mirror of
https://github.com/sorenisanerd/gotty.git
synced 2024-11-22 12:24:25 +00:00
Use credential for auth_token
This commit is contained in:
parent
0bd2f3f2c8
commit
ff92777011
@ -93,7 +93,7 @@ See the [`.gotty`](https://github.com/yudai/gotty/blob/master/.gotty) file in th
|
|||||||
|
|
||||||
By default, GoTTY doesn't allow clients to send any keystrokes or commands except terminal window resizing. When you want to permit clients to write input to the TTY, add the `-w` option. However, accepting input from remote clients is dangerous for most commands. When you need interaction with the TTY for some reasons, consider starting GoTTY with tmux or GNU Screen and run your command on it (see "Sharing with Multiple Clients" section for detail).
|
By default, GoTTY doesn't allow clients to send any keystrokes or commands except terminal window resizing. When you want to permit clients to write input to the TTY, add the `-w` option. However, accepting input from remote clients is dangerous for most commands. When you need interaction with the TTY for some reasons, consider starting GoTTY with tmux or GNU Screen and run your command on it (see "Sharing with Multiple Clients" section for detail).
|
||||||
|
|
||||||
To restrict client access, you can use the `-c` option to enable the basic authentication. With this option, clients need to input the specified username and password to connect to the GoTTY server. The `-r` option is a little bit casualer way to restrict access. With this option, GoTTY generates a random URL so that only people who know the URL can get access to the server.
|
To restrict client access, you can use the `-c` option to enable the basic authentication. With this option, clients need to input the specified username and password to connect to the GoTTY server. The `-r` option is a little bit casualer way to restrict access. With this option, GoTTY generates a random URL so that only people who know the URL can get access to the server. Note that the credentical will be transmitted between the server and clients in plain text.
|
||||||
|
|
||||||
All traffic between the server and clients are NOT encrypted by default. When you send secret information through GoTTY, we strongly recommend you use the `-t` option which enables TLS/SSL on the session. By default, GoTTY loads the crt and key files placed at `~/.gotty.crt` and `~/.gotty.key`. You can overwrite these file paths with the `--tls-crt` and `--tls-key` options. When you need to generate a self-signed certification file, you can use the `openssl` command.
|
All traffic between the server and clients are NOT encrypted by default. When you send secret information through GoTTY, we strongly recommend you use the `-t` option which enables TLS/SSL on the session. By default, GoTTY loads the crt and key files placed at `~/.gotty.crt` and `~/.gotty.key`. You can overwrite these file paths with the `--tls-crt` and `--tls-key` options. When you need to generate a self-signed certification file, you can use the `openssl` command.
|
||||||
|
|
||||||
|
11
app/app.go
11
app/app.go
@ -29,9 +29,8 @@ type App struct {
|
|||||||
command []string
|
command []string
|
||||||
options *Options
|
options *Options
|
||||||
|
|
||||||
upgrader *websocket.Upgrader
|
upgrader *websocket.Upgrader
|
||||||
server *manners.GracefulServer
|
server *manners.GracefulServer
|
||||||
authToken string
|
|
||||||
|
|
||||||
titleTemplate *template.Template
|
titleTemplate *template.Template
|
||||||
}
|
}
|
||||||
@ -89,7 +88,6 @@ func New(command []string, options *Options) (*App, error) {
|
|||||||
WriteBufferSize: 1024,
|
WriteBufferSize: 1024,
|
||||||
Subprotocols: []string{"gotty"},
|
Subprotocols: []string{"gotty"},
|
||||||
},
|
},
|
||||||
authToken: generateRandomString(20),
|
|
||||||
|
|
||||||
titleTemplate: titleTemplate,
|
titleTemplate: titleTemplate,
|
||||||
}, nil
|
}, nil
|
||||||
@ -253,8 +251,9 @@ func (app *App) handleWS(w http.ResponseWriter, r *http.Request) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
_, initMessage, err := conn.ReadMessage()
|
_, initMessage, err := conn.ReadMessage()
|
||||||
if err != nil || string(initMessage) != app.authToken {
|
if err != nil || string(initMessage) != app.options.Credential {
|
||||||
log.Print("Failed to authenticate websocket connection")
|
log.Print("Failed to authenticate websocket connection")
|
||||||
|
conn.Close()
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -282,7 +281,7 @@ func (app *App) handleCustomIndex(w http.ResponseWriter, r *http.Request) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (app *App) handleAuthToken(w http.ResponseWriter, r *http.Request) {
|
func (app *App) handleAuthToken(w http.ResponseWriter, r *http.Request) {
|
||||||
w.Write([]byte("var gotty_auth_token = '" + app.authToken + "';"))
|
w.Write([]byte("var gotty_auth_token = '" + app.options.Credential + "';"))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (app *App) Exit() (firstCall bool) {
|
func (app *App) Exit() (firstCall bool) {
|
||||||
|
Loading…
Reference in New Issue
Block a user