feat(terminal): add token validation to terminal

ravenclaw900 · Nov 20, 2021 · 3b138da · 3b138da
1 parent 274ed46
commit 3b138da
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 1 deletion.
diff --git a/src/backend/src/terminal.rs b/src/backend/src/terminal.rs
@@ -18,6 +18,35 @@ struct TTYSize {
 pub async fn term_handler(socket: warp::ws::WebSocket) {
     let (mut socket_send, mut socket_recv) = socket.split();
 
+    if crate::CONFIG.pass {
+        let token = socket_recv.next().await.unwrap().unwrap();
+        let token = token.to_str().unwrap();
+        if token.get(..5) == Some("token") {
+            let key = jwts::jws::Key::new(&crate::CONFIG.secret, jwts::jws::Algorithm::HS256);
+            let verified: jwts::jws::Token<jwts::Claims>;
+            if let Ok(token) = jwts::jws::Token::verify_with_key(&token[5..], &key) {
+                verified = token;
+            } else {
+                log::error!("Couldn't verify token");
+                return;
+            };
+            let config = jwts::ValidationConfig {
+                iat_validation: false,
+                nbf_validation: false,
+                exp_validation: true,
+                expected_iss: None,
+                expected_sub: None,
+                expected_aud: None,
+                expected_jti: None,
+            };
+            if verified.validate_claims(&config).is_err() {
+                return;
+            }
+        } else {
+            return;
+        }
+    }
+
     let cmd = Arc::new(RwLock::new(
         // Use hardcoded bash here until we have better support for other shells
         std::process::Command::new("/bin/bash")

diff --git a/src/frontend/src/pages/Terminal.svelte b/src/frontend/src/pages/Terminal.svelte
@@ -14,6 +14,7 @@
     const socket = new WebSocket(
         `${proto}://${window.location.hostname}:${window.location.port}/ws/term`
     );
+
     const attachAddon = new AttachAddon(socket);
 
     const fitAddon = new FitAddon();
@@ -24,7 +25,7 @@
 
     const sendSize = (e) => {
         let size = JSON.stringify({ cols: e.cols, rows: e.rows + 1 });
-        socket.send("size" + size);
+        socket.send(`size${size}`);
     };
 
     terminal.onResize((e) => sendSize(e));
@@ -34,6 +35,9 @@
     };
 
     socket.onopen = () => {
+        if (localStorage.getItem("token") != null) {
+            socket.send(`token${localStorage.getItem("token")}`);
+        }
         terminal.open(termDiv);
         fitAddon.fit();
         sendSize({ cols: terminal.cols, rows: terminal.rows });