webservices/servicedock
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

in the middle of the work for authentication

Browse Source
This commit is contained in:
Marc Wäckerlin
2016-07-29 19:25:06 +00:00
parent bdaebcc92f
commit 82bb795b85
9 changed files with 338 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
nodejs/authentication/index.js Normal file
View File

@@ -0,0 +1,71 @@
module.exports = function(config) {
const crypto = require('crypto');
const password = crypto.randomBytes(256);
var cookie = require('cookie-encryption');
// const cipher = crypto.createCipher('aes256', password);
// const decipher = crypto.createDecipher('aes256', password);
// var encrypted = cipher.update(JSON.stringify(user), 'utf8', 'base64')
// + cipher.final('base64');
// console.log("encrypted", encrypted);
// var decrypted = decipher.update(encrypted, 'base64', 'utf8') + decipher.final('utf8');
// console.log("decrypted", decrypted);
var authentication = function (req, res, next) {
return next();
}
if (config) {
var cipher = config.cookies && config.cookies.cipher ? config.cookies.cipher : "aes256";
authentication = function (req, res, next) {
function unauthorized(res) {
res.setHeader('WWW-Authenticate', 'Basic realm=Authorization Required');
res.status(401).send('Not logged in. <a href="/">Login</a>');
};
var user = require('basic-auth')(req);
var vault = cookie('credentials');
if (!user || !user.name || !user.pass) {
return unauthorized(res);
};
if (config.passwords && config.passwords[user.name]) {
if (crypto.getHashes().indexOf(config.passwords[user.name][0])>=0) {
if (crypto.createHash(config.passwords[user.name][0])
.update(user.pass, 'utf8').digest('hex') === config.passwords[user.name][1]) {
return next();
}
} else {
console.log("**** HASH NOT FOUND ****");
console.log(config.passwords[user.name][0]);
console.log(crypto.getHashes());
}
}
if (config.ldap) try {
var LdapAuth = require('ldapauth');
var auth = new LdapAuth(config.ldap);
auth.authenticate(user.name, user.pass, function(err, usr) {
auth.close(function(err) {})
if (err) {
console.log("**** ERROR: LDAP Authentication failed:", err);
return unauthorized(res);
}
console.log("**** SUCCESS: LDAP Authentication:");
return next();
});
return; // need to block here!
} catch (e) {
console.log("**** Error: LDAP failed: ", e, e.stack);
}
return unauthorized(res);
};
}
return authentication;
}

22
nodejs/etc/servicedock.json
View File

@@ -1,3 +1,23 @@
{
"port": 8888
"port": 8888,
"restrict": {
"cookies": {
"cipher": "aes256"
},
"passwords": {
"marc": ["sha256", "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"],
"foo": ["sha256", "fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9"]
},
"ldap": {
"tlsOptions": {
"requestCert": false,
"rejectUnauthorized": false
},
"url": "ldap://dev.marc.waeckerlin.org",
"adminDn": "cn=tmp,ou=system,ou=people,dc=dev,dc=marc,dc=waeckerlin,dc=org",
"adminPassword": "dGg7benUnZ9z",
"searchBase": "ou=person,ou=people,dc=dev,dc=marc,dc=waeckerlin,dc=org",
"searchFilter": "(uid={{username}})"
}
}
}

19
nodejs/package.json.in
View File

@@ -2,14 +2,6 @@
"name": "@PACKAGE_NAME@",
"version": "@PACKAGE_VERSION@",
"private": true,
"dependencies": {
"express": "~2.5.8",
"stylus": "~0.53.0",
"ejs": ">= 0.0.1",
"socket.io": "~1.4.4",
"pty.js": "~0.3.0",
"async": "~1.5.2"
},
"description": "Docker as a Service",
"main": "servicedock.js",
"devDependencies": {},
@@ -26,5 +18,16 @@
"log": "@LOCALSTATEDIR@/log/@PACKAGE_NAME@.log",
"config": "@SYSCONFDIR@/@PACKAGE_NAME@.json",
"nodejs": "@PKGDATADIR@/nodejs"
},
"dependencies": {
"express": "~2.5.8",
"stylus": "~0.53.0",
"ejs": ">= 0.0.1",
"socket.io": "~1.4.4",
"pty.js": "~0.3.0",
"async": "~1.5.2",
"basic-auth": "~1.0.3",
"ldapauth": "~2.2.4",
"cookie-encryption": "~1.4.2"
}
}

8
nodejs/public/javascripts/servicedock.js
View File

@@ -8,7 +8,7 @@
// 1 2 3 4 5 6 7 8
// 45678901234567890123456789012345678901234567890123456789012345678901234567890
var socket = io.connect();
var socket = null;
var focused = null;
var docker = new Docker();
@@ -597,6 +597,12 @@ function initForms() {
}
function init() {
$("#logout").attr("href",
window.location.protocol+"//X:X@"
+window.location.hostname
+(window.location.port?":":"")+window.location.port
+window.location.pathname);
socket = io.connect();
socket.io
.on("connect", connected)
.on("reconnect", connected)

1
nodejs/routes/index.js
View File

@@ -1,4 +1,3 @@
/*
* GET home page.
*/

18
nodejs/servicedock.js
View File

@@ -1,3 +1,11 @@
try {
process.on('uncaughtException', function(e) {
console.log("**** UNCAUGHT EXCEPTION ****");
console.log(e);
console.log(e.stack);
process.exit(1);
});
/**
* Module dependencies.
@@ -12,6 +20,7 @@ var sockets = require(__dirname+'/sockets')(io);
var package = require(__dirname+'/package.json');
var config = require(package.path.config);
var docker = require(__dirname+'/docker')(app);
var authentication = require(__dirname+'/authentication')(config.restrict);
// Configuration
process.argv.forEach(function(val, index) {
@@ -46,10 +55,15 @@ app.configure('production', function(){
});
// Routes
app.get('/', routes.index);
app.get('/', authentication, routes.index);
app.listen(config.port, function() {
console.log("Express server listening on port %d in %s mode",
app.address().port, app.settings.env);
});
} catch (e) {
console.log("**** EXCEPTION ****");
console.log(e);
console.log(e.stack);
process.exit(1);
}

