Merge 9813acaff3 into c69d11d17d

This allows folks to implement token-based authentication for websocket access.

Closes #82

.gotty

@@ -7,6 +7,9 @@
 // [bool] Permit clients to write to the TTY
 // permit_write = false
 
+// [bool] Log user's writes in the TTY
+// write_log = false
+
 // [bool] Enable basic authentication
 // enable_basic_auth = false
 

README.md

@@ -57,6 +57,7 @@ By default, GoTTY starts a web server at port 8080. Open the URL on your web bro
    --port value, -p value        Port number to liten (default: "8080") [$GOTTY_PORT]
    --path value, -m value        Base path (default: "/") [$GOTTY_PATH]
    --permit-write, -w            Permit clients to write to the TTY (BE CAREFUL) (default: false) [$GOTTY_PERMIT_WRITE]
+   --write-log                   Log user's writes in the TTY (default: false) [$GOTTY_WRITE_LOG]
    --credential value, -c value  Credential for Basic Authentication (ex: user:pass, default disabled) [$GOTTY_CREDENTIAL]
    --random-url, -r              Add a random string to the URL (default: false) [$GOTTY_RANDOM_URL]
    --random-url-length value     Random URL length (default: 8) [$GOTTY_RANDOM_URL_LENGTH]
@@ -75,6 +76,7 @@ By default, GoTTY starts a web server at port 8080. Open the URL on your web bro
    --width value                 Static width of the screen, 0(default) means dynamically resize (default: 0) [$GOTTY_WIDTH]
    --height value                Static height of the screen, 0(default) means dynamically resize (default: 0) [$GOTTY_HEIGHT]
    --ws-origin value             A regular expression that matches origin URLs to be accepted by WebSocket. No cross origin requests are acceptable by default [$GOTTY_WS_ORIGIN]
+   --ws-query-args value         Querystring arguments to append to the websocket instantiation [$GOTTY_WS_QUERY_ARGS]
    --enable-webgl                Enable WebGL renderer (default: true) [$GOTTY_ENABLE_WEBGL]
    --close-signal value          Signal sent to the command process when gotty close it (default: SIGHUP) (default: 1) [$GOTTY_CLOSE_SIGNAL]
    --close-timeout value         Time in seconds to force kill process after client is disconnected (default: -1) (default: -1) [$GOTTY_CLOSE_TIMEOUT]
@@ -151,6 +153,37 @@ When you want to create a jailed environment for each client, you can use Docker
 $ gotty -w docker run -it --rm busybox
 ```
 
+## Write log
+
+If you set `--write-log` option, user's writes in the TTY can be Logged. for example:
+
+if you run gotty like this:
+
+```shell
+./gotty -w --write-log --permit-arguments ./test.sh
+```
+
+this is `test.sh`:
+
+```sh
+#!/bin/bash
+
+echo "Welcome: $4"
+kubectl -n $1 exec -it $2 -c $3 -- sh
+```
+
+visit `http://127.0.0.1:8080/?arg=without-istio&arg=sleep-7b6d569576-57sjq&arg=sleep&arg=21001713` and input your commands in shell, and you will see user's writes in the log (operation logs):
+
+```
+...
+2022/12/13 13:36:46 [write-log] map[arg:[without-istio sleep-7b6d569576-8nz7t sleep 21001713]] ls[CR]
+2022/12/13 13:37:25 [write-log] map[arg:[without-istio sleep-7b6d569576-8nz7t sleep 21001713]] echo[SPACE]hello[SPACE]world;[CR]
+2022/12/13 13:47:00 [write-log] map[arg:[without-istio sleep-7b6d569576-8nz7t sleep 21001713]] [CUU][CR]
+...
+```
+
+Using the `[write-log]` flag, you can collect and store these logs persistently. All args are in the log, including the userID. 
+
 ## Development
 
 You can build a binary by simply running `make`. go1.16 is required.

