web

package
v1.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 21, 2016 License: Apache-2.0 Imports: 42 Imported by: 0

Documentation

Overview

Package web implements web proxy handler that provides web interface to view and connect to teleport nodes

Index

Constants

View Source
const (
	// HTTPS is https prefix
	HTTPS = "https"
	// WSS is secure web sockets prefix
	WSS = "wss"
)
View Source
const APIVersion = "v1"

Version is a current webapi version

Variables

This section is empty.

Functions

func ClearSession added in v1.0.0

func ClearSession(w http.ResponseWriter) error

func ConstructSSHResponse added in v1.0.0

func ConstructSSHResponse(response *auth.OIDCAuthResponse) (*url.URL, error)

ConstructSSHResponse creates a special SSH response for SSH login method that encodes everything using the client's secret key

func CreateSignupLink(hostPort string, token string) string

CreateSignupLink generates and returns a URL which is given to a new user to complete registration with Teleport via Web UI

func EncodeCookie

func EncodeCookie(user, sid string) (string, error)

func NewStaticFileSystem added in v1.2.6

func NewStaticFileSystem(debugMode bool) (http.FileSystem, error)

NewStaticFileSystem returns the initialized implementation of http.FileSystem interface which can be used to serve Teleport Proxy Web UI

If 'debugMode' is true, it will load the web assets from the same git repo directory where the executable is, otherwise it will load them from the embedded zip archive.

func Ping added in v1.0.0

func Ping(proxyAddr string, insecure bool, pool *x509.CertPool) error

Ping is used to validate HTTPS endpoing of Teleport proxy. This leads to better user experience: they get connection errors before being asked for passwords

func SetSession added in v1.0.0

func SetSession(w http.ResponseWriter, user, sid string) error

Types

type Config added in v1.0.0

type Config struct {
	// Proxy is a reverse tunnel proxy that handles connections
	// to various sites
	Proxy reversetunnel.Server
	// AuthServers is a list of auth servers this proxy talks to
	AuthServers utils.NetAddr
	// DomainName is a domain name served by web handler
	DomainName string
	// ProxyClient is a client that authenticated as proxy
	ProxyClient auth.ClientI
	// DisableUI allows to turn off serving web based UI
	DisableUI bool
}

Config represents web handler configuration parameters

type CreateSessionResponse added in v1.0.0

type CreateSessionResponse struct {
	// Type is token type (bearer)
	Type string `json:"type"`
	// Token value
	Token string `json:"token"`
	// User represents the user
	User services.User `json:"user"`
	// ExpiresIn sets seconds before this token is not valid
	ExpiresIn int `json:"expires_in"`
}

CreateSessionResponse returns OAuth compabible data about access token: https://tools.ietf.org/html/rfc6749

func NewSessionResponse added in v1.0.0

func NewSessionResponse(ctx *SessionContext) (*CreateSessionResponse, error)

type Handler added in v1.0.0

type Handler struct {
	sync.Mutex
	httprouter.Router
	// contains filtered or unexported fields
}

Handler is HTTP web proxy handler

func NewHandler added in v1.0.0

func NewHandler(cfg Config, opts ...HandlerOption) (*Handler, error)

NewHandler returns a new instance of web proxy handler

func (*Handler) AuthenticateRequest added in v1.0.0

func (h *Handler) AuthenticateRequest(w http.ResponseWriter, r *http.Request, checkBearerToken bool) (*SessionContext, error)

authenticateRequest authenticates request using combination of a session cookie and bearer token

func (*Handler) Close added in v1.0.0

func (m *Handler) Close() error

Close closes associated session cache operations

func (*Handler) String added in v1.0.0

func (h *Handler) String() string

type HandlerOption added in v1.0.0

type HandlerOption func(h *Handler) error

HandlerOption is a functional argument - an option that can be passed to NewHandler function

