feat: add home page

2023-03-27 15:29:04 -06:00 · 2023-03-27 15:29:04 -06:00 · e0b5fe07f0
parent 536483b73f
commit e0b5fe07f0
10 changed files with 275 additions and 64 deletions
--- a/README.md
+++ b/README.md
@ -18,7 +18,7 @@ For best results place this behind a TLS termination that has a wildcard certifi
 on your local machine have a ssh private and public key available:

 ```sh
-$ export LOCAL_PORT=3000; export PRIV_KEY=~/.ssh/id_ed25519; sh -c "$(shell http --form POST example.com:2222 pub=@$(PRIV_KEY).pub)"
+$ export LOCAL_PORT=3000; export PRIV_KEY=~/.ssh/id_ed25519; sh -c "$(shell http --form POST :2222 pub=@$(PRIV_KEY).pub)"
 ```

 This will setup a reverse proxy on the example host that you can then use to access the local port. It will print a name unique to your ssh key.
--- a/assets/bootstrap.min.css
+++ b/assets/bootstrap.min.css
--- a/assets/bootstrap.min.css.map
+++ b/assets/bootstrap.min.css.map
--- a/assets/sshfwd.css
+++ b/assets/sshfwd.css
@ -0,0 +1,58 @@
+/* Space out content a bit */
+body {
+  padding-top: 20px;
+  padding-bottom: 20px;
+}
+
+/* Everything but the jumbotron gets side spacing for mobile first views */
+.header,
+.footer {
+  padding-right: 15px;
+  padding-left: 15px;
+}
+
+/* Custom page header */
+.header {
+  padding-bottom: 20px;
+  border-bottom: 1px solid #e5e5e5;
+}
+/* Make the masthead heading the same height as the navigation */
+.header h3 {
+  margin-top: 0;
+  margin-bottom: 0;
+  line-height: 40px;
+}
+
+/* Custom page footer */
+.footer {
+  padding-top: 19px;
+  color: #777;
+  border-top: 1px solid #e5e5e5;
+}
+
+.panel-heading a { 
+  color: white;
+  font-weight: bold;
+}
+
+.container-narrow > hr {
+  margin: 30px 0;
+}
+
+.table tbody tr th {
+  width: 70%
+}
+
+@media (prefers-color-scheme: dark) {
+  body, .panel-body {
+    color: white;
+    background-color: #121212;
+  }
+  .table-striped > tbody > tr:nth-of-type(2n+1) {
+    background-color: darkslategray;
+  }
+}
+
+@media (prefers-color-scheme: light) {
+
+}
--- a/go.mod
+++ b/go.mod
@ -1,14 +1,19 @@
 module github.com/jonlundy/sshfwd

-go 1.15
+go 1.18
+
+require (
+	github.com/gliderlabs/ssh v0.3.2
+	github.com/soheilhy/cmux v0.1.5
+	github.com/wolfeidau/humanhash v1.1.0
+	go.uber.org/multierr v1.7.0
+)