bindata/static/css/xterm.css

@@ -149,6 +149,7 @@
     right: 0;
     z-index: 10;
     color: transparent;
+    pointer-events: none;
 }
 
 .xterm .live-region {
@@ -160,13 +161,27 @@
 }
 
 .xterm-dim {
-    opacity: 0.5;
+    /* Dim should not apply to background, so the opacity of the foreground color is applied
+     * explicitly in the generated class and reset to 1 here */
+    opacity: 1 !important;
 }
 
-.xterm-underline {
-    text-decoration: underline;
+.xterm-underline-1 { text-decoration: underline; }
+.xterm-underline-2 { text-decoration: double underline; }
+.xterm-underline-3 { text-decoration: wavy underline; }
+.xterm-underline-4 { text-decoration: dotted underline; }
+.xterm-underline-5 { text-decoration: dashed underline; }
+
+.xterm-overline {
+    text-decoration: overline;
 }
 
+.xterm-overline.xterm-underline-1 { text-decoration: overline underline; }
+.xterm-overline.xterm-underline-2 { text-decoration: overline double underline; }
+.xterm-overline.xterm-underline-3 { text-decoration: overline wavy underline; }
+.xterm-overline.xterm-underline-4 { text-decoration: overline dotted underline; }
+.xterm-overline.xterm-underline-5 { text-decoration: overline dashed underline; }
+
 .xterm-strikethrough {
     text-decoration: line-through;
 }
@@ -176,8 +191,12 @@
 	position: absolute;
 }
 
-.xterm-decoration-overview-ruler {
+.xterm-screen .xterm-decoration-container .xterm-decoration.xterm-decoration-top-layer {
 	z-index: 7;
+}
+
+.xterm-decoration-overview-ruler {
+    z-index: 8;
     position: absolute;
     top: 0;
     right: 0;

js/package-lock.json

@@ -15,10 +15,10 @@
                 "preact": "^10.19.4",
                 "react-bootstrap": "^2.10.1",
                 "style-loader": "^2.0.0",
-                "xterm": "^4.19.0",
-                "xterm-addon-fit": "^0.5.0",
-                "xterm-addon-web-links": "^0.4.0",
-                "xterm-addon-webgl": "^0.10.0",
+                "xterm": "^5.3.0",
+                "xterm-addon-fit": "^0.8.0",
+                "xterm-addon-web-links": "^0.9.0",
+                "xterm-addon-webgl": "^0.16.0",
                 "zmodem.js": "^0.1.10"
             },
             "devDependencies": {
@@ -1662,9 +1662,9 @@
             }
         },
         "node_modules/follow-redirects": {
-            "version": "1.15.5",
-            "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.5.tgz",
-            "integrity": "sha512-vSFWUON1B+yAw1VN4xMfxgn5fTUiaOzAJCKBwIIgT/+7CuGy9+r+5gITvP62j3RmaD5Ph65UaERdOSRGUzZtgw==",
+            "version": "1.15.6",
+            "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz",
+            "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==",
             "dev": true,
             "funding": [
                 {
@@ -4239,9 +4239,9 @@
             }
         },
         "node_modules/webpack-dev-middleware": {
-            "version": "5.3.3",
-            "resolved": "https://registry.npmjs.org/webpack-dev-middleware/-/webpack-dev-middleware-5.3.3.tgz",
-            "integrity": "sha512-hj5CYrY0bZLB+eTO+x/j67Pkrquiy7kWepMHmUMoPsmcUaeEnQJqFzHJOyxgWlq746/wUuA64p9ta34Kyb01pA==",
+            "version": "5.3.4",
+            "resolved": "https://registry.npmjs.org/webpack-dev-middleware/-/webpack-dev-middleware-5.3.4.tgz",
+            "integrity": "sha512-BVdTqhhs+0IfoeAf7EoH5WE+exCmqGerHfDM0IL096Px60Tq2Mn9MAbnaGUe6HiMa41KMCYF19gyzZmBcq/o4Q==",
