webservices
/
servicedock
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

in the middle of the work for authentication

Browse Source
single-host
Marc Wäckerlin 9 years ago
parent bdaebcc92f
commit 82bb795b85
9 changed files with 334 additions and 86 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 71
      nodejs/authentication/index.js
  2. 22
      nodejs/etc/servicedock.json
  3. 19
      nodejs/package.json.in
  4. 8
      nodejs/public/javascripts/servicedock.js
  5. 1
      nodejs/routes/index.js
  6. 18
      nodejs/servicedock.js
  7. 11
      nodejs/sockets/index.js
  8. 1
      nodejs/views/index.ejs
  9. 129
      scripts/docker-backup.sh

71
nodejs/authentication/index.js
Unescape View File

@ -0,0 +1,71 @@
module.exports = function(config) {
const crypto = require('crypto');
const password = crypto.randomBytes(256);
var cookie = require('cookie-encryption');
// const cipher = crypto.createCipher('aes256', password);
// const decipher = crypto.createDecipher('aes256', password);
// var encrypted = cipher.update(JSON.stringify(user), 'utf8', 'base64')
// + cipher.final('base64');
// console.log("encrypted", encrypted);
// var decrypted = decipher.update(encrypted, 'base64', 'utf8') + decipher.final('utf8');
// console.log("decrypted", decrypted);
var authentication = function (req, res, next) {
return next();
}
if (config) {
var cipher = config.cookies && config.cookies.cipher ? config.cookies.cipher : "aes256";
authentication = function (req, res, next) {
function unauthorized(res) {
res.setHeader('WWW-Authenticate', 'Basic realm=Authorization Required');
res.status(401).send('Not logged in. <a href="/">Login</a>');
};
var user = require('basic-auth')(req);
var vault = cookie('credentials');
if (!user || !user.name || !user.pass) {
return unauthorized(res);
};
if (config.passwords && config.passwords[user.name]) {
if (crypto.getHashes().indexOf(config.passwords[user.name][0])>=0) {
if (crypto.createHash(config.passwords[user.name][0])
.update(user.pass, 'utf8').digest('hex') === config.passwords[user.name][1]) {
return next();
}
} else {
console.log("**** HASH NOT FOUND ****");
console.log(config.passwords[user.name][0]);
console.log(crypto.getHashes());
}
}
if (config.ldap) try {
var LdapAuth = require('ldapauth');
var auth = new LdapAuth(config.ldap);
auth.authenticate(user.name, user.pass, function(err, usr) {
auth.close(function(err) {})
if (err) {
console.log("**** ERROR: LDAP Authentication failed:", err);
return unauthorized(res);
}
console.log("**** SUCCESS: LDAP Authentication:");
return next();
});
return; // need to block here!
} catch (e) {
console.log("**** Error: LDAP failed: ", e, e.stack);
}
return unauthorized(res);
};
}
return authentication;
}

22
nodejs/etc/servicedock.json
Unescape View File

@ -1,3 +1,23 @@
{ {
"port": 8888 "port": 8888,
"restrict": {
"cookies": {
"cipher": "aes256"
},
"passwords": {
"marc": ["sha256", "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"],
"foo": ["sha256", "fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9"]
},
"ldap": {
"tlsOptions": {
"requestCert": false,
"rejectUnauthorized": false
},
"url": "ldap://dev.marc.waeckerlin.org",
"adminDn": "cn=tmp,ou=system,ou=people,dc=dev,dc=marc,dc=waeckerlin,dc=org",
"adminPassword": "dGg7benUnZ9z",
"searchBase": "ou=person,ou=people,dc=dev,dc=marc,dc=waeckerlin,dc=org",
"searchFilter": "(uid={{username}})"
}
}
} }

19
nodejs/package.json.in
Unescape View File

@ -2,14 +2,6 @@
"name": "@PACKAGE_NAME@", "name": "@PACKAGE_NAME@",
"version": "@PACKAGE_VERSION@", "version": "@PACKAGE_VERSION@",
"private": true, "private": true,
"dependencies": {
"express": "~2.5.8",
"stylus": "~0.53.0",
"ejs": ">= 0.0.1",
"socket.io": "~1.4.4",
"pty.js": "~0.3.0",
"async": "~1.5.2"
},
"description": "Docker as a Service", "description": "Docker as a Service",
"main": "servicedock.js", "main": "servicedock.js",
"devDependencies": {}, "devDependencies": {},
@ -26,5 +18,16 @@
"log": "@LOCALSTATEDIR@/log/@PACKAGE_NAME@.log", "log": "@LOCALSTATEDIR@/log/@PACKAGE_NAME@.log",
"config": "@SYSCONFDIR@/@PACKAGE_NAME@.json", "config": "@SYSCONFDIR@/@PACKAGE_NAME@.json",
"nodejs": "@PKGDATADIR@/nodejs" "nodejs": "@PKGDATADIR@/nodejs"
},
"dependencies": {
"express": "~2.5.8",
"stylus": "~0.53.0",
"ejs": ">= 0.0.1",
"socket.io": "~1.4.4",
"pty.js": "~0.3.0",
"async": "~1.5.2",
"basic-auth": "~1.0.3",
"ldapauth": "~2.2.4",
"cookie-encryption": "~1.4.2"
} }
} }