func SetSessionStreamPollPeriod added in v1.0.0

func SetSessionStreamPollPeriod(period time.Duration) HandlerOption

SetSessionStreamPollPeriod sets polling period for session streams

type ResourceMap added in v1.2.6

type ResourceMap map[string]*zip.File

func (ResourceMap) Open added in v1.2.6

func (rm ResourceMap) Open(name string) (http.File, error)

type SSHLoginResponse added in v1.0.0

type SSHLoginResponse struct {
	// User contains a logged in user informationn
	Username string `json:"username"`
	// Cert is a signed certificate
	Cert []byte `json:"cert"`
	// HostSigners is a list of signing host public keys
	// trusted by proxy
	HostSigners []services.CertAuthority `json:"host_signers"`
}

SSHLoginResponse is a response returned by web proxy

func SSHAgentLogin

func SSHAgentLogin(proxyAddr, user, password, hotpToken string, pubKey []byte, ttl time.Duration, insecure bool, pool *x509.CertPool) (*SSHLoginResponse, error)

SSHAgentLogin issues call to web proxy and receives temp certificate if credentials are valid

proxyAddr must be specified as host:port

func SSHAgentOIDCLogin added in v1.0.0

func SSHAgentOIDCLogin(proxyAddr, connectorID string, pubKey []byte, ttl time.Duration, insecure bool, pool *x509.CertPool) (*SSHLoginResponse, error)

SSHAgentOIDCLogin is used by SSH Agent to login using OpenID connect

func SSHAgentU2FLogin added in v1.3.0

func SSHAgentU2FLogin(proxyAddr, user, password string, pubKey []byte, ttl time.Duration, insecure bool, pool *x509.CertPool) (*SSHLoginResponse, error)

SSHAgentU2FLogin requests a U2F sign request (authentication challenge) via the proxy. If the credentials are valid, the proxy wiil return a challenge. We then call the official u2f-host binary to perform the signing and pass the signature to the proxy. If the authentication succeeds, we will get a temporary certificate back

type Server

type Server struct {
	http.Server
}

type SessionContext added in v1.0.0

type SessionContext struct {
	sync.Mutex
	*log.Entry
	// contains filtered or unexported fields
}

SessionContext is a context associated with users' web session, it stores connected client that persists between requests for example to avoid connecting to the auth server on every page hit

func (*SessionContext) AddClosers added in v1.0.0

func (c *SessionContext) AddClosers(closers ...io.Closer)

func (*SessionContext) Close added in v1.0.0

func (c *SessionContext) Close() error

Close cleans up connections associated with requests

func (*SessionContext) ExtendWebSession added in v1.0.0

func (c *SessionContext) ExtendWebSession() (*auth.Session, error)

ExtendWebSession creates a new web session for this user based on the previous session

func (*SessionContext) GetAgent added in v1.0.0

func (c *SessionContext) GetAgent() (auth.AgentCloser, error)

GetAgent returns agent that can we used to answer challenges for the web to ssh connection

func (*SessionContext) GetClient added in v1.0.0

func (c *SessionContext) GetClient() (auth.ClientI, error)

GetClient returns the client connected to the auth server

func (*SessionContext) GetUser added in v1.0.0

func (c *SessionContext) GetUser() string

GetUser returns the authenticated teleport user

func (*SessionContext) GetWebSession added in v1.0.0

func (c *SessionContext) GetWebSession() *auth.Session

GetWebSession returns a web session

func (*SessionContext) Invalidate added in v1.0.0

func (c *SessionContext) Invalidate() error

func (*SessionContext) TransferClosers added in v1.0.0

func (c *SessionContext) TransferClosers() []io.Closer

func (*SessionContext) UpdateSessionTerminal added in v1.0.0

func (c *SessionContext) UpdateSessionTerminal(sessionID session.ID, params session.TerminalParams) error

type SessionCookie added in v1.0.0

type SessionCookie struct {
	User string `json:"user"`
	SID  string `json:"sid"`
}

SessionCookie stores information about active user and session

func DecodeCookie

func DecodeCookie(b string) (*SessionCookie, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL