Use credential for auth_token

This commit is contained in:
Iwasaki Yudai 2015-09-01 15:04:14 +09:00
parent 0bd2f3f2c8
commit ff92777011
2 changed files with 6 additions and 7 deletions

View File

@ -93,7 +93,7 @@ See the [`.gotty`](https://github.com/yudai/gotty/blob/master/.gotty) file in th
By default, GoTTY doesn't allow clients to send any keystrokes or commands except terminal window resizing. When you want to permit clients to write input to the TTY, add the `-w` option. However, accepting input from remote clients is dangerous for most commands. When you need interaction with the TTY for some reasons, consider starting GoTTY with tmux or GNU Screen and run your command on it (see "Sharing with Multiple Clients" section for detail). By default, GoTTY doesn't allow clients to send any keystrokes or commands except terminal window resizing. When you want to permit clients to write input to the TTY, add the `-w` option. However, accepting input from remote clients is dangerous for most commands. When you need interaction with the TTY for some reasons, consider starting GoTTY with tmux or GNU Screen and run your command on it (see "Sharing with Multiple Clients" section for detail).
To restrict client access, you can use the `-c` option to enable the basic authentication. With this option, clients need to input the specified username and password to connect to the GoTTY server. The `-r` option is a little bit casualer way to restrict access. With this option, GoTTY generates a random URL so that only people who know the URL can get access to the server. To restrict client access, you can use the `-c` option to enable the basic authentication. With this option, clients need to input the specified username and password to connect to the GoTTY server. The `-r` option is a little bit casualer way to restrict access. With this option, GoTTY generates a random URL so that only people who know the URL can get access to the server. Note that the credentical will be transmitted between the server and clients in plain text.
All traffic between the server and clients are NOT encrypted by default. When you send secret information through GoTTY, we strongly recommend you use the `-t` option which enables TLS/SSL on the session. By default, GoTTY loads the crt and key files placed at `~/.gotty.crt` and `~/.gotty.key`. You can overwrite these file paths with the `--tls-crt` and `--tls-key` options. When you need to generate a self-signed certification file, you can use the `openssl` command. All traffic between the server and clients are NOT encrypted by default. When you send secret information through GoTTY, we strongly recommend you use the `-t` option which enables TLS/SSL on the session. By default, GoTTY loads the crt and key files placed at `~/.gotty.crt` and `~/.gotty.key`. You can overwrite these file paths with the `--tls-crt` and `--tls-key` options. When you need to generate a self-signed certification file, you can use the `openssl` command.

View File

@ -31,7 +31,6 @@ type App struct {
upgrader *websocket.Upgrader upgrader *websocket.Upgrader
server *manners.GracefulServer server *manners.GracefulServer
authToken string
titleTemplate *template.Template titleTemplate *template.Template
} }
@ -89,7 +88,6 @@ func New(command []string, options *Options) (*App, error) {
WriteBufferSize: 1024, WriteBufferSize: 1024,
Subprotocols: []string{"gotty"}, Subprotocols: []string{"gotty"},
}, },
authToken: generateRandomString(20),
titleTemplate: titleTemplate, titleTemplate: titleTemplate,
}, nil }, nil
@ -253,8 +251,9 @@ func (app *App) handleWS(w http.ResponseWriter, r *http.Request) {
} }
_, initMessage, err := conn.ReadMessage() _, initMessage, err := conn.ReadMessage()
if err != nil || string(initMessage) != app.authToken { if err != nil || string(initMessage) != app.options.Credential {
log.Print("Failed to authenticate websocket connection") log.Print("Failed to authenticate websocket connection")
conn.Close()
return return
} }
@ -282,7 +281,7 @@ func (app *App) handleCustomIndex(w http.ResponseWriter, r *http.Request) {
} }
func (app *App) handleAuthToken(w http.ResponseWriter, r *http.Request) { func (app *App) handleAuthToken(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("var gotty_auth_token = '" + app.authToken + "';")) w.Write([]byte("var gotty_auth_token = '" + app.options.Credential + "';"))
} }
func (app *App) Exit() (firstCall bool) { func (app *App) Exit() (firstCall bool) {