             "dev": true,
             "dependencies": {
                 "colorette": "^2.0.10",
@@ -4479,32 +4479,32 @@
             }
         },
         "node_modules/xterm": {
-            "version": "4.19.0",
-            "resolved": "https://registry.npmjs.org/xterm/-/xterm-4.19.0.tgz",
-            "integrity": "sha512-c3Cp4eOVsYY5Q839dR5IejghRPpxciGmLWWaP9g+ppfMeBChMeLa1DCA+pmX/jyDZ+zxFOmlJL/82qVdayVoGQ=="
+            "version": "5.3.0",
+            "resolved": "https://registry.npmjs.org/xterm/-/xterm-5.3.0.tgz",
+            "integrity": "sha512-8QqjlekLUFTrU6x7xck1MsPzPA571K5zNqWm0M0oroYEWVOptZ0+ubQSkQ3uxIEhcIHRujJy6emDWX4A7qyFzg=="
         },
         "node_modules/xterm-addon-fit": {
-            "version": "0.5.0",
-            "resolved": "https://registry.npmjs.org/xterm-addon-fit/-/xterm-addon-fit-0.5.0.tgz",
-            "integrity": "sha512-DsS9fqhXHacEmsPxBJZvfj2la30Iz9xk+UKjhQgnYNkrUIN5CYLbw7WEfz117c7+S86S/tpHPfvNxJsF5/G8wQ==",
+            "version": "0.8.0",
+            "resolved": "https://registry.npmjs.org/xterm-addon-fit/-/xterm-addon-fit-0.8.0.tgz",
+            "integrity": "sha512-yj3Np7XlvxxhYF/EJ7p3KHaMt6OdwQ+HDu573Vx1lRXsVxOcnVJs51RgjZOouIZOczTsskaS+CpXspK81/DLqw==",
             "peerDependencies": {
-                "xterm": "^4.0.0"
+                "xterm": "^5.0.0"
             }
         },
         "node_modules/xterm-addon-web-links": {
-            "version": "0.4.0",
-            "resolved": "https://registry.npmjs.org/xterm-addon-web-links/-/xterm-addon-web-links-0.4.0.tgz",
-            "integrity": "sha512-xv8GeiINmx0zENO9hf5k+5bnkaE8mRzF+OBAr9WeFq2eLaQSudioQSiT34M1ofKbzcdjSsKiZm19Rw3i4eXamg==",
+            "version": "0.9.0",
+            "resolved": "https://registry.npmjs.org/xterm-addon-web-links/-/xterm-addon-web-links-0.9.0.tgz",
+            "integrity": "sha512-LIzi4jBbPlrKMZF3ihoyqayWyTXAwGfu4yprz1aK2p71e9UKXN6RRzVONR0L+Zd+Ik5tPVI9bwp9e8fDTQh49Q==",
             "peerDependencies": {
-                "xterm": "^4.0.0"
+                "xterm": "^5.0.0"
             }
         },
         "node_modules/xterm-addon-webgl": {
-            "version": "0.10.0",
-            "resolved": "https://registry.npmjs.org/xterm-addon-webgl/-/xterm-addon-webgl-0.10.0.tgz",
-            "integrity": "sha512-MJzyWie5yw+PH6p//fXlXzmsULLtpBo992EWEKl2uv5M5Zj9etTwfuutCUK7o98mr6itDl+vS/CYIMP68jCf8w==",
+            "version": "0.16.0",
+            "resolved": "https://registry.npmjs.org/xterm-addon-webgl/-/xterm-addon-webgl-0.16.0.tgz",
+            "integrity": "sha512-E8cq1AiqNOv0M/FghPT+zPAEnvIQRDbAbkb04rRYSxUym69elPWVJ4sv22FCLBqM/3LcrmBLl/pELnBebVFKgA==",
             "peerDependencies": {
-                "xterm": "^4.0.0"
+                "xterm": "^5.0.0"
             }
         },
         "node_modules/yallist": {

js/package.json

@@ -25,10 +25,10 @@
         "preact": "^10.19.4",
         "react-bootstrap": "^2.10.1",
         "style-loader": "^2.0.0",
-        "xterm": "^4.19.0",
-        "xterm-addon-fit": "^0.5.0",
-        "xterm-addon-web-links": "^0.4.0",
-        "xterm-addon-webgl": "^0.10.0",
+        "xterm": "^5.3.0",
+        "xterm-addon-fit": "^0.8.0",
+        "xterm-addon-web-links": "^0.9.0",
+        "xterm-addon-webgl": "^0.16.0",
         "zmodem.js": "^0.1.10"
     }
 }

js/src/main.ts

@@ -1,10 +1,11 @@
-import { OurXterm } from "./xterm";
