Dreaded_X/siranga
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added protected mode

Browse Source
This commit is contained in:
Dreaded_X 2025-04-10 16:53:17 +02:00
parent ffc831951a
commit 2749f3d1cf
Signed by: Dreaded_X
GPG Key ID: 5A0CBFE3C3377FAA
4 changed files with 18 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/keys.rs
View File

@ -7,6 +7,7 @@ pub enum Input {
Down, Down,
Esc, Esc,
Enter, Enter,
CtrlP,
Other, Other,
} }
@ -18,6 +19,8 @@ impl From<&[u8]> for Input {
[27, 91, 65] => Input::Up, [27, 91, 65] => Input::Up,
[27, 91, 66] => Input::Down, [27, 91, 66] => Input::Down,
[13] => Input::Enter, [13] => Input::Enter,
// NOTE: Actual char is DLE, this happens to map to ctrl-p
[16] => Input::CtrlP,
other => { other => {
trace!("{other:?}"); trace!("{other:?}");
Input::Other Input::Other

3
src/ssh.rs
View File

@ -122,6 +122,9 @@ impl Handler {
warn!("User not set"); warn!("User not set");
} }
} }
Input::CtrlP => {
self.set_access_selection(TunnelAccess::Protected).await;
}
_ => { _ => {
return Ok(false); return Ok(false);
} }

19
src/tunnel.rs
View File

@ -29,6 +29,7 @@ pub mod tui;
#[derive(Debug, Clone)] #[derive(Debug, Clone)]
pub enum TunnelAccess { pub enum TunnelAccess {
Private(String), Private(String),
Protected,
Public, Public,
} }
@ -160,7 +161,7 @@ impl Service<Request<Incoming>> for Tunnels {
return Ok(resp); return Ok(resp);
}; };
if let TunnelAccess::Private(owner) = tunnel.access.read().await.deref() { if !matches!(tunnel.access.read().await.deref(), TunnelAccess::Public) {
let user = match s.forward_auth.check_auth(req.headers()).await { let user = match s.forward_auth.check_auth(req.headers()).await {
Ok(AuthStatus::Authenticated(user)) => user, Ok(AuthStatus::Authenticated(user)) => user,
Ok(AuthStatus::Unauthenticated(location)) => { Ok(AuthStatus::Unauthenticated(location)) => {
@ -196,15 +197,17 @@ impl Service<Request<Incoming>> for Tunnels {
} }
}; };
trace!("Tunnel owned by {owner} is getting accessed by {user:?}"); trace!("Tunnel is getting accessed by {user:?}");
if !user.is(owner) { if let TunnelAccess::Private(owner) = tunnel.access.read().await.deref() {
let resp = response( if !user.is(owner) {
StatusCode::FORBIDDEN, let resp = response(
"You do not have permission to access this tunnel", StatusCode::FORBIDDEN,
); "You do not have permission to access this tunnel",
);
return Ok(resp); return Ok(resp);
}
} }
} }

1
src/tunnel/tui.rs
View File

@ -13,6 +13,7 @@ pub async fn to_row((address, tunnel): (&String, &Option<Tunnel>)) -> Vec<Span<'
let (access, port) = if let Some(tunnel) = tunnel { let (access, port) = if let Some(tunnel) = tunnel {
let access = match tunnel.access.read().await.deref() { let access = match tunnel.access.read().await.deref() {
TunnelAccess::Private(owner) => owner.clone().yellow(), TunnelAccess::Private(owner) => owner.clone().yellow(),
TunnelAccess::Protected => "PROTECTED".blue(),
TunnelAccess::Public => "PUBLIC".green(), TunnelAccess::Public => "PUBLIC".green(),
}; };