New creates a new SSH proxy server
(signers []ssh.Signer, workspaceInfoProvider p.WorkspaceInfoProvider, heartbeat Heartbeat)
| 108 | // New creates a new SSH proxy server |
| 109 | |
| 110 | func New(signers []ssh.Signer, workspaceInfoProvider p.WorkspaceInfoProvider, heartbeat Heartbeat) *Server { |
| 111 | server := &Server{ |
| 112 | workspaceInfoProvider: workspaceInfoProvider, |
| 113 | Heartbeater: &noHeartbeat{}, |
| 114 | } |
| 115 | if heartbeat != nil { |
| 116 | server.Heartbeater = heartbeat |
| 117 | } |
| 118 | |
| 119 | server.sshConfig = &ssh.ServerConfig{ |
| 120 | ServerVersion: "SSH-2.0-GITPOD-GATEWAY", |
| 121 | NoClientAuth: true, |
| 122 | NoClientAuthCallback: func(conn ssh.ConnMetadata) (*ssh.Permissions, error) { |
| 123 | args := strings.Split(conn.User(), "#") |
| 124 | workspaceId := args[0] |
| 125 | wsInfo, err := server.GetWorkspaceInfo(workspaceId) |
| 126 | if err != nil { |
| 127 | return nil, err |
| 128 | } |
| 129 | // NoClientAuthCallback only support workspaceId#ownerToken |
| 130 | if len(args) != 2 { |
| 131 | return nil, ssh.ErrNoAuth |
| 132 | } |
| 133 | if wsInfo.Auth.OwnerToken != args[1] { |
| 134 | return nil, ErrAuthFailedWithReject |
| 135 | } |
| 136 | server.TrackSSHConnection(wsInfo, "auth", nil) |
| 137 | return &ssh.Permissions{ |
| 138 | Extensions: map[string]string{ |
| 139 | "workspaceId": workspaceId, |
| 140 | }, |
| 141 | }, nil |
| 142 | }, |
| 143 | PasswordCallback: func(conn ssh.ConnMetadata, password []byte) (perm *ssh.Permissions, err error) { |
| 144 | workspaceId, ownerToken := conn.User(), string(password) |
| 145 | wsInfo, err := server.GetWorkspaceInfo(workspaceId) |
| 146 | if err != nil { |
| 147 | return nil, err |
| 148 | } |
| 149 | defer func() { |
| 150 | server.TrackSSHConnection(wsInfo, "auth", err) |
| 151 | }() |
| 152 | if wsInfo.Auth.OwnerToken != ownerToken { |
| 153 | return nil, ErrAuthFailed |
| 154 | } |
| 155 | return &ssh.Permissions{ |
| 156 | Extensions: map[string]string{ |
| 157 | "workspaceId": workspaceId, |
| 158 | }, |
| 159 | }, nil |
| 160 | }, |
| 161 | PublicKeyCallback: func(conn ssh.ConnMetadata, pk ssh.PublicKey) (perm *ssh.Permissions, err error) { |
| 162 | workspaceId := conn.User() |
| 163 | wsInfo, err := server.GetWorkspaceInfo(workspaceId) |
| 164 | if err != nil { |
| 165 | return nil, err |
| 166 | } |
| 167 | defer func() { |
nothing calls this directly
no test coverage detected