From 3c33bd37190772a783369894e209bcfe0858177a Mon Sep 17 00:00:00 2001 From: Devaev Maxim Date: Sat, 15 Dec 2018 04:29:40 +0300 Subject: [PATCH] own auth --- Makefile | 1 + PKGBUILD | 1 + configs/kvmd/htpasswd | 1 + configs/kvmd/platforms/kvmd.v1-hdmi.yaml | 3 + configs/kvmd/platforms/kvmd.v1-vga.yaml | 5 +- configs/nginx/nginx.conf | 65 ++++++----- extras/kvm/manifest.yaml | 2 +- kvmd/apps/kvmd/__init__.py | 8 +- kvmd/apps/kvmd/auth.py | 37 +++++++ kvmd/apps/kvmd/server.py | 103 ++++++++++++++++-- testenv/Dockerfile | 6 - testenv/customizepkg.nginx | 1 - testenv/kvmd.yaml | 3 + testenv/requirements.txt | 1 + testenv/tox.ini | 2 +- web/browserconfig.xml | 9 -- web/index.html | 26 ++--- web/kvm/index.html | 88 +++++++-------- web/login/index.html | 47 ++++++++ web/mstile-150x150.png | Bin 3678 -> 0 bytes web/{ => share}/android-chrome-192x192.png | Bin web/{ => share}/apple-touch-icon.png | Bin web/{ => share}/css/index/index.css | 0 web/{ => share}/css/kvm/about.css | 0 web/{ => share}/css/kvm/hid.css | 0 web/{ => share}/css/kvm/keyboard.css | 0 web/{ => share}/css/kvm/msd.css | 0 web/{ => share}/css/kvm/stream.css | 0 web/{ => share}/css/leds.css | 0 web/share/css/login/login.css | 25 +++++ web/{ => share}/css/main.css | 13 ++- web/{ => share}/css/menu.css | 1 + web/{ => share}/css/modals.css | 1 + web/{ => share}/css/progress.css | 0 web/{ => share}/css/sliders.css | 0 web/{ => share}/css/switches.css | 0 web/{ => share}/css/vars.css | 0 web/{ => share}/css/windows.css | 0 web/{ => share}/favicon-16x16.png | Bin web/{ => share}/favicon-32x32.png | Bin web/{ => share}/js/bb.js | 0 web/{ => share}/js/index/main.js | 0 web/{ => share}/js/kvm/atx.js | 0 web/{ => share}/js/kvm/hid.js | 0 web/{ => share}/js/kvm/keyboard.js | 0 web/{ => share}/js/kvm/main.js | 0 web/{ => share}/js/kvm/mouse.js | 0 web/{ => share}/js/kvm/msd.js | 0 web/{ => share}/js/kvm/session.js | 28 ++--- web/{ => share}/js/kvm/stream.js | 0 web/share/js/login/main.js | 36 ++++++ web/{ => share}/js/tools.js | 9 +- web/{ => share}/js/wm.js | 0 web/{ => share}/png/blank-stream.png | Bin web/{ => share}/safari-pinned-tab.svg | 0 web/{ => share}/site.webmanifest | 2 +- web/{ => share}/svg/atx-hdd-led.svg | 0 web/{ => share}/svg/atx-power-led.svg | 0 web/{ => share}/svg/fan-led.svg | 0 web/{ => share}/svg/favicon.svg | 0 web/{ => share}/svg/gear-led.svg | 0 web/{ => share}/svg/hid-keyboard-led.svg | 0 web/{ => share}/svg/hid-mouse-led.svg | 0 web/{ => share}/svg/info.svg | 0 web/{ => share}/svg/kvm.svg | 0 web/{ => share}/svg/link-led.svg | 0 web/{ => share}/svg/logo.svg | 0 web/{ => share}/svg/msd-led.svg | 0 web/{ => share}/svg/select-arrow-inactive.svg | 0 .../svg/select-arrow-intensive.svg | 0 web/{ => share}/svg/select-arrow-normal.svg | 0 web/{ => share}/svg/stream-led.svg | 0 web/{ => share}/svg/stream-mouse-cursor.svg | 0 web/{ => share}/svg/warning.svg | 0 74 files changed, 388 insertions(+), 136 deletions(-) create mode 100644 configs/kvmd/htpasswd create mode 100644 kvmd/apps/kvmd/auth.py delete mode 100644 testenv/customizepkg.nginx delete mode 100644 web/browserconfig.xml create mode 100644 web/login/index.html delete mode 100644 web/mstile-150x150.png rename web/{ => share}/android-chrome-192x192.png (100%) rename web/{ => share}/apple-touch-icon.png (100%) rename web/{ => share}/css/index/index.css (100%) rename web/{ => share}/css/kvm/about.css (100%) rename web/{ => share}/css/kvm/hid.css (100%) rename web/{ => share}/css/kvm/keyboard.css (100%) rename web/{ => share}/css/kvm/msd.css (100%) rename web/{ => share}/css/kvm/stream.css (100%) rename web/{ => share}/css/leds.css (100%) create mode 100644 web/share/css/login/login.css rename web/{ => share}/css/main.css (91%) rename web/{ => share}/css/menu.css (99%) rename web/{ => share}/css/modals.css (98%) rename web/{ => share}/css/progress.css (100%) rename web/{ => share}/css/sliders.css (100%) rename web/{ => share}/css/switches.css (100%) rename web/{ => share}/css/vars.css (100%) rename web/{ => share}/css/windows.css (100%) rename web/{ => share}/favicon-16x16.png (100%) rename web/{ => share}/favicon-32x32.png (100%) rename web/{ => share}/js/bb.js (100%) rename web/{ => share}/js/index/main.js (100%) rename web/{ => share}/js/kvm/atx.js (100%) rename web/{ => share}/js/kvm/hid.js (100%) rename web/{ => share}/js/kvm/keyboard.js (100%) rename web/{ => share}/js/kvm/main.js (100%) rename web/{ => share}/js/kvm/mouse.js (100%) rename web/{ => share}/js/kvm/msd.js (100%) rename web/{ => share}/js/kvm/session.js (84%) rename web/{ => share}/js/kvm/stream.js (100%) create mode 100644 web/share/js/login/main.js rename web/{ => share}/js/tools.js (94%) rename web/{ => share}/js/wm.js (100%) rename web/{ => share}/png/blank-stream.png (100%) rename web/{ => share}/safari-pinned-tab.svg (100%) rename web/{ => share}/site.webmanifest (80%) rename web/{ => share}/svg/atx-hdd-led.svg (100%) rename web/{ => share}/svg/atx-power-led.svg (100%) rename web/{ => share}/svg/fan-led.svg (100%) rename web/{ => share}/svg/favicon.svg (100%) rename web/{ => share}/svg/gear-led.svg (100%) rename web/{ => share}/svg/hid-keyboard-led.svg (100%) rename web/{ => share}/svg/hid-mouse-led.svg (100%) rename web/{ => share}/svg/info.svg (100%) rename web/{ => share}/svg/kvm.svg (100%) rename web/{ => share}/svg/link-led.svg (100%) rename web/{ => share}/svg/logo.svg (100%) rename web/{ => share}/svg/msd-led.svg (100%) rename web/{ => share}/svg/select-arrow-inactive.svg (100%) rename web/{ => share}/svg/select-arrow-intensive.svg (100%) rename web/{ => share}/svg/select-arrow-normal.svg (100%) rename web/{ => share}/svg/stream-led.svg (100%) rename web/{ => share}/svg/stream-mouse-cursor.svg (100%) rename web/{ => share}/svg/warning.svg (100%) diff --git a/Makefile b/Makefile index 1fc418d9..21187949 100644 --- a/Makefile +++ b/Makefile @@ -6,6 +6,7 @@ TESTENV_CMD ?