mirror of
https://github.com/boringproxy/boringproxy.git
synced 2025-02-25 18:55:29 -06:00
Move /waygate/authorize into waygate library
This commit is contained in:
parent
da4b2d1035
commit
42cbf1abe2
31
api.go
31
api.go
@ -618,6 +618,37 @@ func (a *Api) DeleteClient(tokenData TokenData, ownerId, clientId string) error
|
||||
return nil
|
||||
}
|
||||
|
||||
func (a *Api) GetDomainNames(r *http.Request) ([]string, error) {
|
||||
|
||||
token, err := extractToken("access_token", r)
|
||||
if err != nil {
|
||||
return nil, errors.New("No access token")
|
||||
}
|
||||
|
||||
tokenData, exists := a.db.GetLegacyTokenData(token)
|
||||
if !exists {
|
||||
return nil, errors.New("Error getting token")
|
||||
}
|
||||
|
||||
if tokenData.Client != "" {
|
||||
return nil, errors.New("Attempted to use client token")
|
||||
}
|
||||
|
||||
domainMap := a.GetDomains(tokenData)
|
||||
|
||||
domains := []string{}
|
||||
|
||||
for domainName, _ := range domainMap {
|
||||
domains = append(domains, domainName)
|
||||
}
|
||||
|
||||
if len(domains) == 0 {
|
||||
return nil, errors.New("No domains")
|
||||
}
|
||||
|
||||
return domains, nil
|
||||
}
|
||||
|
||||
func (a *Api) GetDomains(tokenData TokenData) map[string]Domain {
|
||||
|
||||
user, _ := a.db.GetUser(tokenData.Owner)
|
||||
|
@ -96,18 +96,6 @@ func Listen() {
|
||||
fmt.Printf("WARNING: Failed to access %s:%d from the internet\n", ip, *httpsPort)
|
||||
}
|
||||
|
||||
user, err := user.Current()
|
||||
if err != nil {
|
||||
log.Fatalf("Unable to get current user: %v", err)
|
||||
}
|
||||
waygateServer := waygate.NewServer(db)
|
||||
waygateServer.SshConfig = &waygate.SshConfig{
|
||||
ServerAddress: db.GetAdminDomain(),
|
||||
ServerPort: *sshServerPort,
|
||||
Username: user.Username,
|
||||
AuthorizedKeysPath: filepath.Join(user.HomeDir, ".ssh", "authorized_keys"),
|
||||
}
|
||||
|
||||
autoCerts := true
|
||||
if *httpPort != 80 || *httpsPort != 443 {
|
||||
fmt.Printf("WARNING: LetsEncrypt only supports HTTP/HTTPS ports 80/443. You are using %d/%d. Disabling automatic certificate management\n", *httpPort, *httpsPort)
|
||||
@ -191,6 +179,18 @@ func Listen() {
|
||||
|
||||
api := NewApi(config, db, auth, tunMan)
|
||||
|
||||
user, err := user.Current()
|
||||
if err != nil {
|
||||
log.Fatalf("Unable to get current user: %v", err)
|
||||
}
|
||||
waygateServer := waygate.NewServer(db, api)
|
||||
waygateServer.SshConfig = &waygate.SshConfig{
|
||||
ServerAddress: db.GetAdminDomain(),
|
||||
ServerPort: *sshServerPort,
|
||||
Username: user.Username,
|
||||
AuthorizedKeysPath: filepath.Join(user.HomeDir, ".ssh", "authorized_keys"),
|
||||
}
|
||||
|
||||
webUiHandler := NewWebUiHandler(config, db, api, auth)
|
||||
|
||||
httpClient := &http.Client{
|
||||
@ -212,9 +212,9 @@ func Listen() {
|
||||
|
||||
http.Handle("/waygate/", http.StripPrefix("/waygate", waygateServer))
|
||||
// TODO: This feels like a bit of a hack.
|
||||
http.HandleFunc("/waygate/authorize", func(w http.ResponseWriter, r *http.Request) {
|
||||
webUiHandler.handleWebUiRequest(w, r)
|
||||
})
|
||||
//http.HandleFunc("/waygate/authorize", func(w http.ResponseWriter, r *http.Request) {
|
||||
// webUiHandler.handleWebUiRequest(w, r)
|
||||
//})
|
||||
http.HandleFunc("/waygate/authorized", func(w http.ResponseWriter, r *http.Request) {
|
||||
webUiHandler.handleWebUiRequest(w, r)
|
||||
})
|
||||
|
@ -1,27 +0,0 @@
|
||||
<p>
|
||||
A service is requesting to create a tunnel. If you want to approve this action, select a domain below.
