web

package
v0.0.0-...-8d1852a Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 14, 2022 License: Apache-2.0 Imports: 38 Imported by: 0

Documentation

Overview

Package web implements web proxy handler that provides web interface to view and connect to teleport nodes

Index

Constants

View Source
const (
	// HTTPS is https prefix
	HTTPS = "https"
	// WSS is secure web sockets prefix
	WSS = "wss"
)
View Source
const APIVersion = "v1"

Version is a current webapi version

Variables

This section is empty.

Functions

func ClearSession

func ClearSession(w http.ResponseWriter) error

func ConstructSSHResponse

func ConstructSSHResponse(response *auth.OIDCAuthResponse) (*url.URL, error)

ConstructSSHResponse creates a special SSH response for SSH login method that encodes everything using the client's secret key

func CreateSignupLink(hostPort string, token string) string

CreateSignupLink generates and returns a URL which is given to a new user to complete registration with Teleport via Web UI

func EncodeCookie

func EncodeCookie(user, sid string) (string, error)

func Ping

func Ping(proxyAddr string, insecure bool, pool *x509.CertPool) error

Ping is used to validate HTTPS endpoing of Teleport proxy. This leads to better user experience: they get connection errors before being asked for passwords

func SetSession

func SetSession(w http.ResponseWriter, user, sid string) error

Types

type Config

type Config struct {
	// Proxy is a reverse tunnel proxy that handles connections
	// to various sites
	Proxy reversetunnel.Server
	// AssetsDir is a directory with web assets (js files, css files)
	AssetsDir string
	// AuthServers is a list of auth servers this proxy talks to
	AuthServers utils.NetAddr
	// DomainName is a domain name served by web handler
	DomainName string
	// ProxyClient is a client that authenticated as proxy
	ProxyClient auth.ClientI
	// DisableUI allows to turn off serving web based UI
	DisableUI bool
}

Config represents web handler configuration parameters

type CreateSessionResponse

type CreateSessionResponse struct {
	// Type is token type (bearer)
	Type string `json:"type"`
	// Token value
	Token string `json:"token"`
	// User represents the user
	User services.User `json:"user"`
	// ExpiresIn sets seconds before this token is not valid
	ExpiresIn int `json:"expires_in"`
}

CreateSessionResponse returns OAuth compabible data about access token: https://tools.ietf.org/html/rfc6749

func NewSessionResponse

func NewSessionResponse(ctx *SessionContext) (*CreateSessionResponse, error)

type Handler

type Handler struct {
	sync.Mutex
	httprouter.Router
	// contains filtered or unexported fields
}

Handler is HTTP web proxy handler

func NewHandler

func NewHandler(cfg Config, opts ...HandlerOption) (*Handler, error)

NewHandler returns a new instance of web proxy handler

func NewPocketHandler

func NewPocketHandler(cfg Config, opts ...HandlerOption) (*Handler, error)

NewHandler returns a new instance of web proxy handler

func (*Handler) AuthenticateRequest

func (h *Handler) AuthenticateRequest(w http.ResponseWriter, r *http.Request, checkBearerToken bool) (*SessionContext, error)

authenticateRequest authenticates request using combination of a session cookie and bearer token

func (*Handler) Close

func (m *Handler) Close() error

Close closes associated session cache operations

func (*Handler) String

func (h *Handler) String() string

type HandlerOption

type HandlerOption func(h *Handler) error

HandlerOption is a functional argument - an option that can be passed to NewHandler function

func SetSessionStreamPollPeriod

func SetSessionStreamPollPeriod(period time.Duration) HandlerOption

SetSessionStreamPollPeriod sets polling period for session streams

type SSHLoginResponse

type SSHLoginResponse struct {
	// User contains a logged in user informationn
	Username string `json:"username"`
	// Cert is a signed certificate
	Cert []byte `json:"cert"`
	// HostSigners is a list of signing host public keys
	// trusted by proxy
	HostSigners []services.CertAuthority `json:"host_signers"`
}

SSHLoginResponse is a response returned by web proxy

func SSHAgentLogin

func SSHAgentLogin(proxyAddr, user, password, hotpToken string, pubKey []byte, ttl time.Duration, insecure bool, pool *x509.CertPool) (*SSHLoginResponse, error)

SSHAgentLogin issues call to web proxy and receives temp certificate if credentials are valid

proxyAddr must be specified as host:port

func SSHAgentLoginWithAES

func SSHAgentLoginWithAES(proxyAddr, user, password, encrypted string, pubKey []byte, ttl time.Duration, insecure bool, pool *x509.CertPool) (*SSHLoginResponse, error)

SSHAgentLoginWithAES issues call to web proxy and receives temp certificate if credentials encrypted with live AES key are valid

proxyAddr must be specified as host:port

func SSHAgentOIDCLogin

func SSHAgentOIDCLogin(proxyAddr, connectorID string, pubKey []byte, ttl time.Duration, insecure bool, pool *x509.CertPool) (*SSHLoginResponse, error)

SSHAgentOIDCLogin is used by SSH Agent to login using OpenID connect

type Server

type Server struct {
	http.Server
}

type SessionContext

type SessionContext struct {
	sync.Mutex
	*log.Entry
	// contains filtered or unexported fields
}

SessionContext is a context associated with users' web session, it stores connected client that persists between requests for example to avoid connecting to the auth server on every page hit

func (*SessionContext) AddClosers

func (c *SessionContext) AddClosers(closers ...io.Closer)

func (*SessionContext) Close

func (c *SessionContext) Close() error

Close cleans up connections associated with requests

func (*SessionContext) ExtendWebSession

func (c *SessionContext) ExtendWebSession() (*auth.Session, error)

ExtendWebSession creates a new web session for this user based on the previous session

func (*SessionContext) GetAgent

func (c *SessionContext) GetAgent() (auth.AgentCloser, error)

GetAgent returns agent that can we used to answer challenges for the web to ssh connection

func (*SessionContext) GetClient

func (c *SessionContext) GetClient() (auth.ClientI, error)

GetClient returns the client connected to the auth server

func (*SessionContext) GetUser

func (c *SessionContext) GetUser() string

GetUser returns the authenticated teleport user

func (*SessionContext) GetWebSession

func (c *SessionContext) GetWebSession() *auth.Session

GetWebSession returns a web session

func (*SessionContext) Invalidate

func (c *SessionContext) Invalidate() error

func (*SessionContext) TransferClosers

func (c *SessionContext) TransferClosers() []io.Closer

func (*SessionContext) UpdateSessionTerminal

func (c *SessionContext) UpdateSessionTerminal(sessionID session.ID, params session.TerminalParams) error

type SessionCookie

type SessionCookie struct {
	User string `json:"user"`
	SID  string `json:"sid"`
}

SessionCookie stores information about active user and session

func DecodeCookie

func DecodeCookie(b string) (*SessionCookie, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL