diff --git a/.gotty b/.gotty index c97448f..7c31b0b 100644 --- a/.gotty +++ b/.gotty @@ -7,6 +7,9 @@ // [bool] Permit clients to write to the TTY // permit_write = false +// [bool] Log user's writes in the TTY +// write_log = false + // [bool] Enable basic authentication // enable_basic_auth = false diff --git a/README.md b/README.md index 39f36d0..552f160 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,7 @@ By default, GoTTY starts a web server at port 8080. Open the URL on your web bro --port value, -p value Port number to liten (default: "8080") [$GOTTY_PORT] --path value, -m value Base path (default: "/") [$GOTTY_PATH] --permit-write, -w Permit clients to write to the TTY (BE CAREFUL) (default: false) [$GOTTY_PERMIT_WRITE] + --write-log Log user's writes in the TTY (default: false) [$GOTTY_WRITE_LOG] --credential value, -c value Credential for Basic Authentication (ex: user:pass, default disabled) [$GOTTY_CREDENTIAL] --random-url, -r Add a random string to the URL (default: false) [$GOTTY_RANDOM_URL] --random-url-length value Random URL length (default: 8) [$GOTTY_RANDOM_URL_LENGTH] @@ -152,6 +153,37 @@ When you want to create a jailed environment for each client, you can use Docker $ gotty -w docker run -it --rm busybox ``` +## Write log + +If you set `--write-log` option, user's writes in the TTY can be Logged. for example: + +if you run gotty like this: + +```shell +./gotty -w --write-log --permit-arguments ./test.sh +``` + +this is `test.sh`: + +```sh +#!/bin/bash + +echo "Welcome: $4" +kubectl -n $1 exec -it $2 -c $3 -- sh +``` + +visit `http://127.0.0.1:8080/?arg=without-istio&arg=sleep-7b6d569576-57sjq&arg=sleep&arg=21001713` and input your commands in shell, and you will see user's writes in the log (operation logs): + +``` +... +2022/12/13 13:36:46 [write-log] map[arg:[without-istio sleep-7b6d569576-8nz7t sleep 21001713]] ls[CR] +2022/12/13 13:37:25 [write-log] map[arg:[without-istio sleep-7b6d569576-8nz7t sleep 21001713]] echo[SPACE]hello[SPACE]world;[CR] +2022/12/13 13:47:00 [write-log] map[arg:[without-istio sleep-7b6d569576-8nz7t sleep 21001713]] [CUU][CR] +... +``` + +Using the `[write-log]` flag, you can collect and store these logs persistently. All args are in the log, including the userID. + ## Development You can build a binary by simply running `make`. go1.16 is required. diff --git a/server/handlers.go b/server/handlers.go index a192693..a1ac262 100644 --- a/server/handlers.go +++ b/server/handlers.go @@ -146,10 +146,14 @@ func (server *Server) processWSConn(ctx context.Context, conn *websocket.Conn, h opts := []webtty.Option{ webtty.WithWindowTitle(titleBuf.Bytes()), + webtty.WithArguments(params), } if server.options.PermitWrite { opts = append(opts, webtty.WithPermitWrite()) } + if server.options.WriteLog { + opts = append(opts, webtty.WithWriteLog()) + } if server.options.EnableReconnect { opts = append(opts, webtty.WithReconnect(server.options.ReconnectTime)) } diff --git a/server/options.go b/server/options.go index fb3631a..15408a1 100644 --- a/server/options.go +++ b/server/options.go @@ -9,6 +9,7 @@ type Options struct { Port string `hcl:"port" flagName:"port" flagSName:"p" flagDescribe:"Port number to liten" default:"8080"` Path string `hcl:"path" flagName:"path" flagSName:"m" flagDescribe:"Base path" default:"/"` PermitWrite bool `hcl:"permit_write" flagName:"permit-write" flagSName:"w" flagDescribe:"Permit clients to write to the TTY (BE CAREFUL)" default:"false"` + WriteLog bool `hcl:"write_log" flagName:"write-log" flagDescribe:"Log user's writes in the TTY" default:"false"` EnableBasicAuth bool `hcl:"enable_basic_auth" default:"false"` Credential string `hcl:"credential" flagName:"credential" flagSName:"c" flagDescribe:"Credential for Basic Authentication (ex: user:pass, default disabled)" default:""` EnableRandomUrl bool `hcl:"enable_random_url" flagName:"random-url" flagSName:"r" flagDescribe:"Add a random string to the URL" default:"false"` diff --git a/utils/log.go b/utils/log.go new file mode 100644 index 0000000..f606693 --- /dev/null +++ b/utils/log.go @@ -0,0 +1,114 @@ +package utils + +import ( + "fmt" + "regexp" +) + +var ControlCodes = map[byte]string{ + 0: "NUL", + 1: "SOH", + 2: "STX", + 3: "ETX", + 4: "EOT", + 5: "ENQ", + 6: "ACK", + 7: "BEL", + 8: "BS", + 9: "HT", + 10: "LF", + 11: "VT", + 12: "FF", + 13: "CR", + 14: "SO", + 15: "SI", + 16: "DLE", + 17: "DCI", + 