Documentation ¶
Overview ¶
Package web implements web proxy handler that provides web interface to view and connect to teleport nodes
Index ¶
- func ClearSession(w http.ResponseWriter) error
- func ConstructSSHResponse(response AuthParams) (*url.URL, error)
- func CreateSignupLink(token string) string
- func EncodeCookie(user, sid string) (string, error)
- func NewStaticFileSystem(debugMode bool) (http.FileSystem, error)
- func SetPlugin(p Plugin)
- func SetSession(w http.ResponseWriter, user, sid string) error
- type AuthParams
- type ClusterHandler
- type Config
- type ContextHandler
- type CreateSessionResponse
- type Handler
- func (h *Handler) AuthenticateRequest(w http.ResponseWriter, r *http.Request, checkBearerToken bool) (*SessionContext, error)
- func (h *Handler) Close() error
- func (h *Handler) GetProxyClient() auth.ClientI
- func (h *Handler) ProxyHostPort() string
- func (h *Handler) String() string
- func (h *Handler) WithAuth(fn ContextHandler) httprouter.Handle
- func (h *Handler) WithClusterAuth(fn ClusterHandler) httprouter.Handle
- type HandlerOption
- type NodeProvider
- type Plugin
- type ResourceMap
- type RewritingHandler
- type SessionContext
- func (c *SessionContext) AddClosers(closers ...io.Closer)
- func (c *SessionContext) Close() error
- func (c *SessionContext) ExtendWebSession() (services.WebSession, error)
- func (c *SessionContext) GetAgent() (auth.AgentCloser, error)
- func (c *SessionContext) GetClient() (*auth.TunClient, error)
- func (c *SessionContext) GetUser() string
- func (c *SessionContext) GetUserClient(site reversetunnel.RemoteSite) (auth.ClientI, error)
- func (c *SessionContext) GetWebSession() services.WebSession
- func (c *SessionContext) Invalidate() error
- func (c *SessionContext) RemoveCloser(closer io.Closer)
- func (c *SessionContext) TransferClosers() []io.Closer
- func (c *SessionContext) UpdateSessionTerminal(siteAPI auth.ClientI, namespace string, sessionID session.ID, ...) error
- type SessionCookie
- type TerminalHandler
- type TerminalRequest
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ClearSession ¶ added in v1.0.0
func ClearSession(w http.ResponseWriter) error
func ConstructSSHResponse ¶ added in v1.0.0
func ConstructSSHResponse(response AuthParams) (*url.URL, error)
ConstructSSHResponse creates a special SSH response for SSH login method that encodes everything using the client's secret key
func CreateSignupLink ¶
CreateSignupLink generates and returns a URL which is given to a new user to complete registration with Teleport via Web UI
func EncodeCookie ¶
func NewStaticFileSystem ¶ added in v1.2.6
func NewStaticFileSystem(debugMode bool) (http.FileSystem, error)
NewStaticFileSystem returns the initialized implementation of http.FileSystem interface which can be used to serve Teleport Proxy Web UI
If 'debugMode' is true, it will load the web assets from the same git repo directory where the executable is, otherwise it will load them from the embedded zip archive.
func SetSession ¶ added in v1.0.0
func SetSession(w http.ResponseWriter, user, sid string) error
Types ¶
type AuthParams ¶
type AuthParams struct { // Username is authenticated teleport username Username string // Identity contains validated OIDC identity Identity services.ExternalIdentity // Web session will be generated by auth server if requested in OIDCAuthRequest Session services.WebSession // Cert will be generated by certificate authority Cert []byte // HostSigners is a list of signing host public keys // trusted by proxy, used in console login HostSigners []services.CertAuthority // ClientRedirectURL is a URL to redirect client to ClientRedirectURL string }
AuthParams are used to construct redirect URL containing auth information back to tsh login
type ClusterHandler ¶
type ClusterHandler func(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *SessionContext, site reversetunnel.RemoteSite) (interface{}, error)
ClusterHandler is a authenticated handler that is called for some existing remote cluster
type Config ¶ added in v1.0.0
type Config struct { // Proxy is a reverse tunnel proxy that handles connections // to various sites Proxy reversetunnel.Server // AuthServers is a list of auth servers this proxy talks to AuthServers utils.NetAddr // DomainName is a domain name served by web handler DomainName string // ProxyClient is a client that authenticated as proxy ProxyClient auth.ClientI // DisableUI allows to turn off serving web based UI DisableUI bool // ProxySSHAddr points to the SSH address of the proxy ProxySSHAddr utils.NetAddr // ProxyWebAddr points to the web (HTTPS) address of the proxy ProxyWebAddr utils.NetAddr }
Config represents web handler configuration parameters
type ContextHandler ¶
type ContextHandler func(w http.ResponseWriter, r *http.Request, p httprouter.Params, ctx *SessionContext) (interface{}, error)
ContextHandler is a handler called with the auth context, what means it is authenticated and ready to work
type CreateSessionResponse ¶ added in v1.0.0
type CreateSessionResponse struct { // Type is token type (bearer) Type string `json:"type"` // Token value Token string `json:"token"` // ExpiresIn sets seconds before this token is not valid ExpiresIn int `json:"expires_in"` }
CreateSessionResponse returns OAuth compabible data about access token: https://tools.ietf.org/html/rfc6749
func NewSessionResponse ¶ added in v1.0.0
func NewSessionResponse(ctx *SessionContext) (*CreateSessionResponse, error)
type Handler ¶ added in v1.0.0
type Handler struct { sync.Mutex httprouter.Router // contains filtered or unexported fields }
Handler is HTTP web proxy handler
func (*Handler) AuthenticateRequest ¶ added in v1.0.0
