From 1607d41e5c2b5881061b24072bdb2b9c600d1b8b Mon Sep 17 00:00:00 2001
From: Anders Pitman <tapitman11@gmail.com>
Date: Sat, 24 Oct 2020 14:12:18 -0600
Subject: [PATCH] Add button for downloading private keys

Allows users to access tunnels using standard SSH clients.
---
 api.go           | 29 ++++++++++++++++++++++++++---
 ui_handler.go    | 14 ++++++++++++++
 webui/index.tmpl |  2 ++
 3 files changed, 42 insertions(+), 3 deletions(-)

diff --git a/api.go b/api.go
index e6ea8be..d44926d 100644
--- a/api.go
+++ b/api.go
@@ -34,6 +34,25 @@ func (a *Api) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	a.mux.ServeHTTP(w, r)
 }
 
+func (a *Api) GetTunnel(tokenData TokenData, params url.Values) (Tunnel, error) {
+	domain := params.Get("domain")
+	if domain == "" {
+		return Tunnel{}, errors.New("Invalid domain parameter")
+	}
+
+	tun, exists := a.db.GetTunnel(domain)
+	if !exists {
+		return Tunnel{}, errors.New("Tunnel doesn't exist for domain")
+	}
+
+	user, _ := a.db.GetUser(tokenData.Owner)
+	if user.IsAdmin || tun.Owner == tokenData.Owner {
+		return tun, nil
+	} else {
+		return Tunnel{}, errors.New("Unauthorized")
+	}
+}
+
 func (a *Api) GetTunnels(tokenData TokenData) map[string]Tunnel {
 
 	user, _ := a.db.GetUser(tokenData.Owner)
@@ -64,9 +83,13 @@ func (a *Api) CreateTunnel(tokenData TokenData, params url.Values) (*Tunnel, err
 
 	sshKeyId := params.Get("ssh-key-id")
 
-	sshKey, exists := a.db.GetSshKey(sshKeyId)
-	if !exists {
-		return nil, errors.New("SSH key does not exist")
+	var sshKey SshKey
+	if sshKeyId != "" {
+		var exists bool
+		sshKey, exists = a.db.GetSshKey(sshKeyId)
+		if !exists {
+			return nil, errors.New("SSH key does not exist")
+		}
 	}
 
 	clientName := params.Get("client-name")
diff --git a/ui_handler.go b/ui_handler.go
index 583cc86..5ab7fac 100644
--- a/ui_handler.go
+++ b/ui_handler.go
@@ -314,6 +314,20 @@ func (h *WebUiHandler) handleWebUiRequest(w http.ResponseWriter, r *http.Request
 			return
 		}
 
+	case "/tunnel-private-key":
+
+		r.ParseForm()
+
+		tun, err := h.api.GetTunnel(tokenData, r.Form)
+		if err != nil {
+			w.WriteHeader(400)
+			h.alertDialog(w, r, err.Error(), "/#/tunnels")
+			return
+		}
+
+		w.Header().Set("Content-Disposition", "attachment; filename=id_rsa")
+		io.WriteString(w, tun.TunnelPrivateKey)
+
 	case "/tokens":
 		h.handleTokens(w, r, user, tokenData)
 	case "/confirm-delete-token":
diff --git a/webui/index.tmpl b/webui/index.tmpl
index 6583539..fc42ea9 100644
--- a/webui/index.tmpl
+++ b/webui/index.tmpl
@@ -30,6 +30,8 @@
                 <a href="https://{{$domain}}">{{$domain}}</a>:{{$tunnel.TunnelPort}} -> {{$tunnel.ClientName}} -> {{$tunnel.ClientAddress}}:{{$tunnel.ClientPort}}
               </div>
 
+              <a class='button' href="/tunnel-private-key?domain={{$domain}}">Download Private Key</a>
+
               <label class='button' for='toggle-tunnel-delete-dialog-{{$tunnel.CssId}}'>
                 Delete
               </label>