Node OS Command Runner - run native OS commands via a web service.
- Run most native OS commands via a web interface
- Pass parameters:
- Statically configured
- via user input (web interface)
- via input files (loaded via the web interface)
- Download output files
- Recieve terminal output to the web interface
- Syntx highlighted source code viewer included
- Some example test scripts included (see the ts folder)
The system has been created to meet a specific need. I've tried to make it as flexible as possible but it undoubtedly needs some additional work.
- As configured, the tool uses HTTPS security. This is highly recommended but you need to create your own
hostcert.pem
andhostkey.pem
files in the root folder.OpenSSL
is used for this and it is available on most platforms. To create a simple, self-signed certificate, valid for 10 years. Run the following OpenSSL command: openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout hostkey.pem -out hostcert.pem To get a 'proper' certificate, signed by a trust authority, you need to run something like: openssl req -newkey rsa:2048 -new -nodes -keyout hostkey.pem -out csr.pem and then to send the csr.pem to your certificate provider who will return thehostcert
. See the Node.JS TLS documentation for more details. - As configured, security is limited (manually configured id/password login via Passport).
- Use Passport extensions to add your own scheme.
- Need to pen-test the whole system
- Need additional testing of Socket.IO to understand any security weaknesses - e.g. can socket messages be spoofed?
- Security around the source code viewer is minimal. Key folders are excluded but anyone with knowledge might be able to view code by manipulating the URL.
- Disable the routing for "
/*/*
" if source security is important. - Alternatively, put secure scripts in their own folder and add that to the banned folders.
- Disable the routing for "
However, even with these limitations, the system is highly usable in a controlled environment. Just ensure that the platform it is running on is reasonably secured.
To install, simply use NPM from the GitHub published version.
--cmd to be included here--
Or, when published to NPM, install as:
--cmd to be included here--
This system will not work without configuration.
- HTTPS - Create the
hostcert.pem
andhostkey.pem
files as shown in the Limitations section above - Place any scripts or commands you want to be able to run in appropriate folders under the root folder
- Copy the
config-sample.js
file toconfig.js
and amend to include the scripts you need - If required, change the default port (see
app.js
) - Start the system manually with
npm start
- Test the system to make sure it does what you want it to and further adjust the
config.js
file as needed - Run the system under a tool such as supervisor to ensure that it stays running.
This system is MIT Licensed. Please read the license file MIT-License.htm
- Fix page resets
- Need to have a common function on client as well as server
- Inputs
- Capture all of input form as JSON and return to server via IO
- Add file Uploads
- Make some stuff private
- Id/passwords, basics are done, needs more work
- Add more flexible contact info - not hard coded
- Combine readme.md into the about page (file read & marked).