func (h *Handler) AuthenticateRequest(w http.ResponseWriter, r *http.Request, checkBearerToken bool) (*SessionContext, error)
AuthenticateRequest authenticates request using combination of a session cookie and bearer token
func (*Handler) GetProxyClient ¶
GetProxyClient returns authenticated auth server client
func (*Handler) ProxyHostPort ¶
ProxyHostPort returns the address of the proxy server using --proxy notation, i.e. "localhost:8030,8023"
func (*Handler) WithAuth ¶
func (h *Handler) WithAuth(fn ContextHandler) httprouter.Handle
WithAuth ensures that request is authenticated
func (*Handler) WithClusterAuth ¶
func (h *Handler) WithClusterAuth(fn ClusterHandler) httprouter.Handle
WithClusterAuth ensures that request is authenticated and is issued for existing cluster
type HandlerOption ¶ added in v1.0.0
HandlerOption is a functional argument - an option that can be passed to NewHandler function
func SetSessionStreamPollPeriod ¶ added in v1.0.0
func SetSessionStreamPollPeriod(period time.Duration) HandlerOption
SetSessionStreamPollPeriod sets polling period for session streams
type NodeProvider ¶
NodeProvider is a provider of nodes for namespace
type Plugin ¶
type Plugin interface { // AddHandlers adds handlers to the web API handler AddHandlers(h *Handler) }
Plugin is API Server extension setter if set, it will add handler methods during web handler initialization
type ResourceMap ¶ added in v1.2.6
type RewritingHandler ¶
func NewHandler ¶ added in v1.0.0
func NewHandler(cfg Config, opts ...HandlerOption) (*RewritingHandler, error)
NewHandler returns a new instance of web proxy handler
func (*RewritingHandler) Close ¶
func (r *RewritingHandler) Close() error
func (*RewritingHandler) GetHandler ¶
func (r *RewritingHandler) GetHandler() *Handler
type SessionContext ¶ added in v1.0.0
SessionContext is a context associated with users' web session, it stores connected client that persists between requests for example to avoid connecting to the auth server on every page hit
func (*SessionContext) AddClosers ¶ added in v1.0.0
func (c *SessionContext) AddClosers(closers ...io.Closer)
func (*SessionContext) Close ¶ added in v1.0.0
func (c *SessionContext) Close() error
Close cleans up connections associated with requests
func (*SessionContext) ExtendWebSession ¶ added in v1.0.0
func (c *SessionContext) ExtendWebSession() (services.WebSession, error)
ExtendWebSession creates a new web session for this user based on the previous session
func (*SessionContext) GetAgent ¶ added in v1.0.0
func (c *SessionContext) GetAgent() (auth.AgentCloser, error)
GetAgent returns agent that can we used to answer challenges for the web to ssh connection
func (*SessionContext) GetClient ¶ added in v1.0.0
func (c *SessionContext) GetClient() (*auth.TunClient, error)
GetClient returns the client connected to the auth server
func (*SessionContext) GetUser ¶ added in v1.0.0
func (c *SessionContext) GetUser() string
GetUser returns the authenticated teleport user
func (*SessionContext) GetUserClient ¶
func (c *SessionContext) GetUserClient(site reversetunnel.RemoteSite) (auth.ClientI, error)
GetUserClient will return an auth.ClientI with the role of the user at the requested site. If the site is local a client with the users local role is returned. If the site is remote a client with the users remote role is returned.
func (*SessionContext) GetWebSession ¶ added in v1.0.0
func (c *SessionContext) GetWebSession() services.WebSession
GetWebSession returns a web session
func (*SessionContext) Invalidate ¶ added in v1.0.0
func (c *SessionContext) Invalidate() error
func (*SessionContext) RemoveCloser ¶
func (c *SessionContext) RemoveCloser(closer io.Closer)
func (*SessionContext) TransferClosers ¶ added in v1.0.0
func (c *SessionContext) TransferClosers() []io.Closer
func (*SessionContext) UpdateSessionTerminal ¶ added in v1.0.0
func (c *SessionContext) UpdateSessionTerminal( siteAPI auth.ClientI, namespace string, sessionID session.ID, params session.TerminalParams) error
UpdateSessionTerminal is called when a browser window is resized and we need to update PTY on the server side
type SessionCookie ¶ added in v1.0.0
SessionCookie stores information about active user and session
func DecodeCookie ¶
func DecodeCookie(b string) (*SessionCookie, error)
type TerminalHandler ¶
type TerminalHandler struct {
// contains filtered or unexported fields
}
TerminalHandler connects together an SSH session with a web-based terminal via a web socket.
func NewTerminal ¶
func NewTerminal(req TerminalRequest, provider NodeProvider, ctx *SessionContext) (*TerminalHandler, error)
newTerminal creates a web-based terminal based on WebSockets and returns a new TerminalHandler
func (*TerminalHandler) Close ¶
func (t *TerminalHandler) Close() error
func (*TerminalHandler) Run ¶
func (t *TerminalHandler) Run(w http.ResponseWriter, r *http.Request)
Run creates a new websocket connection to the SSH server and runs the "loop" piping the input/output of the SSH session into the js-based terminal.
type TerminalRequest ¶
type TerminalRequest struct { // Server describes a server to connect to (serverId|hostname[:port]) Server string `json:"server_id"` // User is linux username to connect as Login string `json:"login"` // Term sets PTY params like width and height Term session.TerminalParams `json:"term"` // SessionID is a teleport session ID to join as SessionID session.ID `json:"sid"` // Namespace is node namespace Namespace string `json:"namespace"` // Proxy server address ProxyHostPort string `json:"-"` // Remote cluster name Cluster string `json:"-"` // InteractiveCommand is a command to execute InteractiveCommand []string `json:"-"` }
TerminalRequest describes a request to crate a web-based terminal to a remote SSH server