 require (
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
-	github.com/gliderlabs/ssh v0.3.2
-	github.com/soheilhy/cmux v0.1.5
-	github.com/tjarratt/babble v0.0.0-20210505082055-cbca2a4833c1
-	github.com/wolfeidau/humanhash v1.1.0 // indirect
-	go.uber.org/multierr v1.7.0
-	golang.org/dl v0.0.0-20210816190658-eea66df5a73d // indirect
+	go.uber.org/atomic v1.7.0 // indirect
 	golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf // indirect
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 // indirect
+	golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 // indirect
+	golang.org/x/text v0.3.3 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -1,25 +1,24 @@
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/gliderlabs/ssh v0.3.2 h1:gcfd1Aj/9RQxvygu4l3sak711f/5+VOwBw9C/7+N4EI=
 github.com/gliderlabs/ssh v0.3.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js=
 github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/tjarratt/babble v0.0.0-20210505082055-cbca2a4833c1 h1:j8whCiEmvLCXI3scVn+YnklCU8mwJ9ZJ4/DGAKqQbRE=
-github.com/tjarratt/babble v0.0.0-20210505082055-cbca2a4833c1/go.mod h1:O5hBrCGqzfb+8WyY8ico2AyQau7XQwAfEQeEQ5/5V9E=
 github.com/wolfeidau/humanhash v1.1.0 h1:06KgtyyABJGBbrfMONrW7S+b5TTYVyrNB/jss5n7F3E=
 github.com/wolfeidau/humanhash v1.1.0/go.mod h1:jkpynR1bfyfkmKEQudIC0osWKynFAoayRjzH9OJdVIg=
 go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/multierr v1.7.0 h1:zaiO/rmgFjbmCXdSYJWQcdvOCsthmdaHfr3Gm2Kx4Ec=
 go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
-golang.org/dl v0.0.0-20210816190658-eea66df5a73d h1:fY+sw1TVAhVSrszhxX7Ew04Y6V9Znfa8s5O1HTzTsOQ=
-golang.org/dl v0.0.0-20210816190658-eea66df5a73d/go.mod h1:IUMfjQLJQd4UTqG1Z90tenwKoCX93Gn3MAQJMOSBsDQ=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf h1:B2n+Zi5QeYRDAEodEu72OS36gmTWjgpXr2+cWcBW90o=
@ -41,4 +40,5 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
--- a/layouts/main.go.tpl
+++ b/layouts/main.go.tpl
@ -0,0 +1,33 @@
+{{define "main"}}
+<!DOCTYPE html>
+
+<html>
+<head>
+    <meta charset="UTF-8">
+	{{template "meta" .}}
+    <title>SSH Fwd</title>
+
+    <link href="/assets/bootstrap.min.css" rel="stylesheet" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
+    <link href="/assets/sshfwd.css" rel="stylesheet" crossorigin="anonymous">
+</head>
+
+<body>
+
+<div class="container-fluid">
+      <div class="header clearfix">
+        <nav>
+          <ul class="nav nav-pills pull-right">
+            <li role="presentation"><a href="/">Home</a></li>
+          </ul>
+        </nav>
+        <h3 class="text-muted">SSH Fwd</h3>
+      </div>
+</div>
+
+<div class=container>
+	{{template "content" .}}
+</div>
+
+</body>
+</html>
+{{end}}
--- a/main.go
+++ b/main.go
@ -2,7 +2,6 @@ package main

 import (
 	"context"
-	"io/ioutil"
 	"log"
 	"net"
 	"net/http"
@ -44,7 +43,7 @@ func run(ctx context.Context) {
 	)

 	hostKeys := envMust("SSH_HOSTKEYS")
-	files, err := ioutil.ReadDir(hostKeys)
+	files, err := os.ReadDir(hostKeys)
 	if err != nil {
 		log.Fatal(err)
 	}
@ -52,6 +51,8 @@ func run(ctx context.Context) {
 		opts = append(opts, ssh.HostKeyFile(filepath.Join(hostKeys, f.Name())))
 	}

