panel.Config.DefaultDomain
sc.Port = panel.Config.PublicSSHPort
// pick the first domain that the user has access to as an example
grants, err := panel.Dependencies.Policy.User(r.Context(), user.User.User)
if err != nil && len(grants) > 0 {
sc.Slug = grants[0].Slug
} else {
sc.Slug = "example"
}
sc.Hostname = panel.Config.HostFromSlug(sc.Slug)
sc.Keys, err = panel.Dependencies.Keys.Keys(r.Context(), user.User.User)
if err != nil {
return sc, err
}
return sc, nil
},
Template: sshTemplate,
}
}
//go:embed "templates/ssh_add.html"
var sshAddTemplateStr string
var sshAddTemplate = static.AssetsUser.MustParseShared("ssh_add.html", sshAddTemplateStr)
type addKeyResult struct {
User *auth.AuthUser
Comment string
Key ssh.PublicKey
}
var (
errInvalidUser = errors.New("invalid user")
errKeyParse = errors.New("unable to parse ssh key")
errAddKey = errors.New("unable to add key")
)
func (panel *UserPanel) sshDeleteRoute(ctx context.Context) http.Handler {
logger := zerolog.Ctx(ctx)
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if err := r.ParseForm(); err != nil {
logger.Err(err).Str("action", "delete ssh key").Msg("failed to parse form")
httpx.HTMLInterceptor.Fallback.ServeHTTP(w, r)
return
}
user, err := panel.Dependencies.Auth.UserOf(r)
if err != nil {
logger.Err(err).Str("action", "delete ssh key").Msg("failed to get current user")
httpx.HTMLInterceptor.Fallback.ServeHTTP(w, r)
return
}
key, _ := parseKey(r.PostFormValue("signature"))
if key == nil {
logger.Err(err).Str("action", "delete ssh key").Msg("failed to parse signature")
httpx.HTMLInterceptor.Fallback.ServeHTTP(w, r)
return
}
if err := panel.Dependencies.Keys.Remove(r.Context(), user.User.User, key); err != nil {
logger.Err(err).Str("action", "delete ssh key").Msg("failed to delete key")
httpx.HTMLInterceptor.Fallback.ServeHTTP(w, r)
return
}
http.Redirect(w, r, "/user/ssh/", http.StatusSeeOther)
})
}
func (panel *UserPanel) sshAddRoute(ctx context.Context) http.Handler {
sshAddTemplate := panel.Dependencies.Custom.Template(sshAddTemplate)
gaps := custom.BaseContextGaps{
Crumbs: []component.MenuItem{
{Title: "User", Path: "/user/"},
{Title: "SSH Keys", Path: "/user/ssh/"},
{Title: "Add New Key", Path: "/user/ssh/add/"},
},
}
return &httpx.Form[addKeyResult]{
Fields: []field.Field{
{Name: "comment", Type: field.Text, Label: "Comment"},
{Name: "key", Type: field.Textarea, Label: "Key in authorized_keys format"}, // has hacked css!
},
FieldTemplate: field.PureCSSFieldTemplate,
RenderTemplate: sshAddTemplate,
RenderTemplateContext: func(ctx httpx.FormContext, r *http.Request) any {
return panel.Dependencies.Custom.NewForm(ctx, r, gaps)
},
Validate: func(r *http.Request, values map[string]string) (ak addKeyResult, err error) {
ak.User, err = panel.Dependencies.Auth.UserOf(r)
if err != nil || ak.User == nil {
return ak, errInvalidUser
}
// parse key and comment
var key, comment string
ak.Comment, key = values["comment"], values["key"]
ak.Key, comment = parseKey(key)
if ak.Key == nil {
return ak, errKeyParse
}
// set the comment if the user didn't provide one!
if ak.Comment == "" && comment != "" {
ak.Comment = comment
}
return ak, nil
},
RenderSuccess: func(ak addKeyResult, values map[string]string, w http.ResponseWriter, r *http.Request) error {
// add the key to the user
if err := panel.Dependencies.Keys.Add(r.Context(), ak.User.User.User, ak.Comment, ak.Key); err != nil {
return errAddKey
}
// everything went fine, redirect the user back to the user page!
http.Redirect(w, r, "/user/ssh/", http.StatusSeeOther)
return nil
},
}
}
func parseKey(authorized_keys string) (out gossh.PublicKey, comment string) {
var err error
out, comment, _, _, err = gossh.ParseAuthorizedKey([]byte(authorized_keys))
if err != nil || out == nil {
return nil, ""
}
return out, comment
}
Reference in a new issue View git blame Copy permalink