mirror of
https://github.com/wavetermdev/backup.git
synced 2026-04-22 15:26:58 -07:00
Compare commits
1 Commits
v0.7.2
...
sawka/fix-hmac
| Author | SHA1 | Date | |
|---|---|---|---|
| 14b10d0848 |
@@ -74,7 +74,6 @@ var BuildTime = "0"
|
||||
|
||||
var GlobalLock = &sync.Mutex{}
|
||||
var WSStateMap = make(map[string]*scws.WSState) // clientid -> WsState
|
||||
var GlobalAuthKey string
|
||||
var shutdownOnce sync.Once
|
||||
var ContentTypeHeaderValidRe = regexp.MustCompile(`^\w+/[\w.+-]+$`)
|
||||
|
||||
@@ -140,7 +139,7 @@ func HandleWs(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
state := getWSState(clientId)
|
||||
if state == nil {
|
||||
state = scws.MakeWSState(clientId, GlobalAuthKey)
|
||||
state = scws.MakeWSState(clientId, scbase.WaveAuthKey)
|
||||
state.ReplaceShell(shell)
|
||||
setWSState(state)
|
||||
} else {
|
||||
@@ -687,7 +686,7 @@ func AuthKeyMiddleWare(next http.Handler) http.Handler {
|
||||
w.Write([]byte("no x-authkey header"))
|
||||
return
|
||||
}
|
||||
if reqAuthKey != GlobalAuthKey {
|
||||
if reqAuthKey != scbase.WaveAuthKey {
|
||||
w.WriteHeader(500)
|
||||
w.Write([]byte("x-authkey header is invalid"))
|
||||
return
|
||||
@@ -707,14 +706,14 @@ func AuthKeyWrapAllowHmac(fn WebFnType) WebFnType {
|
||||
w.Write([]byte("no x-authkey header"))
|
||||
return
|
||||
}
|
||||
hmacOk, err := promptenc.ValidateUrlHmac([]byte(GlobalAuthKey), r.URL.Path, qvals)
|
||||
hmacOk, err := promptenc.ValidateUrlHmac([]byte(scbase.WaveAuthKey), r.URL.Path, qvals)
|
||||
if err != nil || !hmacOk {
|
||||
w.WriteHeader(500)
|
||||
w.Write([]byte(fmt.Sprintf("error validating hmac")))
|
||||
return
|
||||
}
|
||||
// fallthrough (hmac is valid)
|
||||
} else if reqAuthKey != GlobalAuthKey {
|
||||
} else if reqAuthKey != scbase.WaveAuthKey {
|
||||
w.WriteHeader(500)
|
||||
w.Write([]byte("x-authkey header is invalid"))
|
||||
return
|
||||
@@ -733,7 +732,7 @@ func AuthKeyWrap(fn WebFnType) WebFnType {
|
||||
w.Write([]byte("no x-authkey header"))
|
||||
return
|
||||
}
|
||||
if reqAuthKey != GlobalAuthKey {
|
||||
if reqAuthKey != scbase.WaveAuthKey {
|
||||
w.WriteHeader(500)
|
||||
w.Write([]byte("x-authkey header is invalid"))
|
||||
return
|
||||
@@ -890,12 +889,11 @@ func main() {
|
||||
}
|
||||
return
|
||||
}
|
||||
authKey, err := scbase.ReadWaveAuthKey()
|
||||
err = scbase.InitializeWaveAuthKey()
|
||||
if err != nil {
|
||||
log.Printf("[error] %v\n", err)
|
||||
return
|
||||
}
|
||||
GlobalAuthKey = authKey
|
||||
err = sstore.TryMigrateUp()
|
||||
if err != nil {
|
||||
log.Printf("[error] migrate up: %v\n", err)
|
||||
|
||||
@@ -4861,11 +4861,12 @@ func ImageViewCommand(ctx context.Context, pk *scpacket.FeCommandPacketType) (sc
|
||||
if pk.Args[0] == "" {
|
||||
return nil, fmt.Errorf("%s argument cannot be empty", GetCmdStr(pk))
|
||||
}
|
||||
filePath := pk.Args[0]
|
||||
ids, err := resolveUiIds(ctx, pk, R_Session|R_Screen|R_RemoteConnected)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
outputStr := fmt.Sprintf("%s %q", GetCmdStr(pk), pk.Args[0])
|
||||
outputStr := fmt.Sprintf("%s %q", GetCmdStr(pk), filePath)
|
||||
cmd, err := makeStaticCmd(ctx, GetCmdStr(pk), ids, pk.GetRawStr(), []byte(outputStr))
|
||||
if err != nil {
|
||||
// TODO tricky error since the command was a success, but we can't show the output
|
||||
@@ -4874,7 +4875,7 @@ func ImageViewCommand(ctx context.Context, pk *scpacket.FeCommandPacketType) (sc
|
||||
// set the line state
|
||||
lineState := make(map[string]any)
|
||||
lineState[sstore.LineState_Source] = "file"
|
||||
lineState[sstore.LineState_File] = pk.Args[0]