8
nodejs/public/javascripts/servicedock.js
Unescape View File

@ -8,7 +8,7 @@
// 1 2 3 4 5 6 7 8 // 1 2 3 4 5 6 7 8
// 45678901234567890123456789012345678901234567890123456789012345678901234567890 // 45678901234567890123456789012345678901234567890123456789012345678901234567890
var socket = io.connect(); var socket = null;
var focused = null; var focused = null;
var docker = new Docker(); var docker = new Docker();
@ -597,6 +597,12 @@ function initForms() {
} }
function init() { function init() {
$("#logout").attr("href",
window.location.protocol+"//X:X@"
+window.location.hostname
+(window.location.port?":":"")+window.location.port
+window.location.pathname);
socket = io.connect();
socket.io socket.io
.on("connect", connected) .on("connect", connected)
.on("reconnect", connected) .on("reconnect", connected)

1
nodejs/routes/index.js
Unescape View File

@ -1,4 +1,3 @@
/* /*
* GET home page. * GET home page.
*/ */

18
nodejs/servicedock.js
Unescape View File

@ -1,3 +1,11 @@
try {
process.on('uncaughtException', function(e) {
console.log("**** UNCAUGHT EXCEPTION ****");
console.log(e);
console.log(e.stack);
process.exit(1);
});
/** /**
* Module dependencies. * Module dependencies.
@ -12,6 +20,7 @@ var sockets = require(__dirname+'/sockets')(io);
var package = require(__dirname+'/package.json'); var package = require(__dirname+'/package.json');
var config = require(package.path.config); var config = require(package.path.config);
var docker = require(__dirname+'/docker')(app); var docker = require(__dirname+'/docker')(app);
var authentication = require(__dirname+'/authentication')(config.restrict);
// Configuration // Configuration
process.argv.forEach(function(val, index) { process.argv.forEach(function(val, index) {
@ -46,10 +55,15 @@ app.configure('production', function(){
}); });
// Routes // Routes
app.get('/', authentication, routes.index);
app.get('/', routes.index);
app.listen(config.port, function() { app.listen(config.port, function() {
console.log("Express server listening on port %d in %s mode", console.log("Express server listening on port %d in %s mode",
app.address().port, app.settings.env); app.address().port, app.settings.env);
}); });
} catch (e) {
console.log("**** EXCEPTION ****");
console.log(e);
console.log(e.stack);
process.exit(1);
}

11
nodejs/sockets/index.js
Unescape View File

@ -13,8 +13,12 @@ module.exports = function(io) {
} }
function exec(cmd, callback) { function exec(cmd, callback) {
if (cmd.length>40) {
console.log("== "+cmd.slice(0, 30+cmd.slice(30).indexOf(' '))+" ...");
} else {
console.log("== "+cmd); console.log("== "+cmd);
proc.exec(cmd, callback); }
proc.exec(cmd, {maxBuffer: 10*1024*1024}, callback);
} }
function fail(txt, data) { function fail(txt, data) {
@ -68,7 +72,8 @@ module.exports = function(io) {
return fail("list docker images failed", { return fail("list docker images failed", {
error: error, stderr: stderr, stdout: stdout error: error, stderr: stderr, stdout: stdout
}); });
exec("docker inspect "+stdout.trim().replace(/\n/g, " "), imageinspect); exec("docker inspect "+stdout.trim().replace(/\n/g, " "),
imageinspect);
} }
function updateimages(error, stdout, stderr) { function updateimages(error, stdout, stderr) {
@ -81,7 +86,7 @@ module.exports = function(io) {
function connection(socket) { function connection(socket) {
console.log("new client"); console.log("new connection");
function emit(signal, data, info) { function emit(signal, data, info) {
if (typeof data == 'string' && !data.match("\n")) { if (typeof data == 'string' && !data.match("\n")) {