|
||||
</p>
|
||||
|
||||
<h1>Select Domain</h1>
|
||||
|
||||
<form action="/waygate/authorized" method="POST">
|
||||
<input type="hidden" name="client_id" value="{{.AuthRequest.ClientId}}" required>
|
||||
<input type="hidden" name="redirect_uri" value="{{.AuthRequest.RedirectUri}}" required>
|
||||
<input type="hidden" name="scope" value="{{.AuthRequest.Scope}}" required>
|
||||
<input type="hidden" name="state" value="{{.AuthRequest.State}}" required>
|
||||
|
||||
<div>
|
||||
<input type="text" name="host" placeholder="Subdomain" required>
|
||||
<span>.</span>
|
||||
<select id="domain-input" name="domain">
|
||||
{{range $domainName := $.Domains}}
|
||||
<option>{{$domainName}}</option>
|
||||
{{ end }}
|
||||
</select>
|
||||
</div>
|
||||
|
||||
<div class='tn-button-row'>
|
||||
<button class='button'>Approve</button>
|
||||
<button class='button' formaction="/deny">Deny</button>
|
||||
</div>
|
||||
</form>
|
@ -72,6 +72,7 @@ func NewWebUiHandler(config *Config, db *Database, api *Api, auth *Auth) *WebUiH
|
||||
|
||||
func (h *WebUiHandler) handleWebUiRequest(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
// TODO: Still want to be parsing this at runtime?
|
||||
var err error
|
||||
h.tmpl, err = template.ParseFS(fs, "templates/*.tmpl")
|
||||
if err != nil {
|
||||
@ -99,8 +100,8 @@ func (h *WebUiHandler) handleWebUiRequest(w http.ResponseWriter, r *http.Request
|
||||
|
||||
user, _ := h.db.GetUser(tokenData.Owner)
|
||||
|
||||
// TODO: is this used/doing anything?
|
||||
tunnels := h.api.GetTunnels(tokenData)
|
||||
|
||||
for domain, tun := range tunnels {
|
||||
tunnels[domain] = tun
|
||||
}
|
||||
@ -164,47 +165,6 @@ func (h *WebUiHandler) handleWebUiRequest(w http.ResponseWriter, r *http.Request
|
||||
}
|
||||
|
||||
return
|
||||
|
||||
case "/waygate/authorize":
|
||||
if r.Method != "GET" {
|
||||
w.WriteHeader(405)
|
||||
h.alertDialog(w, r, err.Error(), "/")
|
||||
return
|
||||
}
|
||||
|
||||
r.ParseForm()
|
||||
|
||||
authReq, err := waygate.ExtractAuthRequest(r)
|
||||
if err != nil {
|
||||
w.WriteHeader(400)
|
||||
h.alertDialog(w, r, err.Error(), "/")
|
||||
return
|
||||
}
|
||||
|
||||
wildcardDomains := []string{}
|
||||
|
||||
domains := h.api.GetDomains(tokenData)
|
||||
|
||||
for domainName, _ := range domains {
|
||||
if strings.HasPrefix(domainName, "*.") {
|
||||
wildcardDomains = append(wildcardDomains, domainName[2:])
|
||||
}
|
||||
}
|
||||
|
||||
data := struct {
|
||||
Domains []string
|
||||
AuthRequest *waygate.AuthRequest
|
||||
}{
|
||||
Domains: wildcardDomains,
|
||||
AuthRequest: authReq,
|
||||
}
|
||||
|
||||
err = h.tmpl.ExecuteTemplate(w, "authorize.tmpl", data)
|
||||
if err != nil {
|
||||
w.WriteHeader(500)
|
||||
h.alertDialog(w, r, err.Error(), "/")
|
||||
return
|
||||
}
|
||||
case "/login":
|
||||
h.handleLogin(w, r)
|
||||
case "/users":
|
||||
|
Loading…
Reference in New Issue
Block a user