|
||||
lineState[sstore.LineState_File] = filePath
|
||||
update, err := addLineForCmd(ctx, "/"+GetCmdStr(pk), false, ids, cmd, "image", lineState)
|
||||
if err != nil {
|
||||
// TODO tricky error since the command was a success, but we can't show the output
|
||||
|
||||
@@ -12,7 +12,7 @@ import (
|
||||
)
|
||||
|
||||
func ComputeUrlHmac(key []byte, baseUrl string, qvals url.Values) (string, error) {
|
||||
if qvals.Has("nonce") {
|
||||
if !qvals.Has("nonce") {
|
||||
return "", fmt.Errorf("nonce is required for hmac")
|
||||
}
|
||||
if qvals.Has("hmac") {
|
||||
@@ -37,7 +37,7 @@ func ValidateUrlHmac(key []byte, baseUrl string, qvalsOrig url.Values) (bool, er
|
||||
qvals := copyUrlValues(qvalsOrig)
|
||||
hmacStr := qvals.Get("hmac")
|
||||
if hmacStr == "" {
|
||||
return false, fmt.Errorf("no hmac key found"))
|
||||
return false, fmt.Errorf("no hmac key found")
|
||||
}
|
||||
qvals.Del("hmac")
|
||||
encStr := baseUrl + "?" + qvals.Encode()
|
||||
|
||||
@@ -38,6 +38,9 @@ const WaveAppPathVarName = "WAVETERM_APP_PATH"
|
||||
const WaveAuthKeyFileName = "waveterm.authkey"
|
||||
const MShellVersion = "v0.5.0"
|
||||
|
||||
// initialized by InitialzeWaveAuthKey (called by main-server)
|
||||
var WaveAuthKey string
|
||||
|
||||
var SessionDirCache = make(map[string]string)
|
||||
var ScreenDirCache = make(map[string]string)
|
||||
var BaseLock = &sync.Mutex{}
|
||||
@@ -108,25 +111,28 @@ func MShellBinaryReader(version string, goos string, goarch string) (io.ReadClos
|
||||
return fd, nil
|
||||
}
|
||||
|
||||
func createWaveAuthKeyFile(fileName string) (string, error) {
|
||||
// also sets WaveAuthKey
|
||||
func createWaveAuthKeyFile(fileName string) error {
|
||||
fd, err := os.OpenFile(fileName, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
|
||||
if err != nil {
|
||||
return "", err
|
||||
return err
|
||||
}
|
||||
defer fd.Close()
|
||||
keyStr := GenWaveUUID()
|
||||
_, err = fd.Write([]byte(keyStr))
|
||||
if err != nil {
|
||||
return "", err
|
||||
return err
|
||||
}
|
||||
return keyStr, nil
|
||||
WaveAuthKey = keyStr
|
||||
return nil
|
||||
}
|
||||
|
||||
func ReadWaveAuthKey() (string, error) {
|
||||
// sets WaveAuthKey
|
||||
func InitializeWaveAuthKey() error {
|
||||
homeDir := GetWaveHomeDir()
|
||||
err := ensureDir(homeDir)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("cannot find/create WAVETERM_HOME directory %q", homeDir)
|
||||
return fmt.Errorf("cannot find/create WAVETERM_HOME directory %q", homeDir)
|
||||
}
|
||||
fileName := path.Join(homeDir, WaveAuthKeyFileName)
|
||||
fd, err := os.Open(fileName)
|
||||
@@ -134,19 +140,20 @@ func ReadWaveAuthKey() (string, error) {
|
||||
return createWaveAuthKeyFile(fileName)
|
||||
}
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("error opening wave authkey:%s: %v", fileName, err)
|
||||
return fmt.Errorf("error opening wave authkey:%s: %v", fileName, err)
|
||||
}
|
||||
defer fd.Close()
|
||||
buf, err := io.ReadAll(fd)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("error reading wave authkey:%s: %v", fileName, err)
|
||||
return fmt.Errorf("error reading wave authkey:%s: %v", fileName, err)
|
||||
}
|
||||
keyStr := string(buf)
|
||||
_, err = uuid.Parse(keyStr)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("invalid authkey:%s format: %v", fileName, err)
|
||||
return fmt.Errorf("invalid authkey:%s format: %v", fileName, err)
|
||||
}
|
||||
return keyStr, nil
|
||||
WaveAuthKey = keyStr
|
||||
return nil
|
||||
}
|
||||
|
||||
func AcquireWaveLock() (*os.File, error) {
|
||||
|
||||
Reference in New Issue
Block a user