18: "DC2", + 19: "DC3", + 20: "DC4", + 21: "NAK", + 22: "SYN", + 23: "TB", + 24: "CAN", + 25: "EM", + 26: "SUB", + 27: "ESC", + 28: "FS", + 29: "GS", + 30: "RS", + 31: "US", + 32: "SPACE", + 127: "DEL", +} + +// https://en.wikipedia.org/wiki/ANSI_escape_code +// https://xtermjs.org/docs/api/vtfeatures/ +var ControlSequences = map[string]string{ + // Cursor Up + "ESC[A": "CUU", + // Cursor Down + "ESC[B": "CUD", + // Cursor Forward + "ESC[C": "CUF", + // Cursor Back + "ESC[D": "CUB", +} + +var ControlSequencePatterns = map[string]string{ + // Device Status Report + // Reports the cursor position (CPR) by transmitting `ESC[n;mR`, where n is the row and m is the column. + "^ESC\\[\\d+;\\d+R$": "", +} + +func ControlCodesToStr(codes []byte) (str string) { + for _, code := range codes { + if value, ok := ControlCodes[code]; ok { + str += value + } else { + str += string(code) + } + } + return +} + +func ControlCodesToEscapedStr(codes []byte) (str string) { + for _, code := range codes { + if value, ok := ControlCodes[code]; ok { + str += fmt.Sprintf("[%s]", value) + } else if code == 91 || code == 92 || code == 93 { + // escaping [ ] \ + str += fmt.Sprintf("\\%s", string(code)) + } else { + str += string(code) + } + } + return +} + +func ControlSequenceToStr(codes []byte) (string, bool) { + sequence := ControlCodesToStr(codes) + for key, value := range ControlSequences { + if key == sequence { + return fmt.Sprintf("[%s]", value), true + } + } + + for key, value := range ControlSequencePatterns { + if regexp.MustCompile(key).Match([]byte(sequence)) { + return value, true + } + } + return sequence, false +} + +func FormatWriteLog(codes []byte, line *string) { + n := len(codes) + if n >= 3 { + if str, exists := ControlSequenceToStr(codes); exists { + *line += str + return + } + } + *line += ControlCodesToEscapedStr(codes) +} diff --git a/webtty/option.go b/webtty/option.go index 1618e89..f021866 100644 --- a/webtty/option.go +++ b/webtty/option.go @@ -17,6 +17,14 @@ func WithPermitWrite() Option { } } +// WithWriteLog sets a WebTTY to log user's writes in the TTY. +func WithWriteLog() Option { + return func(wt *WebTTY) error { + wt.writeLog = true + return nil + } +} + // WithFixedColumns sets a fixed width to TTY master. func WithFixedColumns(columns int) Option { return func(wt *WebTTY) error { @@ -41,6 +49,14 @@ func WithWindowTitle(windowTitle []byte) Option { } } +// WithArguments sets the command line arguments that clients send +func WithArguments(arguments map[string][]string) Option { + return func(wt *WebTTY) error { + wt.arguments = arguments + return nil + } +} + // WithReconnect enables reconnection on the master side. func WithReconnect(timeInSeconds int) Option { return func(wt *WebTTY) error { diff --git a/webtty/webtty.go b/webtty/webtty.go index 78116cf..454359c 100644 --- a/webtty/webtty.go +++ b/webtty/webtty.go @@ -4,6 +4,8 @@ import ( "context" "encoding/base64" "encoding/json" + "github.com/sorenisanerd/gotty/utils" + "log" "sync" "github.com/pkg/errors" @@ -19,7 +21,9 @@ type WebTTY struct { slave Slave windowTitle []byte + arguments map[string][]string permitWrite bool + writeLog bool columns int rows int reconnect int // in seconds @@ -93,13 +97,14 @@ func (wt *WebTTY) Run(ctx context.Context) error { go func() { errs <- func() error { buffer := make([]byte, wt.bufferSize) + var line string for { n, err := wt.masterConn.Read(buffer) if err != nil { return ErrMasterClosed } - err = wt.handleMasterReadEvent(buffer[:n]) + err = wt.handleMasterReadEvent(buffer[:n], &line) if err != nil { return err } @@ -168,7 +173,7 @@ func (wt *WebTTY) masterWrite(data []byte) error { return nil } -func (wt *WebTTY) handleMasterReadEvent(data []byte) error { +func (wt *WebTTY) handleMasterReadEvent(data []byte, line *string) error { if len(data) == 0 { return errors.New("unexpected zero length read from master") } @@ -189,6 +194,16 @@ func (wt *WebTTY) handleMasterReadEvent(data []byte) error { return errors.Wrapf(err, "failed to decode received data") } + if wt.writeLog { + utils.FormatWriteLog(decodedBuffer[:n], line) + // 13(ASCII) means carriage return(CR) + // it is the end of a line + if decodedBuffer[n-1] == 13 { + log.Printf("[write-log] %v %s\n", wt.arguments, *line) + *line = "" + } + } + _, err = wt.slave.Write(decodedBuffer[:n]) if err != nil { return errors.Wrapf(err, "failed to write received data to slave")