11
nodejs/sockets/index.js
View File

@@ -13,8 +13,12 @@ module.exports = function(io) {
}
function exec(cmd, callback) {
if (cmd.length>40) {
console.log("== "+cmd.slice(0, 30+cmd.slice(30).indexOf(' '))+" ...");
} else {
console.log("== "+cmd);
proc.exec(cmd, callback);
}
proc.exec(cmd, {maxBuffer: 10*1024*1024}, callback);
}
function fail(txt, data) {
@@ -68,7 +72,8 @@ module.exports = function(io) {
return fail("list docker images failed", {
error: error, stderr: stderr, stdout: stdout
});
exec("docker inspect "+stdout.trim().replace(/\n/g, " "), imageinspect);
exec("docker inspect "+stdout.trim().replace(/\n/g, " "),
imageinspect);
}
function updateimages(error, stdout, stderr) {
@@ -81,7 +86,7 @@ module.exports = function(io) {
function connection(socket) {
console.log("new client");
console.log("new connection");
function emit(signal, data, info) {
if (typeof data == 'string' && !data.match("\n")) {

1
nodejs/views/index.ejs
View File

@@ -31,6 +31,7 @@
<ul id="menu" style="display: none" onmouseleave="$('#menu').hide();">
<li onclick="$('#menu').hide(); showCreate()">Create</li>
<li><label for="upload">Upload</label><input autocomplete="off" type="file" accept="*.json" id="upload"/></li>
<li><a id="logout" href="">Logout</a></li>
</ul>
<script type="text/javascript">
$(function() {

129
scripts/docker-backup.sh Executable file
View File

@@ -0,0 +1,129 @@
#!/bin/bash -e
function get-volumes() {
local vols=""
for vol in ${*}; do
local vf=$(docker inspect -f '{{.HostConfig.VolumesFrom}}' ${vol} | sed -n 's,^\[\(.*\)\]$,\1,p')
if test -n "$vf"; then
vols+=" "$(get-volumes $vf)
fi
vols+=" "$(docker inspect -f '{{.Config.Volumes}}' ${vol} | sed -n 's,^map\[\(.*\)\]$,\1,p' | sed 's,:[^ ]*,,g')
done
echo ${vols} | tr '[ ]' '[\n]' | sort | uniq | tr '[\n]' '[ ]'
}
backup=""
volumes=""
infile=""
tofile=""
toserver=""
tocontainer=""
while test $# -gt 0; do
case "$1" in
(-h|--help)
cat <<EOF
$0 -b [OPTIONS]
OPTIONS:
-b, --backup <container> name of the docker container to backup
-v, --volume <volume> add volume path to backup from container
-a, --auto automatically detect volumes to backup from container
-i, --in-file <file> take already existing backup file to import
-s, --to-server <server> copy backup to docker instance on ssh server
-c, --to-container <container> write backup into container on ssh server
-o, --to-file <file> write backup to file
DESCRIPTION:
Take docker backups and copy them to a file or restore them into a
docker instance on an ssh target server.
Note: Use ssh key exchange to prevent password query.
Note: Only volume paths are backed-up correctly
EXAMPLE:
$0 -b wordpress -a -o /tmp/wordpress.bak.tar.bz2
$0 -i /tmp/wordpress.bak.tar.bz2 -c wordpress
$0 -b backup-test -a -s server -c backup-test
EOF
exit 0
;;
(-b|--backup)
shift
backup="$1"
;;
(-i|--in-file)
shift
infile="$1"
;;
(-o|--to-file)
shift
tofile="$1"
;;
(-s|--to-server)
shift
toserver="$1"
;;
(-c|--to-container)
shift
tocontainer="$1"
;;
(-a|--auto)
if test -z "$backup"; then
echo "**** Error: --auto first requires --backup, try $0 --help" 1>&2
exit 1
fi
volumes+=" "$(get-volumes $backup)
;;
(-v|--volume)
shift
volumes+=("$1")
;;
(*)
echo "**** Error: unknown argument $1, try $0 --help" 1>&2
exit 1
;;
esac
if test $# -eq 0; then
echo "**** Error: missing argument, try $0 --help" 1>&2
exit 1
fi
shift
done
if test -n "$backup"; then
if test -z "${volumes}"; then
echo "**** Error: no volumes to backup, try $0 --help" 1>&2
exit 1
fi
elif test -z "$infile"; then
echo "**** Error: no input source specified, try $0 --help" 1>&2
exit 1
fi
if test -n "$toserver"; then
if test -z "$tocontainer"; then
echo "**** Error: no target container specified, try $0 --help" 1>&2
exit 1
fi
elif test -z "$tofile" -a -z "$tocontainer";then
echo "**** Error: no target specified, try $0 --help" 1>&2
exit 1
fi
(
if test -n "$backup"; then
docker run --rm -i -w / --volumes-from $backup ubuntu tar cjP ${volumes}
elif test -n "$infile"; then
cat "$infile"
fi
) | (
if test -n "$toserver"; then
ssh $toserver docker run --rm -i -w / --volumes-from $tocontainer ubuntu tar xjP
elif test -n "$tocontainer"; then
docker run --rm -i -w / --volumes-from $tocontainer ubuntu tar xjP
elif test -n "$tofile";then
cat > "$tofile"
fi
)