+	loadTemplates()
+
 	srv := &server{
 		bindHost:     envDefault("SSH_HOST", bindHost),
 		domainName:   envDefault("SSH_DOMAIN", domainName),
--- a/pages/home.go.tpl
+++ b/pages/home.go.tpl
@ -0,0 +1,61 @@
+{{template "main" .}}
+
+{{define "meta"}}
+    <meta http-equiv="refresh" content="30">
+{{end}}
+
+{{define "content"}}
+  <h2>What is this?</h2>
+
+  <p>This is a reverse proxy service that uses SSH as the transport. It works similar to ngrok or localtunnel.me.</p>
+
+  <p>
+    You run the service on a internet addressible host and ssh to it. Using ssh remote forwards (ie. ssh -R) the port 
+    on the remote host will be forwared to the configured port on your local machine.
+  </p>
+
+  <h2>How does it work?</h2>
+
+  <p>
+    <ol>
+      <li>You add your SSH public key</li>
+      <li>Connect to SSH</li>
+      <li>???</li>
+      <li>Profit!</li>
+    </ol>
+  </p>
+
+  <form class="form-inline" method="POST" action="/peers/req">
+    <label>SSH Public Key:</label>
+    <div class="input-group input-group-sm">
+        <input class="form-control" type="text" name="pub" placeholder="ssh-key ...">
+    </div>
+    <button class="btn btn-default" type="submit">Submit</button>
+  </form>
+
+  <div class=row>
+    <h2>Connections</h2>
+    {{ with $args := . }}
+    {{ range $user := .Users }}
+     <div class="panel panel-primary">
+        <div class="panel-heading">
+          <a href="/user/{{ $user.Name }}">
+            {{ $user.Name }}
+          </a>
+
+          <div style='float:right'>
+          {{ if $user.Active }}
+            <a href="/user/{{ $user.Name }}" class='btn btn-success'>Active</a>
+          {{ else }}
+            <a href="/user/{{ $user.Name }}" class='btn btn-danger'>Disconnected</a>
+          {{ end }}  
+          </div>
+        </div>
+        <div class="panel-body"> 
+          <pre>ssh -T -p {{ $args.ListenPort }} {{ $user.Name }}@{{ $args.DomainName }} -R "{{ $user.BindPort }}:localhost:$LOCAL_PORT" -i $PRIV_KEY</pre>
+        </div>
+      </div>
+    {{ end }}
+  </div>
+  {{ end }}
+  {{ end }}
--- a/server.go
+++ b/server.go
@ -3,38 +3,49 @@ package main
 import (
 	"context"
 	"crypto/sha256"
+	"embed"
 	"fmt"
+	"io/fs"
 	"log"
 	"net"
 	"net/http"
 	"net/http/httputil"
 	"strings"
 	"sync"
+	"text/template"
 	"time"

 	"github.com/gliderlabs/ssh"
 	"github.com/wolfeidau/humanhash"
 )

+var (
+	//go:embed pages/* layouts/* assets/*
+	files     embed.FS
+	templates map[string]*template.Template
+)
+
 type user struct {
-	name      string
-	pubkey    ssh.PublicKey
-	bindHost  string
-	bindPort  uint32
+	Name      string
+	Pubkey    ssh.PublicKey
+	BindHost  string
+	BindPort  uint32
 	ctx       ssh.Context
 	proxy     http.Handler
-	lastLogin time.Time
+	LastLogin time.Time
 }

+func (u *user) Active() bool { return u.ctx != nil }
+
 func (u *user) String() string {
 	var b strings.Builder
-	fmt.Fprintln(&b, "User:     ", u.name)
+	fmt.Fprintln(&b, "User:     ", u.Name)
 	fmt.Fprintf(&b, "  Ptr:     %p\n", u)
-	fmt.Fprintf(&b, "  Pubkey:  %x\n", u.pubkey)
-	fmt.Fprintln(&b, "  Host:   ", u.bindHost)
-	fmt.Fprintln(&b, "  Port:   ", u.bindPort)
+	fmt.Fprintf(&b, "  Pubkey:  %x\n", u.Pubkey)
+	fmt.Fprintln(&b, "  Host:   ", u.BindHost)
+	fmt.Fprintln(&b, "  Port:   ", u.BindPort)
 	fmt.Fprintf(&b, "  Active:  %t\n", u.ctx != nil)
-	fmt.Fprintln(&b, "  LastLog:", u.lastLogin)
+	fmt.Fprintln(&b, "  LastLog:", u.LastLogin)
 	return b.String()
 }

@ -67,19 +78,19 @@ func (s *server) String() string {
 func (srv *server) addUser(pubkey ssh.PublicKey) *user {
 	u := &user{}

-	u.lastLogin = time.Now()
-	u.name = fingerprintHuman(pubkey)
-	u.name = strings.ToLower(u.name)
-	u.name = filterName.ReplaceAllString(u.name, "")
+	u.LastLogin = time.Now()
+	u.Name = fingerprintHuman(pubkey)
+	u.Name = strings.ToLower(u.Name)
+	u.Name = filterName.ReplaceAllString(u.Name, "")

