jprdonnelly/qmi-cloud
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

lowercase user guacamole

Browse Source
This commit is contained in:
Manuel Romero
2024-03-12 11:56:21 +01:00
parent 4ea4d5089b
commit 02d29c42a3
2 changed files with 51 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
qmi-cloud-worker/guacamole.js
View File

@@ -2,7 +2,9 @@
const axios = require('axios');
const https = require("https");
const db = require('qmi-cloud-common/mongo');
const URL = "https://qmicloud-dev.qliktech.com:8443/api/session/data/postgresql";
const GUACA_DATASOURCE = process.env.GUACA_DATASOURCE || "postgresql";
const GUACA_BASEURL = process.env.GUACA_BASEURL || "https://qmicloud-dev.qliktech.com:8443";
const GUACA_USERNAME = process.env.GUACA_USERNAME || "guacadmin";
const GUACA_PASSWORD = process.env.GUACA_PASSWORD;
@@ -20,12 +22,6 @@ const base64urlEncode = function(value) {
};
const toTitleCase = function(str) {
return str.replace(/\w\S*/g, function (text) {
return text.charAt(0).toUpperCase() + text.substr(1).toLowerCase();
});
}
const guacamoleClientId = function(id, type, dataSource) {
return base64urlEncode([
id,
@@ -40,7 +36,7 @@ async function _auth() {
params.append('username', GUACA_USERNAME);
params.append('password', GUACA_PASSWORD);
var res = await axios.post('https://qmicloud-dev.qliktech.com:8443/api/tokens', params, {
var res = await axios.post(`${GUACA_BASEURL}/api/tokens`, params, {
httpsAgent: new https.Agent({
rejectUnauthorized: false
})
@@ -58,15 +54,10 @@ async function _auth() {
async function _createUser(email, token) {
/*var split2 = email.split(".");
var emailArray = [toTitleCase(split2[0]),toTitleCase(split2[1]), split2[2]];
var upercaseEmail = emailArray.join(".");*/
var upercaseEmail = email;
try {
var body = {
"username": upercaseEmail,
"username": email,
"attributes": {
"disabled": "",
"expired": "",
@@ -78,7 +69,7 @@ async function _createUser(email, token) {
}
};
await axios({
url: `${URL}/users`,
url: `${GUACA_BASEURL}/api/session/data/${GUACA_DATASOURCE}/users`,
method: "post",
data: body,
httpsAgent: new https.Agent({
@@ -89,17 +80,17 @@ async function _createUser(email, token) {
}
});
console.log("Guacamole# User created: ", upercaseEmail);
console.log("Guacamole# User created: ", email);
return upercaseEmail;
return email;
} catch (err) {
// Handle Error Here
console.log("Guacamole# User already existed: ", upercaseEmail);
console.log("Guacamole# User already existed: ", email);
return upercaseEmail;
return email;
}
}
@@ -179,7 +170,7 @@ async function _createConnection(type, name, ip, username, password, token) {
}
};
var res = await axios({
url: `${URL}/connections`,
url: `${GUACA_BASEURL}/api/session/data/${GUACA_DATASOURCE}/connections`,
method: "post",
data: body,
httpsAgent: new https.Agent({
@@ -212,7 +203,7 @@ async function _addConnectionToUser(email, identifier, token) {
}
];
var res = await axios({
url: `${URL}/users/${email}/permissions`,
url: `${GUACA_BASEURL}/api/session/data/${GUACA_DATASOURCE}/users/${email}/permissions`,
method: "patch",
data: body,
httpsAgent: new https.Agent({
@@ -243,7 +234,8 @@ async function setUserConnection(provision, scenario){
var token = await _auth();
if (token) {
var email = await _createUser(provision.user.mail, token);
let userEmailLower = provision.user.mail.toLowerCase();
var email = await _createUser(userEmailLower, token);
let ip = provision.outputs["RDP-ip"] || provision.outputs["Replicate__RDP_IP"] || provision.outputs["Private_IP"] || provision.outputs["IP"];
@@ -266,8 +258,8 @@ async function setUserConnection(provision, scenario){
}
if (connection) {
let outputs = provision.outputs || {};
const guacClient = guacamoleClientId(connection.identifier,"c", "postgresql");
outputs[`WEB_${type}_ACCESS_WITH_GUACAMOLE`] = `https://qmicloud-dev.qliktech.com:8443/#/client/${guacClient}`;
const guacClient = guacamoleClientId(connection.identifier,"c", GUACA_DATASOURCE);
outputs[`WEB_${type}_ACCESS_WITH_GUACAMOLE`] = `${GUACA_BASEURL}/#/client/${guacClient}`;
_addConnectionToUser(email, connection.identifier, token);
@@ -295,7 +287,7 @@ async function deleteConnection(provision){
try {
var token = await _auth();
await axios({
url: `${URL}/connections/${provision.guacaConnId}`,
url: `${GUACA_BASEURL}/api/session/data/${GUACA_DATASOURCE}/connections/${provision.guacaConnId}`,
method: "delete",
httpsAgent: new https.Agent({
rejectUnauthorized: false