1
nodejs/views/index.ejs
Unescape View File

@ -31,6 +31,7 @@
<ul id="menu" style="display: none" onmouseleave="$('#menu').hide();"> <ul id="menu" style="display: none" onmouseleave="$('#menu').hide();">
<li onclick="$('#menu').hide(); showCreate()">Create</li> <li onclick="$('#menu').hide(); showCreate()">Create</li>
<li><label for="upload">Upload</label><input autocomplete="off" type="file" accept="*.json" id="upload"/></li> <li><label for="upload">Upload</label><input autocomplete="off" type="file" accept="*.json" id="upload"/></li>
<li><a id="logout" href="">Logout</a></li>
</ul> </ul>
<script type="text/javascript"> <script type="text/javascript">
$(function() { $(function() {

129
scripts/docker-backup.sh
Unescape View File

@ -0,0 +1,129 @@
#!/bin/bash -e
function get-volumes() {
local vols=""
for vol in ${*}; do
local vf=$(docker inspect -f '{{.HostConfig.VolumesFrom}}' ${vol} | sed -n 's,^\[\(.*\)\]$,\1,p')
if test -n "$vf"; then
vols+=" "$(get-volumes $vf)
fi
vols+=" "$(docker inspect -f '{{.Config.Volumes}}' ${vol} | sed -n 's,^map\[\(.*\)\]$,\1,p' | sed 's,:[^ ]*,,g')
done
echo ${vols} | tr '[ ]' '[\n]' | sort | uniq | tr '[\n]' '[ ]'
}
backup=""
volumes=""
infile=""
tofile=""
toserver=""
tocontainer=""
while test $# -gt 0; do
case "$1" in
(-h|--help)
cat <<EOF
$0 -b [OPTIONS]
OPTIONS:
-b, --backup <container> name of the docker container to backup
-v, --volume <volume> add volume path to backup from container
-a, --auto automatically detect volumes to backup from container
-i, --in-file <file> take already existing backup file to import
-s, --to-server <server> copy backup to docker instance on ssh server
-c, --to-container <container> write backup into container on ssh server
-o, --to-file <file> write backup to file
DESCRIPTION:
Take docker backups and copy them to a file or restore them into a
docker instance on an ssh target server.
Note: Use ssh key exchange to prevent password query.
Note: Only volume paths are backed-up correctly
EXAMPLE:
$0 -b wordpress -a -o /tmp/wordpress.bak.tar.bz2
$0 -i /tmp/wordpress.bak.tar.bz2 -c wordpress
$0 -b backup-test -a -s server -c backup-test
EOF
exit 0
;;
(-b|--backup)
shift
backup="$1"
;;
(-i|--in-file)
shift
infile="$1"
;;
(-o|--to-file)
shift
tofile="$1"
;;
(-s|--to-server)
shift
toserver="$1"
;;
(-c|--to-container)
shift
tocontainer="$1"
;;
(-a|--auto)
if test -z "$backup"; then
echo "**** Error: --auto first requires --backup, try $0 --help" 1>&2
exit 1
fi
volumes+=" "$(get-volumes $backup)
;;
(-v|--volume)
shift
volumes+=("$1")
;;
(*)
echo "**** Error: unknown argument $1, try $0 --help" 1>&2
exit 1
;;
esac
if test $# -eq 0; then
echo "**** Error: missing argument, try $0 --help" 1>&2
exit 1
fi
shift
done
if test -n "$backup"; then
if test -z "${volumes}"; then
echo "**** Error: no volumes to backup, try $0 --help" 1>&2
exit 1
fi
elif test -z "$infile"; then
echo "**** Error: no input source specified, try $0 --help" 1>&2
exit 1
fi
if test -n "$toserver"; then
if test -z "$tocontainer"; then
echo "**** Error: no target container specified, try $0 --help" 1>&2
exit 1
fi
elif test -z "$tofile" -a -z "$tocontainer";then
echo "**** Error: no target specified, try $0 --help" 1>&2
exit 1
fi
(
if test -n "$backup"; then
docker run --rm -i -w / --volumes-from $backup ubuntu tar cjP ${volumes}
elif test -n "$infile"; then
cat "$infile"
fi
) | (
if test -n "$toserver"; then
ssh $toserver docker run --rm -i -w / --volumes-from $tocontainer ubuntu tar xjP
elif test -n "$tocontainer"; then
docker run --rm -i -w / --volumes-from $tocontainer ubuntu tar xjP
elif test -n "$tofile";then
cat > "$tofile"
fi
)
Write Preview
Loading…
Cancel
Save