-	if g, ok := srv.users.LoadOrStore(u.name, u); ok {
+	if g, ok := srv.users.LoadOrStore(u.Name, u); ok {
 		u = g.(*user)
 		return u
 	}

-	u.pubkey = pubkey
-	u.bindPort = srv.nextPort()
-	u.bindHost = srv.bindHost
+	u.Pubkey = pubkey
+	u.BindPort = srv.nextPort()
+	u.BindHost = srv.bindHost

 	return u
 }
@ -87,7 +98,7 @@ func (srv *server) disconnectUser(name string) {
 	if u, ok := srv.getUserByName(name); ok {
 		u.ctx = nil
 		u.proxy = nil
-		srv.ports.Delete(u.bindPort)
+		srv.ports.Delete(u.BindPort)
 	}
 }
 func (srv *server) getUserByPort(port uint32) (*user, bool) {
@ -121,18 +132,6 @@ func (srv *server) listUsers() []*user {

 	return lis
 }
-func (srv *server) listConnectedUsers() []*user {
-	var lis []*user
-	srv.ports.Range(func(key, value interface{}) bool {
-		if u, ok := value.(*user); ok {
-			lis = append(lis, u)
-			return true
-		}
-		return false
-	})
-
-	return lis
-}
 func (srv *server) nextPort() uint32 {
 	if srv.portNext < srv.portStart || srv.portNext > srv.portEnd {
 		srv.portNext = srv.portStart
@ -160,7 +159,7 @@ func (srv *server) newSession(ctx context.Context) func(ssh.Session) {
 		}

 		if u, ok := srv.getUserByName(s.User()); ok {
-			host := fmt.Sprintf("%v:%v", u.bindHost, u.bindPort)
+			host := fmt.Sprintf("%v:%v", u.BindHost, u.BindPort)
 			director := func(req *http.Request) {
 				if h := req.Header.Get("X-Forwarded-Host"); h == "" {
 					req.Header.Set("X-Forwarded-Host", req.Host)
@ -176,7 +175,7 @@ func (srv *server) newSession(ctx context.Context) func(ssh.Session) {
 				fmt.Fprintln(s, string(requestDump))
 			}
 			u.proxy = &httputil.ReverseProxy{Director: director}
-			fmt.Fprintf(s, "Created HTTP listener at: %v%v\n\n", u.name, srv.domainSuffix)
+			fmt.Fprintf(s, "Created HTTP listener at: %v%v\n\n", u.Name, srv.domainSuffix)
 		}

 		select {
@ -201,11 +200,11 @@ func (srv *server) optAuthUser() []ssh.Option {
 				return false
 			}

-			if ssh.KeysEqual(key, u.pubkey) {
-				log.Println("User:", ctx.User(), "Authorized:", u.bindHost, u.bindPort, ctx.ClientVersion(), ctx.SessionID(), ctx.LocalAddr(), ctx.RemoteAddr())
+			if ssh.KeysEqual(key, u.Pubkey) {
+				log.Println("User:", ctx.User(), "Authorized:", u.BindHost, u.BindPort, ctx.ClientVersion(), ctx.SessionID(), ctx.LocalAddr(), ctx.RemoteAddr())
 				u.ctx = ctx
-				u.lastLogin = time.Now()
-				if _, loaded := srv.ports.LoadOrStore(u.bindPort, u); loaded {
+				u.LastLogin = time.Now()
+				if _, loaded := srv.ports.LoadOrStore(u.BindPort, u); loaded {
 					log.Println("User:", ctx.User(), "already connected!")
 					return false
 				}
@ -232,11 +231,11 @@ func (srv *server) optAuthUser() []ssh.Option {
 				}

 				if u.ctx.SessionID() != ctx.SessionID() {
-					log.Println("Port", bindPort, "in use by", u.name, u.ctx.SessionID())
+					log.Println("Port", bindPort, "in use by", u.Name, u.ctx.SessionID())
 					return false
 				}

