Merge 4615c6a7f4 into d029e451cf
This commit is contained in:
Sam Frances
GitHub
commit
98cbb89738
|
|
@ -0,0 +1,90 @@
|
||||||
|
/*
|
||||||
|
* An auth plugin must be a function which returns a function conforing to the
|
||||||
|
* requirements of the `verifyClients` option on ws.WebSocket.Server.
|
||||||
|
*
|
||||||
|
* See: https://github.com/websockets/ws/blob/master/doc/ws.md
|
||||||
|
*
|
||||||
|
* If websockify is provided with an --auth-source argument, this will be
|
||||||
|
* passed to the auth plugin as its first argument.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
const querystring = require('querystring');
|
||||||
|
const fs = require('fs');
|
||||||
|
|
||||||
|
function urlTokenMatch(url, token, verbose=false) {
|
||||||
|
/**
|
||||||
|
* Parse the url path, extract the `token` querystring value, and check if
|
||||||
|
* it matches the token argument. If verbose is set to true, log messages
|
||||||
|
* are enabled.
|
||||||
|
*
|
||||||
|
* Args:
|
||||||
|
* url (string): the path section of the URL
|
||||||
|
* token (string): the token which the token provided in the URL should
|
||||||
|
* match
|
||||||
|
* verbose (boolean): If True, extra console.log messages will be output
|
||||||
|
*/
|
||||||
|
let splitUrl = url.split("?")
|
||||||
|
if (splitUrl.length !== 2) {
|
||||||
|
if (verbose) {
|
||||||
|
console.log("Permission denied. No token provided.");
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
let qs = splitUrl[1];
|
||||||
|
let qs_parsed = querystring.parse(qs);
|
||||||
|
let success = (qs_parsed.token === token);
|
||||||
|
if (verbose) {
|
||||||
|
if (!success) {
|
||||||
|
console.log("Permission denied for token: " + qs_parsed.token);
|
||||||
|
} else {
|
||||||
|
console.log("Permission granted for token: " + qs_parsed.token);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return success;
|
||||||
|
}
|
||||||
|
|
||||||
|
exports.tokenAuth = function tokenAuth(source) {
|
||||||
|
/**
|
||||||
|
* Authorisation plugin which validates the token query parameter against
|
||||||
|
* a token provided as the argument to the `--auth-source` command line
|
||||||
|
* argument.
|
||||||
|
*/
|
||||||
|
return function(info) {
|
||||||
|
let token = source;
|
||||||
|
return urlTokenMatch(info.req.url, token, true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
exports.tokenAuthEnv = function tokenAuthEnv(source) {
|
||||||
|
/**
|
||||||
|
* Authorisation plugin which validates the token query parameter against
|
||||||
|
* a token which is the value of an environment variable. The name of this
|
||||||
|
* environment variable is specified as the argument to the command line
|
||||||
|
* argument `--auth-source`
|
||||||
|
*/
|
||||||
|
return function(info) {
|
||||||
|
let token = process.env[source];
|
||||||
|
return urlTokenMatch(info.req.url, token, true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
exports.tokenAuthFile = function tokenEnvFile(source) {
|
||||||
|
/**
|
||||||
|
* Authorisation plugin which validates the token query parameter against a
|
||||||
|
* token which is contained in a text file, the path to which is specified
|
||||||
|
* as the value of the `--auth-source` command line argument
|
||||||
|
*/
|
||||||
|
return function(info, cb) {
|
||||||
|
fs.readFile(source, 'utf8', function(err, data) {
|
||||||
|
if (err) {
|
||||||
|
console.log(err);
|
||||||
|
cb(false);
|
||||||
|
} else {
|
||||||
|
let token = data.trim();
|
||||||
|
let success = urlTokenMatch(info.req.url, token, true);
|
||||||
|
cb(success);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -22,6 +22,7 @@ var argv = require('optimist').argv,
|
||||||
|
|
||||||
webServer, wsServer,
|
webServer, wsServer,
|
||||||
source_host, source_port, target_host, target_port,
|
source_host, source_port, target_host, target_port,
|
||||||
|
auth_plugin, websocket_server_opts,
|
||||||
web_path = null;
|
web_path = null;
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -140,7 +141,7 @@ try {
|
||||||
throw("illegal port");
|
throw("illegal port");
|
||||||
}
|
}
|
||||||
} catch(e) {
|
} catch(e) {
|
||||||
console.error("websockify.js [--web web_dir] [--cert cert.pem [--key key.pem]] [source_addr:]source_port target_addr:target_port");
|
console.error("websockify.js [--web web_dir] [--cert cert.pem [--key key.pem]] [--auth-plugin module.plugin [--auth-source auth_source]] [source_addr:]source_port target_addr:target_port");
|
||||||
process.exit(2);
|
process.exit(2);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -161,7 +162,23 @@ if (argv.cert) {
|
||||||
console.log(" - Running in unencrypted HTTP (ws://) mode");
|
console.log(" - Running in unencrypted HTTP (ws://) mode");
|
||||||
webServer = http.createServer(http_request);
|
webServer = http.createServer(http_request);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (argv["auth-plugin"]) {
|
||||||
|
let auth_plugin_arg = argv["auth-plugin"].split(".")
|
||||||
|
let plugin_name = auth_plugin_arg.pop();
|
||||||
|
let module_path = auth_plugin_arg.join(".");
|
||||||
|
|
||||||
|
let auth_plugin = require(module_path)[plugin_name];
|
||||||
|
let auth_source = argv["auth-source"] || undefined;
|
||||||
|
websocket_server_opts = {
|
||||||
|
server: webServer,
|
||||||
|
verifyClient: auth_plugin(auth_source)
|
||||||
|
};
|
||||||
|
} else {
|
||||||
|
websocket_server_opts = {server: webServer};
|
||||||
|
}
|
||||||
|
|
||||||
webServer.listen(source_port, function() {
|
webServer.listen(source_port, function() {
|
||||||
wsServer = new WebSocketServer({server: webServer});
|
wsServer = new WebSocketServer(websocket_server_opts);
|
||||||
wsServer.on('connection', new_client);
|
wsServer.on('connection', new_client);
|
||||||
});
|
});
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue