Added protected mode

2025-04-10 16:53:17 +02:00 · 2025-04-10 16:53:17 +02:00 · 2749f3d1cf
commit 2749f3d1cf
parent ffc831951a
4 changed files with 18 additions and 8 deletions
--- a/src/keys.rs
+++ b/src/keys.rs
@ -7,6 +7,7 @@ pub enum Input {
    Down,
    Esc,
    Enter,
+    CtrlP,
    Other,
 }

@ -18,6 +19,8 @@ impl From<&[u8]> for Input {
            [27, 91, 65] => Input::Up,
            [27, 91, 66] => Input::Down,
            [13] => Input::Enter,
+            // NOTE: Actual char is DLE, this happens to map to ctrl-p
+            [16] => Input::CtrlP,
            other => {
                trace!("{other:?}");
                Input::Other
--- a/src/ssh.rs
+++ b/src/ssh.rs
@ -122,6 +122,9 @@ impl Handler {
                    warn!("User not set");
                }
            }
+            Input::CtrlP => {
+                self.set_access_selection(TunnelAccess::Protected).await;
+            }
            _ => {
                return Ok(false);
            }
--- a/src/tunnel.rs
+++ b/src/tunnel.rs
@ -29,6 +29,7 @@ pub mod tui;
 #[derive(Debug, Clone)]
 pub enum TunnelAccess {
    Private(String),
+    Protected,
    Public,
 }

@ -160,7 +161,7 @@ impl Service<Request<Incoming>> for Tunnels {
                return Ok(resp);
            };

-            if let TunnelAccess::Private(owner) = tunnel.access.read().await.deref() {
+            if !matches!(tunnel.access.read().await.deref(), TunnelAccess::Public) {
                let user = match s.forward_auth.check_auth(req.headers()).await {
                    Ok(AuthStatus::Authenticated(user)) => user,
                    Ok(AuthStatus::Unauthenticated(location)) => {
@ -196,8 +197,9 @@ impl Service<Request<Incoming>> for Tunnels {
                    }
                };

-                trace!("Tunnel owned by {owner} is getting accessed by {user:?}");
+                trace!("Tunnel is getting accessed by {user:?}");

+                if let TunnelAccess::Private(owner) = tunnel.access.read().await.deref() {
                    if !user.is(owner) {
                        let resp = response(
                            StatusCode::FORBIDDEN,
@ -207,6 +209,7 @@ impl Service<Request<Incoming>> for Tunnels {
                        return Ok(resp);
                    }
                }
+            }

            let channel = match tunnel.open_tunnel().await {
                Ok(channel) => channel,
--- a/src/tunnel/tui.rs
+++ b/src/tunnel/tui.rs
@ -13,6 +13,7 @@ pub async fn to_row((address, tunnel): (&String, &Option<Tunnel>)) -> Vec<Span<'
    let (access, port) = if let Some(tunnel) = tunnel {
        let access = match tunnel.access.read().await.deref() {
            TunnelAccess::Private(owner) => owner.clone().yellow(),
+            TunnelAccess::Protected => "PROTECTED".blue(),
            TunnelAccess::Public => "PUBLIC".green(),
        };