feat: credentials over http post for #290

billchurch · Jul 7, 2022 · 5b8f88c · 5b8f88c
1 parent 40cbb35
commit 5b8f88c
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -41,6 +41,8 @@ http://localhost:2222/ssh/host/127.0.0.1
 
 You will be prompted for credentials to use on the SSH server via HTTP Basic authentcaiton. This is to permit usage with some SSO systems that can replay credentials over HTTP basic.
 
+Alternatively in main for testing, you can send credentials via POST with the variables "username" and "userpassword".
+
 # Customizing client files
 
 See [BUILDING.md](BUILDING.md) for more details.
@@ -83,6 +85,13 @@ docker run --name webssh2 -d -p 2222:2222 -v `pwd`/app/config.json:/usr/src/conf
 
 # Options
 
+## POST request vars (in main branch for testing)
+
+* **username** - _string_ - username to log into ssh with
+* **userpassword** _string_ password to log into ssh with
+
+TODO: Add the vars from the GET requests below as well.
+
 ## GET request vars
 
 * **port=** - _integer_ - port of SSH server (defaults to 22)

diff --git a/app/server/app.js b/app/server/app.js
@@ -41,6 +41,9 @@ app.use(session);
 if (config.accesslog) app.use(logger('common'));
 app.disable('x-powered-by');
 app.use(favicon(path.join(publicPath, 'favicon.ico')));
+app.use(express.urlencoded({ extended: true }));
+app.post('/ssh/host/:host?', connect);
+app.post('/ssh', express.static(publicPath, config.express.ssh));
 app.use('/ssh', express.static(publicPath, config.express.ssh));
 app.use(basicAuth);
 app.get('/ssh/reauth', reauth);

diff --git a/app/server/form.html b/app/server/form.html
@@ -0,0 +1,14 @@
+<html>
+<head><title>Post Test</title></head>
+<body>
+    <h1>Credentials over HTTP POST test</h1>
+    <p>This is a test to demonstrate sending credentials over POST instead of requiring HTTP Basic. If you use this, be sure to secure the app/site with HTTPS!</p>
+    <form method="POST" action="http://localhost:2222/ssh/host/192.168.0.1">
+        <label for="username">Username</label>
+        <input name="username">
+        <label for="userpassword">Password</label>
+        <input name="userpassword" type="password">
+        <button>Login</button>
+    </form>
+</body>
+</html>
diff --git a/app/server/routes.js b/app/server/routes.js
@@ -26,6 +26,12 @@ exports.reauth = function reauth(req, res) {
 
 exports.connect = function connect(req, res) {
   res.sendFile(path.join(path.join(publicPath, 'client.htm')));
+
+  if (req.method === 'POST' && req.body.username && req.body.userpassword) {
+    req.session.username = req.body.username;
+    req.session.userpassword = req.body.userpassword;
+  }
+
   // capture, assign, and validate variables
   req.session.ssh = {
     host: