in the middle of the work for authentication
This commit is contained in:
71
nodejs/authentication/index.js
Normal file
71
nodejs/authentication/index.js
Normal file
@@ -0,0 +1,71 @@
|
|||||||
|
module.exports = function(config) {
|
||||||
|
|
||||||
|
const crypto = require('crypto');
|
||||||
|
const password = crypto.randomBytes(256);
|
||||||
|
var cookie = require('cookie-encryption');
|
||||||
|
// const cipher = crypto.createCipher('aes256', password);
|
||||||
|
// const decipher = crypto.createDecipher('aes256', password);
|
||||||
|
// var encrypted = cipher.update(JSON.stringify(user), 'utf8', 'base64')
|
||||||
|
// + cipher.final('base64');
|
||||||
|
// console.log("encrypted", encrypted);
|
||||||
|
// var decrypted = decipher.update(encrypted, 'base64', 'utf8') + decipher.final('utf8');
|
||||||
|
// console.log("decrypted", decrypted);
|
||||||
|
|
||||||
|
var authentication = function (req, res, next) {
|
||||||
|
return next();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (config) {
|
||||||
|
|
||||||
|
var cipher = config.cookies && config.cookies.cipher ? config.cookies.cipher : "aes256";
|
||||||
|
|
||||||
|
authentication = function (req, res, next) {
|
||||||
|
|
||||||
|
function unauthorized(res) {
|
||||||
|
res.setHeader('WWW-Authenticate', 'Basic realm=Authorization Required');
|
||||||
|
res.status(401).send('Not logged in. <a href="/">Login</a>');
|
||||||
|
};
|
||||||
|
|
||||||
|
var user = require('basic-auth')(req);
|
||||||
|
var vault = cookie('credentials');
|
||||||
|
|
||||||
|
if (!user || !user.name || !user.pass) {
|
||||||
|
return unauthorized(res);
|
||||||
|
};
|
||||||
|
|
||||||
|
if (config.passwords && config.passwords[user.name]) {
|
||||||
|
if (crypto.getHashes().indexOf(config.passwords[user.name][0])>=0) {
|
||||||
|
if (crypto.createHash(config.passwords[user.name][0])
|
||||||
|
.update(user.pass, 'utf8').digest('hex') === config.passwords[user.name][1]) {
|
||||||
|
return next();
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
console.log("**** HASH NOT FOUND ****");
|
||||||
|
console.log(config.passwords[user.name][0]);
|
||||||
|
console.log(crypto.getHashes());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (config.ldap) try {
|
||||||
|
var LdapAuth = require('ldapauth');
|
||||||
|
var auth = new LdapAuth(config.ldap);
|
||||||
|
auth.authenticate(user.name, user.pass, function(err, usr) {
|
||||||
|
auth.close(function(err) {})
|
||||||
|
if (err) {
|
||||||
|
console.log("**** ERROR: LDAP Authentication failed:", err);
|
||||||
|
return unauthorized(res);
|
||||||
|
}
|
||||||
|
console.log("**** SUCCESS: LDAP Authentication:");
|
||||||
|
return next();
|
||||||
|
});
|
||||||
|
return; // need to block here!
|
||||||
|
} catch (e) {
|
||||||
|
console.log("**** Error: LDAP failed: ", e, e.stack);
|
||||||
|
}
|
||||||
|
return unauthorized(res);
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
return authentication;
|
||||||
|
|
||||||
|
}
|
@@ -1,3 +1,23 @@
|
|||||||
{
|
{
|
||||||
"port": 8888
|
"port": 8888,
|
||||||
|
"restrict": {
|
||||||
|
"cookies": {
|
||||||
|
"cipher": "aes256"
|
||||||
|
},
|
||||||
|
"passwords": {
|
||||||
|
"marc": ["sha256", "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"],
|
||||||
|
"foo": ["sha256", "fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9"]
|
||||||
|
},
|
||||||
|
"ldap": {
|
||||||
|
"tlsOptions": {
|
||||||
|
"requestCert": false,
|
||||||
|
"rejectUnauthorized": false
|
||||||
|
},
|
||||||
|
"url": "ldap://dev.marc.waeckerlin.org",
|
||||||
|
"adminDn": "cn=tmp,ou=system,ou=people,dc=dev,dc=marc,dc=waeckerlin,dc=org",
|
||||||
|
"adminPassword": "dGg7benUnZ9z",
|
||||||
|
"searchBase": "ou=person,ou=people,dc=dev,dc=marc,dc=waeckerlin,dc=org",
|
||||||
|
"searchFilter": "(uid={{username}})"
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@@ -2,14 +2,6 @@
|
|||||||
"name": "@PACKAGE_NAME@",
|
"name": "@PACKAGE_NAME@",
|
||||||
"version": "@PACKAGE_VERSION@",
|
"version": "@PACKAGE_VERSION@",
|
||||||
"private": true,
|
"private": true,
|
||||||
"dependencies": {
|
|
||||||
"express": "~2.5.8",
|
|
||||||
"stylus": "~0.53.0",
|
|
||||||
"ejs": ">= 0.0.1",
|
|
||||||
"socket.io": "~1.4.4",
|
|
||||||
"pty.js": "~0.3.0",
|
|
||||||
"async": "~1.5.2"
|
|
||||||
},
|
|
||||||
"description": "Docker as a Service",
|
"description": "Docker as a Service",
|
||||||
"main": "servicedock.js",
|
"main": "servicedock.js",
|
||||||
"devDependencies": {},
|
"devDependencies": {},
|
||||||
@@ -26,5 +18,16 @@
|
|||||||
"log": "@LOCALSTATEDIR@/log/@PACKAGE_NAME@.log",
|
"log": "@LOCALSTATEDIR@/log/@PACKAGE_NAME@.log",
|
||||||
"config": "@SYSCONFDIR@/@PACKAGE_NAME@.json",
|
"config": "@SYSCONFDIR@/@PACKAGE_NAME@.json",
|
||||||
"nodejs": "@PKGDATADIR@/nodejs"
|
"nodejs": "@PKGDATADIR@/nodejs"
|
||||||
|
},
|
||||||
|
"dependencies": {
|
||||||
|
"express": "~2.5.8",
|
||||||
|
"stylus": "~0.53.0",
|
||||||
|
"ejs": ">= 0.0.1",
|
||||||
|
"socket.io": "~1.4.4",
|
||||||
|
"pty.js": "~0.3.0",
|
||||||
|
"async": "~1.5.2",
|
||||||
|
"basic-auth": "~1.0.3",
|
||||||
|
"ldapauth": "~2.2.4",
|
||||||
|
"cookie-encryption": "~1.4.2"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@@ -8,7 +8,7 @@
|
|||||||
// 1 2 3 4 5 6 7 8
|
// 1 2 3 4 5 6 7 8
|
||||||
// 45678901234567890123456789012345678901234567890123456789012345678901234567890
|
// 45678901234567890123456789012345678901234567890123456789012345678901234567890
|
||||||
|
|
||||||
var socket = io.connect();
|
var socket = null;
|
||||||
var focused = null;
|
var focused = null;
|
||||||
|
|
||||||
var docker = new Docker();
|
var docker = new Docker();
|
||||||
@@ -597,6 +597,12 @@ function initForms() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function init() {
|
function init() {
|
||||||
|
$("#logout").attr("href",
|
||||||
|
window.location.protocol+"//X:X@"
|
||||||
|
+window.location.hostname
|
||||||
|
+(window.location.port?":":"")+window.location.port
|
||||||
|
+window.location.pathname);
|
||||||
|
socket = io.connect();
|
||||||
socket.io
|
socket.io
|
||||||
.on("connect", connected)
|
.on("connect", connected)
|
||||||
.on("reconnect", connected)
|
.on("reconnect", connected)
|
||||||
|
@@ -1,4 +1,3 @@
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* GET home page.
|
* GET home page.
|
||||||
*/
|
*/
|
||||||
|
@@ -1,3 +1,11 @@
|
|||||||
|
try {
|
||||||
|
|
||||||
|
process.on('uncaughtException', function(e) {
|
||||||
|
console.log("**** UNCAUGHT EXCEPTION ****");
|
||||||
|
console.log(e);
|
||||||
|
console.log(e.stack);
|
||||||
|
process.exit(1);
|
||||||
|
});
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Module dependencies.
|
* Module dependencies.
|
||||||
@@ -12,6 +20,7 @@ var sockets = require(__dirname+'/sockets')(io);
|
|||||||
var package = require(__dirname+'/package.json');
|
var package = require(__dirname+'/package.json');
|
||||||
var config = require(package.path.config);
|
var config = require(package.path.config);
|
||||||
var docker = require(__dirname+'/docker')(app);
|
var docker = require(__dirname+'/docker')(app);
|
||||||
|
var authentication = require(__dirname+'/authentication')(config.restrict);
|
||||||
|
|
||||||
// Configuration
|
// Configuration
|
||||||
process.argv.forEach(function(val, index) {
|
process.argv.forEach(function(val, index) {
|
||||||
@@ -46,10 +55,15 @@ app.configure('production', function(){
|
|||||||
});
|
});
|
||||||
|
|
||||||
// Routes
|
// Routes
|
||||||
|
app.get('/', authentication, routes.index);
|
||||||
app.get('/', routes.index);
|
|
||||||
|
|
||||||
app.listen(config.port, function() {
|
app.listen(config.port, function() {
|
||||||
console.log("Express server listening on port %d in %s mode",
|
console.log("Express server listening on port %d in %s mode",
|
||||||
app.address().port, app.settings.env);
|
app.address().port, app.settings.env);
|
||||||
});
|
});
|
||||||
|
} catch (e) {
|
||||||
|
console.log("**** EXCEPTION ****");
|
||||||
|
console.log(e);
|
||||||
|
console.log(e.stack);
|
||||||
|
process.exit(1);
|
||||||
|
}
|
||||||
|
@@ -13,8 +13,12 @@ module.exports = function(io) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function exec(cmd, callback) {
|
function exec(cmd, callback) {
|
||||||
|
if (cmd.length>40) {
|
||||||
|
console.log("== "+cmd.slice(0, 30+cmd.slice(30).indexOf(' '))+" ...");
|
||||||
|
} else {
|
||||||
console.log("== "+cmd);
|
console.log("== "+cmd);
|
||||||
proc.exec(cmd, callback);
|
}
|
||||||
|
proc.exec(cmd, {maxBuffer: 10*1024*1024}, callback);
|
||||||
}
|
}
|
||||||
|
|
||||||
function fail(txt, data) {
|
function fail(txt, data) {
|
||||||
@@ -68,7 +72,8 @@ module.exports = function(io) {
|
|||||||
return fail("list docker images failed", {
|
return fail("list docker images failed", {
|
||||||
error: error, stderr: stderr, stdout: stdout
|
error: error, stderr: stderr, stdout: stdout
|
||||||
});
|
});
|
||||||
exec("docker inspect "+stdout.trim().replace(/\n/g, " "), imageinspect);
|
exec("docker inspect "+stdout.trim().replace(/\n/g, " "),
|
||||||
|
imageinspect);
|
||||||
}
|
}
|
||||||
|
|
||||||
function updateimages(error, stdout, stderr) {
|
function updateimages(error, stdout, stderr) {
|
||||||
@@ -81,7 +86,7 @@ module.exports = function(io) {
|
|||||||
|
|
||||||
function connection(socket) {
|
function connection(socket) {
|
||||||
|
|
||||||
console.log("new client");
|
console.log("new connection");
|
||||||
|
|
||||||
function emit(signal, data, info) {
|
function emit(signal, data, info) {
|
||||||
if (typeof data == 'string' && !data.match("\n")) {
|
if (typeof data == 'string' && !data.match("\n")) {
|
||||||
|
@@ -31,6 +31,7 @@
|
|||||||
<ul id="menu" style="display: none" onmouseleave="$('#menu').hide();">
|
<ul id="menu" style="display: none" onmouseleave="$('#menu').hide();">
|
||||||
<li onclick="$('#menu').hide(); showCreate()">Create</li>
|
<li onclick="$('#menu').hide(); showCreate()">Create</li>
|
||||||
<li><label for="upload">Upload</label><input autocomplete="off" type="file" accept="*.json" id="upload"/></li>
|
<li><label for="upload">Upload</label><input autocomplete="off" type="file" accept="*.json" id="upload"/></li>
|
||||||
|
<li><a id="logout" href="">Logout</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
$(function() {
|
$(function() {
|
||||||
|
129
scripts/docker-backup.sh
Executable file
129
scripts/docker-backup.sh
Executable file
@@ -0,0 +1,129 @@
|
|||||||
|
#!/bin/bash -e
|
||||||
|
|
||||||
|
function get-volumes() {
|
||||||
|
local vols=""
|
||||||
|
for vol in ${*}; do
|
||||||
|
local vf=$(docker inspect -f '{{.HostConfig.VolumesFrom}}' ${vol} | sed -n 's,^\[\(.*\)\]$,\1,p')
|
||||||
|
if test -n "$vf"; then
|
||||||
|
vols+=" "$(get-volumes $vf)
|
||||||
|
fi
|
||||||
|
vols+=" "$(docker inspect -f '{{.Config.Volumes}}' ${vol} | sed -n 's,^map\[\(.*\)\]$,\1,p' | sed 's,:[^ ]*,,g')
|
||||||
|
done
|
||||||
|
echo ${vols} | tr '[ ]' '[\n]' | sort | uniq | tr '[\n]' '[ ]'
|
||||||
|
}
|
||||||
|
|
||||||
|
backup=""
|
||||||
|
volumes=""
|
||||||
|
infile=""
|
||||||
|
tofile=""
|
||||||
|
toserver=""
|
||||||
|
tocontainer=""
|
||||||
|
while test $# -gt 0; do
|
||||||
|
case "$1" in
|
||||||
|
(-h|--help)
|
||||||
|
cat <<EOF
|
||||||
|
$0 -b [OPTIONS]
|
||||||
|
|
||||||
|
OPTIONS:
|
||||||
|
-b, --backup <container> name of the docker container to backup
|
||||||
|
-v, --volume <volume> add volume path to backup from container
|
||||||
|
-a, --auto automatically detect volumes to backup from container
|
||||||
|
-i, --in-file <file> take already existing backup file to import
|
||||||
|
-s, --to-server <server> copy backup to docker instance on ssh server
|
||||||
|
-c, --to-container <container> write backup into container on ssh server
|
||||||
|
-o, --to-file <file> write backup to file
|
||||||
|
|
||||||
|
DESCRIPTION:
|
||||||
|
|
||||||
|
Take docker backups and copy them to a file or restore them into a
|
||||||
|
docker instance on an ssh target server.
|
||||||
|
|
||||||
|
Note: Use ssh key exchange to prevent password query.
|
||||||
|
Note: Only volume paths are backed-up correctly
|
||||||
|
|
||||||
|
EXAMPLE:
|
||||||
|
|
||||||
|
$0 -b wordpress -a -o /tmp/wordpress.bak.tar.bz2
|
||||||
|
$0 -i /tmp/wordpress.bak.tar.bz2 -c wordpress
|
||||||
|
$0 -b backup-test -a -s server -c backup-test
|
||||||
|
|
||||||
|
EOF
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
(-b|--backup)
|
||||||
|
shift
|
||||||
|
backup="$1"
|
||||||
|
;;
|
||||||
|
(-i|--in-file)
|
||||||
|
shift
|
||||||
|
infile="$1"
|
||||||
|
;;
|
||||||
|
(-o|--to-file)
|
||||||
|
shift
|
||||||
|
tofile="$1"
|
||||||
|
;;
|
||||||
|
(-s|--to-server)
|
||||||
|
shift
|
||||||
|
toserver="$1"
|
||||||
|
;;
|
||||||
|
(-c|--to-container)
|
||||||
|
shift
|
||||||
|
tocontainer="$1"
|
||||||
|
;;
|
||||||
|
(-a|--auto)
|
||||||
|
if test -z "$backup"; then
|
||||||
|
echo "**** Error: --auto first requires --backup, try $0 --help" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
volumes+=" "$(get-volumes $backup)
|
||||||
|
;;
|
||||||
|
(-v|--volume)
|
||||||
|
shift
|
||||||
|
volumes+=("$1")
|
||||||
|
;;
|
||||||
|
(*)
|
||||||
|
echo "**** Error: unknown argument $1, try $0 --help" 1>&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
if test $# -eq 0; then
|
||||||
|
echo "**** Error: missing argument, try $0 --help" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
|
||||||
|
if test -n "$backup"; then
|
||||||
|
if test -z "${volumes}"; then
|
||||||
|
echo "**** Error: no volumes to backup, try $0 --help" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
elif test -z "$infile"; then
|
||||||
|
echo "**** Error: no input source specified, try $0 --help" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if test -n "$toserver"; then
|
||||||
|
if test -z "$tocontainer"; then
|
||||||
|
echo "**** Error: no target container specified, try $0 --help" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
elif test -z "$tofile" -a -z "$tocontainer";then
|
||||||
|
echo "**** Error: no target specified, try $0 --help" 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
(
|
||||||
|
if test -n "$backup"; then
|
||||||
|
docker run --rm -i -w / --volumes-from $backup ubuntu tar cjP ${volumes}
|
||||||
|
elif test -n "$infile"; then
|
||||||
|
cat "$infile"
|
||||||
|
fi
|
||||||
|
) | (
|
||||||
|
if test -n "$toserver"; then
|
||||||
|
ssh $toserver docker run --rm -i -w / --volumes-from $tocontainer ubuntu tar xjP
|
||||||
|
elif test -n "$tocontainer"; then
|
||||||
|
docker run --rm -i -w / --volumes-from $tocontainer ubuntu tar xjP
|
||||||
|
elif test -n "$tofile";then
|
||||||
|
cat > "$tofile"
|
||||||
|
fi
|
||||||
|
)
|
Reference in New Issue
Block a user