= /bin/bash -c " \ (socat PTY,link=$(TESTENV_HID) PTY,link=/dev/ttyS11 &) \ && cp -r /usr/share/kvmd/configs.default/nginx/* /etc/nginx \ && cp /usr/share/kvmd/configs.default/kvmd/*.yaml /etc/kvmd \ + && cp /usr/share/kvmd/configs.default/kvmd/htpasswd /etc/kvmd \ && cp /testenv/kvmd.yaml /etc/kvmd \ && nginx -c /etc/nginx/nginx.conf \ && ln -s $(TESTENV_VIDEO) /dev/kvmd-video \ diff --git a/PKGBUILD b/PKGBUILD index 3e66c52c..dd7de7ef 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -14,6 +14,7 @@ depends=( python-yaml python-aiohttp python-aiofiles + python-passlib python-pyudev python-raspberry-gpio python-pyserial diff --git a/configs/kvmd/htpasswd b/configs/kvmd/htpasswd new file mode 100644 index 00000000..e62e44d0 --- /dev/null +++ b/configs/kvmd/htpasswd @@ -0,0 +1 @@ +admin:$apr1$INC0KeyU$YdLQ9qosXzNVlhxQPUf7A/ diff --git a/configs/kvmd/platforms/kvmd.v1-hdmi.yaml b/configs/kvmd/platforms/kvmd.v1-hdmi.yaml index 8a1f9c8b..1991e4c5 100644 --- a/configs/kvmd/platforms/kvmd.v1-hdmi.yaml +++ b/configs/kvmd/platforms/kvmd.v1-hdmi.yaml @@ -7,6 +7,9 @@ kvmd: port: 8081 heartbeat: 3.0 + auth: + htpasswd: /etc/kvmd/htpasswd + info: meta: /etc/kvmd/meta.yaml extras: /usr/share/kvmd/extras diff --git a/configs/kvmd/platforms/kvmd.v1-vga.yaml b/configs/kvmd/platforms/kvmd.v1-vga.yaml index 05c1234d..5688f306 100644 --- a/configs/kvmd/platforms/kvmd.v1-vga.yaml +++ b/configs/kvmd/platforms/kvmd.v1-vga.yaml @@ -1,5 +1,5 @@ # Don't touch this file otherwise your device may stop working. -# You can find a workable configuration in /usr/share/kvmd/configs.default/kvmd. +# You can find a working configuration in /usr/share/kvmd/configs.default/kvmd. kvmd: server: @@ -7,6 +7,9 @@ kvmd: port: 8081 heartbeat: 3.0 + auth: + htpasswd: /etc/kvmd/htpasswd + info: meta: /etc/kvmd/meta.yaml extras: /usr/share/kvmd/extras diff --git a/configs/nginx/nginx.conf b/configs/nginx/nginx.conf index 5a368833..49776d9d 100644 --- a/configs/nginx/nginx.conf +++ b/configs/nginx/nginx.conf @@ -1,5 +1,3 @@ -load_module /usr/lib/nginx/modules/ngx_http_lua_module.so; - user http; worker_processes 4; @@ -28,6 +26,7 @@ http { tcp_nodelay on; tcp_nopush on; keepalive_timeout 10; + client_max_body_size 4k; client_body_temp_path /tmp/nginx.client_body_temp; fastcgi_temp_path /tmp/nginx.fastcgi_temp; @@ -45,11 +44,6 @@ http { include /usr/share/kvmd/extras/*/nginx.http-ctx.conf; -#PROD lua_shared_dict WS_TOKENS 10m; -#PROD init_by_lua_block { -#PROD WS_TOKEN_EXPIRES = 10; -#PROD } - #PROD server { #PROD listen 80; #PROD server_name localhost; @@ -67,34 +61,47 @@ http { #PROD add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; -#PROD auth_basic "Restricted Area"; -#PROD auth_basic_user_file /etc/nginx/htpasswd; + auth_request /auth; + + location = /auth { + internal; + proxy_pass http://kvmd/auth/check; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + auth_request off; + } location / { root /usr/share/kvmd/web; + error_page 401 = @login; + error_page 403 = @login; } - location /ws_auth { - # Workaround for Safari: https://bugs.webkit.org/show_bug.cgi?id=80362 -#PROD access_by_lua_block { -#PROD local token = ngx.encode_base64(ngx.sha1_bin(ngx.var.http_Authorization)); -#PROD ngx.shared.WS_TOKENS:set(token, token, WS_TOKEN_EXPIRES); -#PROD ngx.header["Set-Cookie"] = "WS_ACCESS_TOKEN=" .. token .. "; Path=/; Expires=" .. ngx.cookie_time(ngx.time() + WS_TOKEN_EXPIRES); -#PROD } - content_by_lua_block { - ngx.say("ok"); - } + location @login { + return 302 /login; + } + + location /login { + root /usr/share/kvmd/web; + auth_request off; + } + + location /share { + root /usr/share/kvmd/web; + auth_request off; + } + + location = /favicon.ico { + alias /usr/share/kvmd/web/favicon.ico; + auth_request off; + } + + location = /robots.txt { + alias /usr/share/kvmd/web/robots.txt; + auth_request off; } location /kvmd/ws { -#PROD auth_basic off; -#PROD access_by_lua_block { -#PROD local token = ngx.var.cookie_WS_ACCESS_TOKEN; -#PROD local value, _ = ngx.shared.WS_TOKENS:get(token); -#PROD if value == nil then -#PROD ngx.exec("/ws_auth"); -#PROD end -#PROD } rewrite ^/kvmd/ws$ /ws break; rewrite ^/kvmd/ws\?(.*)$ /ws?$1 break; proxy_pass http://kvmd; @@ -104,6 +111,7 @@ http { proxy_connect_timeout 7d; proxy_send_timeout 7d; proxy_read_timeout 7d; + auth_request off; } location /kvmd/msd/write { @@ -115,6 +123,7 @@ http { limit_rate_after 50k; client_max_body_size 0; proxy_request_buffering off; + auth_request off; } location /kvmd/log { @@ -126,6 +135,7 @@ http { postpone_output 0; proxy_buffering off; proxy_ignore_headers X-Accel-Buffering; + auth_request off; } location /kvmd { @@ -133,6 +143,7 @@ http { rewrite ^/kvmd/(.