-import { Terminal, WebTTY, protocols } from "./webtty";
 import { ConnectionFactory } from "./websocket";
+import { Terminal, WebTTY, protocols } from "./webtty";
+import { OurXterm } from "./xterm";
 
 // @TODO remove these
 declare var gotty_auth_token: string;
 declare var gotty_term: string;
+declare var gotty_ws_query_args: string;
 
 const elem = document.getElementById("terminal")
 
@@ -13,7 +14,8 @@ if (elem !== null) {
     term = new OurXterm(elem);
 
     const httpsEnabled = window.location.protocol == "https:";
-    const url = (httpsEnabled ? 'wss://' : 'ws://') + window.location.host + window.location.pathname + 'ws';
+    const queryArgs = (gotty_ws_query_args === "") ? "" : "?" + gotty_ws_query_args;
+    const url = (httpsEnabled ? 'wss://' : 'ws://') + window.location.host + window.location.pathname + 'ws' + queryArgs;
     const args = window.location.search;
     const factory = new ConnectionFactory(url, protocols);
     const wt = new WebTTY(term, factory, args, gotty_auth_token);

js/src/xterm.tsx

@@ -1,4 +1,4 @@
-import { Terminal, IDisposable } from "xterm";
+import { IDisposable, Terminal } from "xterm";
 import { FitAddon } from 'xterm-addon-fit';
 import { WebLinksAddon } from 'xterm-addon-web-links';
 import { WebglAddon } from 'xterm-addon-webgl';
@@ -104,9 +104,9 @@ export class OurXterm {
             if (key == "EnableWebGL" && key) {
                 this.term.loadAddon(new WebglAddon());
             } else if (key == "font-size") {
-                this.term.setOption("fontSize", value[key])
+                this.term.options.fontSize = value[key]
             } else if (key == "font-family") {
-                this.term.setOption("fontFamily", value[key])
+                this.term.options.fontFamily = value[key]
             }
         });
     };

js/src/zmodem.tsx

@@ -1,7 +1,7 @@
+import { Component, ComponentChildren, createRef, render } from "preact";
 import { ITerminalAddon, Terminal } from "xterm";
 import { Browser, Detection, Offer, Sentry, Session } from 'zmodem.js/src/zmodem_browser';
-import { MyModal, Button } from "./MyModal";
-import { Component, ComponentChildren, createRef, render } from "preact";
+import { Button, MyModal } from "./MyModal";
 
 export class ZModemAddon implements ITerminalAddon {
     term: Terminal;

server/handlers.go

@@ -8,6 +8,7 @@ import (
 	"log"
 	"net/http"
 	"net/url"
+	"strings"
 	"sync/atomic"
 
 	"github.com/gorilla/websocket"
@@ -145,10 +146,14 @@ func (server *Server) processWSConn(ctx context.Context, conn *websocket.Conn, h
 
 	opts := []webtty.Option{
 		webtty.WithWindowTitle(titleBuf.Bytes()),
+		webtty.WithArguments(params),
 	}
 	if server.options.PermitWrite {
 		opts = append(opts, webtty.WithPermitWrite())
 	}
+	if server.options.WriteLog {
+		opts = append(opts, webtty.WithWriteLog())
+	}
 	if server.options.EnableReconnect {
 		opts = append(opts, webtty.WithReconnect(server.options.ReconnectTime))
 	}
@@ -233,7 +238,12 @@ func (server *Server) handleAuthToken(w http.ResponseWriter, r *http.Request) {
 
 func (server *Server) handleConfig(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/javascript")
-	w.Write([]byte("var gotty_term = 'xterm';"))
+	lines := []string{
+		"var gotty_term = 'xterm';",
+		"var gotty_ws_query_args = '" + server.options.WSQueryArgs + "';",
+	}
+
+	w.Write([]byte(strings.Join(lines, "\n")))
 }
 
 // titleVariables merges maps in a specified order.

