diff --git a/cmd/agent/sshauthorizedkeys.go b/cmd/agent/sshauthorizedkeys.go index d2b87d8..5f6ba57 100644 --- a/cmd/agent/sshauthorizedkeys.go +++ b/cmd/agent/sshauthorizedkeys.go @@ -29,7 +29,7 @@ func readSshPublicKeys(fileName string) ([]ssh.PublicKey, error) { } defer file.Close() - res := make([]ssh.PublicKey, 10) + res := make([]ssh.PublicKey, 0) scanner := bufio.NewScanner(file) for scanner.Scan() { lineText := scanner.Text() @@ -37,6 +37,7 @@ func readSshPublicKeys(fileName string) ([]ssh.PublicKey, error) { if ind >= 0 { lineText = lineText[:ind] } + log.Println("Reading public key " + lineText) lineText = strings.Trim(lineText, "") if lineText == "" { continue diff --git a/cmd/converge/convergeaccess.go b/cmd/converge/convergeaccess.go index 5cb1160..7a6227e 100644 --- a/cmd/converge/convergeaccess.go +++ b/cmd/converge/convergeaccess.go @@ -3,7 +3,6 @@ package main import ( "converge/pkg/models" "converge/pkg/server/converge" - "log" "net/http" "regexp" "strings" @@ -14,9 +13,7 @@ func getConvergeAccess(r *http.Request, sshRemoteUser string) models.ConvergeAcc pattern := regexp.MustCompile("^(.*)/usage$") matches := pattern.FindStringSubmatch(r.URL.Path) contextPath := "" - if len(matches) != 2 { - log.Printf("Cannot determine context path for %s, assumming it is empty", r.URL.Path) - } else { + if len(matches) == 2 { contextPath = matches[1] } diff --git a/cmd/converge/usage.go b/cmd/converge/usage.go index 8940851..8e89759 100644 --- a/cmd/converge/usage.go +++ b/cmd/converge/usage.go @@ -2,9 +2,12 @@ package main import ( "converge/pkg/server/templates" + "fmt" + "github.com/gliderlabs/ssh" "math/rand" "net/http" "os" + "regexp" "strconv" "strings" ) @@ -18,11 +21,12 @@ func generateCLIExammple(w http.ResponseWriter, r *http.Request) { ids := r.Form["rendez-vous-id"] id := "" if len(ids) > 0 { - id = ids[0] + id = strings.TrimSpace(ids[0]) } if id == "" { id = strconv.Itoa(rand.Int() % 1000000) } + remoteShells := r.Form["remote-shell"] localShells := r.Form["local-shell"] keysString := r.FormValue("ssh-keys") @@ -36,6 +40,29 @@ func generateCLIExammple(w http.ResponseWriter, r *http.Request) { access := getConvergeAccess(r, getAgentSshUser()) usageInputs := templates.NewUsageInputs(id, sshPublicKeys, remoteShells, localShells) + matched, _ := regexp.MatchString("^[a-zA-Z0-9-_]+$", id) + if !matched { + usageInputs.ErrorMessages = append(usageInputs.ErrorMessages, "ID may consist only of alphanumeric characters, '-', and '_'") + } + validPubKeys := 0 + for index, pubkey := range sshPublicKeys { + _, _, _, _, err := ssh.ParseAuthorizedKey([]byte(pubkey)) + if err != nil { + keysummary := pubkey + if len(pubkey) > 45 { + keysummary = keysummary[:20] + " ... " + keysummary[len(pubkey)-20:] + } + usageInputs.ErrorMessages = append(usageInputs.ErrorMessages, + fmt.Sprintf("ssh public key %d: %s: %s", index, keysummary, err.Error())) + } else { + validPubKeys++ + } + } + if validPubKeys == 0 { + usageInputs.ErrorMessages = append(usageInputs.ErrorMessages, + "No valid public keys configured, password authentication will be used which is less secure.") + } + err = templates.ShellUsage(access, usageInputs).Render(r.Context(), w) if err != nil { http.Error(w, err.Error(), 500) diff --git a/pkg/server/templates/usage.templ b/pkg/server/templates/usage.templ index 51e9f4d..1ea00ea 100644 --- a/pkg/server/templates/usage.templ +++ b/pkg/server/templates/usage.templ @@ -5,6 +5,13 @@ import "converge/pkg/models" templ AgentUsage(access models.ConvergeAccess, usageInputs UsageInputs) {
+ + for _, message := range usageInputs.ErrorMessages { + + } +

Downloading and running the agent

diff --git a/pkg/server/templates/usageinputs.go b/pkg/server/templates/usageinputs.go index 8b1ffaa..e6675ab 100644 --- a/pkg/server/templates/usageinputs.go +++ b/pkg/server/templates/usageinputs.go @@ -5,8 +5,10 @@ import ( ) type UsageInputs struct { - Id string - SshKeys []string + Id string + SshKeys []string + ErrorMessages []string + RemoteShells map[string]bool LocalShells map[string]bool } @@ -43,3 +45,10 @@ func addSshKeys(shell string, keys []string) string { } return res + " " } + +func formControlTextClass(message string) string { + if message == "" { + return "form-control" + } + return "form-control is-invalid" +}