*)$ /$1 break; proxy_pass http://kvmd; include /etc/nginx/proxy-params.conf; + auth_request off; } location /streamer { diff --git a/extras/kvm/manifest.yaml b/extras/kvm/manifest.yaml index d99cd7bf..609cb495 100644 --- a/extras/kvm/manifest.yaml +++ b/extras/kvm/manifest.yaml @@ -1,6 +1,6 @@ name: KVM description: Open KVM session in a web browser -icon: svg/kvm.svg +icon: share/svg/kvm.svg path: kvm keyboard_cap: true daemon: kvmd diff --git a/kvmd/apps/kvmd/__init__.py b/kvmd/apps/kvmd/__init__.py index 7662fae0..480a1017 100644 --- a/kvmd/apps/kvmd/__init__.py +++ b/kvmd/apps/kvmd/__init__.py @@ -5,8 +5,9 @@ from ...logging import get_logger from ... import gpio -from .logreader import LogReader +from .auth import AuthManager from .info import InfoManager +from .logreader import LogReader from .hid import Hid from .atx import Atx from .msd import MassStorageDevice @@ -20,6 +21,10 @@ def main() -> None: with gpio.bcm(): loop = asyncio.get_event_loop() + auth_manager = AuthManager( + htpasswd_path=str(config["auth"]["htpasswd"]), + ) + info_manager = InfoManager( meta_path=str(config["info"]["meta"]), extras_path=str(config["info"]["extras"]), @@ -80,6 +85,7 @@ def main() -> None: ) Server( + auth_manager=auth_manager, info_manager=info_manager, log_reader=log_reader, diff --git a/kvmd/apps/kvmd/auth.py b/kvmd/apps/kvmd/auth.py new file mode 100644 index 00000000..f319b5cc --- /dev/null +++ b/kvmd/apps/kvmd/auth.py @@ -0,0 +1,37 @@ +import secrets + +from typing import Dict +from typing import Optional + +import passlib.apache + +from ...logging import get_logger + + +# ===== +class AuthManager: + def __init__(self, htpasswd_path: str) -> None: + self.__htpasswd_path = htpasswd_path + self.__tokens: Dict[str, str] = {} # {token: user} + + def login(self, user: str, passwd: str) -> Optional[str]: + htpasswd = passlib.apache.HtpasswdFile(self.__htpasswd_path) + if htpasswd.check_password(user, passwd): + for (token, token_user) in self.__tokens.items(): + if user == token_user: + return token + token = secrets.token_hex(32) + self.__tokens[token] = user + get_logger().info("Logged in user %r", user) + return token + else: + get_logger().error("Access denied for user %r", user) + return None + + def logout(self, token: str) -> None: + user = self.__tokens.pop(token, "") + if user: + get_logger().info("Logged out user %r", user) + + def check(self, token: str) -> bool: + return (token in self.__tokens) diff --git a/kvmd/apps/kvmd/server.py b/kvmd/apps/kvmd/server.py index 2fae9994..3981f59b 100644 --- a/kvmd/apps/kvmd/server.py +++ b/kvmd/apps/kvmd/server.py @@ -1,4 +1,5 @@ import os +import re import signal import socket import asyncio @@ -23,6 +24,7 @@ from ...aioregion import RegionIsBusyError from ... import __version__ +from .auth import AuthManager from .info import InfoManager from .logreader import LogReader from .hid import Hid @@ -33,8 +35,29 @@ from .streamer import Streamer # ===== -def _json(result: Optional[Dict]=None, status: int=200) -> aiohttp.web.Response: - return aiohttp.web.Response( +class HttpError(Exception): + pass + + +class BadRequestError(HttpError): + pass + + +class UnauthorizedError(HttpError): + pass + + +class ForbiddenError(HttpError): + pass + + +def _json( + result: Optional[Dict]=None, + status: int=200, + set_cookies: Optional[Dict[str, str]]=None, +) -> aiohttp.web.Response: + + response = aiohttp.web.Response( text=json.dumps({ "ok": (status == 200), "result": (result or {}), @@ -42,37 +65,53 @@ def _json(result: Optional[Dict]=None, status: int=200) -> aiohttp.web.Response: status=status, content_type="application/json", ) + if set_cookies: + for (key, value) in set_cookies.items(): + response.set_cookie(key, value) + return response def _json_exception(err: Exception, status: int) -> aiohttp.web.Response: name = type(err).__name__ msg = str(err) - get_logger().error("API error: %s: %s", name, msg) + if not isinstance(err, (UnauthorizedError, ForbiddenError)): + get_logger().error("API error: %s: %s", name, msg) return _json({ "error": name, "error_msg": msg, }, status=status) -class BadRequestError(Exception): - pass - - _ATTR_EXPOSED = "exposed" _ATTR_EXPOSED_METHOD = "exposed_method" _ATTR_EXPOSED_PATH = "exposed_path" _ATTR_SYSTEM_TASK = "system_task" +_COOKIE_AUTH_TOKEN = "auth_token" -def _exposed(http_method: str, path: str) -> Callable: + +def _exposed(http_method: str, path: str, auth_required: bool=True) -> Callable: def make_wrapper(method: Callable) -> Callable: async def wrap(self: "Server", request: aiohttp.web.Request) -> aiohttp.web.Response: try: + if auth_required: + token = request.cookies.get(_COOKIE_AUTH_TOKEN, "") + if token: + if not self._auth_manager.check(_valid_token(token)): + raise ForbiddenError("Forbidden") + else: + raise UnauthorizedError("Unauthorized") + return (await method(self, request)) + except RegionIsBusyError as err: return _json_exception(err, 409) except (BadRequestError, MsdOperationError) as err: return _json_exception(err, 400) + except UnauthorizedError as err: + return _json_exception(err, 401) + except ForbiddenError as err: + return _json_exception(err, 403) setattr(wrap, _ATTR_EXPOSED, True) setattr(wrap, _ATTR_EXPOSED_METHOD, http_method) @@ -95,6 +134,29 @@ def _system_task(method: Callable) -> Callable: return wrap +def _valid_user(user: Optional[str]) -> str: + if isinstance(user, str): + stripped = user.strip() + if re.match(r"^[a-z_][a-z0-9_-]*$", stripped): + return stripped + raise BadRequestError("Invalid user characters %r" % (user)) + + +def _valid_passwd(passwd: Optional[str]) -> str: + if isinstance(passwd, str): + if re.match(r"[\x20-\x7e]*$", passwd): + return passwd + raise BadRequestError("Invalid password characters") + + +def _valid_token(token: Optional[str]) -> str: + if isinstance(token, str): + token = token.strip().lower() + if re.match(r"^[0-9a-f]{64}$", token): + return token + raise BadRequestError("Invalid auth token characters") + + def _valid_bool(name: str, flag: Optional[str]) -> bool: flag = str(flag).strip().lower() if flag in ["1", "true", "yes"]: @@ -127,6 +189,7 @@ class _Events(Enum): class Server: # pylint: disable=too-many-instance-attributes def __init__( # pylint: disable=too-many-arguments self, + auth_manager: AuthManager, info_manager: InfoManager, log_reader: LogReader, @@ -142,6 +205,7 @@ class Server: # pylint: disable=too-many-instance-attributes loop: asyncio.AbstractEventLoop, ) -> None: + self._auth_manager = auth_manager self.__info_manager = info_manager self.__log_reader = log_reader @@ -210,6 +274,29 @@ class Server: # pylint: disable=too-many-instance-attributes "extras": await self.__info_manager.get_extras(), } + # ===== AUTH + + @_exposed("POST", "/auth/login", auth_required=False) + async def __auth_login_handler(self, request: aiohttp.web.Request) -> aiohttp.web.Response: + credentials = await request.post() + token = self._auth_manager.login( + user=_valid_user(credentials.get("user", "")), + passwd=_valid_passwd(credentials.get("passwd", "")), + ) + if token: + return _json({}, set_cookies={_COOKIE_AUTH_TOKEN: token}) + raise ForbiddenError("Forbidden") + + @_exposed("POST", "/auth/logout") + async def __auth_logout_handler(self, request: aiohttp.web.Request) -> aiohttp.web.Response: + token = _valid_token(request.cookies.get(_COOKIE_AUTH_TOKEN, "")) + self._auth_manager.logout(token) + return _json({}) + + @_exposed("GET", "/auth/check") + async def __auth_check_handler(self, _: aiohttp.web.Request) -> aiohttp.web.Response: + return _json({}) + # ===== SYSTEM @_exposed("GET", "/info") diff --git a/testenv/Dockerfile b/testenv/Dockerfile index 78226b17..4fe453e8 100644 --- a/testenv/Dockerfile +++ b/testenv/Dockerfile @@ -31,12 +31,7 @@ RUN useradd -r -d / packer \ && cd - \ && rm -rf /tmp/packer-color -COPY testenv/customizepkg.nginx /etc/customizepkg.d/nginx-mainline-mod-ndk -COPY testenv/customizepkg.nginx /etc/customizepkg.d/nginx-mainline-mod-lua - RUN pacman -Syy \ - && user-packer -S --noconfirm \ - customizepkg \ && mkdir /.npm \ && chmod 777 /.npm \ && user-packer -S --noconfirm \ @@ -50,7 +45,6 @@ RUN pacman -Syy \ htmlhint \ eslint \ && rm -rf /.npm \ - && env MAKEPKGOPTS="--skipchecksums --skippgpcheck" user-packer -S --noconfirm nginx-mainline-mod-lua \ && pacman -Sc --noconfirm COPY testenv/requirements.txt requirements.txt diff --git a/testenv/customizepkg.nginx b/testenv/customizepkg.nginx deleted file mode 100644 index 5e7db5a4..00000000 --- a/testenv/customizepkg.nginx +++ /dev/null @@ -1 +0,0 @@ -replace#global#_nginxver=.*#_nginxver=`pacman -Q nginx-mainline | grep -Po "\\d+\\.\\d+\\.\\d+"` diff --git a/testenv/kvmd.yaml b/testenv/kvmd.yaml index 8233cd58..da37e9d8 100644 --- a/testenv/kvmd.yaml +++ b/testenv/kvmd.yaml @@ -4,6 +4,9 @@ kvmd: port: 8081 heartbeat: 3.0 + auth: + htpasswd: /etc/kvmd/htpasswd + info: meta: /etc/kvmd/meta.yaml extras: /usr/share/kvmd/extras diff --git a/testenv/requirements.txt b/testenv/requirements.txt index 4f95d90a..a968fcb1 100644 --- a/testenv/requirements.txt +++ b/testenv/requirements.txt @@ -1,6 +1,7 @@ git+git://github.com/willbuckner/rpi-gpio-development-mock@master#egg=rpi aiohttp aiofiles +passlib pyudev pyyaml pyserial diff --git a/testenv/tox.ini b/testenv/tox.ini index 47ce1636..b10700a2 100644 --- a/testenv/tox.ini +++ b/testenv/tox.ini @@ -33,7 +33,7 @@ deps = [testenv:eslint] whitelist_externals = eslint -commands = eslint --config=testenv/eslintrc.yaml --color --ext .js web/js +commands = eslint --config=testenv/eslintrc.yaml --color --ext .js web/share/js [testenv:htmlhint] whitelist_externals = htmlhint diff --git a/web/browserconfig.xml b/web/browserconfig.xml deleted file mode 100644 index fcb73892..00000000 --- a/web/browserconfig.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - - - - #2b5797 - - - diff --git a/web/index.html b/web/index.html index b628b615..e1113454 100644 --- a/web/index.html +++ b/web/index.html @@ -4,22 +4,22 @@ Pi-KVM Index - - - - - + + + + + - - - - + + + + - - - + + + @@ -30,7 +30,7 @@
diff --git a/web/kvm/index.html b/web/kvm/index.html index 8cc66513..4472112a 100644 --- a/web/kvm/index.html +++ b/web/kvm/index.html @@ -4,40 +4,40 @@ Pi-KVM Session - - - - - + + + + + - - - - - - - - - - - - - - + + + + + + + + + + + + + + - - - - - - - - - - - + + + + + + + + + + + @@ -47,16 +47,16 @@
  • - - - - + + + + System ↴
    @@ -118,8 +118,8 @@
  • - - + + ATX ↴
    @@ -132,7 +132,7 @@
  • - + Mass Storage ↴
    @@ -140,7 +140,7 @@
    • - +
    Mass Storage Device is not operational
    @@ -152,7 +152,7 @@
    - +
    Current image is broken!