-				if bindHost != strings.Trim(u.bindHost, "[]") || bindPort != u.bindPort {
+				if bindHost != strings.Trim(u.BindHost, "[]") || bindPort != u.BindPort {
 					log.Println("User", ctx.User(), "Not Allowed: ", bindHost, bindPort, ctx.ClientVersion(), ctx.SessionID(), ctx.LocalAddr(), ctx.RemoteAddr())
 					return false
 				}
@ -282,25 +281,43 @@ func (srv *server) handleHTTP(rw http.ResponseWriter, r *http.Request) {
 		pubkey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(r.FormValue("pub")))
 		if err != nil {
 			rw.WriteHeader(400)
-			fmt.Fprintln(rw, "ERR READING KEY")
+			fmt.Fprintln(rw, "ERR READING KEY", err)
 			return
 		}
 		u := srv.addUser(pubkey)
-		rw.WriteHeader(201)
-		fmt.Fprintf(rw, `ssh -T -p %v %v@%v -R "%v:%v:localhost:$LOCAL_PORT" -i $PRIV_KEY`+"\n", srv.listenPort, u.name, srv.domainName, u.bindHost, u.bindPort)
+		rw.Header().Set("Location", "/")
+		rw.WriteHeader(http.StatusFound)
+		fmt.Fprintf(rw, `ssh -T -p %v %v@%v -R "%v:%v:localhost:$LOCAL_PORT" -i $PRIV_KEY`+"\n", srv.listenPort, u.Name, srv.domainName, u.BindHost, u.BindPort)
 		return
 	}

-	fmt.Fprintln(rw, "Hello!")
-	fmt.Fprintln(rw, srv)
-	fmt.Fprintln(rw, "Registered Users")
-	for _, u := range srv.listUsers() {
-		fmt.Fprintln(rw, u)
+	// fmt.Fprintln(rw, "Hello!")
+	// fmt.Fprintln(rw, srv)
+	// fmt.Fprintln(rw, "Registered Users")
+	// for _, u := range srv.listUsers() {
+	// 	fmt.Fprintln(rw, u)
+	// }
+
+	// fmt.Fprintln(rw, "Connected Users")
+	// for _, u := range srv.listConnectedUsers() {
+	// 	fmt.Fprintln(rw, u)
+	// }
+
+	a, _ := fs.Sub(files, "assets")
+	assets := http.StripPrefix("/assets/", http.FileServer(http.FS(a)))
+	if strings.HasPrefix(r.URL.Path, "/assets/") {
+		assets.ServeHTTP(rw, r)
+		return
 	}

-	fmt.Fprintln(rw, "Connected Users")
-	for _, u := range srv.listConnectedUsers() {
-		fmt.Fprintln(rw, u)
+	t := templates["home.go.tpl"]
+	err := t.Execute(rw, map[string]any{
+		"Users":      srv.listUsers(),
+		"ListenPort": srv.listenPort,
+		"DomainName": srv.domainName,
+	})
+	if err != nil {
+		log.Println(err)
 	}
 }

@ -309,3 +326,32 @@ func fingerprintHuman(pubKey ssh.PublicKey) string {
 	h, _ := humanhash.Humanize(sha256sum[:], 3)
 	return h
 }
+
+var funcMap = map[string]any{}
+
+func loadTemplates() error {
+	if templates != nil {
+		return nil
+	}
+	templates = make(map[string]*template.Template)
+	tmplFiles, err := fs.ReadDir(files, "pages")
+	if err != nil {
+		return err
+	}
+
+	for _, tmpl := range tmplFiles {
+		if tmpl.IsDir() {
+			continue
+		}
+		pt := template.New(tmpl.Name())
+		pt.Funcs(funcMap)
+		pt, err = pt.ParseFS(files, "pages/"+tmpl.Name(), "layouts/*.go.tpl")
+		if err != nil {
+			log.Println(err)
+
+			return err
+		}
+		templates[tmpl.Name()] = pt
+	}
+	return nil
+}