66
server/server.js
View File

@@ -92,19 +92,21 @@ app.use('/arena', Arena(
//app.set('view engine', 'ejs');
app.use(cookieParser());
app.use('/',express.static(__dirname + '/../dist/qmi-cloud'));
app.use('/', express.static(__dirname + '/../dist/qmi-cloud'));
passport.init(app, IS_SECURE? true : false);
passport.init(app, IS_SECURE ? true : false);
app.use('/guacamole/', passport.ensureAuthenticated, createProxyMiddleware({
target: 'http://qmicloud-dev.qliktech.com:8080/',
app.use('/guacamole/', passport.ensureAuthenticated, createProxyMiddleware({
target: 'http://qmicloud-dev.qliktech.com:8080/',
ws: true,
changeOrigin: true,
followRedirects: true,
secure: false,
onProxyReq: function(proxyReq, req, res) {
proxyReq.setHeader('X-Guaca-Auth', req.user.mail);
onProxyReq: function (proxyReq, req, res) {
if (req.user && req.user.mail) {
proxyReq.setHeader('X-Guaca-Auth', req.user.mail);
}
}
}));
app.use(bodyParser.urlencoded({ extended: false }))
@@ -123,11 +125,11 @@ app.use("/api/v1/stats", routesApiStats);
app.use("/api/v1/training", routesApiTraining);
//app.use("/qcsproxy", qsProxy.router);
function _isAllowedPath(path){
const allowedPaths = [ '/api-docs', '/arena', '/costexport', '/backendlogs', '/photos/user/', '/qmimongo', '/guacamole/' ];
function _isAllowedPath(path) {
const allowedPaths = ['/api-docs', '/arena', '/costexport', '/backendlogs', '/photos/user/', '/qmimongo', '/guacamole/'];
let isAllowed = false;
for (let i=0; i<allowedPaths.length; i++) {
if ( path.startsWith( allowedPaths[i]) ) {
for (let i = 0; i < allowedPaths.length; i++) {
if (path.startsWith(allowedPaths[i])) {
isAllowed = true;
break;
}
@@ -136,13 +138,13 @@ function _isAllowedPath(path){
}
/* Checking allowedPaths */
app.get('/*',(req, res, next) =>{
if ( _isAllowedPath(req.originalUrl) ) {
app.get('/*', (req, res, next) => {
if (_isAllowedPath(req.originalUrl)) {
return next();
} else if (req.originalUrl.indexOf("oauth-callback.html") !== -1) {
res.sendFile(path.join(__dirname,'/../dist/qmi-cloud/oauth-callback.html'));
res.sendFile(path.join(__dirname, '/../dist/qmi-cloud/oauth-callback.html'));
} else {
res.sendFile(path.join(__dirname,'/../dist/qmi-cloud/index.html'));
res.sendFile(path.join(__dirname, '/../dist/qmi-cloud/index.html'));
}
});
/* -----------------------*/
@@ -175,8 +177,8 @@ const options = {
}
},
servers: [{
"url": "/api/v1",
"description": "Production Server"
"url": "/api/v1",
"description": "Production Server"
}],
components: {
securitySchemes: {
@@ -184,11 +186,11 @@ const options = {
type: "apiKey",
name: "apiKey",
in: "query"
}
}
}
},
security: [{
ApiKeyAuth: []
ApiKeyAuth: []
}]
},
// List of files to be processes. You can also set globs './routes/*.js'
@@ -198,28 +200,28 @@ const options = {
};
app.use('/costexport*', passport.ensureAuthenticatedAndAdmin, function(req, res){
if ( !req.query.file ) {
app.use('/costexport*', passport.ensureAuthenticatedAndAdmin, function (req, res) {
if (!req.query.file) {
res.status(404).send("Not found");
} else {
res.header("Content-Type",'application/json');
res.sendFile(path.resolve(__dirname, '..', 'costexport', req.query.file ));
res.header("Content-Type", 'application/json');
res.sendFile(path.resolve(__dirname, '..', 'costexport', req.query.file));
}
} );
});
app.use('/photos/user/:oid', passport.ensureAuthenticated, function(req, res){
if ( !req.params.oid ) {
app.use('/photos/user/:oid', passport.ensureAuthenticated, function (req, res) {
if (!req.params.oid) {
res.status(404).send("Not found");
} else {
var pic = path.resolve(__dirname, '..', 'photos', `${req.params.oid}.jpg` );
if (fs.existsSync(pic)){
} else {
var pic = path.resolve(__dirname, '..', 'photos', `${req.params.oid}.jpg`);
if (fs.existsSync(pic)) {
res.sendFile(pic);
} else {
res.status(404).send();
}
}
} );
});
const specs = swaggerJsdoc(options);
app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(specs));
@@ -230,7 +232,7 @@ app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(specs));
var dirs = ['/logs', '/logs/provision', '/logs/destroy', '/costexports', '/photos'];
dirs.forEach(d => {
if (!fs.existsSync(d)){
if (!fs.existsSync(d)) {
console.log(`--- Creating folder '${d}' since it does not exist`);
fs.mkdirSync(d);
}
@@ -247,13 +249,13 @@ const server = app.listen(3000, () => {
});
//qsProxy.init(server);
if ( IS_SECURE ) {
if (IS_SECURE) {
var optionsHttps = {
pfx: fs.readFileSync(path.resolve(__dirname, 'certs', process.env.CERT_PFX_FILENAME)),
passphrase: process.env.CERT_PFX_PASSWORD
};
const httpsServer = https.createServer(optionsHttps, app).listen(3100, function(){
const httpsServer = https.createServer(optionsHttps, app).listen(3100, function () {
console.log(`Secure server listening on port 3100`);
});