    Perhaps uploading was interrupted
    @@ -164,7 +164,7 @@
    - +
    Another user uploads an image
    @@ -233,7 +233,7 @@
  • - + Shortcuts ↴
    @@ -282,7 +282,7 @@
    - +
    @@ -534,7 +534,7 @@
    diff --git a/web/login/index.html b/web/login/index.html new file mode 100644 index 00000000..10ca2e2b --- /dev/null +++ b/web/login/index.html @@ -0,0 +1,47 @@ + + + + + Pi-KVM Login + + + + + + + + + + + + + + + + + + + + + + +
    +
    +
    + + + + + + + + + + + + +
    Username:
    Password:
    + + + + diff --git a/web/mstile-150x150.png b/web/mstile-150x150.png deleted file mode 100644 index 353ef69155c70f7d7c5d837246093691e2bb2cce..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3678 zcmbtXX*3jU|DKX$8`~3Mh$fV=jdhGION}j}Y>|wuVrVdyu_a5$GP2A1P*TVsjJ23y zWNqSM?2WN6jV(*U-}CYR;r;NQ_de%7zw^89b6wZ(!+oFoT=93z5S(m6Yybd&)5y@k z5&$>@{C8hCcZz%`K;=%$xktLUbpe2C9Qz+6^Jy>UVrY3A00@=@03xCRfZwN3#1a7D zuK)n7H~|3gYydz2o!4Zcd3tcx*#uz#IElseeLn42Fh;j;vdpq`UcAf?eGaZZHDxj~ z(7hKlzCMLTgC6B~Z9c_aHEHuQYJ*ba6F>pnq?8G6J-szh^P7laUuHv}*TR{_9<|7F zLm&P1^Diq=Y;1;ad6RqiGq!vsWbh~-^>cAXV%4(hZLU(usIgQD6PKfXrrzX=WqKGw z>Bww5^w`pB4|7twNHGokjEIW+pVmIUJ9EN*O%XExApTs(70+tBfKo5KIhC5x`U!l~CVt7_j)^j5ry@n!rVPTi znRWsHMyA3*!*gktxx$^NHs_}2w2GBm;@>SM*%fDq$XYC`&9>rzv$vcMs7|4e_AlJt zf!rSZB236Wz}hHw7Pu=gcqKiH&{WJvcW@R|i(%~Hq=wj%L)N@tjjf!GYI)U&9kl>Y zfMbZb3__}TO})aSOYel|_pn)ajF_T{EI){KIWIaWg!vC?UzTw>b_@z>)t2 zifDN2>3%`1jRlK+Bc!G!A&&1cjF2LHst3H)2o9EET$yDS1m^& zy^cV^!-J+=k(0tCC*8zr7U3}z-O^E`z>V!}ShjyUdV)}`B zaouBoq(m-0Y``V0ZTy5QcL}wbhIDKV`dz+#Bgf*FATpbtejPCn;;M-K(V-jS5z=$X zoI>OmMQVgBxuq!1e{D!bAyFYe@BVp+`S#hszK{wEiYPRA_WsbP{P{*lb@~9+%`JFe zR)@ZaauI_U)V!^Ae)^eF=AIrWJNJV0G(TU{qAJSDo)+U`)Q5ogRUPniZMiPUFV;F& zb=Lb;ykr}tWDx!YiYM!C@;Jg4Y+(Ng(~)hY6N0jry}jOqX~VOS7j>H}q;?(`&Edz3 z{5~D* z6bxviQg9TUc~x$PyeoA1?9BMZ^A|!wv*u@&A}!kew^F}=MtQYZyB?t7vP&?tFzGiaDLnK%6r<=)qHdJ?Aq^E2?p=Dmn)KeABGgL-WH-7u(BT6GLyI zCdkMccDvQNrs3UeayhJ!)hvP*cYfddA7MKY4bEZl-5~Gn)O3v!fPI1=TG`B`|n<_~1hG4NP@F=Ui!E>fT^Y zdu>Oake4AnH?r?u-cX^h|Y;-y~$O+DjWFVgCnef0N z1z9;IJ|MYL6+y$RS0q264tnEcZ=npAA~8LVY?w;RZZtln);Vi^cO|Yijx%RuVl@n* zW_Xi>EX3a_x2itoOP?){E-$>>b6nYqls z%fXR3U_pzgyd^U98xC^y!3B~gxn3J-gFOjncsTGgwMqrr4&O~o@u zk{NYAUS0fU#G4+NsE!z-u|v9o-LM=^E_4xX(WO!@>?~Lm8570qkca<7rng_Td9zEq z6c|lunK>Soz7HF4vFi9PI_h~b_iILujkca{S9v1jK1|LeTOw?jj@da7{Ebc&{-%cb zf&ykq$Y`%Xi{~u)A2|lzm;s4v!PhruUj~TV7opL}9-Ohfxw^NH)j~)K zz=aJ_RFU({FsI13dArUyYe*1r=HgXQg=uSltBUUmll$A~(i7uiZUmS0yK6Lp)d`{C@E(=>ozT`sG07dnPfYNDmCE5AAY@cQT0 z1+`Nh7kO%GwX~Pi%^D_zZ$!mLl`Cr1HIcCd3de%_sABKmCbU|rgT0%H>=*MZUs7vo zfvS=_f?96&bK_|x{i`24nKRv}bG0+=4k7X<{aj-tVZB5Iv8G!aMV5ImHa*|6zP+~0 zVXr-9W|BJ-H0!u9CL%S{?!rHbvjo5U)!8CH)EXx)>OUQjJL`{5Sx1(6?Z^1`kOup4Ab{k{;I#Z*K}%B*f^s@p=UYOjtdR+@>NTPfBhA}d3$ z{yJc$2f+5`BKQZ%Odsc8B>wu0!

    |NKalm%Ck*t9r~?Q$oeOiEb90~Uvv@V?rtyR zUo4P|Y@ogxa%><^!X=C)_{Vg{j{7cKk4>*s<9?~G2?A@Iy&Pxj1;z!u(BI439>sVP z$~7Qko?Z<^gnzf(F10sfdIsbU-i;w}jbG82`Po2WtJ;jin>xt`q^E<1J|{6!sn z8!)T^awqOStatvdn(LJj)>q$oZ&^{V)J*8ZUTQy0>rX8`Y29mIQzblwCjFXnA1my+ zo~vmn4^GeS(sLxuJG8&d2De=&HR6P?fdYUH8y<^?T)A4Jq8Ic*MxiU1*Swy~&N@>& zl)keC`Ut(i`3Ip=B%gXtULd5p!2J7s=yPoPOz=87LR&LDS@N;F-5Q^?)Ho?~1xFe7 zOhKcW8XjqW5dTa+jze!qf7}S2mkVES9hLPLoVHyU=x(*c zn?;`9yjhijqc3Ey08!1b9zK8d)u5EBQKWo9Bo_+=M&8bF3;&@#bYNr-=Zf-e$Qm>_ zqt*~}IT^?}!`(hI(I)-+C*&|5oAmUR zQN`D`h0y&Fuc`F)qY|qf*4(x1DbMi0khi=c`E>H#`iW9+#dEn{C*I(@eYvE*XGI`D7@KdGA%nSXmU8Q6GyI|qCBQYQ~e__HPtL_DMH~298MapZ=G3#dX zv@1jiyB3;sJm^7Os804IM7Vt_1i8Vx!~?e2f6~<`Xc3R>+XAbEXr*P>pV0&7TsVBQ zA5q)EnxsOi)y-Tqw~#alFk+wqvF$tSK1AYXp%Mdt`@i0P`HA^KG)=}|3~n8>iWbT`=1H%mahLsHJjjjwirufpcvZssrwU@ zn-~U*b`yJo#<&0gL3#8ojtf54*RJ)L_x2ghTLPHC>~b#bd|*D4w7;16#0(;oiLOlG r+IwQX)ZuPY9|=Ta>5VWfGL{3Z2=HLG^i(oVEdWM0%?v*3IYs^-M=Bn8 diff --git a/web/android-chrome-192x192.png b/web/share/android-chrome-192x192.png similarity index 100% rename from web/android-chrome-192x192.png rename to web/share/android-chrome-192x192.png diff --git a/web/apple-touch-icon.png b/web/share/apple-touch-icon.png similarity index 100% rename from web/apple-touch-icon.png rename to web/share/apple-touch-icon.png diff --git a/web/css/index/index.css b/web/share/css/index/index.css similarity index 100% rename from web/css/index/index.css rename to web/share/css/index/index.css diff --git a/web/css/kvm/about.css b/web/share/css/kvm/about.css similarity index 100% rename from web/css/kvm/about.css rename to web/share/css/kvm/about.css diff --git a/web/css/kvm/hid.css b/web/share/css/kvm/hid.css similarity index 100% rename from web/css/kvm/hid.css rename to web/share/css/kvm/hid.css diff --git a/web/css/kvm/keyboard.css b/web/share/css/kvm/keyboard.css similarity index 100% rename from web/css/kvm/keyboard.css rename to web/share/css/kvm/keyboard.css diff --git a/web/css/kvm/msd.css b/web/share/css/kvm/msd.css similarity index 100% rename from web/css/kvm/msd.css rename to web/share/css/kvm/msd.css diff --git a/web/css/kvm/stream.css b/web/share/css/kvm/stream.css similarity index 100% rename from web/css/kvm/stream.css rename to web/share/css/kvm/stream.css diff --git a/web/css/leds.css b/web/share/css/leds.css similarity index 100% rename from web/css/leds.css rename to web/share/css/leds.css diff --git a/web/share/css/login/login.css b/web/share/css/login/login.css new file mode 100644 index 00000000..1fae42d6 --- /dev/null +++ b/web/share/css/login/login.css @@ -0,0 +1,25 @@ +div#login-box { + display: flex; + flex-direction: column; + justify-content: center; + align-items: center; + text-align: center; + min-height: 100vh; +} + +div#login { + text-align: left; + outline: none; + word-wrap: break-word; + max-width: 400px; + border: var(--border-window-thin); + border-radius: 8px; + box-sizing: border-box; + box-shadow: var(--shadow-big); + background-color: var(--cs-window-default-bg); + padding: 15px; +} + +input[type="text"]#user-input, input[type="password"]#passwd-input { + text-align: center; +} diff --git a/web/css/main.css b/web/share/css/main.css similarity index 91% rename from web/css/main.css rename to web/share/css/main.css index 28361905..f5f0db75 100644 --- a/web/css/main.css +++ b/web/share/css/main.css @@ -62,6 +62,7 @@ img.svg-gray { button, select { box-shadow: none; border: none; + border-radius: 4px; color: var(--cs-control-default-fg); background-color: var(--cs-control-default-bg); display: block; @@ -116,8 +117,18 @@ select:active { background-image: url("../svg/select-arrow-intensive.svg") !important; } +input[type=text], input[type=password] { + overflow-x: auto; + font-family: monospace; + border: thin; + border-radius: 4px; + color: var(--cs-code-default-fg); + background-color: var(--cs-code-default-bg); + padding: 2px; +} + @media only screen and (min-width: 768px) and (max-width: 1024px) and (orientation: portrait) { - button, select { + button, select, input[type=text], input[type=password] { height: 45px !important; } } diff --git a/web/css/menu.css b/web/share/css/menu.css similarity index 99% rename from web/css/menu.css rename to web/share/css/menu.css index 5ececb32..151b82b1 100644 --- a/web/css/menu.css +++ b/web/share/css/menu.css @@ -98,6 +98,7 @@ ul#menu li div.menu-item-content-text { } ul#menu li div.menu-item-content button, select { + border-radius: 0; text-align: left; padding: 0 16px; } diff --git a/web/css/modals.css b/web/share/css/modals.css similarity index 98% rename from web/css/modals.css rename to web/share/css/modals.css index f557bd08..ed9837c7 100644 --- a/web/css/modals.css +++ b/web/share/css/modals.css @@ -47,6 +47,7 @@ div.modal div.modal-window div.modal-buttons { } div.modal div.modal-window div.modal-buttons button { + border-radius: 0; height: 40px; } @media only screen and (min-width: 768px) and (max-width: 1024px) and (orientation: portrait) { diff --git a/web/css/progress.css b/web/share/css/progress.css similarity index 100% rename from web/css/progress.css rename to web/share/css/progress.css diff --git a/web/css/sliders.css b/web/share/css/sliders.css similarity index 100% rename from web/css/sliders.css rename to web/share/css/sliders.css diff --git a/web/css/switches.css b/web/share/css/switches.css similarity index 100% rename from web/css/switches.css rename to web/share/css/switches.css diff --git a/web/css/vars.css b/web/share/css/vars.css similarity index 100% rename from web/css/vars.css rename to web/share/css/vars.css diff --git a/web/css/windows.css b/web/share/css/windows.css similarity index 100% rename from web/css/windows.css rename to web/share/css/windows.css diff --git a/web/favicon-16x16.png b/web/share/favicon-16x16.png similarity index 100% rename from web/favicon-16x16.png rename to web/share/favicon-16x16.png diff --git a/web/favicon-32x32.png b/web/share/favicon-32x32.png similarity index 100% rename from web/favicon-32x32.png rename to web/share/favicon-32x32.png diff --git a/web/js/bb.js b/web/share/js/bb.js similarity index 100% rename from web/js/bb.js rename to web/share/js/bb.js diff --git a/web/js/index/main.js b/web/share/js/index/main.js similarity index 100% rename from web/js/index/main.js rename to web/share/js/index/main.js diff --git a/web/js/kvm/atx.js b/web/share/js/kvm/atx.js similarity index 100% rename from web/js/kvm/atx.js rename to web/share/js/kvm/atx.js diff --git a/web/js/kvm/hid.js b/web/share/js/kvm/hid.js similarity index 100% rename from web/js/kvm/hid.js rename to web/share/js/kvm/hid.js diff --git a/web/js/kvm/keyboard.js b/web/share/js/kvm/keyboard.js similarity index 100% rename from web/js/kvm/keyboard.js rename to web/share/js/kvm/keyboard.js diff --git a/web/js/kvm/main.js b/web/share/js/kvm/main.js similarity index 100% rename from web/js/kvm/main.js rename to web/share/js/kvm/main.js diff --git a/web/js/kvm/mouse.js b/web/share/js/kvm/mouse.js similarity index 100% rename from web/js/kvm/mouse.js rename to web/share/js/kvm/mouse.js diff --git a/web/js/kvm/msd.js b/web/share/js/kvm/msd.js similarity index 100% rename from web/js/kvm/msd.js rename to web/share/js/kvm/msd.js diff --git a/web/js/kvm/session.js b/web/share/js/kvm/session.js similarity index 84% rename from web/js/kvm/session.js rename to web/share/js/kvm/session.js index e3e74160..5ba43511 100644 --- a/web/js/kvm/session.js +++ b/web/share/js/kvm/session.js @@ -14,8 +14,7 @@ function Session() { var __streamer = new Streamer(); var __init__ = function() { - $("link-led").title = "Not connected yet..."; - __startPoller(); + __startSession(); }; /********************************************************************************/ @@ -44,24 +43,15 @@ function Session() { $("about-version-streamer").innerHTML = `${state.version.streamer} (${state.streamer})`; }; - var __startPoller = function() { + var __startSession = function() { $("link-led").className = "led-yellow"; $("link-led").title = "Connecting..."; - - var http = tools.makeRequest("GET", "/ws_auth", function() { - if (http.readyState === 4) { - if (http.status === 200) { - var proto = (location.protocol === "https:" ? "wss" : "ws"); - __ws = new WebSocket(`${proto}://${location.host}/kvmd/ws`); - __ws.onopen = __wsOpenHandler; - __ws.onmessage = __wsMessageHandler; - __ws.onerror = __wsErrorHandler; - __ws.onclose = __wsCloseHandler; - } else { - __wsCloseHandler(null); - } - } - }); + var proto = (location.protocol === "https:" ? "wss" : "ws"); + __ws = new WebSocket(`${proto}://${location.host}/kvmd/ws`); + __ws.onopen = __wsOpenHandler; + __ws.onmessage = __wsMessageHandler; + __ws.onerror = __wsErrorHandler; + __ws.onclose = __wsCloseHandler; }; var __wsOpenHandler = function(event) { @@ -118,7 +108,7 @@ function Session() { setTimeout(function() { $("link-led").className = "led-yellow"; - setTimeout(__startPoller, 500); + setTimeout(__startSession, 500); }, 500); }; diff --git a/web/js/kvm/stream.js b/web/share/js/kvm/stream.js similarity index 100% rename from web/js/kvm/stream.js rename to web/share/js/kvm/stream.js diff --git a/web/share/js/login/main.js b/web/share/js/login/main.js new file mode 100644 index 00000000..dc45d03f --- /dev/null +++ b/web/share/js/login/main.js @@ -0,0 +1,36 @@ +function main() { + if (checkBrowser()) { + tools.setOnClick($("login-button"), __login); + document.onkeyup = function(event) { + if (event.code == "Enter") { + event.preventDefault(); + __login(); + } + }; + $("user-input").focus(); + } +} + +function __login() { + var user = $("user-input").value; + var passwd = $("passwd-input").value; + var body = `user=${encodeURIComponent(user)}&passwd=${encodeURIComponent(passwd)}`; + var http = tools.makeRequest("POST", "/kvmd/auth/login", function() { + if (http.readyState === 4) { + if (http.status === 200) { + document.location.href = "/"; + } + __setDisabled(false); + $("passwd-input").focus(); + $("passwd-input").select(); + } + }, body, "application/x-www-form-urlencoded"); + http.send(); + __setDisabled(true); +} + +function __setDisabled(disabled) { + $("user-input").disabled = disabled; + $("passwd-input").disabled = disabled; + $("login-button").disabled = disabled; +} diff --git a/web/js/tools.js b/web/share/js/tools.js similarity index 94% rename from web/js/tools.js rename to web/share/js/tools.js index 81970ef8..80b074ee 100644 --- a/web/js/tools.js +++ b/web/share/js/tools.js @@ -1,12 +1,15 @@ var tools = new function() { var __debug = (new URL(window.location.href)).searchParams.get("debug"); - this.makeRequest = function(method, url, callback, timeout=null) { + this.makeRequest = function(method, url, callback, body=null, content_type=null) { var http = new XMLHttpRequest(); http.open(method, url, true); + if (content_type) { + http.setRequestHeader("Content-Type", content_type); + } http.onreadystatechange = callback; - http.timeout = (timeout ? timeout : 5000); - http.send(); + http.timeout = 5000; + http.send(body); return http; }; diff --git a/web/js/wm.js b/web/share/js/wm.js similarity index 100% rename from web/js/wm.js rename to web/share/js/wm.js diff --git a/web/png/blank-stream.png b/web/share/png/blank-stream.png similarity index 100% rename from web/png/blank-stream.png rename to web/share/png/blank-stream.png diff --git a/web/safari-pinned-tab.svg b/web/share/safari-pinned-tab.svg similarity index 100% rename from web/safari-pinned-tab.svg rename to web/share/safari-pinned-tab.svg diff --git a/web/site.webmanifest b/web/share/site.webmanifest similarity index 80% rename from web/site.webmanifest rename to web/share/site.webmanifest index 409a6c2e..849f6a89 100644 --- a/web/site.webmanifest +++ b/web/share/site.webmanifest @@ -3,7 +3,7 @@ "short_name": "", "icons": [ { - "src": "/android-chrome-192x192.png", + "src": "/share/android-chrome-192x192.png", "sizes": "192x192", "type": "image/png" } diff --git a/web/svg/atx-hdd-led.svg b/web/share/svg/atx-hdd-led.svg similarity index 100% rename from web/svg/atx-hdd-led.svg rename to web/share/svg/atx-hdd-led.svg diff --git a/web/svg/atx-power-led.svg b/web/share/svg/atx-power-led.svg similarity index 100% rename from web/svg/atx-power-led.svg rename to web/share/svg/atx-power-led.svg diff --git a/web/svg/fan-led.svg b/web/share/svg/fan-led.svg similarity index 100% rename from web/svg/fan-led.svg rename to web/share/svg/fan-led.svg diff --git a/web/svg/favicon.svg b/web/share/svg/favicon.svg similarity index 100% rename from web/svg/favicon.svg rename to web/share/svg/favicon.svg diff --git a/web/svg/gear-led.svg b/web/share/svg/gear-led.svg similarity index 100% rename from web/svg/gear-led.svg rename to web/share/svg/gear-led.svg diff --git a/web/svg/hid-keyboard-led.svg b/web/share/svg/hid-keyboard-led.svg similarity index 100% rename from web/svg/hid-keyboard-led.svg rename to web/share/svg/hid-keyboard-led.svg diff --git a/web/svg/hid-mouse-led.svg b/web/share/svg/hid-mouse-led.svg similarity index 100% rename from web/svg/hid-mouse-led.svg rename to web/share/svg/hid-mouse-led.svg diff --git a/web/svg/info.svg b/web/share/svg/info.svg similarity index 100% rename from web/svg/info.svg rename to web/share/svg/info.svg diff --git a/web/svg/kvm.svg b/web/share/svg/kvm.svg similarity index 100% rename from web/svg/kvm.svg rename to web/share/svg/kvm.svg diff --git a/web/svg/link-led.svg b/web/share/svg/link-led.svg similarity index 100% rename from web/svg/link-led.svg rename to web/share/svg/link-led.svg diff --git a/web/svg/logo.svg b/web/share/svg/logo.svg similarity index 100% rename from web/svg/logo.svg rename to web/share/svg/logo.svg diff --git a/web/svg/msd-led.svg b/web/share/svg/msd-led.svg similarity index 100% rename from web/svg/msd-led.svg rename to web/share/svg/msd-led.svg diff --git a/web/svg/select-arrow-inactive.svg b/web/share/svg/select-arrow-inactive.svg similarity index 100% rename from web/svg/select-arrow-inactive.svg rename to web/share/svg/select-arrow-inactive.svg diff --git a/web/svg/select-arrow-intensive.svg b/web/share/svg/select-arrow-intensive.svg similarity index 100% rename from web/svg/select-arrow-intensive.svg rename to web/share/svg/select-arrow-intensive.svg diff --git a/web/svg/select-arrow-normal.svg b/web/share/svg/select-arrow-normal.svg similarity index 100% rename from web/svg/select-arrow-normal.svg rename to web/share/svg/select-arrow-normal.svg diff --git a/web/svg/stream-led.svg b/web/share/svg/stream-led.svg similarity index 100% rename from web/svg/stream-led.svg rename to web/share/svg/stream-led.svg diff --git a/web/svg/stream-mouse-cursor.svg b/web/share/svg/stream-mouse-cursor.svg similarity index 100% rename from web/svg/stream-mouse-cursor.svg rename to web/share/svg/stream-mouse-cursor.svg diff --git a/web/svg/warning.svg b/web/share/svg/warning.svg similarity index 100% rename from web/svg/warning.svg rename to web/share/svg/warning.svg