server/options.go

@@ -9,6 +9,7 @@ type Options struct {
 	Port                string `hcl:"port" flagName:"port" flagSName:"p" flagDescribe:"Port number to liten" default:"8080"`
 	Path                string `hcl:"path" flagName:"path" flagSName:"m" flagDescribe:"Base path" default:"/"`
 	PermitWrite         bool   `hcl:"permit_write" flagName:"permit-write" flagSName:"w" flagDescribe:"Permit clients to write to the TTY (BE CAREFUL)" default:"false"`
+	WriteLog            bool   `hcl:"write_log" flagName:"write-log" flagDescribe:"Log user's writes in the TTY" default:"false"`
 	EnableBasicAuth     bool   `hcl:"enable_basic_auth" default:"false"`
 	Credential          string `hcl:"credential" flagName:"credential" flagSName:"c" flagDescribe:"Credential for Basic Authentication (ex: user:pass, default disabled)" default:""`
 	EnableRandomUrl     bool   `hcl:"enable_random_url" flagName:"random-url" flagSName:"r" flagDescribe:"Add a random string to the URL" default:"false"`
@@ -30,6 +31,7 @@ type Options struct {
 	Width               int    `hcl:"width" flagName:"width" flagDescribe:"Static width of the screen, 0(default) means dynamically resize" default:"0"`
 	Height              int    `hcl:"height" flagName:"height" flagDescribe:"Static height of the screen, 0(default) means dynamically resize" default:"0"`
 	WSOrigin            string `hcl:"ws_origin" flagName:"ws-origin" flagDescribe:"A regular expression that matches origin URLs to be accepted by WebSocket. No cross origin requests are acceptable by default" default:""`
+	WSQueryArgs         string `hcl:"ws_query_args" flagName:"ws-query-args" flagDescribe:"Querystring arguments to append to the websocket instantiation" default:""`
 	EnableWebGL         bool   `hcl:"enable_webgl" flagName:"enable-webgl" flagDescribe:"Enable WebGL renderer" default:"true"`
 	Quiet               bool   `hcl:"quiet" flagName:"quiet" flagDescribe:"Don't log" default:"false"`
 

utils/log.go

@@ -0,0 +1,114 @@
+package utils
+
+import (
+	"fmt"
+	"regexp"
+)
+
+var ControlCodes = map[byte]string{
+	0:   "NUL",
+	1:   "SOH",
+	2:   "STX",
+	3:   "ETX",
+	4:   "EOT",
+	5:   "ENQ",
+	6:   "ACK",
+	7:   "BEL",
+	8:   "BS",
+	9:   "HT",
+	10:  "LF",
+	11:  "VT",
+	12:  "FF",
+	13:  "CR",
+	14:  "SO",
+	15:  "SI",
+	16:  "DLE",
+	17:  "DCI",
+	18:  "DC2",
+	19:  "DC3",
+	20:  "DC4",
+	21:  "NAK",
+	22:  "SYN",
+	23:  "TB",
+	24:  "CAN",
+	25:  "EM",
+	26:  "SUB",
+	27:  "ESC",
+	28:  "FS",
+	29:  "GS",
+	30:  "RS",
+	31:  "US",
+	32:  "SPACE",
+	127: "DEL",
+}
+
+// https://en.wikipedia.org/wiki/ANSI_escape_code
+// https://xtermjs.org/docs/api/vtfeatures/
+var ControlSequences = map[string]string{
+	// Cursor Up
+	"ESC[A": "CUU",
+	// Cursor Down
+	"ESC[B": "CUD",
+	// Cursor Forward
+	"ESC[C": "CUF",
+	// Cursor Back
+	"ESC[D": "CUB",
+}
+
+var ControlSequencePatterns = map[string]string{
+	// Device Status Report
+	// Reports the cursor position (CPR) by transmitting `ESC[n;mR`, where n is the row and m is the column.
