Documentation ¶
Overview ¶
Package web implements web proxy handler that provides web interface to view and connect to teleport nodes
Index ¶
- Constants
- func ClearSession(w http.ResponseWriter) error
- func ConstructSSHResponse(response *auth.OIDCAuthResponse) (*url.URL, error)
- func CreateSignupLink(hostPort string, token string) string
- func EncodeCookie(user, sid string) (string, error)
- func Ping(proxyAddr string, insecure bool, pool *x509.CertPool) error
- func SetSession(w http.ResponseWriter, user, sid string) error
- type Config
- type CreateSessionResponse
- type Handler
- type HandlerOption
- type SSHLoginResponse
- func SSHAgentLogin(proxyAddr, user, password, hotpToken string, pubKey []byte, ttl time.Duration, ...) (*SSHLoginResponse, error)
- func SSHAgentLoginWithAES(proxyAddr, user, password, encrypted string, pubKey []byte, ttl time.Duration, ...) (*SSHLoginResponse, error)
- func SSHAgentOIDCLogin(proxyAddr, connectorID string, pubKey []byte, ttl time.Duration, insecure bool, ...) (*SSHLoginResponse, error)
- type Server
- type SessionContext
- func (c *SessionContext) AddClosers(closers ...io.Closer)
- func (c *SessionContext) Close() error
- func (c *SessionContext) ExtendWebSession() (*auth.Session, error)
- func (c *SessionContext) GetAgent() (auth.AgentCloser, error)
- func (c *SessionContext) GetClient() (auth.ClientI, error)
- func (c *SessionContext) GetUser() string
- func (c *SessionContext) GetWebSession() *auth.Session
- func (c *SessionContext) Invalidate() error
- func (c *SessionContext) TransferClosers() []io.Closer
- func (c *SessionContext) UpdateSessionTerminal(sessionID session.ID, params session.TerminalParams) error
- type SessionCookie
Constants ¶
const ( // HTTPS is https prefix HTTPS = "https" // WSS is secure web sockets prefix WSS = "wss" )
const APIVersion = "v1"
Version is a current webapi version
Variables ¶
This section is empty.
Functions ¶
func ClearSession ¶
func ClearSession(w http.ResponseWriter) error
func ConstructSSHResponse ¶
func ConstructSSHResponse(response *auth.OIDCAuthResponse) (*url.URL, error)
ConstructSSHResponse creates a special SSH response for SSH login method that encodes everything using the client's secret key
func CreateSignupLink ¶
CreateSignupLink generates and returns a URL which is given to a new user to complete registration with Teleport via Web UI
func EncodeCookie ¶
func Ping ¶
Ping is used to validate HTTPS endpoing of Teleport proxy. This leads to better user experience: they get connection errors before being asked for passwords
func SetSession ¶
func SetSession(w http.ResponseWriter, user, sid string) error
Types ¶
type Config ¶
type Config struct { // Proxy is a reverse tunnel proxy that handles connections // to various sites Proxy reversetunnel.Server // AssetsDir is a directory with web assets (js files, css files) AssetsDir string // AuthServers is a list of auth servers this proxy talks to AuthServers utils.NetAddr // DomainName is a domain name served by web handler DomainName string // ProxyClient is a client that authenticated as proxy ProxyClient auth.ClientI // DisableUI allows to turn off serving web based UI DisableUI bool }
Config represents web handler configuration parameters
type CreateSessionResponse ¶
type CreateSessionResponse struct { // Type is token type (bearer) Type string `json:"type"` // Token value Token string `json:"token"` // User represents the user User services.User `json:"user"` // ExpiresIn sets seconds before this token is not valid ExpiresIn int `json:"expires_in"` }
CreateSessionResponse returns OAuth compabible data about access token: https://tools.ietf.org/html/rfc6749
func NewSessionResponse ¶
func NewSessionResponse(ctx *SessionContext) (*CreateSessionResponse, error)
type Handler ¶
type Handler struct { sync.Mutex httprouter.Router // contains filtered or unexported fields }
Handler is HTTP web proxy handler
func NewHandler ¶
func NewHandler(cfg Config, opts ...HandlerOption) (*Handler, error)
NewHandler returns a new instance of web proxy handler
func NewPocketHandler ¶
func NewPocketHandler(cfg Config, opts ...HandlerOption) (*Handler, error)
NewHandler returns a new instance of web proxy handler
func (*Handler) AuthenticateRequest ¶
func (h *Handler) AuthenticateRequest(w http.ResponseWriter, r *http.Request, checkBearerToken bool) (*SessionContext, error)
authenticateRequest authenticates request using combination of a session cookie and bearer token
type HandlerOption ¶
HandlerOption is a functional argument - an option that can be passed to NewHandler function
func SetSessionStreamPollPeriod ¶
func SetSessionStreamPollPeriod(period time.Duration) HandlerOption
SetSessionStreamPollPeriod sets polling period for session streams
type SSHLoginResponse ¶
type SSHLoginResponse struct { // User contains a logged in user informationn Username string `json:"username"` // Cert is a signed certificate Cert []byte `json:"cert"` // HostSigners is a list of signing host public keys // trusted by proxy HostSigners []services.CertAuthority `json:"host_signers"` }
SSHLoginResponse is a response returned by web proxy
func SSHAgentLogin ¶
func SSHAgentLogin(proxyAddr, user, password, hotpToken string, pubKey []byte, ttl time.Duration, insecure bool, pool *x509.CertPool) (*SSHLoginResponse, error)
SSHAgentLogin issues call to web proxy and receives temp certificate if credentials are valid
proxyAddr must be specified as host:port
func SSHAgentLoginWithAES ¶
func SSHAgentLoginWithAES(proxyAddr, user, password, encrypted string, pubKey []byte, ttl time.Duration, insecure bool, pool *x509.CertPool) (*SSHLoginResponse, error)
SSHAgentLoginWithAES issues call to web proxy and receives temp certificate if credentials encrypted with live AES key are valid
proxyAddr must be specified as host:port
type SessionContext ¶
SessionContext is a context associated with users' web session, it stores connected client that persists between requests for example to avoid connecting to the auth server on every page hit
func (*SessionContext) AddClosers ¶
func (c *SessionContext) AddClosers(closers ...io.Closer)
func (*SessionContext) Close ¶
func (c *SessionContext) Close() error
Close cleans up connections associated with requests
func (*SessionContext) ExtendWebSession ¶
func (c *SessionContext) ExtendWebSession() (*auth.Session, error)
ExtendWebSession creates a new web session for this user based on the previous session
func (*SessionContext) GetAgent ¶
func (c *SessionContext) GetAgent() (auth.AgentCloser, error)
GetAgent returns agent that can we used to answer challenges for the web to ssh connection
func (*SessionContext) GetClient ¶
func (c *SessionContext) GetClient() (auth.ClientI, error)
GetClient returns the client connected to the auth server
func (*SessionContext) GetUser ¶
func (c *SessionContext) GetUser() string
GetUser returns the authenticated teleport user
func (*SessionContext) GetWebSession ¶
func (c *SessionContext) GetWebSession() *auth.Session
GetWebSession returns a web session
func (*SessionContext) Invalidate ¶
func (c *SessionContext) Invalidate() error
func (*SessionContext) TransferClosers ¶
func (c *SessionContext) TransferClosers() []io.Closer
func (*SessionContext) UpdateSessionTerminal ¶
func (c *SessionContext) UpdateSessionTerminal(sessionID session.ID, params session.TerminalParams) error
type SessionCookie ¶
SessionCookie stores information about active user and session
func DecodeCookie ¶
func DecodeCookie(b string) (*SessionCookie, error)