/
middleware.go
87 lines (84 loc) · 2.27 KB
/
middleware.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
package ctrl
import (
"bufio"
"fmt"
"github.com/patrickmn/go-cache"
"golang.org/x/crypto/ssh"
"net"
"net/http"
"os"
"strconv"
"strings"
"time"
. "github.com/mickael-kerjean/webpty/common"
)
func Middleware(fn func(res http.ResponseWriter, req *http.Request)) func(res http.ResponseWriter, req *http.Request) {
tmpCache := cache.New(5*time.Minute, 10*time.Minute)
if FLEET_MODE {
return fn
}
return func(res http.ResponseWriter, req *http.Request) {
startTime := time.Now()
username, password, ok := req.BasicAuth()
defer func() {
Log.Info(
"HTTP %.1fms %s %s",
float32(time.Now().Sub(startTime).Microseconds())/1000,
func() string {
if ok == false {
return "anonymous"
}
return username
}(),
req.URL.Path,
)
}()
if ok == false {
Log.Error("basic authentication error")
res.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
ErrorPage(res, ErrNotAuthorized, http.StatusUnauthorized)
return
}
if _, found := tmpCache.Get(username + ":" + password); found == false {
var err error = nil
sshPort := func() int {
p := 22
file, err := os.OpenFile("/etc/ssh/sshd_config", os.O_RDONLY, os.ModePerm)
if err != nil {
return p
}
scanner := bufio.NewScanner(file)
for scanner.Scan() {
line := strings.TrimSpace(scanner.Text())
prefix := "Port"
if strings.HasPrefix(line, prefix) {
n, err := strconv.Atoi(strings.TrimSpace(strings.TrimPrefix(line, prefix)))
if err != nil {
Log.Error("sshd cannot parse port from /etc/ssh/sshd_config")
}
p = n
break
}
}
file.Close()
return p
}()
client, err := ssh.Dial("tcp", fmt.Sprintf("127.0.0.1:%d", sshPort), &ssh.ClientConfig{
User: username,
Auth: []ssh.AuthMethod{ssh.Password(password)},
HostKeyCallback: func(hostname string, remote net.Addr, key ssh.PublicKey) error {
return nil
},
})
if err != nil {
Log.Error("sshd authentication error: %s", err.Error())
res.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
ErrorPage(res, ErrNotAuthorized, http.StatusUnauthorized)
return
}
client.Close()
tmpCache.Set(username+":"+password, nil, cache.DefaultExpiration)
}
fn(res, req)
}
}