From 5b8f88cfef1745c88748277217204e6c38c7ff7e Mon Sep 17 00:00:00 2001
From: Bill Church <wmchurch@gmail.com>
Date: Thu, 7 Jul 2022 11:21:49 -0400
Subject: [PATCH] feat: credentials over http post for #290

---
 README.md            |  9 +++++++++
 app/server/app.js    |  3 +++
 app/server/form.html | 14 ++++++++++++++
 app/server/routes.js |  6 ++++++
 4 files changed, 32 insertions(+)
 create mode 100644 app/server/form.html

diff --git a/README.md b/README.md
index 8f8b6264..191f4c5d 100644
--- a/README.md
+++ b/README.md
@@ -41,6 +41,8 @@ http://localhost:2222/ssh/host/127.0.0.1
 
 You will be prompted for credentials to use on the SSH server via HTTP Basic authentcaiton. This is to permit usage with some SSO systems that can replay credentials over HTTP basic.
 
+Alternatively in main for testing, you can send credentials via POST with the variables "username" and "userpassword".
+
 # Customizing client files
 
 See [BUILDING.md](BUILDING.md) for more details.
@@ -83,6 +85,13 @@ docker run --name webssh2 -d -p 2222:2222 -v `pwd`/app/config.json:/usr/src/conf
 
 # Options
 
+## POST request vars (in main branch for testing)
+
+* **username** - _string_ - username to log into ssh with
+* **userpassword** _string_ password to log into ssh with
+
+TODO: Add the vars from the GET requests below as well.
+
 ## GET request vars
 
 * **port=** - _integer_ - port of SSH server (defaults to 22)
diff --git a/app/server/app.js b/app/server/app.js
index a52922b8..3f8a43a6 100644
--- a/app/server/app.js
+++ b/app/server/app.js
@@ -41,6 +41,9 @@ app.use(session);
 if (config.accesslog) app.use(logger('common'));
 app.disable('x-powered-by');
 app.use(favicon(path.join(publicPath, 'favicon.ico')));
+app.use(express.urlencoded({ extended: true }));
+app.post('/ssh/host/:host?', connect);
+app.post('/ssh', express.static(publicPath, config.express.ssh));
 app.use('/ssh', express.static(publicPath, config.express.ssh));
 app.use(basicAuth);
 app.get('/ssh/reauth', reauth);
diff --git a/app/server/form.html b/app/server/form.html
new file mode 100644
index 00000000..58453479
--- /dev/null
+++ b/app/server/form.html
@@ -0,0 +1,14 @@
+<html>
+<head><title>Post Test</title></head>
+<body>
+    <h1>Credentials over HTTP POST test</h1>
+    <p>This is a test to demonstrate sending credentials over POST instead of requiring HTTP Basic. If you use this, be sure to secure the app/site with HTTPS!</p>
+    <form method="POST" action="http://localhost:2222/ssh/host/192.168.0.1">
+        <label for="username">Username</label>
+        <input name="username">
+        <label for="userpassword">Password</label>
+        <input name="userpassword" type="password">
+        <button>Login</button>
+    </form>
+</body>
+</html>
\ No newline at end of file
diff --git a/app/server/routes.js b/app/server/routes.js
index 55999bf1..392cd0ce 100644
--- a/app/server/routes.js
+++ b/app/server/routes.js
@@ -26,6 +26,12 @@ exports.reauth = function reauth(req, res) {
 
 exports.connect = function connect(req, res) {
   res.sendFile(path.join(path.join(publicPath, 'client.htm')));
+
+  if (req.method === 'POST' && req.body.username && req.body.userpassword) {
+    req.session.username = req.body.username;
+    req.session.userpassword = req.body.userpassword;
+  }
+
   // capture, assign, and validate variables
   req.session.ssh = {
     host: