Documentation ¶
Overview ¶
Package web implements web proxy handler that provides web interface to view and connect to teleport nodes
Index ¶
- Constants
- func ClearSession(w http.ResponseWriter) error
- func ConstructSSHResponse(response *auth.OIDCAuthResponse) (*url.URL, error)
- func CreateSignupLink(hostPort string, token string) string
- func EncodeCookie(user, sid string) (string, error)
- func NewStaticFileSystem(debugMode bool) (http.FileSystem, error)
- func Ping(proxyAddr string, insecure bool, pool *x509.CertPool) error
- func SetSession(w http.ResponseWriter, user, sid string) error
- type Config
- type CreateSessionResponse
- type Handler
- type HandlerOption
- type ResourceMap
- type SSHLoginResponse
- func SSHAgentLogin(proxyAddr, user, password, hotpToken string, pubKey []byte, ttl time.Duration, ...) (*SSHLoginResponse, error)
- func SSHAgentOIDCLogin(proxyAddr, connectorID string, pubKey []byte, ttl time.Duration, insecure bool, ...) (*SSHLoginResponse, error)
- func SSHAgentU2FLogin(proxyAddr, user, password string, pubKey []byte, ttl time.Duration, ...) (*SSHLoginResponse, error)
- type Server
- type SessionContext
- func (c *SessionContext) AddClosers(closers ...io.Closer)
- func (c *SessionContext) Close() error
- func (c *SessionContext) ExtendWebSession() (*auth.Session, error)
- func (c *SessionContext) GetAgent() (auth.AgentCloser, error)
- func (c *SessionContext) GetClient() (auth.ClientI, error)
- func (c *SessionContext) GetUser() string
- func (c *SessionContext) GetWebSession() *auth.Session
- func (c *SessionContext) Invalidate() error
- func (c *SessionContext) TransferClosers() []io.Closer
- func (c *SessionContext) UpdateSessionTerminal(sessionID session.ID, params session.TerminalParams) error
- type SessionCookie
Constants ¶
const ( // HTTPS is https prefix HTTPS = "https" // WSS is secure web sockets prefix WSS = "wss" )
const APIVersion = "v1"
Version is a current webapi version
Variables ¶
This section is empty.
Functions ¶
func ClearSession ¶ added in v1.0.0
func ClearSession(w http.ResponseWriter) error
func ConstructSSHResponse ¶ added in v1.0.0
func ConstructSSHResponse(response *auth.OIDCAuthResponse) (*url.URL, error)
ConstructSSHResponse creates a special SSH response for SSH login method that encodes everything using the client's secret key
func CreateSignupLink ¶
CreateSignupLink generates and returns a URL which is given to a new user to complete registration with Teleport via Web UI
func EncodeCookie ¶
func NewStaticFileSystem ¶ added in v1.2.6
func NewStaticFileSystem(debugMode bool) (http.FileSystem, error)
NewStaticFileSystem returns the initialized implementation of http.FileSystem interface which can be used to serve Teleport Proxy Web UI
If 'debugMode' is true, it will load the web assets from the same git repo directory where the executable is, otherwise it will load them from the embedded zip archive.
func Ping ¶ added in v1.0.0
Ping is used to validate HTTPS endpoing of Teleport proxy. This leads to better user experience: they get connection errors before being asked for passwords
func SetSession ¶ added in v1.0.0
func SetSession(w http.ResponseWriter, user, sid string) error
Types ¶
type Config ¶ added in v1.0.0
type Config struct { // Proxy is a reverse tunnel proxy that handles connections // to various sites Proxy reversetunnel.Server // AuthServers is a list of auth servers this proxy talks to AuthServers utils.NetAddr // DomainName is a domain name served by web handler DomainName string // ProxyClient is a client that authenticated as proxy ProxyClient auth.ClientI // DisableUI allows to turn off serving web based UI DisableUI bool }
Config represents web handler configuration parameters
type CreateSessionResponse ¶ added in v1.0.0
type CreateSessionResponse struct { // Type is token type (bearer) Type string `json:"type"` // Token value Token string `json:"token"` // User represents the user User services.User `json:"user"` // ExpiresIn sets seconds before this token is not valid ExpiresIn int `json:"expires_in"` }
CreateSessionResponse returns OAuth compabible data about access token: https://tools.ietf.org/html/rfc6749
func NewSessionResponse ¶ added in v1.0.0
func NewSessionResponse(ctx *SessionContext) (*CreateSessionResponse, error)
type Handler ¶ added in v1.0.0
type Handler struct { sync.Mutex httprouter.Router // contains filtered or unexported fields }
Handler is HTTP web proxy handler
func NewHandler ¶ added in v1.0.0
func NewHandler(cfg Config, opts ...HandlerOption) (*Handler, error)
NewHandler returns a new instance of web proxy handler
func (*Handler) AuthenticateRequest ¶ added in v1.0.0
func (h *Handler) AuthenticateRequest(w http.ResponseWriter, r *http.Request, checkBearerToken bool) (*SessionContext, error)
authenticateRequest authenticates request using combination of a session cookie and bearer token
type HandlerOption ¶ added in v1.0.0
HandlerOption is a functional argument - an option that can be passed to NewHandler function
func SetSessionStreamPollPeriod ¶ added in v1.0.0
func SetSessionStreamPollPeriod(period time.Duration) HandlerOption
SetSessionStreamPollPeriod sets polling period for session streams
type ResourceMap ¶ added in v1.2.6
type SSHLoginResponse ¶ added in v1.0.0
type SSHLoginResponse struct { // User contains a logged in user informationn Username string `json:"username"` // Cert is a signed certificate Cert []byte `json:"cert"` // HostSigners is a list of signing host public keys // trusted by proxy HostSigners []services.CertAuthority `json:"host_signers"` }
SSHLoginResponse is a response returned by web proxy
func SSHAgentLogin ¶
func SSHAgentLogin(proxyAddr, user, password, hotpToken string, pubKey []byte, ttl time.Duration, insecure bool, pool *x509.CertPool) (*SSHLoginResponse, error)
SSHAgentLogin issues call to web proxy and receives temp certificate if credentials are valid
proxyAddr must be specified as host:port
func SSHAgentOIDCLogin ¶ added in v1.0.0
func SSHAgentOIDCLogin(proxyAddr, connectorID string, pubKey []byte, ttl time.Duration, insecure bool, pool *x509.CertPool) (*SSHLoginResponse, error)
SSHAgentOIDCLogin is used by SSH Agent to login using OpenID connect
func SSHAgentU2FLogin ¶ added in v1.3.0
func SSHAgentU2FLogin(proxyAddr, user, password string, pubKey []byte, ttl time.Duration, insecure bool, pool *x509.CertPool) (*SSHLoginResponse, error)
SSHAgentU2FLogin requests a U2F sign request (authentication challenge) via the proxy. If the credentials are valid, the proxy wiil return a challenge. We then call the official u2f-host binary to perform the signing and pass the signature to the proxy. If the authentication succeeds, we will get a temporary certificate back
type SessionContext ¶ added in v1.0.0
SessionContext is a context associated with users' web session, it stores connected client that persists between requests for example to avoid connecting to the auth server on every page hit
func (*SessionContext) AddClosers ¶ added in v1.0.0
func (c *SessionContext) AddClosers(closers ...io.Closer)
func (*SessionContext) Close ¶ added in v1.0.0
func (c *SessionContext) Close() error
Close cleans up connections associated with requests
func (*SessionContext) ExtendWebSession ¶ added in v1.0.0
func (c *SessionContext) ExtendWebSession() (*auth.Session, error)
ExtendWebSession creates a new web session for this user based on the previous session
func (*SessionContext) GetAgent ¶ added in v1.0.0
func (c *SessionContext) GetAgent() (auth.AgentCloser, error)
GetAgent returns agent that can we used to answer challenges for the web to ssh connection
func (*SessionContext) GetClient ¶ added in v1.0.0
func (c *SessionContext) GetClient() (auth.ClientI, error)
GetClient returns the client connected to the auth server
func (*SessionContext) GetUser ¶ added in v1.0.0
func (c *SessionContext) GetUser() string
GetUser returns the authenticated teleport user
func (*SessionContext) GetWebSession ¶ added in v1.0.0
func (c *SessionContext) GetWebSession() *auth.Session
GetWebSession returns a web session
func (*SessionContext) Invalidate ¶ added in v1.0.0
func (c *SessionContext) Invalidate() error
func (*SessionContext) TransferClosers ¶ added in v1.0.0
func (c *SessionContext) TransferClosers() []io.Closer
func (*SessionContext) UpdateSessionTerminal ¶ added in v1.0.0
func (c *SessionContext) UpdateSessionTerminal(sessionID session.ID, params session.TerminalParams) error
type SessionCookie ¶ added in v1.0.0
SessionCookie stores information about active user and session
func DecodeCookie ¶
func DecodeCookie(b string) (*SessionCookie, error)