+	"^ESC\\[\\d+;\\d+R$": "",
+}
+
+func ControlCodesToStr(codes []byte) (str string) {
+	for _, code := range codes {
+		if value, ok := ControlCodes[code]; ok {
+			str += value
+		} else {
+			str += string(code)
+		}
+	}
+	return
+}
+
+func ControlCodesToEscapedStr(codes []byte) (str string) {
+	for _, code := range codes {
+		if value, ok := ControlCodes[code]; ok {
+			str += fmt.Sprintf("[%s]", value)
+		} else if code == 91 || code == 92 || code == 93 {
+			// escaping [ ] \
+			str += fmt.Sprintf("\\%s", string(code))
+		} else {
+			str += string(code)
+		}
+	}
+	return
+}
+
+func ControlSequenceToStr(codes []byte) (string, bool) {
+	sequence := ControlCodesToStr(codes)
+	for key, value := range ControlSequences {
+		if key == sequence {
+			return fmt.Sprintf("[%s]", value), true
+		}
+	}
+
+	for key, value := range ControlSequencePatterns {
+		if regexp.MustCompile(key).Match([]byte(sequence)) {
+			return value, true
+		}
+	}
+	return sequence, false
+}
+
+func FormatWriteLog(codes []byte, line *string) {
+	n := len(codes)
+	if n >= 3 {
+		if str, exists := ControlSequenceToStr(codes); exists {
+			*line += str
+			return
+		}
+	}
+	*line += ControlCodesToEscapedStr(codes)
+}

webtty/option.go

@@ -17,6 +17,14 @@ func WithPermitWrite() Option {
 	}
 }
 
+// WithWriteLog sets a WebTTY to log user's writes in the TTY.
+func WithWriteLog() Option {
+	return func(wt *WebTTY) error {
+		wt.writeLog = true
+		return nil
+	}
+}
+
 // WithFixedColumns sets a fixed width to TTY master.
 func WithFixedColumns(columns int) Option {
 	return func(wt *WebTTY) error {
@@ -41,6 +49,14 @@ func WithWindowTitle(windowTitle []byte) Option {
 	}
 }
 
+// WithArguments sets the command line arguments that clients send
+func WithArguments(arguments map[string][]string) Option {
+	return func(wt *WebTTY) error {
+		wt.arguments = arguments
+		return nil
+	}
+}
+
 // WithReconnect enables reconnection on the master side.
 func WithReconnect(timeInSeconds int) Option {
 	return func(wt *WebTTY) error {

webtty/webtty.go

@@ -4,6 +4,8 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/json"
+	"github.com/sorenisanerd/gotty/utils"
+	"log"
 	"sync"
 
 	"github.com/pkg/errors"
@@ -19,7 +21,9 @@ type WebTTY struct {
 	slave Slave
 
 	windowTitle []byte
+	arguments   map[string][]string
 	permitWrite bool
+	writeLog    bool
 	columns     int
 	rows        int
 	reconnect   int // in seconds
@@ -93,13 +97,14 @@ func (wt *WebTTY) Run(ctx context.Context) error {
 	go func() {
 		errs <- func() error {
 			buffer := make([]byte, wt.bufferSize)
+			var line string
 			for {
 				n, err := wt.masterConn.Read(buffer)
 				if err != nil {
 					return ErrMasterClosed
 				}
 
-				err = wt.handleMasterReadEvent(buffer[:n])
+				err = wt.handleMasterReadEvent(buffer[:n], &line)
 				if err != nil {
 					return err
 				}
@@ -168,7 +173,7 @@ func (wt *WebTTY) masterWrite(data []byte) error {
 	return nil
 }
 
-func (wt *WebTTY) handleMasterReadEvent(data []byte) error {
+func (wt *WebTTY) handleMasterReadEvent(data []byte, line *string) error {
 	if len(data) == 0 {
 		return errors.New("unexpected zero length read from master")
 	}
@@ -189,6 +194,16 @@ func (wt *WebTTY) handleMasterReadEvent(data []byte) error {
 			return errors.Wrapf(err, "failed to decode received data")
 		}
 
+		if wt.writeLog {
+			utils.FormatWriteLog(decodedBuffer[:n], line)
+			// 13(ASCII) means carriage return(CR)
+			// it is the end of a line
+			if decodedBuffer[n-1] == 13 {
+				log.Printf("[write-log] %v %s\n", wt.arguments, *line)
+				*line = ""
+			}
+		}
+
 		_, err = wt.slave.Write(decodedBuffer[:n])
 		if err != nil {
 			return errors.Wrapf(err, "failed to write received data to slave")