Compare commits

...

1 Commits

4 changed files with 28 additions and 22 deletions
+6 -8
View File
@@ -74,7 +74,6 @@ var BuildTime = "0"
var GlobalLock = &sync.Mutex{}
var WSStateMap = make(map[string]*scws.WSState) // clientid -> WsState
var GlobalAuthKey string
var shutdownOnce sync.Once
var ContentTypeHeaderValidRe = regexp.MustCompile(`^\w+/[\w.+-]+$`)
@@ -140,7 +139,7 @@ func HandleWs(w http.ResponseWriter, r *http.Request) {
}
state := getWSState(clientId)
if state == nil {
state = scws.MakeWSState(clientId, GlobalAuthKey)
state = scws.MakeWSState(clientId, scbase.WaveAuthKey)
state.ReplaceShell(shell)
setWSState(state)
} else {
@@ -687,7 +686,7 @@ func AuthKeyMiddleWare(next http.Handler) http.Handler {
w.Write([]byte("no x-authkey header"))
return
}
if reqAuthKey != GlobalAuthKey {
if reqAuthKey != scbase.WaveAuthKey {
w.WriteHeader(500)
w.Write([]byte("x-authkey header is invalid"))
return
@@ -707,14 +706,14 @@ func AuthKeyWrapAllowHmac(fn WebFnType) WebFnType {
w.Write([]byte("no x-authkey header"))
return
}
hmacOk, err := promptenc.ValidateUrlHmac([]byte(GlobalAuthKey), r.URL.Path, qvals)
hmacOk, err := promptenc.ValidateUrlHmac([]byte(scbase.WaveAuthKey), r.URL.Path, qvals)
if err != nil || !hmacOk {
w.WriteHeader(500)
w.Write([]byte(fmt.Sprintf("error validating hmac")))
return
}
// fallthrough (hmac is valid)
} else if reqAuthKey != GlobalAuthKey {
} else if reqAuthKey != scbase.WaveAuthKey {
w.WriteHeader(500)
w.Write([]byte("x-authkey header is invalid"))
return
@@ -733,7 +732,7 @@ func AuthKeyWrap(fn WebFnType) WebFnType {
w.Write([]byte("no x-authkey header"))
return
}
if reqAuthKey != GlobalAuthKey {
if reqAuthKey != scbase.WaveAuthKey {
w.WriteHeader(500)
w.Write([]byte("x-authkey header is invalid"))
return
@@ -890,12 +889,11 @@ func main() {
}
return
}
authKey, err := scbase.ReadWaveAuthKey()
err = scbase.InitializeWaveAuthKey()
if err != nil {
log.Printf("[error] %v\n", err)
return
}
GlobalAuthKey = authKey
err = sstore.TryMigrateUp()
if err != nil {
log.Printf("[error] migrate up: %v\n", err)
+3 -2
View File
@@ -4861,11 +4861,12 @@ func ImageViewCommand(ctx context.Context, pk *scpacket.FeCommandPacketType) (sc
if pk.Args[0] == "" {
return nil, fmt.Errorf("%s argument cannot be empty", GetCmdStr(pk))
}
filePath := pk.Args[0]
ids, err := resolveUiIds(ctx, pk, R_Session|R_Screen|R_RemoteConnected)
if err != nil {
return nil, err
}
outputStr := fmt.Sprintf("%s %q", GetCmdStr(pk), pk.Args[0])
outputStr := fmt.Sprintf("%s %q", GetCmdStr(pk), filePath)
cmd, err := makeStaticCmd(ctx, GetCmdStr(pk), ids, pk.GetRawStr(), []byte(outputStr))
if err != nil {
// TODO tricky error since the command was a success, but we can't show the output
@@ -4874,7 +4875,7 @@ func ImageViewCommand(ctx context.Context, pk *scpacket.FeCommandPacketType) (sc
// set the line state
lineState := make(map[string]any)
lineState[sstore.LineState_Source] = "file"
lineState[sstore.LineState_File] = pk.Args[0]
lineState[sstore.LineState_File] = filePath
update, err := addLineForCmd(ctx, "/"+GetCmdStr(pk), false, ids, cmd, "image", lineState)
if err != nil {
// TODO tricky error since the command was a success, but we can't show the output
+2 -2
View File
@@ -12,7 +12,7 @@ import (
)
func ComputeUrlHmac(key []byte, baseUrl string, qvals url.Values) (string, error) {
if qvals.Has("nonce") {
if !qvals.Has("nonce") {
return "", fmt.Errorf("nonce is required for hmac")
}
if qvals.Has("hmac") {
@@ -37,7 +37,7 @@ func ValidateUrlHmac(key []byte, baseUrl string, qvalsOrig url.Values) (bool, er
qvals := copyUrlValues(qvalsOrig)
hmacStr := qvals.Get("hmac")
if hmacStr == "" {
return false, fmt.Errorf("no hmac key found"))
return false, fmt.Errorf("no hmac key found")
}
qvals.Del("hmac")
encStr := baseUrl + "?" + qvals.Encode()
+17 -10
View File
@@ -38,6 +38,9 @@ const WaveAppPathVarName = "WAVETERM_APP_PATH"
const WaveAuthKeyFileName = "waveterm.authkey"
const MShellVersion = "v0.5.0"
// initialized by InitialzeWaveAuthKey (called by main-server)
var WaveAuthKey string
var SessionDirCache = make(map[string]string)
var ScreenDirCache = make(map[string]string)
var BaseLock = &sync.Mutex{}
@@ -108,25 +111,28 @@ func MShellBinaryReader(version string, goos string, goarch string) (io.ReadClos
return fd, nil
}
func createWaveAuthKeyFile(fileName string) (string, error) {
// also sets WaveAuthKey
func createWaveAuthKeyFile(fileName string) error {
fd, err := os.OpenFile(fileName, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
return "", err
return err
}
defer fd.Close()
keyStr := GenWaveUUID()
_, err = fd.Write([]byte(keyStr))
if err != nil {
return "", err
return err
}
return keyStr, nil
WaveAuthKey = keyStr
return nil
}
func ReadWaveAuthKey() (string, error) {
// sets WaveAuthKey
func InitializeWaveAuthKey() error {
homeDir := GetWaveHomeDir()
err := ensureDir(homeDir)
if err != nil {
return "", fmt.Errorf("cannot find/create WAVETERM_HOME directory %q", homeDir)
return fmt.Errorf("cannot find/create WAVETERM_HOME directory %q", homeDir)
}
fileName := path.Join(homeDir, WaveAuthKeyFileName)
fd, err := os.Open(fileName)
@@ -134,19 +140,20 @@ func ReadWaveAuthKey() (string, error) {
return createWaveAuthKeyFile(fileName)
}
if err != nil {
return "", fmt.Errorf("error opening wave authkey:%s: %v", fileName, err)
return fmt.Errorf("error opening wave authkey:%s: %v", fileName, err)
}
defer fd.Close()
buf, err := io.ReadAll(fd)
if err != nil {
return "", fmt.Errorf("error reading wave authkey:%s: %v", fileName, err)
return fmt.Errorf("error reading wave authkey:%s: %v", fileName, err)
}
keyStr := string(buf)
_, err = uuid.Parse(keyStr)
if err != nil {
return "", fmt.Errorf("invalid authkey:%s format: %v", fileName, err)
return fmt.Errorf("invalid authkey:%s format: %v", fileName, err)
}
return keyStr, nil
WaveAuthKey = keyStr
return nil
}
func AcquireWaveLock() (*os.File, error) {